Resolved Issues

Malware Detection

• Marking malware events as clean fails with a conversion error when the Microsoft SQL Server hosting the configuration database uses the German (DE) locale.

VMware vSphere

• In rare circumstances, application-aware image processing may hang during the guest components installation.
• Preferred CDP proxy selection in the CDP policy wizard is not respected.
• CDP replica VMs may hang during the commit failback operation.

NAS Backup

• Certain sequence of events may result in the NAS backup getting in a state where the retention policy may no longer be applied, with the “Removing non-empty container” operation failing 
• NAS backup jobs pointed to an HPE StoreOnce repository may occasionally experience execution delays up to 4 hours.

Application Item Recovery

• Veeam Explorer for Active Directory: connection to a target domain controlled cannot be established if it has SSL enabled.
• Veeam Explorer for Microsoft SQL Server: point-in-time recovery of CDC tables to another SQL server is not possible; Veeam Explorer should now use a mount host automatically when the staging server is unavailable.
• Veeam Explorer for Oracle: in certain circumstances, the original database files may be removed when restoring to the original location with a different SID and database name.
• Veeam Explorer for PostgreSQL: restoring instances to the latest state and the original location may occasionally fail; the instance restore process fails due to the inability to overwrite a data directory that contains mount points.

Object Storage

• Retrieving a certificate revocation list (CRL) may fail due to some firewalls blocking non-RFC-compliant GET requests, resulting in the following error:

  Certificate revocation check failed
  Server error 503: Service Unavailable
  Failed to download CRL
  

• Background checkpoint removal process may lag behind the addition of new data due to poor deletion API calls performance on certain on-prem object storage devices, causing continuous backup accumulation. To work around this issue, these API calls will now be called concurrently instead of sequentially.

Tape

• Restores from hardware-encrypted tapes fail with the following error:

  Illegal Request. Invalid field in parameter list.
  

• Slow and unresponsive user interface when browsing media pools with a large amount of tape media, and when thousands of media pools are present.
• File-to-Tape jobs may fail to process shares containing large files with the following error:

  Failed to Unload a Previous Scenario. Old Scenario: ScenarioType: ENasToTape (23).
  

• Backup to Tape fails to process NetApp NFS3 share occasionally due to a race condition in the caching mechanism, with the following error:

  Unable to find ObjectVersion in cache for the file.
  

Veeam Agent for Linux

• Addressed compatibility issues with the latest Linux kernel versions, enabling out-of-the-box support for the following distributions:
  • Debian 12.10 and 12.11
  • Ubuntu 25.04
  • Red Hat Enterprise Linux (RHEL) 9.6 and 10.0 (both on x86 and IBM Power)
  • Oracle Linux 9.6
  • Rocky Linux 9.6 and 10.0
  • AlmaLinux 9.6 and 10.0

New features and enhancements

Platform Support

• VMware vSphere 9.0 readiness based on the pre-release builds. The official support will be confirmed with a full regression testing of the GA build when it becomes available. This article and KB2443 will be updated with a support statement following that.
• NSX-T 4.2.1 is now fully supported.
• IBM Db2 plug-in now supports Db2 version 12.1 and SLES 12 SP5.
• SAP HANA plug-in now supports SAP HANA 2.0 SPS 08 and SLES 15 SP6 for SAP HANA on IBM Power.

Microsoft Entra ID Backup

• Protection of conditional access policies has been backported from the next major release, where it will become available as an option in the user interface. For more information on how to enable this functionality, review this section of the User Guide.
  Note: This functionality is only available for Essentials, Advanced, and Premium editions.
• License consumption logic was updated to no longer consume licenses for external (guest) users and disabled users. Any licenses associated with previously licensed objects will be released automatically 30 days after installing 12.3.1. Alternatively, you can revoke these licenses immediately using the License Information dialog.

