Comments

# HiltonT said:

... and the client being in a workgroup and the server being in a different one.  :)

I'll run through all of this stuff tomorrow or the day after, when I get time to get back to this and see how it all goes.  But there's nothing here that's much different from the previous info that's leaving Ryan and myself in the situation where WMI Control shows "Root" and no namespaces under it.

Anyway, I'll see what happens when I try this all again!

Thanks for your efforts.  I just wonder if Microsoft really intended such a convoluted procedure to manage a Core box...

06 April 08 at 7:43 AM

# Alberto said:

John this is great. Actually this is a real scenario environment.

You're great!

06 April 08 at 10:10 AM

# jhoward said:

@HiltonT - I'll get there ;) I'm still looking into the no namespaces not showing up but can't repro it in-house. If you can email me directly, that would help me investigate.

Thanks,

John.

07 April 08 at 12:54 PM

# Michael A said:

Hi

Have to begin with saying. Great blog ! :D

I have the same issue here. Followed you instruction down to the line, but the same happens. I can't see anything else than --Root. So i'm looking forward to the solution :)

//Michael A

12 April 08 at 6:24 PM

# michaela said:

Hi again :)

Now i got connected to Hyper-v finaly, but i don't have permission to add new virtual machine or edit anything in Virtual Network Manager. I'm running a Win Core

Got some ideas ?

//Michael A

13 April 08 at 6:03 PM

# jhoward said:

Michael A - This is AZMan configuration by the sound of it (step 5 above).  Did you add your user account to the Administrator under role assignments? As you're running server core, you'll need to jump through the hoops for AZMan configuration I described in part 3 (sorry!).

Thanks,

John.

15 April 08 at 10:56 PM

# Howard Carter said:

John,

Thanks for the this great guide!  I'm still amazed how people figure this stuff out.

I think I may have found a mistake in Step 4.  In step 4 you say "See step 5 in part one for more information" but when I went to look at it, none of the screen shots matched up.  I did some looking and found the similar screenshots in Step 4 of Part 1.  

Is this correct?

Thanks Again,

-Howard

30 April 08 at 1:00 PM

# jhoward said:

Thanks Howard - yes, my mistake - I've corrected it above. I did indeed mean step 4 of part 1.

Cheers,

John.

30 April 08 at 1:42 PM

# Maritn said:

John,

Makes for really good reading

But I am stuck at Step 4

Step 4. Allow authenticate users to remote WMI namespaces (on server)

See step 4 in part one for more information. Here is where I’m using the “Remote Hyper-V Admins” group I created previously. As before, make sure you do this TWICE, once for Root/CIMv2 and again for Root/Virtualization.

the WMI just keeps tellimg me access denied

any ideas

07 May 08 at 10:15 AM

# jhoward said:

Maritn (Martin?)

What's the domain/workgroup combination you're hitting when you get this error? Is it domain client to workgroup server as described in this walkthrough? Just want to double-check.

I'm assuming you're doing this step on the server, not remotely on the client? If so, are you running as a local administrator? I suspect that is the most likely cause.

Thanks,

John.

07 May 08 at 9:10 PM

# Martin said:

John,

It is Martin yes (I still type looking at my fingers not the screen)

the client is a Domain Vista Box and the Core server in a workgroup so I am trying to run the mmc from the snap in on the client this is when I connect the computer management snap in then browse to WMI, then when I right click it comes up access denied.

as I am not very big on command line stuff (but trying to learn) it is very frustrating I have copied all 5 of the walkthrough's onto paper to get all the steps in the right order.

Thanks in Advance

Martin

08 May 08 at 3:43 AM

# The Bev said:

Don't forget, you can also use RemoteApp on the 2008 server where hyper-v is installed. You can pubish both the vmconnect and the virtmgmt. My laptop is not part of the domain, and i have no problems connecting.

14 June 08 at 3:02 AM

# Danny said:

Hey Bev,

Neat trick using RemoteApp, except for one problem:  Hyper-V Connect to Virtual Machine doesn't work with Terminal Services.  How did you resolve that?

20 June 08 at 7:29 PM

# Danny Thorpe said:

Hi John,

Thanks for the great series of articles on configuring machines to remotely manage Hyper-V!

