Challenge

Solution

Recover Through the Appliance

1. Go to the Protected Data page and find the Veeam Backup for Microsoft Azure virtual machine.
2. Select the Veeam Backup for Microsoft Azure virtual machine and click Restore > VM Restore on the toolbar.
3. Navigate through the restore wizard and confirm the operation.
   Note that a restore to the original location is not available in this scenario because the original VM must be shut down before switching the disks.
   
4. After the restore is complete, shut down the old Veeam Backup for Microsoft Azure instance.
5. Set up the network settings for the restored virtual machine.
   Veeam Backup for Microsoft Azure does not restore the public IP and DNS names. If you want to use the same IP or domain, both must be configured anew.
6. Remove the old Veeam Backup for Microsoft Azure instance from Azure.

Manual Restore

1. After the restore is complete, shut down the old Veeam Backup for Microsoft Azure instance.
2. Tag the restored virtual machine with the same tags as the old Veeam Backup for Microsoft Azure instance.
3. Set up the network settings for the restored virtual machine.
4. Veeam Backup for Microsoft Azure does not restore the public IP and DNS names. If you want to use the same IP or domain, both must be configured anew.
5. Remove the old Veeam Backup for Microsoft Azure instance from Azure.

More Information

Challenge

Product Information:

Company name: Zadara
Product Family: VPSA (Virtual Private Storage Array)
Status: Veeam Ready – Object & Veeam Ready – Object with Immutability
Classification Description: Verified object storage solutions that has been tested with Veeam Backup & Replication Cloud Tier and object storage immutability features.

Solution

Product Details:

Model number: VPSA Premium Object Storage
Storage Category: Software Defined Object Storage
Drive quantity, size, type: 72 – 10TB SATA
Storage configuration: 2-way mirror
Firmware version: 20.01
Connection protocol and speed: 40 GbE
Additional support: All models and configurations of VPSA for S3 compatible storage with specifications equivalent or greater than the above.

General product family overview:
VPSA Object Storage is Zadara’s object storage service. It is provided on Zadara clouds, side by side with the virtual private storage array that provides block and file storage services.

These are the key properties of Object Storage:

• Unlimited scalability (scaling out) in both capacity and total objects - simply keep adding drives
• User-defined object’s metadata
• 2- or 3-way distributed data protection
• Supports both S3 and Swift REST API
• Comprehensive usage reporting and metering
• Multi-tenancy at both the object storage and account levels

Veeam testing configuration:

Veeam Build Number: 10.0.0.4461

Vendor recommended configuration:

Vendor Settings:

• For Object Storage with 2-Way protection it is recommended to start with a Premium Object Storage (at least 24 drives).
• For Object Storage with EC 4+2 Protection it is recommended to start with a Premium Object Storage (at least 72 drives).

Challenge

Solution

Recover Through the Appliance

1. Go to the Protected Data page and find the Veeam Backup for Microsoft Azure virtual machine.
2. Select the Veeam Backup for Microsoft Azure virtual machine and click Restore > VM Restore on the toolbar.
3. Navigate through the restore wizard and confirm the operation.
   Note that a restore to the original location is not available in this scenario because the original VM must be shut down before switching the disks.
   
4. After the restore is complete, shut down the old Veeam Backup for Microsoft Azure instance.
5. Set up the network settings for the restored virtual machine.
   Veeam Backup for Microsoft Azure does not restore the public IP and DNS names. If you want to use the same IP or domain, both must be configured anew.
6. Remove the old Veeam Backup for Microsoft Azure instance from Azure.

Manual Restore

1. After the restore is complete, shut down the old Veeam Backup for Microsoft Azure instance.
2. Tag the restored virtual machine with the same tags as the old Veeam Backup for Microsoft Azure instance.
3. Set up the network settings for the restored virtual machine.
4. Veeam Backup for Microsoft Azure does not restore the public IP and DNS names. If you want to use the same IP or domain, both must be configured anew.
5. Remove the old Veeam Backup for Microsoft Azure instance from Azure.

More Information

Challenge

Veeam Agent for Microsoft Windows 4.0 (build No. 4.0.0.1811) cumulative patch KB3214.

Cause

This patch is intended only for the Veeam Agent for Microsoft Windows version 4.0, build No. 4.0.0.1811.
Check that you are running the Veeam Agent for Microsoft Windows build No. 4.0.0.1811 prior to installing this cumulative patch KB3214.

• If Veeam Agent is functioning in the standalone mode, check build number in the Veeam Agent control panel. For details, see the Checking for New Product Versions and Updates section in the Veeam Agent for Microsoft Windows User Guide.
• If Veeam Agent is functioning in the managed mode, check build number in the Protection Group settings. For details, see the Viewing Properties section in the Veeam Agent Management Guide.

Mind that the build number remains the same after the patch installation.
 