Nutanix AHV

• Removed the experimental support designation for malware detection, guest file indexing, and application-aware processing, except database log file shipping, which will still be considered experimental.
  Note: The experimental status removal does not retroactively apply to existing 12.3.0 installs and requires updating to 12.3.1 due to the included related bugfix.

Proxmox VE

• Updated ProxmoxVE plug-in enables the usage of non-root users to register Proxmox, support for Open vSwitch (OVS) networking, Object Storage API (SOSAPI), Nested Pools for backup jobs scope, and brings further backup performance improvements. For more information, please refer to KB4721.

VMware vSphere

• Instant VM Recovery engine improvements deliver a 5x increased number of simultaneous instant VM recoveries: up to 1000 VMs per backup server and up to 200 VMs per vPowerNFS server. The readiness check for VM migration to production storage has also been optimized to improve performance.
• Automatically disconnect vPower NFS datastores after Instant VM Recovery sessions are completed, reduce alarms or misleading capacity planning calculations caused by disconnected vPower NFS datastores. To configure, create the following registry value on the backup server:
  Key Location: HKLM\SOFTWARE\Veeam\Veeam Backup and Replication\
  Value Name: vPowerNFSUnmountDatastore
  Value Type: DWORD (32-bit) Value
  Value Data: 1

Malware Detection

• Custom Internet proxy support has been added for downloading updates to the Veeam Threat Hunter threat signatures. To configure, create the following registry value on the Mount Server:
  
  Key Location: HKLM\ SOFTWARE\Veeam\Veeam Threat Hunter\
  Value Name: VTHInternetProxy
  Value Type: String Value (REG_SZ)
  Value Data: <proxy>:<port>
  
  Note: The system-wide Internet proxy settings are now also respected; see the Resolved Issues section below.
  
  

Object Storage

• Automatic bucket creation mode is now used by default for newly created S3-compatible object storage repositories.
• Improved object storage compatibility by allowing the backup server to ignore errors caused by S3-compatible object storage using unconventional storage class names. This can be enabled by creating the following registry value on the Veeam Backup Server:
  
  Key Location: HKLM\SOFTWARE\Veeam\Veeam Backup and Replication\
  Value Name: S3IgnoreCustomStorageClasses
  Value Type: DWORD (32-bit) Value
  Value Data: 1

Secondary Storage Integrations

• Dell Data Domain DD OS versions 8.2 and 8.3 support added for Data Domain integration as a backup repository.
• Microsoft SQL Server plug-in performance improvements when writing to deduplication appliances, thanks to leveraging parallel streams, each using its own VAB file, even when backing up a single database.

Unstructured Data Backup

• Metadata captured by the Amazon S3 Metadata service is now included in object storage backups to ensure comprehensive bucket data protection.

Configuration Database

• TLS connection support for the PostgreSQL configuration database has been added for improved security when hosting the database on an external server.

Email Notifications

• OAuth 2.0 support for nonstandard Azure regions, including the U.S. Government, China, and Germany, is now available for email notifications. To enable this, create the following registry value on the Veeam Backup Server:
  
  Key Location: HKLM\SOFTWARE\Veeam\Veeam Backup and Replication\
  Value Name: EmailNotificationMicrosoftCloudInstance
  Value Type: String Value (REG_SZ)
  Value Data: <desired_region_name>

Setup

• New ISO-based update distribution reduces downtime by accelerating update installation and eliminates the additional disk space requirement on the backup server, which was previously needed for unpacking the update before its installation.
• Windows Script Host no longer needs to be temporarily enabled to install product updates.

Veeam Vault

• Added automatic upgrade of Veeam Vault V1 backup repositories (shared keys authentication) to V2 (Entra ID authentication) for added security and improved user experience.

API

• New REST API capabilities include changing existing password records, rescanning all backup repository types, downloading metadata for Unstructured Data backups, and performing backup deletion.
• New PowerShell capabilities include connection to Veeam Vaults, querying, and restoring protected Microsoft Entra ID conditional access policies.