Using your articles as a guide, I figured out how to do the 6th scenario:  workgroup client talking to domain bound server.  Notes are here:  http://dannythorpe.com/2008/06/21/hyper-v-remote-management-workgroup-vista-client-to-domain-bound-server/

-Danny

24 June 08 at 6:59 PM

# Paul Hickman said:

I'm trying to setup Hyper-V manager in a domain environment but I'm getting a slightly different error message to those you have covered here. When I open Hyper-V Manager on the client, I get the message:

"Access denied. Unable to establish communication between 'CLIENT' and 'SERVER'."

This appears in the Virtual Machines panel. The client and server are connect to the same unmanaged switch with no firewalls other than the window firewall in default configuration on both machines. My user is a local machine administrator on both machines (with UAC running). Other services such as remote desktop between the machines works without problems.

I followed the steps in Part 4 of your guide, except for the WMI Control section, as when I inspected the settings the

user already had the necessary access due to being a server local machine administrator.

The two operations I can perform successfully in Hyper-V manager from the client are using the Hyper-V Settings and the Virtual Network Manager features, but everything else fails with the above message, usually at the end of a wizard.

Thanks for any help you can offer.

26 June 08 at 6:46 AM

# jhoward said:

Paul - this error generally indicates you have not configured the DCOM settings on the client machine. See Part 2, step 7. That should resolve the issue.

Thanks,

John.

26 June 08 at 10:57 AM

# Paul Hickman said:

Thanks John, that was indeed the problem. Looks like that step is necessary in the domain scenario as well as the workgroup scenario.

26 June 08 at 1:01 PM

# David McCallan said:

John,

Thanks for this.  Any help on what I believe to be an issue with connecting from a 32bit Vista client to the 64bit Hyper-V instance?  Connection works fine from x64 W2008 but get the usual 'Cannot connect to RPC service' error when trying to connect from 32bit Vista.

Thanks,

David

15 July 08 at 9:28 AM

# jhoward said:

David - I'm not aware of an architecture specific issue and have certainly run through both in my lab environments. There are differences between Vista configuration and 2K8 configuration though. Are you sure you followed the client configuration which is absolutely needed for Vista - part two has most of that information. I think that will solve your problems.

Thanks,

John.

15 July 08 at 11:13 PM

# Sharath said:

This is simple superb/.. Good Work

17 July 08 at 11:11 PM

# Sharath said:

This is simple superb/.. Good Work

17 July 08 at 11:11 PM

# Bruce said:

Thank's John for your research effort and for posting this information.

I haven't tried all actions, but it would appear that the Hyper-V Manager is working from my Vista client.

In Part 2 (Client configuration) step 7, you say that if the 2008 Hyper-V server is in a workgroup, it will use Anonymous access from the server to the client.

I couldn't find anywhere what the situation is if both the Hyper-V server and the Client are both domain members in the same domain.  I enabled the anonymous access per your directions, but I'm wondering if this is necessary in an all domain situation.   Could you please clarify this for me?

18 July 08 at 1:02 AM

# jhoward said:

Bruce - you are correct. If both machines are domain members in the same domain, anonymous callback does not need to be configured. You should be able to add the user account to the Distributed COM Users group for the callback.

Thanks,

John.

21 July 08 at 12:47 PM

# Chris said:

John,

I've walked through your notes and they are absolutely wonderful - one thing that I ran into, and I can't find on anyone's blog is a good way of setting up the networking.  I'm running into the following situation:

Server1 - Win2008, x64; 2 NICs (192.168.1.3 and 192.168.1.203)

Computer1 - Vista SP1, x64

Server1 has HyperV configured like your blog.

Computer1 is configured like your blog.

From Computer1, I can create a VM with no issue.

However, the VM sees an unknown device (I'm certain it's the NIC, because there are no NICs installed).  I would have expected the VM to autodetect and install the NIC.  But it doesn't.  No errors.

From the Hyper-V console on the Computer1, I selected the 192.168.1.3 to be the External NIC; and it's that NIC i use for the VM.

Thoughts?  anyone?

