After Enabling MFA, Veeam Backup Server Is Listed as Inaccessible in Veeam Service Provider Console

To resolve this issue, review the options below:

Option 1: Have the Veeam Management Agent Use a Dedicated Service Account

The recommended solution is to configure the Veeam Management Agent service to use a dedicated service account (either Domain or Windows local) for which MFA is explicitly disabled. For more information, see Disabling MFA for Service Accounts.

1. In Windows Services ( services.msc ), check if Veeam Management Agent is still running under the Local System account.
2. Edit the Veeam Management Agent service and change the "Log on as" account from the Local System account to any user that is a member of the Local Administrators group or any Domain account with Local Administrators group permissions on that machine.
3. Add the Service account to Veeam Backup & Replication/Veeam Cloud Connect:
   1. Add the service account specified for the service to the Users and Roles section.
   2. Assign the role: Veeam Backup Administrator.
   3. Select the "This is a service account" checkbox to disable MFA.

4. Restart the Veeam Management Agent service.

In about 10 minutes, the inaccessible status in VSPC will change to normal.

Option 2: Add the Local System Account as a Service Account with MFA Disabled

An alternative option is to configure Local System as a service account within the Users and Roles Security settings. 

1. In Windows Services ( services.msc ), confirm that the Veeam Management Agent service is configured to Log on as the Local System account.
2. Add the account "NT AUTHORITY\SYSTEM" to Veeam Backup & Replication/Veeam Cloud Connect:
   1. Add the account "NT AUTHORITY\SYSTEM" to the Users and Roles section.
      
      Note: You must enter NT AUTHORITY\SYSTEM manually, as it is impossible to search for it using the Select User or Group tool.
   2. Assign the role: Veeam Backup Administrator.
   3. Select the "This is a service account" checkbox to disable MFA.