Resolved Issues

Cumulative patch KB3214 provides a set of bug fixes listed below:

• A Veeam Agent backup job targeted at the Microsoft OneDrive cloud storage fails with the following error:
  Key not found Failed to establish connection to OneDrive Agent failed to process method {Cloud.AddConnection} (for details, see KB3139).
• A backup policy apply fails with "Cannot find a living volume by the name" if a a policy pointed to a USB External Drive.
• A backup policy apply fails with "Failed to autoselect backup cache location: no volume meets requirements" if the only volume candidate is system and boot volume simultaneously.
• In rare circumstances, Veeam Agent does not inherit proper statistic flag.

Solution

To install the cumulative patch KB3214 on a machine with a standalone Veeam Agent for Microsoft Windows installation, do the following:

1. Download veeam_agent_4.0.0.1811.cumulativefix_TF220985.zip and unzip the veeam_agent_4.0.0.1811.cumulativefix_TF220985.exe file.
2. Execute veeam_agent_4.0.0.1811.cumulativefix_TF220985.exe as Administrator.

To install the cumulative patch KB3214 on a machine with a Veeam Agent for Microsoft Windows installation managed by Veeam Backup & Replication, do the following:

1. Download veeam_agent_4.0.0.1811.cumulativefix_TF220985.zip, unzip the veeam_agent_4.0.0.1811.cumulativefix_TF220985.exe file, and place it in any temporary place on the Veeam Backup & Replication backup server.
2. Create the following directory on the Veeam Backup & Replication backup server: C:\Program Files\Veeam\Veeam Distribution Service\Fixes\vaw\KB.220985.
3. Copy the patch exe file to the directory created in the previous step.
4. Rescan the protection group with Veeam Agents that you want to update. For details, see the Rescanning Protection Group section in the Veeam Agent Management Guide.

More Information

[[DOWNLOAD|DOWNLOAD PATCH|https://www.veeam.com/download_add_packs/backup-agent-windows/kb3214]]

MD5: CC108B92FD601D60C54533BBCC48AD32
SHA-1: 8A41FE6790F4A047EBF604E71BCADB366E3E72A0

Challenge

Cause

Solution

• Managed by Agent backup policies do not respect the retention policy setting for Microsoft Windows machines, always forcing it to 7 regardless of the value specified.

• Added support for Cape Town and Milan data center regions in all related functionality.

• Failed GFS full backup transform may result in the job to start failing with the “Failed to process method {Transform.Patch}: There is an item with the specified name and another type” error.

• Under certain circumstances, backup jobs may fail with the “Cannot retrieve physical extents for connecting iSCSI target IQN {0} on proxy IQN {1}” error.

• In the environments where the Network Extension Appliance has the same name as the corresponding Tenant, deleting the appliance will also remove tenant’s replicas.
• Under certain circumstances, task slots may not be released at the end of the job session, resulting in various issues due to lack of available task slots.
• Cloud Connect Replication fails with the “Cannot find an available target” error in vCloud Director environments with multiple clusters due to not searching all available vDC pools for the required vOrg pool.
• Using the UseCachedSshConnections registry value may result in jobs to stop running due to already closed connection erroneously cached. This issue may result in various errors, typically “The session is not open” error.
• Opening the Tenants view takes a long time.

• High CPU consumption on the SQL Server hosting the configuration database caused by the AggregateSqlPointsInfo stored procedure during transaction log backup.

• Mounting a restore point with the dynamic disk fails with the “Invalid secondary GPT partition entry array checksum” error.
• In some environments, mounting a restore point for file-level recovery may fail with the “Invalid secondary GPT header signature” error.

• VSS snapshot fails to be created with the “Access is denied” error for SMB file shares hosted on some NAS devices due to lack of impersonation.
• Backup of different files shares from the same server or NAS may fail with the “Failed to create a VSS snapshot” whenever VSS snapshot creation calls overlap.

• Resource scheduler may experience significant delays issuing the backup infrastructure resources in environments with a large number of agent-based, application plug-in based or host-based backups (with per-VM backup file chains disabled) stored in a scale-out backup repository.

• High backup server CPU consumption by the Veeam Backup Service in large environments while the user interface is open and no jobs are active.
• High backup server RAM consumption by the UI Service process and slow performance of historical sessions view in environments with very large number of sessions.
• Opening an existing VMware backup job’s settings takes a long time for jobs using a scale-out backup repository with a large number of extents as the target.

• Invalid tenant workloads count is returned by the backup server’s WMI API, resulting in Veeam Service Provider Console to issue false warnings.

• WAN accelerator may deadlock while transferring an increment with large contiguous set of zeroed segments, making the data transfer appear to slow down dramatically.

More Information

Challenge

Cause

Solution

The Veeam Management Pack 8.0 Update 6 cumulative patch for VMware vSphere 7.0 monitoring provides the compatibility with VMware vSphere 7.0. The patch also addresses several minor issues and requests related to vSphere monitoring that were reported to Veeam Technical Support.

