VMware Cloud Community
MicahMac
Contributor
Contributor
‎09-02-2020 04:16 AM
Jump to solution

Vcenter Firewall and Veeam

Recently created a brand-new Vcenter 6.7 and have a strange issue with Veeam and the Vcenter firewall.  When I tried to add Vcenter to Veeam it kept failing.  I discovered I had to add an allow rule to the new 6.7 Firewall in the Appliance Management console.  Things worked great for a few weeks until this morning when my backups failed.  I went into the properties section of Veeam and re-ran the credential check and it failed again.  So back to the Vcenter Firewall.  Rule was still in place to allow.  Deleted the rule and re-added it, re-ran the credential check in Veeam and it is working fine again.  The only thing I did was remove the rule and re-add it.  Anyone else come across this?

1 Solution

Accepted Solutions
MicahMac
Contributor
Contributor
‎09-08-2020 08:25 AM
Jump to solution

Just wanted to give a heads up that I was able to use the local account to connect Veeam to Vcenter with and without the firewall rule.  I then tried the AD account without the firewall and it was successful as well.  Not sure what happened here but it might just have been a bug.  Looks good for now.

View solution in original post

5 Replies
Lalegre
Virtuoso
Virtuoso
‎09-02-2020 09:31 AM
Jump to solution

Hello MicahMac​,

What happened to you and your actual configuration to be honest is quite strange. Unless you are using the Firewall inside vCenter you should not create any rule as port 443 is enabled to all by default.

0 Kudos
NicolasAlauzet
Expert
Expert
‎09-03-2020 04:29 AM
Jump to solution

As Leandro said thats an unusual scenario that you have there. You don't need to allow that unless you changed default firewall configuration...

This is the list of ports and why are being used, please check if you have an intermediate fireawall that this is being applied.

Network Protocols and Ports - Veeam MP for VMware User Guides

-------------------------------------------------------------------
Triple VCIX (CMA-NV-DCV) | vExpert | MCSE | CCNA
0 Kudos
MicahMac
Contributor
Contributor
‎09-03-2020 05:07 AM
Jump to solution

I don't have much experience with 6.7 and did find it strange.  I can confirm there is no intermediate firewall between the two systems.  It might be a bug in Vcenter as I had not touched the firewall settings in it initially, I didn't know a firewall existed at all until connecting to it failed.  Does anyone know a way to turn off the firewall in Vcenter?

0 Kudos
NicolasAlauzet
Expert
Expert
‎09-03-2020 05:33 AM
Jump to solution

I was trying to find the service name but not luck.

Anyways I doubt tha this is the issue. The traffic for what you are trying to do is allowed by default.

Are you using a domain account to authenticate with vcenter? Maybe the error comes from there (create a local account vsphere.local  to test if you get the same error)

Also, try doing a reset of vcenter if possible to se if this behavior repeats

-------------------------------------------------------------------
Triple VCIX (CMA-NV-DCV) | vExpert | MCSE | CCNA
0 Kudos
MicahMac
Contributor
Contributor
‎09-08-2020 08:25 AM
Jump to solution

Just wanted to give a heads up that I was able to use the local account to connect Veeam to Vcenter with and without the firewall rule.  I then tried the AD account without the firewall and it was successful as well.  Not sure what happened here but it might just have been a bug.  Looks good for now.