On June 14, 2022, Microsoft released a Windows update KB5014692 to address security issues in the Windows 10 and Windows Server 2019 operating systems.
As the update was to fix the security issues, it tightened the security level of the host by raising the authentication level for the DCOM protocol.
A protocol that exposes application objects via remote procedure calls (RPCs) is termed a Distributed Component Object Model (DCOM) Remote Protocol. The software components of networked devices communicate with one another using this DCOM protocol.
To address this, Microsoft shared a workaround by disabling the hardening changes using a registry key that were enabled by default after the update.
Steps to disable the authentication level of the DCOM protocol:
Step 1: Open the registry on the source machine.
Step 2: Navigate to the following registry path- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat
Step 3: Right-click on the screen and create a new DWORD (32-bit) value.
Step 4: After it is created, rename the value name from New Value #1 to RequireIntegrityActivationAuthenticationLevel.
Step 5: Now, enter the data value in hexadecimal format, i.e., 0x00000000 to disable.
Step 6: Upon completing the steps above, restart the machine to apply the changes.
Kindly refer to the following KB5004442 for more details: https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-feature-bypass-cve-2021-26414-f1400b52-c141-43d2-941e-37ed901c769c
*Note: The above-mentioned workaround changes need to be made on all the machines (hypervisors) on which the update KB 5014692 has been applied.
What does it have to do with BDRShield?
After applying the Windows Update KB 5014692, the Hyper-V backups and Windows Disk Image backups configured by the BDRShield backup server started to fail with the following error message: “Error 104051: Unable to fetch VM information using WMI repository.”
On analysis, our team found that remote Windows Management Instrumentation (WMI) connectivity on the source machine failed due to the hardening of the DCOM protocol by this Windows update.
So, we recommend that users of BDRShield to check for the latest Windows updates on the target host in case of backup failure due to WMI connectivity. If the above-mentioned update, i.e., Windows Update KB 5014692, is installed, then that is the cause of the backup failure.
In such a case, kindly follow the aforementioned steps to disable the authentication level of the DCOM protocol and restart the host machine to bring the changes into effect. Once done, try running the backup schedule manually.
Follow our Twitter and Facebook feeds for new releases, updates, insightful posts and more.