The list of improvements includes:

• Support for VMware vSphere 7.0 APIs.
• A fix for the issue with relation data being collected incompletely from virtual switches in environments running VMware vSphere 6.x and earlier versions.
• A fix for the issue with the datastore unknown files metric being collected incorrectly.
• A new property for the Datastore Container object to represent the relation with the Veeam Virtualization Extensions Service server that manages the Veeam Collector processing a specific Datastore Container.
•  A fix for the data collection issue when monitoring standalone VMware ESXi 7.0 hosts

To install the cumulative patch, perform the following steps:

1. Make sure you are running Veeam Management Pack 8.0 Update 6 (build 8.0.0.2467). For more information, see this Veeam KB article: https://www.veeam.com/kb2706.
2. Unzip the archive.
3. Run the VeeamMP80_Update6_CP2.exe file on all machines where Veeam components are installed (Veeam Virtualization Extensions Service, Veeam Collector, Veeam Virtualization Extensions Service UI) and follow the wizard instructions.

The Veeam Collector will be upgraded to build 8.0.0.2480. The Veeam Virtualization Extensions Service and Veeam Virtualization Extensions Service UI will preserve build 8.0.0.2218.

More Information

Should you have any questions, contact Veeam Support.

Challenge

Solution

• How to create VPC interface endpoint in the Amazon
• How to create S3 Gateway endpoint in the Amazon
• Endpoints needed for backup to S3 repository in a private network
• Endpoints needed for restore from S3 repository in a private network
• Endpoints needed for File-level Restore from Snapshot and Backup in a private network

VPC interface endpoint creation

1. Go to the VPC Service.
2. Select the Endpoints section from the list on the left panel and click Create Endpoint.
3. For Service Name, select the needed endpoint in the format com.amazonaws.region.service (e.g. com.amazonaws.eu-west-3.ssm)
4. For VPC, choose the VPC ID you want to use for the workers.
5. For Subnets, choose the Subnet ID you want to use for the workers.
6. For Enable Private DNS Name, select Enable for this endpoint.
7. For Security Group, select an existing security group, or create a new one.
   Ensure that the security group that's associated with the endpoint network interface allows communication between the endpoint network interface and the resources in your VPC that communicate with the service. If the security group restricts inbound HTTPS traffic (port 443) from resources in the VPC, you might not be able to send traffic through the endpoint network interface.
8. Click Create Endpoint.

S3 Gateway endpoint creation

1. Go to the VPC Service.
2. Select the Endpoints section from the list on the left panel and click Create Endpoint.
3. For Service Name, select the needed endpoint in the format com.amazonaws.region.service (e.g. com.amazonaws.eu-west-3.ssm)
4. For VPC, choose the VPC ID you want to use for the workers.
5. For Configure route tables, select the route tables to be used by the endpoint. Amazon automatically adds a route that points traffic destined for the service to the endpoint to the selected route tables.
6. For Policy, choose the type of policy. You can leave the default option, Full Access, to allow full access to the service. Alternatively, you can select Custom, and then use the AWS Policy Generator to create a custom policy or enter your own policy in the policy window.
7. Click Create Endpoint.

Backup to S3

-com.amazonaws.region.ec2messages 
-com.amazonaws.region.ssm 
-com.amazonaws.region.sqs 
-com.amazonaws.region.s3 
-com.amazonaws.region.ebs

• If you perform a backup to an S3 repository, a worker will be started in the same region as the source instance (in the account selected on the Workers page).
  Endpoints must be configured for the subnet that is used for the worker.
• Your source instance and S3 repository should be in the same region. This is an AWS limitation: «Endpoints are supported within the same Region only. You cannot create an endpoint between a VPC and a service in a different Region». For more information, see AWS Documentation.
  This limitation applies only to regions - a source instance and S3 repository can be in the different accounts.

Restore

-com.amazonaws.region.ec2messages 
-com.amazonaws.region.ssm 
-com.amazonaws.region.sqs 
-com.amazonaws.region.s3

• If you perform a restore from an S3 repository, a worker will be started in the target instance location (in the account selected on the Workers page).
  Endpoints must be configured for the subnet that is used for the worker.
• Target region and your S3 repository location should be the same. This is an AWS limitation: «Endpoints are supported within the same Region only. You cannot create an endpoint between a VPC and a service in a different Region». For more information, see AWS Documentation.
  This limitation applies only to regions – a target instance and S3 repository location should be the same, but can be in different accounts.

File-level Restore

From Snapshot

If you want to perform a FLR from a snapshot in a private network, you need the following configured endpoints for the subnet, which is selected on the Configuration - Workers page or is the default for the region where the snapshot is located (if there are no settings on the Workers page for this region we will use the default settings): 

-com.amazonaws.region.ec2messages 
-com.amazonaws.region.ssm 
-com.amazonaws.region.sqs

From Backup

-com.amazonaws.region.ec2messages 
-com.amazonaws.region.ssm 
-com.amazonaws.region.sqs 
-com.amazonaws.region.s3

Challenge

This KB article was created to document how to create a case with Veeam Support via the customer portal.

Note:  In order to create a support case for Veeam Endpoint Backup, open the application and choose "Support" tab. 

In order to open a new case you must be designated as a Case Administrator. For more information on how to setup Case Administrators review  https://www.veeam.com/kb2211 .

