Problem description
The VMware backup is successful but the UDA scan fails
Admins will get an alert for UDA scan failure [(if email subscription is enabled)]
From Dec 21, 2023 onwards new UDA events for VMware resources were introduced which will sent out email alert for "unusual data activity - scan failure on Virtual machines"
The UDA scan will be triggered for each VM which has credentials assigned in the Phoenix console
Reference : Release Notes -> Cyber Resilience
Cause
The assigned credentials must have administrator rights on the VM and the UAC must be disabled for administrators
Traceback
Check the detailed job logs: How to collect the detailed job logs
Job logs report below error :
[2024-01-23 23:04:38,663] [ERROR] Could not create directory: C:\Program Files\Druva\Hybrid-Workload\VMware\<jobid>\ in guest os: (vim.fault.CannotAccessFile) {
dynamicType = <unset>,
dynamicProperty = (vmodl.DynamicProperty) [],
msg = 'Unable to access file C:\\Program Files\\Druva\\Hybrid-Workload\\VMware\\<jobid>\\',
faultCause = <unset>,
faultMessage = (vmodl.LocalizableMessage) [],
file = 'C:\\Program Files\\Druva\\Hybrid-Workload\\VMware\\<jobid>\\'
}Verification
Check in the Phoenix console > All virtual machines > Search the VM > It will display a message "Insufficient permissions for Unusual Dta Activity or SQL app aware processing"
Resolution
Add the account to the administrators group on the VM
Make sure the account is added to "log on as batch job" role in group policy settings
To check this, run gpedit.msc.
In the Local Group Policy Editor window that opens, navigate to Computer Configuration > Windows settings > Security settings > Local policies > User Rights Assignment > "log on as batch job"
This role generally has the default values of "Administrators" and "backup operators", but if these are not added here, add the account specifically to this role.
Rerun the backup and the UDA scan should be successful