OPERATIONAL DEFECT DATABASE
...
...
After enabling multi-factor authentication (MFA) in Veeam Backup & Replication or Veeam Cloud Connect, that server may become listed as "inaccessible" within Veeam Service Provider Console yet the Veeam Management Agent for VSPC continues to display a "healthy" status.
When MFA is enabled, the account used by the Veeam Management Agent service cannot access the Veeam Backup & Replication or Veeam Cloud Connect application. By default, the Veeam Management Agent service deployed on the Veeam Backup & Replication and Veeam Cloud Connect server runs under the Local System account.
To resolve this issue, review the options below: Option 1: Have the Veeam Management Agent Use a Dedicated Service Account The recommended solution is to configure the Veeam Management Agent service to use a dedicated service account (either Domain or Windows local) for which MFA is explicitly disabled. For more information, see Disabling MFA for Service Accounts. In Windows Services ( services.msc ), check if Veeam Management Agent is still running under the Local System account. Edit the Veeam Management Agent service and change the "Log on as" account from the Local System account to any user that is a member of the Local Administrators group or any Domain account with Local Administrators group permissions on that machine. Add the Service account to Veeam Backup & Replication/Veeam Cloud Connect: Add the service account specified for the service to the Users and Roles section. Assign the role: Veeam Backup Administrator. Select the "This is a service account" checkbox to disable MFA.
If the presented options are unsuitable for your situation for any reason, it may be advisable to consider disabling MFA entirely.
Veeam Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