Solution

Any information you can provide regarding the issue you are experiencing could have a significant impact on how fast the issue is diagnosed and resolved. You will be asked to provide the following information:

• Issue description, impact on your system and business operations, issue severity, and the exact text of error messages and diagnostic details.
• Steps to reproduce the problem, known workarounds
• Contact number where you can be reached
• Best time to reach you, and contact method (i.e. email/phone)

1. Go to https://my.veeam.com  (or directly to our customer portal  https://my.veeam.com/#/open-case/step-1 )
2. Enter your credentials and click Sign In

3. Click on "Open Case" button in the menu on the left side. Please note that you must be a Case Administrator or License Administrator to submit a case via the Portal. If you aren't currently a Case Administrator or License Administrator, please follow this guide to learn how to become one for your Account or call us if you have an urgent issue. 
4. Choose a Case Type. Technical is for Break-fix issues or any kind of technical questions related to Veeam products. Licensing covers any licensing or related questions and General Inquiry is for feedback or issues related Veeam websites and services, not products. 
5. On the left side of the page you need to fill in all the required details. Please remember to include the exact error message that is occurring. Screenshots inclusion can often help expedite resolution.

6. After clicking "Next" you will be taken to a page listing several KB articles that may be related to your issue. To continue with case creation, please click "Next" again.
7. On the next page you will be asked to add attachments to your case. It is imperative that you provide diagnostic logs when creating a case so that Veeam Support may best assist you.
   •Select the bucket relative to your region.
   •For cases relating to Veeam Backup & Replication please review this article for details on how to collect logs: https://www.veeam.com/kb1832
   •For cases related to Veeam Agent for Windows please review this article for details on how to collect logs: https://www.veeam.com/kb2404
8. On the last page of case creation you will have an opportunity to review all details provided and provide specific contact details. If you have a direct number you can reached at please consider adding it at this point.

After you have created a case you will be contacted within the time set forth in the SLA agreement for the severity you specified.
Veeam's severity system operates similar to the DEFCON system, lower number=high priority.



To view your Production Licenses or discover what email is assigned as the License Administrator please click here: https://my.veeam.com/#/licenses/production

More Information

Challenge

Solution

• How to create VPC interface endpoint in the Amazon
• How to create S3 Gateway endpoint in the Amazon
• Endpoints needed for backup to S3 repository in a private network
• Endpoints needed for restore from S3 repository in a private network
• Endpoints needed for File-level Restore from Snapshot and Backup in a private network

VPC interface endpoint creation

1. Go to the VPC Service.
2. Select the Endpoints section from the list on the left panel and click Create Endpoint.
3. For Service Name, select the needed endpoint in the format com.amazonaws.region.service (e.g. com.amazonaws.eu-west-3.ssm)
4. For VPC, choose the VPC ID you want to use for the workers.
5. For Subnets, choose the Subnet ID you want to use for the workers.
6. For Enable Private DNS Name, select Enable for this endpoint.
7. For Security Group, select an existing security group, or create a new one.
   Ensure that the security group that's associated with the endpoint network interface allows communication between the endpoint network interface and the resources in your VPC that communicate with the service. If the security group restricts inbound HTTPS traffic (port 443) from resources in the VPC, you might not be able to send traffic through the endpoint network interface.
8. Click Create Endpoint.

S3 Gateway endpoint creation

1. Go to the VPC Service.
2. Select the Endpoints section from the list on the left panel and click Create Endpoint.
3. For Service Name, select the needed endpoint in the format com.amazonaws.region.service (e.g. com.amazonaws.eu-west-3.ssm)
4. For VPC, choose the VPC ID you want to use for the workers.
5. For Configure route tables, select the route tables to be used by the endpoint. Amazon automatically adds a route that points traffic destined for the service to the endpoint to the selected route tables.
6. For Policy, choose the type of policy. You can leave the default option, Full Access, to allow full access to the service. Alternatively, you can select Custom, and then use the AWS Policy Generator to create a custom policy or enter your own policy in the policy window.
7. Click Create Endpoint.

Backup to S3

-com.amazonaws.region.ec2messages 
-com.amazonaws.region.ssm 
-com.amazonaws.region.sqs 
-com.amazonaws.region.s3 
-com.amazonaws.region.ebs

• If you perform a backup to an S3 repository, a worker will be started in the same region as the source instance (in the account selected on the Workers page).
  Endpoints must be configured for the subnet that is used for the worker.
• Your source instance and S3 repository should be in the same region. This is an AWS limitation: «Endpoints are supported within the same Region only. You cannot create an endpoint between a VPC and a service in a different Region». For more information, see AWS Documentation.
  This limitation applies only to regions - a source instance and S3 repository can be in the different accounts.

Restore

-com.amazonaws.region.ec2messages 
-com.amazonaws.region.ssm 
-com.amazonaws.region.sqs 
-com.amazonaws.region.s3

• If you perform a restore from an S3 repository, a worker will be started in the target instance location (in the account selected on the Workers page).
  Endpoints must be configured for the subnet that is used for the worker.
• Target region and your S3 repository location should be the same. This is an AWS limitation: «Endpoints are supported within the same Region only. You cannot create an endpoint between a VPC and a service in a different Region». For more information, see AWS Documentation.
  This limitation applies only to regions – a target instance and S3 repository location should be the same, but can be in different accounts.

