Installing the new Veeam Software Appliance v13

By Tomica Kaniski in Other 0 Comment

It’s finally here – the Veeam Software Appliance, v13!

 

What is it?

A simple to deploy, hardened Veeam instance, which is not installed on Windows anymore, but comes with it’s own (Rocky) Linux – everything packed in a nice software appliance!

Very nice!

 

Naturally, should be installed ASAP! 🙂

 

Installation

So, without actually reading the manual, I went and installed it in my lab (that’s how easy is to start with it!). There will be plenty of time to read the manual once issues start… right?!

Installation has a few steps:

  • obtain the installation ISO image from here (or from your account page):
    • be careful to select Linux appliance, and not the Windows installation ISO

  • prepare hardware to install it to – for me, it’s a Windows Server 2025 Hyper-V VM (4 vCPU, 18 GB RAM, 2×240 GB HDD, SecureBoot (MS UEFI CA) enabled):
    • check the requirements here

  • once you selected and prepared your hardware, you can start the installation – it looks like this:

  • in case you didn’t read the hardware requirements, you may face this error (so, go back, re-read the hardware requirements and update your hardware):

  • and after this question, the (automatic) installation proceeds, with no more inputs required from your side:
    • while waiting for it to install, I recommend you take a look at the nice, shiny, new What’s new document!

  • installation took ~35 minutes on my machine

 

Initial configuration

After the automatic installation finished, there are a couple of initial settings that have to be taken care of:

  • accepting the necessary agreements:

  • assigning a hostname
  • setting up networking
  • configuring time source
  • setting up passwords for the admin accounts (Host Administrator and (optionally) Security Officer):
    • really liked the process of setting up the MFA for host administrator here (as SO is optional, MFA for this account will be setup later, inside the web interface)!
    • don’t use passwords that are too short… or the same! 😁

  • summary:

And… that’s it! Veeam is installed and initially configured, and now you can access it via browser:

  • host management at https://<vsa-ip-address>:10443/

  • Veeam Backup & Replication web interface https://<vsa-ip-address>/
    • (or just use the Windows console for full experience)

What a nice installation experience! Well done, Veeam people! 👏

Of course, next I’ll install my license, add rest of the infrastructure, setup my backup jobs, and connect it to (Veeam One) monitoring.

After all, it’s a “normal” Veeam solution we already know and work with.

Cheers!

Installing Azure ATP Sensor… failed with 0x80070643

By Tomica Kaniski in Other 0 Comment

Another “short and sweet” one! 😀

I was installing a couple of Microsoft Defender for Identity (a.k.a. Azure Advanced Threat Protection, or Azure ATP) sensors, on Domain Controllers behind corporate proxies.

Everything went well on all of them… but the last one, of course!

Every other picked up the system proxy settings and installation went fine, but the last one failed… with a highly descriptive error saying “Installation failed. Error code: 0x80070643“:

It seems that this installation hasn’t picked up the system’s proxy settings (for whatever reason), and this information needed to be set manually during the installation.

So, after downloading and unpacking the Azure ATP Sensor installation, open Command Prompt (as Administrator, of course) and, from its folder, run this command (make sure you enter your proxy information and the right access key):

Hope it helps (helped me)! If it doesn’t, try reading this thread.

Cheers!

NetScaler, XenMobile and SSL certificates

By Tomica Kaniski in Other 4 Comments

So, you’ve finally decided to make yourself “a small Citrix lab” (XenMobile and NetScaler), but you’re having trouble with getting all the certificates in place. Fear not, I’m here to help!

Installing the SSL certificates for NetScaler is relatively simple, but still… some steps are easily forgotten and then… you need to troubleshoot. Smile

Steps to install the SSL certificate for NetScaler (correctly) are:

  1. Install the server certificate (for example, certificate for xms.yourdomain.com). The easiest way is to use .PFX certificate file, and you can install it through Traffic Management – SSL – Certificates – Server Certificates.
  2. Install the issuing and root CA’s certificates (.PEM files are OK) through Traffic Management – SSL – Certificates – CA Certificates.
  3. Create link (right click – Link) between the server certificate and issuing CA’s certificate.
  4. Create link (right click – Link) between the issuing CA’s certificate and root CA’s certificate.
  5. Check the certificate links on issuing CA’s certificate (right click – Certificate links). There should be two – one linking the server certificate, another the root certificate.
  6. Select the imported certificate for NetScaler Gateway usage.
  7. Select the imported certificate for (SSL) virtual servers as well. If you’re using NetScaler appliances in HA mode, force synchronization.
  8. Check if certificates are installed properly (for example, by opening the MAM interface with your browser – https://mam.yourdomain.com/ or https://mam.yourdomain.com:8443/).
  9. Check if certificate chain is in order as well – https://www.digicert.com/help/.

For XenMobile Server, there is some preparation work to do, to get it all right. Basically, you’ll need to combine all the (.PEM) certificate files into one, upload that to XenMobile Server, and restart.

Steps are:

  1. Combine individual (.PEM) certificate files (server, issuing and root CA) into one .PEM file by following instructions on this DigiCert site (you can use Notepad to achieve this). Your final .PEM file should look like this:

    2. —–BEGIN CERTIFICATE—–
    (server_certificate.pem content)
    —–END CERTIFICATE—–
    —–BEGIN CERTIFICATE—–
    (issuing_ca_certificate.pem content)
    —–END CERTIFICATE—–
    —–BEGIN CERTIFICATE—–
    (root_ca_certificate.pem content)
    —–END CERTIFICATE—–

  2. Upload the combined (.PEM) certificate file to XenMobile Server.
  3. Restart all the XenMobile Server nodes (one by one).
  4. Check if nodes picked up the certificate change (for example, by opening the XenMobile Server management interface with your browser – https://{node’s_IP_address}:4443).
  5. Check if certificate chain is in order as well – https://www.digicert.com/help/.

And… that’s it!

Oh, yeah – in case you’ve been living under a rock… don’t use the SHA-1 certificates anymore… they are obsolete now (info). Smile

Cheers!