Practical Method for Resetting vCenter Password – Safe Recovery Without Reinstall

 Introduction

Recently, while upgrading a customer's vCenter, I encountered a situation where the root password was unknown. The customer also asked around but couldn't find it. To recover this root password, I did some research, and today I'm sharing it here. The practical environment for this operation: VMware vSphere vCenter 8.0.

Steps:

1. Use the Administrator@vsphere.local account to log in to https://vCenterIP:5480.

2. Navigate to the "Access" tab and check whether vCenter SSH login is enabled. If SSH remote access is not activated, click "Edit" and enable "Activate SSH Login."

3. Use the Administrator@vsphere.local account to SSH remotely into the vCenter server.

4. Type "shell.set --enabled true" to enable the shell function.

 
shell.set--enabled true

5. Type "shell" to enter the shell bash interface.

6. Use "sudo passwd root" to update the root password. Enter the new password twice.

7. Sometimes the account might be locked, so we need to unlock it first.

version before 8.0 u2 

 
sudo pam_tally2 --user=root --reset

version after 8.0 u2 (include 8.0 u2)

 
sudo /usr/sbin/faillock --user root --reset

Your Can Refer to this VMware official document:

• VMware Official vCenter Password Recovery Documentation
  https://docs.vmware.com/en/VMware-vSphere/index.html

• VMware vCSA Security & Access Management
  https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security

🔍 Why vCenter Password Reset Is a Common Admin Challenge

Password-related lockouts are one of the most frequent vCenter operational issues, especially in environments with:

• Password expiration policies

• Staff turnover

• MFA misconfiguration

• Limited documentation

Using a practical and supported vCenter password reset method helps administrators restore access without risking data loss or reinstallation.

---

🛠 Common Scenarios That Require Resetting vCenter Passwords

You may need to reset a vCenter password when:

• The root or administrator password is forgotten

• vCenter services are running, but the login fails

• Password expired, and SSH access is blocked

• Appliance shell is disabled

• Access is needed urgently during outages

This practical reset approach minimizes downtime and avoids unnecessary rebuilds.

---

✅ Best Practices Before Resetting vCenter Passwords

Before performing a password reset, always:

• Take a snapshot of the vCenter appliance

• Ensure console access via ESXi or vSphere

• Confirm the exact vCenter version

• Schedule a maintenance window if possible

These steps reduce the risk of recovery and help ensure a smooth reset process.

🔹 Password & Recovery Related

• vCenter 8.0 Password Recovery from GRUB
  https://anfuitblog.blogspot.com/2025/12/vcenter-80-password-recovery-from-grub.html

• How to Reset VMware vCenter 6.7 Root Password
  https://anfuitblog.blogspot.com/2025/09/how-to-reset-vmware-vcenter-67-root.html

🔹 Service & Access Troubleshooting

• VMware vCenter 503 Service Unavailable – Troubleshooting Guide
  https://anfuitblog.blogspot.com/2025/08/vmware-vcenter-503-service-unavailable.html

• Practical Method for Resetting vCenter Password

Veeam 12 Upgrade Failed – Root Cause Analysis and How the Issue Was Finally Resolved

Recently, due to security vulnerabilities, I was performing an upgrade to Veeam Backup & Replication version 12.3. Today, upgrading one Veeam instance failed. This article documents the analysis process and the solution.

Problem Analysis

According to the prompt, checking the log (SetupBackupCheckerBR_26_10_2025_20_50_44.log) shows the error content:

ERROR [PGSQL] 28000: SSPI authentication failed for user "postgres" (Npgsql.PostgresException)

From the error message, it can be seen that error code 28000 indicates authentication failure, and SSPI (Security Support Provider Interface) is an authentication mechanism used by Windows. This error is a PostgreSQL database authentication failure. Some possible causes for the error are:

• Windows user mismatch
• pg_hba.conf configuration issue
• Service account permission issues

I suspected it was due to a Windows user mismatch because I was logged in with my own domain account, while the account that installed this VBR was a different one. Since there was no authorization, it couldn't connect to the PostgreSQL instance.

So I checked the Veeam official explanation:

This error occurs when the account used to interact with the PostgreSQL instance is not authorized.

Sure enough, since my account wasn't authorized, it naturally couldn't perform the upgrade operation. The solution is quite simple: use the account that deployed the VBR installation to perform the upgrade operation.

Checking the C:\Program Files\PostgreSQL\15\data\pg_ident.conf configuration file:

This configuration file records the domain account used during the VBR installation. I didn't have the password for this account, and the colleague who owned it had already left the company, so it couldn't be used. In this case, the only option was to add a new domain account. You can refer to the following steps.

Solution

Check the Veeam PostgreSQL log (C:\Program Files\PostgreSQL\15\data\log), scroll to the end where the error occurred:

Add the above domain account to the C:\Program Files\PostgreSQL\15\data\pg_ident.conf configuration file:

Save the file, then re-run the upgrade operation:

Problem solved, upgrade completed.

If the hostname of the VBR host has been changed, you might also encounter this issue and need to update the pg_ident.conf file.

Note: Starting from Veeam 12, the underlying data storage can use a PostgreSQL database.

Why Veeam 12 Upgrade Failures Are Often Misleading

Many administrators assume a Veeam 12 upgrade failure is caused by installer bugs or corrupted packages. In reality, upgrade errors are frequently triggered by environmental issues such as:

• Insufficient disk space on system or configuration volumes

• Leftover services or locked processes

• Repository metadata inconsistencies

• Unsupported OS or missing prerequisites

These hidden problems often surface only during the upgrade process, making root cause analysis critical.

