Host-based backup of Microsoft Hyper-V VMs.
Post Reply
mihoo
Novice
Posts: 3
Liked: never
Joined: Mar 24, 2023 12:19 pm
Full Name: Darek
Contact:

Critical DCOM Authentication Failure (Event ID 10036) – Workgroup Environment (VBR 2022 -> HV 2019)

Post by mihoo »

I am experiencing a persistent "Access Denied" error when attempting to add/rescan a Hyper-V host from my Veeam Backup & Replication server.

Environment:

VBR Server: Windows Server 2022 (Workgroup)

Hyper-V Host: Windows Server 2019 (Workgroup)

Issue: Event ID 10036 on the Hyper-V host.

Error Detail: "The server-side authentication level policy does not allow the user HOST1\veeam [...] from address 10.100.10.22 to activate DCOM server. Please raise the activation authentication level at least to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY in client application."

Verified Steps Performed:

Registry: Applied RequireIntegrityActivationAuthenticationLevel=0 and ActivationSecurityCheckExempt=1 in HKLM\SOFTWARE\Microsoft\Ole\AppCompat.

Permissions: Granted 'Remote Launch' and 'Remote Activation' rights in dcomcnfg for the service account.

Local Policy: LocalAccountTokenFilterPolicy is set to 1 on both machines.

Connectivity: Verified that WinRM (PowerShell) connectivity from VBR to Hyper-V is fully functional (Enter-PSSession works correctly using the service account credentials via IP).

Request:
The WinRM layer is functional, but DCOM activation is being rejected by the Windows Server hardening policy on the Hyper-V host. Since manual registry/DCOM adjustments failed to bypass the RPC_C_AUTHN_LEVEL_PKT_INTEGRITY requirement, please provide the specific configuration or internal Veeam component adjustment required to force the deployment service to meet these integrity requirements in a non-domain environment.
Post Reply

Who is online

Users browsing this forum: No registered users and 24 guests