Comments

# Ryan said:

Again, I can't thank you enough for taking the time to find a solution for this problem. However, it is still not working for me. I got through steps one and two without any problems and then hit a snag at step three. When I go to the WMI Control Security Tab all I can see it the Root namespace, nothing below it, not even after I expand it. This shouldn't really matter because my domain user is part of the Local Administrators group on my Server Core install and that group is given full control over all of WMI by default. I am really at a complete loss here, it should be working just fine. I haven't been able to see if I can manage it from a full Server 08 install using its Hyper-V Manager so that is what I am going to have to try next.

Thanks,

Ryan Lenkersdorfer

01 April 08 at 11:01 PM

# jhoward said:

Ryan - you have enabled remote management on the server core box? I suspect that is the most likely cause.

Thanks,

John.

01 April 08 at 11:14 PM

# Ryan said:

I am able to remotely manage everything else but Hyper-V. I have enabled all the firewall rules that exist for WMI and remote administration in general on both the client and the server, still nothing. Is there some specific command that you had in mind?

Thanks,

Ryan

01 April 08 at 11:29 PM

# jhoward said:

Ryan - yes, these two specifically:

netsh advfirewall firewall set rule group=”Windows Management Instrumentation (WMI)” new enable=yes

and

netsh advfirewall firewall set rule group=”Remote Administration” new enable=yes

It's also possible that you're getting domain policy being pushed down for the firewall. Of that though, I can't comment on what's present, but it is possible you are being blocked by it.

Thanks,

John.

01 April 08 at 11:39 PM

# Ryan said:

I ran both commands, I am pretty sure I have ran them in the past as well, but it said it updated a few rules. I also went though our Group Policies and removed all policies regarding the firewall config on the server. I then ran a gpupdate on the server and restarted it. I then ran gpresult to make sure it wasn't applying anything else and tested it. Nothing. I am not sure what in the world could be wrong now. Clean install of Server 2008 Datacenter Server Core x64 with nothing else running on it. Clean install of Vista Business SP1 x64. Both on the same domain (Windows 2000 level domain if that matters), both have my domain user added to their Local Admin groups. I also get the same error if I point the Management Console at another server running Hyper-V Beta. Disabling the firewall on both client and server does nothing. It just doesn't make any sense.

Thanks,

Ryan

02 April 08 at 12:36 AM

# jhoward said:

Ryan.  Hmmmm. This seems a little odd. So first off, I'd rule out pointing a Vista SP1 RC0 Hyper-V management box at a beta Hyper-V server. That is destined for failure as there are several WMI changes between Beta and RC0. The firewall disabling similarly I can probably rule out as this is WMI/DCOM permissions most likely. I could believe there could be discrepancy between Business and Enterprise Vista (I know of one issue, but that should have been resolved in RC0) - I was using Enterprise.

There is one clear difference - my test domain is at 2K8 functional level, with only a single 2K8 DC in the picture.

So you are saying that when you go into Start/COntrol Panel/Administrative Tools/Computer Management and target the remote Hyper-V RC0 box, you can, for example, add local users in System Tools\Local Users and Groups, or view the event log, or stop/start services under Services and Applications\services just cannot get to enumerate the WMI namespaces under Services and Applications\WMI Control?

It makes no sense that _just_ WMI Control would not be working remotely (at least no sense that I can make of it). Can you confirm you have access remotely to the other examples?

Thanks for your patience!

Cheers,

John.

02 April 08 at 12:51 AM

# Ryan said:

I have just verified that I can remotely manage anything but WMI security using Computer Management on my Hyper-V RC0 box. When I open the security tab in WMI Control I see Root with a plus sign next to it. When I click on the plus sign to expand root it waits a second and then the plus sign disappears, nothing else happens. I have left it open like this for a good 5 min now and still nothing. I also know that there is a command line tool available in server core to manage WMI. It is a very complex tool and I have been unable to find good documentation on it so far. I am going to try to find out how to make the WMI security changes using that tool so I can bypass this remote WMI control problem since it is not my primary problem right now.

