if (ms) blog++;

Random bits of (hopefully) useful technical information on Windows, with a focus on understanding and troubleshooting.

Hyper-V Data Exchange Service & “Error 87: The parameter is incorrect” on startup

Hyper-V Data Exchange Service & “Error 87: The parameter is incorrect” on startup

  • Comments 1
  • Likes

Recently we came across a case where Windows Server 2008 and Windows Server 2008 R2 servers running under Hyper-V were all failing to start one of the (five) Integration Services offered by the host.

The services created by the Integration Services are:
Hyper-V Data Exchange Service
Hyper-V Guest Shutdown Service
Hyper-V Heartbeat Service
Hyper-V Time Synchronization Service
Hyper-V Volume Shadow Copy Requestor

It was the Hyper-V Data Exchange Service (vmickvpexchange) that was failing to start, and an attempt to start it manually resulted in the error:
”Windows could not start the Hyper-V Data Exchange Service service on Local Computer.
Error 87: The parameter is incorrect.”

 

Through trial & error the problem was isolated to a group policy affecting all of the servers, and specifically the setting controlling the startup and security of the TermService service:

Computer Configuration / Policies / Windows Settings / Security Settings / System Services / Terminal Services

(Note that the display name on W2K8 is “Terminal Services” where on W2K8R2 it is “Remote Desktop Services” – but the underlying service name is consistent so the policy will correctly apply to both versions of the OS.)

Enabling this setting and even leaving it at the default of Automatic as the startup type will cause vmickvpexchange to fail in this way – the reason is because TermService is running under the context of Network Service, whereas vmickvpexchange is running under Local Service.

 

vmickvpexchange needs to be able to verify the state of TermService (but it does not need start/stop control), and by default the Security of the service is set to:
SYSTEM (Allow: Full Control)
Administrators (Allow: Full Control)
INTERACTIVE (Allow: Read)

The simple workaround is to add Local Service with (Allow: Read) permission in the group policy setting’s Security list for Terminal Services / Remote Desktop Services.

Comments
  • Brilliant!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! I've been scratching my head for a while over this one :)

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment