Operational Defect Database

BugZero found this defect 299 days ago.

Veeam | kb4477

Access Denied Error After Migrating Configuration from MFA-Enabled Server

Last update date:


Affected products:

Veeam Backup & Replication

Affected releases:


Fixed releases:

No fixed releases provided.



After performing Configuration Restore using the Migration mode from a Configuration Backup created by a Veeam Backup & Replication server that had MFA enabled, login attempts using local accounts cause the Veeam Backup & Replication Console to display the error: Failed to connect to Veeam Backup & Replication server: Access denied.


This issue occurs because the local account being used to log in has no Role assigned within the migrated Configuration Database and therefore has no access. The user accounts, their respective roles, and MFA data are stored within the Configuration Database using the use account's SID. While the local account names between the two machines may be the same, the SID is different and is therefore treated as a user that was never assigned a role. Note: This same issue will impact domain accounts when migrating the configuration to a machine in a different domain that uses the same domain account names as the initial domain to which the original machine was connected.


Scenario 1: Migrating to a Machine Joined to the Same Domain If the configuration migration was to a machine joined to the same domain as the original Veeam Backup Server, sign in to the Veeam Backup & Replication Console using a domain account that was assigned a Veeam Backup Administrator role and remove the local accounts associated with the old machine from the Users and Roles panel, then readded local accounts from the new machine as needed.

Additional Resources / Links


BugZero® Risk Score

What's this?

Coming soon



Learn More