Key Lessons Learned from This Veeam 12 Upgrade Case

This case highlights several important upgrade best practices:

• Always validate disk space and file system health before upgrading

• Stop all Veeam-related services cleanly

• Check Windows Event Viewer and Veeam logs, not just installer messages

• Do not ignore “non-critical” warnings shown during pre-checks

Veeam upgrades are reliable—but only when the environment is clean.

✅ Recommended Pre-Upgrade Checklist for Veeam 12

Before upgrading Veeam Backup & Replication, ensure:

• Backup repositories are online and healthy

• No active backup or replication jobs are running

• Windows updates are completed

• Antivirus exclusions are configured for Veeam directories

• A configuration backup has been taken

📌 External reference (Veeam official upgrade guide):
https://helpcenter.veeam.com/docs/backup/vsphere/upgrade_vbr.html

 

vCenter 8.0 Password Recovery from GRUB – Step-by-Step Root Access Guide

A few days ago, I installed vCenter 8.0 to use as a lab environment, but after installation, I found that no matter what password I entered, it was incorrect. After several attempts, I realized I had remembered the wrong password, so I'm documenting this article to help myself and others figure out what to do when you forget your vCenter password.

This article outlines the steps to reset the root password on the ESXi host where vCenter is installed, including reboot procedures, modifying command-line options, and using vDCA to generate a new administrator password.

Introduction

Losing administrative access to VMware vCenter 8.0 can quickly turn into a critical outage. Fortunately, VMware provides a supported way to recover the vCenter root password using GRUB mode, allowing administrators to regain control without reinstalling the vCenter Server Appliance (vCSA).

This guide explains how vCenter 8.0 password recovery from GRUB works, when to use it, and best practices to avoid future lockouts.

Resetting the root account password

1. First, to reset the root password, log in to the ESXi host where vCenter is installed and reboot vCenter.

2. Open the virtual console. When the Photon interface appears, press the "e" key to enter the "Options" settings.

3. After pressing "e", the GNU GRUB interface appears.

4. Add "rw init=/bin/bash" after "fips=1", then press "F10" or "Ctrl+X" to boot into the system.

   This mounts the root filesystem in read-write mode (rw) and specifies the system initialization process as the bash shell (init=/bin/bash), bypassing the normal login process and directly entering a command-line environment with root privileges, used for system troubleshooting (such as resetting passwords, modifying configuration files, etc.).

5. Enter the following commands in sequence:

   mount -o remount,rw / (Remount the already mounted filesystem with read-write permissions to the root directory)

   passwd root (Change the root password)

   Enter the new password

   Enter the new password again

   umount / (Unmount the root filesystem)

   reboot -f (Force reboot the system)

 
mount -o remount,rw / 
passwd root
New password
Retype new password
umount /
reboot -f

Modifying the vCenter password

1. Open the virtual console and press "Alt+F1" to enter the vc command-line interface.

2. Log in with the root account using the newly reset root password.

3. Enter "shell" to enable BASH.

4. Use the "vdcadmintool" command tool to reset the password. Enter the command "/usr/lib/vmware-vmdir/bin/vdcadmintool".

5. Select option 3, "Reset account password", to reset the account password. Enter "3" and press "Enter".

6. Enter "administrator@vsphere.local" and press "Enter". A random password will be generated.

7. Copy the generated random password, open the vc page in a browser, and log in.

8. After entering vc, click the account icon in the upper right corner and select "Change Password".

9. After changing the password, click confirm.

Conclusion

The vCenter 8.0 account password reset process is now complete. For newcomers to the IT field, especially those getting familiar with data center infrastructure, small issues like forgetting a password are actually great opportunities to understand the underlying system logic. It helps you better understand vCenter's boot process, the role of command-line tools (like passwd and vdcadmintool), and more.

However, prevention is always better than recovery—secure your vCenter access, monitor password policies, and document emergency procedures to stay in control of your virtual infrastructure.

Related troubleshooting guide:
https://anfuitblog.blogspot.com/2025/09/how-to-reset-vmware-vcenter-67-root.html

Fixing Veeam Agent Push Error – Emergency Manual Installation Guide for Windows & Linux

Introduction

When deploying workloads through Veeam Backup & Replication, administrators often rely on Veeam Agent push installation to simplify backup rollout across Windows or Linux hosts.
But when the push installation fails, backups cannot run, and organizations may be exposed to data loss.

This article explains how to troubleshoot the Veeam Agent Push Error and provides an emergency manual installation method to quickly restore protection on any system.

First, the Windows backup agent installation package can be downloaded from the Veeam official website.

Stage 1: Backup Agent Installation

1. After downloading the Windows backup agent installation package, right-click and run it as administrator.

2. Select "Next" by default.

3. Click "I Accept."

4. Wait for the backup agent installation to complete.

Stage 2: Creating a Recovery Image

1. After the backup agent installation is complete, by default, "Perform recovery media boot" is checked. Click "Finish."

2. You can customize the contents included in the recovery image; generally, select the middle two options.

3. Choose the storage path for the recovery image ISO (this path is on the local physical server).

4. Enter the username and password for shared access to retrieve this ISO file.

5. Click "Create" to create the recovery image.

6. The recovery image has been created. Check the recovery image at the specified path.

Stage 3: Creating a Backup Job

1. In the recently added items, select "Configure Backup."

2. Enter the backup job name.

3. Select full machine backup. (If the physical machine has an external dongle or other USB devices connected, check the "Include external USB drives" option.)

