Configure Hyper-V Remote Management in seconds


Update 19th Nov – v0.3 now released! 


It has been a little quiet on the blog front, but sometimes, at least in this case, I hope I’ve come up with something worth waiting for. Announcing “HVRemote”…., a tool to “automagically” configure Hyper-V Remote Management. (Amazing what can be done with a few days vacation to kill before you lose them at the end of the year….).


I’m not going into the gory detail here as I’ve created a PDF containing the documentation, and a site on http://code.msdn.microsoft.com/HVRemote where you can download the tool and the documentation. All I ask, is that if you find the tool useful, drop me an email or a comment. Thanks!


What does the tool do: It reduces the manual configuration steps needed for Hyper-V Remote Management that I blogged about back in March this year 1, 2, 3, 4 and 5 down to one or two commands.



  • It can configure Full installations and Server Core Installations of Windows Server 2008 with the Hyper-V role enabled, plus configure Microsoft Hyper-V Server. It runs across all locales (I’ve tested English and Japanese) and it doesn’t matter if the server is domain or workgroup joined.

  • It can configure Vista SP1 and Server 2008 configured with the Hyper-V Remote Management tools. Again, doesn’t matter if the client is domain or workgroup joined.

Quick how-to:


1. Server: To give or remove a user access permissions:

       hvremote /add:domain\user                  or
       hvremote /remove:domain\user


Add 

2. Server & Client: Display current settings (server or client): (Screenshot is client side)

       hvremote /show

showclient 

The other useful options are:


3. Find out all the command line options: hvremote /help or hvremote /?


usage


and a couple of client side options:

4. Client: Add firewall exception for MMC: hvremote /mmc:enable
5. Client: Allow anonymous access to Distributed COM: hvremote /AnonDCOM:grant


I’ve tried this out with a a lot of test “guinea pigs” internally at Microsoft, and using the script literally dropped their remote configuration time down to seconds. Hopefully it will do the same for you.


But I must also point you to the disclaimer on my blog, the disclaimer in the documentation, and the license conditions at http://code.msdn.microsoft.com/HVRemote before use:



HVRemote and the associated documentation are provided “as-is”. You bear the risk of using it. No express warranties, guarantees or conditions are provided. It is not supported or endorsed by Microsoft Corporation and should be used at your own risk.


Cheers,
John.

Comments (282)

  1. Anonymous says:

    While working on the next version of HVRemote yesterday evening, one of the things I wanted to address

  2. Anonymous says:

    Performance Tuning Guidelines for Windows Server 2008 Hyper-V Release Notes Planning for Hyper-V Security

  3. Anonymous says:

    Hyper-V How to: Configure Hyper-V Remote Management in seconds John’s blog post describes his HVRemote

  4. Anonymous says:

    Just the other day my colleague – John Howard – made a new tool available to the world.  HVRemote

  5. Anonymous says:

    Dear John,

    Firstly – you should have more vacation time!

    I basically gave up on HyperV some months back – as try as I may, I could not get the remote mgmt working – on a core install. Also, for the life of me, could not see why you would run Hyper V on a "Full" install – may as well use VS 2007/VMW’s free server product!

    This is a tremedous tool~ it seems to address all the "overlooked/missing" functionality in the Core/HyperV scenario.

    I lost track of the hours I wasted on this previously – and as a small shop, time is never in any real abundance…

    Many thanks for a great piece of work

    Rob

  6. Anonymous says:

    After my post a few days back, talking about the availability of both Windows 7 Client, and Windows Server

  7. Anonymous says:

    NoClue – the easiest way is to assign static IP addresses and edit the windowssystem32driversetchosts file to ensure each machine can resolve each other by name.

    Thanks,

    John.

  8. Anonymous says:

    Matt – this sounds like a networking DNS issue rather than Hyper-V config. Remote management works fine from a domain client to a workgroup if configured correctly. I do it all the time…. 🙂

    Can you verify by posting back:

    – Output of ipconfig /all on both client and server

    – Output of hvremote /show on both client and server

    – Output of an attempt to ping by *name* client from server and server from client

    – Output of an attempt to ping by *ip* client from server and server from client.

    One other question: Do you have IPSec policy being applied to the domain joined machine, or any other additional firewall software installed?

    Thanks,

    John.

  9. Anonymous says:

    Performance Tuning Guidelines for Windows Server 2008 Hyper-V Release Notes Planning for Hyper-V Security

  10. Anonymous says:

    Hi Reuben, glad you got the remote management issue resolved. By all means, drop me a line using the contact me option at the top if you’re having problems with a child partition running DHCP. It does work – have done it many times.

    Thanks,

    John.

  11. Anonymous says:

    Patrick – actually, I just installed a machine with Windows Server 2008 (ie with Hyper-V beta) and enabled the role/management tools, tried this and could not reproduce, so I’m a little stumped now. Can you post the entire output of hvremote /show, and confirm which version of HVRemote you are using.

    Thanks,

    John

  12. Anonymous says:

    Got this question twice this week so I’d say it is blog worthy.  How to configure a Hyper-V server

  13. Anonymous says:

    Pedro – interesting, I’ve not had this reported before or come across a situation where that is the case. Can you provide any more information about under what circumstances you have hit this – what version of Windows Server (or Hyper-V server), whether you have a reliable repro of this to diagnose, any other software installed on the machine, anything unusual in any way etc. The key should be present as part of a base Windows install which is why I’m really surprised if it wasn’t present.

    Thanks,

    John.

  14. Anonymous says:

    @Sem – USB key and copy <drive>:hvremote.wsf to c: drive, or net use to a share where it's located. etc.

    John.

  15. Anonymous says:

    Crai – you should not need to disable the firewall on the Hyper-V Server, and I would absolutely not recommend that you do. I’d be very  interested in finding out what’s going on in your configuration – if you have time to re-enable the firewall, verify it doesn’t work and run hvremote /show on both the client and the server and post back (or email me using the link at the top) the results, it will give me a much better idea and whether there’s something else I need to add to hvremote. It would also be helpful if you could run an ipconfig /all on both boxes and verify that DNS is operating correct in both directions by trying to ping the client from the server and the server from the client to verify that the IP addresses that the ping is trying to hit matches that shown in the ipconfig.

    I suspect strongly though that this is an IP address mismatch from the server to the client.

    Thanks,

    John.

  16. Anonymous says:

    Народ начал активно устанавливать и использовать виртуализацию Hyper-V, особенно бесплатный Microsoft

  17. Anonymous says:

    JDM – as this uses WMI, the range of ports will be significant as the DCOM callback from the server to the client uses a broad range of ports. For that reason, I do not recommend you use a firewall between client and server. Depending on your needs, it may be more beneficial and secure to have a client sitting in the same LAN segment as the server. Certainly I do not recommend putting Hyper-V Management open to the Internet if that is your plan. The use of an RD Web to publish the management tools would be a secure way of allowing this (in fact, that's what I personally use).

    Thanks,

    John.

  18. Anonymous says:

    Worked first go. Thanks.

  19. Anonymous says:

    Eric – Glad you got further. Sounds like you didn’t reboot possibly? If you’re still stuck, send me the hvremote info. That will probably provide the missing answer.

    Thanks,

    John.

  20. Anonymous says:

    Eric – the VMMS service runs on the Hyper-V Machine –  it sounds like you are checking the vista client rather than the server? Even "sc query vmms" on the server gives nothing back? If you’re still stuck, please post back

    ipconfig /all on both client and server

    Attempt to ping by name client from server and server from client

    Output of hvremote /show on both server and client

    Result of sc query vmms on server (just in case)

    Thanks,

    John.

  21. Anonymous says:

    I&#39;ve seen folks disabling the Windows Firewall on Hyper-V Server and on Windows Server Core in order

  22. Anonymous says:

    John Howard из компании Microsoft, который является Senior Program Manager в группе разработки Hyper-V,…

  23. Anonymous says:

    Pål – Thanks. I wish I had a better answer for you, but I don’t except the age old answer of a balance of time and resources.

    Thanks,

    John.

  24. Anonymous says:

    Ron – unfortunately this is not possible. It’s inherent in the way in which WMI traffic is unable to pass through a routed network in that manner (at least that’s what I’m told by the WMI/DCOM team – we rely on their technology under the covers). The two solutions I recommend are either a VPN as you state, or to publish the Hyper-V management applications on a Terminal Server gateway.

    Thanks,

    John.

  25. Anonymous says:

    John. Can you help? I have created a group which I have nested a test user in. This group was then used to update the DCOM, AZMAN and WMI settings as shown in the article. However, I cannot connect to my Hyper-V server via a Win7 client – It keep reporting the VMM service is not available. I used the script hvremote to test that all was correct from the client to server and vice-versa. All tests passed without an issue. I did have DCOM errors on the client, but that was corrected by running hvremote mmc. I have the firewall disabled at the moment, and have even ensured the firewall rules were updated on client and server, but nothing changes. event logs show no errors!!!! help. if you need them, I can do the hvremote debugs. if so, do I post them to this forum? or send them direct to you via mail?

  26. Anonymous says:

    In my last post on installing Hyper-V for my home setup I said I had a number of issues.&#160; One was

  27. Anonymous says:

    Sinisa – can you post the full output from hvremote? Is the RRAS error coming from HVRemote or something else (as HVRemote doesn't have any interaction with RRAS that I can think of). The more info the better…

    Thanks,

    John

  28. Anonymous says:

    Joel – this will be because your local administrator account cannot resolve domain accounts as it has no authority in the domain. There are three workarounds.

    1. Logon to the core box with a domain account which is also a local administrator on the box (hence ensuring you can get an elevated command prompt).

    2. Continue logging on as local admin, but enter runas /user:domainuser cmd where user is also a local admin on the core box to get an elevated command prompt.

    3. (Need to confirm) If the local administrator account has the same password as domainadministrator, it should work as-is.

    Thanks,

    John.

  29. Anonymous says:

    John W – it would have been a lot more useful if you could have provided the output of hvremote /show on both boxes….

    Thanks,

    John.

  30. Anonymous says:

    Colin – the ranges of ports is relatively large due to WMI and DCOM not being particularly firewall friendly. I confess though, I don’t have the list of default ports easily to hand. However, if there really is a firewall inbetween these two boxes, that will almost certainly be a problem for remote management – to the best of my knowledge, most firewalls cannot pass RPC/DCOM/WMI traffic cleanly through them. Let’s see what your network folks say first.

    Thanks,

    John.

  31. Anonymous says:

    (To followup for others…) I got the information from Hilton and a TS session onto the boxes. In this case, the laptop was domain joined rather than non-domain as mentioned above, and the server was in a workgroup. The missing piece was needing to run cmdkey on the client in this scenario.

    Cheers,

    John.

  32. John Howard -MSFT says:

    Jeeves – how did you add yourdomainrmanak? There’s some oddities which I’ve never seen before on the server output.

    It’s showing \DAG-VMACHINErootcimv2:Win32_UserAccount.Domain="XXXX",Name="rmanak" under both DCOM and Hyper-V Administrators.

    Whereas I would expect it to be saying simply yourdomainrmanak. I’ve just verified on a domain joined 2012 R2 server, and that’s the output I get here on a working configuration.

    (You also have two NICs on the same subnet on the server both with default gateways. That’s generally not recommended, or at least in years gone by, it never used to be, although I’m not authoritative on that subject. But I am somewhat doubtful that is the
    problem regardless, it looks like it’s hitting the right place from the client. Although an easy step would be to disable the .83 NIC on the server. You may need to restart the VMMS service to ensure it binds correctly after that (or reboot the server if an
    option)).

  33. Anonymous says:

    Bob – do you have KB950050 installed on the server machine acting as the client too?

    Thanks,

    John.

  34. Anonymous says:

    TomH – I’m not even sure where to start with this one – I can’t think of anything HVRemote would change to affect SQL operations. I’ve asked around internally, but TBH, I don’t know many SQL experts to ask where to begin diagnosing it. If you reverse the changes made by HVRemote (ie /remove rather than /add), does SQL start operating normally again?

    Thanks,

    John.

  35. Anonymous says:

    Hilton – you also need to run hvremote /mmc:enable on the client as well (if it wasn’t enabled)

    I think the best way to try to solve this is if you can email me (preferred) using the link at the top or post up

    – the output of hvremote /show /debug:verbose on both the client and the server

    – ipconfig /all from the server AND the client

    – output of ping <server> from client (will fail, but I want to check the IP addresses are correct and there’s no a DNS issue)

    – output of ping <client) from the server

    – Verify through wbemtest: On the client start/run wbemtest; hit connect and enter \servernamerootcimv2. Also try using IP addresss ie \ip.dotted.add.ressrootcimv2 of the server. Does that connect?

    (TBH – I’ve no idea about the WU update. There’s nothing unique to Hyper-V Server in terms of how updates are applied. Let’s get the remote management working first – I’ll see who I can find to help with WU seperately).

    Thanks,

    John.

  36. Anonymous says:

    Very useful.

    Thanks John!

    Giorgio

  37. Anonymous says:

    Julian – it depends. In some ways, if it is only you accessing the remote server, then you could use cmdkey to use the built in administrator account to authenticate from the client to the server. However, for best practice, I would probably recommend you just create a single non-admin account on the server (which can optionally match username/password to the client in which case cmdkey is not needed) and configure the client cmdkey option to authenticate as that user.

    Thanks,

    John.

  38. Anonymous says:

    ReubenC – If it’s still not working, can you post

    – the output of hvremote /show from both the server and the client machine,

    – the output of ipconfig /all on both machines

    – username you are using.

    – contents of /windows/system32/drivers/etc/hosts on both machines

    I’m assuming the usernames and passwords are the same on both machines…..  

    I assume also you’re in a workgroup(?) rather than domain and have run hvremote /add:user on the server, plus the hvremote /mmc:enable and hvremote /anondcom:grant on the client machine?

    Any other info about your setup would be useful. With the tool, should be pretty easy to diagnose 🙂

    Thansk,

    John.

  39. Anonymous says:

    Matt – good news. Glad it’s sorted 🙂

    Cheers,

    John.

  40. Anonymous says:

    Chrisouth

    It is not necessary to disable the firewall to connect (I assume by connect, you mean connect using Hyper-V Manager, which does not BTW need ICMP Ping to operate).

    What did you mean by "connect"? I would strongly recommend you turn the firewall back on in the meantime.

    If "connect" meant for example, to be able to TS/RDP to it, the instructions for that are in the server core guide: http://blogs.technet.com/jhoward/archive/2008/03/29/idiots-guide-to-server-core-aka-server-core-installation-option-of-windows-server-2008-step-by-step-guide.aspx. I deliberately avoided putting "features" into HVRemote which were not specifically for Hyper-V remote management (although I did fail in one case).

    Thanks,

    John.

  41. Anonymous says:

    Derek – have you already created the account "derek" on the server itself? HVRemote doesn’t create user accounts, the /add option adds a pre-existing account access to the necessary configuration items to allow Hyper-V remote management to work.

    Thanks,

    John.

  42. Anonymous says:

    John – got it working now!

    Thanks for your advice.

    After all attempts I can only summarize what I did not  completely understand initially in your .PDF doc. and what (I think) caused my breakthrough. Hope this helps for other readers.

    ENVIRONMENT:  a domain client (Vista SP1) and a WORKGROUP WS2008 server with Hyper-V role enabled (parent).

    My Hyper-V server has a static IP address 192.168.1.1

    Not relevant but  I have additionally SBS2008 as a child with DHCP server (sbs2008 does not like any other dhcp servers in its subnet).

    1. follow the instructions in the HVRemote .PDFdocument  for client and server

    2. on the server, invoke: HVREMOTE /add:userID to grant "userID"  access. "userID" is a local server user that has been defined on the server thru Control Panel/add user. I made userID an administrator (not sure if this is required)

    3. on the client update the hosts file (/windows/system32/drivers/etc/hosts) as 192.168.1.1 SERVERname

    4. on the client, in a cmd-window, issue:cmdkey /add:SERVERname /user:SERVERnameuserID /pass where userID is exactly the same as on the server. You are then prompted for the password of userID.

    5. Definitely re-boot both client and server

    6. Start Hyper-V Manager.

    Then you should see the much anticipated virtual machine panel.

    Hope these additional comments are useful.

    Happy Holidays, -Eric

  43. Anonymous says:

    Jay – this isn’t an error I’ve seen before. If you are the local admin running elevated, it sounds like somehow the security permissions have got wacked somehow on the namespace to local admins. If this is a full install of Windows Server, can you put local admins back following the manual steps for remote management configuration. Is there anything which you can think of which would have changed? (Domain membership, for example?). I’m kind of stumped on this at the moment.

    Thanks,

    John.

  44. Anonymous says:

    Hi John,

    Just wanted to give you feedback and lots'o'thanks — I've used your tool and it works perfectly. As a personal project I've set out to build a low-power, well performing three-node-cluster based on Hyper-V Server 2008R2 and hvremote came in really handy!

    I've described to whole process from goals, components to building and configuring the cluster (and the challenges I run into because of those goals) on

    http://www.mdg4projects.nl/technotes

    and of course gave you credits and link-back in the post where I used it 🙂

    Question — I've read your comment on using hvremote and SCVMM. As I have used hvremote on the clusternodes and I'll be installing SCVMM2008R2-SP1, does the normal Microsoft (server) remote  management tooling (other than SCVMM) still work as it does now?

    The clusternodes are part of the domain.

    Thx,

    Ray

  45. Ross2009 says:

    Last January I used this tool to get my desktop setup and it worked fine. I did have to edit the hosts file manually as the server was otherwise not pingable. Now I am trying to get it to work with my laptop. I am in a workgroup, and am not using active
    directory / domain. I setup a local user on the laptop with the same name as my desktop, and the same password. However I am getting rejected and HVRemote error indicates that the user might not be setup on the server. So my question is, with two different
    machines, that happen to have the same username and password, does this create a problem for the server to validate the credentials? Or should it work? The other thing I was going to check was whether the server can find the Laptop, but I thought I would ask
    if the above setup is an issue. Thanks, Ross

  46. Anonymous says:

    昨年の 8/21 に書いた投稿の続きです。 「このタスクを完了するために必要なアクセス許可がありません。このコンピュータ ‘xxxxxxx’ の承認ポリシーの管理者に問い合わせてください。」の Workgroup

  47. Anonymous says:

    Prahalad – nope, can’t explain that one, sorry. WSRM shouldn’t affect Hyper-V remote management. I suspect the reboot is the more likely cause – the output of HVRemote after you /add (it’s a bit clearer in the docs) says that you may need to reboot both machines if it’s the very first, and generally only the very first time – something I haven’t dug into to understand fully why that is the case though. It’s a curious problem, but time to investigate eludes me…….

    Glad you got it working.

    Cheers,

    John.

