Security errors in RODC while veeam backup is running.

[Kristaps]

Hello!
Im using veeam backup and replication 9.5 who backups VM's in VMware vSphere 6.5 and I got problem with RODC (windows server 2016 core). While backup (incremental/full) is running security log shows around 74 new records about AuthFail:

03/21/1808:20:50 PMAuthFailMicrosoft-Windows-Security-Auditing4776The computer attempted to validate the credentials for an account. Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon Account: VEEAM_USER Source Workstation: RODC Error Code: 0xc0000371

User is in Allowed RODC password replication group and still error shows up.
Noticed that in the same time application log shows multiple records in the same time of AuthFail:

The description for Event ID 1000 from source VGAuth cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
vmtoolsd: Username and password successfully validated for 'VEEAM_USER'

Any ideas how to fix this issue?

[Andreas Neufert]

I guess that you have enabled Veeam Guest processing and the job can not authenticate over network by ROC to the VM. Then Veeam failover to Veeam guest processing by VMware Tools VIX communication channel. If UAC is enabled only one user can by default authenticate from VMware Tools (VIX) to Windows and this is the User Account with exact name „Adminustrator“.

Please check why Veeam can not by RPC to the VM. You can use the Authentication test within the Job to test it.