How to Change Credentials for a Shared Folder in a File to Tape Job

KB ID: 2171
Product: Veeam Backup & Replication | 9.0 | 9.5 | 10 | 11 | 12
Published: 2016-09-28
Last Modified: 2021-08-06
Get weekly article updates
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.

Cheers for trusting us with the spot in your mailbox!

Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest

error icon

Oops! Something went wrong.

Please try again later.

Purpose

This article documents how to change credentials used to connect to a UNC path added to File Backup to Tape job.
 

Solution

Veeam Backup & Replication version 10.x or greater

Starting with Veeam Backup & Replication v10, to add an SMB share to a File Backup to Tape job, the SMB share must be added in the Inventory view under File Shares > SMB Shares section.

To change which credentials are assigned to an SMB share, edit the entry for that share in the Inventory view under File Shares > SMB Shares section.

Screenshot of veeam console showing the inventory page with the Files Shares section expanded to show SMB shares.

Veeam Backup & Replication version 9.x or lower

The information in this section of the KB article is relevant to interacting with Veeam Backup & Replication v9 or earlier. Starting with Veeam Backup & Replication v10, shares are managed in the Inventory view under File Shares > SMB Shares section.
When a Shared folder is added to a File Backup to Tape job it becomes an object that cannot be managed via the user interface. The share will remain part of the backup infrastructure even after being removed from the job.

When a UNC path is specified in the Files and Folders section of a File Backup to Tape job clicking the Next button will cause a message box to appear asking for credentials. This interface is the only way to change credentials associated with a shared folder object. This message box will only appear if no credentials were previously assigned to the share, and then only if the Veeam Data Mover Service (VeeamTransportSvc.exe) is unable to access the share.
 
If a credential record is already associated with a shared folder, the simplest way to update the credential record used for that share is to update that credential record in the Credentials Manager.  If it is unclear which record to change, see “Identifying the Credentials Record Associated with the Share” below.

Forcing a Credentials Record Change Prompt

If the credentials presently in use are valid, but you wish to change which credentials are used to connect to the share, you will have to force Veeam to see the current credentials as invalid. The easiest way to accomplish this is to temporarily deny access to the file or folder added to the File to Tape job. This denial of access will cause Veeam to believe the credentials are invalid and prompt you to enter new credentials. 

A complete overview of SMB share permissions is beyond the scope of this article but consider the following examples.

Example 1: Shared folder on a Windows file server

In this example, a folder (E:\share) on a Windows 2012R2 file server is shared as \\fs1\share with the special group Everyone. \\fs1\share is added to a File to Tape job.

On the file server:

  1. In an Explorer window, right-click the shared folder (E:\share) and select Properties;
  2. From the Sharing tab, click Advanced Sharing;
  3. Click Permissions;
  4. Select Everyone and note the current permissions;
  5. Deny all permissions, click OK, then in the Advanced Sharing window click Apply.
  6. In the Veeam console, in the Files and Folders page of the File to Tape job settings, click Next. A message box will appear;
  7. Change the permissions for \\fs1\share to match what was noted in step 4;
  8. In the Veeam console, choose a credentials record in the message box, or add a new record.

User-added image

Example 2: Shared file on a domain-joined NAS

In this example, the file \\nas01\share\folder1\file1.txt is added to a File to Tape job. There is no credentials record associated with nas01. The Veeam Data Mover Service on backup server VEEAMBK01 is running as Local System.

  1. Open an Explorer window to \\nas01\share\folder1;
  2. Right-click file1.txt and select Properties;
  3. From the Security tab, click Edit;
  4. Click Add;
  5. Click Object Types, and make sure Computers is checked. Click OK;
  6. Type VEEAMBK01$ and click OK;
  7. Deny all permissions to the VEEAMBK01 computer account, and click Apply;
  8. In the Veeam console, in the Files and Folders page of the File to Tape job settings, click Next. A message box will appear;
  9. Return the file permissions for file1.txt to their prior state by selecting the VEEAMBK01 computer account and clicking Remove, then Apply;
  10. In the Veeam console, choose a credentials record in the message box, or add a new record.

Deleting the Shared Folder Object

Starting with Veeam Backup & Replication v10, shares are managed in the Inventory view under File Shares > SMB Shares section. If the SQL query below is used with Veeam Backup & Replication v10 or greater, it will only list legacy shared folder entries, which are unrelated to the shares managed in the Inventory view.

These steps are not generally recommended, but may in some cases be simpler than denying access to the share.
For information on how to apply SQL scripts please review https://www.veeam.com/kb1443.

  1. Backup the Veeam database. (http://www.veeam.com/kb1471);
  2. Verify the record to be deleted by running the following query against the configuration database (VeeamBackup by default);
SELECT * FROM [backup.model.mrulist]
  1. Run the following query, changing <share path> to match the record to be deleted.
DELETE FROM [backup.model.mrulist] WHERE url =<share path>
For example, if the folder \\nas01\share\folder1\ is added to the job, replace ‘<share path>’ with ‘\\nas01\share\folder1’ to produce the query:

(Example) DELETE FROM [backup.model.mrulist] WHERE url = ‘\\nas01\share\folder1’

Identifying the Credentials Record Associated with the Share

The PowerShell script below will not display the credentials used for a share in Veeam Backup & Replication version 10 or greater.
To get a list of credentials for file share objects, open the Veeam Backup & Replication main menu and start Powershell, then run the following script:
$job = Get-VBRtapejob -name "NameOfYourTapeJoB"
$job.object | Foreach{
    New-Object -Typename PSObject -Property @{
        Path = $_.Path
        Credentials = $_.Credentials.Name
        CredsDescription = $_.Credentials.Description
    }
}

In Veeam Backup & Replication version 9 and earlier, a UNC path may not be associated with a credentials record. If there is no associated record, the share is accessed using the account specified for the Veeam Data Mover Service (VeeamTransportSvc.exe). Local System is used by default. Use the Services MMC console (services.msc) to determine the account currently in use.

Note: It is possible to change the service account from this MMC console, but keep in mind that this service also determines the account used by data mover processes (VeeamAgent.exe), which can have an impact on other job types that access files on the Veeam Backup server. When changing the service account, make sure no jobs or restores are running before restarting the service.

Additional Considerations

In Veeam Backup & Replication 9 and earlier, the “Size” displayed in the File to Tape Job wizard is based on information collected by the Veeam Installer Service (VeeamDeploymentSvc.exe). If this service runs as an account that does not have read access to the share, and no credentials record is associated with the share, the wizard will display 0.0 KB, and the job will fail with the message “unable to enumerate files in folder.”

To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.

Spelling error in text

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

Oops! Something went wrong.

Please try again later.

KB Feedback/Suggestion

This form is only for KB Feedback/Suggestions, if you need help with the software open a support case

By submitting, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Verify your email to continue your product download
We've sent a verification code to:
  • Incorrect verification code. Please try again.
An email with a verification code was just sent to
Didn't receive the code? Click to resend in sec
Didn't receive the code? Click to resend
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

error icon

Oops! Something went wrong.

Please try again later.