  48. Anonymous says:

    Patrick – it sounds like either you don’t have permissions to the hvremote.wsf file itself, or possibly a policy blocking execution of scripts?

    Does running icacls hvremote.wsf indicate you have access to it? Can you "notepad" it. What about if you do type hvremote.wsf > test.wsf and run cscript test.wsf instead (assuming you have read access to the file).

    Thanks,

    John.

  49. Anonymous says:

    Jeff H. Yes, I probably over emphasised the point of matching user names/passwords as you can overcome that using cmdkey as I used in the last part. As for being an administrator on the server – to do the server configuration steps you have to run elevated.

    It sounds like either you’re logged in as the local administrator, or domain administrator in which case on Server 2008 command prompts are normally elevated. If that isn’t the case, UAC could have been turned off either though domain policy or from the Control Panel/User Accounts applet.

    For the last part though, I’m truly stumped as to why you log in as one user but whoami returns a different account. I’ve never heard of this one before. The account you use on the client (particularly in a workgroup) is orthogonal to the account you add on the server – and I guess you are in a workgroup here due to the ability to use cmdkey. For WG, you should create a standard user on the server who does not have admin rights and when logged on as an administrator on the server, add the newly created user accounts the rights. (Note: Make sure a password is set for the new account). Then on the client, either have a matching username and password and it will "just work", or logon with a different username and use cmdkey to authenticate to the server using the credentials of the new user account you created there.

    Hope that makes sense!

    Cheers,

    John.

  50. Anonymous says:

    Chundra – unfortunately neither of these are possible in Hyper-V. 1 can be somewhat mitigated through using using scopes in AZMan if the restriction of one user per VM is an option.

    Thanks,

    John.

  51. John Howard -MSFT says:

    Do you mean Server 2012 or Server 2012 R2? Windows 7 cannot connect to 2012 R2 by design. Windows 7 to 2012 should connect if appropriate configured, although it’s not officially supported – full functionality can only be obtained when you’re using matching
    client and server as the downlevel client doesn’t know about new platform features. As always, the output of /show /target:otherboxname from both client and server is really the best way to diagnose (assuming it wasn’t a typo on 2012 vs 2012R2).

  52. Anonymous says:

    Patrick

    Same as for my response to Zoltan: what are you getting access denied to? Can you provide the output you are getting? (hvremote /show) Are you sure you are running from an *elevated* command prompt (ie one that says "Administrator:" in the title bar, not just as an admin?

    BTW – if you use v0.3, it will tell you if you are not running elevated as well (not sure if you’re using 0.2).

    Thanks,

    John.

  53. Anonymous says:

    Prahalad – Not something I’ve had reported before.

    To be clear, you’re hitting this on the "client" machine which is a domain joined 2K8 box (as opposed to on the workgroup server core machine or "server" machine).

    Do you have the Hyper-V role enabled on the "client" machine as well? It sounds like you must have as it would only go down the path to this output if it determined that the role was enabled (or of course, I have a bug 😉 ).

    Have you tried adding /mode:client to the when running hvremote /show on the "client" machine?

    Do you only get this if you are a domain user with domain admin rights? You mentioned it works OK with a local account, but what about a domain account which does not have domain admin rights?

    Is this also using HVRemote v0.6?

    Thanks,

    John.

  54. Anonymous says:

    On Windows 8 you need to install the applicable RSAT tool – x32 or x64. From the server manager you need to provide an alternate set of credentials and then manage via Hyper-V management launched from within the new WIndows 8 RSAT client.

    @ Microsoft – you guy's need to post some Hyper-V standalone video's to better explain how to setup.

  55. Anonymous says:

    Patrick – Yes, I think you’ve hit what a couple of other folks have also hit – a bug in my script 🙂

    Try installing KB950050 on the "client" server (Hyper-V RTM update) and retrying.

    Thanks,

    John.

  56. Anonymous says:

    Hi Hans – sure. Apart from the "I haven’t done any testing with SCVMM in the picture" answer, there is at least one very good reason. SCVMM replaces the default authorization store with one which they maintain. Any changes made by this tool made to their store would (as I understand it, but I’m not on the SCVMM team) be overridden regardless by their agent (or a combination of the SCVMM server pushing policy down through their agent). For this reason on my list for v0.3 is a hard block if it is detected that the server is being managed by SCVMM.

    Thanks,

    John.

  57. Anonymous says:

    Pieter – yes, it does.

    Cheers,

    John.

  58. Anonymous says:

    Craig – when you say in a hosting facility – you mean as in somewhere out on the Internet with firewalls and routers and stuff inbetween it and the client machines, correct?

    Hyper-V remote management is build on WMI and DCOM which don’t generally traverse those types of networks as you would have to have the Internet facing servers with many many ports open which is not a good thing. In those scenarios, the best solutions are to limit the number of ports open on the servers and manage if possible through an RDP connection to the server, or publish Hyper-V Manager and VMConnect through a TS gateway.

    Thanks,

    John.

  59. Anonymous says:

    James – I’m guessing (?) you’re an MVP if you have access to 7057 and 7068, or part of a TAP program? What I suspect you’re hitting is actually something quite different and a different bug which affected several winmain builds post 7000 (I’d need to verify, but believe 7068 was the last build before the fix made it’s way into winmain). I’m assuming you’re in a workgroup – the bug was not present in domain to domain configurations. There is a horrible workaround, far too long to type up. Realistically, you need to wait for a later build though….. sorry.

    Cheers,

    John.

  60. Anonymous says:

    Chris – To be honest, I don’t know the answer. Let me do some digging and see what I can find. Can you confirm you can connect if you don’t change that policy? Do you have any additional firewall software installed on the client that might be blocking port 2179 for VMConnect (or 3389 for RDP on the XP box)?

    Thanks,

    John.

  61. Anonymous says:

    Tim

    This should be straightforward to get working with the HVRemote tool in your configuration. Trust me 🙂 It honestly sounds though like you have DNS issues as the primary culprit, _especially_ if you are unable to join the Hyper-V Server to your domain – that really should be the first thing you should resolve – it should "just work" and has nothing to do with remote management configuration. If DNS is wonky, you’ll get all sorts of other errors. dcdiag /test:dns is your first point of call on the DC.

    If you want me to assist once you have DNS straight, can you use the email option at the top of this page and send me

    – the output of hvremote /show on both the client and the server;

    – the output of a ping attempt from the client to the server and visa-versa;

    – the contents of the hosts files as you have modified them.

    – ipconfig /all on your DC and the Hyper-V Server

    – results of netdom on the Hyper-V Server when attempting to join the domain.

    A screenshot of the RPC error you are getting would be really useful too.

    Thanks,

    John.

  62. John Howard -MSFT says:

    Number of clients doesn’t matter. Impossible to diagnose further without the output of hvremote /show /target:otherboxname from both machines

  63. Anonymous says:

    Dipam – for the access denied, see my reply to Simon 2 or 3 entries up.

    Although hidden, ProgramData is still accessible through a mapped drive if you type it in to the address bar such as \serverSystemDrive$ProgramData….

    Thanks,

    John.

  64. John Howard -MSFT says:

    It works. See the home page for the tool – code.msdn.microsoft.com/hvremote

  65. Anonymous says:

    Jay – several hours of investigation and after talking to the WMI team here – it turns out there is a bug in Windows which HVRemote is exposing. (If you’re interested…. GetSecurityDescriptor fails for WMI namespace operations when there is an unknown SID in an ACE contained in the DACL. You get an unknown SID in there if, for example, you have a domain joined machine, add a domain account access through HVRemote, and then move the machine to a workgroup, or an alternate untrusted domain. The SID in the ACE can’t be resolved as the original domain is unavailable and GetSecurityDescriptor fails).

    But the good news is, I have a fix for it. I haven’t done exhaustive testing, but it seems to work in a repro scenario I contrived. I’m not ready to release 0.6, but if you want to use the contact me option at the top of my blog, I can send you an early copy of HVRemote 0.6 with the workaround in it.

    Thanks,

    John.

  66. Anonymous says:

    Patrick – Glad you got it resolved. Yes, you are correct about DNS being key to this working.

    Thanks,

    John.

  67. Anonymous says:

    Daniel – my recommendation if you need to manage a secure environment over an insecure network such as the Internet would be to publish the management tools over a TS Gateway such as http://blogs.technet.com/jhoward/archive/2008/02/09/terminal-services-gateway-and-terminal-services-web-access-using-hyper-v-part-1.aspx (part 2 also), or to have a secured RDP session to the server using something like ISA protecting it. However, you may have captured mouse mode if Integration Services are not installed on guests.

    I’m not sure that the credentials are passed unencrypted (I’ll have to verify that, but don’t think so), it’s more the range of ports you need open also.

    Another alternative is to use SCVMM where they tunnel management commands using WSMan rather than native WMI.

    Thanks,

    John

  68. Anonymous says:

    Prahalad

    If your "client" is a 2K8 box with the Hyper-V role added, you will need to add /mode:client to all client commands to HVRemote as it will assume it’s the server if it detects the role. That’s probably why it worked with client2 – nothing in HVRemote or remote management configuration should be affected by what’s installed on the client machine.

    So if a client is domain joined and the server is workgroup, you need to treat this the same as you would a workgroup to workgroup scenario. But you can still use a domain account on the client machine rather than a local account which matches the account name on the server if you use cmdkey.

    That means:

    – Local account on the server

    – On server hvremote /add:localaccountname

    On client

    – Login as the domain user you want to grant access. From an elevated prompt:

    – hvremote /mmc:enable    (plus /mode:client as above)

    – hvremote /anondcom:grant (plus /mode:client)

    —note anondcom:grant is required as server is workgroup

    – cmdkey /add:servername /user:servernameserveraccount /pass

    That should be everything.

    Glad you found HVRemote useful 🙂

    Cheers,

    John.

  69. Anonymous says:

    Arnie – sort of is the answer. I haven't made a truly compatible version available yet, although it should work in a less than ideal way (as in by luck rather than foresight).

    Thanks,

    John.

  70. Anonymous says:

    Sean – this GetTrustee error is expected. The server is in a workgroup therefore doesn’t know anything about domain1username by definition.

    You’re doing the correct thing in the second part. Assuming the password is set (as opposed to blank), I would need the output of hvremote /show /target:othercomputername from both machines to validate the configuration. You could also validate using wbemtest to connect from the client to the server’s \serverrootcimv2 and \serverrootvirtualization namespaces using the credentials of the local account you created on the server.

    Thanks,

    John.

  71. Anonymous says:

    Colin

    Yes, let’s start with the output of hvremote /show on both the client and the server. Are you on a VPN or a routed subnet different between the client and server – firewalls in between, or even a different firewall on the client?

    I would still strongly suspect DNS, so if you can also post up ipconfig on both machines and the attempt of the ping client from server and server from client, it would give me peace of mind to see the output.

    Thanks,

    John.

  72. Anonymous says:

    Colin

    Can you verify you are using the same password for user ccx004 on both the client and the server. It may also be worth checking whether or not you have a set of cached old credentials for that user stored in cmdkey (use /list). The other thing I noted is that the server has two IP addresses: It also has 10.255.5.1. Can you try disabling that adapter in case traffic is going through a wonky route causing the problems.

    Otherwise, it all looks OK. Could it be possible that there is a firewall also between the two machines on your network blocking some traffic? Let’s cross that bridge after you verify the first set above.

    Thanks,

    John.

  73. Anonymous says:

    Thanks Jeff

    For the firewall side, the script manipulates the Hyper-V rules on the server. In addition, it can manipulate the server side WMI management, but that isn’t strictly necessary (I should remove it probably). It doesn’t change any other firewall groups as they are not needed for Hyper-V Remote Management itself.

    Client-side, it manipulates the firewall for the MMC exception, and for the built-in Hyper-V rules.

    Other than that – the steps it does are

    – Add/remove users to Distributed COM Users group; AZMan (as an administrator); The two WMI namespaces. This is server side

    – Allows config of remote DCOM access on the client (optional depending on workgroup-ness)

    To all intents and purposes, the script implements everything needed for remote management. You should not need to perform any additional steps unless you start needing more granular AZMan settings.

    Cheers,

    John.

  74. Anonymous says:

    John – thanks for your quick response.

    Seems ‘I’m halfway!

    Updated the host file to force name/IPv4@ resolution and used cmdkey (again).

    Then invoke Hyper-V Manager.

    My error is now "Access denied. Unable to establish communication between WSHYPERV and ERIC-PC".

    The names are OK for server and client.

    Good news is that I get the actions pane and I can look at the remote Hyper-V settings, virtual network manager.

    But if I hit the Refresh link, the message "loading Virtual machines"  is displayed and does not finish and locks the window more or less.

    I use OneCare as firewall at the client – I turned if off  – no luck.

    Will use the troubleshooting list further.

    Enjoy your vacation! -Eric

  75. Anonymous says:

    Recentemente o Senior Program Manager do Hyper-V (John Howards) liberou uma ferramenta por linha de comando

  76. Anonymous says:

    I have been getting people asking where I’ve been and why I haven’t been posting very often (or very

  77. Anonymous says:

    Mijn vorige blogpost over het installeren van Microsoft’s Hyper-V Server 2008 was een lap tekst met plaatjes

  78. Anonymous says:

    In my last post on installing Hyper-V for my home setup I said I had a number of issues.&#160; One was

  79. Anonymous says:

    HVRemote: Configure Hyper-V Remote Management in seconds Feed: System Center Guide Posted on: Wednesday

  80. Anonymous says:

    RichC – HVRemote only manipulates the remote management settings to enable Hyper-V Manager and VMConnect. You should be able to launch Hyper-V Manager directly from administrative tools. If you are on a full install of R2, to enable server manager remotely as well, there is a link on the front page of server manager when logged in physically (or over RDP) "Configure Server Manager Remote Management". Alternately, if you are on a core installation, use sconfig to enable server manager remote management.

    Thanks,

    John.

  81. Anonymous says:

    Deniz – see my comment above. That should get server manager working removely.

    Thanks,

    John.

  82. Anonymous says:

    Doug – you are probably hitting a known issue in Win7 pre-release. It certainly affected RC client builds connecting to some server builds (can’t recall specific numbers though). At this point with Win7 having hit RTM a while back and GA very soon (and available on Technet/MSDN), you really need to re-install with Win7 RTM where the bug has been fixed.

    Thanks,

    John.

  83. Anonymous says:

    Shan

    I’m a little confused by the explanation of your configuration. Could you post back on a failing setup: hvremote /show from the server; hvremote /show from the client; ping attempt by name from the server to the client and visa-versa. That will tell me what I need to know.

    However, there is something interesting in the output above which has nothing to do with HVRemote. Has the server at some point been managed by SCVMM (or currently is being managed by SCVMM)? HVRemote doesn’t put VMs into scopes, whereas SCVMM does. I think the event log is a red-herring especially now it indicates the VM has been placed back in the default scope.

    Thanks,

    John.

  84. Anonymous says:

    Steve – all changes are back-out-able. Instead of /add for user, use /remove. For each and every other command, there are similar do/undo options. Please see hvremote /? output, or the PDF with the full documentation. It's all there.

    Cheers,

    John.

  85. Anonymous says:

    Riccardo – unfortunately no this is not possible if the server is behind a NAT gateway. You have to manage from the same network. You could for example publish the management tools from an RD/TS gateway, or have a VM or other machine on the same network you could TS to for running the MMC.

    Thanks,

    John

  86. John Howard -MSFT says:

    Server 2008 R2 is the server version of Windows 7 client. Hyper-V Manager in that release will be unable to configure Windows Server 2012 R2 Hyper-V.

  87. Anonymous says:

    Patrick – we had someone here verify that those KBs didn’t break remote management, and I can’t think of a reason looking at those updates why it would impact it in any way. If you have a broken system again, posting up hvremote /show /target:othercomputername from each box would go a long way to determining what the issue could be.

    Thanks,

    John.

  88. Anonymous says:

    Zoltan – what are you getting access denied to? Can you provide the output you are getting? (hvremote /show) Are you sure you are running from an *elevated* command prompt (ie one that says "Administrator:" in the title bar, not just as an admin?

    You get RPC errors 99% of the time when there is a DNS issue. Try pinging server from client and other way around. Verify that the IP address each is pinging matches the output of ipconfig on the other box. It will probably be the server not having the clients IP address. See my article on managing Hyper-V over VPN where I went into a lot of detail over this.

    Thanks,

    JOhn.

  89. Anonymous says:

    David – take a look at the response to Simon further up the comments.

    Thanks,

    John.

  90. Anonymous says:

    Doug – replying to your earlier comment, yes, you can manage from one workgroup to another workgroup using HVRemote.

    Thanks,

    John.

  91. Anonymous says:

    Simon – That’s good feedback, thanks. If you open the properties of hvremote.wsf, there’s a security checkbox somewhere on one of the tabs (I have a screenshot somewhere but not to hand) which basically says that you can’t execute it as it originated from another computer. So far, the only people I’ve found who have downloaded it who have that checkbox checked is people using Firefox, but I’m not sure why – I haven’t had a chance to dig. Would that be the case for you too?

    As for IP address, unfortunately, DNS or a name resolution is needed and sure, I’ll follow up on the documentation (and file a bug to get it working by IP – no promises though on the resolution of it.)

    Cheers,

    John.

  92. Anonymous says:

    Peter – please post the output of hvremote /show /target:otherboxname from both boxes, but following the guidance it gives for warnings or errors first.

    Thanks,

    John.

  93. John Howard -MSFT says:

    See my comment 4 up.

  94. Anonymous says:

    @Christopher – unfortunately, it’s not quite that simple…. (as you can probably imagine!), but thanks for the feedback.

    Cheers,

    John.

  95. Anonymous says:

    Thanks Libis – looks good. Can I ask though that you do not package hvremote.wsf in your distro though and point people to the master download site instead?

    Thanks,

    John.

  96. Anonymous says:

    @Brian Q – you get the RPC error most commonly when there is a problem with DNS/name resolution. When it’s in a failed state, verify that a ping by name in *both* directions is attempting to hit the correct IP address. Are you on a network where IP addresses are changing frequently.

    (I’m assuming that by "sleep" you just mean you get the cannot connect message after a period of time, nothing to do with putting the client itself to sleep.)

    Thanks,

    John.

  97. Anonymous says:

    Eric – this scenario does work with a limitation which is a bug in Windows Server 2008 WMI (fixed in SP2) which means you may have to hit refresh in the Hyper-V MMC as state change notifications for VMs (running/stopped etc) are not received. However, it sounds like ou’re not even close to that far yet. That warning messsage I put in is for the case of a domain client pointing at a workgroup server so isn’t relevant here.

