Question

i am unable to add Hyper V hosts to Veeam

  • 14 September 2023
  • 31 comments
  • 2081 views

Userlevel 4

Hi

good day

this is my first post on Veeam communities

please I need help with adding HyperV hosts to my Veeam infrastructure 

 

I did an upgrade to Veeam 12 about a month ago. I realized that my HyperV hosts were offline. Of four, two are running Windows Server 2022.

 

i saw some things about DCOM Hardening which I don’t want to accept (yet)

can anyone help me with measures to resolve this problem?

 


31 comments

Userlevel 7
Badge +17

Hi @ZadokZeePriest -

Just following up again to see if you were able to add your Host to Veeam?

Userlevel 7
Badge +17

Hi @ZadokZeePriest -

Were you able to resolve this? Curious how you did if so.

Userlevel 5
Badge +5

Once, i was the same trouble and open one ticket at the Veeam. We discovery one att at windows, i dont remember the KB. 

Did you att your Veeam or OS from hyper-v server ? 

 

You can check UAC account permissions too. 

In my case, was this KB, at the hyper-v server:

https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-feature-bypass-cve-2021-26414-f1400b52-c141-43d2-941e-37ed901c769c

 

Perhaps help you !

Userlevel 5
Badge +5

Once, i was the same trouble and open one ticket at the Veeam. We discovery one att at windows, i dont remember the KB. 

Did you att your Veeam or OS from hyper-v server ? 

 

You can check UAC account permissions too. 

Userlevel 7
Badge +6

Are you seeing any of the events in this article in your event logs.

 

https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-feature-bypass-cve-2021-26414-f1400b52-c141-43d2-941e-37ed901c769c

Userlevel 4

Are you adding it by ip or host name as DNS will need time to update

IP address, not FQDN

Userlevel 7
Badge +21

If you want to use DNS run - ipconfig /flushdns to refresh it then ping the hostname to see if it resolves the new IP or not.

Userlevel 7
Badge +6

Are you adding it by ip or host name as DNS will need time to update

Userlevel 4

Hi

I did an NSLOOKUP

And found another appliance sharing that IP address.

 

I changed the IP

Error was still persistent.

 

 

Userlevel 7
Badge +6

The logs show references to a cluster …. was the name / ip previously assigned to a hyper-v cluster?

 

If you do nslookup on the host IP does it just return a single host name? or nslookup on the Name even :)

Userlevel 4

When you said the firewall is disabled was that on the VBR server or the host?

Are you adding the hyper-V hosts standalone or as a cluster?

  • On the host.
  • Standalone.
Userlevel 7
Badge +6

When you said the firewall is disabled was that on the VBR server or the host?

Are you adding the hyper-V hosts standalone or as a cluster?

Userlevel 4

 

Hi

I have done everything here, and the error is still the same.

 

  • I checked the EnableLUA from the remote registry and set it to 0
  • I ensured the local admin credentials are correct.
  • I also ensure the UAC from the Control panel was disabled

Error is the same.

I have tried both Veeam 11 and 12.

Same error.

 

The Veeam 12 is an upgrade of the Veeam 11.

 

All not working.

@ZadokZeePriest - this is not the correct Registry Key. Look at my approved answer in the post, or follow this Microsoft link to see the procedure, which is also referenced by a Veeam KB. You need to add the LocalAccountTokenFilterPolicy registry key and set it to 1 to disable remote UAC restrictions.

It is enabled.

Same thing.

Userlevel 4

i found some logs in the Backup folder.

The highligted parts seemed very noteworthy:

 

Userlevel 7
Badge +17

Additionally, make sure you have File and Print Sharing service enabled, as noted by prerequisites noted in the Guide.

Userlevel 7
Badge +17

 

Hi

I have done everything here, and the error is still the same.

 

  • I checked the EnableLUA from the remote registry and set it to 0
  • I ensured the local admin credentials are correct.
  • I also ensure the UAC from the Control panel was disabled

Error is the same.

I have tried both Veeam 11 and 12.

Same error.

 

The Veeam 12 is an upgrade of the Veeam 11.

 

All not working.

@ZadokZeePriest - this is not the correct Registry Key. Look at my approved answer in the post, or follow this Microsoft link to see the procedure, which is also referenced by a Veeam KB. You need to add the LocalAccountTokenFilterPolicy registry key and set it to 1 to disable remote UAC restrictions.

Userlevel 4

The irony of this is,

I tested another backup software [I will keep the name]

I was able to discover the hosts and the VMs.

Same procedure.

‘No tweaking or reconfiguration.

 

Honestly, are we sure this is not really about Veeam and HyperV hosts?

Userlevel 4

 

I was able to access the admin shares and the c shares with the same credentials giving me errors here.

The first screenshot was included to show that the username format was HOST\User 

the password used was also checked [I can’t put that out here]

 

The windows firewall is also disabled:

disabled windows firewall to ensure there are no issues.

 

Userlevel 7
Badge +21

Like the message states did you check permissions and expired password?  You need to use a local Administrator account on the host to connect.

Also check the Veeam logs here - C:\ProgramData\Veeam -- see if there is any information there.

Also ensure Firewall ports are open and not blocking.

 

So what logs exactly am I examining here?

 

 

Check the Backup folder to see if there is anything of relevance and also ensure the credentials as per Shane’s post for the format.

Userlevel 7
Badge +17

What’s the format of the local credentials you’re using? It should be in the format of HOSTNAME\user (not .\user), or for a domain account DOMAIN\user.

Userlevel 7
Badge +6

Can you get to the Admin$ share on the hyper-V host? \\192.168.1.126\Admin$ Also can you ping the host?

I suspect the windows firewall is enabled and you’ll need to disable it 1st if you’ve not allowed the ports. Veeam will create the firewall rules allowing you to re-enable the firewall after readding it back in.

Userlevel 4

Like the message states did you check permissions and expired password?  You need to use a local Administrator account on the host to connect.

Also check the Veeam logs here - C:\ProgramData\Veeam -- see if there is any information there.

Also ensure Firewall ports are open and not blocking.

 

So what logs exactly am I examining here?

 

 

Userlevel 4

 

Hi

I have done everything here, and the error is still the same.

 

  • I checked the EnableLUA from the remote registry and set it to 0
  • I ensured the local admin credentials are correct.
  • I also ensure the UAC from the Control panel was disabled

Error is the same.

I have tried both Veeam 11 and 12.

Same error.

 

The Veeam 12 is an upgrade of the Veeam 11.

 

All not working.

Userlevel 7
Badge +17

Keep us posted on the result when you’re able to test this out.

Userlevel 7
Badge +17

What you disabled was the UAC within control panel probably. What I’m suggesting you disable is REMOTE UAC from within the Windows Registry. No...2022 doesn’t matter. This is a known “issue” (security enhancement) for Windows devices for a while now.

Comment