File-level Restore

From Snapshot

If you want to perform a FLR from a snapshot in a private network, you need the following configured endpoints for the subnet, which is selected on the Configuration - Workers page or is the default for the region where the snapshot is located (if there are no settings on the Workers page for this region we will use the default settings): 

-com.amazonaws.region.ec2messages 
-com.amazonaws.region.ssm 
-com.amazonaws.region.sqs

From Backup

-com.amazonaws.region.ec2messages 
-com.amazonaws.region.ssm 
-com.amazonaws.region.sqs 
-com.amazonaws.region.s3

Challenge

Cause

Solution

1. Download the VSSTrace tool.
2. Save the file on the Veeam Agent machine. For example, C:\Users\Username\Downloads.
3. Run Command Prompt as Administrator.
4. Change directory to the folder with the VSSTrace tool. For example, cd C:\Users\Username\Downloads
5. Launch the VSSTrace tool with the following command:

   vsstrace +f 0xffff -l 255 -o vsstrace.log

   Mind that Log Level must be 255. For details about additional log levels, see this Microsoft Enterprise Platforms Support article.
6. Start the backup job
7. Once the backup job fails, press [Ctrl + C] to stop logs collection. The output file can be found in the folder where VSSTrace is saved (Step 2).

Challenge

[15.06.2020 11:00:00]   < 5836> net| Retrieving certificate for s3.amazonaws.com:443 ok.
[15.06.2020 11:00:00]   < 5836> cli| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[15.06.2020 11:00:00]   < 5836> cli| Result
[15.06.2020 11:00:00]   < 5836> cli| (EString) Certificate = -----BEGIN CERTIFICATE-----
....
[15.06.2020 11:00:00]   < 5836> cli| -----END CERTIFICATE-----
[15.06.2020 11:00:00]   < 5836> cli|
[15.06.2020 11:00:00]   < 5836> cli| (EBoolean) IsTrusted = true
[15.06.2020 11:00:00]   < 5836> cli| AmazonRest.S3.TestConnection
[15.06.2020 11:00:00]   < 5836> cli| (EGuid) ClientId = {abcf50ec-e8a7-4cd7-a186-22fa9447c676}
[15.06.2020 11:00:00]   < 5836> cli| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[15.06.2020 11:00:00]   < 5836> aws| Creating HTTP client. API URI: [https://s3.amazonaws.com]
[15.06.2020 11:00:00]   < 18772> aws| WARN|HTTP request failed, retry in [1] seconds, attempt number [1], total retry timeout left: [5] seconds
[15.06.2020 11:00:00]   < 18772> aws| >> |WinHttpSendRequest: 12175: A security error occurred

Cause

• http://crl3.digicert.com/Omniroot2025.crl,
• http://crl3.digicert.com/DigiCertBaltimoreCA-2G2.crl,
• http://crl4.digicert.com/DigiCertBaltimoreCA-2G2.crl

• If Veeam backup server or dedicated gateway server has access to the Internet and above-mentioned CRL files can be successfully downloaded, open a ticket with technical support to investigate the problem further.
• If Veeam backup server or dedicated gateway server doesn't have access to the Internet (the access was restricted intentionally), see the Solution section.

Solution

To disable Amazon S3 certificate revocation verification, set registry tweak on configured Amazon S3 gateway server ("Use the following gateway server" option in the object storage properties):

1. Download the hotfix file:
   • For v10 P1: kb3215_HF1.zip from attachments
   • For v10 P2: kb3215_HF2.zip from attachments
2. Backup or rename original VeeamAgent.exe under the paths (default installation path):
   • C:\Program Files (x86)\Veeam\Backup Transport\x64
   • C:\Program Files (x86)\Veeam\Backup Transport\x32
3. Replace C:\Program Files (x86)\Veeam\Backup Transport\x64\VeeamAgent.exe and C:\Program Files (x86)\Veeam\Backup Transport\x86\VeeamAgent.exe with relevant files (names and paths are matching) from downloaded hotfix package.
4. Create registry record:

   Path: HKEY_LOCAL_MACHINE\SOFTWARE\Veeam\Veeam Backup and Replication' in Veeam Backup and Replication server registry
   Value type: DWORD
   Value name: S3TLSRevocationCheck
   Value: 0

5. Restart the Veeam server.

More Information

Challenge

• Unexpected End of File
• Exchange Web Services error code: ErrorExceededConnectionCount
• Error: Failed to get folder properties
• Error: You have exceeded the available concurrent connections for your account.  Try again once your other requests have completed.
• Error: Unexpected end of file has occurred. The following elements are not closed: m:Data, m:ExportItemsResponseMessage, m:ResponseMessages, m:ExportItemsResponse, s:Body, s:Envelope. Line 1, position 21397505.

