Networking problems after starting a Advanced Multi-Host Virtual Lab in Veeam Backup & Replication

Today’s Homelab session dealt with the creation of a short customer demo of the Veeam Backup & Replication functionality SureBackup. As I have already implemented several SureBackup jobs for other customers, I was confident that I could quickly finish configuring the environment. For those who have not worked with SureBackup before, Veeam provides an excellent guide in their Help Center. You can find this guide here. Unfortunately the whole thing did not work out as expected. Already at the beginning I made a crucial mistake which made the creation of the demo a nerve-wracking adventure. More on this in a moment. First of all, for those of you who have no idea how the creation of a SureBackup job works, I would like to give a short outline.

Continue reading „Networking problems after starting a Advanced Multi-Host Virtual Lab in Veeam Backup & Replication“

NTP settings on host is different from the desired settings

To get some more flexibility in my Homelab I added another domain controller (Active Directory, DNS and DHCP). Unlike my first domain controller, which runs directly on the physical ESXi host (details can be found here), I installed the second domain controller inside the nested vSAN cluster. After configuring all services I wanted to use the new domain controller as an additional DNS server in my VMware vSphere environment. So I quickly adjusted the network and NTP settings of the vCenter Server appliance and the ESXi hosts and then everything should be fine. So far so good. No problem until then. Shortly after I added the additional domain controller in all locations a warning message appeared in my vSphere cluster.

Host compliance check for hyperconverged cluster configuration warning
Continue reading „NTP settings on host is different from the desired settings“

Failed to create persistent connection to ADMIN$ shared folder on host

Recently I got the chance to redesign the existing backup environment of a customer. The customer has been successfully using Veeam Backup & Replication for years, but the environment has been growing over the years and therefore the backup environment has been adjusted from time to time. After an unpleasant data loss mid-year, the customer decided to give us the task of revising his backup environment.

As part of the design, we decided to leave all components of the backup environment outside the customer’s productive Active Directory domain and only connect where absolutely necessary. In general this works without problems, only the installation and configuration of additional, Windows-based Managed Servers to use them for example as remote backup repository requires some additional attention. If we try to add the Managed Server in the Veeam Backup & Replication Console and do not use the default Account Administrator (UID 500), the installation of the necessary Veeam Services fails due to Remote UAC being enabled by default.

Failed to create persistent connection to ADMIN$ shared folder on host.

The problem can be solved in two ways:

  1. Use the default Administrator user (UID 500).
  2. Create a registry entry as described in this Microsoft KB article.

As we do not want to use a standard account in our design (a general recommendation), we use dedicated service accounts and therefore rely on the second solution. For those of you who don’t want to read the Microsoft article here are the steps you need to perform on the managed server.

Resolution

  1. Launch regedit (Click Start, type regedit and press ENTER).
  2. Navigate to the following register entry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
  3. Create a new DWORD value (32-Bit) with the following name:
    LocalAccountTokenFilterPolicy
  4. Assign the new DWORD the value 1.

After creating the registry entry, adding the Managed Server and installing the Veeam Services works without any problems.

Configure the vCenter Server Login message

As a solution provider, my company often installs VMware vSphere environments for customers who do not administer the solution themselves. In addition to restricting user permissions, we have been working with individual login messages in the vCenter Server for some time now. We usually use the login message to remind the customer that the environment is managed by our company and that any changes must be approved in advance.

This post gives you a short overview on how to configure the login message using the vCenter Server administration interface.

Continue reading „Configure the vCenter Server Login message“