Setup: Hypervisors:
- HV1 (Server 2019)
- HV2 (Server 2019)
Storage:
- Storage0 (Server 2019)
- Storage1 (Server 2019)
From the above -- you can see i have two file and two HV servers. I'm trying to use SMB as the protocol to host the VM's storage. I have permissions on the share set as:
Name ScopeName AccountName AccessControlType AccessRight
VMs Everyone Allow Full
VMs HOME\Domain Admins Allow Full
VMs HOME\HV1$ Allow Full
VMs HOME\HV2$ Allow Full
However -- when I do a VM storage move or even set up a new vm on the share, i get the following message in event viewer:
The server denied anonymous access to the client.
Client Name: \x.x.x.x Client Address: x.x.x.x:58666 Session ID: 0x200054000021
Guidance:
You should expect this error when a client attempts to connect to shares and does not provide any credentials. This indicates that the client is not providing a user name (and domain credentials, if necessary). By default, Windows Server denies anonymous access to shares.
This error does not always indicate a problem with authorization, but mainly authentication. It is more common with non-Windows clients.
SMB Session Authentication Failure
Client Name: \x.x.x.x Client Address: x.x.x.x:58666 User Name: NT AUTHORITY\ANONYMOUS LOGON Session ID: 0x200054000021 Status: {Access Denied} A process has requested access to an object, but has not been granted those access rights. (0xC0000022) SPN: session setup failed before the SPN could be queried SPN Validation Policy: SPN optional / no validation
Guidance:
You should expect this error when attempting to connect to shares using incorrect credentials.
This error does not always indicate a problem with authorization, but mainly authentication. It is more common with non-Windows clients.
This error can occur when using incorrect usernames and passwords with NTLM, mismatched LmCompatibility settings between client and server, an incorrect service principal name, duplicate Kerberos service principal names, incorrect Kerberos ticket-granting service tickets, or Guest accounts without Guest access enabled
I am able to manually move the files over SMB using the same domain account I'm using to move through Hyper-V manager.
Is there any advice I can get to make this work besides going iSCSI?
