I’m trying to add a Cluster object in a new Protection Group as `Microsoft Active Directory Objects` and at the credentials tab when I click on `Test Now` I get this error.
9/23/2022 5:19:21 PM :: Processing Microsoft failover cluster XXXX.XXX.local Error: Failed to get cluster nodes
Page 1 / 1
Can you check your logs and see if there’s anything that gives an indication as to what’s going on, before or after this event?
No actually i didn’t see anything related to this. but i found many warnings
I have the same problem in one client environment. It’s a firewall problem - at least in my case -, but I didn’t have time to solve it up top now.
I have the same problem in one client environment. It’s a firewall problem, but I didn’t have time to solve it up top now.
But firewall is disabled on all servers and they’re on the same VLAN so all ports are allowed any to any
I have the same problem in one client environment. It’s a firewall problem, but I didn’t have time to solve it up top now.
But firewall is disabled on all servers and they’re on the same VLAN so all ports are allowed any to any
Just edited my post and added - at least in my case.
DNS resolution for all related systems is ok, too?
I have the same problem in one client environment. It’s a firewall problem, but I didn’t have time to solve it up top now.
But firewall is disabled on all servers and they’re on the same VLAN so all ports are allowed any to any
Just edited my post and added - at least in my case.
DNS resolution for all related systems is ok, too?
Yes yes. I can ping and resolve the cluster and nodes
The error message indicates there‘s a problem with the VBR server connecting the AD DC while trying to query the AD cluster object for the cluster nodes. Have you checked firewall restrictions between those as well?
The error message indicates there‘s a problem with the VBR server connecting the AD DC while trying to query the AD cluster object for the cluster nodes. Have you checked firewall restrictions between those as well?
Firewall is disabled. I tried to change the DC but still the same issue.
All AD ports are opened.
EDIT: I’m able to add Hyper-V hosts using the AD credentials and they’re added successfully but while adding a cluster object it’s not working.
Can you grab the logs from the Veeam server please, rather than event viewer.
Default location: C:\ProgramData\Veeam\Backup
To troubleshoot outside of Veeam, you could try the following on the VBR server:
(reboot is required to complete the removal process)
Cluster is working fine.
Can you grab the logs from the Veeam server please, rather than event viewer.
Default location: C:\ProgramData\Veeam\Backup
I found this access is denied error but i’m pretty sure the credentials are correct.
The message after the messages you have marked says “Check if you have local admistrator privileges on computer xxx"
Do you have them with the account Veeam uses?
Can you grab the logs from the Veeam server please, rather than event viewer.
Default location: C:\ProgramData\Veeam\Backup
I found this access is denied error but i’m pretty sure the credentials are correct.
The message after the messages you have marked says “Check if you have local admistrator privileges on computer xxx"
Do you have them with the account Veeam uses?
Yes it uses a domain admin user account and have access to each node.
Hi, that says it’s trying to use WMI to access, which if you’re saying you’ve got the firewalls disabled on ALL nodes, you should be fine, but I’d check the WMI service is running on all nodes.
Next I’d also check that within the guest OS credentials section if you have a default “master” and then have configured overriding credentials for individual objects that one of the two conditions is true:
Master credentials are the appropriate account, with no overriding credentials configured for any individual nodes or the cluster name
Master credentials are not the appropriate account, but overriding credentials configured for the cluster and nodes where appropriate.
Particularly around the format required for the account “DOMAIN\Username” and required permissions within AD.
Hi, that says it’s trying to use WMI to access, which if you’re saying you’ve got the firewalls disabled on ALL nodes, you should be fine, but I’d check the WMI service is running on all nodes.
Next I’d also check that within the guest OS credentials section if you have a default “master” and then have configured overriding credentials for individual objects that one of the two conditions is true:
Master credentials are the appropriate account, with no overriding credentials configured for any individual nodes or the cluster name
Master credentials are not the appropriate account, but overriding credentials configured for the cluster and nodes where appropriate.
Particularly around the format required for the account “DOMAIN\Username” and required permissions within AD.
Hello,
I checked the WMI service on each node and found it not running on 2 of them so i started the service and tried the Test again but still fails.
I checked the user account again for veeam and it’s a Domain Admin and i’m using it as a MasterAccount and it still fails. I don’t know why actually. I tried on another Veeam server but still the same however when i’m trying to add the cluster nodes separately `Computer Objects` not a cluster it success.
If you can add them individually and it’s fine, sounds like an AD permissions issue to read your cluster object?
Hi @m.saleh, any update on this?
I got the same problem and to solve it, i set DNS of my the nodes cluster in the network card of my veeam backup server
The same problem happens here.
we have the same issue now too, seems it started after version 12 upgrade.
the protection groups test with creds fail, however the backups still backup the nodes in the cluster.
anyone have the solution?
@TACSupport - probably best to open a support case, if you haven’t already. It may be a bug in v12 and thus they’ll need to address it.
I faced the same problem. The log C:\ProgramData\Veeam\Backup has the same error as the author.
On the master node of the cluster I found an error in the system log: 10036 The server-side authentication level policy does not allow the user IT\ХХХ SID (S-1-5-21-ХХХХХХХХХ-ХХХХХХХХХ-ХХХХХХХ-ХХХ) from address 10.ХХ.Х.Х to activate DCOM server. Please raise the activation authentication level at least to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY in client application.
The server with veeam has not received windows updates for a long time, and the cluster I was accessing had all the latest patches.
The solution that helped me: Install all current windows updates on the veeam server. You can also install updates only related to changes in DCOM Server (CVE-2021-26414).
I encountered a similar problem, which turned out to be a firewall issue. After updating the firewall rules to include the necessary ports for the failover cluster, I was able to connect to the nodes. Naturally, adding the required ports is essential for proper functionality. Veeam ports.
Below table is representation of Microsoft failover cluster ports.