22 July 08 at 12:30 PM

# jhoward said:

Chris - the unknown device is probably VMBus. You need to install the Integration Services inside the VM for the synthetic devices to run. Once you are connected to the VM in VMConnect, select Actions/Insert Integration Services Setup Disk and let autoplay run inside the VM (or navigate to setup.exe on the virtual CD ROM inside the VM). Reboot the VM and everything should be good.

Thanks,

John.

22 July 08 at 5:28 PM

# Matteo said:

Hi. Thank you in advance for reply :-). This is our situation: 1 new server 2008 core in the same lan of a domain (but not part of it). My NB (vista sp1) is in the domain. I'm able to connect to server with terminal server. After a lot of work (included the translation for the Italian localized version :-( ) I reach the end and it seems all ok. But finally when I connect with Hyper-v mmc to the server and try to create a VM I receive an error "unable to load the wizard page" (translation from italian) and even If I try to go away I'm not able to create any VM. Server is empty and has only 2008 core with hyper-v role installed. Any suggests ?

25 July 08 at 1:07 PM

# jhoward said:

Matteo - you usually see this if you are running pre-release versions of the either the server or client. Please make sure you have KB950050 on the server and 952627 on the client - these are the RTM releases.  If the server is core, you should be able to use wmic qfe list to list the installed updates.

Thanks,

John.

25 July 08 at 1:16 PM

# Matteo said:

Thank you again, it was the missing of KB950050 on the server. Now, finally, I'am creating the first VM. And now I can go home to take my deserved beer :-) bye

25 July 08 at 1:45 PM

# Werner said:

Howard, Thanks to your blogs I got Hyper-V Management with Management client (Vista SP1) and Hyper-V Server (W2K8 with KB950050) in same domain working. I installed my first VM, was able to connect to it and to take a snapshot.

Suddenly after two days - out of nowhere - I'm not able to connect to the VM (though it shows up in Hyper-V Manager and also works as a DNS Server as expected). The snapshot loading takes place but doesn't complete und I'm not able to create new VMs or new VHDs. There is just a create bar that stays indefinetly.

Any idea what went wrong in my case? Your help is highly appreciated because I don't know where to go from here. I did setup a second client for management (Vista SP1 as well) with exactly same result.

Thanks,

Werner

26 July 08 at 9:50 AM

# Werner said:

John, Thanks to your blogs I was able to set-up remote management of Hyper-V: Hyper-V Manager on Vista (x86) Business SP1 – W28K Enterprise Core with KB950050. I created, configured and snapshot a VM and was able to connect to that VM for about 2 days.

Now, suddenly – out of nowhere – I cannot connect to that VM anymore. But the VM shows up in Hyper-V-Management and it is also working as expected (W2K8 Enterprise as DNS Server and File Server). At the same time it is impossible to create new VMs or VHDs (the process starts, but the progress bar stays indefinitely). The snapshot starts loading into the Manager, but loading doesn’t complete.

I did set-up a Hyper-V-Manager on a second Vista SP1 client, yielding the same result.

Do you have any idea how that problem can be solved? Any comment or suggestion is highly appreciated!!

Werner

26 July 08 at 10:55 AM

# Matteo said:

Sigh ... :-( this morning I was sure to start the new virtualization experience but ... TS start to tell me that there was problem with date difference ... So i set the date and time (I forget to did it) and now I'm not able to connect to the WMI: it keep telling me Win32: Denied Access... I change the administrator's password (due to date update it was out of date) and the user's password, then I activate licence (it start to appear message Windows not original on desktop) but nothing happens ... WMI is still not reachable ... my scenario is a domain client who connect to a workgroup core server ...  I try to change the user association by cmdkey using core administrator, nothing, add the user to localgroup administrator ... nothing ... any suggest before I format all ???

28 July 08 at 9:18 AM

# ToddBri said:

Hi, I'm still hitting the RPC error when connecting although I was getting the Authorization message before trying anything in this series of articles. I have a Vista SP1 client in a domain where i have no permissions. My Hyper-V server is in a workgroup. The 2 machines are sitting on the same subnet with no firewalls between them. The Server has the firewall disabled. I believe I've done everything correctly on the client. I'm trying to connect to the server remotely using the local administrator account on the server. Any ideas on what to try next?