    What is the exact error you get in Hyper-V manager. What does the output of hvremote /show on both the client and server show? Can you ping *BOTH* ways *BY NAME* and hit the right ipv4 address (even if the firewall blocks the ping itself) to verify DNS? Do you have other firewalls which might be getting in the way? Have you checked the troubleshooting section of the hvremote document?

    (Please note I’m on vacation so may be slow to respond….)

    Thanks,

    John.

  98. Anonymous says:

    Paul, thanks.

    Kudos for your experimentation, but I think it is futile. Sorry to say! 🙂 You’re heading in a direction which is well into the realms of unsupported and untested. Changing the account under which the service runs may cause all sorts of side effects (I can think of at least one).

    In a domain environment, to access a network ISO, you need to add the machine account to the share for read permissions (ie domainmachinename$). On top of that, if you are remotely administering the Hyper-V server, you need to setup constrained delegation. However, I’m 99.8% sure that you will not be able to get ISOs on a network share to work in a workgroup setting, and to the best of my knowledge, there isn’t a workaround for this apart from copying the ISO locally. Sorry!

    Cheers,

    John.

  99. Anonymous says:

    John W – can you give me the exact command and exact error you’re hitting? If it is a GetTrustee Failed type message, it’s possible you’re hitting a bug in HVRemote which was fixed in 0.6

    Thanks,

    John.

  100. Anonymous says:

    Patrick

    Yes, I think I know the issue (looking at the code only – haven’t had a chance to 100% verify, but I’m 99% sure). Quickest fix for you would be to a small manual edit to the script in notepad. The real fix is a little more involved though….

    Remove the following block of code and that will bypass the Vista client check and get you moving forward. I’ll fix it properly in the next release.

    >>Start delete

       ‘ Do Vista checks

       if (NO_ERROR = lReturn) and _

          (glClientServerMode = HVREMOTE_MODE_CLIENT) and _

          (gbRunningOnWin7 = False) Then

           lReturn = DoVistaChecks(oWbemServicesCIMv2)

       end if

    >>End delete

    Let me know how you get on.

    Thanks,

    John.

  101. Anonymous says:

    Matt & Patrick – re this setting on the general tab. Any chance you can send me a screenshot?? On a Vista SP1 box, I don’t see that setting. Where are you downloading the file to – a local drive, a network share,….. ? And from what OS? If I can repro it, I’ll add it to the list of FAQ in the documentation.

    Thanks,

    John.

  102. Anonymous says:

    Derek – apologies, didn’t spot you comment until now. I’m no expert in workgroup name resolution by any means. I would recommend you configure static IP addresses and ensure the host files are correctly configured on both (or all) systems. You would need to enter an entry for the server on the client, and the client on the server.

    Thanks,

    John.

  103. Anonymous says:

    Birty – netsh firewall set icmpsetting 8 will do this. You don’t need to allow ping to be able to remotely manage Hyper-V hence HVRemote doesn’t open the firewall for this.

    Thanks,

    John.

  104. Anonymous says:

    Hi James – glad you got it resolved, but I believe you’ve fixed it the "wrong" way…. HVRemote only opens the firewall ports needed for Hyper-V Remote management, not for other traffic such as ping. I’m wondering whether you ended up turning the firewall off on the server? I’d be interested if you could undo that command, and if remote management still fails, send me the output of hvremote /show on both the server and the client, plus the ping attempts by name of server from client and client from server (ignore the failure – I’m more interesting in validating the correct IP addresses).

    Yes, I work on the Hyper-V engineering team, so have plenty of influence, but this will still be almost identical in configuration steps for Windows Server 2008 R2. I’m also working on a new version of HVRemote which will make this configuration even easier – more will follow on my blog soon, I hope.

    Thanks,

    John.

  105. Anonymous says:

    I cannot connect with HyperV Manager in the case of domain user and workgroup HyperV server.

    The domain is a SBS2008 child with HyperV as the parent.

    The client is a member of the domain. I used your instructions and also the HVRemote tool without luck.

    Sometimes I get the impression that domain user connected to workgroup server is no problem. Sometimes there is a comment that this combination is not possible. For example with HVRemote /add:domainnameuser  executed on the server , I get the response "if domainname is a domain you need to be connected to the domain to make this work". I.e the workgroup server should be joined to the domain, Correct?

    However Microsoft recommends that a HyperV parent should not be part of a SBS2008 child domain, So I am hesitant to join the HyperV server to the domain.

    Any advice is appreciated. -Eric

  106. Anonymous says:

    MPW – I’m investigating why local groups don’t work in a domain joined environment. (I’ll shortly be updating HVRemote to detect the use of this condition too). You can work around it by either adding access to a domain group (with the users in that), or adding the users individually.

    Thanks,

    John.

  107. Anonymous says:

    Tony – please post up the output of hvremote /show /target:othercomputername from both computers.

  108. Anonymous says:

    Jan – glad the tool was useful and hope you hit your deadline 🙂 (Or at least have it working by now, 2 and a half weeks later!)

    Apologies though – I totally missed your comment and only just now noticed. Yes, I fixed the capitalization issue in the latest releases.

    Thanks,

    John.

  109. paul says:

    Josh,

    Great tool.  

    I’ve been playing around with Hyper-V Server 2008 in a workgroup configuration for over a week now, and I can not figure out, for the life of me, how to configure ‘Local Security Policies’, including User Rights!!!   When I launch a Group Policy Object Editor MMC remotely, it provides access to the Administrative Templates, etc, but not no local policies.

    Now, the reason I need access to local policies in the first place is that I’m trying to figure out how to configure Hyper-V to run under a different user-account (…other than local system).  The reason being is that I have several NAS devices on my network setup with SMB shares, hosting all of the necessary ISOs for use with Hyper-V.  Rather than having to copy them all locally over to the Hyper-V Server, I want to be able to mount ISOs from the SMB shares on the NAS devices from all of my VMs.  I figure by creating an identical user account on the NAS devices to the one which the Hyper-V service(s) run as, this should provide an nice solution to my problem.

    As of now, I’ve created a user called ‘HyperVService’, and added the user to the Administrators, and Remote Com Users security groups; however, when I attempt to start Hyper-V Machine Management service using this account, it errors out, claiming that the account lacks privileges.  ha…. Unfortunately, I can’t being assigning rights to the account using security policy until I can somehow gain access to it.   As a side note, I’ve already granted the ‘HyperVService’ user all authorization rights / privileges in Authorization Manager (as specified in your article).

    I apologize for the extent of this comment, but if you can help in any way, it would be much appreciated.

  110. paul says:

    Josh,

    Great tool.  

    I’ve been playing around with Hyper-V Server 2008 in a workgroup configuration for over a week now, and I can not figure out, for the life of me, how to configure ‘Local Security Policies’, including User Rights!!!   When I launch a Group Policy Object Editor MMC remotely, it provides access to the Administrative Templates, etc, but not no local policies.

    Now, the reason I need access to local policies in the first place is that I’m trying to figure out how to configure Hyper-V to run under a different user-account (…other than local system).  The reason being is that I have several NAS devices on my network setup with SMB shares, hosting all of the necessary ISOs for use with Hyper-V.  Rather than having to copy them all locally over to the Hyper-V Server, I want to be able to mount ISOs from the SMB shares on the NAS devices from all of my VMs.  I figure by creating an identical user account on the NAS devices to the one which the Hyper-V service(s) run as, this should provide an nice solution to my problem.

    As of now, I’ve created a user called ‘HyperVService’, and added the user to the Administrators, and Remote Com Users security groups; however, when I attempt to start Hyper-V Machine Management service using this account, it errors out, claiming that the account lacks privileges.  ha…. Unfortunately, I can’t being assigning rights to the account using security policy until I can somehow gain access to it.   As a side note, I’ve already granted the ‘HyperVService’ user all authorization rights / privileges in Authorization Manager (as specified in your article).

    I apologize for the extent of this comment, but if you can help in any way, it would be much appreciated.

  111. paul says:

    I appreciate such a quick response.   I searched TechNet forums, and someone was able to get it to work… …unfortunately they did not leave enough detail in the post.  Also, their installation was a full-install of 2K8, not Core, so they had direct access to local security policy for assigning account rights.  Either way, until Microsoft officially addresses this issue in a supported manner, I’m not going to attempt an unsupported work-around in any sort of production environment, so I guess there is no point looking into this further.

    On that note, what about local user rights… …as in editing local policy on Server Core or Hyper-V Server in a workgroup environment?  Does Microsoft provide a supported method for editing these policies?  

    Thanks again.

  112. Hans Vredevoort says:

    Hi John,

    You mentioned that your tool should not be used if Virtual Machine Manager 2008 is used for managing Hyper-V hosts. It does not explain why. Can you elaborate on that?

    Thankx,

    Hans Vredevoort

  113. Hans Vredevoort says:

    Thanks John,

    That’s the explanation I was looking for. As a VMM2008 user, I would appreciate a check on this as azman stores might get mixed up. I appreciate your work as I have tried all the steps in your blog and know how easy it was to forget one step, make a spelling error or some other mistake. So now you have a nice and clean solution for remote Hyper-V management from Vista an Windows Server 2008 computers.

  114. paul says:

    Hey John,

    I had already seen both of those links.  Unfortunately, neither work.  Enabling PnP interface is great for enabling Remote Disk Management, but I’m not sure what it has to do with being able to edit local policy.  I think another user points that out on the response to the post.

    As for secedit, it doesn’t work… …at least not for me.  Another user on the forum had the same experience as I did… …secedit command seems to function as expected, but no real result / policy change.   Plus, this is so inconvenient, especially when you need to enable / disable a policy one at a time while testing something until you get it to work.  Using this method, I would have to export / import a policy again and again if attempting to troubleshoot some form of security issue or rights management issue.  True, I could set up another machine using a full version of Windows 2008, but editing local policy shouldn’t be as complicated as requiring multiple 2K8 servers.  What about small businesses, or other users that either cannot afford a second license, or do not have a second server / machine available to install Win2K8 Full?   lol… Does Microsoft even think of these things when releasing their products?  

    Anyway, as always, I sincerely appreciated the quick responses, feedback, and solutions.

    I know this is a little bit off topic, but I wanted to address one other issue that no TechNet forum and / or deployment guide has seemed to address… …best practices for storage on the host hypervisor server.   I currently have set my host server to store VHD files of the VMs on separate physical RAID arrays, snapshots on another dedicated physical RAID array (snapshots for all machines stored on a single dedicated array), and VM configuration files on the system / OS array.  However, I’ve noticed that the system / OS array gets hammered, and impacts the VM system performance.  Originally, I was under the assumption that once the XML files were loaded into memory, the configuration file was no longer needed / used by the system.  Obviously, my assumption was ignorant and now I’m paying for it.   Basically, my question is:  Where should VM configuration files / data be stored in relation to VHD files?  Should they be stored together?  Should I create a separate dedicated RAID10 array for configuration files (for all machines), or does each VM require a dedicated disk per VM configuration file?  There doesn’t seem to be any "best practices" guide that addresses any of these questions (other than the recommendation to stored VHDs on separate disks).

    Thanks in advance.

  115. ReubenC says:

    Hi John,

    Execellent post, tool, etc.  your orginal post helped me a great deal connecting to a server core install I’d setup earlier in the year from a WS2008 laptop… remote mgmt worked a treat until I rebuilt the server with Hyper-V Server (same name, same IP) and now for the love of christ I can’t connect… ‘You do not have permission….’  same network, same creds, same name.. (different SID & GUID’s of course..), slowely loosing the will to live and went on a VMware seminar only last week… Vi3 looks good 😉

  116. Matthew says:

    Note for anyone experiencing the ‘RPC server unavailable’ error. If you’ve disabled the Windows Firewall service, this will give this error!

    Not sure why, but enabling it, startng, and running the script to add the firewall rule fixed the problem.

  117. Luke Edson says:

    John, you’ve outdone yourself! I do have to ask you though if you understand the concept of "vacation" though! Ha! Here’s a drink to you!

  118. Hilton Travis says:

    Hi John,

    I’m back again with the same issues that we were discussing the last time we spoke (a few months back).  🙁

    If you recall, I have a non domain connected Hyper-V Server that I’m trying to connect to from a non-domain connected laptop running Vista SP1 and the Hyper-V Management tool (and using HVRemote).

    The Hyper-V Server will not be a part of a domain because in the SMB world, with generally only one physical server, having the Hyper-V Server a member of a single DC domain which is a guest under the Hyper-V Server is not a good move.

    Also, the laptop will never be a part of the same domain that is hosted on the Hyper-V Server as the laptop belongs to our techs and the Hyper-V Server and its hosted SBS 2003|8 Server belongs to our client.

    Now, what I’ve done is as follows:

    Laptop

    ======

    1. Vista SP1, latest fixes/updates

    2. KB952627 Hyper-V Management Tool

    3. Add Local Administrative user: Hyper-V

    4. Local Hyper-V Password: "Password 123"

    Server

    ======

    1. Hyper-V Server 080912, Name = HyperVServer, Manual Windows Update, configure Region, Date and Time

    2. Enable RDP (more secure clients only)

    3. Add Local User: Hyper-V

    4. Local Hyper-V Password: "Password 123"

    I’ve downloaded, extracted and copied (via USB Key) HVRemote.wsf to the C:HVRemote folder on both the laptop and the Hyper-V Server.

    I’ve followed the documentation in your PDF and performed the following actions:

    Server

    ======

    1. cscript hvremote.wsf /mode:server /add:Hyper-V

    1a. Result: successful (all reports = OK)

    2. Reboot Hyper-V Server

    Laptop

    ======

    1. cscript hvremote.wsf /mode:client /AnonDCOM:grant

    1a. Seemed to be successful

    2. cscript hvremote /mode:client /FirewallHyperVClient:Enable

    2a. Made no changes as this was already the setting

    3. Rebooted the laptop.

    4. Opened Hyper-V Manager and connected to HyperVServer

    4a. Failed: The Computer ‘TechLaptop’ failed to perform the requested operation.

    Also, as a side note, unless I run "netsh firewall set service remoteadmin enable" on the server, I cannot connect to it via "Computer Management" and even after I’ve run this, Computer Management makes a connection but fails to allow me to connect to WMI Control with the following error: ‘Failed to connect to \HyperVServer because "WMI: Access denied"’.

    This error was exactly what we were talking about a few months back when I was unable to connect to the Hyper-V Server (that time running under WS2K8 Ent Core, this time running Hyper-V Server), so there still seems to be something wrong with the instructions/operation of HVRemote, or something major that I’m unable to see and am totally missing here.

    I’d *like* to be able to actually add guests to my Hyper-V Server and to be able to manage them, it would be a nice use of a Hyper-V Server.  😉

    (PS, The "Windows Malicious Software Tool x64 – November 2008" was shown as needed when I ran the initial WU scan, yet it failed to install.  On subsequent attempts, it also fails to install.  Any idea why this is failing to install on a brand spanking new Hyper-V Server install?)

  119. Hilton Travis says:

    Hi John,

    I ran the /mmc:Enable switch on the client – same issue after running this.  There’s no DNS issues here, but I’ll email all of the info you asked for.  The WMI Tester seems to connect (at least all boxes show as selectable), so I assume that means it is working.

    The WU was just an additional query as an extra because I noticed it.  If you can find someone who can answer it, it would be good, though – definitely not as important as not being able to see the Hyper-V Server to manage it, tho!  🙂

  120. Daniel Anderson says:

    G’day John

    Just wanted to put my 2 bobs worth in and thank you like many have already, for the GREAT Tool. I just tested it here and it worked a treat.

    Cheers

    Daniel

  121. Daniel McCay says:

    Thank you for producing this tool.

    Is the managment tool safe to use over WAN? ie. To manage a host in a datacentre?

    As I understand it I would be sending unencrypted mmc packets across the internet. Is that risky?

  122. Daniel McCay says:

    Thank you for producing this tool.

    Is the managment tool safe to use over WAN? ie. To manage a host in a datacentre?

    As I understand it I would be sending unencrypted mmc packets across the internet. Is that risky?

  123. crai hackman says:

    I had same problem, i.e. unable to ping and run hyper-v manager from client. As there is no gui on hyper-v server I ran RDP to server (after enabling on server of course) and from the cmd prompt diasabled firewall on hyper-v server with:-

    "netsh firewall set opmode disable"

    once that was done I could ping and run hyper-v manager remotely.

    Shame Hyper-V server doesn’t have Hyper-V manager for XP clients.

  124. ReubenC says:

    Hi John,

    Apologues delay in reply, have been a week of SCCM & SCOM 2007 training & exams (passed :-)).

    I’ve resolved the issue, although it appears to be a strange one am afraid, is password history related…

    During the time of rebuilding my VM host from a server core to a hyper-v server deployment I decided it was time to strengthen the Administrator password account from a standard one I’ve used for some time (we never worried too much about the Administrator as until WS2008 we have always disabled the Administrator account, but now not so simple for WS2008 🙁 but that’s another post! ;-), I also changed the password of the WS2008 laptop connecting to the Hyper-V server (both workgroup).

    I knew the laptop could connect as configured, as it was working with the previous server core deployment.  Even before using your most excellent HVremote tool I was pretty confident I’d opened everything up as needed on the Hyper-V server (I’d written up and blogged the server core commands inc. Hyper-V back in March/April when involved in the UK Hyper-V RDP – http://reubenjcook.wordpress.com/2008/04/21/windows-server-2008-server-core-setup-scripts-common-commands/).

    This morning after much banging of the keyboard, and my head! (we celebrated hard after passing the exams ;-), it came to me… try the old password… I changed both sides and instantly it worked!

    I almost cried with relief as getting this working was a pre-req to reinstating my virtualised home server with dual passthrough disks containing all of our music, video, recorded tv, and….. family photos!!! (the wife would have killed me am sure you appreciate!).

    I’ve since tested by changing the password again, and it immediately breaks Hyper-V management, change it back and voila, straight away you’re back connected.

    ..now to work on my Hyper-V guest VM being a DHCP server issue (yep 2nd NIC for mgmt), although I think that might be another blogpost! 😉

    btw, am happy to provide further info on this offline, if I’ve found an issue worth investigating….

    Very best regards, Reuben

  125. zoltan says:

    Hello

    I tried to run the hvremote on the server (core ed.), it says access denied.I logged in the admin account.

    The server is configured and work ok, except the hyper-v management from outside of the local network.Any idea?it says the wellknown rpc error.

  126. Matt Barrett says:

    Hi John

    I’ve followed along with your 5 part series, but never managed to get remote management of my Hyper V Server working.

    I’ve now just run through the process of setting up the server (from a fresh install) and the client, but I’m not having any luck, and am getting an error that I’ve not seen before.

    HVRemote works as expected on both client/server. I’ve also performed the cmdkey operation as the Hyper V server is in a workgroup, and I am trying to perform remote management from my local machine that is in a domain.

