VMware Cloud Community
Mr_Spain
Contributor
Contributor
‎08-23-2007 07:47 AM

VCB proxy server - what windows permissions are required ?

All,

We are trying to delegate backup responsibilities to users other than local or admin administators....Eg Backup Operators.

We have assigned these backup operators V.C rights to create and delete snapshots as well as rights over the destination folder (local) to create the backup files.

When runnig vcbMounter these users encounter the following error:

[i]\[2007-08-23 15:50:10.553 'App' 4360 error] No path to device NAA:600508b40001339

a0001600001930000485356313030/12 found.

\[2007-08-23 15:50:10.895 'BlockList' 4360 warning] Could not log out (stl-vce-02

:ryantest)

\[2007-08-23 15:50:10.895 'vcbMounter' 4360 error] Error: Failed to open the disk

: One LUN could not be opened

\[2007-08-23 15:50:10.895 'vcbMounter' 4360 error] An error occured, cleaning up.

..[/i][/b]

What are the minimum permissions required (NT group membership) to allow this to work ?

I know it must be a permissions issues as when we place these users in the local administrators group on the VCB proxy it all works.

Are there registry keys, local policies, or groups I need to change ?

Thanks

0 Kudos
1 Reply
Mr_Spain
Contributor
Contributor
‎09-14-2007 03:37 AM

For those interested an update on this.

Our intended use for this was to delegate the vRanger/VCB backups to our Backup Operators group. Due to the sensitivity of the VCB Proxy server (VMFS LUNs attached) we didn't want to give Backup Operators administrative access over the VCB proxy server itself.

Unfortunately though, during our tests, we found that VCBMounter required a very high level of local administrative rights over the VCB Proxy server. Basically, if your not in the local admins group, if won’t work.

If a Domain user kicks of a LAN Free backup, the backup will start but then fails with the following error:

[i]\[2007-09-11 14:47:50.182 'App' 3332 error] No path to device LVID:46c5b6c3-1d538

567-7d2d-0014c2638841/46c5b6c1-d680566d-c24d-0014c2638841/1 found.

\[2007-09-11 14:47:50.182 'BlockList' 3332 error]

\[2007-09-11 14:47:50.495 'vcbMounter' 3332 error] Error: Failed to open the disk

: One LUN could not be opened

\[2007-09-11 14:47:50.495 'vcbMounter' 3332 error] An error occurred, cleaning up

...[/i][/b]

If that same user is then placed in the local admins group on the VCB proxy server everything works fine.

So we logged a call with VMWare, they too initially though that this was a good idea; however, they now inform us that it cannot be done. VCB requires admin privileges that cannot be assigned to a user via local policy, registry setting, or NTFS permission, they must be an admin user.

I 'd like to hear from anyone that has managed it some other way.

Thanks

0 Kudos