Discussions specific to the VMware vSphere hypervisor
Post Reply
gmajestix
Service Provider
Posts: 28
Liked: 3 times
Joined: Jan 26, 2018 2:27 pm
Contact:

Strange permission issue related to VIX

Post by gmajestix »

So for a while I was getting this error in the Veeam report:
Failed to prepare guest for hot backup. Error: Failed to connect to guest agent. Errors: 'Cannot connect to the host's administrative share. Host: [XXXXXX]. Account: [XXXXXX]. Win32 error:The network path was not found. Code: 53 Cannot connect to the host's administrative share. Host: [XXXXXX]. Account: [XXXXXX]. Win32 error:The network path was not found. Code: 53 '
Error: Failed to connect to guest agent. Errors: 'Cannot connect to the host's administrative share. Host: [XXXXXX]. Account: [XXXXXX]. Win32 error:The network path was not found. Code: 53 Cannot connect to the host's administrative share. Host: [XXXXXX]. Account: [XXXXXX]. Win32 error:The network path was not found. Code: 53 '

Description of the enviroment:
Veeam B&R 10a
VMware ESXi, 6.7.0, 17499825
VM with Windows 2019 with latest patches
Application aware protection over VIX

Yesterday I decided to check it out. I intentionally ignored it until yesterday because it was irrelevant. I logged to the VM and checked the application logs and noticed this:
Windows cannot create a temporary profile directory. This problem may be caused by insufficient security rights.
Previous event was that the user used for application was to authenticate successfuly.

Googling it I stumbled upon this KB https://www.veeam.com/kb2712. But found it irrelevant as the VMware tools where on version 11329. But it also gave me a hint to check out C:\Users\username\Temp\. To my surprise I found in C:\Users\ folders with the name ranging from TEMP.XX.000 to TEMP.XX.999. So if you ever wondered how many temporary profiles can be created in Windows it stops when it reaches 999. The last modified date of the folder TEMP.XX.999 matches the date when application aware protection stopped working.

Based on the information I've gathered.
- the errors from the event log regarding insufficient security rights
- KB2712 regarding temp folder
- the account for application aware processing didnt really have a folder in C:\Users.

I've decided to try to login as the user for application aware processing so that it would create a folder in C:\Users. After logging in with the previous mentioned user I've ran test credentials and to my surprise it solved the problem and application aware processing was working once more.

I hope this helps someone in similar situation.

Andreas Neufert
VP, Product Management
Posts: 5945
Liked: 1241 times
Joined: May 04, 2011 8:36 am
Full Name: Andreas Neufert
Location: Germany
Contact:

Re: Strange permission issue related to VIX

Post by Andreas Neufert »

Hello, thanks for sharing this.
Can I please ask if I understood your feedback correctly?

User used for VIX was never logged on in Windows.
VIX worked and caused temporary profiles under c:\Users
After 1000 VIX runs it stopped working as no temporary profile could be created anymore.

Solution login with the VIX user once and the profile with the correct temp folder is created. Temporary profiles can be deleted.

Is this a correct summary?

Andreas Neufert
VP, Product Management
Posts: 5945
Liked: 1241 times
Joined: May 04, 2011 8:36 am
Full Name: Andreas Neufert
Location: Germany
Contact:

Re: Strange permission issue related to VIX

Post by Andreas Neufert »

@asturniolo FYI

gmajestix
Service Provider
Posts: 28
Liked: 3 times
Joined: Jan 26, 2018 2:27 pm
Contact:

Re: Strange permission issue related to VIX

Post by gmajestix »

Andreas Neufert wrote: Mar 26, 2021 8:59 am Hello, thanks for sharing this.
Can I please ask if I understood your feedback correctly?

User used for VIX was never logged on in Windows.
VIX worked and caused temporary profiles under c:\Users
After 1000 VIX runs it stopped working as no temporary profile could be created anymore.

Solution login with the VIX user once and the profile with the correct temp folder is created. Temporary profiles can be deleted.

Is this a correct summary?
User used for VIX was never logged on in Windows.
Correct.
VIX worked and caused temporary profiles under c:\Users
Correct.
After 1000 VIX runs it stopped working as no temporary profile could be created anymore.
Correct. It was application aware processing for a MS SQL server. Backing up transaction logs every 60 minutes.
Solution login with the VIX user once and the profile with the correct temp folder is created. Temporary profiles can be deleted.
Correct. That was the solution for me.

rfn
Expert
Posts: 141
Liked: 5 times
Joined: Jan 27, 2010 9:43 am
Full Name: René Frej Nielsen
Contact:

Re: Strange permission issue related to VIX

Post by rfn »

Hi,

We have the same problem where some VM's have new profile folders for each time that Veeam interacts with the VM. Other VM's successfully deletes the temporary profile folders when Veeam is finished, but most VM's have a couple of them from previous backup runs, so it appears that it's something that fails from time to time. A few VM's never removes these folders and when they reach 999, then backup fails.

Isn't there a real solution to this? I would think that manually logging on to the affected VM's, just to create a real user profile on the server, is a workaround at best. I would really prefer that Veeam didn't have to leave anything on the servers after processing.

Andreas Neufert
VP, Product Management
Posts: 5945
Liked: 1241 times
Joined: May 04, 2011 8:36 am
Full Name: Andreas Neufert
Location: Germany
Contact:

Re: Strange permission issue related to VIX

Post by Andreas Neufert »

This is more of a question for VMware then us, as we are leveraging a functionality of the VMware Tools.

You could maybe use some tools to perform this action.
Or if it is a AD user, you could define a server based profile for the user (keep the profile at ultra minmum size and exclude all kind of temp things).

gmajestix
Service Provider
Posts: 28
Liked: 3 times
Joined: Jan 26, 2018 2:27 pm
Contact:

Re: Strange permission issue related to VIX

Post by gmajestix »

Is this a feature or a bug? Just found this in the unofficial practice exam on https://rhyshammond.com/vmce-material/v ... -exam-pool.

32. Question
Category: VMCE2021 - Required Permissions

Which of the following general requirements are correct when choosing a user account for guest processing (application-aware processing, pre-freeze and post-thaw scripts, transaction log processing, guest file indexing and file exclusions):
(Select two)

[For networkless guest processing over VMware VIX] To be able to perform more than 1000 guest processing operations, the user that you specify for guest processing must be logged into the VM at least once.
[For networkless guest processing over VMware VIX/vSphere Web Services] Check that UAC is enabled on VM guest OS.
When using Active Directory accounts, make sure to provide an account in the Host\Username format.
[For guest OS file indexing] For Windows-based workloads, choose an account that has administrator privileges. For Linux-based workloads, choose an account of a root user or user elevated to root.

EDIT: I see that documentation on https://helpcenter.veeam.com/docs/backu ... ml?ver=110 was updated with this specific case.

Andreas Neufert
VP, Product Management
Posts: 5945
Liked: 1241 times
Joined: May 04, 2011 8:36 am
Full Name: Andreas Neufert
Location: Germany
Contact:

Re: Strange permission issue related to VIX

Post by Andreas Neufert »

Hi Gmajestix, thanks. Are there any open questions after your edit?

Post Reply

Who is online

Users browsing this forum: Google [Bot], thang.nguyen and 25 guests