How to re-allocate Citrix licenses

If you create a new Citrix server (license server) and would like to move the existing licenses to the new server, please follow the below steps to reallocate it.

1. Sign in Citrix portal.

2. Select Manage Licenses.

3. On the Manage my licenses page, select View all licenses.

4. Select the Citrix Virtual Apps license that you would like to assign to another server.

5. Select the License, drop-down Select an action, click Modify allocations.

6. On the Modify allocations page, enter the number of licenses, type the Name of the destination Hostname, the Hostname is case sensitive, drop-down Select a Reason, and click Contract allows for rehosting.

7. Select y checking this box, I undertake, on behalf of the license owner, to promptly destroy Returned or Modified licenses and all copies thereof. I acknowledge that licenses may only be loaded on a single license server, appliance or instance in accordance with the Citrix End User License Agreement (EULA), unless otherwise agreed between Citrix and the license owner in writing, I confirm that the information provided in this form is true and accurate and that I am authorized to submit this form and to provide these undertakings on behalf of the license owner. I understand that Citrix reserves its rights generally including under the EULA and its right to audit compliance. I agree that Citrix may contact me at the email address provided in this form to confirm its accuracy and to obtain further information regarding this request, click Modify license file.

8. On the Confirm page, click Yes, and create a license file.

9. On the download page, select Download license file.

10. Sign in to the new Citrix Virtual Apps server.

11. Open Citrix Studio Console, select Configuration, and select Licensing.

12. On the Licensing page, select Add Licenses.

13. Select the license file, and click Open.

14. On the Confirm page, select Yes.

15. If happen error, you need to use the reallocate License method.

16. Sign in Citrix portal.

17. Select Manage Licenses.

18. On the Manage my licenses page, select View all licenses.

19. Select the Citrix Virtual Apps license that you would like to assign to another server.

20. Select the License, drop-down Select an action, click Return allocations.

21. On the Return all licenses page, drop-down Select a Reason, click Contract allows for rehosting.

22. Select By checking this box, I undertake, on behalf of the license owner, to promptly destroy Returned or Modified licenses and all copies thereof. I acknowledge that licenses may only be loaded on a single license server, appliance or instance in accordance with the Citrix End User License Agreement (EULA), unless otherwise agreed between Citrix and the license owner in writing, I confirm that the information provided in this form is true and accurate and that I am authorized to submit this form and to provide these undertakings on behalf of the license owner. I understand that Citrix reserves its rights generally including under the EULA and its right to audit compliance. I agree that Citrix may contact me at the email address provided in this form to confirm its accuracy and to obtain further information regarding this request, click Yes, and process the return.

23. On the Return all licenses page, click Close windows.

24. On the product page, write down the License access cod, you will need it later to allocate licenses.

25. login to the new Citrix server, and open Citrix Studio.

26. On the Citrix Studio page, expand Configuration and select Licensing.

27. On the Licensing page, select Allocate Licenses.

28. On the Allocate Licenses page, enter the License access code and click Show.

29. On the Allocate Licenses page, select the product and click Allocate licenses.

30. Make sure add licenses succeeded.

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

Web Site: carysun.com

Blog Site: checkyourlogs.net

Blog Site: gooddealmart.com

How to install Veeam Backup for Microsoft 365 v6.0 Cumulative Patches P20220413

Veeam Backup for Microsoft 365 v6 cumulative patches P20220413 Released on May 5, 2022. This cumulative patch includes the new features, enhancements, and fixes for the original V6 builds.

Improvements & Enhancements:

  • SharePoint restore session initiated from the Backup Job context menu now establishes a connection to the Backup Server faster.
  • Veeam Explorer for OneDrive now loads the list of protected OneDrive Accounts faster.
  • Veeam Explorer for SharePoint now explores backups stored in an Object Storage Repository faster.
  • Retrieve Backup Copy Wizard now populates the list of available SharePoint sites faster.
  • The request: (GET) /v6/BackupRepositories/{repositoryId}/SiteData now executes faster.

Resolved Issues:

Upgrade

  • Attempt to upgrade a Backup Repository that is extended to Object Storage may fail with the error:

JetError -1504, JET_errNullInvalid, Null not valid

  • Under certain conditions, upgrading to Veeam Backup for Microsoft 365 6.0.0.367 may fail with the error:

Failed to install the product. An error occurred. See log for details.

This error may still occur, but the primary bug causing this has been resolved.

  • Attempting to upgrade to Veeam Backup for Microsoft 365 6.0.0.367 via the Upgrade wizard may fail with the error:

Certificate verification failed: Certificate is not valid.

General

  • High CPU usage by the Veeam.Archiver.Service after upgrading to Veeam Backup for Microsoft 365 6.0.0.367.
  • When the Snapshot-Based Retention is set for far less than the time since the last backup, and there was only a restore point in the previous year, retention may mistakenly delete that old SharePoint and OneDrive backup point from a Jet-based repository when the next year comes.

(This specific configuration scenario is exceedingly rare.)

  • The creation of the log folder for a data migration job fails if migrated object name includes special characters.
  • In rare situations, if a mailbox backed up to a Jet-based repository included some data with a modification timestamp in the future (a pretty rare issue for Exchange items), when the snapshot-level retention starts on 01/01/ХХХХ at 00:00 UTC, it may mistakenly delete Exchange data.
  • After upgrading to Veeam Backup for Microsoft 365 6.0.0.367, when the “Suppress notifications until the last retry” option is enabled, the email notifications only include information about the final backup job retry. Now the information from all retries is included.

Attempt to add or edit an organization belonging to the China region and using Modern App-Only Authentication fails with the error:

Configure Azure AD application: Failed to get Microsoft Graph resource ID. Application is missing required permissions: Sites.Read.All

Backup and backup copy

  • In Hybrid organizations, the on-premises Exchange mailboxes are skipped from processing after upgrade to Veeam Backup for Microsoft 365 6.0.0.367.
  • SharePoint backup to an Object Storage Repository may fail with the error:

Blob synchronization failed: Unspecified error.

  • Teams backup for organizations within the GCC High region fail with the error:

Failed to process team: {%name%}. Invalid $select properties. The remote server returned an error: (400) Bad Request.

  • Backup Copy job transfers partially backed up SharePoint item’s attachments.
  • After Object Storage Repository synchronization, a Full backup is performed of Teams posts even though the posts already exist in a repository.

Restore

  • In Veeam Explorer for Microsoft Exchange, advanced search on Object Storage Repositories may fail with the error:

Object reference not set to an instance of an object

  • Exploring older OneDrive backups from an Object Storage Repository may fail with the error:

Object reference not set to an instance of an object

  • Opening an attachment from the SharePoint item history within backups stored in an archive tier repository fails with the error:

Non-negative number required.

  • After completing a Teams restore that involved exporting Teams files, temporary folders with files are not cleaned from the default location.
  • Exploring SharePoint data retrieved from an archive tier repository may fail with the error:

Operation timeout exceeded

REST APIs

  • In organizations using Modern App-Only Authentication, parsing of REST request parameters is incorrect when resource and equipment mailboxes have special characters in their display names.

PowerShell

  • Teams objects are not added to an existing backup using the Set-VBOJob and the New-VBOBackupItem cmdlets.
  • Information on SharePoint data retrieval is displayed incorrectly when using the Get-VBORestorePoint cmdlet with the parameter IsRetrieved.

1.Login to Veeam Backup for Microsoft 365 Manager server.

2.Veeam Backup for Microsoft 365 6.0 Cumulative Patches P20220413 installation package (You need to sign in).

3. Open Veeam Backup for Microsoft 365 console.

4. Verify the existing Veeam Backup for Microsoft 365 version from Veeam Backup for Microsoft 365 console (Help |Abut), please confirm you are running Veeam Backup for Microsoft 365 build 6.0.0.367 prior to installing this cumulative patch P20220413.

5.Make sure all jobs are successfully, and then disable them, close console.

6.Mount the Veeam.Backup365_6.0.0.379_P20220413.iso file, run Veeam.Setup.exe.

7. Click Yes on User Account Control page.

8. On the Veeam Backup for Microsoft 365 Installation Wizard page. Click Update.

9.On the information page, make sure your hosts meet the new system requirements, click OK.

10. On the License Agreement page, click I Accept.

11.Make sure the Veeam Back for Microsoft manager server meet the minimum system requirements, click Next.

12.On the Ready to Install page, click Install.

13.Make sure installed successfully, click Finish.

14.Open Veeam Backup for Microsoft 365 console.

15.Verify the new Veeam Backup for Microsoft 365 version from Veeam Backup for Microsoft 365 console (Help |Abut), please confirm you are running Veeam Backup for Microsoft 365 build 6.0.0.379.

16.Enable all jobs.

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

Web Site: carysun.com

Blog Site: checkyourlogs.net

Blog Site: gooddealmart.com

How to add Backup Proxy Servers for Veeam Backup for Microsoft 365 v6

Veeam Backup for Microsoft 365 use backup proxy servers to leverage network when backup or restore data. The Veeam Backup for Microsoft 365 manager server is the default local backup proxy server.

SYSTEM Requirements

The detail information as following link.

System Requirements – Veeam Backup for Microsoft 365 Guide

Firewall Open Ports Requirements

The detail information as following link.

Used Ports – Veeam Backup for Microsoft 365 Guide

1.Login to Veeam Backup for Microsoft 365 Manager server.

2.Open Veeam Backup for Microsoft Office 365 console.

3.On the Veeam Backup for Microsoft Office 365 console page, select Backup Infrastructure.

4.On the Backup Infrastructure page, right-click Backup Proxies, select Add backup proxy.

5.In the Host field, enter a DNS name or IP address of a computer that you want to use as a backup proxy server, select Use domain network, click Next.

6.On the Specify credentials to connect to the proxy server page, select Use the following account, enter the user name and password, click Next. The account must be a member of the Local Administrator group.

7.Please double check the Windows firewall settings for opening used ports requirements if it happened Network path not found or invalid credentials supplied error. The detail information as below link.

https://helpcenter.veeam.com/docs/vbo365/guide/vbo_used_ports.html?ver=60

8.Click Finish.

9.Click No on the create a repository for this proxy page.

10.Verify the Backup proxy server had been added.

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

Web Site: carysun.com

Blog Site: checkyourlogs.net

Blog Site: gooddealmart.com

How to add organization with Basic Authentication at Veeam Backup for Microsoft 365

You are required to provide a username and password to authenticate to your Microsoft 365 organization if you add an organization using the basic authentication method.

