Failed to add machine.
Hi.
We're having problems while trying to add a workstation to server. Version used for server and agent is 12.5.7970
One admin of two tenants is trying to add a workstation whose agent has been installed correctly the same way as other workstations which were correctly added to the server (Unattended installation).
When the admin logs in and specifies the name of the machine and his user & password to add the workstation to the tenant (No remote agent installation, as I said the agent is already installed). He obtains:
{
"AddedMachines": [],
"FailedMachines": [
{
"Machine": "MachineDNSName",
"Error": {
"code": 5,
"fields": {
"$module": "abr_ams_vsa64_7970"
},
"suberror": {
"code": 9,
"fields": {
"$module": "mms_vsa64_7970"
},
"suberror": {
"code": 8,
"fields": {
"$module": "mms_vsa64_7970"
},
"suberror": null,
"module": 205,
"text": "User 'DOMAIN\\user' does not have enough privileges to establish a trust relationship. The machine must be a domain member or User Account Control (UAC) must be disabled on the machine.",
"linetag": "0x645A5D6DCC57EF9C"
},
"module": 205,
"text": "Failed to add trusted service '33' for machine '9E25ED65-1D23-452B-8B71-7C5D5E35FCA2'.",
"linetag": "0x645A5D6DCC57F05D"
},
"module": 131,
"text": "Failed to establish trust relationship.",
"linetag": "0xAD98D2550F578B74"
}
}
]
}
He jumped to the other tenant and tried to add the same workstation. The result is the same.
He's administrator of the workstation, UAC is disabled, he has been also added individually to the Acronis Remote Users group. Same result always...
Happened also that, with other workstations, he gets the mentioned error if he tries to add the machine to a tenant, but if he tries to add the same machine to other tenant, there's no problem...
Does anybody know what could be happening?
Thanks in advance.
Hi,
The symptoms look quite strange and in particular the fact that the same agent could be added in one tenant and cannot be added to another one with the same credentials. Such issues should be investigated with help from our support team.
The root cause of the error should be still-enabled UAC: note that it's not sufficient to disable it via Windows Control Panel GUI (moving UAC slider doesn't disable UAC) - you need to also check Windows registry on the agent machine:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Set "EnableLUA" value to 0 and reboot the machine. This should be a workaround for the issue.
Thank you.
As always, thanks Vasily.
Disabled UAC through the registry.
Tried to add the workstation to a tenant and it worked.
Leaving now, on Monday will do further testing uninstalling the remotely installed agent of the workstation, installing the agent with the unattended installation (just the agent, no server/tenant join) and trying to add the workstation to different tenants with the same user.
Thanks again.
Hi again,
I've been doing more testing. Trying to understand the different scenarios where a workstation can be added or not to the AMS.
We get the following error while trying to remotely install the agent... It does not matter the target machine is a W7 x86 workstation or a W10 [No UAC] worksation:
Additional info:------------------------
Error code: 22
Module: 309
LineInfo: 0x8D165E86FB81959B
Fields: {"CommandID":"F67F2F21-8511-438B-A4F4-80C250FAC590","$module":"management_server_vsa64_7970"}
Message: TOL: Failed to execute the command. Adding agents to the management server
------------------------
Error code: 22
Module: 309
LineInfo: 0x8D165E86FB81959B
Fields: {"CommandID":"F67F2F21-8511-438B-A4F4-80C250FAC590","$module":"remote_installation_addon_vsa64_7970"}
Message: TOL: Failed to execute the command. Adding agents to the management server
------------------------
Error code: 22
Module: 309
LineInfo: 0x8D165E86FB81959B
Fields: {"CommandID":"97362C4F-AF94-43BF-9EA7-4F8E01D90248","$module":"management_server_vsa64_7970"}
Message: TOL: Failed to execute the command. Remote installation of agents
------------------------
Error code: 22
Module: 309
LineInfo: 0x8D165E86FB81959B
Fields: {"CommandID":"97362C4F-AF94-43BF-9EA7-4F8E01D90248","$module":"remote_installation_addon_vsa64_7970"}
Message: TOL: Failed to execute the command. Remote installation of agents
------------------------
Error code: 22
Module: 276
LineInfo: 0x67BE6875CD4600F0
Fields: {"$module":"remote_installation_addon_vsa64_7970"}
Message: Failed to get information about remote machine 'WORKSTATION' (Windows OS was expected).