Thanks,

Ryan

02 April 08 at 1:12 AM

# Ryan said:

I am sorry, I forgot to mention that the WMI command line tool is wmic.exe.

Thanks,

Ryan

02 April 08 at 1:13 AM

# HiltonT said:

HI John,

Although I don't have a domain-joined Core+Hyper-V setup, I have the exact same issue - I can start and stop services via Computer Management on my Vista SP0 machine, yet I have no namespaces under Root in WMI Control.  (I also posted this, or similar, at the end of Part 3, but since Ryan's issue above is almost identical to my issue, I thought it only sensible to tag along in here instead.  :)

02 April 08 at 10:11 AM

# jhoward said:

Ryan/Hilton - can you both please confirm the details of the account you are running step 3 in. If you have the opportunity, can you confirm if you can expand the namespaces when logged on as "the" domain admin. If that is not possible, please confirm you are running this as a _domain_ user account which has local administrative rights on both the vista and remote server core machines, and not a local account.

One other interesting thing would be to run wbemtest on the Vista machine and attempt to connect to \\remoteserver\root\cimv2 and \\remoteserver\root\virtualization. Does that succeed, or do you get an access denied error?

Thanks,

John.

02 April 08 at 4:10 PM

# HiltonT said:

Hi John,

OK.  To test this, since the Core+Hyper-V in my network is not and will never be domain-joined (no sense if one of the guests is the AD controller), I created a CoreAdmin account on a laptop running Vista SP1+RSAT+Hyper-V Management Tool which is a local admin, the same as on the Core box (CoreAdmin is a local admin).  This is the laptop I take with me to onsites and use for tech work.

I can successfully connect via RDP to the Hyper-V machine and I can successfully connect to it using "net use \\qrk01hyperdev", so I know the username and password are identical on both machines.

When I try to connect to Computer Management via the laptop, I get "Error 5: Access is denied" if I try to look at the Hyper-V server's services and in WMI Control it reports that it Failed to connect to \\qrk01hyperdev because "Win32: Access is denied."'

So, this is getting curioser and curioser - why can I *almost* connect using my desktop with Vista SP1 + RSAT + Hyper-V Management Tool but I cannot even get that close using my laptop with Vista SP1 + RSAT + Hyper-V Management Tool?

This maketh absolutely no sense to me!

02 April 08 at 5:10 PM

# HiltonT said:

... and as to the wbemtest test, I can connect to both cimv2 and virtualization without errors, but past that, I'd not know what to do to know that these have actually connected properly.

So, as for not getting errors saying access is denied, it seems that this works fine.

02 April 08 at 5:40 PM

# Ryan said:

Okay, I have verified that I am running a true domain user and that the user has been added to the local administrators group on both the Vista machine and the remote server core machine. I do not have the ability to log in as 'the' domain admin but I have verified the above information.

I also used wbemtest and was able to connect to both namespaces without issues.

Thanks again for you help!

-Ryan

02 April 08 at 5:41 PM

# Ryan said:

Here are the results of "net localgroup Administrators" ran on both machines:

Remote Server Core Machine:

C:\Users\scs!admin>net localgroup Administrators

Alias name     Administrators

Comment        Administrators have complete and unrestricted access to the computer/domain

Members

-------------------------------------------------------------------------------

AD\Domain Admins

AD\rdlenk

Administrator

The command completed successfully.

Vista Workstation:

C:\Users\rdlenk>net localgroup Administrators

Alias name     Administrators

Comment        Administrators have complete and unrestricted access to the computer/domain

Members

-------------------------------------------------------------------------------

AD\Domain Admins

AD\rdlenk

Administrator

The command completed successfully.

02 April 08 at 5:48 PM

# Ryan said:

Our domain here is "AD" and both computers are joined to it. My domain username is AD\rdlenk, so it is defiantly added to both admin groups and it is defiantly a domain account.

Thanks,

Ryan

02 April 08 at 5:50 PM

# jhoward said:

Hilton - so your environment is different to the walkthrough I'm describing. I have not validate this scenario, but you will probably need to enable anonymous callbacks to make this work in your setup. Using dcomcnfg you will need to allow remote access to "ANONYMOUS LOGON". See step 7 in part two. I'm still tracking down why WMI namespace enumeration is failing in the clean environment described above in Ryans case - as you have a mixmatch of domain and non-domain machines, it is possible you are hitting a different problem.