I won’t recommend adding organization with basic authentication, Microsoft announced that effective October 1, 2022, we will begin disabling Basic authentication for Outlook, EWS, RPS, POP, IMAP, and EAS protocols in Exchange Online. SMTP Auth will also be disabled if it is not being used.

Backup account permissions requirements:

When you add Microsoft 365 organization using basic authentication, you use Veeam Backup account. Also you use Veeam Backup account for on-premises Microsoft Exchange and on-premises Microsoft SharePoint organizations.

To provide Veeam Backup for Microsoft 365 with the ability to work with Microsoft Exchange organizations, Microsoft SharePoint and OneDrive for Business organizations, and protect Microsoft Teams data, you must grant the requirement permissions to the Veeam Backup account.

Microsoft Exchange Organizations permissions requirement:

  • The account you are using to add an organization must be a member of this organization
  • The account you are using to add an organization is not required to have a mailbox in such an organization
  • If you are backing up public folder mailboxes, the Veeam Backup account must have a valid Exchange Online license and an active mailbox within the Microsoft 365 organization
Role Description
Role Management Required to grant the ApplicationImpersonation role.
ApplicationImpersonation Required to back up Exchange data.
Organization Configuration Required to manage role assignments.
View-Only Configuration Required to obtain necessary configuration parameters.
View-Only Recipients Required to view mailbox recipients.
Mailbox Search or Mail Recipients Required to back up groups.
Owner Required to backup/restore public folders.

Microsoft SharePoint and OneDrive for Business permissions requirement:

  • On-Premises Microsoft SharePoint Organizations
Role Description Misc.
Site Collection Administrator Required to back up Microsoft SharePoint Sites. The account must be a member of the Farm Administrator group.
  • Microsoft SharePoint Online Organizations
Role Description Misc.
SharePoint Admin Required to back up Microsoft SharePoint Sites. You can assign the Global Admin role that overrides these roles.
View-only Configuration Required to get a list of available groups and users.
View-Only Recipients

  • Microsoft Teams
    • The account must have a Microsoft 365 license that permits access to Microsoft Teams API. The minimum sufficient license is Microsoft Teams Exploratory experience
    • The account must have the Team Administrator role assigned

Note:

  • In case you add an organization in Veeam Backup for Microsoft 365 using the modern authentication method with legacy protocols allowed, and specify different accounts to connect to Microsoft Exchange and Microsoft SharePoint, the required license and role must be assigned to the account used to connect to Microsoft SharePoint.
  • When backing up Microsoft Teams data in an organization added using the basic authentication, Veeam Backup for Microsoft 365 at first adds a service account to every team and then removes it.

The detail permissions requirement as link.

https://helpcenter.veeam.com/docs/vbo365/guide/permissions_veeam_backup_account.html?ver=60

Azure AD Application Permissions requirement

  • Permissions for Modern Authentication and Legacy Protocols

1.Login to Veeam Backup for Microsoft 365 Manager server.

2.Open PowerShell as Administrator.

3.In a PowerShell window, run below command, type Y and then press Enter.

Set-ExecutionPolicy RemoteSigned

4.Run below command, type Y and then press Enter.

Install-Module -Name PowerShellGet -Force

5.Run below command to make sure the module is up to dat, type Y and then press Enter.

Update-Module -Name PowerShellGet

Assign Exchange Online permissions to backup service account

6.Run below command to install the latest Exchange Online PowerShell Module, type Y and then press Enter.

Install-Module -Name ExchangeOnlineManagement

7.Run below commands to load the EXO V2 module.

Import-Module ExchangeOnlineManagement

8.Run below commands to connect to ExchangeOnline.

Connect-ExchangeOnline -UserPrincipalName navin@contoso.com.

9.On the sign-in window that opens, enter your password, and then click Sign in.

10.Select your verification Method.

11.Enter the code, click Verify.

12.Run the following cmdlet to grant ApplicationImpersonation role for backup account.

New-ManagementRoleAssignment –Role ApplicationImpersonation –User user.name@domain.com

13.If it happened error message as below, you need to run following command first and then re-run above command.

Enable-OrganizationCustomization

14.Run Below command to obtain the list of users whom the ApplicationImpersonation role has already been granted.

Get-ManagementRoleAssignment -Role "ApplicationImpersonation"

15.Run the following cmdlet to grant Role Management role for backup account.

New-ManagementRoleAssignment –Role "Role Management" –User user.name@domain.com

16.Run Below command to obtain the list of users whom the Role Management role has already been granted.

Get-ManagementRoleAssignment -Role "Role Management"

17.Run the following cmdlet to grant Organization Configuration role for backup account.

New-ManagementRoleAssignment –Role "Organization Configuration" –User user.name@domain.com

18.Run Below command to obtain the list of users whom the Organization Configuration role has already been granted.

Get-ManagementRoleAssignment -Role "Organization Configuration"

19.Run the following cmdlet to grant View-Only Configuration role for backup account.

New-ManagementRoleAssignment –Role "View-Only Configuration" –User user.name@domain.com

20.Run Below command to obtain the list of users whom the View-Only Configuration role has already been granted.

Get-ManagementRoleAssignment -Role "View-Only Configuration"

21.Run the following cmdlet to grant View-Only Recipients role for backup account.

New-ManagementRoleAssignment –Role "View-Only Recipients" –User user.name@domain.com

22.Run Below command to obtain the list of users whom the View-Only Recipient role has already been granted.

Get-ManagementRoleAssignment -Role "View-Only Recipients"

23.Run the following cmdlet to grant Mailbox Search role for backup account.

New-ManagementRoleAssignment –Role "Mailbox Search" –User user.name@domain.com

24.Run Below command to obtain the list of users whom the Mailbox Search role has already been granted.

Get-ManagementRoleAssignment -Role "Mailbox Search"

25.if you are using public folder and would like to backup/restore public folders, you need to assign Owner role to folder permission of public folder.

26.Sign in office365 with global admin account, open office 365 admin center.

27.On the Microsoft 365 admin center page, select Exchange.

28.In the Exchange admin center (EAC), navigate to Public folders.

29.In the list view, select the public folder.

30.In the details pane, under Folder permissions, click Manage.

31.In Public Folder Permissions, click Add +.

32.Click Browse to select a user (backup service account, in my case is VBOBK)

33.In the Permission level list, select a level. At least one user should be an Owner.

34.Click Save.

35.To protect your Microsoft 365 organization data properly when you add an organization using either modern authentication with legacy protocols allowed or basic authentication, Run below commands to create a new authentication policy with the AllowBasicAuthPowershell and AllowBasicAuthWebService parameters enabled for the Veeam Backup account.

New-AuthenticationPolicy -Name "Allow Basic Auth"

Set-AuthenticationPolicy -Identity "Allow Basic Auth" -AllowBasicAuthPowershell

Set-AuthenticationPolicy -Identity "Allow Basic Auth" -AllowBasicAuthWebService

Set-User -Identity <VeeamBackupAccount> -AuthenticationPolicy "Allow Basic Auth"

36.Run below command to back up public folder mailboxes correctly, enable the AllowBasicAuthAutodiscover parameter for the created authentication policy.

Set-AuthenticationPolicy -Identity “Allow Basic Auth” -AllowBasicAuthAutodiscover

Assign SharePoint Online Permissions to backup service account

37.Run below command to install the latest SharePoint Online PowerShell Module, type Y and then press Enter.

Install-Module -Name Microsoft.Online.SharePoint.PowerShell

38.Run below command to make sure the module is up to dat, type Y and then press Enter.

Update-Module -Name Microsoft.Online.SharePoint.PowerShell

39.Run below commands to connect to SharePoint Online.

Connect-SPOService -Url https://<your tenant id>-admin.sharepoint.com/

40.On the sign-in window, enter the account name, and then click Next.

41.On the Enter Password window, enter password of the account, and then click Sign in.

42.Select your verification Method.

43.Enter the code, click Verify,

44.Run below command to add Microsoft SharePoint Online organizations, make sure that the LegacyAuthProtocolsEnabled setting is enabled.

Set-SPOTenant -LegacyAuthProtocolsEnabled $True

45.Run below command to install the Azure AD Module, type Y and then press Enter..

Install-Module MSOnline

46.Run below commands to connect to Azure AD service.

Connect-MsolService

47.On the sign-in window, enter the account name, and then click Next.

48.On the Enter Password window, enter password of the account, and then click Sign in.

49.Select your verification Method.

50.Enter the code, click Verify,

51.Run below commands to grant the SharePoint Administrator role to backup account (for Microsoft SharePoint Online organizations).

$role=Get-MsolRole -RoleName "SharePoint Administrator"

$accountname="example@domain.com"

Add-MsolRoleMember -RoleMemberEmailAddress $accountname -RoleName $role.Name

Assign Teams Online Permissions to backup service account

52.Run below commands to grant the Teams Administrator role to backup account (for Microsoft Teams Online organizations).

$role=Get-MsolRole -RoleName "Teams Administrator"

$accountname="example@domain.com"

Add-MsolRoleMember -RoleMemberEmailAddress $accountname -RoleName $role.Name

Add Organization for Veeam Backup for Microsoft Office 365 with Basic Authentication

1.Open Veeam Backup for Microsoft Office 365 console.

2.On the Veeam Backup for Microsoft Office 365 console page, right-click Organizations, select Add organization.

3.On the Organization deployment type, select Microsoft 365 as organization type, select all services as you want to protect, click Next.

4.On the Microsoft 365 connection settings page, select Default as Region, select the Basic Authentication, click Next.

5.On the Exchange Online credentials page, enter user name and password, click Next.

6.On the Verifying connection and organization parameters page, make sure each connections with issues, click Finish.

7.Verify the Office 365 organization add successfully.

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

Web Site: carysun.com

Blog Site: checkyourlogs.net

Blog Site: gooddealmart.com

How to add organizations with Modern Authentication and Legacy Protocols at Veeam Backup for Microsoft 365

You will use both Veeam Backup account and Azure AD application for authentication if you add an organization using the modern authentication method with legacy protocols allowed. Veeam Backup for Microsoft 365 uses Veeam Backup account and an application to establish a connection to your Microsoft 365 organizations with disabled security defaults and maintain data transfer during backup and restore sessions.

Backup account permissions requirements:

When you add Microsoft 365 organization using basic authentication, you use Veeam Backup account. Also you use Veeam Backup account for on-premises Microsoft Exchange and on-premises Microsoft SharePoint organizations.

To provide Veeam Backup for Microsoft 365 with the ability to work with Microsoft Exchange organizations, Microsoft SharePoint and OneDrive for Business organizations, and protect Microsoft Teams data, you must grant the requirement permissions to the Veeam Backup account.