------------------------
Error code: 5
Module: 276
LineInfo: 0xAC0572B83EE95C18
Fields: {"$module":"remote_installation_addon_vsa64_7970"}
Message: Failed to connect to the service.
------------------------
Error code: 4
Module: 276
LineInfo: 0xAC0572B83EE95C0E
Fields: {"$module":"remote_installation_addon_vsa64_7970"}
Message: Failed to install the service.
------------------------
Error code: 61
Module: 69
LineInfo: 0x935A2B77507E56D8
Fields: {"$module":"remote_installation_addon_vsa64_7970"}
Message: Failed to install the service.
------------------------
Error code: 15
Module: 69
LineInfo: 0xD4B32A925E8F6B69
Fields: {"$module":"remote_installation_addon_vsa64_7970"}
Message: Failed to create the service.
------------------------
Error code: 82
Module: 69
LineInfo: 0xDE9D823FC6EFF4E5
Fields: {"$module":"remote_installation_addon_vsa64_7970"}
Message: Failed to create the service.
------------------------
Error code: 65520
Module: 0
LineInfo: 0xBD28FDBD64EDB8F1
Fields: {"code":"2147943457","$module":"remote_installation_addon_vsa64_7970"}
Message: The account name is invalid or does not exist, or the password is invalid for the account name specified
We still have the problem adding a machine with the agent installed to the different TENANTs. But I think this problem is, like Vasily said, related directly to the UAC because as soon as you disable it, I was not able to reproduce the issue.
Another problem we are facing when trying to add machines to the AMS is:
Additional info:------------------------
Error code: 18
Module: 627
LineInfo: 0x90324F34A77128F7
Fields: {"ResourceType":"windows_remote_install","$module":"access_manager_vsa64_7970","ResourceAddress":"WORKSTATION"}
Message: Failed to check credentials for specified account.
------------------------
Error code: 5
Module: 69
LineInfo: 0x279DD1D7639F7576
Fields: {"$module":"remote_installation_addon_vsa64_7970"}
Message: Connection to 'WORKSTATION' is broken.
------------------------
Error code: 65520
Module: 0
LineInfo: 0xBD28FDBD64EDB8F1
Fields: {"code":"2147942467","$module":"remote_installation_addon_vsa64_7970"}
Message: The network name cannot be found
Any information regarding these problems is very much appreciated.
Thanks in advance.
Hi,
The last error (quoted below) indicates that from AMS machine it's impossible to connect to machine via "WORKSTATION" hostname, so specifying machine by IP (make sure it's accessible from AMS) should help here.
------------------------
Error code: 5
Module: 69
LineInfo: 0x279DD1D7639F7576
Fields: {"$module":"remote_installation_addon_vsa64_7970"}
Message: Connection to 'WORKSTATION' is broken.
------------------------
Error code: 65520
Module: 0
LineInfo: 0xBD28FDBD64EDB8F1
Fields: {"code":"2147942467","$module":"remote_installation_addon_vsa64_7970"}
Message: The network name cannot be found
Thank you.
Hi Vasily,
of course AMS can ping the target machine, the target machine can ping the AMS, the machine accessing the AMS to add the target machine can also ping the target machine...
With the IP address the answer is exactly the same...
We're also having problems to add another agent to the AMS after installing the agent unnattended.
Additional info:------------------------
Error code: 18
Module: 627
LineInfo: 0x90324F34A77128F7
Fields: {"ResourceType":"windows_remote_install","$module":"access_manager_vsa64_7970","ResourceAddress":"WORKSTATION"}
Message: Failed to check credentials for specified account.
------------------------
Error code: 14
Module: 69
LineInfo: 0xDE9D823FC6EFF54F
Fields: {"$module":"remote_installation_addon_vsa64_7970"}
Message: Failed to open the service control.