Resolved Issues

^NewAdded with ISO's dated 20250331 or later

The install and update ISOs available for 12.3.1 were updated on 2025-03-31 to include a hotfix that resolves the following critical issues:

• Microsoft's deprecation of Basic SKU Public IP Addresses prevents the creation of Azure appliances.
• SQL restore points do not appear if Veeam Explorer for Microsoft SQL is launched via the ribbon after the upgrade to v12.3.1.
• Archival Jobs logs have numerous 'SourceStorageKeysPreparer' entries, and the job throws the error:

  Array dimensions exceeded supported range
  

General

• When deleting backups from disk, the backup console should no longer require a decryption password to be provided for encrypted backups.
• Backups in legacy per-VM backup file format should no longer disappear from the Backups > Disk node, preventing you from initiating backup metadata format upgrade.

Proxmox VE

• OS type of VMs restored from backups of other hypervisors is erroneously set as Other.
• Backups of powered-off VMs with PCIe passthrough devices fail due to an attempt to back up those devices.
• Backup of VMs that are linked clones is not supported and will now correctly fail instead of processing only the base disk without capturing delta.

Nutanix AHV

• The job scheduler should no longer suspend the initiation of scheduled backup jobs in certain circumstances.
• Scheduled or manual active full protection domain backup jobs should no longer create incremental rather than full VM restore points.
• Prism Central category-based exclusions can now be set for jobs using cluster as a backup scope.
• Nutanix Guest Tools quiescence advanced job settings are not properly communicated to Nutanix clusters during backup jobs.
• In rare circumstances, retention policy processing may delete some restore points preemptively.

Agent Management

• Backup agents fail to perform retention processing for backups located on SOBR Capacity Tier extents after the backup chain has been evacuated from a Performance Tier extents running in a direct connection mode.
• Veeam Agent for Windows Recovery Media created from Microsoft Windows Server 2025 or Microsoft Windows 11 24H2 machines in certain configuration states, fails to boot.

Malware detection

• Veeam Threat Hunter signature update process ignores the system-wide Internet proxy settings and may experience intermittent interruptions due to not retrying unexpected HTTP errors.
• Indicators of compromise detection remains enabled even if the parent File system activity analysis checkbox is cleared.

Object Storage

• Entire VM restore from scale-out repository Archive Tier may fail for encrypted backups with the error:

  Master key not found for keyset
  

• Restoring from a backup that has been retrieved from the scale-out repository Archive Tier may fail with the error:

  Agent failed to process method {DataTransfer.RestoreText}
  

• Reverting Archive Tier to previous checkpoints using the corresponding PowerShell cmdlet is not possible after a scale-out repository has been recreated.
• In certain circumstances, if the initial archiving session fails, all subsequent archiving sessions will fail with the error:

  Index in DB is not synchronized with archive
  

• Continuously interrupting Capacity Tier offload sessions may result in checkpoints being deleted before the corresponding restore point can be stored, resulting in all subsequent offload sessions failing with the error:

  Index is not synchronized
  

• Importing encrypted backup containing duplicate encryption keys from Capacity Tier fails with the error:

  Failed to import backup: Violation of unique key constraint
  

Tape

• Backup to Tape jobs will be interrupted by source File Backup job even when the “Prevent this job from being interrupted by source backup jobs” option is selected.
• Backup to Tape jobs may experience performance degradation when processing backups produced by File Backup jobs.
• The latest firmware updates for some hardware encryption modules cause recovery failures due to the presence of unrecognizable KAD (Key-Associated Data) descriptors.
• Configuration database records are not removed after a tape media is erased, causing unnecessary database size growth.

Cloud Connect

• Switch-VBRCloudTenantsQuotaRepositoryToSOBR cmdlet fails to execute for tenants with multiple quotas assigned.

The installed build number can be found in the Veeam Backup & Replication Console's Main Menu (≡) under Help > About.