Microsoft Exchange Organizations permissions requirement:

  • The account you are using to add an organization must be a member of this organization
  • The account you are using to add an organization is not required to have a mailbox in such an organization
  • If you are backing up public folder mailboxes, the Veeam Backup account must have a valid Exchange Online license and an active mailbox within the Microsoft 365 organization

Microsoft SharePoint and OneDrive for Business permissions requirement:

  • On-Premises Microsoft SharePoint Organizations
Role Description Misc.
Site Collection Administrator Required to back up Microsoft SharePoint Sites. The account must be a member of the Farm Administrator group.
  • Microsoft SharePoint Online Organizations
Role Description Misc.
SharePoint Admin Required to back up Microsoft SharePoint Sites. You can assign the Global Admin role that overrides these roles.
View-only Configuration Required to get a list of available groups and users.
View-Only Recipients
  • Microsoft Teams
    • The account must have a Microsoft 365 license that permits access to Microsoft Teams API. The minimum sufficient license is Microsoft Teams Exploratory experience
    • The account must have the Team Administrator role assigned

Note:

  • In case you add an organization in Veeam Backup for Microsoft 365 using the modern authentication method with legacy protocols allowed, and specify different accounts to connect to Microsoft Exchange and Microsoft SharePoint, the required license and role must be assigned to the account used to connect to Microsoft SharePoint.
  • When backing up Microsoft Teams data in an organization added using the basic authentication, Veeam Backup for Microsoft 365 at first adds a service account to every team and then removes it.

The detail permissions requirement as link.

https://helpcenter.veeam.com/docs/vbo365/guide/permissions_veeam_backup_account.html?ver=60

Azure AD Application Permissions for Modern Authentication and Legacy Protocols requirement

All listed permissions are of the Application type and required for data backup

1.Login to Veeam Backup for Microsoft 365 Manager server.

2.Open PowerShell as Administrator.

3.In a PowerShell window, run below command, type Y and then press Enter.

Set-ExecutionPolicy RemoteSigned

4.Run below command, type Y and then press Enter.

Install-Module -Name PowerShellGet -Force

5.Run below command to make sure the module is up to dat, type Y and then press Enter.

Update-Module -Name PowerShellGet

Assign Exchange Online permissions to backup service account

6.Run below command to install the latest Exchange Online PowerShell Module, type Y and then press Enter.

Install-Module -Name ExchangeOnlineManagement

7.Run below commands to load the EXO V2 module.

Import-Module ExchangeOnlineManagement

8.Run below commands to connect to ExchangeOnline.

Connect-ExchangeOnline -UserPrincipalName navin@contoso.com.

9.On the sign-in window that opens, enter your password, and then click Sign in.

10.Select your verification Method.

11.Enter the code, click Verify.

12.Run the following cmdlet to grant ApplicationImpersonation role for backup account.

New-ManagementRoleAssignment –Role ApplicationImpersonation –User user.name@domain.com

13.If it happened error message as below, you need to run following command first and then re-run above command.

Enable-OrganizationCustomization

14.Run Below command to obtain the list of users whom the ApplicationImpersonation role has already been granted.

Get-ManagementRoleAssignment -Role "ApplicationImpersonation"

15.Run the following cmdlet to grant Role Management role for backup account.

New-ManagementRoleAssignment –Role "Role Management" –User user.name@domain.com

16.Run Below command to obtain the list of users whom the Role Management role has already been granted.

Get-ManagementRoleAssignment -Role "Role Management"

17.Run the following cmdlet to grant Organization Configuration role for backup account.

New-ManagementRoleAssignment –Role "Organization Configuration" –User user.name@domain.com

18.Run Below command to obtain the list of users whom the Organization Configuration role has already been granted.

Get-ManagementRoleAssignment -Role "Organization Configuration"

19.Run the following cmdlet to grant View-Only Configuration role for backup account.

New-ManagementRoleAssignment –Role "View-Only Configuration" –User user.name@domain.com

20.Run Below command to obtain the list of users whom the View-Only Configuration role has already been granted.

Get-ManagementRoleAssignment -Role "View-Only Configuration"

21.Run the following cmdlet to grant View-Only Recipients role for backup account.

New-ManagementRoleAssignment –Role "View-Only Recipients" –User user.name@domain.com

22.Run Below command to obtain the list of users whom the View-Only Recipient role has already been granted.

Get-ManagementRoleAssignment -Role "View-Only Recipients"

23.Run the following cmdlet to grant Mailbox Search role for backup account.

New-ManagementRoleAssignment –Role "Mailbox Search" –User user.name@domain.com

24.Run Below command to obtain the list of users whom the Mailbox Search role has already been granted.

Get-ManagementRoleAssignment -Role "Mailbox Search"

25.if you are using public folder and would like to backup/restore public folders, you need to assign Owner role to folder permission of public folder.

26.Sign in office365 with global admin account, open office 365 admin center.

27.On the Microsoft 365 admin center page, select Exchange.

28.In the Exchange admin center (EAC), navigate to Public folders.

29.In the list view, select the public folder.

30.In the details pane, under Folder permissions, click Manage.

31.In Public Folder Permissions, click Add +.

32.Click Browse to select a user (backup service account, in my case is VBOBK)

33.In the Permission level list, select a level. At least one user should be an Owner.

34.Click Save.

35.To protect your Microsoft 365 organization data properly when you add an organization using either modern authentication with legacy protocols allowed or basic authentication, Run below commands to create a new authentication policy with the AllowBasicAuthPowershell and AllowBasicAuthWebService parameters enabled for the Veeam Backup account.

New-AuthenticationPolicy -Name "Allow Basic Auth"

Set-AuthenticationPolicy -Identity "Allow Basic Auth" -AllowBasicAuthPowershell

Set-AuthenticationPolicy -Identity "Allow Basic Auth" -AllowBasicAuthWebService

Set-User -Identity &lt;VeeamBackupAccount&gt; -AuthenticationPolicy "Allow Basic Auth"

36.Run below command to back up public folder mailboxes correctly, enable the AllowBasicAuthAutodiscover parameter for the created authentication policy.

Set-AuthenticationPolicy -Identity "Allow Basic Auth" -AllowBasicAuthAutodiscover

Assign SharePoint Online Permissions to backup service account

37.Run below command to install the latest SharePoint Online PowerShell Module, type Y and then press Enter.

Install-Module -Name Microsoft.Online.SharePoint.PowerShell

38.Run below command to make sure the module is up to dat, type Y and then press Enter.

Update-Module -Name Microsoft.Online.SharePoint.PowerShell

Assign SharePoint Online Permissions to backup service account

31.Run below commands to connect to SharePoint Online.

Connect-SPOService -Url https://<your tenant id>-admin.sharepoint.com/

32.On the sign-in window, enter the account name, and then click Next.

33.On the Enter Password window, enter password of the account, and then click Sign in.

34.Select your verification Method.

35.Enter the code, click Verify.

36.Run below command to add Microsoft SharePoint Online organizations, make sure that the LegacyAuthProtocolsEnabled setting is enabled.

Set-SPOTenant -LegacyAuthProtocolsEnabled $True

37.Run below command to install the Azure AD Module, type Y and then press Enter..

Install-Module MSOnline

38.Run below commands to connect to Azure AD service.

Connect-MsolService

39.On the sign-in window, enter the account name, and then click Next.

40.On the Enter Password window, enter password of the account, and then click Sign in.

41.Select your verification Method.

42.Enter the code, click Verify.

43.Run below commands to grant the SharePoint Administrator role to backup account (for Microsoft SharePoint Online organizations).

$role=Get-MsolRole -RoleName "SharePoint Administrator"

$accountname="example@domain.com"

Add-MsolRoleMember -RoleMemberEmailAddress $accountname -RoleName $role.Name

Assign Teams Online Permissions to backup service account

1.Run below commands to grant the Teams Administrator role to backup account (for Microsoft Teams Online organizations).

$role=Get-MsolRole -RoleName "Teams Administrator"

$accountname="example@domain.com"

Add-MsolRoleMember -RoleMemberEmailAddress $accountname -RoleName $role.Name

Add Organization for Veeam Backup for Microsoft Office 365 with Modern Authentication and Legacy Protocols

1.Open Veeam Backup for Microsoft Office 365 console.

2.On the Veeam Backup for Microsoft Office 365 console page, right-click Organizations, select Add organization.

3.On the Organization deployment type, select Microsoft 365 as organization type, select all services as you want to protect, click Next.

4.On the Microsoft 365 connection settings page, select Default as Region, select the Modern authentication option and the Allow for using legacy authentication protocols , click Next.

5.On the Exchange Online credentials page, In the Application ID field, specify an identification number of your Azure AD application.

6.To use a secret key, select the Application secret option and enter a secret key in the field, you can obtain a secret key if you created at Certificate & secrets settings of Azure API App.

7.To use a certificate, select the Application certificate option and click Install.

8.On the Select certificate type page, select Select certificate from the Certificate Store of this server, click Next.

9.On the Select certificate, click Finish after selected certificate.

10.In the Username and App password fields, enter the backup service account as Username, enter App password (it’s not user account password) as App password, click Next.

11.On the Verifying connection and organization parameters page, make sure each connections with issues, click Finish.

12.Verify the Office 365 organization add successfully.

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

Web Site: carysun.com

Blog Site: checkyourlogs.net

Blog Site: gooddealmart.com

How to add organization with modern app-only authentication and use an existing Azure AD application at Veeam Backup for Microsoft 365

When you add an organization using the modern app-only authentication method, you are required to provide Azure AD application settings. Please reference following link to create and configure Azure AD Application permissions.

How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365 – CarySun

Veeam Backup for Microsoft 365 uses such an application to establish a connection to your Microsoft 365 organizations with enabled security defaults and maintain data transfer during backup and restore sessions.

With modern app-only authentication, you cannot use Veeam Backup account; only communications through Azure AD application is possible.

Required User Account Roles for Azure AD Applications

Azure AD application uses a user account to log in to Microsoft 365. This user account must be assigned the following roles:

  • Global Administrator — required for adding organizations with modern app-only authentication, creating backup applications, registering Azure AD application for Restore Portal and creating Azure AD application for the Microsoft Azure service account.
  • ApplicationImpersonation and Global Administrator or Exchange Administrator — required for data restore with Veeam Explorer for Microsoft Exchange.
  • Global Administrator or SharePoint Administrator — required for data restore with Veeam Explorer for Microsoft SharePoint and Veeam Explorer for Microsoft OneDrive for Business.
  • Global Administrator or Teams Administrator — required for data restore with Veeam Explorer for Microsoft Teams.
  • Global Administrator — required for establishing a connection to a service provider in the Microsoft 365 Backup as Service scenario.

