Udostępnij za pośrednictwem


Anonymous DCOM Problems with remote Hyper V Manager(Access Denied. Unable to Establish Communication)

 If you ever run into problems using the remote Hyper V Manager, there is a wonderful little vbscript(hvremote) written by John Howard at https://blogs.technet.com/jhoward/ and https://code.msdn.microsoft.com/HVRemote.  You can run it to troubleshot any problems you might encounter when trying to remotely administrate your hyper v servers.

 It works well in most situations except when you get an error message that says "Access Denied. Unable to Establish Communication ..."  When you run hvremote script /show /target:server, the script will go through a serious of diagnosis steps.  Chances are, by default, you do not have anonymous remote dcom access enabled.  If that is true, and your hyper v server runs in Windows 2008 instead of Windows 2008 R2, then you will not be able to use hyper v manager remotely.  This is due to the fact that the regular windows 2008 do not use machine credentials when calling fallback methods.

 When I first encountered this problem, I thought it was wierd because I could still use wmi remotely to do what I needed my server to do.  Then I realized that hyper v manager also uses async calls to manage the server.  When the server tries to communicate back via a DCOM call, your client machine rejects it because the server doesn't have the correct credential to communicate with the client.  Kinda wierd.

 To solve this problem, we can either enable anonymous DCOM access, which is a security breach.  You can decide on whether you want to do that.  Or we could upgrade our server to Windows 2008 R2.  Personally, I don't know what's involved for a third party to do that.  Fortunately, within Microsoft, it's pretty easy to upgrade a machine's OS.