I see a part 5 coming....

Thanks,

John.

02 April 08 at 7:20 PM

# jhoward said:

Ryan - I'm running short of ideas to be honest short of me rebuilding my environment with the domain at Windows 2000 functional level.... Is there any chance you could run a network monitor trace on the vista box, or see if there's anything obvious can be seen?

Thanks,

John.

02 April 08 at 7:31 PM

# Ryan said:

Very Interesting development here, I went ahead and removed Server Core and installed a full version of Server 2008 Datacenter with the Hyper-V RC0 update applied to it. I got it all configured and back on the domain with the exact same user permissions. I went through the above steps and applied them to the system, including the WMI Control. I am still not able to connect to the server through the Hyper-V Manager installed on my Vista SP1 box. I was able to use the Hyper-V Manager installed on the Server and was able to create and run a VM. When it booted I made sure that it said "Microsoft Hyper-V Release Candidate 0"

Just on a side thing, I went ahead and tried to manage the WMI security remotely from my Vista SP1 box again. It had the same error as before.

The next thing I am going to try is setting up a 2K8 domain and put both computers in there. I also found out that my previous information about my domain setup was incorrect, it is actually a native 2K3 domain. If I can get a hold of Vista Enterprise media with SP1 (I have a license for it, just not the media) then I am also going to try and see if that works.

It really seems like it something on my end that is messed up. If none of the above tests fix this, I think I am just going to have to stick with Hyper-V beta until Hyper-V RTM. I again want to thank you for all your help, but I don't want to waste any more of your time either. I will report back here with the results of my tests when I get them done, which might be a couple of days.

Thanks,

Ryan Lenkersdorfer

02 April 08 at 7:43 PM

# HiltonT said:

Hi John,

My scenario is more akin to Part 3 than Part 4, the only reason I moved into here was that I am seeing the exact same authentication/WMI Control issues as Ryan.

So, I basically have a Core box not on the domain with a CoreAdmin local administrator account, a Vista SP1 laptop not on a domain with a CoreAdmin local administrative user and a domain-joined desktop PC with Vista SP1 with a CoreAdmin limited user account (on the domain).

With all of the above, I see the same issues that Ryan sees.

I say, bring along part 5!  :)

02 April 08 at 10:42 PM

# Tim said:

John,

Thanks for the help (so far).  I too have a mixed domain issue.  My case is typical for a classroom environment.  The HV host contains a unique 2k8 domain controller (Full 2008, not core).  Students will connect using laptops they provide and are clearly not in this domain.  I want to give them access to the Hyper-V manager from machines that are not in the domain.  It is looking like I will have to give them remote logon access from where they can start it from within the domain.  I have followed your instructions, but attempting to provide all permissions to 'everyone'.  Still, ultimately, the wbemtest will fail to connect unless I provide a domain account.

It is looking to me like the remote Hyper-V Manager needs to allow specification of alternate credentials so it can pass them along in the WMI calls, but there does not seem to be a way to do that.

I thought I would pass this on and I am hoping you might find a "part 5" solution!

03 April 08 at 10:14 AM

# Ryan said:

I have setup a VM running Vista Enterprise SP1 x86 and joined it to my existing domain. I was able to point it at my Hyper-V RC0 server and it was able to connect and manage Hyper-V with no additional configuration! Why I am still having problems on my Vista Business SP1 x64 box is a mystery to me. Perhaps it doesn't like Business or maybe it doesn't like 64-bit. If I can, I will try Vista Enterprise SP1 x64 and see what happens.

Thanks again for all your help!

-Ryan

04 April 08 at 6:07 PM

# John Howard said:

So far, I’ve covered the following Hyper-V Remote Management scenarios: Workgroup: Vista client to remote

04 April 08 at 10:49 PM

# Eric Liddon said:

I was getting the same problem.  It appears that the new management client for 2008 Hyper-V on x64 cannot connect to the Hyper-V Beta.  I just installed this patch "http://www.microsoft.com/downloads/details.aspx?FamilyID=ddd94dda-9d31-4e6d-88a0-1939de3e9898&DisplayLang=en" and it fixed it for me.  Hope this helps.

