- Veeam Support Knowledge Base
- How to Change Credentials for a Shared Folder in a File to Tape Job
How to Change Credentials for a Shared Folder in a File to Tape Job
Cheers for trusting us with the spot in your mailbox!
Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest
Purpose
Solution
Veeam Backup & Replication version 10.x or greater
Starting with Veeam Backup & Replication v10, to add an SMB share to a File Backup to Tape job, the SMB share must be added in the Inventory view under File Shares > SMB Shares section.
To change which credentials are assigned to an SMB share, edit the entry for that share in the Inventory view under File Shares > SMB Shares section.
Veeam Backup & Replication version 9.x or lower
When a UNC path is specified in the Files and Folders section of a File Backup to Tape job clicking the Next button will cause a message box to appear asking for credentials. This interface is the only way to change credentials associated with a shared folder object. This message box will only appear if no credentials were previously assigned to the share, and then only if the Veeam Data Mover Service (VeeamTransportSvc.exe) is unable to access the share.
Forcing a Credentials Record Change Prompt
If the credentials presently in use are valid, but you wish to change which credentials are used to connect to the share, you will have to force Veeam to see the current credentials as invalid. The easiest way to accomplish this is to temporarily deny access to the file or folder added to the File to Tape job. This denial of access will cause Veeam to believe the credentials are invalid and prompt you to enter new credentials.
A complete overview of SMB share permissions is beyond the scope of this article but consider the following examples.
Example 1: Shared folder on a Windows file server
In this example, a folder (E:\share) on a Windows 2012R2 file server is shared as \\fs1\share with the special group Everyone. \\fs1\share is added to a File to Tape job.
On the file server:
- In an Explorer window, right-click the shared folder (E:\share) and select Properties;
- From the Sharing tab, click Advanced Sharing;
- Click Permissions;
- Select Everyone and note the current permissions;
- Deny all permissions, click OK, then in the Advanced Sharing window click Apply.
- In the Veeam console, in the Files and Folders page of the File to Tape job settings, click Next. A message box will appear;
- Change the permissions for
\\fs1\shareto match what was noted in step 4; - In the Veeam console, choose a credentials record in the message box, or add a new record.
Example 2: Shared file on a domain-joined NAS
In this example, the file \\nas01\share\folder1\file1.txt is added to a File to Tape job. There is no credentials record associated with nas01. The Veeam Data Mover Service on backup server VEEAMBK01 is running as Local System.
- Open an Explorer window to
\\nas01\share\folder1; - Right-click
file1.txtand select Properties; - From the Security tab, click Edit;
- Click Add;
- Click Object Types, and make sure Computers is checked. Click OK;
- Type
VEEAMBK01$and click OK; - Deny all permissions to the
VEEAMBK01computer account, and click Apply; - In the Veeam console, in the Files and Folders page of the File to Tape job settings, click Next. A message box will appear;
- Return the file permissions for
file1.txtto their prior state by selecting theVEEAMBK01computer account and clicking Remove, then Apply; - In the Veeam console, choose a credentials record in the message box, or add a new record.
Deleting the Shared Folder Object
These steps are not generally recommended, but may in some cases be simpler than denying access to the share.
For information on how to apply SQL scripts please review https://www.veeam.com/kb1443.
- Backup the Veeam database. (http://www.veeam.com/kb1471);
- Verify the record to be deleted by running the following query against the configuration database (VeeamBackup by default);
SELECT * FROM [backup.model.mrulist]- Run the following query, changing <share path> to match the record to be deleted.
DELETE FROM [backup.model.mrulist] WHERE url = ‘<share path>’(Example) DELETE FROM [backup.model.mrulist] WHERE url = ‘\\nas01\share\folder1’
Identifying the Credentials Record Associated with the Share
$job = Get-VBRtapejob -name "NameOfYourTapeJoB"
$job.object | Foreach{
New-Object -Typename PSObject -Property @{
Path = $_.Path
Credentials = $_.Credentials.Name
CredsDescription = $_.Credentials.Description
}
}In Veeam Backup & Replication version 9 and earlier, a UNC path may not be associated with a credentials record. If there is no associated record, the share is accessed using the account specified for the Veeam Data Mover Service (VeeamTransportSvc.exe). Local System is used by default. Use the Services MMC console (services.msc) to determine the account currently in use.
Note: It is possible to change the service account from this MMC console, but keep in mind that this service also determines the account used by data mover processes (VeeamAgent.exe), which can have an impact on other job types that access files on the Veeam Backup server. When changing the service account, make sure no jobs or restores are running before restarting the service.
Additional Considerations
In Veeam Backup & Replication 9 and earlier, the “Size” displayed in the File to Tape Job wizard is based on information collected by the Veeam Installer Service (VeeamDeploymentSvc.exe). If this service runs as an account that does not have read access to the share, and no credentials record is associated with the share, the wizard will display 0.0 KB, and the job will fail with the message “unable to enumerate files in folder.”
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.
Spelling error in text
Thank you!
Your feedback has been received and will be reviewed.
Oops! Something went wrong.
Please try again later.
KB Feedback/Suggestion
This form is only for KB Feedback/Suggestions, if you need help with the software open a support case
Thank you!
Your feedback has been received and will be reviewed.