{"id":1737,"date":"2025-12-03T21:04:50","date_gmt":"2025-12-04T03:04:50","guid":{"rendered":"https:\/\/zewwy.ca\/?p=1737"},"modified":"2025-12-03T21:04:50","modified_gmt":"2025-12-04T03:04:50","slug":"adding-a-hyper-v-host-to-veeam","status":"publish","type":"post","link":"https:\/\/zewwy.ca\/index.php\/2025\/12\/03\/adding-a-hyper-v-host-to-veeam\/","title":{"rendered":"Adding a Hyper-V host to Veeam"},"content":{"rendered":"<p><a href=\"https:\/\/helpcenter.veeam.com\/archive\/backup\/120\/hyperv\/hv_server_before_begin.html\">Before You Begin &#8211; Veeam Backup &amp; Replication User Guide for Microsoft Hyper-V<\/a><\/p>\n<p>Before you add a Microsoft Hyper-V server to the backup infrastructure, check the following prerequisites:<\/p>\n<ul>\n<li class=\"List_L1\"><span class=\"List_L1\">Check permissions required to add the server. For more information, see\u00a0<\/span><a class=\"List_L1\" href=\"https:\/\/helpcenter.veeam.com\/archive\/backup\/120\/hyperv\/required_permissions.html#rphost\">Permissions<\/a><span class=\"List_L1\">.<\/span>\n<ul>\n<li>Admin permissions based account got it&#8230;<\/li>\n<\/ul>\n<\/li>\n<li class=\"List_L1\"><span class=\"List_L1\">[For SCVMM] SCVMM Admin UI must be installed on the backup server. Otherwise, you will not be able to add SCVMM servers to the backup infrastructure.<br \/>\n<\/span><\/li>\n<li class=\"List_L1_Paragraph\"><span class=\"List_L1_Paragraph\">SCVMM console version must match the management server version.<\/span><\/li>\n<li class=\"List_L1\"><span class=\"List_L1\">Make sure that you do not add to the backup infrastructure\u00a0<\/span><span class=\"List_L1\">Hyper-V<\/span><span class=\"List_L1\">\u00a0hosts or clusters managed by an SCVMM server if this SCVMM server is already added to the backup infrastructure.<\/span>\n<ul>\n<li>Nope just a stand alone host<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li class=\"List_L1\"><span class=\"List_L1\">File and printer sharing must be enabled in network connection settings of the added\u00a0<\/span><span class=\"List_L1\">Microsoft Hyper-V<\/span><span class=\"List_L1\">\u00a0host. Otherwise,\u00a0<\/span><span class=\"List_L1\">Veeam\u00a0Backup\u00a0&amp;\u00a0Replication<\/span><span class=\"List_L1\">\u00a0will fail to deploy required components.<\/span>\n<ul>\n<li>Uhhh wut?<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li class=\"List_L1\"><span class=\"List_L1\">Make sure that the NETBIOS name of the\u00a0<\/span><span class=\"List_L1\">Microsoft Hyper-V<\/span><span class=\"List_L1\">\u00a0Server is successfully resolved.<\/span>\n<ul>\n<li class=\"List_L1_Paragraph\">Uhhh wut?<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li class=\"List_L1\"><span class=\"List_L1\">If you get the &#8220;<\/span><span class=\"T_Emphasis\">Invalid Credentials<\/span><span class=\"List_L1\">&#8221; error when adding a\u00a0<\/span><span class=\"List_L1\">Hyper-V<\/span><span class=\"List_L1\">\u00a0host using a local account, see\u00a0<\/span><a class=\"List_L1\" href=\"https:\/\/www.veeam.com\/kb1914\" target=\"_blank\" rel=\"noopener\">this Veeam KB article<\/a><span class=\"List_L1\">.<\/span><\/li>\n<li><\/li>\n<\/ul>\n<p>This is gonna suck..<\/p>\n<p><a href=\"https:\/\/www.reddit.com\/r\/Veeam\/comments\/1kw53dk\/unable_to_add_a_single_hyperv_host_to_veeam\/\">Unable to add a single Hyper-V host to Veeam. : r\/Veeam<\/a><\/p>\n<p><a href=\"https:\/\/community.veeam.com\/discussion-boards-66\/i-am-unable-to-add-hyper-v-hosts-to-veeam-5604\">i am unable to add Hyper V hosts to Veeam | Veeam Community Resource Hub<\/a><\/p>\n<p>Why?&#8230;<\/p>\n<p>When you add a Hyper\u2011V host to Veeam Backup &amp; Replication, the product deploys its transport service and integration components remotely using Windows\u2019 built\u2011in administrative shares (<code>ADMIN$<\/code>, <code>C$<\/code>). That\u2019s why File and Printer Sharing must be enabled on the NIC: without those hidden shares, Veeam cannot copy files or install its agents. By default, only the built\u2011in Administrator or domain admin accounts can access these shares remotely, because User Account Control (UAC) strips remote admin rights from other local accounts. This often surprises people who harden their hosts by disabling the Administrator account or removing shares, since Veeam\u2019s deployment model depends on them being present.