09 April 08 at 2:59 PM

# jhoward said:

Eric - yes, absolutely correct. Remote management does not work on Hyper-V beta. This series is specific to our RC release.

Thanks,

John.

09 April 08 at 3:04 PM

# Mr. Mott said:

Any idea how to make this work when the hyper-v server is also a DC without a local dcom user group?  Client is Vista Ultimate x64.

15 April 08 at 9:32 PM

# jhoward said:

Mr. Mott - Follow part one of this series where I configure DCOM in a workgroup without using the Distributed COM Users Group, but add a domain user account instead of a workgroup account. It should work, but I haven't tried it.

But please note - our recommendation will *always* be to run the Hyper-V role without any other roles installed, ideally on server core as well. Just in case you weren't aware.

Cheers,

John.

15 April 08 at 10:32 PM

# Oleg Krylov (Russia) said:

Excuse me for my very poor English))) I'm install s2k8 Enterprise Full + Hyper-V. My Vista x86 box with SP1 have Hyper-V manager. I perform all steps from Part 4. I connect to my Hiper-V server, with no errors. But when i attempt create new machine, I recive message " Loading Wizard page failed. You might not have permission to perform this task". My domain user account is memmber of Administrators groups both in my Vista box and Hyper-V server. In Authetication manager for my domayn user account assigned Administrator role. Help me please to resolve my problem.

18 April 08 at 4:19 AM

# jhoward said:

Oleg - I have seen this when there are incompatible versions between the management client and the server. Remote management does not work in Beta from a Vista client - I suspect that you have not applied the RC0 update to your server (KB949219). That should resolve the problem.

Thanks,

John.

21 April 08 at 10:44 PM

# Kyle said:

I have hyper-v running on a core 2008 install in a 2k8 domain.  I used your walkthrough and was able to get everything working correctly, with one exception.  After I create a VM, I am unable to connect to it to install the OS.  I simply get an error stating "Cannot connect to the virtual machine. Try to connect again. If the problem persists, contact your system administrator."  Also at the bottom of the MMC, the heartbeat is reporting as no contact, if that helps.  Hyper-V is running RC0, and the MMC is running on a 2k8 DC (for testing purposes only).  Any help would be appreciated.  Thanks.

07 May 08 at 8:37 AM

# jhoward said:

Kyle - Can you verify a few things to start narrowing this down.

- The "No Heartbeat" is because the Integration Services aren't installed inside the virtual machine. However, if you can't connect to the virtual machine to be able to do this, that explains that one, so it's probably not relevant.

- On the Domain Controller, did you installed KB949219 as well to get the RC0 version of the management tools installed as well?

- Is it possible to verify if there is a firewall issue here by disabling the firewall on both the computer running the MMC and the server core installation of Hyper-V? (netsh firewall set opmode disable).

Thanks,

John.

07 May 08 at 9:04 PM

# Kyle said:

John,  Thanks for the quick reply.  I have verified that KB949219 has been installed on the DC.  After I disabled the firewall on both servers, I was able to connect.  I double checked my firewall policy to ensure that I did have the inbound rule set to allow "Hyper-V Management Clients - WMI (Async-In, DCOM-In, and TCP-In)" on the DC.  Is there another rule that I have overlooked?  Thanks,

Kyle

08 May 08 at 10:32 AM

# John J. said:

John,

First if thanks for the guide.

Second, I am experiencing a slightly different issue that I hope you may be able to help with. I am able to connect to my core server hyper-v installation (from a server running full 2k8 and hyper-v)  and manage VMs but when I attempt to set up the virtual network I receive the following error:

"There was an error enumerating the machine's network switches. make sure the Microsoft Hyper-V Network Service is installed and working properly

You may not have permission to  perform this task"

I followed the steps above, and I am able to remotely manage the server. I don't see a service named "Microsoft Hyper-V Network" running on either server so I am not sure what exactly the error is referring to.