1.Login to Veeam Backup for Microsoft 365 Manager server.

2.Open Veeam Backup for Microsoft Office 365 console.

3.On the Veeam Backup for Microsoft Office 365 console page, right-click Organizations, select Add organization.

4.On the Organization deployment type, select Microsoft 365 as organization type, select all services as you want to protect, click Next.

5.On the Microsoft 365 connection settings page, select Default as Region, select Modern authentication as authentication method, click Next. Make sure to leave the Allow for using legacy authentication protocols check box cleared. This check box allows you to add an Microsoft 365 organization with disabled security defaults.

6.On the Microsoft 365 connection settings page, select Use a existing Azure AD application automically, click Next.

8.On the Exchange Online credentials page, In the Username field, specify user account as Username.

You can enter any account that belongs to your Microsoft 365 organization using the following format: name@<domain_name>.<domain>. For example, user@abc.com.

Note:

If you select only SharePoint Online and OneDrive for Business services to protect at the Select Organization Deployment Type step, Veeam Backup for Microsoft 365 displays the Specify organization name field instead. In this field, specify a domain name of your Microsoft 365 organization without the user name. For example, abc.com

9.In the Application ID field, specify an identification number of your Azure AD application.

10.In the Application certificate field, click Install.

11.On the Select certificate type page, select Generate a new self-signed certificate, click Next.

When generating a new self-signed certificate, Veeam Backup for Microsoft 365 will register it automatically.

12.On the Generate certificate page, click Finish.

13.Select the Allow this application to enable export mode for SharePoint Web Parts check box to allow Veeam Backup for Microsoft 365 to back up web parts of your Microsoft SharePoint websites, click Next.

Veeam Backup for Microsoft 365 automatically alters the allowexport property of each web part and sets this property to true. After the allowexport property is set to true, a web part can be backed up without any limitations

14.On the Log in Microsoft 365 page, click copy code, click the sign in link.

15.Enter code, click Next.

16.Enter your account name, click Next. Make sure to sign in with the user account that has the Global Administrator role.

15.Enter password, click Sign in.

16.On the sign in confirm page, click Continue.

17.Close sign in window after make sure signed in successfully.

18.On the Log in to Microsoft 365 page, make sure your are authenticated to Microsoft 365, click Next.

19.Make sure connection to be established, click Finish.

20.Verify the Office 365 organization add successfully.

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

Web Site: carysun.com

Blog Site: checkyourlogs.net

Blog Site: gooddealmart.com

How to configure Azure AD Application Permissions for Modern Authentication and Legacy Protocols Authentication of Veeam Backup for Microsoft 365

Veeam Backup for Microsoft 365 Modern Authentication and Legacy Protocols Authentication requires that you grant permissions to Azure AD applications to back up and restore data from/to your Microsoft 365 organizations.

1.Sign in Azure portal with Global Admin account.

2.Search for and select Azure Active Directory.

3.Under Manage, select App registrations.

4.On the App registrations page, select +New registration.

5.On the Register an application page, type VBO365APP as application Name, select Accounts in this organization directory only, click Register.

6.When registration finishes, the Azure portal displays the app registration’s Overview pane. You see the Application (client) ID. Also called the client ID, this value uniquely identifies your application in the Microsoft identity platform, select API permissions.

7.On the Configured permissions page, select +Add permission.

8.On the Request API permissions page, select Microsoft Graph.

9.On the Microsoft Graph page, select Application permissions.

10.On the Select permission page, expend Directory, select Directory.Read.All.

11.On the Select permission page, expend Group, select Group.Read.All.

12.On the Select permission page, expend TeamSettings, select TeamSettings.ReadWrite.All.

13.On the Select permission page, expand Sites, select Sites.Read.All, click Add permissions.

14.On the Configured permissions page, select +Add permission.

15.On the Request API permissions page, select APIs my organization uses.

16.On the API my organization uses page, search and select Office 365 Exchange Online.

17.On the Office 365 Exchange Online page, select Application permissions.

18.On the Select permission page, select full_access_as_app, click Add permissions.

19.On the Configured permissions page, select +Add permission.

20.On the Request API permissions page, select Microsoft APIs, click SharePoint

21.On the SharePoint page, select Application permissions.

22.On the Select permission page, expand Sites, select Sites.FullControl.All.

23.On the Select permission page, expand Users, select User.Read.All, click Add permissions.

24.On the Configured permissions page, click Grant admin consent for domain name (in my case is carysun.com).

25.On the Grant admin consent confirmation page, click Yes.

26.Verify status of all API without warning.

Create Application secrets (Optional)

If you would like to use Application secret on Exchange Online credentials settings of VBO365, you need to create Application secret from Certificate & secrets settings.

1.On the Application page, select Certificates & Security.

2.On the Certificates & secrets page, select Clients secrets.

3.On the Client secrets page, select +New client secret.

4.On the Add a client secret page, enter information for the secret description, select Expires period, click Add.

5.Copy the Value, it will be as the Application secret of VBO settings.

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

Web Site: carysun.com

Blog Site: checkyourlogs.net

Blog Site: gooddealmart.com

How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

When you add organization using the modern app-only authentication method, the permissions for Azure AD applications that are granted automatically by Veeam Backup for Microsoft 365.

Anyway, if you prefer to use a custom application of your own, make sure to grant all the permissions as below.

Permissions for Backup

All listed permissions are of the Application type.

Permissions for Restore

To restore data using Azure AD application, make sure that you configure the Azure AD application settings.

Restore Using Device Code Flow

All listed permissions are of the Delegated type and required for data restore using Veeam Explorers.

Restore Using Application Certificate

All listed permissions are of the Application type and required for data restore using Restore Portal and through REST API and PowerShell.

1.Sign in Azure portal with Global Admin account.

2.Search for and select Azure Active Directory.

3.Under Manage, select App registrations.

4.On the App registrations page, select +New registration.

5.On the Register an application page, type VBO365APP as application Name, select Accounts in this organization directory only, click Register.

6.When registration finishes, the Azure portal displays the app registration’s Overview pane. You see the Application (client) ID. Also called the client ID, this value uniquely identifies your application in the Microsoft identity platform, select API permissions.

7.On the Configured permissions page, select +Add permission.

8.On the Request API permissions page, select Microsoft APIs, select Microsoft Graph.

9.On the Microsoft Graph page, select Application permissions.

10.On the Select permission page, expend Directory, select Directory.Read.All.

11.On the Select permission page, expend Group, select Group.Read.All.

12.On the Select permission page, expend TeamSettings, select TeamSettings.ReadWrite.All.

13.On the Select permission page, expand Sites, select Sites.Read.All, click Add permissions.

14.On the Configured permissions page, select +Add permission.

15.On the Request API permissions page, select APIs my organization uses.

16.On the API my organization uses page, search and select Office 365 Exchange Online.

17.On the Office 365 Exchange Online page, select Application permissions.

18.On the Select permission page, expand Other permissions, select full_access_as_app, click Add permissions.

19.On the Configured permissions page, select +Add permission.

20.On the Request API permissions page, select Microsoft APIs, click SharePoint

21.On the SharePoint page, select Application permissions.

22.On the Select permission page, expand Sites, select Sites.FullControl.All.

23.On the Select permission page, expand Users, select User.Read.All, click Add permissions.

24.On the Configured permissions page, select +Add permission.

25.On the Request API permissions page, select Microsoft APIs, select Microsoft Graph.

26.On the Microsoft Graph page, select Delegated permissions.

27.On the Select permission page, expend Directory, select Directory.Read.All.

28.On the Select permission page, expend Group, select Group.Read.All.

29.On the Select permission page, expand Sites, select Sites.Read.All.

30.On the Select permission page, expand OpenId permissions, select offline_access, click Add permissions.

31.On the Configured permissions page, select +Add permission.

32.On the Request API permissions page, select APIs my organization uses.

33.On the API my organization uses page, search and select Office 365 Exchange Online.

34.On the Office 365 Exchange Online page, select Delegated permissions.

35.On the Select permission page, expand EWS, select EWS.AccessAsUser.All, click Add permissions.

36.On the Configured permissions page, select +Add permission.

37.On the Request API permissions page, select Microsoft APIs, click SharePoint.

38.On the SharePoint page, select Delegated permissions.

39.On the Select permission page, expand AllSites, select AllSites.FullControl.

40.On the Select permission page, expand Users, select User.Read.All, click Add permissions.

41.On the Configured permissions page, select +Add permission.

42.On the Request API permissions page, select Microsoft APIs, select Microsoft Graph.

43.On the Microsoft Graph page, select Application permissions.

44.On the Select permission page, expend Group, select Group.ReadWrite.All, click Add permissions.

45.On the Configured permissions page, click Grant admin consent for domain name (in my case is carysun.com).

46.On the Grant admin consent confirmation page, click Yes.

47.Verify status of all APIs without warning.

Create Application secrets (Optional)

We use specify an SSL certificate that you want to use for data exchange between Veeam Backup for Microsoft 365 and an Azure AD application but If you would like to use Application secret on Exchange Online credentials settings of VBO365, you need to create Application secret from Certificate & secrets settings.

1.On the Application page, select Certificates & Security.

2.On the Certificates & secrets page, select Clients secrets.

3.On the Client secrets page, select +New client secret.

4.On the Add a client secret page, enter information for the secret description, select Expires period, click Add.

5.Copy the Value, it will be as the Application secret of VBO settings.

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

Web Site: carysun.com

Blog Site: checkyourlogs.net

Blog Site: gooddealmart.com

How to configure service account permissions required for Veeam Backup for Microsoft Office 365

You are required to provide a username and password to authenticate to your Microsoft 365 organization if you add an organization using the basic authentication or Modern Authentication and Legacy Protocols method.

I won’t recommend adding organization with basic authentication, Microsoft announced that effective October 1, 2022, they will begin disabling Basic authentication for Outlook, EWS, RPS, POP, IMAP, and EAS protocols in Exchange Online. SMTP Auth will also be disabled if it is not being used.

Backup account permissions requirements:

When you add Microsoft 365 organization using basic authentication, you use Veeam Backup account. Also, you use Veeam Backup account for on-premises Microsoft Exchange and on-premises Microsoft SharePoint organizations.

To provide Veeam Backup for Microsoft 365 with the ability to work with Microsoft Exchange organizations, Microsoft SharePoint and OneDrive for Business organizations, and protect Microsoft Teams data, you must grant the requirement permissions to the Veeam Backup account.