------------------------
Error code: 65520
Module: 0
LineInfo: 0xBD28FDBD64EDB8F1
Fields: {"code":"2147942405","$module":"remote_installation_addon_vsa64_7970"}
Message: Access is denied
Tried 3 different users, all of them members of the Administrators and the Acronis Remote Users groups of the workstation (W7 Enterprise x64).
Thanks in advance.
Hi,
Thank you for the additional details. This error could also be caused by UAC enabled on the remote machine. If this is not the case (UAC is disabled in registry) then to troubleshoot it makes sense to enable "Audit privilege use" + "Audit account logon events" + "Audit objects access" in secpol.msc->Local Policies->Audit Policy settings on the remote machine. After that reproduce the issue and check Windows security logs on the target machine. The "Failed to open the service control." error indicates that the user used for remote installation could not create Acronis services on the target machine (failed with "Access denied" error) and the security logs should show which privilege for the user is missing.
Thank you.
Hi Vasily, thank you again.
I found that the problem with this "Access Denied" error was that, for some reason, this workstation did not find the user if you dont specify it in the DOMAIN\user way...
Side question: Is there any way to configure what is installed remotely? I mean, if I install the agent remotely, Backup Monitor is also installed and I just want to install the agent, not the monitor.
About the mentioned workstation where I'm getting this error:
Error code: 18
Module: 627
LineInfo: 0x90324F34A77128F7
Fields: {"ResourceType":"windows_remote_install","$module":"access_manager_vsa64_7970","ResourceAddress":"ESPPC12087"}
Message: Failed to check credentials for specified account.
------------------------
Error code: 5
Module: 69
LineInfo: 0x279DD1D7639F7576
Fields: {"$module":"remote_installation_addon_vsa64_7970"}
Message: Connection to 'WORKSTATION' is broken.
------------------------
Error code: 65520
Module: 0
LineInfo: 0xBD28FDBD64EDB8F1
Fields: {"$module":"remote_installation_addon_vsa64_7970","code":"2147942453"}
Message: The network path was not found
As I said, the machine can be pinged, but when you try to add the machine to the AMS the error appears instant...
Any tips to troubleshoot this in order to add the machine to the AMS or in this case, the only way to make a disk image would be booting with the Acronis Bootable option.
Thanks in advance.
Hi,
Currently the remote installation mechanism doesn't allow to select the components for remote installation. You can do this only when running the installation package locally on the remote machine - from there you can specify the list of components + connection to Acronis Manamanent Server (and connection to specific unit). The above error is still related to inability to access the machine defined in "ResourceAddress" field by its name - the error is a common network connection one returned from the OS itself.
Also it may be useful to take a look at this article: https://kb.acronis.com/content/59780 - it describes how to perform installation via Group Policies and there is an option for selective components installation. For more or less large scale deployments it's recommended to use this method for remote installation.
Thank you.
Hi Vasily.
It is not a good thing not being able to select if you want or not to install the backup monitor when remotely installing the agent. If I can make a suggestion for future updates, please, allow the possibility to install only the agent, think in validated environments :)
About the computer which cannot be added to the AMS when the agent has been installed Unnattended:
I've uninstalled the agent and reinstalled it using the Windows installer, selecting only the agent and specifying the server and the tenant from the installation. The installation was successful and the workstation appeared in the AMS... Still dont understand what could be happening but it is definetely a problem with this workstation.
Thanks for all your help.
Hi Vasily,
when you perform the remote installation of the agent in a Windows Workstation is there any way to specify the account which will run AMMS? No matter what user you specify in the server when remotely installing the agent, AMMS appears with "Local System" as the "Log On as" account.
Thanks in advance.
Hi,
The remote installation via web console was designed to be as simple as possible and it doesn't provide an option for advanced configuration of the accounts under which services will be running. LocalSystem account is always used in this scenario.
The advanced parameters can be defined if you deploy the agents via group policy or via "msiexec" as mentioned in the KB I linked in my previous comment (https://kb.acronis.com/content/59780)
Here are the parameters controlling the user account:
MMS_CREATE_NEW_ACCOUNT={0,1}
MMS_SERVICE_USERNAME=<username>
Thank you.