Hyper-V Account Does Not Have Permission Event

Monitoring and reporting for Veeam Backup & Replication, VMware vSphere and Microsoft Hyper-V

Re: Hyper-V Account Does Not Have Permission Event

Veeam Logoby Vitaliy S. » Wed Mar 18, 2015 1:41 pm

Yes, can you please provide it and I will forward it to our QC team as additional info about this case.
Vitaliy S.
Veeam Software
 
Posts: 19574
Liked: 1104 times
Joined: Mon Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov

Re: Hyper-V Account Does Not Have Permission Event

Veeam Logoby mbrinkho » Wed Mar 18, 2015 1:58 pm 1 person likes this post

Here it is - it's not pretty but it does work for me. I've sanitized it a bit so in order to make it work you'll have to replace the relevant bits. It also adds live migration delegation but I didn't have time to strip that out. There is a much easier way to do it in Powershell using Enable-SmbDelegation but it requires that the AD forest be at Server 2012 functional level and we aren't there.

Code: Select all
# HV-SetServerDelegationInAD.ps1
# sets constrained delegation for all hyper-v servers TO all hyper-v servers in AD + SMB3 servers used for remote storage
# mostly borrowed from http://rcmtech.wordpress.com/2013/07/19/powershell-kerberos-constrained-delegation-for-hyper-v-live-migration/
# 10/8/14 Matt Brinks
# 10/23/14 MB Added SMB delegation for other HV hosts as well as live migration delegation

# OU that your servers are in in AD
$serversOU = [ADSI]"LDAP://OU=Computers,DC=MYDOMAIN,DC=LOCAL"
# DNS Suffix
$DNSSuffix = "MYDOMAIN.local"
# array of SMB3 servers to give delegation to
$smbServers = "SMB3Server1","SMB3Server2","SMB3Server3"
# empty hash table
$hvHosts = @{}
# regular expression that identifies Hyper-V hosts by name
$hostNameRegex = 'HYPERVSERVER[0-9][0-9]'

foreach ($child in $serversOU.PSBase.Children) {
    # add each computer in the OU to the hash table
    if ($child.ObjectCategory -like '*computer*' -and $child.Name.Value -match $hostNameRegex) {
        $hvHosts.Add($child.Name.Value, $child.distinguishedName.Value)
    }
}
# create a list of short names for the hyperv hosts
$hvHostsShort = @()
foreach ($hostShortName in $hvHosts.keys) {
    $hvHostsShort += $hostShortName
    }
# add the hyperv hosts to the list of smb servers so they can access each others local drives
$smbServers += $hvHostsShort

# Process each AD computer object in the OU in turn
foreach ($hvHost in $hvHosts.values) {
    Write-Host "Setting Delegation for Hyper-V Host : $hvHost"
    foreach ($smbServer in $smbServers) {
        Write-Host ("Adding cifs delegation for $smbServer")
        Set-ADObject -Identity $hvHost -Add @{"msDS-AllowedToDelegateTo" = "cifs/"+$smbServer}
        Set-ADObject -Identity $hvHost -Add @{"msDS-AllowedToDelegateTo" = "cifs/"+$smbServer+"."+$DNSSuffix}
        }
    # add the live migration delegation for all of the other hyperv hosts
    foreach ($hvHostShort in $hvHostsShort) {
        Write-Host ("Adding live migration delegation for $hvHostShort")
        Set-ADObject -Identity $hvHost -Add @{"msDS-AllowedToDelegateTo" = "Microsoft Virtual System Migration Service/"+$hvHostShort}
        Set-ADObject -Identity $hvHost -Add @{"msDS-AllowedToDelegateTo" = "Microsoft Virtual System Migration Service/"+$hvHostShort+"."+$DNSSuffix}
        }
    write-host "-----------------------------------"
}
mbrinkho
Enthusiast
 
Posts: 28
Liked: 2 times
Joined: Fri Jan 03, 2014 5:14 pm
Full Name: M Brinks

Re: Hyper-V Account Does Not Have Permission Event

Veeam Logoby torstende » Tue Mar 31, 2015 7:58 am

I have the same error on all Hyper-V cluster hosts here.
Are there any updates?
torstende
Lurker
 
Posts: 2
Liked: 1 time
Joined: Tue Mar 31, 2015 7:55 am
Full Name: torsten

Re: Hyper-V Account Does Not Have Permission Event

Veeam Logoby Vitaliy S. » Tue Mar 31, 2015 3:40 pm

If you have the same issue, please open a support case with our technical team. For further troubleshooting you can give a reference to this thread.
Vitaliy S.
Veeam Software
 
Posts: 19574
Liked: 1104 times
Joined: Mon Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov

Re: Hyper-V Account Does Not Have Permission Event

Veeam Logoby torstende » Thu Apr 02, 2015 11:21 am 1 person likes this post

I followed the advice from mbrinko and did a bit more researching for SMB Delegation.
Here is a good article for Windows 2012 R2 environments:
http://blogs.technet.com/b/josebda/arch ... ation.aspx

After implementing the delegation the error is gone.
torstende
Lurker
 
Posts: 2
Liked: 1 time
Joined: Tue Mar 31, 2015 7:55 am
Full Name: torsten

Previous

Return to Veeam ONE



Who is online

Users browsing this forum: No registered users and 3 guests