SOLVED

WAC + Storage Migration Service: Source fails validation - SMB connection, access denied

Copper Contributor

Hi all,

I'm brand new to WAC and Storage Migration Services.  I'm trying to set it up so that I can copy data from SourceA server to TargetB server.   SourceA is being migrated to TargetB machine, surprise surprise.

 

I am running into a problem getting the Job set up for this process.  After I have added the two machines and click on 'Validate' the status for the SourceA machine says that it failed:  "SMB Connection works -> Fail: Access is denied".

 

Strange part is that I am able to administer this SourceA machine from the rest of the WAC console; selecting it from Devices shows the full data from the remote machine.

 

SourceA:

  - Validation result = FAIL

  - Windows Server 2016  (AWS instance)

  - I believe that I have all the ports open in the Windows Firewall.

  - I do have access to the AWS console:   As an AWS instance, I also have to open up the Security profile for this machine; this is also done.  (I think ... I was skeptical about the recommended port range for the RPC/DCOM ephemeral ports - it's almost opening the entire port range?!  Why not just disable the firewall?  Just to be sure:  I did open the AWS Security firewall up to everything from the TargetB machine - all ports, all the time.  SMS Validation still fails; I AM still able to admin the SourceA machine, though.)

 

TargetB:  Windows Server 2019 (AWS instance)

  - Validation result = PASS

  - I have installed WAC on this machine, so my Orchestrator and my destination are the same machine

  - I have installed SMS here (via WAC console)

  - I do NOT have access to the AWS console for this machine - I can't directly modify the Security/firewall of AWS.  (I can modify the OS firewall.)

 

When setting up the Job, I entered credentials for the SourceA machine; this same account is not on the TargetB machine.  (Seems like you should be able to specify different credentials for each machine involved...)  But it is the SourceA machine that is complaining, that SMB says Access Denied.

 

[ A bit later:  I went back and set up a user account on both machines that was in the Administrator group; this user has the same PW on both machines.  I created a new Job, using this new Account.  It didn't help.  The validation for the local machine passes, but the SourceA machine still fails.

 

Hmmm... I also just noticed that the test for 'The credentials have administrative privileges' has the result 'Warning: Action isn't available remotely'.  Could that be the real root issue?  I was distracted by the following big-red error icon and hadn't really paid attention to the first entry. :) ]

5 Replies
Maybe not specific answers - but does anyone have suggestions on how to troubleshoot this issue more?

I don't seem to see any entries in Event Viewer for this action. But the 'Events' view in WAC -> Storage Migration Services -> Admin -> Debug listed a few errors, but nothing that seemed to lead to anything that wasn't encompassed in the basic error message.

Installed some OS Updates. WAC warned me that SMB 1 was active on the Source machine, so I disabled that. Rebooted.
FYI - removing SMB1 and applying the OS updates didn't help at all. The WAC->SMS validation process throws the 'Access denied' error. And I went ahead and did the Inventory process as well - same kind of issues.
Errrr.... well durn it. I swear I tried this before, and had got the same results.

So went through creating a Job again; I was trying to use a common Admin account that is shared amongs machines, but it was giving me errors about it. (I swear I had used that login before. Yes, I had the credentials correct. :) ) So I instead specified the general Administrator account for the remote machine (SourceA in my description above). When I finished the basic Job setup and tried the Validate step, IT WORKED! At least for SourceA machine (the one that had been failing before). But it now is failing for the TargetB machine... because this one account is different on this machine.

So... two things:
1) Why the heck can't I specify a UN/PW per machine? This seems like a huge oversight for administering a bunch of different machines.
2) What special User setup/configuration/privilege do I need to specify on the common account so that it (WAC, SMS, etc) will work on these machines?

(Oh great - now I'm getting an authentication error from the MS Tech community site! :( )
best response confirmed by SomebodyElse (Copper Contributor)
Solution

Oh blimey!! I obviously had the conceptual nature of this down wrong.

During this first phase, setting up the Job, you will specify the 1 (or more) Source machines - you are NOT also setting up the Destination machine! There is a separate 2nd phase where you will set up the Destination machine. That was my flawed impression - I was setting up the Source and Destination machines during the same phase - thus only 1 UN/PW configured.

1 best response

Accepted Solutions
best response confirmed by SomebodyElse (Copper Contributor)
Solution

Oh blimey!! I obviously had the conceptual nature of this down wrong.

During this first phase, setting up the Job, you will specify the 1 (or more) Source machines - you are NOT also setting up the Destination machine! There is a separate 2nd phase where you will set up the Destination machine. That was my flawed impression - I was setting up the Source and Destination machines during the same phase - thus only 1 UN/PW configured.

View solution in original post