Operational Defect Database
BugZero found this defect 426 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
Veeam | kb4431
After Enabling MFA, Veeam Backup Server Is Listed as Inaccessible in Veeam Service Provider Console
Last update date:
10/20/2023
Affected products:
Veeam Backup & Replication
Veeam Service Provider Console
Veeam Cloud Connect
Affected releases:
12
Fixed releases:
No fixed releases provided.
Description:
Challenge
After enabling multi-factor authentication (MFA) in Veeam Backup & Replication or Veeam Cloud Connect, that server may become listed as "inaccessible" within Veeam Service Provider Console yet the Veeam Management Agent for VSPC continues to display a "healthy" status.
Cause
When MFA is enabled, the account used by the Veeam Management Agent service cannot access the Veeam Backup & Replication or Veeam Cloud Connect application.By default, the Veeam Managemetn Agent service deployed on the Veeam Backup & Replication and Veeam Cloud Connect server runs under the Local System account.
Solution
To resolve this issue, review the options below: Option 1: Have the Veeam Management Agent Use a Dedicated Service Account The recommended solution is to configure the Veeam Management Agent service to use a dedicated service account (either Domain or Windows local) for which MFA is explicitly disabled. For more information, see Disabling MFA for Service Accounts. In Windows Services ( services.msc ), check if Veeam Management Agent is still running under the Local System account. Edit the Veeam Management Agent service and change the "Log on as" account from Local System account to any user that is a member of the Local Administrators group or any Domain account with Local Administrators group permissions on that machine. Add the Service account to Veeam Backup & Replication/Veeam Cloud Connect: Add the service account specified for the service to the Users and Roles section. Assign the role: Veeam Backup Administrator. Select the "This a service account" checkbox to disable MFA.
More Information
If the presented options are unsuitable for your situation for any reason, it may be advisable to consider disabling MFA entirely.