Thanks, Todd.

28 July 08 at 11:26 AM

# jhoward said:

ToddBri - what do you mean by "where i have no permissions". Do you mean you're just a regular domain user?

Can you try a simple test to start with.(I'm don't have a workgroup environment setup to verify this exactly, but it should work). On the client:

start wbemtest

Hit connect, enter \\server\root\virtualization in the namespace; server\user and appropriate password in the credentials.

Query

select * from msvm_computersystem

apply

Do you get any results back?

Thanks,

John.

30 July 08 at 5:11 PM

# tmack said:

Same issue as ToddBri: Ran the "Start wbemtest" and received the following error:

Facility: (WMI)

Illigel operation

12 October 08 at 9:30 AM

# Joe said:

John,

How about a Vista and a Hyper-V machine in separate, two-way trusted domains?  Can anonymous callback be avoided in this scenario too using the DCOM Users group?

Joe

13 October 08 at 2:59 PM

# jhoward said:

Joe - with the caveat that I have not tried this specific configuration, I believe there should be no need to allow anonymous callback if there is two way trust between seperate forests.

Thanks,

John.

15 October 08 at 1:29 PM

# James said:

I did not see another response to Martin. I am running server core in a workgroup and Vista Client in a domain. I am using computer management on the Vista Client and connecting to the server core. I right click WMI control and get Access denied. I get access denied on everything in computer management while connected to server core. What don't understand how the workgroup accounts and domain accounts get associated.

22 October 08 at 12:53 PM

# jhoward said:

James - the mapping comes from Step 8 above. However, I was using a full installation of server rather than server core, so the earlier steps must be done remotely in that instance. To enable remote management for core to enable those steps remotely, see http://blogs.technet.com/jhoward/archive/2008/03/29/how-to-add-the-hyper-v-role-to-a-windows-server-2008-server-core-machine.aspx

Thanks,

John.

22 October 08 at 1:55 PM

# James said:

John,

Thanks for your quick response

I got it working some how. I did not have my account on the server core workgroup computer configured as a local administrator or I did step 8 after step 3, because I couldn't get step 4 to work. Not sure which one led to it working correctly.

Thanks for your help and these are some great articles.

22 October 08 at 2:22 PM

# Dale Unroe said:

Hi John,

As first alluded to in a June 26'th conversation with Paul H. & then again alluded to in a July 17'th conversation with Bruce you refer to DCOM configuration on the Hyper-V Manager machine.  In my experience today with a new HV managment workstation it was necessary and applied to domain joined computers.

I ran up against errors both when trying to use the Hyper-V Manager and when trying to remote use Disk Management.  After doing the simple DCOM configuration task (Part 2 Step 7) to 'allow' for the anonymous logon remote access now all works.  Both of these computers are in the same domain and the user account being used (mine) is a valid domain account used on both machines.  As such I'm not so sure what you expressed to Bruce is accurate.  In my case it wasn't.

Thanks again for your great blog, the comments section is so valuable and you have been very interactive and helpful - Dale

28 October 08 at 10:03 PM

# FrankB said:

Well I am using the stand-alone Hyper-H and a Vista SP1 laptop, and I ran into the same problem as Hilont T reported on 4/6/08  - When I try to set the WMI permission, the root does not open and hence I cannot see anything under it.  If I try to set the permission on the root I get access denied.  Has this ever been resolved?

05 November 08 at 8:58 PM

# jhoward said:

Frank, take a look at the comments from part 3, around 24th April: http://blogs.technet.com/jhoward/archive/2008/03/30/part-3-hyper-v-remote-management-you-do-not-have-the-requested-permission-to-complete-this-task-contact-the-administrator-of-the-authorization-policy-for-the-computer-computername.aspx. I did a bit of re-ordering of the steps as a result several months back, but I'm not sure if you might be using a cached RSS copy which didn't get the update?

Thanks,

John.

10 November 08 at 10:25 PM

# Microsoft, su tecnología y yo said:

Hola Una herramienta imprescindible para configurar los servidores con Hyper-V para que se puedan administra

18 November 08 at 3:51 PM

# oso said:

Hello, my first scenario was hyperv host in workgroup and vista machine in domain, so I prepare acces to quest with this guide. Now I join host in to the domain, what should I do to remove promting for credentials everytime I want to acces the quests from SCVMM or Hyper-v remote cosnole?

