Probe Hyperv Does Not Collect Physical Host Information (Access is denied)

Document created by SandroAlves on Apr 25, 2017Last modified by SandroAlves on Apr 25, 2017
Version 2Show Document
  • View in full screen mode

The probe documentation says it is necessary to have a user (define a username to log in on the host system), but Windows 2012 R2 has some security restrictions that can cause failures.

 

The Hyperv probe runs a script on the host server using SMB (\\C$) and if in the probe you did not accidentally define the "administrator" user, you will not see any information in the hyperv probe.

In the logs you will see:

 

Apr 25 02: 54: 00: 104 [Data Collector - 1, hyperv] stdout: User: uim: 123456
Apr 25 02: 54: 00: 104 [Data Collector - 1, hyperv] stdout: Path: smb: //x.x.x.x//C$//Users//uim//AppData//Local//Temp//ScriptFile.txt
Apr 25 02: 54: 00: 106 [Data Collector - 1, hyperv] stderr: jcifs.smb.SmbAuthException: Access is denied.

 

The user (uim) is a hyperv server administrator, but the Windows 2012 R2 default policy prevents this administrator users from accessing the (C$").

 

Only the user (administrator) local can access the (C$).

 

To resolve this, either you add a registry key, to authorize any other user to access, or use the local user (administrator).

 

cmd /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f

 

See you soon.

Attachments

    Outcomes