Sorry for hijacking this topic. I just don't want to create duplicates. I think that the cause is the same.
After updating from v11 to v12 (12.1.0.3208) we see that VeeamOne server is trying to connect via DCOM to absolutely every guest VM that it can see.
No guest OS credentials is specified anywhere and it is not possible - it is a completely separate network segment.
It wasn't the case with v11 and there is no option to disable this behavior in v12.
On VeeamOne server we see a lot of 10028 EventID erros in System eventlog.
It is some kind of job that occurs exactly every 1 hour.
It tries to connect to port 135/TCP on every VM and also fails authentication because it uses account of VeeamOne service which triggers SIEM. Also it uses NTLM which is a no-no.
If there is any configuration option to disable this behavior - that would be much appreciated.
Error sample:
Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 30.01.2024 13:12:24
Event ID: 10028
Task Category: None
Level: Error
Keywords: Classic
User: DOMAIN\VEEAMONE
Computer: VEEAMONE.DOMAIN.LOCAL
Description:
DCOM was unable to communicate with the computer 192.168.10.23 using any of the configured protocols; requested by PID 2434 (C:\Program Files\Veeam\Veeam ONE\Veeam ONE Monitor Server\VeeamDCS.exe).
After updating from v11 to v12 (12.1.0.3208) we see that VeeamOne server is trying to connect via DCOM to absolutely every guest VM that it can see.
No guest OS credentials is specified anywhere and it is not possible - it is a completely separate network segment.
It wasn't the case with v11 and there is no option to disable this behavior in v12.
On VeeamOne server we see a lot of 10028 EventID erros in System eventlog.
It is some kind of job that occurs exactly every 1 hour.
It tries to connect to port 135/TCP on every VM and also fails authentication because it uses account of VeeamOne service which triggers SIEM. Also it uses NTLM which is a no-no.
If there is any configuration option to disable this behavior - that would be much appreciated.
Error sample:
Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 30.01.2024 13:12:24
Event ID: 10028
Task Category: None
Level: Error
Keywords: Classic
User: DOMAIN\VEEAMONE
Computer: VEEAMONE.DOMAIN.LOCAL
Description:
DCOM was unable to communicate with the computer 192.168.10.23 using any of the configured protocols; requested by PID 2434 (C:\Program Files\Veeam\Veeam ONE\Veeam ONE Monitor Server\VeeamDCS.exe).
Statistics: Posted by Alkochm — Jan 30, 2024 12:56 pm
