[Fixed] Error Using Veeam Agent for Windows Free with a NAS

Tags

I have previously blogged about how to back-up home systems to commercial standards. A useful tool for the home user is Veeam Agent for Windows Free. It allows you to make a recovery disk and system image and has a very reliable restore feature.

In the small office/home (SoHo) environment the back-up target will typically be a Unix NAS with RAID1. To avoid authentication issues and errors like,

Error: Shared memory connection was closed. Failed to upload disk. Agent failed to process method {DataTransfer.SyncDisk}.

You must ensure that ALL access from the computer being backed up to the NAS uses the same user identity on the NAS.

This will not work,

User accesses NAS as “James”
Veeam Agent for Windows accesses NAS as “Veeam”
FileHistory accesses NAS as “BatchJobs”

because the SMB protocol only allows a single security token. In this situation you will have intermittent failures with the error above.

This will work,

User accesses NAS as “Computer1”
Veeam Agent for Windows accesses NAS as “Computer1”
FileHistory accesses NAS as “Computer1”

A suitable directory structure on the NAS is

nas-file-structure

Each Computer has its own account on the NAS which is used for all backup and restore jobs including FileHistory. We cannot allow Windows Users or services to have individual accounts on the NAS.

4 thoughts on “[Fixed] Error Using Veeam Agent for Windows Free with a NAS”

Daniele said:

07/11/2018 at 08:03

Hi James,
that’s not good from the security standpoint.

Backups should always connect to the network storage via private socket so, if the client is infected by virus (worm like ransomware) it can’t access to the stored backup.

I’m having the same issue with Veeam Backup agent Free on Windows on a machine with 3TB fo data to backup.

I don’t think that to use just credential to connect to the nas for both general purposes and backup is a solution

Thank you

Dr James Bayley said:

07/11/2018 at 09:10

Thank you for your comment. You are correct. I address this issue in
https://blog.jamesbayley.com/2017/01/02/new-year-annual-backups/ and
https://blog.jamesbayley.com/2016/01/03/the-definative-guide-to-backing-up-your-home-computer/

In summary, you can guard against cryptolocker attacks by using a different protocol for backup. For example, I use my NAS with SMB for File History and user shares and with FTP for weekly backup. In this was if the machine is compromised and the virus has access to the SMB backups (user shares and file history) it will not have access to the FTP backups because different credentials are used.

My most recent advice is that the primary data backup target should be Microsoft OneDrive because this has built-in ransomware protection. Microsoft Office 365 Home gives you 6 users each with 1TB of storage for ~ $100 a year. You then get Office 365 “free”. The NAS should be the second line of defense.

texastig said:

26/08/2019 at 14:49

‘Veeam Backup agent Free’ has encryption and ransomware won’t be able to overwrite it. Make sure to enable the encryption and set a password.

- Dr James Bayley said:
  
  28/08/2019 at 10:03
  
  How does that work? My assumption was that ransomware is working with the user’s privilege (or as Admin) and therefore can delete the files.