Quick tip: fix connection errors for Veeam Remote Access Console

0 Flares Twitter 0 Facebook 0 Google+ 0 LinkedIn 0 Email -- 0 Flares ×
Veeam Remote Access Console is a nice and extremely useful addition to Veeam Cloud Connect, that has been introduced into Veeam Backup & Replication 9.5 Update 2. My colleauge Anthony Spiteri wrote a great blog post about it, that you can read here, so I’m not going to explain it again.
I want however to briefly talk about a possible issue you may face. If you are doing a greenfield deployment, you are probably going to follow, among the different recommendations we have publishes, the list of Cloud Connect Used Ports that you have to open in a firewall. However, many deployments have been designed before this feature was introduced, and this may lead to a problem: in the new pages of the user guide dedicated to the feature, or even Anthony’s blog, there’s no mention about the two new dedicated TCP ports you need to open:
Cloud gateway to VCC server, ports TCP 8190 and 8191: “Port on the SP Veeam backup server used by SP-side network redirector(s) to connect to the Remote Access Console and establish a Remote Desktop Connection to tenant.”
These two ports are used by the new component, the “Network Redirector”, used by the new feature to allow connections between the provider console and the tenant’s Veeam server. The ports are only listed in the used ports list, but if you already deployed Cloud Connect you may not thnk about checking again for newly added ports. Another reason why you may not face the issue is that both your cloud gateway(s) and your Veeam Backup server sit in the same subnet, without any firewall between each other. By the way, this is not the suggested design we recommend our providers to do, as it’s clearly explained in the Veeam Cloud Connect Reference Architecture I wrote.
Anyway, if the two ports are not open, you may see this error when trying to use the Remote Access Console:
The error says: “This tenant does not allow managing any of their backup servers remotely”, which may be a bit misleading as it hints to a problem at the tenant side, while in reality the problem sits at the provider side. (I already suggested our developers to change the error message). Once the two firewall ports are open, the attempt to connect to a remote VBR server via Cloud Connect will work as expected:
I hope this can save time to Veeam service providers trying to configure this feature.
Thanks to Veeam support guys that quickly helped me find the solution to this error!

 

0 Flares Twitter 0 Facebook 0 Google+ 0 LinkedIn 0 Email -- 0 Flares ×