Microsoft Exchange Organizations permissions requirement:

  • The account you are using to add an organization must be a member of this organization
  • The account you are using to add an organization is not required to have a mailbox in such an organization
  • If you are backing up public folder mailboxes, the Veeam Backup account must have a valid Exchange Online license and an active mailbox within the Microsoft 365 organization
Role Description
Role Management Required to grant the ApplicationImpersonation role.
ApplicationImpersonation Required to back up Exchange data.
Organization Configuration Required to manage role assignments.
View-Only Configuration Required to obtain necessary configuration parameters.
View-Only Recipients Required to view mailbox recipients.
Mailbox Search or Mail Recipients Required to back up groups.
Owner Required to backup/restore public folders.

Microsoft SharePoint and OneDrive for Business permissions requirement:

  • On-Premises Microsoft SharePoint Organizations
Role Description Misc.
Site Collection Administrator Required to back up Microsoft SharePoint Sites. The account must be a member of the Farm Administrator group.
  • Microsoft SharePoint Online Organizations
Role Description Misc.
SharePoint Admin Required to back up Microsoft SharePoint Sites. You can assign the Global Admin role that overrides these roles.
View-only Configuration Required to get a list of available groups and users.
View-Only Recipients
  • Microsoft Teams
    • The account must have a Microsoft 365 license that permits access to Microsoft Teams API. The minimum sufficient license is Microsoft Teams Exploratory experience
    • The account must have the Team Administrator role assigned

Note:

  • In case you add an organization in Veeam Backup for Microsoft 365 using the modern authentication method with legacy protocols allowed, and specify different accounts to connect to Microsoft Exchange and Microsoft SharePoint, the required license and role must be assigned to the account used to connect to Microsoft SharePoint.
  • When backing up Microsoft Teams data in an organization added using the basic authentication, Veeam Backup for Microsoft 365 at first adds a service account to every team and then removes it.

The detail permissions requirement as link.

https://helpcenter.veeam.com/docs/vbo365/guide/permissions_veeam_backup_account.html?ver=60

Azure AD Application Permissions requirement

  • Permissions for Modern Authentication and Legacy Protocols
API Permission name Exchange Online SharePoint Online and OneDrive for Business Microsoft Teams Description
Microsoft Graph Directory.Read.All Querying Azure AD for organization properties, the list of users and groups and their properties.
Group.Read.All Querying Azure AD for the list of groups and group sites.
TeamSettings.ReadWrite.All Accessing archived teams.
Sites.Read.All Accessing sites of the applications that are installed from the SharePoint store.
Office 365 Exchange Online full_access_as_app Reading mailboxes content.
SharePoint Sites.FullControl.All Reading SharePoint sites and OneDrive accounts content.
User.Read.All Reading OneDrive accounts (getting site IDs).

1.Login to Veeam Backup for Microsoft 365 Manager server.

2.Open PowerShell as Administrator.

3.In a PowerShell window, run below command, type Y and then press Enter.

Set-ExecutionPolicy RemoteSigned

4.Run below command, type Y and then press Enter.

Install-Module -Name PowerShellGet -Force

5.Run below command to make sure the module is up to dat, type Y and then press Enter.

Update-Module -Name PowerShellGet

Assign Exchange Online permissions to backup service account

6.Run below command to install the latest Exchange Online PowerShell Module, type Y and then press Enter.

Install-Module -Name ExchangeOnlineManagement

7.Run below commands to load the EXO V2 module.

Import-Module ExchangeOnlineManagement

8.Run below commands to connect to ExchangeOnline.

Connect-ExchangeOnline -UserPrincipalName navin@contoso.com.

9.On the sign-in window that opens, enter your password, and then click Sign in.

10.Select your verification Method.

11.Enter the code, click Verify.

12.Run the following cmdlet to grant ApplicationImpersonation role for backup account.

New-ManagementRoleAssignment –Role ApplicationImpersonation –User user.name@domain.com

13.If it happened error message as below, you need to run following command first and then re-run above command.

Enable-OrganizationCustomization

14.Run Below command to obtain the list of users whom the ApplicationImpersonation role has already been granted.

Get-ManagementRoleAssignment -Role "ApplicationImpersonation"

15.Run the following cmdlet to grant Role Management role for backup account.

New-ManagementRoleAssignment –Role "Role Management" –User user.name@domain.com

16.Run Below command to obtain the list of users whom the Role Management role has already been granted.

Get-ManagementRoleAssignment -Role "Role Management"

17.Run the following cmdlet to grant Organization Configuration role for backup account.

New-ManagementRoleAssignment –Role "Organization Configuration" –User user.name@domain.com

18.Run Below command to obtain the list of users whom the Organization Configuration role has already been granted.

Get-ManagementRoleAssignment -Role "Organization Configuration"

19.Run the following cmdlet to grant View-Only Configuration role for backup account.

New-ManagementRoleAssignment –Role "View-Only Configuration" –User user.name@domain.com

20.Run Below command to obtain the list of users whom the View-Only Configuration role has already been granted.

Get-ManagementRoleAssignment -Role "View-Only Configuration"

21.Run the following cmdlet to grant View-Only Recipients role for backup account.

New-ManagementRoleAssignment –Role "View-Only Recipients" –User user.name@domain.com

22.Run Below command to obtain the list of users whom the View-Only Recipient role has already been granted.

Get-ManagementRoleAssignment -Role "View-Only Recipients"

23.Run the following cmdlet to grant Mailbox Search role for backup account.

New-ManagementRoleAssignment –Role "Mailbox Search" –User user.name@domain.com

24.Run Below command to obtain the list of users whom the Mailbox Search role has already been granted.

Get-ManagementRoleAssignment -Role "Mailbox Search"

25.if you are using public folder and would like to backup/restore public folders, you need to assign Owner role to folder permission of public folder.

26.Sign in office365 with global admin account, open office 365 admin center.

27.On the Microsoft 365 admin center page, select Exchange.

28.In the Exchange admin center (EAC), navigate to Public folders.

29.In the list view, select the public folder.

30.In the details pane, under Folder permissions, click Manage.

31.In Public Folder Permissions, click Add +.

32.Click Browse to select a user (backup service account, in my case is VBOBK)

33.In the Permission level list, select a level. At least one user should be an Owner.

34.Click Save.

35.To protect your Microsoft 365 organization data properly when you add an organization using either modern authentication with legacy protocols allowed or basic authentication, Run below commands to create a new authentication policy with the AllowBasicAuthPowershell and AllowBasicAuthWebService parameters enabled for the Veeam Backup account.

New-AuthenticationPolicy -Name "Allow Basic Auth"

Set-AuthenticationPolicy -Identity "Allow Basic Auth" -AllowBasicAuthPowershell

Set-AuthenticationPolicy -Identity "Allow Basic Auth" -AllowBasicAuthWebService

Set-User -Identity &lt;VeeamBackupAccount&gt; -AuthenticationPolicy "Allow Basic Auth"

36.Run below command to back up public folder mailboxes correctly, enable the AllowBasicAuthAutodiscover parameter for the created authentication policy.

Set-AuthenticationPolicy -Identity "Allow Basic Auth" -AllowBasicAuthAutodiscover

Assign SharePoint Online Permissions to backup service account

37.Run below command to install the latest SharePoint Online PowerShell Module, type Y and then press Enter.

Install-Module -Name Microsoft.Online.SharePoint.PowerShell

38.Run below command to make sure the module is up to dat, type Y and then press Enter.

Update-Module -Name Microsoft.Online.SharePoint.PowerShell

39.Run below commands to connect to SharePoint Online.

Connect-SPOService -Url <a href="https://%3cyour">https://&lt;your</a> tenant id&gt;-admin.sharepoint.com/

40.On the sign-in window, enter the account name, and then click Next.

41.On the Enter Password window, enter password of the account, and then click Sign in.

42.Select your verification Method.

43.Enter the code, click Verify,

44.Run below command to add Microsoft SharePoint Online organizations, make sure that the LegacyAuthProtocolsEnabled setting is enabled.

Set-SPOTenant -LegacyAuthProtocolsEnabled $True

45.Run below command to install the Azure AD Module, type Y and then press Enter..

Install-Module MSOnline

46.Run below commands to connect to Azure AD service.

Connect-MsolService

47.On the sign-in window, enter the account name, and then click Next.

48.On the Enter Password window, enter password of the account, and then click Sign in.

49.Select your verification Method.

50.Enter the code, click Verify,

51.Run below commands to grant the SharePoint Administrator role to backup account (for Microsoft SharePoint Online organizations).

$role=Get-MsolRole -RoleName "SharePoint Administrator"

$accountname="example@domain.com"

Add-MsolRoleMember -RoleMemberEmailAddress $accountname -RoleName $role.Name

Configure the App password for backup service account

52.Sign in Office 365 portal with Global Admin account, select Admin.

53.On the Microsoft 365 admin center, expend Users, select Active users.

54.On the Active users page, select Multi-factor authentication.

55.On the multi-factor authentication page, select service settings.

56.On the service settings page, select Allow users to create app password to sign in to non-browser apps, click save and then sign out from office 365 portal.

57.Sign in Office 365 portal with backup service account, select View account.

58.On the My account page, select Security info.

59.On the Security info page, select +Add method.

60.On the Add a Method, select App password, click Add

61.Type VBO365APP as name of App password, click Next.

62.Copy and keep the password in a safe place, It will not be shown again, click Done.

63.Sign out from My account.

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

Web Site: carysun.com

Blog Site: checkyourlogs.net

Blog Site: gooddealmart.com

How to add organization with Modern app-only authentication and register a new Azure AD application automically for Veeam Backup for Microsoft Office 365

When you add an organization using the modern app-only authentication method, you are required to provide Azure AD application settings. Veeam Backup for Microsoft 365 uses such an application to establish a connection to your Microsoft 365 organizations with enabled security defaults and maintain data transfer during backup and restore sessions.

With modern app-only authentication, you cannot use Veeam Backup account; only communications through Azure AD application is possible.

Required User Account Roles for Azure AD Applications

Azure AD application uses a user account to log in to Microsoft 365. This user account must be assigned the following roles:

  •  Global Administrator — required for adding organizations with modern app-only authentication, creating backup applications, registering Azure AD application for Restore Portal and creating Azure AD application for the Microsoft Azure service account.
  • ApplicationImpersonation and Global Administrator or Exchange Administrator — required for data restore with Veeam Explorer for Microsoft Exchange.
  • Global Administrator or SharePoint Administrator — required for data restore with Veeam Explorer for Microsoft SharePoint and Veeam Explorer for Microsoft OneDrive for Business.
  • Global Administrator or Teams Administrator — required for data restore with Veeam Explorer for Microsoft Teams.
  • Global Administrator — required for establishing a connection to a service provider in the Microsoft 365 Backup as Service scenario.

1.Login to Veeam Backup for Microsoft 365 Manager server.

2.Open Veeam Backup for Microsoft Office 365 console.

3.On the Veeam Backup for Microsoft Office 365 console page, right-click Organizations, select Add organization.

4.On the Organization deployment type, select Microsoft 365 as organization type, select all services as you want to protect, click Next.

5.On the Microsoft 365 connection settings page, select Default as Region, select Modern authentication as authentication method, click Next. Make sure to leave the Allow for using legacy authentication protocols check box cleared. This check box allows you to add an Microsoft 365 organization with disabled security defaults.

6.On the Microsoft 365 connection settings page, select Register a new Azure AD application automically, click Next. Veeam Backup for Microsoft 365 requires to provide an application name and certificate to register a new Azure AD application in Azure Active Directory.

7.On the Azure AD application registration page, enter a name that you want to use to register a new Azure AD application in your Azure Active Directory.

8.Click Install to specify an SSL certificate that you want to use for data exchange between Veeam Backup for Microsoft 365 and an Azure AD application.

9.On the Select certificate type page, select Generate a new self-signed certificate, click Next. When generating a new self-signed certificate, Veeam Backup for Microsoft 365 will register it automatically.

10.On the Generate certificate page, click Finish.

11.Select the Allow this application to enable export mode for SharePoint Web Parts check box to allow Veeam Backup for Microsoft 365 to back up web parts of your Microsoft SharePoint websites, click Next. Veeam Backup for Microsoft 365 automatically alters the allowexport property of each web part and sets this property to true. After the allowexport property is set to true, a web part can be backed up without any limitations

12.On the Log in Microsoft 365 page, click copy code, click the sign in link.

13.Enter code, click Next.

14.Enter your account name, click Next. Make sure to sign in with the user account that has the Global Administrator role.

15.Enter password, click Sign in.

16.On the sign in confirm page, click Continue.

17.Close sign in window after make sure signed in successfully.

18.On the Log in to Microsoft 365 page, make sure your are authenticated to Microsoft 365, click Next.

19.Make sure connection to be established, click Finish.

20.Verify the Office 365 organization add successfully.

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

Web Site: carysun.com

Blog Site: checkyourlogs.net

Blog Site: gooddealmart.com

How to Install Veeam Backup for Microsoft Office 365 v6

Veeam released Veeam Backup for Microsoft Office 365 v6 on March 9, 2022, there are lots of new features at this version included Self-Service Restore Portal, Backup copy to low-cost object storage… etc. the detail information as following link.

https://www.veeam.com/whats-new-backup-microsoft-office-365.html

Today, I am going to show you how to install Veeam Backup for Microsoft 365 V6.

System requirements as following link.

System Requirements – Veeam Backup for Microsoft 365 Guide

1.Login to Veeam Backup for Microsoft Office 365 Manager server.

2.Download Veeam backup for Microsoft Office 365 V6 ISO image file. (Sign in required)

https://www.veeam.com/backup-microsoft-office-365-download.html?ad=downloads

3..Mount VBO365 v6 (Veeam.Backup365_6.0.0.367) ISO image file.

4.On the Open File Security Warning page, click Open.

5.Double-click Veeam.Setup.exe.

6.On the User Access Control page, click Yes.

7.On the Veeam Backup for Microsoft 365 page, click Install.

8.Click Veeam Backup for Microsoft 365.

9.On the License Agreement page, click I Accept.

10.On the System Configuration Check page, please make sure the server meets the minimum system requirements.

The detail information as following link.

https://helpcenter.veeam.com/docs/vbo365/guide/vbo_system_requirements.html?ver=60

11.On the Data Location page, click Install.

12.On the Successfully installed page, click Finish.

13.Open Veeam Backup for Microsoft Office 365 console.

14.Click Yes to install license now if you need protect more than 10 users.

15.On the Install license page, click Install.

16.Select license file, click Open.

17.On the Install license page, click OK.

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

Web Site: carysun.com

Blog Site: checkyourlogs.net

Blog Site: gooddealmart.com

How to upgrade to Citrix Virtual Apps 7 2203 LTSR Edition

Citrix released Virtual Apps 7 2203 LTSR on March 23, I am going to show you how to upgrade the existing Citrix Virtual Apps servers to Citrix Virtual Apps 7 2203 LTSR.

1.Sign in your Citrix account from citrix.com.

2. Enter your user name and password, click Sign in.

3. On the Dashboard page, select Downloads.

4. On the Download page, select Citrix Virtual Apps and Desktops (XenApp & XenDesktop).

5. On Citrix Virtual Apps and Desktops (XenApp & XenDesktop) page, select Citrix Virtual Apps and Desktops 7 2203 LTSR, select Product Software, click Citrix Virtual Apps and Desktops 7 2203 LTSR, All Editions.

6.Click Download file.

7. On the Download Agreement page, select I have read and certify that I comply with the above Export Control Laws, click Accept.

8. Save the ISO file to Delivery Controller server and Virtual Delivery Agent Server.

9. Login to Delivery Controller server.

10. Mount the ISO image file.

11.Double-click DVD Drive.

12.On the User Account Control page, click Yes.

13. On the Citrix Virtual Apps 7 2203 LTSR page, click Upgrade Studio and Server Components.

14. On the License Agreement page, select I have read, understand and accept the terms of the license agreement, click Next.

15. On the Ensure a Successful Upgrade page, select I’m ready to continue, click Next.

16. On the Preliminary Tests page, click Start Preliminary Tests.

17. Click Next if there are no issues at Tests result.

18. You can click View Test Report to verify the test results.

19.On the Features page, click Next.

20. On the Firewall page, click Automatically configure firewall rules, click Next.

21. On the Summary page, click Upgrade

22. Click OK on the upgrade confirm page.

23. The server maybe needs to restart several times at upgrade process.

24. On the Diagnostics page, unselect Collect diagnostic information, click Next. You can participate later if need it.

26. On the Finish Installation page, click Finish.

27.Login to Citrix StoreFront Server.

28.Mount ISO image file.

29.Double-click DVD Drive.

30.On the Citrix Virtual Apps 7 2203 LTSR page, click Citrix StoreFront Upgrade available.

31.On the License agreement page, select I accept the terms of this license agreement, click Next.

32.On the Ready to install page, click Install.

33.On the Successfully installed StoreFront page, click Finish.

34.On the Reboot confirmation page, click Yes.

36. Login to VDA server.

37. Mount ISO image file.

38. Double-click DVD Drive.

39.On the User Access Control page, click Yes.

40. On the Citrix Virtual Apps 7 2203 LTSR page, click Virtual Delivery Agent for Windows Multi-session OS Upgrade VDA for Windows multi-session OS.

41. On the Additional Components for Master MCS Image, select the components that you would like to add, click Next.

42. On the Firewall page, click Automatically configure firewall rules, click Next.

43. On the Summary page, click Upgrade.

44. Click OK on the upgrade confirm page.

45.The server needs reboot several times, click Close.

46.On the Diagnostics page, unselect Collect diagnostic information, click Next. You can participate later if need it.

47. On the Finish page, select Restart machine, click Finish.

48. Login to Delivery Control server, open Citrix Studio, click Start the automatic Site Upgrade.

49. On the Upgrading Site page, select I am ready to upgrade, click Upgrade.

50. On the Studio page, make sure Site upgrade complete without issues, click Close.

51. Reboot Both Citrix servers.

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

Web Site: carysun.com

Blog Site: checkyourlogs.net

Blog Site: gooddealmart.com

How to deploy Microsoft Local Administrator Password Solution (LAPS)

Cyberattack is one of the fastest growing crimes in the world, we have seen passwords being leaked regularly, local administrator account is like God of machine, it has superpower to do anything for the machine. A lot of IT guys simply use the same password for all local administrator accounts, the attacker easy access to the whole estate if one machine is breached.

Microsoft LAPS is one of solutions to prevent the issues, The “Local Administrator Password Solution” (LAPS) provides management of local account passwords of domain joined computers. Passwords are stored in Active Directory (AD) and protected by ACL, so only eligible users can read it or request its reset. Today, I am going to show you how to deploy it.

System prerequisites

Supported Operating System

Windows Server 2019, Windows Server 2008, Windows Server 2016, Windows 10, Windows Server 2012 R2, Windows Server 2003, Windows Server 2008 R2, Windows Server 2012, Windows 7, Windows 8, Windows Vista, Windows 8.1, Windows Server 2022

Active Directory: (requires AD schema extension)

• Windows 2003 SP1 or later.

Managed machines:

• Windows Server 2003 SP2 or later, or Windows Server 2003 x64 Edition SP2 or later.

Note: Itanium-based machines are not supported.

Management tools:

• .NET Framework 4.0

• PowerShell 2.0 or later

1.login to LAPS Management Server, download Microsoft LAPS Package from https://www.microsoft.com/en-us/download/details.aspx?id=46899

2.On the Choose the download you Want page, select LAPS.x64.msi, click Next.

3.Login to the target computers which will update the local administrator password.

4.Run LAPS.x64.msi file. (You need to run this as administrator).

5.On the Welcome page, click Next.

6.On the End-User License Agreement page, select I accept terms in the License Agreement, click Next.

7.On the Custom Setup page, deselect AdmPwd GPO Extension and select Management Tools. If you also managing the local administrator account of the management server, you also need to install AdmPwd GPO Extension. In my case, I am installing it in a Domain controller so I do not need it.

8.Click Next.

9.On the Ready to install Local Administrator Password Solution page, click Install.

10.On the Completed page, click Finish.

Once this is done, we need to Active Directory schema to support Microsoft LAPS

11.Open PowerShell as Active Directory Schema Administrator.

12.Run below cmdlet.

Import-module AdmPwd.PS

13.Run below cmdlet to update the schema.

Update-AdmPwdADSchema

14.Verify two new attributes in the computer object after schema update.

ms-Mcs-AdmPwd – Save the administrator password in clear text.

ms-Mcs-AdmPwdExpirationTime – Save the timestamp of password expiration.

These values will be updated once we finish the rest of the configuration.

During the password update process, the computer object itself should have permission to write values to ms-Mcs-AdmPwd and ms-Mcs-AdmPwdExpirationTime attributes. To do that we need to grant permissions to SELF built-in account.

15.Open PowerShell as Domain Administrator.

16.Run below cmdlet to change computer object permissions.