    When I try to add the remote server (via IP address), the Hyper V Manager pops up an error dialog saying, "An error occured while attempting to connec to server "<ip address>". Check that Virtual MAchine Management service is running and that you are authorized to connect to the server.

    The computer ‘<ip address>’ could not be resolved. Make sure you typed the machine name correctly and that you have network access.’

    The username and password is the same on both boxes – I’m not sure what else to try. Any help you could give would be greatly appreciated.

    We are trying to use Hyper V Server in our integration/testing labs, and those machines are not typically joined to a domain. Would I see less problems if I tried managing from a machine not on a domain, too?

  127. PatRick says:

    I am having the same issues as Zoltan, I am running an administrator command prompt.  I run hvremote /show and get access denied.  I am logged in as the local admin account.

  128. PatRick says:

    I guess I was unclear, but I am running hvremote /show

    The only output is access denied.  The command prompt says Administrator so I assume it is elevated.  The script is placed on c: and run from that location.  Logged into server as local admin account.

    Thanks for your help.

  129. Hi John, I can connect to Hyper-V Core Server with Hyper-V Manager (both in a Domain) and created VMs but I cannot access the VMs. I see the thumbnail there waiting for my input but when I click on it, I get the error that your administrator does not allow you to connect to this computer. But the thing is I have changed the local policy on the Core server to allow default Credentials with NTLM-only Server authentication. I have even put * to allow any server to connect to it. Also I put the IP address of the Hyper-V manager server as well TERMSRV/*, for good measure. I have used the hvremote tool to create a user on the Core server then logged on the Hyper-V Manager server with that account, but still it will not allow me to connect. I have enabled any Remote client to connect and added my hvremote user to the remote desktop group on the Core server.

    But what I have discovered that is really odd is that when I use Remote Desktop client from XP Pro I cannot connect to the Core server.  I get errors that the server is not on the network. But if I try and connect via the Hyper-V Manager server Remote Desktop but hold off putting in the username and password, I can actually connect via my XP Pro Remote Desktop. XP Pro Remote Desktop can now find the Core server and allow me to logon. Somehow I think this is connected to the problem I have above.

    Regards

    Chris

  130. PatRick says:

    Thanks for your responses John.  I had checked permissions before and they looked ok, I just noticed that in the general tab there was a button for unblock, I clicked it and now it is working.

    Thanks.

  131. Pål Røtnes says:

    This is a great tool! A wonderful help for someone who is tired of backtracking through your (also excellent) blog post to figure out which little thing is not done just right.

    However: And why does not MS officially develop and support a tool like this? It seems to me this is essentially what thousands of IT personell needs to get Core+Hyper-V working in a good and time-efficient way.

    Windows Core Server is a very good idea, but without a few tools like HVRemote and CoreConfigurator it would be a lot more of a hassle to set up and manage. And honestly it seems a bit rushed by the total lack of tools, when the management is so bothersome.

    Some tools like these should be built in, or at least downloadable/optional in the setup. IT people would love it and I can’t see how these tools which are basically only menus that use existing commands in the OS can have an adverse effect on security.

  132. Matt Barrett says:

    Hi John,

    Thanks for the pointer! I went back over all the settings, and found an issue when resolving the hostname from the client. It was resolving to an IP address that was bound to an interface on the server that couldn’t be reached from the client.

    Simple!

    With that fixed, everything is working – thanks for your help, and all your blog posts and the HVRemote script. We’re rolling this out much more heavily, due mainly to the fact we can get other departments up and running without a lot of hand holding.

  133. Matt Barrett says:

    Patrick and John,

    I had that same problem, too. The download process is setting a don’t execute bit on the binary – I needed to unset it on the client (with the GUI) then copy it across to Server Core again.

    Cheers

  134. Hi David,

    I only implemented the "only default Credentials with NTLM-only Server authentication" policy when I received the error "your administrator does not allow you to connect". As for firewall blocking, the firewalls on the XP box and on the Hyper-V Management server are disabled, the Core server is the only one using its firewall.

    Regards

    Chris

  135. Tim says:

    John,

    Thanks for the tool.  Like others, I have failed – basically out of time – but want to provide additional feedback on what I noticed.  Hyper-V Server is installed on a workgroup laptop.  The remote management tools on a domain joined machine.  Did all the HVRemote commands and cmdkey stuff.  Did the AnonDCOM thing too.

    In my situation, I have partial RPC connectivity.   While the HV Manager reports RPC issues, I find that I can right click on the machine and perform actions such as setting up the networking and createing a VM.  I can even see the empty VHD in the folder on the Hyper-V Server.  But from the Manager I can’t see the new VM thanks to RPC.

    Differences in my environment.

    1) I was using different user accounts.  I switched to working with the same user name but different passwords.  

    2) My DNS is funny.  This is at a home office.  DNS and DHCP come from an ISP router.  Normally I modify a machine to pick up DNS from this box and my domain controller.  I don’t seem to be able to do this in Hyper-V server.   So I opted to use the hosts file on both machines, adding both the vista machine and ADDS machine to the Hyper-V Server, and the HV Server to the Vista machine.  In working with netdom on the hyper-v server (in a failed attempt to join the domain), I determined that while machine names help significantly, only operations from the HV Server that allow me to specify the ADDS Server work.   It seems that the HV server was able to resolve that the domain exists in the enironment, but not to locate the machine itself.

    Quite frankly, I had great hope for HV-Server, but it does not meet my needs.  The bottom line is that the lack of a manager in the host partition to run and access VMs just makes it a non-starter.

  136. Hi John,

    I have to agree with Tim, without a host management to run and access VMs on the host partition, managing Hyper-V core server is an issue. So far I have spent over two weeks trying to connect to the Hyper-V core server and manage the VM I created. If I include the time of installing and reinstalling Hyper-V, setting up, rebooting and trying to get Hyper-V manager to connect, I would have had the free version of VMware working and VMs online.  The documentation you provide is wonderful, but one gets the feeling its purpose is to compensate for a lack of Hyper-V Core documentation. It is odd that when Microsoft wants one do something, it is easy, but when Microsoft doesn’t want one to do something, they make it not so easy. For example when installing System Center Virtual Machine Manager (which I could not connect to Hyper-V Core) it was easy to turn on automatic updates, it required one single click. But if one wanted to turn off sending information back to Microsoft, there was a whole list of instructions on how to do this, no single click of “opt in” or “opt out”. I get the feeling that the Hyper-V Core Server is the same, if Microsoft wanted one to use it, there be a user friendly management interface that would allow one to create and manage the VMs on the Hyper-V Core server locally. Such management options could still be in keeping with the theme of simplicity of the Hyper-V Core. However when one considers the difficulties one experiences setting up and managing Hyper-V Core Server, it makes one wonder, why is this so, why is this not so easy.  

    When I made the decision to virtualise all our College servers, being an MSCE I decided to go down the Hyper-V instead of VMware track. But the difficulties I have experience has made me turn back to VMware free version.

    Thank you for your help.

    Regards

    Chris

  137. Andrej Gregoric says:

    I had the same problem with hvremote – access is denied.

    The problem is I guess Vista Explorer download, that sets some kind of attribute for script, that suggests that this script comes from another computer.

    When you open properties of this script, you also get the message on the bottom, that says: this file came from another computer and might be blocked to help protect this computer.

    and you have radio button Ublock beside it.

    I did it on a client (Vista64 SP1), copied it to server and it is working.

    I still do not know, how to reset this attribute on server core or Hyper-V server.

    Hope this helps somebody else.

    Regards

  138. Lawrence Hsu says:

    Thanks for the script.

    spend three hours before your script and 3 minutes after the script.

    hyper-v server with 64 bit vista business( workgroup) is now connected.

    good job!

  139. Jerrold Morris says:

    John,

    Thanks to your help I connected to and set up virtual machines on server core form my Vista machine.  However I recently did an apparently dumb thing, I clicked on the option in hyper-v add hardware to add connectivity between the host machine and vm, I think as I can’t get to it now.  It was the 3rd and bottom option in the networking of vm’s.  What’s the purpose of that option?

    Now I can’t connect to server core with an error of "cannnot connect to RPC service on sever, make sure service is running".  When I check on the server RpcSs is running.  

    When I do ipconfig on both machines the default gateway is different (192.168.1.1 on server, 192.168.1.254 on client) also.

    The output from hvremote is below.

    Do you have suggestions on how to fix this?

    Thanks,

    Jerrold

    Client:

    Microsoft (R) Windows Script Host Version 5.7

    Copyright (C) Microsoft Corporation. All rights reserved.

    Hyper-V Remote Management Configuration & Checkup Utility

    John Howard, Microsoft Corporation.

    http://blogs.technet.com/jhoward

    Version 0.3 20th Nov 2008

    INFO: Computername is ZEUS

    INFO: Computer is in workgroup WORKGROUP

    INFO: Current user is zeusvmcmd

    INFO: Assuming /mode:client as the Hyper-V role is not installed

    DEBUG:    Client or Server Mode (1=Client)        1

    DEBUG:    Show mode?                              False

    DEBUG: S: AZMan Update          (1=Yes)           1

    DEBUG: S: Add or Remove User    (1=Add)           0

    DEBUG: S: Add/Remove User/Group                  

    DEBUG: S: Add/Remove Domain                      

    DEBUG: S: Doing DCOM update or display?           1

    DEBUG: S: Domain AZMan update or display          1

    DEBUG: S: Namespaces (1=Cimv2;2=Virtualizaiton)   3

    DEBUG: S: Update FW WMI Remote Mgmt (1=Yes)       0

    DEBUG: S: Update FW Hyper-V (1=Yes)               0

    DEBUG: S: Role Assignment                         Administrator

    DEBUG: C: Update FW Hyper-V Rmt Mgmt Clnt (1=yes) 0

    DEBUG: C: Update FW MMC Exception (1=yes)         0

    DEBUG: C: Update Anon DCOM      (1=Grant)         0

    DEBUG: **START HVREMOTE VERSION**

    TAG Version=0.3

    TAG Date=19th November 2008

    TAG URL=http://code.msdn.microsoft.com/HVRemote/url

    TAG BlogURL=http://blogs.technet.com/jhoward/blah-blah-something-like-this_blah.aspx

    **END HVREMOTE VERSION**

    INFO: Are running the latest version

    Server:

    Microsoft (R) Windows Script Host Version 5.7

    Copyright (C) Microsoft Corporation. All rights reserved.

    Hyper-V Remote Management Configuration & Checkup Utility

    John Howard, Microsoft Corporation.

    http://blogs.technet.com/jhoward

    Version 0.3 20th Nov 2008

    INFO: Computername is JMSERVER

    INFO: Computer is in workgroup WORKGROUP

    INFO: Current user is JMSERVERAdministrator

    INFO: Assuming /mode:server as the role is installed

    DEBUG:    Client or Server Mode (1=Client)        2

    DEBUG:    Show mode?                              False

    DEBUG: S: AZMan Update          (1=Yes)           1

    DEBUG: S: Add or Remove User    (1=Add)           0

    DEBUG: S: Add/Remove User/Group                  

    DEBUG: S: Add/Remove Domain                      

    DEBUG: S: Doing DCOM update or display?           1

    DEBUG: S: Domain AZMan update or display          1

    DEBUG: S: Namespaces (1=Cimv2;2=Virtualizaiton)   3

    DEBUG: S: Update FW WMI Remote Mgmt (1=Yes)       0

    DEBUG: S: Update FW Hyper-V (1=Yes)               0

    DEBUG: S: Role Assignment                         Administrator

    DEBUG: C: Update FW Hyper-V Rmt Mgmt Clnt (1=yes) 0

    DEBUG: C: Update FW MMC Exception (1=yes)         0

    DEBUG: C: Update Anon DCOM      (1=Grant)         0

    INFO: This machine has the Hyper-V (v1) QFE installed (KB950050)

    DEBUG: Need to connect to virtualization namespace

    DEBUG: ConnectNameSpace Entry: Namespace=rootvirtualization

    DEBUG: ConnectNameSpace Connected to rootvirtualization namespace

    DEBUG: ConnectNameSpace Exit: Namespace=rootvirtualization, RC=0

    DEBUG: Need to get the security desciptor for the CIMv2 namespace

    DEBUG: GetWin32SD(): Get __SystemSecurity

    DEBUG: Current SecurityDescriptor Details:

    instance of __SecurityDescriptor

    {

    ControlFlags = 32772;

    DACL = {

    instance of __ACE

    {

    AccessMask = 33;

    AceFlags = 6;

    AceType = 0;

    Trustee =

    instance of __Trustee

    {

    Domain = "JMSERVER";

    Name = "vmcmd";

    SID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 76, 123, 219, 156, 85, 61, 160, 98, 39, 162, 84, 45, 235, 3, 0, 0};

    SidLength = 28;

    SIDString = "S-1-5-21-2631629644-1654668629-760521255-1003";

    };

    },

    instance of __ACE

    {

    AccessMask = 393279;

    AceFlags = 18;

    AceType = 0;

    Trustee =

    instance of __Trustee

    {

    Domain = "BUILTIN";

    Name = "Administrators";

    SID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};

    SidLength = 16;

    SIDString = "S-1-5-32-544";

    };

    },

    instance of __ACE

    {

    AccessMask = 19;

    AceFlags = 18;

    AceType = 0;

    Trustee =

    instance of __Trustee

    {

    Domain = "NT AUTHORITY";

    Name = "NETWORK SERVICE";

    SID = {1, 1, 0, 0, 0, 0, 0, 5, 20, 0, 0, 0};

    SidLength = 12;

    SIDString = "S-1-5-20";

    };

    },

    instance of __ACE

    {

    AccessMask = 19;

    AceFlags = 18;

    AceType = 0;

    Trustee =

    instance of __Trustee

    {

    Domain = "NT AUTHORITY";

    Name = "LOCAL SERVICE";

    SID = {1, 1, 0, 0, 0, 0, 0, 5, 19, 0, 0, 0};

    SidLength = 12;

    SIDString = "S-1-5-19";

    };

    },

    instance of __ACE

    {

    AccessMask = 19;

    AceFlags = 18;

    AceType = 0;

    Trustee =

    instance of __Trustee

    {

    Domain = "NT AUTHORITY";

    Name = "Authenticated Users";

    SID = {1, 1, 0, 0, 0, 0, 0, 5, 11, 0, 0, 0};

    SidLength = 12;

    SIDString = "S-1-5-11";

    };

    }};

    Group =

    instance of __Trustee

    {

    Domain = "BUILTIN";

    Name = "Administrators";

    SID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};

    SidLength = 16;

    SIDString = "S-1-5-32-544";

    };

    Owner =

    instance of __Trustee

    {

    Domain = "BUILTIN";

    Name = "Administrators";

    SID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};

    SidLength = 16;

    SIDString = "S-1-5-32-544";

    };

    SACL = NULL;

    };

    DEBUG: GetWin32SD(): Exit RC=0

    DEBUG: Need to get the security desciptor for the virtualization namespace

    DEBUG: GetWin32SD(): Get __SystemSecurity

    DEBUG: Current SecurityDescriptor Details:

    instance of __SecurityDescriptor

    {

    ControlFlags = 32772;

    DACL = {

    instance of __ACE

    {

    AccessMask = 33;

    AceFlags = 6;

    AceType = 0;

    Trustee =

    instance of __Trustee

    {

    Domain = "JMSERVER";

    Name = "vmcmd";

    SID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 76, 123, 219, 156, 85, 61, 160, 98, 39, 162, 84, 45, 235, 3, 0, 0};

    SidLength = 28;

    SIDString = "S-1-5-21-2631629644-1654668629-760521255-1003";

    };

    },

    instance of __ACE

    {

    AccessMask = 393279;

    AceFlags = 18;

    AceType = 0;

    Trustee =

    instance of __Trustee

    {

    Domain = "BUILTIN";

    Name = "Administrators";

    SID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};

    SidLength = 16;

    SIDString = "S-1-5-32-544";

    };

    },

    instance of __ACE

    {

    AccessMask = 19;

    AceFlags = 18;

    AceType = 0;

    Trustee =

    instance of __Trustee

    {

    Domain = "NT AUTHORITY";

    Name = "NETWORK SERVICE";

    SID = {1, 1, 0, 0, 0, 0, 0, 5, 20, 0, 0, 0};

    SidLength = 12;

    SIDString = "S-1-5-20";

    };

    },

    instance of __ACE

    {

    AccessMask = 19;

    AceFlags = 18;

    AceType = 0;

    Trustee =

    instance of __Trustee

    {

    Domain = "NT AUTHORITY";

    Name = "LOCAL SERVICE";

    SID = {1, 1, 0, 0, 0, 0, 0, 5, 19, 0, 0, 0};

    SidLength = 12;

    SIDString = "S-1-5-19";

    };

    },

    instance of __ACE

    {

    AccessMask = 19;

    AceFlags = 18;

    AceType = 0;

    Trustee =

    instance of __Trustee

    {

    Domain = "NT AUTHORITY";

    Name = "Authenticated Users";

    SID = {1, 1, 0, 0, 0, 0, 0, 5, 11, 0, 0, 0};

    SidLength = 12;

    SIDString = "S-1-5-11";

    };

    }};

    Group =

    instance of __Trustee

    {

    Domain = "BUILTIN";

    Name = "Administrators";

    SID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};

    SidLength = 16;

    SIDString = "S-1-5-32-544";

    };

    Owner =

    instance of __Trustee

    {

    Domain = "BUILTIN";

    Name = "Administrators";

    SID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};

    SidLength = 16;

    SIDString = "S-1-5-32-544";

    };

    SACL = NULL;

    };

    DEBUG: GetWin32SD(): Exit RC=0

    DEBUG: Opening the AZMan policy store

    DEBUG: OpenAuthorizationStore: Enter

    DEBUG: OpenAuthorizationStore: Instantiate StdRegProv

    DEBUG: OpenAuthorizationStore: GetStringValue

    DEBUG: OpenAuthorizationStore: GetStringValue

    DEBUG: Getting localized group name for Distributed COM Users

    DEBUG: GetGroupNameForSID: S-1-5-32-562

    DEBUG: GetGroupNameForSID: RC=0 GroupName=Distributed COM Users

    DEBUG: Distributed COM Users group name (localized) is ‘Distributed COM Users’

    DEBUG: Failed to send

  140. JB says:

    Hey John,

    Great tool. I’ve followed all of your directions to a T for setting up the connection between two machines. I am not able to get a connection though. I get an error on the remote machine when I try to connect that says to make sure that Virtual Machine Management service is running.

    Well I go to my service manager browser and find there is no VMM service at all. Help?

    Remote machine is Running Vista Ultimate x64 SP1

  141. JB says:

    Hey John,

    Great tool. I’ve followed all of your directions to a T for setting up the connection between two machines. I am not able to get a connection though. I get an error on the remote machine when I try to connect that says to make sure that Virtual Machine Management service is running.