4. Generally, place the backup data into the Veeam backup repository.

5. Enter the backup console IP address, username, and password.

6. Select the backup repository.

7. Set the backup retention period to 7 days and configure the full backup retention duration.

8. Set the backup execution time.

9. Click "Finish" to complete the backup job creation.

10. When entering the backup console, the physical machine backup job will already exist.

Stage 4: Backup Test Verification

1. Open Veeam Agent for Microsoft Windows.

2. Select the backup job and manually perform a full backup.

3. The task will be triggered in the backup console.

4. Backup successful.

Conclusion

The Veeam Agent Push Error is common in enterprise environments, especially those with strict network or security policies.
By following the troubleshooting steps and applying the emergency manual installation method, you can restore backup functionality quickly and prevent future deployment failures.

Reliable agent installation ensures reliable backups—your last line of defense against data loss and ransomware.

See related troubleshooting:
https://anfuitblog.blogspot.com/2025/12/reviewing-case-where-veeam-backup.html

“Secure VBR Login & Console Best Practices”
https://anfuitblog.blogspot.com/2025/09/making-vbr-login-more-secure-complete.html

Fix the Veeam VBR v12.3 upgrade error

Reviewing a Case Where Veeam Backup Failed – Root Cause, Fixes & Prevention Tips

Introduction

Last Friday, a reporting database deployed on a virtualization platform experienced a service interruption because the underlying storage volume ran out of space, making the disk unwritable and unreadable. Since storage space couldn’t be freed up quickly, we decided to use Veeam Backup to rapidly restore a new database to resume business access as soon as possible.

However, during the database restoration using Veeam, I encountered an unexpected issue. This article will review the entire process and share relevant insights.

Case Overview – What Happened?

First, I confirmed that the daily backup tasks for the reporting database all showed as successful. Based on the backup status, the restore operation should have proceeded smoothly.

Next, I followed Veeam’s standard restoration procedure: creating a virtual machine, installing Oracle software, and deploying the Veeam Agent. Once everything was ready, I launched Veeam Explorer for Oracle to perform the database restore. But then an error appeared:

Cannot find autobackup files for the selected database on the backup repository. Make sure database backup is created with the latest available plug-in version and enable controlfile autobackup on the source server to prevent this error in future.

This error was surprising—if the backup tasks showed success every day, why couldn’t the restore proceed?

According to the error prompt, the backup set did not contain a backup of the control file. Veeam indicated that we should check whether the source database had the control file autobackup feature enabled in RMAN with the following configuration:

 
RMAN> show controlfile autobackup;

RMAN configuration parameters for database with db_unique_name RTP are:
CONFIGURE CONTROLFILE AUTOBACKUP OFF;

If this option wasn’t enabled, Veeam would not back up the control file by default. We later confirmed this in the backup directory:

 
root@veeamrepo01:/backupdata/backups/VeeamPluginUser_LinRman_42101602-3240-f20c-a1c7-1e9946f37a8e# ll c-*
ls: cannot access 'c-*': No such file or directory

The control file is critical for Oracle database recovery. Without it, restoration is impossible. To make matters worse, the original host where the reporting database resided couldn’t start due to storage issues—we were stuck!

Fortunately, the virtualization team promptly freed up some storage space, allowing the original host to reboot and the database to return to normal. I immediately enabled RMAN’s CONTROLFILE AUTOBACKUP configuration, restarted a database backup task in Veeam, and after the backup completed, checked whether the control file existed in the backup directory:

 
root@veeamrepo01:/backupdata/backups/VeeamPluginUser_LinRman_42101602-3240-f20c-a1c7-1e9946f37a8e/sqrptbak_rtpdb# ll c-*
-rw-r--r-- 1 veeamrepo veeamrepo 2248704 Nov 21 11:23 c-1857153753-20251121-00.vab
-rw-r--r-- 1 veeamrepo veeamrepo   17912 Nov 21 11:23 c-1857153753-20251121-00.vasm

Although the issue was resolved, this incident highlighted an important problem: when Veeam backs up an Oracle database, its ability to back up the control file depends on RMAN’s CONTROLFILE AUTOBACKUP configuration. This dependency wasn’t clearly highlighted during the Veeam backup task deployment, which can be misleading.

Afterward, I reviewed Veeam’s official documentation and found that it does include relevant information:

Therefore, I strongly recommend that teams using Veeam to back up Oracle databases promptly check whether the RMAN controlfile autobackup option is enabled on the source database. This ensures the backup set includes the control file and avoids complications during restoration.

Conclusions

This incident served as a wake-up call and offers the following takeaways and recommendations:

1. Backup validation is essential: A backup task showing "success" doesn’t guarantee the backup set is complete or usable. Regularly performing recovery drills is key to verifying backup validity.

2. Understand backup mechanism dependencies: When Veeam backs up Oracle databases, control file backup relies on RMAN’s CONTROLFILE AUTOBACKUP configuration. Be sure to enable this option on the source database to ensure the control file is included in the backup set.

3. Improve deployment and verification processes: When deploying Veeam backup tasks, clearly identify such dependency configurations and include them in initial checklists to avoid unusable backups due to configuration oversights.

4. Establish emergency communication protocols: During issues with underlying infrastructure like storage, timely communication and collaboration with relevant teams can buy more time and options for recovery.

Hope this experience sharing helps everyone better avoid similar risks in daily operations and ensures the reliability of database backup and recovery processes.

