3

Good day. On my working have task to make Cluster incide cluster on Hyper-V.

Started to do this. Made 3 virtual PC on Hyper-V, download Failovering cluster by command:"Install-WindowsFeature Failover-Clustering –IncludeManagementTools" 2)Make ethernet interface(2) first for have connection with another PC in cluster, next connection to connect included cluster. SO. Now i have problem, then started Cluster-test:"test-cluster -node "HOST1"," HOST2" test-cluster : Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) At line:1 char:1" this error from HOST2.ip THIS error from HOST1:"test-cluster : Unable to connect to HOST2 via WMI. This may be due to networking issues or firewall configuration on HOST2. The RPC server is unavailable. (Exception from HRESULT: 0x800706BA) At line:1 char:1

  • test-cluster -node "HOST1"," HOST2"
  •   + CategoryInfo          : NotSpecified: (:) [Test-Cluster], ClusterCmdletException
  + FullyQualifiedErrorId : Test-Cluster,Microsoft.FailoverClusters.PowerShell.TestClusterCommand"[enter image description here][1]

My systems interfaces on HOST1: enter image description here My Systems interfaces on HOST2: enter image description here

HELP please, with some can i have problems?

Mitya178
  • 31
  • 1

2 Answers2

4

What is the purpose of nesting Hyper-V clusters inside each other? Nested virtualization may be extremely tricky, especially in the networking part. Also, Hyper-V is not the best option for that kind of configuration.

Microsoft Failover Cluster requires a working DNS service to validate and work properly. According to the screenshots you have provided, your DNS servers are located in different subnets (10.x and 100.x) and are not accessible by your cluster nodes (0.x and 1.x). Fix that problem, and your cluster should validate correctly.

Net Runner
  • 6,169
  • 12
  • 34
0

You can try this as a workaround:

Registry setting to enable or disable the hardening changes

During the timeline phases in which you can enable or disable the hardening changes for CVE-2021-26414, you can use the following registry key:

Path : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat

Value Name: "RequireIntegrityActivationAuthenticationLevel"

Type: dword

Value Data: default = 0x00000000 means disabled. 0x00000001 means enabled. If this value is not defined, it will default to enabled.

Note You must enter Value Data in hexadecimal format.

Important You must restart your device after setting this registry key for it to take effect.

Sources:

https://learn.microsoft.com/en-us/answers/questions/1076915/getting-error-hresult-0x80070005-(e-accessdenied)

https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-feature-bypass-cve-2021-26414-f1400b52-c141-43d2-941e-37ed901c769c

Mostafa
  • 26
  • 3
  • Something else you may want to look into is updating your client machine and if there are no updates applicable e.g., Enterprise LTSC 2019 you will then need to do an in-place upgrade to LTSC 2021. – Mostafa Feb 11 '23 at 20:19
  • https://kb.vmware.com/s/article/89550 – Mostafa Feb 11 '23 at 20:25