Setup:
Hypervisors:
- HV1 (Server 2019)
- HV2 (Server 2019)
Storage:
- Storage0 (Server 2019)
- Storage1 (Server 2019)
From the above -- you can see i have two file and two HV servers. I'm trying to use SMB as the protocol to host the VM's storage. I have permissions on the share set as:
Name ScopeName AccountName AccessControlType AccessRight
---- --------- ----------- ----------------- -----------
VMs * Everyone Allow Full
VMs * HOME\Domain Admins Allow Full
VMs * HOME\HV1$ Allow Full
VMs * HOME\HV2$ Allow Full
However -- when I do a VM storage move or even set up a new vm on the share, i get the following message in event viewer:
The server denied anonymous access to the client.
Client Name: \x.x.x.x
Client Address: x.x.x.x:58666
Session ID: 0x200054000021
Guidance:
You should expect this error when a client attempts to connect to shares and does not provide any credentials. This indicates that the client is not providing a user name (and domain credentials, if necessary). By default, Windows Server denies anonymous access to shares.
This error does not always indicate a problem with authorization, but mainly authentication. It is more common with non-Windows clients.
----------------------------------------------
SMB Session Authentication Failure
Client Name: \x.x.x.x
Client Address: x.x.x.x:58666
User Name: NT AUTHORITY\ANONYMOUS LOGON
Session ID: 0x200054000021
Status: {Access Denied}
A process has requested access to an object, but has not been granted those access rights. (0xC0000022)
SPN: session setup failed before the SPN could be queried
SPN Validation Policy: SPN optional / no validation
Guidance:
You should expect this error when attempting to connect to shares using incorrect credentials.
This error does not always indicate a problem with authorization, but mainly authentication. It is more common with non-Windows clients.
This error can occur when using incorrect usernames and passwords with NTLM, mismatched LmCompatibility settings between client and server, an incorrect service principal name, duplicate Kerberos service principal names, incorrect Kerberos ticket-granting service tickets, or Guest accounts without Guest access enabled
------------------------------------------------------------
Is there any advice I can get to make this work besides going iSCSI?