Related reading: Veeam Security Deep Dive – Malware & Ransomware Defense

fix Veeam VBR v12.3 upgrade fails

 Understanding Veeam Intelligence Functions – Smart Backup, Threat Detection & Automated Recovery

Introduction

Modern businesses need more than just backups—they need intelligent systems that can detect threats, reduce risks, automate protection, and accelerate recovery.
This is why Veeam Intelligence Functions have become a core part of the Veeam platform, especially with Veeam Backup & Replication v12/v13, where AI-powered features help organizations protect their data against ransomware, malware, and human error.

Veeam Intelligence, as the AI-powered assistant within the Veeam product family, is revolutionizing how we work. It’s not only built into Veeam Backup & Replication but also integrated into other Veeam products such as Veeam ONE, delivering intelligent support across the entire data protection ecosystem.

This article will focus on Veeam Intelligence’s applications within Veeam Backup & Replication; in future discussions, we’ll explore its unique value in other products like Veeam ONE.

Core Capabilities: Your 24/7 Expert Team

Veeam Intelligence is not merely a Q&A tool—it’s a full team of experts. Within Veeam Backup & Replication, whether you need an architect, support engineer, security advisor, or development engineer, it can assume the corresponding professional role. In other products like Veeam ONE, it demonstrates different expertise, providing intelligent support for monitoring, reporting, and analytics.

🏗️ Architect Role: Intelligent Advisor for System Design

When facing complex environment planning, Veeam Intelligence analyzes your VM count, business type, and RTO/RPO requirements to deliver comprehensive architectural design proposals. It not only helps predict storage growth and recommend optimal scaling timing but also identifies potential single points of failure and suggests redundancy solutions. Most importantly, it finds the most cost-effective hardware investment plan while meeting your business needs.

🔧 Support Engineer Role: Troubleshooting Powerhouse

When production issues arise, Veeam Intelligence rapidly analyzes error logs to pinpoint root causes. It doesn’t just check related configuration settings and uncover potential linked issues—it also provides clear, step-by-step troubleshooting guides to help you trace symptoms back to their true origins. Even better, it offers preventive measures to avoid recurrence.

🛡️ Security Advisor Role: Professional Guidance for Data Protection

When facing data security threats and compliance requirements, Veeam Intelligence acts like a dedicated security consultant, offering comprehensive protection recommendations. It not only analyzes current environment risks and suggests appropriate Malware Detection configurations but also provides defense strategies based on the latest threat intelligence. Notably, it delivers targeted security configuration guidance aligned with Veeam’s latest security feature updates from v12 to v13, ensuring your data protection framework consistently meets the latest security standards and compliance mandates.

💻 Development Engineer Role: Coding Partner for Automation

When you need to develop automation scripts or system integrations, Veeam Intelligence automatically generates PowerShell and Python script templates, provides REST API call examples, and delivers complete technical integration plans. This dramatically lowers the barrier to automation development, enabling tasks that once took weeks to be completed in just days.

Latest Highlight: Powered by enhanced foundational models and visible reasoning processes, each role can now see the AI’s professional analytical logic—ensuring accuracy and actionable recommendations.

New Features of Veeam Intelligence in Veeam Backup & Replication

Thanks to recent updates, Veeam Intelligence’s capabilities within Veeam Backup & Replication have taken a quantum leap. While similar features exist in other products like Veeam ONE, this article focuses specifically on VBR scenarios:

🎯 Fully Natural Language Conversations with Voice Input/Output Support

Imagine solving problems as easily as chatting with a colleague: “My backup job failed last night—error code 2934 affected my finance database backup. What should I do?” Veeam Intelligence fully understands your problem description and delivers precise solutions.

Even better, it supports voice input and output. Picture yourself sipping coffee in the morning, saying to your computer: “Give me a report on last night’s backups,” and the AI assistant instantly delivers a detailed summary. This natural interaction makes daily operations smoother and more enjoyable.

🎯 Thinking Mode Support

Veeam Intelligence follows mainstream AI trends by introducing Visible Thinking Process functionality—a now-standard feature in conversational AI. Veeam brings this convenience to the data protection field.

In Thinking Mode, the AI assistant reveals its full analytical process: from understanding the core problem, to querying relevant knowledge bases, to reasoning toward a conclusion. This transparent workflow lets you not only know “what” but also “why.”

This design helps users better understand the AI’s decision logic and enables them to ask follow-up questions about the reasoning process, creating truly meaningful human-AI dialogue experiences.

🎯 Basic and Advanced Modes

Veeam Intelligence offers two distinct working modes, striking a balance between usability and data privacy:

Basic Mode: Operates entirely on Veeam’s public knowledge base without sending your specific environment data to any external services. While it cannot access real-time data from your current VBR server, it’s sufficient for learning Veeam concepts, understanding best practices, or consulting configuration methods.

Advanced Mode: More powerful, this mode directly queries your VBR server information. It transmits relevant data from your backup server to Veeam’s AI model in the cloud, analyzes the data on your backup server, and provides tailored recommendations.

Cloudflare November 18 Global Outage – Causes, Impact, and How to Stay Protected

Introduction

On November 18, Cloudflare experienced a significant global outage that caused widespread disruption across websites, APIs, applications, and online services. As one of the world’s largest CDN and security providers, any Cloudflare outage has a massive ripple effect across the internet.

This article explains what caused the Cloudflare outage, the global impact, and practical steps organizations can take to reduce downtime in future CDN failures.

On November 18th, Cloudflare, the world's largest CDN and cybersecurity service provider, experienced its most severe outage since 2019. Multiple websites using Cloudflare encountered 5xx errors, causing access disruptions, and even services like authentication, KV storage, and Turnstile were briefly paralyzed.

