CVE-2021-26414 breaks Failover Cluster Manager

MirandaVeracruz 106 Reputation points
2021-07-27T11:29:46.423+00:00

Hi Community,

in order to test mitigations for CVE-2021-26414 (Windows DCOM Server Security Feature Bypass) I just recognized that it broke failover cluster manager after applying neccesary june-patches and registry-key RequireIntegrityActivationAuthenticationLevel with value 0x00000001 (which means enabled).

Now I'm getting this error:

118276-image.png

In the FailoverClustering-Manager diagnostic-log I have the following entry:

An error occurred connecting to the cluster 'CLUSTER01'. - System.ApplicationException: An error occurred trying to display the cluster information. ---> System.AggregateException: One or more errors occurred. ---> System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))  
   at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)  
   at System.Management.ManagementScope.InitializeGuts(Object o)  
   at System.Management.ManagementScope.Initialize()  
   at Microsoft.FailoverClusters.UI.Common.WmiHelper.GetWmiConnection(Tuple`2 connection)  
   at MS.Internal.ServerClusters.Management.Utilities.<>c__DisplayClass13_0`1.<VerifyUserIsAdminOnNodes>b__0(T item)  
   at System.Threading.Tasks.Parallel.<>c__DisplayClass17_0`1.<ForWorker>b__1()  
   at System.Threading.Tasks.Task.InnerInvokeWithArg(Task childTask)  
   at System.Threading.Tasks.Task.<>c__DisplayClass176_0.<ExecuteSelfReplicating>b__0(Object )  
   --- End of inner exception stack trace ---  
   at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)  
   at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)  
   at System.Threading.Tasks.Parallel.ForWorker[TLocal](Int32 fromInclusive, Int32 toExclusive, ParallelOptions parallelOptions, Action`1 body, Action`2 bodyWithState, Func`4 bodyWithLocal, Func`1 localInit, Action`1 localFinally)  
   at System.Threading.Tasks.Parallel.ForEachWorker[TSource,TLocal](IEnumerable`1 source, ParallelOptions parallelOptions, Action`1 body, Action`2 bodyWithState, Action`3 bodyWithStateAndIndex, Func`4 bodyWithStateAndLocal, Func`5 bodyWithEverything, Func`1 localInit, Action`1 localFinally)  
   at System.Threading.Tasks.Parallel.ForEach[TSource](IEnumerable`1 source, Action`1 body)  
   at MS.Internal.ServerClusters.Management.Utilities.VerifyUserIsAdminOnNodes[T](IEnumerable`1 items, String clusterName, Func`2 getNodeName)  
   at MS.Internal.ServerClusters.Management.Utilities.VerifyUserIsAdminOnNodes(Cluster cluster)  
   at MS.Internal.ServerClusters.Management.ClusterContext.CommonConstruct()  
   --- End of inner exception stack trace ---  
  
Server stack trace:   
   at MS.Internal.ServerClusters.Management.ClusterContext.CommonConstruct()  
   at MS.Internal.ServerClusters.Management.ClusterContext..ctor(String clusterName)  
   at MS.Internal.ServerClusters.Management.ClusterConnectionFactory.AttemptClusterConnect(UiUpdate uiUpdate, ClusterConnectSettings connectSettings)  
   at MS.Internal.ServerClusters.Management.CluadminWaitDialog.BackgroundOperation[I,O](BackgroundWaitDialogOperation`2 backgroundOperation, I data)  
   at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Object[]& outArgs)  
   at System.Runtime.Remoting.Messaging.StackBuilderSink.AsyncProcessMessage(IMessage msg, IMessageSink replySink)  
  
Exception rethrown at [0]:   
   at System.Runtime.Remoting.Proxies.RealProxy.EndInvokeHelper(Message reqMsg, Boolean bProxyCase)  
   at System.Runtime.Remoting.Proxies.RemotingProxy.Invoke(Object NotUsed, MessageData& msgData)  
   at MS.Internal.ServerClusters.Management.CluadminWaitDialog.InternalBackgroundOperation`2.EndInvoke(IAsyncResult result)  
   at MS.Internal.ServerClusters.Management.CluadminWaitDialog.ShowDialog[I,O](INotifyUser notifyUser, BackgroundWaitDialogOperation`2 backgroundOperation, I data)  
   at MS.Internal.ServerClusters.Management.ClusterConnectionFactory.ConnectToCluster(ClusterConnectSettings connectSettings, INotifyUser notifyUser, String initialMessage)  
   at MS.Internal.ServerClusters.Management.ClusterConnectionFactory.ConnectToCluster(ConnectedClusterData connectionData, INotifyUser notifyUser, ConnectionType setting)  
   at MS.Internal.ServerClusters.Management.RootContext.DoConnect(INotifyUser notifyUser, String firstChoice)  

When I roll back the registry-key to 0x00000000 (followed by a reboot) everythings back to normal and Failover Cluster Manager is working fine. Because these mitigations will be hard enforced in early 2022 I think this need to be fixed very urgent!

Cheers
Miranda

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,753 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Reza-Ameri 16,971 Reputation points
    2021-07-27T16:03:55.027+00:00

    Try installing all other updates.
    In case you have access to a Windows 10 PC, open Feedback Hub app and under category select Windows Server and submit a bug report including all relevant log files.

    0 comments No comments

  2. Yuhan Deng 3,766 Reputation points Microsoft Vendor
    2021-07-28T10:00:33.8+00:00

    Hi Miranda,
    Thanks for your feedback.
    Please try installing the new patch and see what happens.

    Best regards,
    Danny

    -----------------------------

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.