I am currently using a Domain Admin account.

22 May 08 at 9:36 AM

# Mike Brown said:

John,

  I've upgraded my server to rc1 as well as my client management console. I was able to successfully connect and control the VMs from the vista client before the upgrade. After, not so much. I get the following message in the Virtual Machines Pane:

"Access denied. Unable to establish connection between 'Server' and 'Client'."

I'm able to control other aspects of the server, like creating and deleting virtual networks. But can't manage the VMs.

Also the VM creation wizard (run from a host local manager of course) fails for me if I try to create a VM without a network connection.

31 May 08 at 9:56 AM

# Tom Beauchamp said:

Very helpful article!  For users trying to connect to a domain controller, add your user to the Builtin\Distributed COM group in your AD instead of in local groups.

02 June 08 at 12:10 PM

# lukasbeeler said:

Many thanks for your whole series. Without it, i wouldn't have been able to get Hyper-V remote management to work the way i want it.

I hope you'll write about AzMan and VM Scopes in the future - i've got it working (and wrote about it here: http://projectdream.org/wordpress/2008/07/03/delegating-hyper-v-virtual-machines/ ), but i'm not entirely sure if i did everything correctly.

03 July 08 at 2:06 PM

# matt said:

Can anyone tell me where to download KB949219? When I go to download that KB from here

http://support.microsoft.com/kb/949219

It says the page is gone. I am really struggling with getting Core to work with a remote management client (x86) vista sp1. Both machines are in the same domain. I have done all the steps above but still get the same problem as John May 22nd and Kyle from May 7th...ERRRR!!! Seems that MS would have it, you know, just work.

14 July 08 at 3:44 PM

# jhoward said:

Matt - Hyper-V has reached RTM - I assume the pre-release builds have been pulled. See http://blogs.technet.com/jhoward/archive/2008/06/26/hyper-v-rtm-announcement-available-today-from-the-microsoft-download-centre.aspx for RTM links. Please upgrade to RTM and let me know if you are still seeing the same issue.

Thanks,

John.

14 July 08 at 3:55 PM

# cCollier said:

I've upgraded to RTM and I continue to get an error when I try to connect to the console of the Virtual machine. I right click a machine in hyper V and get "cannot connect to the virtual machine. Try to connect again, If the problem persists, contact your system administrator" (Dont you hate it when you're the guy youre asked to contact? heh)

Anyway, its 64bit 08. Ive tried turning off the firewall on the host and everything else in this string of comments and cannot connect to my VM. I have a bad habit of asking for help as a last resort only, but I would really like to see this work. Any insight anyone can offer would be greatly appreciated.

ccollier*at*scg.net

21 July 08 at 8:26 PM

# swtmike said:

It seems there can be issues relating to DNS as discussed at http://forums.technet.microsoft.com/en/winserverhyperv/thread/dc7bfceb-7f68-469d-8585-b257e3022f8a.

I re-read this blog numerous times to try to get Hyper-V Manager to connect to our Core installation but it was only when I came across the posts above that I was able to get it to work.

Regards,

swtmike

05 August 08 at 10:00 AM

# xd said:

Kyle -

To solve the "Cannot Connect to the virtual machine. Try to connect again. If the problem persists, contact your system administrator." error, you need to enable inbound port TCP port 2179 see: http://www.winfreddekreij.com/windows-2008/74-hyper-v-virtual-machine-connection-error for more info.

10 September 08 at 2:03 PM

# Rory Donnelly said:

If you get "Group cannot be specified along with other identification conditions" when trying to do either of the "netsh advfirewall firewall set rule group=" rules, try TYPING them out in full and don't cut and paste.

It worked for me!

19 September 08 at 10:06 AM

# ane said:

Hi, I'm facing the exact same problem described in this article right now but I'm not even able to connect using the domain administrator account.  I set up the domain just for the purpose of testing hyper-v. The firewall is disabled on all member machines and I did my best to verify that all COM / WMI rights are properly set.

On top of that everything works just fine if I'm logged on to the hyper-v core installation while trying to connect from a remote machine. Once I "logoff", the connection from the management machine fails again.