What Happened During the Cloudflare November 18 Outage?

Cloudflare reported that the outage was triggered by issues within their core network routing layer, affecting:

• DNS resolution

• CDN edge nodes

• Website and API responsiveness

• Application security services

Many users experienced:

• “Connection timed out”

• “Error 500/502”

• “Website not reachable”

📌 According to the official Cloudflare Status page, the outage impacted multiple regions at the same time, making it one of the year's largest disruptions:
External link: https://www.cloudflarestatus.com/

Timeline of the incident:

11:05 — A database permission change was deployed

11:20–11:28 — 5xx errors began appearing globally, marking the full outbreak of the故障

13:05 — KV and Access services underwent emergency bypass procedures, partially restoring service

14:30 — The faulty Bot Management configuration file was replaced, restoring most traffic

17:06 — All systems returned to normal

The entire incident lasted approximately 6 hours

Why did the outage occur? (Official technical explanation)

Cloudflare's Bot Management system generates a "signature file" (used to determine if a visitor is a bot) every few minutes.

This database permission update caused a backend SQL query to return an additional batch of data from "underlying shard tables," unexpectedly doubling the file size.

The maximum number of signatures supported by Cloudflare's proxy software is about 200.

Normally, only around 60 are used.

However, this time the generated file exceeded the expected size due to the doubled content, causing all proxy modules to panic (crash), resulting in widespread 5xx errors globally.

Since most Cloudflare products rely on the proxy module, services like KV, Access, and Turnstile were also affected simultaneously.

How to Protect Your Website from Future CDN Outages

✔ 1. Use Multi-CDN Architecture

Deploying backup CDNs (CloudFront, Fastly, Akamai) can keep websites online even if Cloudflare fails.

✔ 2. Implement Redundant DNS Providers

Combine Cloudflare DNS with:

• Google DNS

• Route53

• Quad9

✔ 3. Enable Local Caching & Failover

Store essential static assets locally or use browser-level caching to reduce impact.

✔ 4. Monitor Availability 24/7

Tools like:

• UptimeRobot

• BetterStack

• Pingdom
  help track outages in real time.

✔ 5. Prepare an Incident Response Plan

Have a documented plan for:

• Switching DNS records

• Communicating with customers

• Using failover IP routing

📌 Best practice reference:
External Source: https://www.cloudflare.com/learning/cdn/what-is-a-cdn/

Conclusion

The Cloudflare November 18 global outage shows how dependent the modern internet is on centralized infrastructure. While incidents like this are rare, businesses can dramatically reduce risks by implementing redundant CDNs, multi-DNS, caching, and monitoring systems.

By learning from this event, organizations can build more resilient, outage-proof architectures for the future.

Related Reading: An Alternative Method to Defend Against Ransomware – Advanced Data Protection Strategies

Veeam Backup & Replication v13 – Comprehensive Malware Detection and Ransomware Defense

Introduction

Version v13 marks a significant leap in malware detection capabilities. Compared to the real-time detection already available in the v12 era, v13 brings qualitative improvements in threat response mechanisms, platform coverage, and intelligent capabilities.

The latest Veeam Backup & Replication v13 takes data protection to the next level with a built-in malware detection engine, providing deeper visibility and faster response to cyber threats.

This article explores the comprehensive malware detection features in Veeam v13, how they integrate with existing ransomware defense mechanisms, and practical tips to maximize your backup security.

 In my previous articles, I've detailed v12's ransomware attack detection principles and configuration methods. Today, we'll build on that foundation to examine v13's key upgrades.

👉 Related reading: VBR Security Feature Deep Dive – Malware and Ransomware Protection

v12 Detection Capability Review: Separation of Detection and Response

During the v12 era, Veeam's malware detection primarily relied on two mechanisms:

• Inline Entropy Scan - Real-time analysis of data block entropy changes during backup to detect encryption behavior
• Index Scan - Analysis of abnormal behavior patterns through file system indexing

The characteristic of these two features was that detection was separate from handling - the system could detect threats in real-time, but the response process required manual intervention. In practical use of v12, this mechanism had several clear limitations:

• Low response automation: After detecting suspicious activity, it mainly relied on administrators to handle it manually
• Limited platform support: Detection capabilities were primarily focused on Windows environments
• Insufficient depth analysis: Lacked further threat analysis capabilities after detecting threats

I believe v13 shows substantial progress in this detection capability, beginning the evolution from "detection" to "intelligent response."

What’s New in Veeam v13 Malware Detection

In VBR v13, malware detection is now an integral part of every backup and recovery workflow.

Key Enhancements Include:

• Real-time malware scanning during backup and restore operations.

• Integration with antivirus and EDR tools for automated threat analysis.

• Anomaly detection that flags unusual changes in data patterns.

• Centralized reporting dashboard to monitor all alerts from one console.

📖 Reference: Veeam v13 Release Notes

V13 Active Response Mechanism: From Detection to Automatic Protection

Proactive investigation: Enhanced threat verification methods

The most important improvement in v13 is the introduction of active backup scanning mechanism. The core concept of this feature is: once suspicious activity is detected during backup, the system immediately triggers more in-depth signature scanning rather than waiting for users to make additional manual judgments.

Software settings:

1. Open the VBR console, go to the top-left Hamburger menu → Malware Detection Setting
2. In the original Signature Detection settings, v13 adds new Proactive investigation options:

The first checkbox enables the active scanning mechanism, while the second option provides further processing, allowing the system to automatically resolve malware incidents based on scan results.