    Well I go to my service manager browser and find there is no VMM service at all. Help?

    Remote machine is Running Vista Ultimate x64 SP1

  142. Simon Dean says:

    I too received the following error when I tried to run the HVRemote.wsf script on Hyper-V Server:

    C:HVRemote>HVRemote.wsf /show

    Access is denied.  

    I found the solution was to prefix the command with "cscript ".  E.g.:

    C:HVRemote>cscript HVRemote.wsf /show

    Microsoft (R) Windows Script Host Version 5.7 …

    I guess this has something to do with file associations for the "wsf" file extension on Hyper-V Service.  

    Whilst I remember, there’s a typo in one of the bits of the output of the client part of the script.  It asks you to run "hvremote.wsf /Mode:Client /MMC:Enable" when it should ask you to run "hvremote.wsf /mode:client /MMC:Enable" – the "C" of "Client" has to be in lower case.  

    Thanks for the script John.  Hopefully it’s going to save me a lot of time and confusion (I’ve not yet finished using the script to know whether it works for me!).  

    PS Could you pass on a message to the Hyper-V Manager MMC Snap-in developers to say that it doesn’t seem possible to connect to an Hyper-V server IP address using the snap-in if the local machine cannot resolve the machine name of the IP address.  Instead you get the rather cryptic message:

    "An error occurred while attempting to connect to server "10.8.2.3".  Check that the Virtual Machine Management service is running and that you are authorized to connect to the server.  

    The computer "10.8.2.3" could not be resolved.  Make sure you typed the machine name correctly and that you have network access."  

    Obviously the IP address "10.8.2.3" is just an example.  The clue seems to be in the bit "The computer "10.8.2.3" could not be resolved" – there should be no need to "resolve" the IP address and in fact that would be impossible – IP addresses can’t be resolved into IP addresses.  I had to work around this issue by adding an entry to my "C:WindowsSystem32driversetchosts" file – adding a DNS server to my network would have been too much trouble.  

    Not being able to use pure IP addresses kind of runs contrary to the parts of the MS document "Hyper-V Server Configuration Tool Guide v 1.2.docx" that ask you to "enter the name or the IP address of the server".  

    Thanks again

    Simon

  143. Jan van Zeggelaar says:

    Hello John,

    your tool worked like a breeze. I had been stuck for a long time and this fixed it. Only now the MMC just shows "Loading VIrtual Machines" and then nothing … but I’ll try to fix this myself first.

    One small issue though: When I tried to configure the client, I forgot one step. The output of the hvremote command supplied the exact command I forgot so the lazy person I am just copied and pasted. This resulted in an error since the command parameters seem to be case sensitive. When I changed all capitals in "hvremote.wsf /Mode:Client /MMC:Enable" to lower case, the command executed succesfully.

    But thanks a lot. I may be able to meet my goal this year (three hours left and two meetings … well probably not).

    Jan

  144. Colin Bruce says:

    Dear John,

    Thanks for making this available. Sadly I still can’t get remote access working. I have the same problem as several others: That is it partly works but them the Hyper-V manager gives the error which others have had i.e. "RPC server unavailable. Unable to establish communication between ‘TDVS01’ and "WL101-1"." The server and the client are both in the same workgroup.

    In my scenario TDVS01 is the server running the GUI version  of Windows 2008 with the Hyper-V role and WL101-1 is a PC running Vista (64 bit).

    I have tried all the fixes that others have used to get their systems working but none work for me. I know from other replies that DNS issues are a common cause so I’ve carefully checked. "Nslookup TDVS01" on the client returns 10.255.249.1 which is the correct address. Similarly "nslookup WL101-1" on the server returns the correct address for the client. ALthough ping is blocked I’ve checked that and it too is returning the correct address in each direction. I’ve rebooted the server and the client many times but it still doesn’t work. I’ve done the cmdkey instruction as descibed by ericv but to no avail.

    One other thing that may or may not be related. I am using the username ccx004 on both the client and the server. If I create a group on the server called "Remote Hyper-V Users", put ccx004 in it and then do HVREMOTE /add:"Remote Hyper-V Users" it all seems to work. However, after rebooting both the client and the server I get "Permission denied" when I run the manager on the client. However, if I use the same username by add it directly with HVREMOTE /add:ccx004 it works to some extent. At least I don’t get the "permission denied" error. The group is set up correctly with the user in it. HVREMOTE /show lists it in all the correct places but it doesn’t work.

    I would be happy to send output from HVREMOTE /show if you have time to have a look.

    Best wishes….

    Colin

  145. Dipam Patel says:

    I am trying to setup a server with Hyper-V server.I have been at this for several days now..without success.I am not quite sure how to run the HVRemote script.I copied into a directory on the Hyper-V server and then ran "cscript hvremote.wsf"I did the some on the client machine (Vista SP1).But I still get "permission denied". I then tried to follow the steps in Part 5 of John’s blog. However, at the AZMan section, I cannot see the ProgramData folder in my mapped drive as it is a hidden folder.If anyone can assist me in this I would greatly appreciate it.

  146. Colin Bruce says:

    Dear John,

    Thanks for the reply and sorry not to reply sooner – I had a couple fo days of flu. At least that’s one virus that can’t be transmitted across a network. Anyway here is the information you asked for.

    I am on a routed network.

    First for the client.

    Windows IP Configuration

      Host Name . . . . . . . . . . . . : wl101-1

      Primary Dns Suffix  . . . . . . . :

      Node Type . . . . . . . . . . . . : Hybrid

      IP Routing Enabled. . . . . . . . : No

      WINS Proxy Enabled. . . . . . . . : No

      DNS Suffix Search List. . . . . . : coventry.ac.uk

                                          services.coventry.ac.uk

    Ethernet adapter Local Area Connection:

      Connection-specific DNS Suffix  . : coventry.ac.uk

      Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet

      Physical Address. . . . . . . . . : 00-19-BB-46-68-56

      DHCP Enabled. . . . . . . . . . . : Yes

      Autoconfiguration Enabled . . . . : Yes

      IPv4 Address. . . . . . . . . . . : 10.16.42.3(Preferred)

      Subnet Mask . . . . . . . . . . . : 255.255.255.0

      Lease Obtained. . . . . . . . . . : 06 January 2009 10:28:49

      Lease Expires . . . . . . . . . . : 14 January 2009 10:28:47

      Default Gateway . . . . . . . . . : 10.16.42.252

      DHCP Server . . . . . . . . . . . : 192.168.64.6

      DNS Servers . . . . . . . . . . . : 192.168.64.1

                                          192.168.64.2

                                          192.168.64.3

                                          192.168.64.4

                                          192.168.64.5

                                          192.168.64.6

      NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter Local Area Connection* 6:

      Media State . . . . . . . . . . . : Media disconnected

      Connection-specific DNS Suffix  . : coventry.ac.uk

      Description . . . . . . . . . . . : isatap.coventry.ac.uk

      Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

      DHCP Enabled. . . . . . . . . . . : No

      Autoconfiguration Enabled . . . . : Yes

    Pinging TDVS01.coventry.ac.uk [10.255.249.1] with 32 bytes of data:

    Request timed out.

    Ping statistics for 10.255.249.1:

       Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),

    Control-C

    Microsoft (R) Windows Script Host Version 5.7

    Copyright (C) Microsoft Corporation. All rights reserved.

    Hyper-V Remote Management Configuration & Checkup Utility

    John Howard, Microsoft Corporation.

    http://blogs.technet.com/jhoward

    Version 0.3 20th Nov 2008

    INFO: Computername is WL101-1

    INFO: Computer is in workgroup T&D

    INFO: Current user is wl101-1ccx004

    INFO: Assuming /mode:client as the Hyper-V role is not installed

    ——————————————————————————-

    DACL for COM Security Access Permissions

    ——————————————————————————-

    Everyone    (S-1-1-0)

        Allow: LocalLaunch RemoteLaunch (7)

    NT AUTHORITYANONYMOUS LOGON    (S-1-5-7)

        Allow: LocalLaunch RemoteLaunch (7)

    BUILTINDistributed COM Users    (S-1-5-32-562)

        Allow: LocalLaunch RemoteLaunch (7)

    BUILTINPerformance Log Users    (S-1-5-32-559)

        Allow: LocalLaunch RemoteLaunch (7)

    ——————————————————————————-

    ANONYMOUS LOGON Machine DCOM Access

    ——————————————————————————-

    WARN: ANONYMOUS LOGON does have remote access

     This setting should only be enabled if required as security on this

     machine has been lowered. It is needed if you need to manage Hyper-V

     on a remote server which is either in an an untrusted domain from this

     machine, or both machines are in a workgroup.

     Use hvremote /Mode:Client /AnonDCOM:Revoke to turn off

    ——————————————————————————-

    Firewall Settings for Hyper-V Management Clients

    ——————————————————————————-

    Private Firewall Profile is active

      Enabled:  Hyper-V Management Clients – WMI (Async-In)

      Enabled:  Hyper-V Management Clients – WMI (TCP-Out)

      Enabled:  Hyper-V Management Clients – WMI (TCP-In)

      Enabled:  Hyper-V Management Clients – WMI (DCOM-In)

    ——————————————————————————-

    Windows Firewall exception rule(s) for mmc.exe

    ——————————————————————————-

    Private Firewall Profile is active

      Enabled:  Microsoft Management Console (HVRemote.wsf Created) (UDP)

      Enabled:  Microsoft Management Console (HVRemote.wsf Created) (TCP)

    INFO: Are running the latest version

    and now the server

    Windows IP Configuration

      Host Name . . . . . . . . . . . . : TDVS01

      Primary Dns Suffix  . . . . . . . : coventry.ac.uk

      Node Type . . . . . . . . . . . . : Hybrid

      IP Routing Enabled. . . . . . . . : No

      WINS Proxy Enabled. . . . . . . . : No

      DNS Suffix Search List. . . . . . : coventry.ac.uk

                                          ac.uk

    Ethernet adapter Local Area Connection 2:

      Connection-specific DNS Suffix  . :

      Description . . . . . . . . . . . : HP NC373i Multifunction Gigabit Server Adapter – Virtual Network

      Physical Address. . . . . . . . . : 00-21-5A-AC-F5-9C

      DHCP Enabled. . . . . . . . . . . : No

      Autoconfiguration Enabled . . . . : Yes

      IPv4 Address. . . . . . . . . . . : 10.255.5.1(Preferred)

      Subnet Mask . . . . . . . . . . . : 255.255.255.0

      Default Gateway . . . . . . . . . :

      NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter Management Network:

      Connection-specific DNS Suffix  . :

      Description . . . . . . . . . . . : HP NC373i Multifunction Gigabit Server Adapter #2

      Physical Address. . . . . . . . . : 00-21-5A-AC-F5-9A

      DHCP Enabled. . . . . . . . . . . : No

      Autoconfiguration Enabled . . . . : Yes

      IPv4 Address. . . . . . . . . . . : 10.255.249.1(Preferred)

      Subnet Mask . . . . . . . . . . . : 255.255.255.0

      Default Gateway . . . . . . . . . : 10.255.249.252

      DNS Servers . . . . . . . . . . . : 192.168.64.1

                                          192.168.64.2

      NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter Local Area Connection* 8:

      Media State . . . . . . . . . . . : Media disconnected

      Connection-specific DNS Suffix  . :

      Description . . . . . . . . . . . : isatap.{204F4A7F-DF88-41BF-8964-AF1D0217B502}

      Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

      DHCP Enabled. . . . . . . . . . . : No

      Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 9:

      Media State . . . . . . . . . . . : Media disconnected

      Connection-specific DNS Suffix  . :

      Description . . . . . . . . . . . : isatap.{538DC963-83B4-4B1C-8537-ACAD477B9F3C}

      Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

      DHCP Enabled. . . . . . . . . . . : No

      Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 11:

      Media State . . . . . . . . . . . : Media disconnected

      Connection-specific DNS Suffix  . :

      Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

      Physical Address. . . . . . . . . : 02-00-54-55-4E-01

      DHCP Enabled. . . . . . . . . . . : No

      Autoconfiguration Enabled . . . . : Yes

    Pinging wl101-1.coventry.ac.uk [10.16.42.3] with 32 bytes of data:

    Request timed out.

    Ping statistics for 10.16.42.3:

       Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),

    Microsoft (R) Windows Script Host Version 5.7

    Copyright (C) Microsoft Corporation. All rights reserved.

    Hyper-V Remote Management Configuration & Checkup Utility

    John Howard, Microsoft Corporation.

    http://blogs.technet.com/jhoward

    Version 0.3 20th Nov 2008

    INFO: Computername is TDVS01

    INFO: Computer is in workgroup T&D

    INFO: Current user is TDVS01Administrator

    INFO: Assuming /mode:server as the role is installed

    INFO: This machine has the Hyper-V (v1) QFE installed (KB950050)

    ——————————————————————————-

    DACL for WMI Namespace rootcimv2

    Required for Hyper-V remote mangement: Allow, EnabAct, RemEnab, InheritAce

    HVRemote also sets NoPropInheritAce and ValidInheritFlags

    ——————————————————————————-

    BUILTINDistributed COM Users    (S-1-5-32-562)

        Allow: EnabAct RemEnab (33)

        Flags: InheritAce NoPropInheritAce ValidInheritFlags  (6)

    TDVS01ccx004    (S-1-5-21-1256379756-912478012-384010367-1003)

        Allow: EnabAct RemEnab (33)

        Flags: InheritAce NoPropInheritAce ValidInheritFlags  (6)

    BUILTINAdministrators    (S-1-5-32-544)

        Allow: Exec FullWrt PartWrt ProvWrt EnabAct RemEnab RdSec EdSec (393279)

        Flags: InheritAce InheritedAce ValidInheritFlags  (18)

    NT AUTHORITYNETWORK SERVICE    (S-1-5-20)

        Allow: Exec ProvWrt EnabAct (19)

        Flags: InheritAce InheritedAce ValidInheritFlags  (18)

    NT AUTHORITYLOCAL SERVICE    (S-1-5-19)

        Allow: Exec ProvWrt EnabAct (19)

        Flags: InheritAce InheritedAce ValidInheritFlags  (18)

    NT AUTHORITYAuthenticated Users    (S-1-5-11)

        Allow: Exec ProvWrt EnabAct (19)

        Flags: InheritAce InheritedAce ValidInheritFlags  (18)

    ——————————————————————————-

    DACL for WMI Namespace rootvirtualization

    Required for Hyper-V remote mangement: Allow, EnabAct, RemEnab, InheritAce

    HVRemote also sets NoPropInheritAce and ValidInheritFlags

    ——————————————————————————-

    TDVS01ccx004    (S-1-5-21-1256379756-912478012-384010367-1003)

        Allow: EnabAct RemEnab (33)

        Flags: InheritAce NoPropInheritAce ValidInheritFlags  (6)

    BUILTINAdministrators    (S-1-5-32-544)

        Allow: Exec FullWrt PartWrt ProvWrt EnabAct RemEnab RdSec EdSec (393279)

        Flags: InheritAce InheritedAce ValidInheritFlags  (18)

    NT AUTHORITYNETWORK SERVICE    (S-1-5-20)

        Allow: Exec ProvWrt EnabAct (19)

        Flags: InheritAce InheritedAce ValidInheritFlags  (18)

    NT AUTHORITYLOCAL SERVICE    (S-1-5-19)

        Allow: Exec ProvWrt EnabAct (19)

        Flags: InheritAce InheritedAce ValidInheritFlags  (18)

    NT AUTHORITYAuthenticated Users    (S-1-5-11)

        Allow: Exec ProvWrt EnabAct (19)

        Flags: InheritAce InheritedAce ValidInheritFlags  (18)

    ——————————————————————————-

    Contents of Authorization Store Policy

    ——————————————————————————-

    Hyper-V Registry configuration:

    – Store: msxml://C:ProgramDataMicrosoftWindowsHyper-VInitialStore.xml

    – Service Application: Hyper-V services

    Application Name: Hyper-V services

    Operation Count: 33

       100 – Read Service Configuration

       105 – Reconfigure Service

       200 – Create Virtual Switch

       205 – Delete Virtual Switch

       210 – Create Virtual Switch Port

       215 – Delete Virtual Switch Port

       220 – Connect Virtual Switch Port

       225 – Disconnect Virtual Switch Port

       230 – Create Internal Ethernet Port

       235 – Delete Internal Ethernet Port

       240 – Bind External Ethernet Port

       245 – Unbind External Ethernet Port

       250 – Change VLAN Configuration on Port

       255 – Modify Switch Settings

       260 – Modify Switch Port Settings

       265 – View Switches

       270 – View Switch Ports

       275 – View External Ethernet Ports

       280 – View Internal Ethernet Ports

       285 – View VLAN Settings

       290 – View LAN Endpoints

       295 – View Virtual Switch Management Service

       300 – Create Virtual Machine

       305 – Delete Virtual Machine

       310 – Change Virtual Machine Authorization Scope

       315 – Start Virtual Machine

       320 – Stop Virtual Machine

       325 – Pause and Restart Virtual Machine

       330 – Reconfigure Virtual Machine

       335 – View Virtual Machine Configuration

       340 – Allow Input to Virtual Machine

       345 – Allow Output from Virtual Machine

       350 – Modify Internal Ethernet Port

    1 role assignment(s) were located

    Role Assignment ‘Administrator’ (Targetted Role Assignment)

      – All Hyper-V operations are selected

      – There are 2 member(s) for this role assignment

      – BUILTINAdministrators (S-1-5-32-544)

      – TDVS01ccx004 (S-1-5-21-1256379756-912478012-384010367-1003)

    ——————————————————————————-

    Contents of Group Distributed COM Users

    ——————————————————————————-

    1 member(s) are in Distributed COM Users

      – TDVS01ccx004

    ——————————————————————————-

    DACL for COM Security Launch and Activation Permissions

    ——————————————————————————-

    BUILTINAdministrators    (S-1-5-32-544)

        Allow: LocalLaunch RemoteLaunch LocalActivation RemoteActivation (31)

    Everyone    (S-1-1-0)

        Allow: LocalLaunch LocalActivation (11)

    BUILTINDistributed COM Users    (S-1-5-32-562)

        Allow: LocalLaunch RemoteLaunch LocalActivation RemoteActivation (31)

    BUILTINPerformance Log Users    (S-1-5-32-559)

        Allow: LocalLaunch RemoteLaunch LocalActivation RemoteActivation (31)

    ——————————————————————————-

    Firewall Settings for Hyper-V

    ——————————————————————————-

    Public Firewall Profile is active

      Enabled:  Hyper-V (SPL-TCP-In)

      Enabled:  Hyper-V (RPC)

      Enabled:  Hyper-V (RPC-EPMAP)

      Enabled:  Hyper-V – WMI (Async-In)

      Enabled:  Hyper-V – WMI (TCP-Out)

      Enabled:  Hyper-V – WMI (TCP-In)

      Enabled:  Hyper-V – WMI (DCOM-In)

    ——————————————————————————-

    Firewall Settings for Windows Management Instrumentation (WMI)

    ——————————————————————————-

    Public Firewall Profile is active

      Enabled:  Windows Management Instrumentation (DCOM-In)

      Enabled:  Windows Management Instrumentation (WMI-In)

      Enabled:  Windows Management Instrumentation (ASync-In)

      Enabled:  Windows Management Instrumentation (WMI-Out)

    Note: Above firewall settings are not required for Hyper-V Remote Management

    INFO: Are running the latest version

    It will probably turn out to be something stupid I’ve done but hopefully you will spot it.