Has anyone seen similar behaviour before?

26 September 08 at 9:01 AM

# eisenpony said:

Everything seems to run fine when my domain user is a local administrator on the server box, but when I try to use a domain user that is a standard user on the Hyper-V server, I get the You do not have the required permission to complete the task error.

If I use computer management remotely to put my domain user in the servers Administrators group, it will instantly start working properly. I've got the user in InitialStore, DCOM Users, and WMI root/cimv2 and root/virtualization.

Could the problem be the user can't access program files on the server unless it is an administrator? What am I overlooking?

08 October 08 at 1:08 PM

# jhoward said:

eisenpony - this should work (http://blogs.msdn.com/virtual_pc_guy/archive/2008/01/17/allowing-non-administrators-to-control-hyper-v.aspx), I've not heard of it not working if the AZMan configuration has been done. Can you email me a screenshot of the AZMan configuration?

Thanks,

John.

08 October 08 at 4:54 PM

# Joe said:

John,

In a domain environment, is it possible to remotely manage Hyper-V from a Vista machine without enabling remote access for Anonymous Logon in DCOM as you outlined in part 2?  

I was logged into a Vista machine as a domain admin connecting to a Hyper-V machine in the same domain and received "Access denied. Unable to establish communication between 'SERVER' and 'CLIENT'" error messages in the Hyper-V Management console until I enabled this setting in dcomcnfg.

13 October 08 at 1:46 PM

# jhoward said:

Joe - part 2 referred to a workgroup scenario. You should not need to enable Anonymous DCOM for a domain scenario.

Thanks,

John.

16 October 08 at 4:54 PM

# Geek Noise said:

Hyper-V Management Console on Vista x64

04 November 08 at 6:34 PM

# John Howard - Hyper-V and virtualization blog said:

It has been a little quiet on the blog front, but sometimes, at least in this case, I hope I've come

14 November 08 at 8:44 PM

# HyperVoria said:

Announcing "HVRemote"...., a tool to "automagically" configure Hyper-V Remote Management

17 November 08 at 4:34 PM

# Microsoft, su tecnología y yo said:

Hola Una herramienta imprescindible para configurar los servidores con Hyper-V para que se puedan administra

18 November 08 at 3:49 PM

# Naresh Verma said:

Kindly correct the "

when you run the abobe command

06 December 08 at 9:21 AM

# jhoward said:

Naresh - I have absolutely no idea what you are referring to?????!

Cheers,

John.

06 December 08 at 9:35 PM

# Don Hiatt said:

Hi John,

I've been plagued with the Unable to connect to the server because of the RPC issue. I'm using a Workgroup configuration and have isolated the issue to conflicts with my "two" firewalls. I followed the instrucitons and installed the exception rules. However, my second firewall is OneCare. If I login and OneCare is running then I cannot connect. If I shut down the OneCare firewall and turn on (or off) the Windows Firewall then I can connect in less than a second. After connecting "during my Windows login session" I can turn either or both firewalls on and happily connect through the Hyper-V manager in a workgroup Vista configuration.

12 December 08 at 6:13 PM

# jhoward said:

Don - you need to emulate the Hyper-V Management Client rules in the OneCare firewall. To be honest, I've never used OneCare so don't know how you go about this. My best suggestion would be to ask the OneCare team themselves - they maintain a team blog at http://windowsonecare.spaces.live.com/default.aspx?wa=wsignin1.0&sa=928167145. However, maybe over the Christmas holiday, I'll have time to work it out and post up entry.... no promises though. The OneCare team would probably be quicker though.

Thanks,

John.

15 December 08 at 1:41 PM

# pascals.blog said:

Aujourd'hui deux outils pour Hyper-V. Pas tout neufs, mais extrêmement utiles. Le premier vous servira

29 December 08 at 4:50 AM

# glenn adams said:

John,

I installed KB952627 on a Vista Home Basic SP1 (x86), but the Hyper V manager does not appear when I try to add it to the mmc.  Does it require Vista Ultimate ?  