Actual usage effects:

In a simulated ransomware attack test environment, when backup jobs detected large-scale file encryption:

• v12 detected malware: Marked backup as Suspicious, sent alerts, waited for administrator handling
• v13 detected malware: Immediately triggered signature scanning, after confirming threats directly marked as Infected or if no threat was found, re-marked as Clean.

During the v12 era, I frequently heard from customers who discovered Veeam reporting backup archives as Suspicious status but didn't know how to proceed or what was happening. Now with v13's options, we can immediately trigger detection through Veeam without waiting, truly identifying whether problems exist.

Cross-Platform Unified Protection: Linux and Cloud Environments Are No Longer Forgotten Corners

Comprehensive Support for Linux Environments

Another breakthrough in v13 is the full coverage of malware detection capabilities on the Linux platform, which I consider an important part of comprehensive Linux support.

Linux Detection Capabilities:

1. Suspicious file system activity analysis - Same detection logic as the Windows platform
2. Veeam Threat Hunter scanning - Signature-based malware detection
3. YARA rule support - Custom threat detection rules

Key Configuration Points for Practical Use:

For malware detection in Linux environments, pay attention to several special configurations:

1. File system selection: Special characteristics of certain file systems (like Btrfs, ZFS) may affect detection accuracy
2. Permission management: Ensure backup agents have sufficient permissions to read all files requiring detection
3. Performance impact: In resource-constrained Linux environments, detection frequency adjustments may be necessary

Specific Operational Steps:

For agent-based Linux backups, malware detection configuration is basically consistent with Windows environments. It's primarily configured globally through the VBR console's Malware Detection settings, then enabled in specific backup jobs.

Security Protection for Cloud Backups

As more users adopt public cloud, cloud environment security becomes crucial. v13 extends malware detection capabilities to cloud backups:

Supported Cloud Platforms:

• Veeam Backup for Microsoft Azure
• Veeam Backup for AWS
• Veeam Backup for Google Cloud

Usage and configuration, including supported capabilities, are essentially identical to Linux and won't be repeated here.

Antivirus Integration for Linux Mount Servers

v13 supports Linux Server as a Mount Server - this is a fully functional Mount Server. The Secure Restore and Security Scan capabilities available on Windows Mount Servers have been extended to Linux Mount Servers, with equal support for Veeam Threat Hunter signature scanning:

Announced Supported Antivirus Solutions for Linux Versions:

• ClamAV - Open source and free, suitable for budget-conscious environments
• ESET - Commercial solution with strong detection capabilities
• Sophos - Enterprise-grade protection with a user-friendly management interface

Configuration Example:

Using ClamAV as an example, you need to install ClamAV on the Linux mount server, then select the appropriate Linux server in the VBR console's Backup Infrastructure → Mount Servers. During use, both scan backup and Secure restore can call the antivirus software for scanning.

Summary and Recommendations

v13's malware detection capabilities represent a qualitative leap from passive detection to active protection. Several recommendations for actual deployment:

• Gradual implementation: First, validate all new features in test environments before gradually rolling out to production
• Performance monitoring: Closely monitor the impact of new features on backup performance, making adjustments when necessary
• Strategy optimization: Customize detection strategies according to business characteristics, avoiding one-size-fits-all configurations
• Regular drills: Conduct regular malware detection drills to ensure response process effectiveness

These improvements in v13 show us the new positioning of backup systems in overall security architecture - no longer just passive data protectors, but active participants in security defenses. In practical use, proper configuration of these features can significantly enhance an organization's ability to counter modern threats like ransomware attacks.

The Veeam Backup & Replication v13 Malware Detection feature marks a major leap in data protection and cyber resilience.

By combining real-time malware scanning, immutable backups, and AI-powered anomaly detection, Veeam v13 provides the strongest defense yet against ransomware and data corruption.

Stay ahead of cyber threats — upgrade to VBR v13 and protect your backups with confidence.

Veeam Backup Security Deep Dive – How VBR Protects Against Malware and Ransomware

Introduction

Cyber threats like ransomware and malware are now targeting backup repositories, making backup security more critical than ever.
In this article, we take a deep dive into Veeam Backup & Replication (VBR) security features, exploring how Veeam protects your data with immutability, anomaly detection, and layered defense mechanisms.

In addition to online scanning of backup data streams, VBR now also supports secondary scanning of backed-up data. Version 12.1 features two major scanning engines: one uses antivirus software on the Mount Server, and the other uses YARA.

YARA Scanning Engine Tool

YARA (full name: Yet Another Recursive Acronym).

Official website link: https://yara.readthedocs.io/en/latest/.

GitHub repository link: https://github.com/virustotal/yara/.

YARA is typically used to help security experts and researchers identify and classify malware. It is primarily used for malware research and detection. It can scan for text or binary code patterns.

The YARA tool generally consists of two parts. One part is the YARA scanning engine itself, which can be installed on various platforms. The other part is YARA rules, which are matching rules written by users based on actual needs. When using YARA, the simple logic is that the YARA engine calls YARA rules to scan the corresponding content that needs to be scanned and outputs the scan results.

In VDP v12.1, the YARA tool was added. Backup and security administrators can directly call pre-written YARA rules from the VBR console to scan backup archives. There is no need to manually set up a YARA runtime environment yourself.

YARA Rules

Regarding YARA rules, the syntax is actually very simple. You can refer to the official documentation at https://yara.readthedocs.io/en/stable/writingrules.html. Related rule templates can be found on GitHub at https://github.com/Yara-Rules/rules.