    Best wishes….

    Colin

  147. Colin Bruce says:

    Dear John,

    Thanks for the reply and help. I checked the password and it is the same on both client and server and I also did a cmdkey/list and then it struck me that perhaps the password there was incorrect. I re-added ccx004 to that very carefully as my typing is often erratic. Sadly I still get the same error message. I also disabled the second network card on the server but no go after that either. Perhaps there is a block between the two networks. Sadly I can’t check that just now as I will need the help of my colleagues in networks but I can ask them tomorrow. Do you know the relevant port numbers by any chance?

  148. Colin Bruce says:

    Dear John,

    As I expected my networking colleagues did the usual "not a network problem"  🙂 However, on further questioning they said that there is a firewall between my PC and the server but that it isn’t doing anything. By that they mean they have only recently installed it so it is currently allowing all traffic through in either direction. I suspect what they really mean is that has the "out of the box" installation on it and although that allows most traffic through it blocks or mangles some by default. I think I’ll carry MY PC downstairs and plug it directly into the same network as the server and see if that works. I’ll let you know how I get on.

    Best wishes….

    Colin

  149. Orpheustic says:

    Very nice.  I have our AD and Exchange environment all running on a few hyper-v boxes across a vpn.  The Hyper-V boxes are not joined to any domain and this util proved to be quite worthy.  I ran it on my vista box and now I can manage everything, even across the vpn.  I remember looking for an easy way to do this last year but couldn’t find anything as worthy as this.  Thanks!

  150. chrisouth says:

    Great tool John. Worked treat.

    I’ve got a Vista laptop in a domain (offline though) and a Hyper-V Core in a workgroup. The only issue I had was not being able to connect to the server once I used the tool after rebooting (ICMP traffic blocked). I disabled the firewall on the server and all good now. Would the tool inevitably apply strengthen firewall policies?

    Thank you 🙂

  151. PatRick says:

    Dear John

    You write "It can configure Vista SP1 and Server 2008 configured with the Hyper-V Remote Management tools".

    My client is Windows Server 2008 with installed Hyper-V remote management feature.

    After typing "cscript hvremote.wsf /mode:client /show" I have this message:

    *****

    ***** You need to install KB952627 for Hyper-V Remote Management from Vista

    ***** http://support.microsoft.com/kb/952627

    Remember, that the OS is not Vista.

    Have you got an idea?

    Thanks,

    Patrick

  152. PatRick says:

    Dear John

    My Hyper-V KB950050 cannot be a beta: Since I am not able to uninstall it, I simply tried to install the version I just downloaded over the existing one: "The update is not for your system". I promise you, I didn’t try to install the x64 version on my 32bit Windows Server 2008.

    For the moment this Windows version is a Trial (bot not beta) edition, which trial period was extended (slmgr.vbs –rearm). Tell me, if you think, that this is the problem.

    I downloaded the hvremote version yesterday (1/15/2009). It is the version 0.4 of 7th Jan 2009.

    The output is like this:

    C:hvremote>cscript hvremote.wsf /mode:client /show

    Microsoft (R) Windows Script Host, Version 5.7

    Copyright (C) Microsoft Corporation 1996-2001. Alle Rechte vorbehalten.

    Hyper-V Remote Management Configuration & Checkup Utility

    John Howard, Microsoft Corporation.

    http://blogs.technet.com/jhoward

    Version 0.4 7th Jan 2009

    INFO: Computername is CTWS1

    INFO: Computer is in domain test.local

    INFO: Current user is TESTtestuser

    WARN: The Windows firewall is not active in one or more active profiles.

         Not all functionality of HVRemote will be available.

         Use ‘netsh firewall set opmode enable’ to turn it on!

    *****

    ***** You need to install KB952627 for Hyper-V Remote Management from Vista

    ***** http://support.microsoft.com/kb/952627

    The good part of the story:

    With "cscript hvremote.wsf /mode:server /add:Administrator" on the machine with Windows Server 2008 x64 Core everything was ok.

    Thanks,

    Patrick

  153. PatRick says:

    John,

    now I installed a virtualized version of Windows Server 2008 onto the Server Core (with Hyper-V role). The virtualized Windows Server 2008 should be the client. After installing KB950050 and rolling out Hyper-V remote management feature I did "cscript hvremote.wsf /mode:client /show" again and I still have the message, that I need to install this Vista update.

    This brand new installation was just updated with windows update and I did nothing else than preparing the OS for remote management.

    Does this statement help you?

    Patrick

  154. Colin Bowern says:

    Great too John!  Just used it to get Hyper-V 2008 R2 beta setup on my new home server box.  Saved a lot of time messing around in the command line.

  155. John says:

    After an hour I realised there were steps 4 and 5, 🙂

    Note to self :RTFM

    Very nice tool by the way.

    Thank you

  156. PatRick says:

    Yes John,

    after deleting this part of code, the command "cscript hvremote.wsf /mode:client /show" on Windows Server 2008 works fine.

    Thanks a lot for helping me.

    Patrick

  157. David says:

    Hello Just letting u know i have installed Hyper V server R2 and tried to run the sript u made and i got this message when i run it with any commands

    C:Scripts>hvremote /?

    Access is denied.

    any ideas

  158. Ron Jones says:

    I have 2 computers:

    One running Hyper-V Server 2008

    One running Vista

    The Vista PC has Hyper-V Manager installed and I use this to manage the Hyper-V machine. This works great in the current config:

    – Vista PC in the workgroup "WORKGROUP"

    – Hyper-V machine in the workgroup "WORKGROUP"

    – Both computers on the same network/switch

    – I used the Hyper-V Remote Management Configuration Utility to finalize the security setup

    Now, here’s where the problem comes in. If I try this configuration, EXCEPT that the Vista PC is now on an entirely different network, in Hyper-V Manager I get:

    "Cannot connect to the RPC service on computer "HYPER1". Make sure your RPC service is running:

    So, I guess my question is, is "remote location" management possible with Hyper-V Server (without a VPN)? The remote Vista PC is behind a router on a cable-modem network. So I don’t know if it’s possible to map certain ports, add appropriate entries to both HOSTS files, and then get this working? Or is this just a futile attempt, and both PCs need to be on the same physical network?

    Thanks for any assistance.

  159. PatRick says:

    John,

    I left my test-equipment to finally install my production-solution. Hyper-V Role is on W2k8 Core, in Workgroup. Remote-Management Server is W2k8 in the same Workgroup. Usernames and passwords are the same on both machines. I used the latest hvremote-version. Everything was ok with hvremote on both servers.

    With addition of

    netsh advfirewall firewall set rule group="Remote Administration" new enable=yes

    and

    netsh advfirewall set currentprofile settings remotemanagement enable

    on Hyper-V core I am even able to remotely  manage computer-management, firewall, etc. via mmc. The connection is only possible with the IP (192.168.x.x.) but not with the computername.

    And I cannot connect at all with Hyper-V Manager on Remote-Management Server to my hyper-v core server.

    How do I find out the blocking element here? Remember, that I am able to remotely manage the firewall. Is there an element in the firewall which might block the connection?

    Thanks a lot.

    Patrick

  160. PatRick says:

    John, I needed to add the server-name with IP-address to the hosts file. Now it works fine: I can manage the core server via mmc and the hyper-v manager can remotely connect now.

    Patrick

  161. Jay D. Carter says:

    Hi John,

      I had your tool working well on a Hyper-V server, now something has changed and I get the error:

    ***** Failed to call GetSecurityDescriptor

    DEBUG: GetWin32SD(): Exit RC=-1

    ***** Giving up as not able to get the security descriptor for the cimv2 namespace

    ***** Are you running as an admin from an *ELEVATED* prompt???

    …this happens when executing the /show option from the server console, when logged in as {localmachine}Administrator .

    The command prompt IS an elevated command prompt when logged in as administrator correct?

    Any suggestions?

    I am able to access the server, etc. but i am wondering if this indicates some kind of problem (it is about to go ‘live’).

    Thanks,

    JDC

  162. Jay D. Carter says:

    This problem is on Hyper-V server, not Win2k8 with the Hyper-V role.

    Acutally, I just removed it from the domain, rebooted, and re-added it to the domain thinking this might have an impact on the problem, but I am still getting the same issue.

    I am also having the problem of  being unable to connect a virtual network to a physical NIC: "setup switch failed. The switch could not bind to {physical NIC} because it is already bound to another switch." It is not bound to anything I can see in the management interface. How can change/check the bindings? NCPA.CPL does not seem to exist in Hyper-V server.

    Thanks,

    JDC

  163. Joel says:

    When running the script on a new Win 2k8 DC Core and attempting to add my domain account, I get an error.  The server is joined to a domain, and DNS at least appears to be working correctly (nslookups work from the server).

    C:UsersAdministratorHyperV>cscript HVRemote.wsf /add:entbennettj

    Microsoft (R) Windows Script Host Version 5.7

    Copyright (C) Microsoft Corporation. All rights reserved.

    Hyper-V Remote Management Configuration & Checkup Utility

    John Howard, Microsoft Corporation.

    http://blogs.technet.com/jhoward

    Version 0.6 2nd Mar 2009

    INFO: Computername is ENTHYPEV01

    INFO: Computer is in domain ent.co.ventura.ca.us

    INFO: Current user is ENTHYPEV01Administrator

    INFO: Assuming /mode:server as the role is installed

    INFO: This machine has the Hyper-V (v1) QFE installed (KB950050)

    ***** GetTrustee Failed: entbennettj not found

    ***** If ent is a domain, you need to be connected to the domain for this to wor

    k

  164. james says:

    Thank you John for the scripts.  However, after running the latest scripts (downloaded March 09, 2008) and following your quick instructions within the pdf documentation, I was still unable to remotely manage my freshly installed Hyper-V Server 2008 installation from Vista (running in a workgroup).

    I could ping my Vista client from the Hyper-V console, but couldn’t ping the server.  After a little frustration (thinking all I had to do was run the scripts per the quick guide), and seeing how ICMP was still being blocked by the Hyper-V server, I searched and found the command to open the firewall on the Hyper-V server.  Tada!  That did it for me!

    Perhaps I ran through your documentation too quickly (I certainly wouldn’t put it past me) but I don’t remember seeing this step within your quick guide nor surrounding that section in the pdf docs.  Did I miss it, or would this be something that would be great to add into your script and quick guide documentation?

    I really do thank you!  You did end up saving me much time!  Perhaps you have some influence with the team at Microsoft to simplify the process in future iterations?  I’ve seen Hyper-V getting beat up quite a bit over all these elusive steps needed to setup Hyper-V (especially from VMware users and employees.  I wouldn’t mind seeing some of their bragging rights disappear!).

    Thank you,

    James

  165. chandra says:

    hello John,

    We are planning to deploy a lab and share it with our peers as part of our learning process. We are using Hyper-V to deploy the labs.

    I am able to access the VM remotely. But when another user tries connecting to it, I get the following message, which i would like to disable.

    "Another user is connected to <vm>. If you continue they will be disconnected. Would you like to connect to <vm>?."

    1. Is there a way that i can disable this prompt and always have the first user continue accessing it?

    2. This brings a scenario, where we need to timeout idle sessions, something like we had in Virtual server. Can we achieve these in Hyper-V?

  166. Shan says:

    Hi John,

    First of all thank you for maintaining your blog; to be honest it has helped me several times when I was lost in Hyper-V.

    We’re planning to go live with two W2K8 Hyper-V boxes in our production environment during the next QTR, but I’m facing a challenge in my Proof of Concept network when accessing the Virtual Machine Connection via Hyper-V consoles. I believe you are the right person who can help me.

    I have installed two Hyper-V servers in a Windows 2003 Domain environment (namely VM-04 & VM-05). When I try to execute the VMC in the VMs that are in their respective hosts, I have no challenge, everything work perfectly as described in the build guides. But when I try to access the Virtual Machines which are hosted in VM-04 from VM-05 Hyper-V console (or the other way round), the system prompts a window to type the password for the local Administrator account of the server. In the “Windows Security” windows it says “Your credentials did not work. The credentials that were used to connect to VM-04.domain.local did not work. Please enter new credentials”. What I can’t understand is I’m using my Domain Admin account, but Hyper-V doesn’t like accept it to open the VMC. If I type the local Administrator credentials, then it’ll show the screens to the Virtual Machines properly. But I don’t want to do that every time.

    I used your HVREMOTE tool to modify the access rights on the “Initialstore.xml” file to grant the permission to my Domain Admin account. But unfortunately I can’t see any progress here.  

    Occasionally I can see the following error appearing in the Hyper-V even log too.

    Log Name:      Microsoft-Windows-Hyper-V-VMMS-Admin

    Source:        Microsoft-Windows-Hyper-V-VMMS

    Date:          11/03/2009 12:47:17

    Event ID:      17030

    Task Category: None

    Level:         Warning

    Keywords:      

    User:          SYSTEM

    Computer:      VM-04.domain.local

    Description:

    Virtual machine ‘TEST-05’ is assigned to an authorization scope that is not defined in the policy store: ‘d6f6318b-79d1-4f72-a9b4-baa2701d3e4e’. The virtual machine will be reassigned to the default authorization scope. (Virtual machine ID E28AEE78-6616-4FED-BEAB-EF6F3EE69694)

    Any advice on this would be really appreciated,

    Thank you in advance.

  167. Simon says:

    Hi,

    Great script. I second what Simon Dean said earlier — not being able to work by IP is a nuisance. I suspect this will be an RPC cannot fix though so a feature request for the next version of the script instead please:

    Attempt to do a dns lookup / reverse dns lookup on a server name / IP address passed into the script. Even better, after the lookup, do the reverse and cross-check the results.

    Took me an age to figure out the problem but probably not helped by looking at it at 2am and not finding the comments above until afterwards. Ho hum.

    Thanks,

    Simon

  168. prahalad says:

    ****  I posted this on MSDN Code gallery. I dont know if you frequent that or not so I thought I will post here as well *****-

    Hi,

    I am trying to connect from one Win 2008 Standard machine in a domain to a non domain Hyper-V server core and getting a " Access denied. Unable to establish communication between"SERVER CORE" and "Client". While trying to debug this issue I noticed the hvremote /show gives the following error when executing as a domain user with domain admin right. I double checked that they can ping each other using names because I added appropriate host entries. I did configure both the server and client as described in the documentation

    DEBUG: Opening the AZMan policy store

    DEBUG: OpenAuthorizationStore: Enter

    DEBUG: OpenAuthorizationStore: Instantiate StdRegProv

    DEBUG: OpenAuthorizationStore: GetStringValue

                               * OpenAuthorizationStore failed: Failed to query registry

                               * 0

                               * Giving up as could not open the authorization store

    But if I logoff and login to a local account the same command completes successfully. Any ideas on why the difference in behaviour and/or suggestions on moving forward? Any help is greately appreciated.

    Prahalad

  169. prahalad says:

    John,

      First off thanks for the quick reply. You donot know how much it is appreciated.

    The answers first.

    1> I have enabled the hyper-v role on the client machine.

    2> I have used the /mode:client option with /show. It ends normally.

    3> When I mentioned that "it works" I meant the /show command works. But I still cannot connect to my server core either with a local account or a domain account

    4> I have not tried it with a non domain admin account. But will try that next.

    5> Yes it is the HVRemote v0.6

    Now to throw another kink into the situation, I just tried the command and connecting to server core from another win 2008 machine(lets call it client2) in the domain with the same domain ID that failed earlier and it worked. The /show command completes without an error and I am able to connect and list the VM on my server core. There are some  differences between these clients. I will try to list everything that comes to my mind. This list might not cover each and every difference.

       1> Client2 was actually in a test domain which I changed to my production domain and client1 was always in my production domain.

        2> Client2 is an Enterprise edition and Client1 is Standard edition.

         3> Client2 has less roles that client1. client1 has IIS and App server role as well as other roles

          4> Client1 has lot more software installed on it (SQLServer 2000 & 2005, VS 2003, VS2005, VS2008, Office2007 etc) as I am using it is my workstation.

    Prahalad

    PS: By the way I forgot to thank you for such a neat utility. It is really a God sent while I am working on my Server virtualization project.

  170. prahalad says:

    John,

      I think I fixed the problem but I am not really sure how.

      I compared all the services between non working client and a working client and found that WSRM was turned off. I turned it back on and the /show worked and I was able to issue a /anondcom:grant successfully and after a reboot I was able to connect to my server core and list the VM’s in the hyper-v manager. Here is the "I think" part. To duplicate the error I stopped WSRM but I was unable to duplicate the error. Now /show as well as connection to server core works with the WSRM service stopped. I don’t have a real good explantion why it is working now.  Maybe you have a better explanation.

    Thanks for lending me a helpful ear. And once again thank you so much for the script.

    Prahalad

  171. aaron says:

    If I wanted to do this much manual configuration, I would have learned Linux.

  172. Libis Bueno says:

    John, best tool ever.. Thank you. I kind of automated the process a bit more…

    http://code.msdn.microsoft.com/Hvautomated

    Thanks for the hard work and for sharing this tool with the community.

  173. Craig Fisher says:

    The Access denied message keeps coming up for the hvremote script on a Hyper V server  and I have tried everything with no luck.  I have two servers loaded remotley in a hosting facility with a database server (2008) and a hyper V server. I have tried connection from the database server and a remote Windows Vista machine. I have got the hvremote working on both the database server and vista machines and made sure everything is good. When I run it on the remote Hyper V server I get access denied message. I have had connection to the hyper V from the database server before it was sent off for hosting but this was spasmodic. Any ideas.

  174. James Senecal says:

    John:

    Great tool.  It worked great on my Vista x64, but on Windows 7 x64 build 7057 & 7068 there seems to be an issue.  The Hyper-V Manager connects to the remote server, but whe I try to connect to a VM I get the error "Your remote desktop connection failed because the remote computer cannot be authenticated".

