Challenge
Service Provider has Cloud Bin enabled, resulting in all tenant cloud-based jobs ending with a ‘Warning’ result, regardless of actual job results:
"Your service provider has implemented backup files protection against deletion by an insider for this cloud repository"
Cause
If the tenant plans to create off-site backups with a backup copy job, they should enable GFS retention settings in the job properties. This way, Veeam Backup & Replication will be able to protect backups created with the job against an attack when a hacker reduces the job's retention policy and creates a few incremental backups to remove backed-up data from the backup chain.
With GFS retention settings enabled, the backup chain will contain a sequence of full backups that will not merge according to a retention policy. After such a backup is moved to the "recycle bin", the tenant will be able to use it for data restore.
If the tenant does not enable GFS retention settings for the backup copy job, the job will complete with a warning. In the job statistics window, Veeam Backup & Replication will display a notification advising to use the GFS retention scheme for the job. Note that the warning is displayed only if the tenant backup server runs Veeam Backup & Replication 9.5 Update 3 or later. In earlier versions of Veeam Backup & Replication, the warning will not be displayed, and the backup copy job will complete with the Success status.
Solution
Apply the following registry key on the tenant OR provider server:
Path: HKEY_LOCAL_MACHINE\SOFTWARE\Veeam\Veeam Backup and Replication\
Type: REG_DWORD
Veeam version: 9.5U3 and later
Default value: 2
Description: regulates the warning message about enabling GFS when CloudBin is turned on the SP side. 0 - disable message; 1 - informational; 2 - warning; 3 - error; 4 - job fail. Can be also enabled on the tenant side, in which case it overrides a value on the SP side.