01825 818572
Needing to add a non-domain joined Hyper-V host to a Veeam B&R server gave the usual issues with credentials, network discovery, and ports needing to be opened, but Veeam could still not connect to the host. An error regarding potentially invalid credentials, non-admin credentials, or the server not being Hyper-V was returned; although this was clearly not the case.
I quickly identified that the admin shares on the host were not accessible over the network; they were visible but an Access Denied error was returned even with valid local admin user credentials being supplied when prompted. The issue is that the host had ‘Remote UAC’ enabled (the default setting), and this prevents local admin accounts running in an elevated mode from a network connection.
To resolve, on the target machine (the Hyper-V host in this instance), navigate to the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Add a DWORD value called LocalAccountTokenFilterPolicy and set its value to 1
A server reboot will apply the change, but you can also just restart the Server service (this should not affect anything on a standalone Hyper-V server, but note that it will potentially disconnect any network users on other systems e.g. file servers).
