Help Center
Choose product document...
Veeam Backup & Replication 9.5
Enterprise Manager User Guide

Handling Password Recovery Requests

When an encrypted backup file or tape media is imported to the Veeam backup server, a password is required to decrypt data. In some cases, however, a password can be lost or forgotten. Veeam Backup & Replication offers a way to restore data from encrypted backups or tapes even if a password is not available. For that, Veeam Backup Enterprise Manager Administrator runs the Password Recovery wizard within the following context:

  1. As Veeam Backup Enterprise Manager Administrator, you receives a request for password restore, for example, via email.
  2. Then you start the Password Recovery wizard by clicking the Password Recovery button in Configuration > Key Management, and insert the text of the request to the wizard.

Handling Password Recovery Requests 

  1. Veeam Backup Enterprise Manager finds a matching public backup server key in Veeam Backup Enterprise Manager database and decrypts the signature with this key.
  2. The wizard decrypts storage keys with the private Enterprise Manager key available on Veeam Backup Enterprise Manager, and generates a response. The response represents a text document and contains decrypted storage keys. Consider that the response is also encrypted and can be used only on the Veeam backup server where the request was issued.
  3. Then you can send the response back to requester, for example, via email. The requester will input this response to the Enterprise Keys Restore wizard on the Veeam backup server where the request was issued; Veeam Backup & Replication will process the response, retrieve the decrypted storage keys and use them to unlock encrypted backups or tapes and retrieve their content.

Handling Password Recovery Requests Important!

In case your organization encrypts configuration backups of a Veeam backup server, and you want to be able to serve password restore request for these backups, ensure the original Veeam backup server and its public key (used for configuration backup encryption) are present on the Enterprise Manager server by the moment you receive such a request. Consider the following:

  • If a Veeam backup server is removed from Enterprise Manager, the corresponding public key will be deleted from the Enterprise Manager database.
  • If a new configuration database is created on Veeam backup server, then a new public key will be automatically generated for that Veeam backup server on Enterprise Manager, replacing its existing key.

For details on Enterprise Manager keysets, encryption passwords and password restore, see the Veeam Backup & Replication User Guide.

Veeam Large Logo

User Guide for VMware vSphere

User Guide for Microsoft Hyper-V

Enterprise Manager User Guide

Veeam Cloud Connect Guide

Veeam Backup Explorers User Guide

PowerShell Reference

RESTful API Reference

Veeam Backup FREE Edition User Guide

Veeam Backup for Microsoft Office 365

Veeam ONE Documentation

Veeam Agent for Windows Documentation

Veeam Agent for Linux Documentation

Veeam Management Pack Documentation