03 December 08 at 3:44 AM

# jhoward said:

oso - have you removed the cmdkey setting on the client? (cmdkey /delete:servername)

Thanks,

John.

08 December 08 at 8:10 PM

# oso said:

Thank you very much John i forgot to remove credentials, now its working smooth no prompting, great.

09 December 08 at 11:34 AM

# Randy Martin said:

OK. I've followed these blog postings until I'm blue in the face, and I still can't get this to work. I have the standalone Hyper-V server in a workgroup and a Vista SP1 client in the same workgroup (and another Vista SP1 client in a different workgroup).

I can connect to the hyper-v server, but get the dreaded

RPC server unavailable. Unable to establish communication between "HYPERV" and "CLIENT"

message. Any ideas? I can remote manage the hyper-v box, but I'm getting the "nothing past the root" problem when trying to get to the the WIM stuff.

TIA,

Randy

28 December 08 at 12:28 AM

# jhoward said:

Randy - take a look at the comments a little higher up:

"... from part 3, around 24th April: http://blogs.technet.com/jhoward/archive/2008/03/30/part-3-hyper-v-remote-management-you-do-not-have-the-requested-permission-to-complete-this-task-contact-the-administrator-of-the-authorization-policy-for-the-computer-computername.aspx. I did a bit of re-ordering of the steps as a result several months back, but I'm not sure if you might be using a cached RSS copy which didn't get the update?"

But, especially as you are in a workgroup, unless you really want to go through the steps manually, I would strongly recommend you use hvremote (link at very top of article) - it will save you hours of time :)

Cheers,

John.

28 December 08 at 1:25 PM

# Pierre said:

Hello John I have a hyper-v server and a server 2008 to manage hyper-v, everything was working,

but since I try to manage with Vista SP1 does not work. When I connect to the server it gives me the following message:

Access Denied, unable to establish communication between the server and my computer.

Could you help me solve my problem.

22 January 09 at 8:02 AM

# jhoward said:

Pierre - what have you configured on the Vista box? Have you used hvremote to set it up, or have you gone through the steps manually?

If you've done no configuration, please (preferably) use hvremote to do the configuration depending on you domain and workgroup settings. If that doesn't work, please post back output of hvremote /show on both server and client, and also the output of a ping attempt in both directions by name (rather than IP) to verify that it's not a DNS issue.

Thanks,

John.

22 January 09 at 12:34 PM

# fattie said:

Well my laptop machine is domain joined (krak.local)

My hyper-v-server is workgroup

I followed step 1 ,2,3 and on step 4 i get stuck.

If i start Computer Management on my laptop machine to connect to Hyper-V-Server i get error:

"computer cannot be managed"

What am i doing wrong or did i forget?

Thanks , great blog further!

09 February 09 at 11:14 AM

# jhoward said:

Fattie - you need to enable remote management on the server to run computer management remotely. See http://blogs.technet.com/jhoward/archive/2008/03/29/how-to-add-the-hyper-v-role-to-a-windows-server-2008-server-core-machine.aspx for the necessary steps.

Note also - particularly in workgroup scenario, unless you really do have a specific need to go through the steps manually, I would very strongly recommend you use HVRemote. The task will be much simpler.

Thanks,

John.

09 February 09 at 1:35 PM

# fattie said:

Thanks JHoward that worked like a charm.

Only thing now is I get WMI Access Denied when (step 4) so the security tab is empty

i solved this temporarily by adding my created account (on server and client) to the local administrators group on the core server.

Is there a perhaps a better solution??

11 February 09 at 3:50 AM

# jhoward said:

Fattie - great. I don't believe there is an alternate workaround. You have to have administrative rights to WMI as the ACLs are defined by default in order to manipulate them. I've not tried, but use of cmdkey on the client to set credentials for the local administrator on the core box may work (?)

Thanks,

John.