    I am using the same credentials, and i have installed the certificate from my Hyper-V server with no luck.  (It used to work great with the 7000 build.)  Any suggestions?

    Thanks,

    James

  175. James Senecal says:

    John:

    Thanks for the quick response.  Yes, I am part of a TAP, and yes, both boxes are in a workgroup.  I wasn’t able to find anything specific about the issue anywhere, so i hoped you could help.

    Thanks again, and I’ll keep my eyes peeled for the next build or even the RC.

    Cheers.

    James

  176. Bob Hyatt says:

    I found your script helpful but I’m still unable to remotely manage a Hyper-V server remotely. I have 2 computers in the same workgroup. One computer is running W2K8 X64 Enterprise SP1 (Full Installation). The second computer us running W2K8 X64 Enterprise SP1 (ServerCore Installation). I’m using the computer running Hyper-V Manager to remotely manage the Hyper-V server running on the ServerCore computer. The Hyper-V Server Role was installed on the ServerCore computer. I’ve used the HVRemote.wsf script to help me debug and configure the environments on each computer. KB950050 is installed on the computer being remotely managed. The error "’Msvm_VirtualSystemManagementService’ object was not found" is reported by the Hyper-V Manager while trying g to connect to the remote Hyper-V server. Do you have any suggestions? Thanks.

  177. John W. says:

    John,

    I’ve got Windows Vista Business SP1 with KB95952627 installed.  Hypver-V 2008 installed on the server.  Both in a workgroup called TEST.  When I run hvremote /add:user1 from the server I get an error about not being able to generate a trusted list…so not able to add a user and connect remotely.

    Thanks,

    John W.

  178. John W says:

    I was getting the GetTrustee Failed message.  Downloaded and used HVRemote 0.6.  Was able to add user1 on server.  Passwords synced between Hyper-V server and Vista Business SP1 laptop.  Added user1 to local adminstrator’s group on server.  Still not able to connect with Hyper-V Manager using user1.  Reformatting drives and installing VMWare…

    Thanks anyway,

    John W.

  179. NMelnik says:

    First off, Thank you John for this script.  It really helps with our lab deployments.

    I had an odd quirk with the .6 script and wanted to share my results. I needed to check the connectivity to some of our lab servers and went through the manual process on two of our servers to check (one working, one non).  

    The non-working was failing with "You do not have the required permission to complete this task. Contact the administrator of the authorization policy for the computer xxxx”, even though the output from "hvremote /add" reported no errors.  /show came up with an odd difference between the two, however.  The two users we add with the script were reported as role admins with the working server, but not on the other.  I fully expected to find those two groups missing in the auth manager msc, but they were added.  The server had been rebooted a few times since the script was first ran, so I wasn’t expecting that to be the cause here.  Instead, I found through the comments that a reboot was not required when adding role admins, so I deleted and restored the two groups, then attempted to connect via HyperV man on a Vista SP1 client.  After one or two failed attempts, it connected.  

    Here’s the final oddity:  the /show output only changed on one of the now-working servers and still reports the default users as role admins on the rest.  They are both listed as dcom group users, btw.  

    In any case, it’s all good now, so again, thank you for the effort you put into this script.

  180. NoClue says:

    Hi!

    Have a problem. I do not have a domain server, and i do not have a dns server. I do not want any of them on my local test network either, since its totally unnessecary.

    How do i administer a plain hyper-v server install by ipconnection or whatever?

  181. In response to James Senecal’s message, I scratched my head for some time and finally got a fix going for the latest RC of Windows 7 (build 7100) and Hyper-V Manager. Thought I’d share it in case others were having the same. Basically I couldn’t connect to the virtual machine via the manager despite RDP working fine. Always got the "Your remote desktop connection failed because the remote computer cannot be authenticated" error. So I basically I went ahead and installed the cert from our Core Server 2008 (it prompts you to install this the first time you try to connect anyway). Once done, I fired up MMC and added the Certificates Snap In for User Account. I then found the cert I just added from the Core box, and exported it (right click). Then I removed the snap in, and re-added the same snap-in but this time for Computer Account Certs. Then you right click on "Trusted Root Certification Authorities" and import the cert we just exported.  Job done, you can now connect. I know it’s a hack but hey it works for now.

    Finally for all those struggling to connect to Hyper-V server full stop, I just added the line in the HOSTS file like John suggested on the client machine and it worked for me (Workgroup environ).

  182. Christopher Lohman says:

    Thanks very much.  I just installed from the Hyper-V Server 2008 R2 iso and this script worked flawlessly.  After reading the manual steps I sure am glad I didn’t have to figure that out.

    Now that we can download a hyperv iso instead of enabling it from a server core install, perhaps you can recommend to someone that these necessary settings be included as part of the installer.   In fact, since the sconfig.cmd launches automagically upon login, they should just plug your script in as part of the server config.

  183. Brian Q says:

    John

    have everything working thanks to your directions and I belatedly found the script. I’m using the RSAT from a Win 7 client , but it seems the RPC regularly goes to sleep if I’m not using it (get that same message "Cannot connect to RPC service " ) then I can’t reconnect, Have to completely reboot then it ‘ s back on.

    Any ideas why it drops out?

    Brian

  184. Jeff H. says:

    John,

    Great script and great documentation. As feedback, it seems that the script doesn’t perform the firewall exception steps (on the server) for RemoteAdmin or Remote Volume Management. Are these not necessary steps in all cases?

    Also, for documentation purposes, which steps of your manual process does the script automate? I wasn’t completely sure if it was all of the steps, or just a subset.

  185. Jeff H. says:

    John,

    I think I understand where I got confused.  For one thing, I performed the cardinal sin of changing multiple things at a time, so I’m not sure which fix ended up being the solution.

    After doing your script, I tried using remote Computer Management, without success. I ran netsh firewall for both RemoteAdmin and Remote Volume Management.  At the same time, I also noticed your comment in the Troubleshooting section about "It is vitally important that the client can locate the server by name *and* that the server can locate the client by name." I had considered the former, but not the latter.  Good move, me.

    Of course, remote Computer Management was not at all necessary at that point, so I may have been trying to fix a non-issue.

    Also, in the troubleshooting, you recommend using nslookup or ping to see if the machines can communicate. If you’re using a local host file (in my experience), nslookup will fail. Also, by default, ping doesn’t return when pinging 2008. I would think most of your readers would know to see if ping knows who to contact, rather than for a return, but it’s still a caveat.

    I have another question, but for sake of sanity I’m going to make it in a second comment post, to keep them separate.

  186. Jeff H. says:

    In your manual steps, you emphasized that the same username/password needs to have access to both machines, and be an Admin on the server.

    In my case, my client is Windows Server 2008 (full) 32-bit. Whether this is by design of 2008 or something another admin changed, UAC seems to be gone and every command prompt I can find is the elevated command prompt.

    I log in as ‘user1’, let’s say. But when I go to the elevated command prompt, a ‘whoami’ returns WIN-alphanumericadministrator. Which user do I need to grant privleges on the Hyper-V server?

  187. gamerboys says:

    Thank you very much.

    My Hyper-v has blocked 4 days,then you tool helped me just before.

    Cheers too,

  188. Derek Davis says:

    john,

    I’ve had much success with Hyper-V in the past, but am now trying to use the Hyper-V Manager in a workgroup with a new server loaded with the Hyper-V Server 2008.

    When I try to add a new user on the server (to match the user ID on my laptop) I get a message after entering command:

    cscript hvremote.wsf /add:derek

    INFO: Computername is B2B-HOST

    INFO: Computer is in workgroup WORKGROUP

    INFO: Current user is B2B-HOSTAdministrator

    INFO: Assuming /mode:server as the role is installed

    INFO: This machine has the Hyper-V (v1) QFE installed (KB950050)

    ***** GetTrustee Failed: B2B-HOSTderek not found

    ***** If B2B-HOST is a domain, you need to be connected to the domain for this to work

    any idea why this command would do this?

    Many thanks!

  189. Derek Davis says:

    Ok – that was easy enough.

    Have you ever seen a Hyper-V Server in Workgroup that could not be discovered by the network?  ie – browse the network and the machine doesn’t appear.  Can’t ping it by name.  (pinging by IP address works fine)

    When I try the hyper-v manager, after following the steps in your HVREMOTE document, I still get "The computer ‘10.0.0.176’ could not be resolved.

    If I try it by computer name, It can’t find it.

    Is there another firewall setting somewhere that I need to set to allow the vista machine (or any machine) to see it by name?

  190. Derek Davis says:

    John,

    Have you ever seen a Hyper-V Install that you could not PING by name … but doing a Ping by IP Address is fine?

    This is a Hyper-V Server in WORKGROUP… I’ve tried static and dynamic IP Addresses, but I still can’t get to the server by name.

  191. Brent says:

    I kept receiving RPC error when trying to get workgroup client (w2k08 R2) accessing workgroup hyper-v Server (w2k08 R2 Hyper-v Server).

    I was adding the server using the IP address. As soon as I changed to the servername everything worked.

  192. julian says:

    Thank you, John !  

    Now, after 24 hours struggling,  I am able to work remotely in a workgroup.  Unfortunately I didn’t notice the 2 commands to issue on the client.

    Now, one last thing … what account is required on the Hyper-V 2008 server ? I defined lots of accounts on the server, and, now it is working correctly, I am scared to delete some of these  !! (copy of my currente account, copy of the local UAC-required account, and so on).

    Cheers,

    Julian

  193. Jeff H. says:

    @Derek: Sadly, that’s a common thing in a workgroup environment. As John said, look at your host file configurations on the machines in question.

    In my experience though, even local HOSTS files won’t always fix that. If you have a DNS server, Windows will sometimes insist on skipping the HOSTS file, so it will never resolve by name. At least that’s the case with nslookup. Can’t recall off hand if that also affects ping.

    @John: According to my teammates, the user in question was created as part of the normal Server 2008 setup, when it asks for a username/password combination before initial login. My personal suspicion is that the elevated command prompt is what is returning ‘administrator’.

    To make matters more confusing, it appears that Administrator/"User1’s Password" is what is needed on the Hyper-V machine.

    It’s a non-issue now, as I’ve got it all working (thanks for your help!), but that intrigues me. Perhaps the elevated command prompt is simply using (and therefore returning) the privlages of the local administrator.

  194. Jason says:

    @STUART

    Regarding your hack for the Certificates issue… worked perfectly for me on my Win 7 7100 build.  Thanks!

  195. TomH2 says:

    John,

    First thanks for all of your hard work. I used your HVRemote script and got the Hyper-V Remote Management working on the first try…. after days of frustration before HVRemote.

    Now, a question. I’m using this in a small development domain and I have one issue that, apparently, was caused during the install of the Hyper-V Remote Management tools or HVRemote. I have SQL Server Express installed on the same server that runs Hyper-V and the DC. Client computers can no longer find the SQL instance since I installed the tools and ran HVRemote.

    If I turn off the firewall in a client I can see the SQL Server so it probably has to do with the fact that my SQL Server is still using dynamic ports. I thought the issue was in the client firewall or something the remote magement software modified but I tested from another client that does not have any Remoting software and runs a plain-vanilla firewall, in fact the whole system is plain-vanilla. It also can no longer find the SQL Instance. They can both still connect to an instance on another server (also dynamic ports) over a VPN.

    I’ve gone through your (excellent) write-up on what HVRemote changes but I don’t see anything that triggers an ah-ha.

    Any idea on where to start?

  196. Pieter says:

    John,

    Does hvremote also work on Hyper-V server 2008 R2?

  197. David says:

    Thanks alot for this. Works a treat!

  198. Pedro Moreira says:

    There seem to be situations where MachineAccessRestriction under HKEY_LOCAL_MACHINESOFTWAREMicrosoftOleInstrumentation does not exist (in fact the whole key did not exist).

    In these circunstances the script fails.

    One has to go to Component Services and manually grant anonymous access.

    Once this is done, the referred keys are added and the script works as expected.

  199. True Playa says:

    John you are my Hero, good work man.

    Greez from switzerland at 01:00 am !

    Thanx so much

  200. Blackie says:

    Hi John, running Windows 7 Enterprise and Windows Hyper-V Server R2 in workgroup mode. Your HVRemote tool worked perfectly first time. You are a top man.

  201. PatRick says:

    Hi John

    Is it possible that the installation of KB967723, KB971961, KB972036 on W2k8 (management server) could be the reason why I lost the ability to remotly manage W2K8 Server Core (with Hyper-V) ?

    In fact, I am almost sure, that shortly after installing the above updates the connection was broken. Then I uninstalled these updates. Without success. Later  Windows re-installed them automaticly "by accident", and now it works again.

    Is this a know or rather an exceptional case?

    remark: Beside this case the configuration with your hvremote-guide works on EVERY single day since February 2009. Congratulations!

    Patrick

  202. Doug says:

    Thanks for this info.  I seem to have everything working except I cannot connect to the virtual machines using the Virtual machine connection application becvause I get a certificate is not from a trusted certifying authority.  I added it to the trusted root certificate authorities using View Certificate and install and selecting the specific trusted root etc.  But I still cannot get past that point.

    When I run the hvremote show command I get no errors on my WIN7 build 7100 machine.  On the 2008 sp2 server I added my system to the hosts file because I have no public dns address for it since everything is workgroup.  But I have DNS.  PING is successful but DNS resolution does fail on server side.

    HELP  maybe?

  203. Eric says:

    John — thanks for putting this out there. Made smooth migration to Windows 7 box as main workstation managing other W2K8 HV VM’s.  Happy words – 7,7,7!

  204. Doug says:

    John =  you said  >>>>need to re-install with Win7 RTM where the bug has been fixed.<<<<

    THANK YOU.  All that work and until I upgraded to win7 RTM I had no luck.  Now using RTM it works wonderfully.

    Now I am working on adding access to another HyperV server which is in a domain.  My Win7 is workgroup and the other HyperV server I can manage is a different workgroup.  

    Will I be able to manage other HyperV servers ya think as long as I run the Proper HVREMOTE Commands?.  

    Amazing how stable my Lenovo W700 is now.  With an updated Lenovo win7 BIOS and upgraded drivers etc.  It is finally stable.

  205. Stefan says:

    Worked. Thanks for putting this together. Was able to install, configure HyperV Server 2008 R2 and boot my first VM in a couple of hours. Widows 7 as client, workgroup setting.

    Was using the sample commands at the http://code.msdn.microsoft.com/HVRemote page.

    Only thing that slowed me down was that i was not running them in elevated privileges CMD. Once I did that, all was OK.

  206. Chaz Beck says:

    John, I’ve tried running your tool and it passes when I do a /show /target:servername

    But when I use the Hyper-V manager on my client, I get the error "Cannot connect to the RPC service". Both client and server are on the same workgroup.

    I’ve also tried doing it by hand but I get the same error

  207. Chaz Beck says:

    Fixed my own problem. Before starting this proces, I renamed my admin account on the server to the name of my client.  Than I ran the script, restarted computer, etc.

    Fix:

    I changed the admin name back and created a new user with my client’s name on the server and ran the script again, restarted, and it now works great!!

    Thanks for the tool and the info on your site!

  208. DougCutter says:

    Everytime I use hvremote I just must thank you for having such excellent documentation etc.

    Just now I was setting up an R2 server with hyperv to manage from my win7 machine.  I have two other workgroup servers being managed at two different locations across separate VPNS..

    I ran the script and it was not working.  Knew it must be simple since I had done it twice before  (and never spent more than 45 minutes).  After reading through the command list  this one stood out   cmdkey /add:servername /user:servernameaccount /pass

    And I remembered I had to change a password on R2 as I did not lower the security on passwords.  

    What I love is when you type in the command   literally seconds later the running HyperV Manager just starts resolving the new server.

    SO WELL DONE really.

    THANKS AGAIN!!

    Next I would love a real time export of VMs to a NAS while they are running so if the machine crashes I can just import to another HyperV server and be back online.  I know  Not happening as there are other ways but none this simple without hefty tools.   AM I wrong?  SHOW me please.

    Thanks again

    Doug

  209. MPW says:

    Hi John, great scripts. I’m having an issue and have not found it covered in any of the info on these pages, but maybe I’ve missed it.

    I’ve got a Windows 2008 R2 Full version with Hyper-V enabled on a domain. I’m trying to set up local groups on the host server and add them to the security groups using the hvremote command. This works and I see the groups if I navigate to the xml file using azman. However, if I add domain users to this local group, these domain users are not able to use Hyper-V remote manager, getting a message saying ‘Virtual Machine Manager service is not available’. I’m able to connect with an administrator account to the host remotwly using Hyper-V manager, so I know it is OK and running.

    If we want to use groups to manage remote access to VM’s, do we still need to run the hvremote command for each individual domain user? I figured if we had previously added the local group with hvremote, and then add a domain user to the group, they would have access. But it does not work for me. Only works if I use the hvremote with the domain user account, then they can see the vm’s.

    Ideally we want to get all the security working properly before we put the host in Production. Then anyone requiring access just needs to be added to the local user group for their needs.

    Any thoughts?

    PS – We are testing SCVMM as well and I’ve found if you get the security working using HVRemote and then add the server to the SCVMM, you just need to recreate the security in the new xml file used for SCVMM. The DCom and WMI security still works. (Agian, this is for individual domain users, not with groups, same problem as above)

  210. weznagwama says:

    thanks mate, was wondering what was going on.

    Coming from esxi, i would say that this is a major pain in the ass to get sorted, by that i mean the manual way, your script is very handy but still some research that shouldnt have had to be done with in the first place.

    Thanks again its greatly appreciated.

  211. RichChian says:

    Hi,

    Trying to configure 2008 R2 Hyper-V on a new test IBM server. Workstation is a new Win7-Pro install.

    I think I followed the HVREMOTE docs, but have come across a problem.

    Both client and server are workgroup mode. They can ping each other by name. hvremote /show /target:othercomputer doesnt show any problems that I can tell.

    When I try to connect with servermanager, I get a popup that says that it cannot connect to the server. Details says it failed with the error message: "The WinRM client cannot process the request. If the auth scheme is different from Kerb…".  I’ve tried adding both machines to the TrustedHosts with the winrm.cmd, but I get the same error.

    What am I missing?

    I’m about ready to giveup and reinstall everything from scratch. But before I do, I will ask for assistance here. Should/can I just install and run the 180day SCCVM  trial to get things going? Thanks for any comments.

    rich

  212. deniz says:

    Hi John,

    Thanks and congratulations for all the valuable information and the script. I am also using hyper-v server 08R2 in workgroup mode without joining the  domain, because our DCs are VMs and dont want to take the risk of not being able to manage hyper-v hosts in case DC VMs go down.

