I’m trying to add a Cluster object in a new Protection Group as `Microsoft Active Directory Objects` and at the credentials tab when I click on `Test Now` I get this error.
9/23/2022 5:19:21 PM :: Processing Microsoft failover cluster XXXX.XXX.local Error: Failed to get cluster nodes
Page 1 / 1
I faced the same problem. The log C:\ProgramData\Veeam\Backup has the same error as the author.
On the master node of the cluster I found an error in the system log: 10036 The server-side authentication level policy does not allow the user IT\ХХХ SID (S-1-5-21-ХХХХХХХХХ-ХХХХХХХХХ-ХХХХХХХ-ХХХ) from address 10.ХХ.Х.Х to activate DCOM server. Please raise the activation authentication level at least to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY in client application.
The server with veeam has not received windows updates for a long time, and the cluster I was accessing had all the latest patches.
The solution that helped me: Install all current windows updates on the veeam server. You can also install updates only related to changes in DCOM Server (CVE-2021-26414).
@TACSupport - probably best to open a support case, if you haven’t already. It may be a bug in v12 and thus they’ll need to address it.
anyone have the solution?
we have the same issue now too, seems it started after version 12 upgrade.
the protection groups test with creds fail, however the backups still backup the nodes in the cluster.
The same problem happens here.
I got the same problem and to solve it, i set DNS of my the nodes cluster in the network card of my veeam backup server
Hi @m.saleh, any update on this?
If you can add them individually and it’s fine, sounds like an AD permissions issue to read your cluster object?
Hi, that says it’s trying to use WMI to access, which if you’re saying you’ve got the firewalls disabled on ALL nodes, you should be fine, but I’d check the WMI service is running on all nodes.
Next I’d also check that within the guest OS credentials section if you have a default “master” and then have configured overriding credentials for individual objects that one of the two conditions is true:
Master credentials are the appropriate account, with no overriding credentials configured for any individual nodes or the cluster name
Master credentials are not the appropriate account, but overriding credentials configured for the cluster and nodes where appropriate.
Particularly around the format required for the account “DOMAIN\Username” and required permissions within AD.
Hello,
I checked the WMI service on each node and found it not running on 2 of them so i started the service and tried the Test again but still fails.
I checked the user account again for veeam and it’s a Domain Admin and i’m using it as a MasterAccount and it still fails. I don’t know why actually. I tried on another Veeam server but still the same however when i’m trying to add the cluster nodes separately `Computer Objects` not a cluster it success.
Hi, that says it’s trying to use WMI to access, which if you’re saying you’ve got the firewalls disabled on ALL nodes, you should be fine, but I’d check the WMI service is running on all nodes.
Next I’d also check that within the guest OS credentials section if you have a default “master” and then have configured overriding credentials for individual objects that one of the two conditions is true:
Master credentials are the appropriate account, with no overriding credentials configured for any individual nodes or the cluster name
Master credentials are not the appropriate account, but overriding credentials configured for the cluster and nodes where appropriate.
(reboot is required to complete the removal process)
Can you grab the logs from the Veeam server please, rather than event viewer.
Default location: C:\ProgramData\Veeam\Backup
The error message indicates there‘s a problem with the VBR server connecting the AD DC while trying to query the AD cluster object for the cluster nodes. Have you checked firewall restrictions between those as well?
Firewall is disabled. I tried to change the DC but still the same issue.
All AD ports are opened.
EDIT: I’m able to add Hyper-V hosts using the AD credentials and they’re added successfully but while adding a cluster object it’s not working.
The error message indicates there‘s a problem with the VBR server connecting the AD DC while trying to query the AD cluster object for the cluster nodes. Have you checked firewall restrictions between those as well?
I have the same problem in one client environment. It’s a firewall problem, but I didn’t have time to solve it up top now.
But firewall is disabled on all servers and they’re on the same VLAN so all ports are allowed any to any
Just edited my post and added - at least in my case.
DNS resolution for all related systems is ok, too?
Yes yes. I can ping and resolve the cluster and nodes
I have the same problem in one client environment. It’s a firewall problem, but I didn’t have time to solve it up top now.
But firewall is disabled on all servers and they’re on the same VLAN so all ports are allowed any to any
Just edited my post and added - at least in my case.
DNS resolution for all related systems is ok, too?
I have the same problem in one client environment. It’s a firewall problem, but I didn’t have time to solve it up top now.
But firewall is disabled on all servers and they’re on the same VLAN so all ports are allowed any to any
I have the same problem in one client environment. It’s a firewall problem - at least in my case -, but I didn’t have time to solve it up top now.
No actually i didn’t see anything related to this. but i found many warnings
Can you check your logs and see if there’s anything that gives an indication as to what’s going on, before or after this event?