https://login.veeam.com/en/oauth?client_id=nXojRrypJ8&redirect_uri=https%3A%2F%2Fwww.veeam.com%2Fservices%2Fauthentication%2Fredirect_url&response_type=code&scope=profile&state=eyJmaW5hbFJlZGlyZWN0TG9jYXRpb24iOiJodHRwczovL3d3dy52ZWVhbS5jb20va2IxOTE0IiwiaGFzaCI6ImU1YTc1ODg3LTFlOGItNGE3OS1iMzRkLWViOWZmM2FmZjJiMiJ9
1-800-691-1991 | 9am - 8pm ET
EN

"Invalid Credentials" error adding a Hyper-V host using a dedicated Veeam service account

Challenge

When adding a Hyper-V host using a dedicated backup user account, an error appears: "Invalid Credentials." Further log investigation reveals error code 0x80070005 (E_ACCESSDENIED)

Cause

The new user account; even though added to local administrators, does not have enough permissions to access DCOM, WMI, or the admin shares of the Hyper-V host and must be given permission so Veeam can communicate to the host using said services. 

Solution

To resolve:

  • Make sure Veeam account is member of Administrators group·         Launch DCOMCnfg.exe

    • Navigate to Component Services > Computers > Right-click My Computer a> Properties > COM Security tab

    • Access Permissions > Edit Limits > Add Veeam account and Allow Local Access & Remote Access

    • Launch and Activation Permission > Edit Limits > add Veeam account and Allow Local Launch, Remote Launch, Local Activation, Remote Activation. 

    • Navigate to My Computer > DCOM Config > Right-click Windows Management and Instrumentation > Properties > Security Tab

    • Launch and Activation Permissions > Customize > Edit > add Veeam account and Allow Local Launch, Remote Launch, Local Activation, Remote Activation

  • Launch WMIMgmt.msc:

    • Right click WMI Control > Properties > Security tab

    • Select Root node > click Security button

    • Add Veeam account to Group or user name > click Advanced > Permission Entries > select the Veeam account > click Edit

    • Type: Allow

    • Applies to: This namespace only

    • Permissions: Enable Account, Remote Enable

    • Click OK on all open dialogs

    • Navigate back to the node list in the Security tab

    • Select the CIMV2 node…click Security button

    • Add Veeam account to Group or user name > click Advanced > Permission Entries > select the Veeam account > click Edit

      • Type: Allow

      • Applies to: This namespace and subnamespaces

      • Permissions: Enable Account, Remote Enable

      • Set option: Only apply these permissions to objects and/or containers within this container

      • Click OK on all open dialogs

      • Navigate back to the node list in the Security tab

    • Select the virtualization node…click Security button

    • Add Veeam account to Group or user name > click Advanced > Permission Entries > select the Veeam account > click Edit

      • Type: Allow

      • Applies to: This namespace and subnamespaces

      • Permissions: Enable Account, Remote Enable

      • Set option: Only apply these permissions to objects and/or containers within this container

      • Click OK on all open dialogs

      • Navigate back to the node list in the Security tab

      • Click OK and close the WMIMgmt console. 

  • Allow access to the host's Administrative shares (Admin$, C$)

    • Add the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System.

  • Create a DWORD value called LocalAccountTokenFilterPolicy and assign it a value of 1

  • Restart the Hyper-V Host

More information

You should be able to add the Hyper-V host using the local 'administrator' account with no issue. If you are unable to add the host using the default administrator account, this KB might not apply.

KB ID:
1914
Product:
Veeam Backup & Replication
Version:
7.0.0.690+
Published:
2014-08-07
Last Modified:
2020-08-13
Please rate how helpful this article was to you:
5 out of 5 based on 1 ratings
Thank you for helping us improve!
An error occurred during voting. Please try again later.

Couldn't find what you were looking for?

Below you can submit an idea for a new knowledge base article.
Report a typo on this page:

Please select a spelling error or a typo on this page with your mouse and press CTRL + Enter to report this mistake to us. Thank you!

Spelling error in text

Knowledge base content request
By submitting, you agree that your personal data will be managed by Veeam in accordance with the Privacy Policy.
Your report was sent to the responsible team. Our representative will contact you by email you provided.
We're working on it please try again later