Thanks

14 January 09 at 12:09 AM

# jhoward said:

Glenn - partly correct. Hyper-V remote management tools on Vista (KB952627) requires Business, Enterprise or Ultimate SKUs.

Thanks,

John.

18 January 09 at 12:00 AM

# Prabhat said:

Hi John, Thanks for the great article.

Unfortunately I have problem connecting the Hyper-V server (on Windows Server 2008 Ent. X64 FULL Install) from my VISTA Ultimate SP1 and Hyper-V Manager installed.

Now getting error: “The operation on computer <servername>> failed.

Note:

- Both the server and my PC are in Same Domain.

- I am able to remote manage the server from my VISTA.

- I am able to TS into the server.

- My domain user account, that I used to login in my PC, is a member of the Administrator group of the Hyper-V Server box.

- I have followed all the steps described here.

- Even I have tried disabling firewall in both boxes.

- I can ping both way (from server to my pc and vice-versa).

Can you please help me in this?

Thanks.

23 January 09 at 1:13 AM

# jhoward said:

Prabhat - by far the easiest was to diagnose this is to run hvremote /show on both the client and the server. If you can post that back, and also the output of a ping by name (not IP) from server to client and client to server, it will probably give me everything needed.

Thanks,

John.

26 January 09 at 5:10 PM

# Prabhat said:

Hello Another Question:

Can I uninstall Hyper-v MMC from my VISTA Client PC?

If YES, How - As I dont see this in Manage Programs in Controlpanel.

Thanks,

Prabhat

31 January 09 at 5:12 AM

# jhoward said:

Prabhat - yes. You need to uninstall the QFE update which is where it is listed rather than in the program list.

Thanks,

John.

04 February 09 at 12:05 AM

# Geoff said:

My input may be totally irrelevant but having been dogged by the connectivity issues between domain and non-domain machines for weeks my discovery might give you guys another lead to work with.

In my case even though I am able to browse all stations on the network and they are all correctly registered with DHCP and DNS when I try to connect to a non windows or non-domain windows PC from a domain member vista,win7 or 2008 machine I get the "access denied" message.

XP machines had no problem.

I then realised that by connecting using the IP address (\\192.168.x.x) they connect!

So, it transpires that when a connection is made from a Domain PC to a Non Domain device using NetBios names, Keberos Authentication using AES is enforced, but when using IP addresses it automatically falls back to NTLM!

As the practises desribed in this blog describe the same mix of domain and non-domain machines trying to communicate in a similar manner it suddenly hit me, is this the same issue?

06 February 09 at 3:34 PM

# jhoward said:

Geoff - Short answer is I'm not sure. You're certainly asking about an area far outside my expertise and doesn't look like anything specific to Hyper-V (please correct me if I'm wrong - if you're seeing different behaviour between physical machines and virtual machines, that's a different matter).

My best suggestion would probably be to post a question on the Technet forums. The platform networking forum may be a good place to start: http://social.technet.microsoft.com/forums/en-US/winserverPN/threads/

Thanks, and sorry I can't provide more assistance.

Thanks,

John.

09 February 09 at 1:43 PM

# Dan L said:

I'm running up against a slightly different issue... I appear to be able to connect remotely the my server via the Hyper V Manager from my Vista Box, however I get a "The Virtual Machine Management service is not available." under Virtual Machines.  I am able to click Start Service on the right but nothing happens.   I'm not sure if this has something to do with the .xml file edits I did as I can't get the file to display via IE properly, it errors out with the following error message: "Only one top level element is allowed in an XML document. Error processing resource 'file:///Z:/ProgramData/Microsoft/Windo..."

I haven't changed domain names on my server and I'm not running AD, my vista box is in a different workgroup as well.

Any thoughts?

So far, this walk through has been an excellent source to learning this technology.

Dan

09 March 09 at 12:24 AM

# Dan L said:

belay my request for information! I just realized that I hadn't applied the KB950050 update on the server.  I just completed that and I can now make remotely manage VMs.  I'm off and running.   Big kudos again to taking the time to help us little folks along the way!!