Set-AdmPwdComputerSelfPermission -OrgUnit Servers

Servers is the OU I created for all the machine objects.

17.Creating a new security group and assign users as member of this group, the users of this security group have permissions to view the passwords for local administrators.

18.Before we assign permissions, run below cmdlet to see who had privileges to view the passwords by default.

Import-module AdmPwd.PS

Find-AdmPwdExtendedRights -Identity Servers

We noticed extended permissions are only applied to the Domain Admins group. It means a local administrator password for a computer object in Servers OU, can only access by a domain admin account.

19.Run below cmdlet to add extended permissions to LAPSAdmins security group.

Set-AdmPwdReadPasswordPermission -Identity Servers -AllowedPrincipals LAPSAdmins

20.Run below cmdlet to verify extended permissions to LAPSAdmins security group.

Find-AdmPwdExtendedRights -Identity Servers | fl

21.Creating a GPO to install LAPS agent software in managed computers.

22.Log in to Domain Controller.

23.Open Group Policy Management.

24.On the Group Policy Management console, right-click Group Policy Objects, select New.

25.Type LAPS Software Install as the new gpo name, click OK.

26.On the Contents page, right-click LAPS Software Install gpo, select Edit.

27.Go to Computer Configuration, then Policies, and then Software settings, right-click Software installation, select New and click Package.

28.On the Open page, type \\Cgy-dc02\laps\LAPS.x64.msi as File name, click Open.

29.On the Deploy Software page, select Assigned, click OK.

30.Go to Computer configuration, then Administrative Templates, and then LAPS.

31.Double click on Password Settings.

32.On the Password Settings page, select Enabled, you can define password complexity settings and password age at Options, click on OK.

33.Double click on the Do not allow password expiration time longer than required by policy.

34.On the Do not allow password expiration time longer than required by policy, select Enabled, click OK.

35.Double click on the Enable local admin password management.

36.On the Enable local admin password management page, select Enabled, click OK.

37Double click on the Name of administrator account to manage.

38.on the Name of administrator account to manage page, select Enable, enter admin as Administrator account name, click OK.

39.Close the Group Policy Management Editor.

40.On the Group Policy Management Console, right-click Servers OU, select Link an Existing GPO.

41.On the Select GPO page, select LAPS Software Install, click OK.

42.Close Group Policy Management console, this will push agents to the Computers under Servers OU. The installation is required a reboot on the computers to complete the installation.

43.Login to member server of Servers OU, reboot the machine or run gpupdate.

44.Verify LAPS agent installed.

45.Login tp domain controller (LAPS manager server) as a member of LAPSAdmins group.

46.Open LAPS UI.

45.Type the computer name (member of Server OU), click Search.

46.You will notice LAPS changed the password of the local administrator account.

47.You also can run below PowerShell cmdlet to retrieve the local administrator password.

Get-AdmPwdPassword -ComputerName CGY-RDSCB01 |fl

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

Web Site: carysun.com

Blog Site: checkyourlogs.net

Blog Site: gooddealmart.com

How to fix upgrade Veeam backup & Replication failed –Error 1327.Invalid Drive

If it happened Error 1327.Invalid Drive when you tried to upgrade Veeam Backup & Replication to 11a, don’t panic, this is likely caused by a stale registry entry for the Veeam server. In my case, the Veeam server had a F drive but removed it long time ago. My error message is Error 1327.Invalid Drive F: and upgrade failed.

Today, I am going to show you how to fix it.

1.login to Veeam management server.

2.
Right-click Start , then select Run. Type regedit in the Open: box, and then select OK.

3. check the following registry path on the Veeam server. HKEY_LOCAL_MACHINE\Software\Veeam\Veeam Backup and Replication\ as well as HKEY_LOCAL_MACHINE\Software\Wor6432Node\Veeam, do either of these paths show the F drive? Likely it will be the VBR catalog folder in my case.

4.Right-click CatalogPath, select Modify.

5.Change the Value data from F:\VBRCatalog to C:\VBRCatalog, click OK.

6.Re-run upgrade again, the error message should be gone.

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

Web Site: carysun.com

Blog Site: checkyourlogs.net

Blog Site: gooddealmart.com

How to delete a protected OU of Active Directory

Today, I am going to show you how to delete a protected OU of Active Directory.

1.Log on to the computer as a member of the Domain Admins group.

2.Open Active Directory Users and Computers

3.Click View, and then click Advanced Features

4. Right-click the OU, and then select Properties.

5.In OU Properties, click the Object.

6.Unselect Protect object from accidental deletion, click OK.

7.Right-click the OU, and then select Delete.

8.On the Active Directory Domain Service warning page, click Yes.

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

Web Site: carysun.com

Blog Site: checkyourlogs.net

Blog Site: gooddealmart.com

How to upgrade PHP version for Azure Web App

1.Open Cloud Shell

2.Run the following command to show the current PHP version.


az webapp config show --resource-group <resource-group-name> --name <app-name> --query phpVersion

3.Run the following command to show all supported PHP versions.


az webapp list-runtimes | grep php

4.Run the following command to set the PHP version to 7.4.


az webapp config set --resource-group <resource-group-name> --name <app-name> --php-version 7.4

5.Run the following command to show the current PHP version.


az webapp config show --resource-group <resource-group-name> --name <app-name> --query phpVersion

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

Web Site: carysun.com

Blog Site: checkyourlogs.net

Blog Site: gooddealmart.com

How to upgrade to Citrix Virtual Apps 7 2109

Today, I am going to show you how to upgrade the existing Citrix Virtual Apps servers to Citrix Virtual Apps 7 2109.

1.Sign in your Citrix account from citrix.com.

2. Enter your user name and password, click Sign in.

3. On the Dashboard page, select Downloads.

4. On the Download page, select Citrix Virtual Apps and Desktops (XenApp & XenDesktop).

5. On Citrix Virtual Apps and Desktops (XenApp & XenDesktop) page, select Citrix Virtual Apps and Desktops 7 2109, select Product Software, click Citrix Virtual Apps and Desktops 7 2109, All Editions.

6.Click Download Rile.

7. On the Download Agreement page, select I have read and certify that I comply with the above Export Control Laws, click Accept.

8. Save the ISO file to Delivery Controller server and Virtual Delivery Agent Server.

9. Login to Delivery Controller server.

10. Mount the ISO image file.

11.Double-click DVD Drive.

12.On the User Account Control page, click Yes.

13. On the Citrix Virtual Apps 7 page, click Upgrade Studio and Server Components.

14. On the License Agreement page, select I have read, understand and accept the terms of the license agreement, click Next.

15. On the Ensure a Successful Upgrade page, select I’m ready to continue, click Next.

16.On the Unsupported Features and Platforms page, select I understand the risk of upgrading a deployment that has unsupported features or platforms, Click Next.

17. On the Preliminary Tests page, click Start Preliminary Tests.

18. Click Next if there are no issues at Tests result.

19.You can click View Test Report to verify the test results.

20. On the Firewall page, click Automatically configure firewall rules, click Next.

21. On the Summary page, click Upgrade.

22. Click OK on the upgrade confirm page.

23. The server needs to restart at upgrade process.

24. On the Diagnostics page, unselect Collect diagnostic information, click Next. You can participate later if need it.

25. On the Finish Installation page, click Finish.

26. Login to VDA server.

27. Mount iso image file.

28. Double-click DVD Drive.

29. On the Citrix Virtual Apps 7 page, click Virtual Delivery Agent for Windows Multi-session OS Upgrade VDA for Windows multi-session OS.

30.On the Additional Components for Master MCS Image, select the components that you would like to add, click Next. In my case, select VDA upgrade Agent.

31. On the Firewall page, click Automatically configure firewall rules, click Next.

32.On the Summary page, click Upgrade.

33.On the VDA “Component AppDisks Plug-in” is installed. Click OK to allow removal of that component and continuation of the VDA upgrade page, click OK.

34. Click OK on the upgrade confirm page.

35. The server needs to restart at upgrade process.

36. On the Diagnostics page, unselect Collect diagnostic information, click Next. You can participate later if need it.

37.On the Finish page, select Restart machine, click Finish.

38.Login to Delivery Control server, open Citrix Studio, click Start the automatic Site Upgrade.

39. On the Upgrading Site page, select I am ready to upgrade, click Upgrade.

40. On the Studio page, make sure Site upgrade complete without issues, click Close.

41. Reboot Both Citrix servers.

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

Web Site: carysun.com

Blog Site: checkyourlogs.net

Blog Site: gooddealmart.com

How to replace SQL Server Express LocalDB for Citrix Virtual Apps server

If you would like to upgrade Citrix Virtual Apps server from Citrix Virtual Apps 7 1912 LTSR version to the newer version, it might happen error messages “We cannot determine which SQL Server version is current installed” and “The SQL Server LocalDB version is lower than the minimum supported version”.

This is because the server was upgrade from XenApp to Virtual Apps, the SQL Server Express version is 2014.

As we know, the SQL Express 2014 is not longer support after Virtual Apps 7 1912 LTSR version.

Today, I am going to show you how to replace SQL Server Express LocalDB to the newest version.

1.Login to Virtual Apps delivery Controller server.

2.Download Microsoft SQL Server 2019 Express via below link.

https://www.microsoft.com/en-us/download/details.aspx?id=101064

3.Run SQL2019-SSEI-Expr.exe file.

4.On the User Account Control page, click Yes.

5.On the Select an installation type page, click Basic.

6.On the Microsoft SQL Server License Terms page, click Accept.

7.On the Specify SQL Server install location page, click Install.

8.It might take few minutes to completed download and installation.

9.On the Installation has completed successfully page, take note for instance name and all information, click Install SSMS.

10.On the Download SQL Server Management Studio (SSMS) page, click Free Download for the SQL Server Management Studio (SSMS) 18.10.

11.Run SSMS-Setup-ENU.exe.

12.On the User Account Control page, click Yes.

13.On the Welcome page, click Install.

14. It might take few minutes to completed download and installation.

15.On the Setup Completed page, click Close.

16.On the Installation has completed successfully page, click Close.

17.On the exit confirm page, click Yes.

18.Login to Citrix Virtual Apps Delivery Controller server as local administrator.

19.Stop Citrix services.

20.Open SSMS, Select the old instance name as Server name click Connect. In my case, it’s CGY-XENEXEC03\SQLEXPRESS.

21.On the Object Explorer page, expand the instance, expand Databases, right-click CitrixStoreLogging, select Properties.

22.On the Database Properties – CitrixStoreLogging page, select Files.

23.On the Files page, take note for the path and file name of Database files.