<\/p>\n<p>On standalone Hyper\u2011V hosts, this creates a security trade\u2011off. You can either leave the built\u2011in Administrator enabled (simpler, but harder to audit), or disable UAC remote restrictions so named local admin accounts can access the shares (more auditable, but technically weaker security posture because all local admins gain remote rights). In practice, many administrators prefer creating a dedicated service account for Veeam and a separate account for human administration, then disabling the built\u2011in Administrator. This way, activity is traceable and controlled, while still allowing Veeam to function. The nuance is that Veeam chose the \u201clowest common denominator\u201d approach \u2014 SMB admin shares \u2014 which works everywhere but clashes with modern hardening practices, so standalone hosts require careful balancing of convenience, auditability, and exposure.<\/p>\n<p>Step 1) Enable SMB<\/p>\n<pre>Install-WindowsFeature -Name FS-FileServer -IncludeManagementTools<\/pre>\n<p>Edit your firewall rules as required as this will create 3 new ones and open them up (135 DCOM, 445 SMB, and dynmic ports one), in my case I disabled them and only enabled the SMB restrictive rule.<\/p>\n<p>Check off Microsoft file and print sharing service under the NIC settings for which will be used to add Hyper-V to Veeam.<\/p>\n<p>Maybe we can enable it only during deployment then disable it, lets find out. On Hyper-V lets create a dedicated Veeam admin account, then disable remote UAC while adding the host to Veeam. Done, adding host to Veeam&#8230;<\/p>\n<p>Option 1) Specify the local administrator account. (Usually disabled on hardened servers)<\/p>\n<p>OR<\/p>\n<p>Option 2) edit registry to allow remote uac, so the built in admin shares can be accessible by admin account that is named and not the built in administrator account.<\/p>\n<p>Why Veeam does allow for the ability to prepare a Hyper-V host via these install packages manually without exposing the post to these additional attack surfaces is honestly beyond me. I usually love Veeam but this one is kind of dumb.<\/p>\n<p>Step 2) Disable Remote UAC restrictions<\/p>\n<p>I&#8217;ll stick with option 2: <a href=\"https:\/\/learn.microsoft.com\/en-us\/troubleshoot\/windows-server\/windows-security\/user-account-control-and-remote-restriction?ad=in-text-link#how-to-disable-uac-remote-restrictions\">User Account Control and remote restrictions &#8211; Windows Server | Microsoft Learn<\/a><\/p>\n<p>To disable UAC remote restrictions, follow these steps:<\/p>\n<ol>\n<li>Click\u00a0<strong>Start<\/strong>, click\u00a0<strong>Run<\/strong>, type\u00a0<em>regedit<\/em>, and then press ENTER.<\/li>\n<li>Locate and then click the following registry subkey:\n<pre><code>HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System<\/code><\/pre>\n<\/li>\n<li>If the\u00a0<strong><code>LocalAccountTokenFilterPolicy<\/code><\/strong>\u00a0registry entry doesn&#8217;t exist, follow these steps:\n<ol>\n<li>On the\u00a0<strong>Edit<\/strong>\u00a0menu, point to\u00a0<strong>New<\/strong>, and then select\u00a0<strong>DWORD Value<\/strong>.<\/li>\n<li>Type\u00a0<em>LocalAccountTokenFilterPolicy<\/em>, and then press ENTER.<\/li>\n<\/ol>\n<\/li>\n<li>Right-click\u00a0<strong>LocalAccountTokenFilterPolicy<\/strong>, and then select\u00a0<strong>Modify<\/strong>.<\/li>\n<li>In the\u00a0<strong>Value data<\/strong>\u00a0box, type\u00a0<em>1<\/em>, and then select\u00a0<strong>OK<\/strong>.<\/li>\n<li>Exit Registry Editor.<\/li>\n<\/ol>\n<p>Now open a file explorer window in Veeam Server, and point to \\\\IPofHyper-V\\admin$ it should prompt you for creds, you should be able to provide the creds of the named admin account and it should connect.