...
BugZero found this defect 2742 days ago.
All credentials and backup encryption keys become unusable after manually migrating Veeam Backup and Replication software to a different machine. The term "manual migration," in this case, refers to the process of installing Veeam Backup & Replication on a new system and directing it to use the configuration database from a prior Veeam Backup & Replication installation on a different machine. Example: Veeam Backup & Replication was initially deployed on a virtual machine with its configuration database hosted on a remote dedicated SQL server. As the company expanded, it was decided to construct a dedicated physical server for running Veeam Backup & Replication. The original Veeam Backup & Replication server was decommissioned, and the software was then installed on the new physical server. During this installation, the installer was set to connect to the pre-existing configuration database on the remote dedicated SQL server. Although Veeam Backup & Replication successfully completed the installation and preserved job configurations, the credentials stored in the configuration database could not be decrypted and used due to the change in hardware.
All credentials and encryption keys are stored in the Veeam Backup & Replication configuration database and encrypted with the machine-specific private key of the backup server. Accordingly, a new deployment of Veeam Backup & Replication cannot decrypt that data if installed on a different machine.
The recommended method to migrate the Veeam Backup & Replication software is documented here:Migrating Veeam Backup & Replication to Another Backup Server If a configuration backup is not available and manual migration is the only option available, after doing so, all encrypted data within the database will have to be manually updated.Advice: If it is not possible to migrate Veeam Backup & Replication according to the directions in the user guide, please get in touch with Veeam Support for assistance. Use the "Manage Credentials" option to re-enter all passwords. All encrypted backup sets need to be removed from the configuration and then rescanned back into the inventory, their decryption password provided, and then remapped to their respective jobs. If you are using Enterprise Manager, please contact Veeam technical support to remove the crypto-info about the EM master key from the VeeamBackup database.