undocumented traffic with proxy

[ghilou]

Hello,

I'm trying to set up a proxy server on a remote site. It will use network mode to reach the remote vsphere infrastructure. The same proxy also has the repository on which i want to do the backups. This physical server (with DAS) has both role installed, and both proxy and repository are registered on my VBR server.

I then create a job on my VBR server which backups VMs from the remote vcenter. I chose as a target the remote repository, and to be extra sure, make the job use the remote proxy.

However when the job is running, i get the "connection timeout" error when processing VMs. Indeed, the VBR server tries to establish a connection with the remote repository on port 2500, for data transfer i suppose. As no data transfer is supposed to happen between the VBR server and the proxy at this stage, there are no firewall rules implemented between both sites to accomodate this traffic.

I don't understand why on earth would the VBR server need to connect on the remote repository on this port, when clearly the proxy should be the one moving the datas between the remote ESXis and the remote repository.

Is there something i'm missing here? The bazillion firewall rules needed for Veeam to work on a multi site setup is daunting enough, adding more is not an option especially if I have no proper understanding of what it is trying to do.

[Andreas Neufert]

TCP2500 and higher is the data transport port.

Did you had selected the Proxy/Repository Server as Guest Interaction Proxy? Maybe the B&R Server tries to send the InGuest components to the Guest Interaction Proxy the first time? (Then the Guest Interaction Proxy uses those to interact with the VM and Software. For a test, you can disable Veeam Guest Interaction in the Job.

[ghilou]

i already have the guest interraction removed from the job.

I just configured proxy afinity (although the proxy is already selected in the job) but it didn't help.

As far as i know there is no reason for the VBR server to try and reach the repository on this port, at this point anyway.

[Andreas Neufert]

Can you upload logs and send me a forum mail with the link to it ? Or open a support case and upload logs there.
I will look at the logs and can tell you why this happens then.

[ghilou]

Im trying to open a case but i have administrative issue (i apparently don't belong to the company the license is registered to).

In the meantime, i'll be looking at logs and try to see if anything is amiss

[ghilou]

I registered a case on this subject, on which i uploaded the log. The engineer i had on the phone says that it is normal behaviour but i'd like the logs reviewed anyway. I'm sending you the case ID via PM if you want to chime in.

Edit or not, guess I can't send PMs. The case is ID# 02210618

[Andreas Neufert]

It looks like that you had choosen as
Repository: 10.140.163.12
and as Proxy: 10.140.170.4

Is this at same place?

[ghilou]

No, definetly not. The repository should be 10.140.170.4

When i select my repository in the job, i do select the remote repository (10.140.170.4) so i'm a bit confused.

[Andreas Neufert]

Can you please ran trough the Setup wizard of the Repository and send me screenshots to
andreas.neufert
at
veeam.com

[Andreas Neufert]

Hi, please find below an update that I got from the QA/DEVs.

"We use this connection to monitor the job’s current state. Also it can be used to pass synthetic operations commands to agents (to start merge, for example"
The syntetic operations are only processed from B&R Server as fallback when the Gateway Server is set to Automatic (CIFS share, DDBoost, Catalyst).