24. On the Object Explorer page, expand the instance, expand Databases, right-click CitrixStoreMonitoring, select Properties.

25.On the Database Properties – CitrixStoreMonitoring page, select Files.

26. On the Files page, take note for the path and file name of Database files.

27. On the Object Explorer page, expand the instance, expand Databases, right-click CitrixStoreSite, select Properties.

28. On the Database Properties – CitrixStoreSite page, select Files.

29. On the Files page, take note for the path and file name of Database files.

31.On the Object Explorer page, expand the instance, expand Databases, right-click CitrixStoreLogging, select Detach.

32.On the Database to detach page, select Drop Connections, select Update Statistics, click OK.

33. On the Object Explorer page, expand the instance, expand Databases, right-click CitrixStoreMonitoring, select Detach.

34. On the Database to detach page, select Drop Connections, select Update Statistics, click OK.

35. On the Object Explorer page, expand the instance, expand Databases, right-click CitrixStoreSite, select Detach.

36. On the Database to detach page, select Drop Connections, select Update Statistics, click OK.

37.Close SSMS.

38.Re-open SSMS, select the new instance name as Server name click Connect. In my case, it’s CGY-XENEXEC03\SQLEXPRESS01.

39. On the Object Explorer page, expand the instance, right-click Databases, select Attach.

40.On the Database to attach page, click Add.

41.Select CitrixStoreLogging.mdf from previsouly noted path, click OK.

42.On the Attach Database page, click OK.

43. On the Object Explorer page, expand the instance, right-click Databases, select Attach.

44. On the Database to attach page, click Add.

45. Select CitrixStoreMonitoring.mdf from previsouly noted path, click OK.

46. On the Attach Database page, click OK.

47.On the Object Explorer page, expand the instance, right-click Databases, select Attach.

48. On the Database to attach page, click Add.

49. Select CitrixStoreSite.mdf from previsouly noted file path, click OK.

50. On the Attach Database page, click OK.

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

Web Site: carysun.com

Blog Site: checkyourlogs.net

Blog Site: gooddealmart.com

How to in place upgrade Citrix Virtual Apps 7 1912 LTSR servers from Windows Server 2012 R2 to Windows Server 2019

As you know the Citrix Virtual Apps 7 1912 LTSR supports Windows Server 2019, today, I am going to show you how to in place upgrade Citrix Virtual Apps 7 1912 LTSR servers from Windows Server 2012 R2 to Windows Server 2019.

1.Login to Citrix Virtual Apps Delivery Controller server.

2. Open a command prompt, go to c:\Windows\system32, and then type systeminfo.exe.

3. Copy, paste, and store the resulting system information somewhere off your device.

4. Type ipconfig /all into the command prompt, and then copy and paste the resulting configuration information into the same location as above.

5. Open the Registry Editor, go to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion hive, and then copy and paste the Windows Server BuildLabEx (version) and EditionID (edition) into the same location as above.

6.Mount Windows Server 2019 ISO image file.

7.Click DVD Drive.

8.On the User Account Control page, click Yes.

9.On the Get updates, drivers and optional features page, select download update, drivers and optional features (recommended), click Next.

10.On the Select Image page, select as same operating version the existing Windows server 2012 R2.

11.On the Applicable notices and license terms. Click Accept.

12.On the Choose what to keep page, select Keep personal files and apps, click Next.

13.If you chose not the same operating system version as the existing Windows server 2012 R2, the keep personal files and apps will grey out.

14.On the Ready to install page, click Install.

15.The installation might need to take some time and several reboot.

16.Open Server Manager and make sure the Operating system version shows Microsoft Windows Server 2019.

17.Open Citrix Studio.

18.Click Test site, make sure everything looks good.

19.Login Citrix VDA Server.

20. Mount Windows Server 2019 ISO image file.

21. Click DVD Drive.

22. On the User Account Control page, click Yes.

23.On the Get updates, drivers and optional features page, select download update, drivers and optional features (recommended), click Next.

24.On the Select Image page, select as same operating version the existing Windows server 2012 R2.

25.On the Applicable notices and license terms. Click Accept.

26.On the Choose what to keep page, select Keep personal files and apps, click Next.

27.If you chose not the same operating system version as the existing Windows server 2012 R2, the keep personal files and apps will grey out.

28.On the Ready to install page, click Install.

29.The installation might need to take some time and several reboot.

30.Open Server Manager and make sure the Operating system version shows Microsoft Windows Server 2019.

31.Login Citrix Workspace from Client and open Apps to make sure there is no issues.

32.If you cannot get apps from the store on the Storefront, and notice there are event log error, you might need to reinstall Citrix Virtual Apps Virtual Delivery Agent at VDA Server.

33.Login to Citrix VDA Server.

34. Open Programs and Features from Control Panel, right-click Virtual Delivery Agent and select Uninstall.

35.On the Summary page, click Remove.

36.On the Uninstall confirm page, click OK.

37.Restart Citrix VDA Server.

38.Click DVD Drive again.

39.On the Deliver applications and desktops to any users, anywhere, on any device page, click Start at Virtual Apps Delivery application.

40. Select Virtual Delivery Agent for Windows Multi-session OS.

41. On the Environment page, select Enable Broker Connections to a Server, click Next.

42. On the Core Components page, keep the default settings, click Next.

43. On the Additional Components for Enable Brokered Connections to a Server page, select Citrix Supportability Tools, Citrix User Profile Manager, Citrix User Profile Manager WMI Plugin and Citrix Files for Windows, click Next.

44. On the Delivery Controller page, Select Do it manually at Configuration.

45. Enter the server FQDN at Controller address, click Test connection…. In my case, the Controller address is CGY-Xenexec03.gdmcgy.gooddealmart.ca.

46. Make sure connection test without issues, click Add.

47. On the Delivery Controller page, click Next.

48. On the Features page, select all, click Next.

49. On the Firewall page, select Automatically to Configure firewall rules, click Next.

50. On the Summary page, click Install.

51. On the Diagnostics page, unselect Collect diagnostic information, click Next.

52. On the Finish Installation page, select Restart machine, click Finish.

53. Restart both Citrix servers.

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

Web Site: carysun.com

Blog Site: checkyourlogs.net

Blog Site: gooddealmart.com

How to upgrade Citrix XenApp 7.15 LTSR to Virtual Apps 7 1912 LTSR

Today, I am going to show you how to upgrade Citrix XenApp from 7.15 LTSR to Virtual Apps 7 1912 LTSR.

1.Sign in your Citrix account from citrix.com.

2. Enter your user name and password, click Sign in.

3. On the Dashboard page, select Downloads.

4. On the Download page, select Citrix Virtual Apps and Desktops (XenApp & XenDesktop).

5. On Citrix Virtual Apps and Desktops (XenApp & XenDesktop) page, select Citrix Virtual Apps and Desktops 7 1912 LTSR, select Product Software, click Citrix Virtual Apps and Desktops 7 1912 LTSR, Cumulative Update 4.

6. On the Citrix Virtual Apps and Desktops 7 1912 LTSR, Cumulative Update 4 page, click Citrix Virtual Apps and Desktops 7 1912 LTSR, Cumulative Update 4-All Editions.

7. On the Citrix Virtual Apps and Desktops 7 1912 LTSR, Cumulative Update 4-All Editions page, , click Download File.

8. On the Download Agreement page, select I have read and certify that I comply with the above Export Control Laws, click Accept.

9. Save the ISO file to XenApp Delivery Controller server and Virtual Delivery Agent Server.

10. Login to XenApp Delivery Controller server.

11.Mout the ISO image file.

12.Double-click DVD Drive.

13.On the Citrix Virtual Apps 7 1912 LTSR CU4 page, click Upgrade.

14. On the License Agreement page, select I have read, understand and accept the terms of the license agreement, click Next.

15.On the Ensure a Successful Upgrade page, select I’m ready to continue, click Next.

16.On the Preliminary Tests page, click Start Preliminary Tests.

17. Click Next if there are no issues at Tests result.

18.On the Firewall page, click Automatically configure firewall rules, click Next.

19.On the Summary page, click Upgrade.

20.Click OK on the upgrade confirm page.

21.The server needs to restart at upgrade process.

22.On the Call Home page, select I do not wat to participate in Call Home, click Next. You can participate later if need it.

23.On the Finish Installation page, click Finish.

24.Login to XenApp VDA server.

25.Mount iso image file.

26.Double-click DVD Drive.

27.On the Citrix Virtual Apps 7 1912 LTSR CU4 page, click Upgrade Machines and Images.

28. If the Personal vDisk (PvD) component was ever installed on a VDA, that VDA cannot be upgraded to version 1912 LTSR or later. (This applies even if you installed PvD but never used it.) To upgrade to the new VDA version, you must manually uninstall the existing VDA and then install the new VDA.

29.Open Programs and Features from Control Panel, right-click Virtual Delivery Agent and select Uninstall.

30.On the Summary page, click Remove.

31. Click OK on the uninstall confirm page.

32.On the Finish Removal page, select Restart machine, click Finish.

33.Click DVD Drive again.

34. On the Deliver applications and desktops to any users, anywhere, on any device page, click Start at Virtual Apps Delivery application.

35. Select Virtual Delivery Agent for Windows Multi-session OS.

36. On the Environment page, select Enable Broker Connections to a Server, click Next.

37. On the Core Components page, keep the default settings, click Next.

38. On the Additional Components for Enable Brokered Connections to a Server page, select Citrix Supportability Tools, Citrix User Profile Manager, Citrix User Profile Manager WMI Plugin and Citrix Files for Windows, click Next.

39. On the Delivery Controller page, Select Do it manually at Configuration.

40. Enter the server FQDN at Controller address, click Test connection…. In my case, the Controller address is CGY-Xenexec03.gdmcgy.gooddealmart.ca.

41. Make sure connection test without issues, click Add.

42. On the Delivery Controller page, click Next.

43. On the Features page, select all, click Next.

44. On the Firewall page, select Automatically to Configure firewall rules, click Next.

45. On the Summary page, click Install.

46. On the Diagnostics page, unselect Collect diagnostic information, click Next.

47. On the Finish Installation page, select Restart machine, click Finish.

48. Login to Citrix Virtual Apps Delivery Controller server.

49. Open Citrix Studio.

50. On the Citrix Studio, select Start the automatic Site upgrade.

51. On the Upgrading Site page, select I am ready to upgrade, click Upgrade.

52. On the Studio page, make sure Site upgrade complete without issues, click Close.

53.Reboot both Citrix servers.

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

Web Site: carysun.com

Blog Site: checkyourlogs.net

Blog Site: gooddealmart.com