SUMMARY
Configure the security settings on a Hyper-V Server 2008 R2 to enable creation of a clustered virtual failover client for Windows instant recovery.
ISSUE
Purpose
To explain how to configure security settings on Hyper-V Server 2008 R2 to enable creation of a clustered virtual failover client for Windows instant recovery
Description
When a VM is added to a Hyper-V cluster version 2008 R2, cluster nodes must make WMI calls to communicate with each other. These calls are executed through DCOM. However, the Unitrends agent, which runs under the Local System account on a Hyper-V server, does not have sufficient permission to make these calls. As a result, attempts to create a clustered virtual failover client (VFC) on Hyper-V server 2008 R2 fail unless you enable DCOM and WMI virtualization access for all nodes in the cluster. You can use the procedures described below to enable this access. These procedures must be performed for all nodes in the cluster. For more information about running a virtual failover client on a Hyper-V server, see Requirements and considerations for running a virtual failover client on a Hyper-V server in the Unitrends Recovery-Series and UEB Administrator's Guide.
To configure DCOM to enable remote access for nodes in a Hyper-V cluster version 2008 R2
- Log in to a cluster node for which you need to configure DCOM to enable remote access for other nodes in the cluster.
- Click Start, and in the search box, type DCOMCNFG. Press Enter. The Component Services box displays.
- In the left pane, expand Component Services. Then expand Computers.
- Right click My Computer. Then select Properties to display the My Computer Properties box.
- Select the COM Security tab.
- In the lower portion of this tab, you see the Launch and Activation Permissions section. Click Edit Limits in this section of the tab. The Launch and Activation Permission box displays.
- Click Add. The Select Users or Groups box displays.
- Click Object Types to display the Object Types box.
- Check Computers, and click OK to display the Locations box.
- Select your domain, and click OK.
- Under Enter the object names to select, enter the name of every node in the cluster (except the node from which you are entering these settings). Click Check Names.
- Click OK after the names are verified.
- In the Launch and Activation Permission box, for each node you have added, check all the box under Allow and click OK.
- Repeat these steps for all nodes in the cluster.
To grant WMI virtualization access for nodes in a Hyper-V cluster version 2008 R2
- Log in to a cluster node for which you need to grant WMI virtualization access.
- Click Start, and in the search box, type wmimgmt.msc. Press Enter. The Component Services box displays.
- In the left pane, right click WMI Control (Local). Then click Properties. The WMI Control Properties box displays.
- Select the Security tab. Then expand the Root folder.
- Select the virtualization sub folder, and click the Security button in the lower corner of the box. The Security box displays.
- Click the Add button to display the Select Users or Groups box.
- Click Object Types, and select Computers. The Locations box displays.
- Select your domain, and click OK.
- Under Enter the object names to select, enter the name of every node in the cluster (except the node from you which are entering these settings). Click Check Names.
- Click OK after the names are verified.
- In the Security box, for each node you have added, check all the box under Allow and click OK.
- Repeat these steps for all nodes in the cluster.