Dan

09 March 09 at 12:34 AM

# Shiva said:

Hi John,

 In Hyper-V, Is there anyway to configure a DHCP which is part of a Virtual Network through WMI? i.e.. The DHCP is enabled in a Win 2K8 VM. I wish to configure the DHCP via WMI running from the Host Server.

Thanks again for the article, I have taken key scripts from HVRemote utility. It helped a LOT!!

Thanks

Shiva

06 April 09 at 8:23 AM

# jhoward said:

Shiva

I'm not sure WMI interfaces exist to DHCP - at least I couldn't find any reference to them, but I'm not on the DHCP team to be able to provide an authoritative answer. Once a server generically is running in a VM, you should treat it from a management perspectivie as just another server on the network. There's no form of "secure remote execute" of commands from the Hyper-V parent partition to one of the VMs running on it.

Take a look at netsh http://technet.microsoft.com/en-us/library/cc787375.aspx - that may provide what you need.

Thanks,

John.

06 April 09 at 12:08 PM

# Rich said:

When do we get our host key, and web interface back, so that we can be done with all this remote management garbage?

26 June 09 at 12:07 PM

# Shiva said:

In some machines when we make a VMConnect, I am getting a certificate error. It goes as follows

"Your remote desktop connection failed because the remote computer cannot be authenticated.

The remote computer could not be authenticated due to problem with the security certificate. It may be unsafe to proceed."

I ran the HVRemote utility for the users by which I am going to authenticate with the host servers. In one windows 7 machine I got this error. Any thoughts on the same?

04 August 09 at 3:44 PM

# jhoward said:

Shiva - what build of Windows 7 (R2) are you using - are they equivalent builds ie beta-beta or rc-rc, or an interim build between beta and rc. You will hit this issue in certain combinations of mismatched bits due to a bug which existed in the development cycle (fixed now, and rc-rc should not have this bug).

Thanks,

John.

04 August 09 at 3:56 PM

# Shiva said:

Hi John,

Thanks for the reply. The Windows 7 version is 7100 RC MSIT SUPPORTED VERSION. Can we expect the certificate message "Your remote desktop connection failed because the remote computer cannot be authenticated." in this version. Also from which version the fix is available? Please let me know.

Thanks,

Shiva

04 August 09 at 6:12 PM

# jhoward said:

Shiva - if you're and MS employee (which I assume you are from the reference to MSIT SUPPORTED VERSION), please follow up with me internally, or on the internal aliases.

Thanks,

John.

04 August 09 at 11:43 PM

# Alan said:

Hi John

Thanks for all your work on this.  I have been using HVRemote to configure W2K8 R2 Hyper-V for remote access from my Vista PC.  If I give myself admin rights on the server then everything works a treat.  If I remove admin rights though, after running HVRemote then everything works apart from the media drives.  When I click on the Media item in the Virtual Machine Console I get a message saying "Drives not loaded".  This seems to tie in with the following event log message on the server

Log Name:      Security

Source:        Microsoft-Windows-Security-Auditing

Date:          07/10/2009 16:53:25

Event ID:      4656

Task Category: Other Object Access Events

Level:         Information

Keywords:      Audit Failure

User:          N/A

Computer:      hvserver.local.com

Description:

A handle to an object was requested.

Subject:

Security ID: mydomain\myaccount

Account Name: myaccount

Account Domain: mydomain

Logon ID: 0x2db3b20

Object:

Object Server: PlugPlayManager

Object Type: Security

Object Name: PlugPlaySecurityObject

Handle ID: 0x0

Process Information:

Process ID: 0x38c

Process Name: C:\Windows\System32\svchost.exe

Access Request Information:

Transaction ID: {00000000-0000-0000-0000-000000000000}

Accesses: Unknown specific access (bit 0)

Access Reasons: -

Access Mask: 0x1

Privileges Used for Access Check: -

Restricted SID Count: 0

Any thoughts on how to resolve this?

Thanks

Alan

08 October 09 at 4:14 AM

Leave a Comment

Comment Policy: No HTML allowed. URIs and line breaks are converted automatically. Your e–mail address will not show up on any public page.

Name (required) 

Your URL (optional)

Comments (required) 

  

Enter Code Here: Required

Remember Me?