question

RohitChauhan-7815 avatar image
0 Votes"
RohitChauhan-7815 asked ·

Windows Server 2019 NIC Teaming: Access is denied

Hi All,

I have came across a very strange issue, where creating NIC team from domain/administrator or .\administrator is generating access denied error.

No events in event logs are being recorded.

I also tried creating new team from Powershell using "NetLBFOteam" utility, still got the same error.



Is it group policy issue?

I am not able to identify any group policy which may affect this.

Please help!50094-new-teaming.jpg


windows-server-2019
new-teaming.jpg (41.3 KiB)
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered ·
· 1 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi DSPatrick,
I came across this solution yesterday and made sure that I am running both Powershell and GUI from elevated priviledge, unfortunately this didn't help.
thanks for your reply though.

Regards
Rohit

0 Votes 0 ·
GloriaGu-MSFT avatar image
0 Votes"
GloriaGu-MSFT answered ·

@RohitChauhan-7815 Hi,

Thank you for posting in Q&A!

Based on my research , usually "access deny" error is related to permission issue. Have you ever tried to log in with another account in Local Administrator group to test?


Merry Christmas, Hope you have a nice day : )
Gloria
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
https://docs.microsoft.com/en-us/answers/articles/67444/email-notifications.html

· 4 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @GloriaGu-MSFT,
Thanks for the response, I have tried with Local and domain admin users and experiencing the same error.
Merry Christmas to you too.

0 Votes 0 ·

I also added my user as Local Administrator from restricted group via GPO, and tried creating Teaming.
Same error occurred.

0 Votes 0 ·

Hi,

First, I would suggest you to disable all the third-party firewall software which might affect the result.

Then, you can check if there're any GPO rules denying the administrator account access to create NIC teaming. After discussion with my colleagues, it seems that GPO might be the cause of this issue.
get-gpo


0 Votes 0 ·
Show more comments
GloriaGu-MSFT avatar image
0 Votes"
GloriaGu-MSFT answered ·

Hi,

Thank you for posting in Q&A!

If you want to check the GPO of your computer, please first Disabling the User Account Control (UAC) temporarily and use the command(run as ADmin)
gpresult /h c:\reports.html
The result will automatically generated into "c:\reports.htm".

About how to Disabling the User Account Control:
https://support.faxmakeronline.gfi.com/hc/en-us/articles/360015150240-Disabling-the-User-Account-Control-UAC-



Hope you have a nice day : )
Gloria
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
https://docs.microsoft.com/en-us/answers/articles/67444/email-notifications.html



· 2 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @GloriaGu-MSFT
I already checked the gpresult /h on the effected system, and there are only 3 policies being applied:
1: Default domain Policy
2: SQL Server Policy
3: Local policy
And I checked all 3 policies and could not find any setting that may affect the creation of NIC teaming.
It would be great if you could tell me which particular GPO setting may affect this.
Thanks

0 Votes 0 ·

Hi,

I would like to help you, however if you want us to analyze the GPO deployment, It is hard for us to analyze from forum suppot level, we would suggest you open a case with Microsoft. In this way , they can have a clear picture about your issue and your environment by phone communication and live share session.

You may find phone number for your region accordingly from the link below:
https://support.microsoft.com/en-us/gp/customer-service-phone-numbers


0 Votes 0 ·
TIMMERMANSStefan-8580 avatar image
0 Votes"
TIMMERMANSStefan-8580 answered ·

I discovered at our place that a GPO had disabled the "Network Connection Broker service" , a service on which the "Connected Devices Platform Service " depends on . Make sure both services are started.


If you try to do a team manipulation , like moving a NIC teammember in or out of the team , the operation requires that the Connected Devices Platform Service is started, otherwise you might come accross system log eventid id 7001, referring to this.

We noticed this when we set the Network Connection Broker service to manual (start triggered) , it was actually running when we altered the Teaming configuration but not by opening the console and just looking at it.

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.