<\/p>\n<p>Well I got past the error&#8230;<\/p>\n<p><a href=\"https:\/\/i.imgur.com\/aDHtvUI.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"https:\/\/i.imgur.com\/aDHtvUI.png\" alt=\"\" width=\"703\" height=\"132\" \/><\/a><\/p>\n<p>Sigh n&#8217; groan&#8230;. ughhhh.. too be continued, time to make a Server 2025 image&#8230;<\/p>\n<p>Lets try again..<\/p>\n<p><a href=\"https:\/\/i.imgur.com\/CEVblrz.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"https:\/\/i.imgur.com\/CEVblrz.png\" alt=\"\" width=\"746\" height=\"532\" \/><\/a><\/p>\n<p><a href=\"https:\/\/i.imgur.com\/xGHdDSe.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"https:\/\/i.imgur.com\/xGHdDSe.png\" alt=\"\" width=\"750\" height=\"537\" \/><\/a><\/p>\n<p><a href=\"https:\/\/i.imgur.com\/nnzRxHk.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"https:\/\/i.imgur.com\/nnzRxHk.png\" alt=\"\" width=\"752\" height=\"531\" \/><\/a><\/p>\n<p><a href=\"https:\/\/i.imgur.com\/0IqBaAx.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"https:\/\/i.imgur.com\/0IqBaAx.png\" alt=\"\" width=\"752\" height=\"534\" \/><\/a><\/p>\n<p>And this time success&#8230;<\/p>\n<p><a href=\"https:\/\/i.imgur.com\/vYyx6Nk.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"https:\/\/i.imgur.com\/vYyx6Nk.png\" alt=\"\" width=\"749\" height=\"530\" \/><\/a><\/p>\n<p><a href=\"https:\/\/i.imgur.com\/QF7jMm5.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"https:\/\/i.imgur.com\/QF7jMm5.png\" alt=\"\" width=\"747\" height=\"532\" \/><\/a><\/p>\n<h1 style=\"text-align: center;\"><span class=\"ez-toc-section\" id=\"Restore_Storage_Theory\"><\/span>Restore Storage Theory<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<h2 style=\"text-align: center;\"><span class=\"ez-toc-section\" id=\"%F0%9F%96%A5%EF%B8%8F_Scenario\"><\/span>\ud83d\udda5\ufe0f Scenario<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<ul>\n<li><strong>Source<\/strong>: Veeam is running inside a VM on ESXi.<\/li>\n<li><strong>Repository<\/strong>: Local storage attached to that VM (so Veeam sees it as a local NTFS\/ReFS volume).<\/li>\n<li><strong>Target<\/strong>: A standalone Hyper\u2011V host with only local storage (no SMB shares, no clustered SOFS).<\/li>\n<\/ul>\n<div><\/div>\n<h3 style=\"text-align: center;\"><span class=\"ez-toc-section\" id=\"%F0%9F%94%A7_How_Veeam_Writes_the_VM_HDD_Files\"><\/span>\ud83d\udd27 How Veeam Writes the VM HDD Files<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ol start=\"1\">\n<li><strong>Restore job starts<\/strong>\n<ul>\n<li>You pick the Hyper\u2011V host as the restore target.<\/li>\n<li>Veeam knows it must deliver VHDX files + VM configuration to that host\u2019s storage path (e.g., <code>D:\\VMs\\MyVM\\<\/code>).<\/li>\n<\/ul>\n<\/li>\n<li><strong>Transport service on Hyper\u2011V host<\/strong>\n<ul>\n<li>Veeam deploys or uses its <strong>Veeam Data Mover Service<\/strong> (part of the Veeam transport service) on the Hyper\u2011V host.<\/li>\n<li>This service is responsible for receiving blocks of data and writing them to disk.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Data transfer<\/strong>\n<ul>\n<li>The Veeam server (on ESXi) reads blocks from the backup file in its local repository.<\/li>\n<li>Those blocks are sent over the network to the Hyper\u2011V host using Veeam\u2019s own transport protocol (TCP\/IP).<\/li>\n<li><strong>Important<\/strong>: This is not SMB \u2014 it\u2019s Veeam\u2019s proprietary data mover channel.<\/li>\n<\/ul>\n<\/li>\n<li><strong>File creation on Hyper\u2011V host<\/strong>\n<ul>\n<li>The transport service on the Hyper\u2011V host opens a file handle on the local filesystem (NTFS\/ReFS).<\/li>\n<li>It creates the target VHDX file and writes the incoming blocks directly using standard Windows file I\/O APIs (<code>CreateFile<\/code>, <code>WriteFile<\/code>, etc.).