VBR comes with three classic YARA rule templates built in, which can serve as references for writing.

Of course, it's not so troublesome now. Various GPTs can help us easily write a YARA rule, for example:

How YARA Scanning Works

Save the content generated by Chat GPT above into a file ending with .yar or .yara, then place it in the C:\Program Files\Veeam\Backup and Replication\Backup\YaraRules directory. VBR will automatically recognize these rules.

After starting the scan, VBR will mount the backup archive to the Mount Server, then use the YARA engine on the Mount Server to load the selected YARA rules for scanning.

Of course, since this scanning is for text and binary patterns, it is not limited to malicious code scanning. In fact, it can scan for any key information we want to find.

Mount Server Antivirus Software Scanning

Starting with VBR v10, antivirus software scanning was built into the Secure Restore feature. VBR calls the antivirus software on the Mount Server to scan backup archives. In v12.1, this feature has been integrated into Scan Backup, and the built-in supported antivirus software has been further expanded.

Antivirus Software Configuration

In v12.1, six antivirus engines are built-in: Symantec Protection Engine, ESET, Windows Defender, Kaspersky Security, Bitdefender Endpoint Security Tools, and Trellix (formerly the well-known McAfee).

Besides these six software options, if other antivirus software needs to be used, Veeam also supports configuring other antivirus software via the AntivirusInfos.xml file. Simply modify the XML file in the %ProgramFiles%\Common Files\Veeam\Backup and Replication\Mount Service directory on the Mount Server and use CLI commands to call the corresponding antivirus software. For more detailed XML configuration methods, refer to the official website's detailed XML syntax attribute description: https://helpcenter.veeam.com/docs/backup/vsphere/av_scan_xml.html?ver=120.

Configuration Methods

On VBR, there are multiple ways to initiate a scan.

1. Select a supported backup archive, right-click, or choose the Scan Backup button on the toolbar to activate the antivirus engine scan or YARA scan dialog.

After starting Scan Backup, a scan dialog will open. At this point, these two engines can be used to perform security scans on the entire backup chain using three different scanning methods.

2. In various whole-machine or disk recovery Secure Restore steps, check the antivirus engine scan or YARA scan option.

3. In SureBackup jobs, check the antivirus engine scan or YARA scan option.

Viewing Scan Results

If the scan results match the content being searched for, VBR will mark the scanned backup archive as Infected status, indicating that malware has been detected.

Complete scan archives are recorded in this directory on VBR: C:\ProgramData\Veeam\Backup\FLRSessions\Windows\FLR__<machinename>_\Antivirus

As with the online malware attack analysis mentioned earlier, detailed scan statuses are also recorded in VBR's History. Scan results can be looked up in History.

The above are some of the new backup archive scanning and inspection methods added in VDP v12.1. They help administrators avoid secondary infections after issues occur and ensure that the restored data is a clean system archive.

Key Veeam Security Features for Malware Defense

🔒 Immutable Backups

Veeam’s immutable backup repositories prevent any modification or deletion of backup data, even by administrators.

• Available for Linux hardened repositories and S3 object storage.

• Ensures ransomware resilience with write-once, read-many (WORM) protection.

📖 Reference: Veeam Immutability Guide

🧠 Malware and Anomaly Detection

Newer Veeam releases include malware scanning integration and anomaly detection capabilities:

• Automatically scans backups for malicious patterns.

• Detects unusual changes in file size or data entropy.

• Integrates with third-party antivirus tools for added security.

👥 Role-Based Access Control (RBAC)

Minimize insider threats with granular permissions:

• Assign user roles like Backup Operator, Restore Operator, or Auditor.

• Restrict critical actions (e.g., deletion, encryption changes).

• Log every activity for audit traceability.

🧩 Multi-Factor Authentication (MFA)

Add an extra layer of protection by enabling MFA in Veeam Enterprise Manager or console access.
It prevents unauthorized login even if credentials are compromised.

👉 Related reading: Making VBR Login More Secure – Complete Guide

Conclusion

The VBR security features in Veeam Backup & Replication provide an advanced defense framework against malware and ransomware.
From immutable backups to anomaly detection and RBAC, Veeam empowers businesses to secure their data and guarantee safe, reliable recovery when disaster strikes.

Protecting your backups isn’t optional—it’s a core part of modern cybersecurity.

Veeam Agent Free and SSH Service – Secure Backup Access and Configuration Guide

introduction

Data protection is more than just backups; it's about the last line of defense for enterprise security. Veeam incorporates security into every detail of its products through a zero-trust design philosophy.

In any system, obtaining account credentials is the starting point for hacker attacks, and backup systems are no exception. Storing and managing accounts carries certain security risks, so when designing and configuring systems, reducing unnecessary automatic remembering and saving of account information is a crucial security measure. In backup solutions, Veeam Agent for Linux introduces passwordless account management, which significantly enhances system security. This approach eliminates the need to store account information within the system, effectively reducing potential security vulnerabilities and data breach risks. This passwordless management mechanism not only elevates backup security but also simplifies administrator workflows. For specific systems, it can even avoid using the SSH management protocol, making the overall system more secure and reliable.

When managing remote backups in Linux and Windows environments, enabling SSH service for Veeam Agent Free ensures secure communication and control. This method allows IT administrators to perform automated, remote, and encrypted backup operations without exposing systems to unnecessary risks.

This guide explains how to configure SSH access in Veeam Agent Free, why it matters, and best practices for maintaining backup security.

Additionally, for environments where bastion hosts manage root passwords, this deployment method can adapt to constantly changing account credentials, eliminating the need to modify stored passwords in the backup system.