Cause

Solution

Challenge

This article covers two most popular scenarios of adding SMB repository to Veeam Backup for Microsoft Office 365
Note: Such repository type is on experimental support in the current version. So i.e. if a storage device supports both SMB 3.0 and iSCSI protocol, then the best practice would be to use the latter due to its ability to use Disk Queue which acts as a buffer space for data to land on before being sent off to disk.

If it’s a Windows-based shared folder, then it’s recommended to add the server it’s based on as a proxy and connect the same storage as a directly attached disk. 

Cause

Solution

Scenario 1: Microsoft Windows SMB share with authorization

Prerequisites:

Consider that Microsoft Windows 7 SP1 and Microsoft Windows 2008 R2 SP1 do not support the SMB 3.0 share as a storage system. To use the SMB 3.0 share as a storage system, make sure you are using Microsoft Windows 8 or Microsoft Windows 2012 or later. Both Veeam Servers and SMB share location must be deployed within the same or a trusted domain.

• Open folder sharing settings for planned repository location and add all Veeam servers to it using their computer names. In example if your Veeam server is called “WIN-F4N92CDLKET” the list should look like this:

• Add repository in Veeam console as shown in this article

Scenario 2: Standalone storage appliance

In this scenario we will use Synology appliance as an example, but the same method should work for any standalone device that supports Microsoft Active Directory and its computer groups. 

• Add Veeam server and all remote backup proxies (if any) to Active Directory domain.
• Create an Active directory group in this domain and add all Veeam servers to it as “computer” objects:

• Add the storage device to the same domain:

• Make sure that SMB 3.0 protocol is enabled and previous versions are not allowed to use:

• Create SMB shared folder and grant read/write access to it for the domain group that was created earlier:

• Add new repository in Veeam console and manually type SMB share name in “Path” field as described here

Bonus: Adding standalone storage appliance using iSCSI protocol
In this scenario we will use Synology appliance as an example, but the same method would work for storage appliance that supports iSCSI protocol.

• Open iSCSI manager and create new LUN and Target:

• On Veeam server: open iSCSI initiator, enter your storage appliance IP address, click “Quick Connect…” and then click “Done”:

• Open Disk Management, bring iSCSI disk online and initialize it using default parameters:

• Create a new simple volume using default parameters:

• Create a new repository on this disk as shown here

Challenge

Cause

Solution

• Migration from the local backup repository to the object storage repository.
• Migration between local backup repositories.

Understanding Variables and Parameters

$source = Get-VBORepository -Name "Source Repository Name"
$target = Get-VBORepository -Name "Object Storage Repository Name"
$data = Get-VBOEntityData -Type User  -Repository $source -Name "John Doe"
Move-VBOEntityData -From $source  -To $target -User $data

1. Run the Get-VBORepository cmdlet to get the source local repository. Provide the Name parameter value to get the repository by its name. Save the result to the $source variable.
2. Run the Get-VBORepository cmdlet to get the target object storage repository. Provide the Name parameter value to get the repository by its name. Save the result to the $target variable.
3. Run the Get-VBOEntityData cmdlet to get the backup data that you want to move. Provide the value for the Type parameter to specify the type of data that you want to move.(You   can specify one of the following types of data: user, group, site. For more information on the types of backup data, that you can get, see the Get-VBOEntityData article of   PowerShell Reference for Veeam Backup for Microsoft Office 365). Note: The Organization type of backup data is not supported for this scenario. In addition, the Move-   VBOEntityData cmdlet works only with a single user object. Therefore, for the purposes of data migration, the Get-VBOEntityData cmdlet should always be used with the "-Name"   parameter. Without this parameter, the Get-VBOEntityData will assign an array of users to the $data variable, which can not be used by the Move-VBOEntityData cmdlet.
4. Run the Move-VBOEntityData cmdlet to migrate data from the local backup repository to the target object storage repository.

• Mailbox
• ArchiveMailbox
• OneDrive
• Sites

• GroupMailbox
• GroupSite

Move-VBOEntityData -From $source -To $target -User $data -OneDrive -ArchiveMailbox

Scalability

Move-VBOEntityData -From $source -To $target -User $data -RunAsync

Automation

More Information

Challenge

Product Information:

Company name: Quantum Corporation
Product Family: Scalar Tape Devices
Status: Veeam Ready - Tape
Classification Description: Tape solution where available hardware features have been tested to work with Veeam.

Solution

Product Details:

Model number: Scalar i3 and i6
Library Firmware Version 235G.GS002
Drive firmware version: IBM LTO7 and LTO8 Firmware: KAH5
Driver for tape drive: IBM IBMTape.w19_6268-x64_WHQL_Cert
Driver for media changer: IBMTape.w19_6268-x64_WHQL_Cert
Media type tested: LTO8
Additional Support:

General product family overview:

Scalar libraries are the intelligent choice for archiving applications and long-term data retention. Proactive and automated monitoring and management reduces administration time and service interruptions keeping IT staff focused on key business objectives.

Veeam testing configuration:

Veeam Build Number: 10.0.0.4461 P2

Challenge

Product Information:

Company name: Quantum Corporation
Product Family: Scalar Tape Devices
Status: Veeam Ready - Tape
Classification Description: Tape solution where available hardware features have been tested to work with Veeam.

