Skip to main content
VMWARE: UDA Scan failed
Updated over a week ago

Problem description

  • The VMware backup is successful but the UDA scan fails

  • Admins will get an alert for UDA scan failure [(if email subscription is enabled)]

  • From Dec 21, 2023 onwards new UDA events for VMware resources were introduced which will sent out email alert for "unusual data activity - scan failure on Virtual machines"

  • The UDA scan will be triggered for each VM which has credentials assigned in the Phoenix console

  • Reference : Release Notes -> Cyber Resilience


The assigned credentials must have administrator rights on the VM and the UAC must be disabled for administrators


Check the detailed job logs: How to collect the detailed job logs

Job logs report below error :

[2024-01-23 23:04:38,663] [ERROR] Could not create directory: C:\Program Files\Druva\Hybrid-Workload\VMware\<jobid>\ in guest os: (vim.fault.CannotAccessFile) {
   dynamicType = <unset>,
   dynamicProperty = (vmodl.DynamicProperty) [],
   msg = 'Unable to access file C:\\Program Files\\Druva\\Hybrid-Workload\\VMware\\<jobid>\\',
   faultCause = <unset>,
   faultMessage = (vmodl.LocalizableMessage) [],
   file = 'C:\\Program Files\\Druva\\Hybrid-Workload\\VMware\\<jobid>\\'


Check in the Phoenix console > All virtual machines > Search the VM > It will display a message "Insufficient permissions for Unusual Dta Activity or SQL app aware processing"



  1. Add the account to the administrators group on the VM

  2. Make sure the account is added to "log on as batch job" role in group policy settings

  3. To check this, run gpedit.msc.

    • In the Local Group Policy Editor window that opens, navigate to Computer Configuration > Windows settings > Security settings > Local policies > User Rights Assignment > "log on as batch job"

    • This role generally has the default values of "Administrators" and "backup operators", but if these are not added here, add the account specifically to this role.

    • Rerun the backup and the UDA scan should be successful

Did this answer your question?