How It Works

Before deploying Veeam Agent for Linux, administrators first install Veeam's deployment service package and a temporary certificate on the Linux machine. With this service package in place, when VBR initiates an Agent push/management operation, it detects this component on the Linux system. After establishing a connection with this component, it checks the necessary certificates. If it's a temporary certificate, VBR will issue a formal certificate to replace the current temporary one. Thereafter, VBR will use this valid certificate to communicate with the Linux machine, managing and installing the relevant Agent components. This entire process completely eliminates the need to enter the Linux machine's administrator username and password on the backup server.

Step-by-Step Guide

Now, follow me step-by-step to see how to use this feature.

Step 1: 

First, you need to export the pre-installation software package and temporary certificate from VBR using the following PowerShell command:

 
Generate-VBRBackupServerDeployerKit -ExportPath "C:\Users\Administrator\Documents"

Click the hamburger icon (three horizontal lines) in the top left corner of the VBR server, find the PowerShell menu under Console, enter the above command, and you will obtain this Deployer Kit.

In the exported directory, you will see the files:

• client-cert.pem
• server-cert.p12
• veeamdeployment_12.2.0.334_amd64.deb
• veeamdeployment-12.2.0.334-1.x86_64.rpm
• VeeamDeploymentSvc.mmp

Among them, the rpm package is for Red Hat-based systems, and the deb package is for Debian-based systems. Depending on the system, you need to copy client-cert.pem, server-cert.p12, and either the rpm or deb package to the target Linux machine.

Step 2: 

Run the command to install the rpm package:

 
yum install veeamdeployment-12.2.0.334-1.x86_64.rpm

Step 3: 

Then run the command to install the certificate:

 
/opt/veeam/deployment/veeamdeploymentsvc --install-server-certificate server-cert.p12
/opt/veeam/deployment/veeamdeploymentsvc --install-certificate client-cert.pem
/opt/veeam/deployment/veeamdeploymentsvc --restart

Step 4: 

Return to the VBR console and create a protection group. In the protection group creation wizard, when adding a Linux host, select "Connect using certificate-based authentication." After adding, you can use the "Test Now" button to check connectivity. When using certificate-based authentication mode, VBR will no longer require any SSH service to deploy Veeam Agent for Linux.

Step 5: 

Once everything is normal, you can complete the creation of the Protection Group and push the Agent as usual. During the push process, VBR will update the temporary certificate on the target server, replacing it with a formal communication certificate, and install the Transport service.

Benefits of Using SSH with Veeam Agent Free:

• Secure data transfer and command execution.

• Allows remote management for Linux backups.

• Integrates easily with Veeam Backup & Replication for central control.

• Supports key-based authentication, reducing password risks.

👉 Related reading: Secure Veeam Backup & Replication Login – Complete Guide

That's all for this security tip on Linux Agent management. I hope it helps with your IT system's security. In the next issue, I'll show you how to use passwordless management for Windows systems.

 How to Back Up Your iPhone to a Computer – Complete Guide for Windows and Mac Users

Introduction

Losing your phone can be stressful—but losing your photos, contacts, and messages is even worse. The best way to protect your personal data is to back up your iPhone to a computer regularly.

Whether you use a Windows PC or a Mac, this guide will show you how to easily create and manage local iPhone backups using iTunes or Finder, ensuring your data stays safe even without iCloud.

---

1. Why You Should Back Up Your iPhone to a Computer

Backing up to your computer has several advantages over iCloud:

• Unlimited storage (depends on your hard drive space).

• Faster backup speed, especially for large files.

• Offline access—no need for an internet connection.

• Extra privacy, since your backup stays local.

📌 According to Apple Support, iTunes and Finder backups include nearly all your data, such as app data, settings, messages, and photos.

---

2. How to Back Up Your iPhone on a Windows PC (Using iTunes)

Step 1: Install the latest version of iTunes from the Apple website.
Step 2: Connect your iPhone to the computer using a USB cable.
Step 3: Open iTunes and click the iPhone icon in the top-left corner.
Step 4: Under Backups, select “This Computer” and click “Back Up Now.”
Step 5: Wait for the process to complete, then verify under Preferences → Devices.

💡 Tip: You can enable “Encrypt local backup” to include passwords and health data.

---

3. How to Back Up Your iPhone on a Mac (Using Finder)

If you’re using macOS Catalina or later, you’ll back up your iPhone through Finder instead of iTunes.

Steps:

1. Connect your iPhone via cable.

2. Open Finder, then select your iPhone under Locations.

3. Under Backups, choose Back up all data on your iPhone to this Mac.

4. Click Back Up Now to start the process.

---

4. How to Restore from a Computer Backup

To restore your data:

1. Connect your iPhone to the same computer used for backup.

2. In iTunes or Finder, select Restore Backup.

3. Choose your latest backup file and click Restore.

👉 Related reading: Veeam File-Level Recovery – Open VM Backup Solution

---

5. Best Practices for iPhone Data Protection

• Back up at least once a month.

• Store backups on an external drive for extra protection.

• Use encryption for added security.

• Combine local and cloud backups for redundancy.

For advanced users, tools like iMazing or AnyTrans offer additional management features such as selective backups, app transfer, and device cloning.

---

Conclusion

Regularly backing up your iPhone to a computer is one of the simplest yet most powerful ways to protect your valuable data.

Whether you use iTunes on Windows or Finder on Mac, following these steps ensures your photos, messages, and settings are safe even if your phone is lost or damaged.

Start today—because your data is worth protecting.