Solution

Product Details:

Model number: i6000
Library Firmware Version 776Q.GS01600
Drive firmware version: IBM LTO7 and IBM LTO8 Firmware: KAH0
Driver for tape drive: IBM IBMTape.w19_6268-x64_WHQL_Cert
Driver for media changer: IBMTape.w19_6268-x64_WHQL_Cert
Media type tested: LTO8
Additional Support:

General product family overview:

Scalar libraries are the intelligent choice for archiving applications and long-term data retention. Proactive and automated monitoring and management reduces administration time and service interruptions keeping IT staff focused on key business objectives.

Veeam testing configuration:

Veeam Build Number: 10.0.0.4461 P2

Challenge

Product Information:

Company name: Quantum Corporation
Product Family: Scalar Tape Devices
Status: Veeam Ready - Tape
Classification Description: Tape solution where available hardware features have been tested to work with Veeam.

Solution

Product Details:

Model number: Superloader3
Library Firmware Version V94
Drive firmware version: IBM LTO7 and IBM LTO8 Firmware: KAH5
Driver for tape drive: IBM IBMTape.w19_6268-x64_WHQL_Cert
Driver for media changer: IBMTape.w19_6268-x64_WHQL_Cert
Media type tested: LTO8

General product family overview:

Scalar libraries are the intelligent choice for archiving applications and long-term data retention. Proactive and automated monitoring and management reduces administration time and service interruptions keeping IT staff focused on key business objectives.

Veeam testing configuration:

Veeam Build Number: 10.0.0.4461 P2

Challenge

Solution

1. Open the command prompt using local admin account and navigate to the directory with the Veeam.Backup.Service.exe file:

   cd "C:\Program Files\Veeam\Backup and Replication\Backup

2. Execute this command to change installation ID and database instance UID of the backup server:

   Veeam.Backup.Service.exe /newInstallationId

More Information

Challenge

Cause

What’s New:

• Alarm for detecting unsupported Veeam Backup & Replication server configurations.

Enhancements:

Usage Reporting

• Usage reporting data for Veeam Backup & Replication servers v9.5 U4 located in time zones with more than 8 hours difference is now included in the report with the auto-approve function. 

Backup reporting

• Reports generation performance has been improved. 

Monitoring

• “Management agent connection” alarm is not triggered when a Cloud Connect server is rebooted. 

Management Agent

• Authentication between management agents and Veeam Service Provider Console has been improved. 

RESTful APIs v3

• Date format in "/licensing/reports/" GET request has been changed to “yyyy-MM”.  
• Report generation parameters have been simplified for licensing/reports/ methods: report interval is used instead of report generation date.

 
Resolved issues:

• "Protected computers" and "Protected VMs" widgets in the Overview tab do not account for the default RPO period of 30 days.  
• Filtering by company/reseller name does not work on the Failover Plans tab. 
• When using “Select All” checkbox on the Backup Jobs -> Computers tab, job actions are applied to all managed Agents regardless of selected filters. 
• Under certain conditions, the "Unrecognized Guid format" error message is displayed on the Companies tab.
• Under certain conditions, “Object reference not set to an instance of an object” error message is displayed on the Backup Jobs tab. 

• Under certain conditions, the Veeam Service Provider Console service fails to start. 

• If a company is removed from the configuration, error message “Usage data for sites <Site name> was not included in this report due to a data collection failure. Please collect usage details and report correct numbers manually in order to stay compliant with licensing rules.” is displayed in the usage report. 
• Usage Report generation fails if there are several Veeam Backup & Replication servers with the same installation ID. 
• Usage Report shows incorrect data if there are several Veeam Backup & Replication servers with the same database instance ID. 
• Usage Report always shows “Standard” license edition when using Veeam Backup Enterprise Manager.

• “Immediate backup copy job state” alarm is triggered for deleted VMs.
• “Workstation/Server agent backups stored in cloud repository” alarms may be triggered incorrectly. Veeam Backup & Replication v10 CP2 installation is required.

• Manually created invoices are sent to managed companies automatically, even if scheduling is disabled. 

• Under certain conditions, /v2/backupRepositories get method returns incorrect "freeSpace" data.
• /v2/backupRepositories get method can take a considerable amount of time for execution.
• /v2/failoverPlans get method fails with “Object reference not set to an instance of an object” error message. 

• Limit/offset parameters are not working correctly for /protectedWorkloads/virtualMachines get request.

• Description for retention and database clean-up events is missing.

• When using Custom Fields in ConnectWise Manage, billing synchronization fails with “Addition object is invalid” error message. 

• Under certain conditions, ConnectWise Automate plugin status is switching from  “Healthy” to “Error” state.