<\/li>\n<li>VM configuration files (<code>.vmcx<\/code>, <code>.vmrs<\/code>) are also written directly to the host\u2019s local storage.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Completion<\/strong>\n<ul>\n<li>Once all blocks are written, Hyper\u2011V sees the restored VM files in its local storage.<\/li>\n<li>Veeam registers the VM with Hyper\u2011V Manager if you chose a full VM restore.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<div><\/div>\n<h3 style=\"text-align: center;\"><span class=\"ez-toc-section\" id=\"%E2%9C%85_Key_Points\"><\/span>\u2705 Key Points<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><strong>No SMB is used here.<\/strong><\/li>\n<li>Veeam uses its <strong>own transport service<\/strong> to push data over TCP\/IP to the Hyper\u2011V host, which then writes the files directly to local disk.<\/li>\n<li>SMB only comes into play if the repository or Hyper\u2011V storage is on a remote file server (like a NAS or SOFS cluster).<\/li>\n<\/ul>\n<p>Retore to Hyper-V<\/p>\n<p>Here a whole video on the process, cause I wasn&#8217;t sure how to do it as when I selected restore entire VM to new location, only my ESXi hosts were selected, AI said it not possible, Googling said that Instant Restore was the only option&#8230; mhmm that video showed the same thing&#8230;<\/p>\n<p>I won&#8217;t lie I felt so dumb at first cause the restore prompt said &#8220;waiting on user input&#8221; and there was an open console link at the bottom of the instant restore wizard, so I clicked that and it kept asking for creds (I thought the hyper-v ones) and it kept failing&#8230; till I realized you just have the VM already running (or not based on your selection) but it&#8217;s already registered to the host, you have to finish an instant restore by clicking migrate to production option.<\/p>\n<p>I tell ya&#8230; that made me feel really&#8230;. reallllly dumb&#8230;..<\/p>\n<p>anyway I hope this posts helps someone.<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Before You Begin &#8211; Veeam Backup &amp; Replication User Guide for Microsoft Hyper-V Before you add a Microsoft Hyper-V server to the backup infrastructure, check the following prerequisites: Check permissions required to add the server. For more information, see\u00a0Permissions. Admin permissions based account got it&#8230; [For SCVMM] SCVMM Admin UI must be installed on the &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/zewwy.ca\/index.php\/2025\/12\/03\/adding-a-hyper-v-host-to-veeam\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Adding a Hyper-V host to Veeam&#8221;<\/span><\/a><\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"sfsi_plus_gutenberg_text_before_share":"","sfsi_plus_gutenberg_show_text_before_share":"","sfsi_plus_gutenberg_icon_type":"","sfsi_plus_gutenberg_icon_alignemt":"","sfsi_plus_gutenburg_max_per_row":"","footnotes":""},"categories":[5,236],"tags":[485],"class_list":["post-1737","post","type-post","status-publish","format-standard","hentry","category-hypervisors","category-veeam","tag-hyper-v"],"_links":{"self":[{"href":"https:\/\/zewwy.ca\/index.php\/wp-json\/wp\/v2\/posts\/1737","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zewwy.ca\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zewwy.ca\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zewwy.ca\/index.php\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/zewwy.ca\/index.php\/wp-json\/wp\/v2\/comments?post=1737"}],"version-history":[{"count":3,"href":"https:\/\/zewwy.ca\/index.php\/wp-json\/wp\/v2\/posts\/1737\/revisions"}],"predecessor-version":[{"id":1742,"href":"https:\/\/zewwy.ca\/index.php\/wp-json\/wp\/v2\/posts\/1737\/revisions\/1742"}],"wp:attachment":[{"href":"https:\/\/zewwy.ca\/index.php\/wp-json\/wp\/v2\/media?parent=1737"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zewwy.ca\/index.php\/wp-json\/wp\/v2\/categories?post=1737"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zewwy.ca\/index.php\/wp-json\/wp\/v2\/tags?post=1737"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}