OPERATIONAL DEFECT DATABASE
...
...
While attempting to perform one of the following actions the error "Access is Denied." occurs: When attempting to add a Windows server to Veeam Backup & Replication using a Local Administrator account.
When a Windows Server is added as a Managed Server or added to a Protection Group, Veeam Backup & Replication checks if the Veeam Installer Service (VeeamDeploySvc) is present on the server. If the service is not accessible Veeam Backup & Replication will attempt to connect to the machine via the admin$ share to deploy the service. Example: \\localhost\admin$ The "Access is Denied" error occurs because the user account specified is a local account, and UAC restricts remote access for local accounts.
For Veeam Backup & Replication to add a remote Windows machine as a managed server or as part of a Protection Group, the user account used to connect to that remote machine must work with the UAC remote restrictions. The account must be either: A domain account that is a member of the Local Administrators group. The built-in account named Administrator. Note: The built-in Administrator account may fail if the "User Account Control: Admin Approval Mode for the Built-in Administrator account" policy is enabled on the remote machine. Use Case Examples: If the Windows machine being added to Veeam Backup & Replication is joined to a domain, a domain account that is a member of the Local Administrators group on the remote machine should be used to add the server to Veeam Backup & Replication. If the Windows server being added to Veeam Backup & Replication is not joined to a domain, or there is a need to avoid using a domain account, the built-in account named Administrator must be used to add the server to Veeam Backup & Replication. Other local accounts will be restricted by UAC, even if they are members of the Administrators group.Note: If the Administrator account has been renamed, it can be used as the unique SID that bypasses Remote UAC Restrictions is still valid. If the Windows machine being added to Veeam Backup & Replication is not joined to a domain and is not a server OS, the built-in Administrator account will have to be enabled and a password set for it. Then, that account should be used to add the machine to Veeam Backup & Replication.
If none of the provided solutions are viable, it is possible to disable UAC remote restrictions. This will allow local accounts other than Administrator to be used for remote access. This option should be considered a last resort as it involves disabling a Microsoft Windows OS security feature.
Click on a version to see all relevant bugs
Veeam Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