Solution

1. Back up the VSPC database.
2. Execute VSPC.ApplicationServer.x64_4.0.0.4911.msp as administrator on the VSPC server, or run this cmdlet as administrator:

   msiexec /update c:\VSPC.ApplicationServer.x64_4.0.0.4911.msp /l*v C:\ProgramData\Veeam\Setup\Temp\VSPCApplicationServerSetup.txt

3. Execute VSPC.WebUI.x64_4.0.0.4911.msp as administrator on the VSPC UI (IIS) server, or run this cmdlet as administrator:

   msiexec /update c:\VSPC.WebUI.x64_4.0.0.4911.msp /l*v C:\ProgramData\Veeam\Setup\Temp\VSPCWebUI.txt

4. Execute VSPC.ConnectorService.x64_4.0.0.4911.msp  as administrator on the VSPC server, or run this cmdlet as administrator:

   msiexec /update c:\VSPC.ConnectorService.x64_4.0.0.4911.msp > /l*v C:\ProgramData\Veeam\Setup\Temp\ConnectorService.txt

Challenge

Solution

1. Use the following JSON to create an IAM Policy using the following instructions from the How to create IAM Policy article. These permissions will allow Veeam Backup for AWS service to perform operations required:

   {
       "Version": "2012-10-17",
       "Statement": [
           {
               "Effect": "Allow",
               "Action": [
                   "ssm:SendCommand",
                   "ssm:GetCommandInvocation",
                   "sqs:ListQueues",
                   "sqs:CreateQueue",
                   "sqs:SetQueueAttributes",
                   "sqs:ReceiveMessage",
                   "sqs:DeleteMessage",
                   "sqs:DeleteQueue",
                   "ec2:DescribeRegions",
                   "ec2:DescribeAccountAttributes",
                   "ec2:DescribeAvailabilityZones",
                   "ec2:DescribeRouteTables",
                   "ec2:DescribeSecurityGroups",
                   "ec2:DescribeVpcs",
                   "ec2:DescribeVpcEndpoints",
                   "ec2:DescribeSubnets",
                   "ec2:DescribeInstances",
                   "ec2:DescribeInstanceAttribute",
                   "ec2:RunInstances",
                   "ec2:StopInstances",
                   "ec2:TerminateInstances",
                   "ec2:ModifyInstanceAttribute",
                   "ec2:DescribeKeyPairs",
                   "ec2:CreateKeyPair",
                   "ec2:DeleteKeyPair",
                   "ec2:DescribeVolumes",
                   "ec2:CreateVolume",
                   "ec2:AttachVolume",
                   "ec2:DetachVolume",
                   "ec2:DeleteVolume",
                   "ec2:DescribeSnapshots",
                   "ec2:CreateSnapshot",
                   "ec2:CreateSnapshots",
                   "ec2:DeleteSnapshot",
                   "ec2:ModifySnapshotAttribute",
                   "ec2:CreateTags",
                   "ec2:DescribeImages",
                   "iam:CreateRole",
                   "iam:DeleteRole",
                   "iam:CreateInstanceProfile",
                   "iam:ListAttachedRolePolicies",
                   "iam:ListInstanceProfilesForRole",
                   "iam:AddRoleToInstanceProfile",
                   "iam:RemoveRoleFromInstanceProfile",
                   "iam:AttachRolePolicy",
                   "iam:PutRolePolicy",
                   "iam:PassRole",
                   "iam:DetachRolePolicy",
                   "iam:DeleteRolePolicy",
                   "iam:ListRolePolicies",
                   "iam:DeleteInstanceProfile",
                   "iam:GetRole",
                   "iam:GetInstanceProfile",
                   "ebs:ListChangedBlocks",
                   "ebs:ListSnapshotBlocks",
                   "kms:ListKeys",
                   "kms:ListAliases",
                   "kms:GetKeyPolicy",
                   "kms:ReEncryptTo",
                   "kms:ReEncryptFrom",
                   "kms:DescribeKey",
                   "ec2:GetEbsDefaultKmsKeyId",
                   "kms:CreateGrant",
                   "servicequotas:ListServiceQuotas",
                   "ec2:DescribeTags",
                   "ec2:DescribeInstanceStatus",
                   "ec2:StartInstances",
                   "sqs:SendMessage",
                   "sts:GetSessionToken",
                   "ebs:ListChangedBlocks",
                   "ebs:ListSnapshotBlocks",
                   "ec2:DescribeVolumeAttribute",
   		"iam:GetContextKeysForPrincipalPolicy",
   		"iam:SimulatePrincipalPolicy"
               ],
               "Resource": "*"
           }
       ]
   }

2. Navigate to Roles.
3. Choose Create role.
4. Select the type of the trusted entity Another AWS Account.
5. In the Account ID field, enter the ID of your Backup Account (you can get this number in the AWS console of the Backup Account, in My Account located in the top-right menu).
6. Select the Require external ID checkbox and enter a pass phrase to raise the level of security for the role.
7. Click Next: Permissions.
8. In the filter policies search box, enter the name of the policy created in the Step 1.
9. In the first column, select the policy.
10. Click Next: Tags.
11. Enter tagging info if needed and click Next: Review.
12. Assign a name to the IAM Role. This name will be used in Veeam Backup for AWS (e.g. vb4aws_workers_role).
13. Click Create role.
14. Once the role is created, you will be able to see it in the list of available roles.