11 February 09 at 1:17 PM

# Ken said:

Hi John,

I'm trying to do "Step 4. Allow authenticate users to remote WMI namespaces (on server) " on Hyper-V Server (not 2008). All I have is command line. Is there a way I can do this without the GUI?

Thanks.

10 March 09 at 12:21 AM

# jhoward said:

Ken - yes, see part 3 where I do this when the server is a core installation (or Hyper-V Server - no difference configuration wise).... but it has to be done remotely. Alternately (and I would certainly recommend it unless you really feel the need to do the steps manually), use HVRemote :)

Thanks,

John.

10 March 09 at 11:59 AM

# Ken said:

Hi John,

I've been using HVRemote the entire time and have got it to work when the client and server are both on a workgroup.

I then tried client domain --> server workgroup using HVRemote. Didn't work! I was getting RPC errors no matter what I tried. After many hours of trying different configs including trying to follow the manual steps (not using HVRemote) to no avail, I was ready to take a hammer to my server!

After a bit of venting, I decided to manually enter my "DNS Suffix Search List" in my Vista x64 Machine in my network card adaptor.....VOILA! It connects!

I hope if others are having issues even after using the excellent HVRemote tool, they can try manually entering the DNS Suffix in the TCP/IP properties "Append these DNS suffixes (in order):"

My Setup:

Client:Domain --> Vista x64 SP1

Server:Workgroup --> Hyper-V Server

HVRemote + cmdkey command + manual DNS Suffix worked for me.

Thank you for the great tool John!

Ken

11 March 09 at 11:50 PM

# jhoward said:

Thanks Ken, so glad you found HVRemote useful and appreciate I can't cover every eventuality and configuration :)

Cheers,

John.

11 March 09 at 11:59 PM

# Peterd said:

HI, I have followed these steps and have the Remote Manager on windows 08 talking to the HyperV core, (Thanks to the instructions here!), I can create a virtual machine and include a win2ksrv vhd, but it blue screens on startup? is win2ksrv supported on hyper-v?

24 March 09 at 9:30 PM

# jhoward said:

Peterd - yes, Windows 2000 server *with SP4* is supported in single processor only mode. Are you running SP4, have you installed the integration services and what bugcheck are you hitting?

Thanks,

John.

24 March 09 at 9:45 PM

# Zach Greenside said:

We have a Hyper-V server at our school on Windows Server 2008 Enterprise Edition, but only half of the students in the class are able to access it from home.  I personally use Vista Business x64 and have followed all the steps 100 times and still get "Hyper-V Remote Management: You do not have the required permission to complete this task. Contact the administrator of the authorization policy for the computer ‘COMPUTERNAME’".  I've also downloaded and used hvremote.wsf and it came back with everything being correctly configured.  If you need additional information, please contact me at zgreenside@mail.greenriver.edu.  There are at least 15 students here that would be eternally grateful if you could help us figure out exactly why this isn't working.

Client:  Workgroup     Vista SP1

Server:  Domain         Hyper-V Server

06 April 09 at 2:50 PM

# jhoward said:

Zach - I'll drop you an email.

Cheers,

John.

06 April 09 at 3:12 PM

# zippy said:

Hi John

Ihave followed you guide but I can not enable the WMI part, I keep getting Win32:Access is denied

I am

Vista SP 1 Workgroup

Server 2008 Core

I have created an identical credential and added the new user as a local admin on the 2008 box.

Can you help

17 April 09 at 7:10 AM

# jhoward said:

Zippy - can you email me the output of hvremote /show on both boxes, plus a ping -4 by name attempt in each direction. (Link at the top of the page)

Thanks,

John.

21 April 09 at 2:55 PM

# Martin Harwar said:

John --- what can I say, except 'thank-you very much indeed!" You are a rockstar!

28 September 09 at 10:20 PM

# Thomas Goodson said:

Just downloaded you HVManager Script and in less than 5 minutes was able to access my Hyper-V Server (workgroup).  Keep up the good work.

29 September 09 at 5:27 PM

Leave a Comment

Comment Policy: No HTML allowed. URIs and line breaks are converted automatically. Your e–mail address will not show up on any public page.

Name (required) 

Your URL (optional)

Comments (required) 

  

Enter Code Here: Required

Remember Me?