    I am also having the same problem that RichC is having: I have managed to get hyper-v manager mmc working on my win7 domain joined client to manage the workgroup hyper-v host. with the great help of your blog. However, I have spent more than one day to get the server manager working remotely without any luck. It gives that long error about authentication types and winrm etc…

    RichC and John, it would be great if you can post here in case you find out why hyper-v manager mmc works but the server manager doesnt work.

    It is really surprising that the documentation of HyperV is lacking these bits as this seems to me the most common setup for organisations with limited resources, unless I still havent found the right place to look for hyperv documentation.

    There isnt much on internet about "getting server manager" working remotely. Will keep an eye on here for this issue and regulary for any other useful discoveries…

    Thanks for sharing..

    Regards

    Deniz

  213. Sean says:

    my client is joined into the domain but the 2008 r2 is in workgroup. i tried to add cscript hvremote.wsf /add:domainusername but it shows

    ***** GetTrustee Failed: domain1username not found

    ***** If "domain1" is a domain, you need to be connected to the domain for this to work.

    From the server i ran nslookup and i am able to resolve domain1 with IP addresses.

    i have added local user on the server side successfully and saved the credential servernameusername password on my domain joined client. but i am still getting "you do no haver permission to complete the task" when i used the RSAT 7 to connect to hyper-v server.

    please help! thanks.

  214. Frank says:

    Super tool! Works like a charm! Thanks!!!!!

  215. Birty says:

    Finally up and running, great script, thanks!! however……

    I can remote server, connect to c$ on server, manage server etc but just cant ping server, any idears? Possible missing firewall setting? When I disable firewall can ping fine!

    Thanks

  216. Mohamed Yehia says:

    I used Hyper-V Remote Management Configuration Utility  

    with a client in workgroup and server in domain scenario… IT is amazing … it worked just from the first time.. Thanks alot

  217. Dan,K says:

    As with many of the others posting, I am having trouble connecting Hyper-V manager to a server 2008R2 server core. However, my problems are sporadic. Sometimes it connects, other times I get a "Cannot connect to the RPC service on computer…" error. The Hyper-V server is on an isolated network. My workstation is dual-homed, with one connection to our domain network and the other to this isolated network.

    Below is the output from the server:

    ipconfig /all:

    C:Userskellydj>ipconfig /all

    Windows IP Configuration

      Host Name . . . . . . . . . . . . : ShipInABox

      Primary Dns Suffix  . . . . . . . :

      Node Type . . . . . . . . . . . . : Hybrid

      IP Routing Enabled. . . . . . . . : No

      WINS Proxy Enabled. . . . . . . . : No

    Ethernet adapter Local Area Connection 4:

      Connection-specific DNS Suffix  . :

      Description . . . . . . . . . . . : SCN1

      Physical Address. . . . . . . . . : 00-24-1D-C5-5B-B9

      DHCP Enabled. . . . . . . . . . . : No

      Autoconfiguration Enabled . . . . : Yes

      Link-local IPv6 Address . . . . . : fe80::c50e:847c:beeb:66d4%104(Preferred)

      IPv4 Address. . . . . . . . . . . : 192.168.1.1(Preferred)

      Subnet Mask . . . . . . . . . . . : 255.255.255.0

      Default Gateway . . . . . . . . . : 192.168.1.3

      DHCPv6 IAID . . . . . . . . . . . : 1761616925

      DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-D8-94-BB-00-24-1D-C5-5B-B9

      DNS Servers . . . . . . . . . . . : 192.168.1.1

      NetBIOS over Tcpip. . . . . . . . : Enabled

    and for HVRemote:

    C:Userskellydj>cscript hvremote.wsf /show

    Microsoft (R) Windows Script Host Version 5.8

    Copyright (C) Microsoft Corporation. All rights reserved.

    Hyper-V Remote Management Configuration & Checkup Utility

    John Howard, Hyper-V Team, Microsoft Corporation.

    http://blogs.technet.com/jhoward

    Version 0.7 7th August 2009

    INFO: Computername is SHIPINABOX

    INFO: Computer is in workgroup virtualship

    INFO: Current user is SHIPINABOXkellydj

    INFO: Assuming /mode:server as the role is installed

    INFO: Build 7600.16385.amd64fre.win7_rtm.090713-1255

    INFO: Detected Windows 7/Windows Server 2008 R2 OS

    ——————————————————————————-

    DACL for WMI Namespace rootcimv2

    Required for Hyper-V remote mangement: Allow, EnabAct, RemEnab, InheritAce

    HVRemote also sets NoPropInheritAce and ValidInheritFlags

    ——————————————————————————-

    SHIPINABOXkellydj    (S-1-5-21-2402177253-4130031103-616097275-1000)

        Allow: EnabAct RemEnab (33)

        Flags: InheritAce NoPropInheritAce ValidInheritFlags  (6)

    BUILTINAdministrators    (S-1-5-32-544)

        Allow: Exec FullWrt PartWrt ProvWrt EnabAct RemEnab RdSec EdSec (393279)

        Flags: InheritAce InheritedAce ValidInheritFlags  (18)

    NT AUTHORITYNETWORK SERVICE    (S-1-5-20)

        Allow: Exec ProvWrt EnabAct (19)

        Flags: InheritAce InheritedAce ValidInheritFlags  (18)

    NT AUTHORITYLOCAL SERVICE    (S-1-5-19)

        Allow: Exec ProvWrt EnabAct (19)

        Flags: InheritAce InheritedAce ValidInheritFlags  (18)

    NT AUTHORITYAuthenticated Users    (S-1-5-11)

        Allow: Exec ProvWrt EnabAct (19)

        Flags: InheritAce InheritedAce ValidInheritFlags  (18)

    ——————————————————————————-

    DACL for WMI Namespace rootvirtualization

    Required for Hyper-V remote mangement: Allow, EnabAct, RemEnab, InheritAce

    HVRemote also sets NoPropInheritAce and ValidInheritFlags

    ——————————————————————————-

    SHIPINABOXkellydj    (S-1-5-21-2402177253-4130031103-616097275-1000)

        Allow: EnabAct RemEnab (33)

        Flags: InheritAce NoPropInheritAce ValidInheritFlags  (6)

    BUILTINAdministrators    (S-1-5-32-544)

        Allow: Exec FullWrt PartWrt ProvWrt EnabAct RemEnab RdSec EdSec (393279)

        Flags: InheritAce InheritedAce ValidInheritFlags  (18)

    NT AUTHORITYNETWORK SERVICE    (S-1-5-20)

        Allow: Exec ProvWrt EnabAct (19)

        Flags: InheritAce InheritedAce ValidInheritFlags  (18)

    NT AUTHORITYLOCAL SERVICE    (S-1-5-19)

        Allow: Exec ProvWrt EnabAct (19)

        Flags: InheritAce InheritedAce ValidInheritFlags  (18)

    NT AUTHORITYAuthenticated Users    (S-1-5-11)

        Allow: Exec ProvWrt EnabAct (19)

        Flags: InheritAce InheritedAce ValidInheritFlags  (18)

    ——————————————————————————-

    Contents of Authorization Store Policy

    ——————————————————————————-

    Hyper-V Registry configuration:

    – Store: msxml://C:ProgramDataMicrosoftWindowsHyper-VInitialStore.xml

    – Service Application: Hyper-V services

    Application Name: Hyper-V services

    Operation Count: 34

       100 – Read Service Configuration

       105 – Reconfigure Service

       200 – Create Virtual Switch

       205 – Delete Virtual Switch

       210 – Create Virtual Switch Port

       215 – Delete Virtual Switch Port

       220 – Connect Virtual Switch Port

       225 – Disconnect Virtual Switch Port

       230 – Create Internal Ethernet Port

       235 – Delete Internal Ethernet Port

       240 – Bind External Ethernet Port

       245 – Unbind External Ethernet Port

       250 – Change VLAN Configuration on Port

       255 – Modify Switch Settings

       260 – Modify Switch Port Settings

       265 – View Switches

       270 – View Switch Ports

       275 – View External Ethernet Ports

       280 – View Internal Ethernet Ports

       285 – View VLAN Settings

       290 – View LAN Endpoints

       295 – View Virtual Switch Management Service

       300 – Create Virtual Machine

       305 – Delete Virtual Machine

       310 – Change Virtual Machine Authorization Scope

       315 – Start Virtual Machine

       320 – Stop Virtual Machine

       325 – Pause and Restart Virtual Machine

       330 – Reconfigure Virtual Machine

       335 – View Virtual Machine Configuration

       340 – Allow Input to Virtual Machine

       345 – Allow Output from Virtual Machine

       350 – Modify Internal Ethernet Port

       355 – Allow Virtual Machine Snapshot

    1 role assignment(s) were located

    Role Assignment ‘Administrator’ (Targetted Role Assignment)

      – All Hyper-V operations are selected

      – There are 2 member(s) for this role assignment

      – BUILTINAdministrators (S-1-5-32-544)

      – SHIPINABOXkellydj (S-1-5-21-2402177253-4130031103-616097275-1000)

    ——————————————————————————-

    Contents of Group Distributed COM Users

    ——————————————————————————-

    1 member(s) are in Distributed COM Users

      – SHIPINABOXkellydj

    ——————————————————————————-

    DACL for COM Security Launch and Activation Permissions

    ——————————————————————————-

    BUILTINAdministrators    (S-1-5-32-544)

        Allow: LocalLaunch RemoteLaunch LocalActivation RemoteActivation (31)

    Everyone    (S-1-1-0)

        Allow: LocalLaunch LocalActivation (11)

    BUILTINDistributed COM Users    (S-1-5-32-562)

        Allow: LocalLaunch RemoteLaunch LocalActivation RemoteActivation (31)

    BUILTINPerformance Log Users    (S-1-5-32-559)

        Allow: LocalLaunch RemoteLaunch LocalActivation RemoteActivation (31)

    ——————————————————————————-

    Firewall Settings for Hyper-V

    ——————————————————————————-

    Public Firewall Profile is active

      Enabled:  Hyper-V (REMOTE_DESKTOP_TCP_IN)

      Enabled:  Hyper-V (MIG-TCP-In)

      Enabled:  Hyper-V (RPC)

      Enabled:  Hyper-V (RPC-EPMAP)

      Enabled:  Hyper-V – WMI (Async-In)

      Enabled:  Hyper-V – WMI (TCP-Out)

      Enabled:  Hyper-V – WMI (TCP-In)

      Enabled:  Hyper-V – WMI (DCOM-In)

    ——————————————————————————-

    Firewall Settings for Windows Management Instrumentation (WMI)

    ——————————————————————————-

    Public Firewall Profile is active

      Enabled:  Windows Management Instrumentation (ASync-In)

      Enabled:  Windows Management Instrumentation (WMI-Out)

      Enabled:  Windows Management Instrumentation (WMI-In)

      Enabled:  Windows Management Instrumentation (DCOM-In)

    Note: Above firewall settings are not required for Hyper-V Remote Management

    ——————————————————————————-

    IP Configuration

    ——————————————————————————-

    Windows IP Configuration

      Host Name . . . . . . . . . . . . : ShipInABox

      Primary Dns Suffix  . . . . . . . :

      Node Type . . . . . . . . . . . . : Hybrid

      IP Routing Enabled. . . . . . . . : No

      WINS Proxy Enabled. . . . . . . . : No

    Ethernet adapter Local Area Connection 4:

      Connection-specific DNS Suffix  . :

      Description . . . . . . . . . . . : SCN1

      Physical Address. . . . . . . . . : 00-24-1D-C5-5B-B9

      DHCP Enabled. . . . . . . . . . . : No

      Autoconfiguration Enabled . . . . : Yes

      Link-local IPv6 Address . . . . . : fe80::c50e:847c:beeb:66d4%104(Preferred)

      IPv4 Address. . . . . . . . . . . : 192.168.1.1(Preferred)

      Subnet Mask . . . . . . . . . . . : 255.255.255.0

      Default Gateway . . . . . . . . . : 192.168.1.3

      DHCPv6 IAID . . . . . . . . . . . : 1761616925

      DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-D8-94-BB-00-24-1D-C5-5B-B9

      DNS Servers . . . . . . . . . . . : 192.168.1.1

      NetBIOS over Tcpip. . . . . . . . : Enabled

    Finally, for the client:

    Microsoft (R) Windows Script Host Version 5.8

    Copyright (C) Microsoft Corporation. All rights reserved.

    Hyper-V Remote Management Configuration & Checkup Utility

    John Howard, Hyper-V Team, Microsoft Corporation.

    http://blogs.technet.com/jhoward

    Version 0.7 7th August 2009

    INFO: Computername is LAB96-20668

    INFO: Computer is in domain 9605.lab

    INFO: Current user is 9605LABkellydj

    INFO: Assuming /mode:client as the Hyper-V role is not installed

    INFO: Build 7600.16385.amd64fre.win7_rtm.090713-1255

    INFO: Detected Windows 7/Windows Server 2008 R2 OS

    INFO: Remote Server Administration Tools are installed

    INFO: Hyper-V Tools Windows feature is enabled

    ——————————————————————————-

    DACL for COM Security Access Permissions

    ——————————————————————————-

    Everyone    (S-1-1-0)

        Allow: LocalLaunch RemoteLaunch (7)

    NT AUTHORITYANONYMOUS LOGON    (S-1-5-7)

        Allow: LocalLaunch RemoteLaunch (7)

    BUILTINDistributed COM Users    (S-1-5-32-562)

        Allow: LocalLaunch RemoteLaunch (7)

    BUILTINPerformance Log Users    (S-1-5-32-559)

        Allow: LocalLaunch RemoteLaunch (7)

    ——————————————————————————-

    ANONYMOUS LOGON Machine DCOM Access

    ——————————————————————————-

    WARN: ANONYMOUS LOGON does have remote access

     This setting should only be enabled if required as security on this

     machine has been lowered. It is needed if you need to manage Hyper-V

     on a remote server which is either in an an untrusted domain from this

     machine, or both machines are in a workgroup.

     Use hvremote /mode:client /anondcom:revoke to turn off

    ——————————————————————————-

    Firewall Settings for Hyper-V Management Clients

    ——————————————————————————-

    Domain Firewall Profile is active

    Public Firewall Profile is active

      Enabled:  Hyper-V Management Clients – WMI (Async-In)

      Enabled:  Hyper-V Management Clients – WMI (TCP-Out)

      Enabled:  Hyper-V Management Clients – WMI (TCP-In)

      Enabled:  Hyper-V Management Clients – WMI (DCOM-In)

    ——————————————————————————-

    Windows Firewall exception rule(s) for mmc.exe

    ——————————————————————————-

    Domain Firewall Profile is active

    Public Firewall Profile is active

      Enabled:  Microsoft Management Console (HVRemote.wsf Created) (UDP)

      Enabled:  Microsoft Management Console (HVRemote.wsf Created) (TCP)

    ——————————————————————————-

    Additional configuration may be necessary

    ——————————————————————————-

     This computer is in a domain. If the target server is in a workgroup,

     you may need to set credentials for the server for Hyper-V Remote

     Management to operate correctly. This step should not be necssary if

     the target server is in the same or trusted domain as this computer.

     If necessary, from a *NON* elevated command prompt, enter:

        cmdkey /add:ServerComputerName /user:ServerComputerNameUserName /pass

     Note that you MUST enter ServerComputerName to BOTH parameters.

     You will be prompted for a password after entering the command.

    ——————————————————————————-

    IP Configuration

    ——————————————————————————-

    Windows IP Configuration

      Host Name . . . . . . . . . . . . : LAB96-20668

      Primary Dns Suffix  . . . . . . . : 9605.lab

      Node Type . . . . . . . . . . . . : Hybrid

      IP Routing Enabled. . . . . . . . : No

      WINS Proxy Enabled. . . . . . . . : No

      DNS Suffix Search List. . . . . . : 9605.lab

                                          navsses.navy.mil

    Ethernet adapter Local Area Connection 3:

      Connection-specific DNS Suffix  . :

      Description . . . . . . . . . . . : Realtek RTL8169/8110 Family PCI Gigabit Ethernet NIC (NDIS 6.20)

      Physical Address. . . . . . . . . : 00-1E-2A-BE-0C-83

      DHCP Enabled. . . . . . . . . . . : Yes

      Autoconfiguration Enabled . . . . : Yes

      Link-local IPv6 Address . . . . . : fe80::dd78:c5fa:a898:7e28%27(Preferred)

      IPv4 Address. . . . . . . . . . . : 192.168.1.101(Preferred)

      Subnet Mask . . . . . . . . . . . : 255.255.255.0

      Lease Obtained. . . . . . . . . . : Wednesday, February 03, 2010 7:37:43 AM

      Lease Expires . . . . . . . . . . : Thursday, February 11, 2010 10:34:48 AM

      Default Gateway . . . . . . . . . :

      DHCP Server . . . . . . . . . . . : 192.168.1.1

      DHCPv6 IAID . . . . . . . . . . . : 671096362

      DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-28-3F-98-00-24-1D-17-92-74

      DNS Servers . . . . . . . . . . . : 192.168.1.1

      NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter Local Area Connection:

      Connection-specific DNS Suffix  . : navsses.navy.mil

      Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)

      Physical Address. . . . . . . . . : 00-24-1D-17-92-74

      DHCP Enabled. . . . . . . . . . . : Yes

      Autoconfiguration Enabled . . . . : Yes

      Link-local IPv6 Address . . . . . : fe80::6de9:4c94:6468:32e4%11(Preferred)

      IPv4 Address. . . . . . . . . . . : 157.187.16.43(Preferred)

      Subnet Mask . . . . . . . . . . . : 255.255.240.0

      Lease Obtained. . . . . . . . . . : Tuesday, February 02, 2010 8:49:32 AM

      Lease Expires . . . . . . . . . . : Wednesday, February 03, 2010 6:34:48 PM

      Default Gateway . . . . . . . . . : 157.187.16.1

      DHCP Server . . . . . . . . . . . : 157.187.16.6

      DHCPv6 IAID . . . . . . . . . . . : 234890269

      DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-28-3F-98-00-24-1D-17-92-74

      DNS Servers . . . . . . . . . . . : 157.187.25.201

                                          157.187.25.241

      Primary WINS Server . . . . . . . : 157.187.25.201

      NetBIOS over Tcpip. . . . . . . . : Disabled

    Ethernet adapter VirtualBox Host-Only Network:

      Connection-specific DNS Suffix  . :

      Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter

      Physical Address. . . . . . . . . : 08-00-27-00-A8-0A

      DHCP Enabled. . . . . . . . . . . : No

      Autoconfiguration Enabled . . . . : Yes

      Link-local IPv6 Address . . . . . : fe80::b9f1:fec0:33c3:29bc%16(Preferred)

      IPv4 Address. . . . . . . . . . . : 192.168.133.200(Preferred)

      Subnet Mask . . . . . . . . . . . : 255.255.255.0

      Default Gateway . . . . . . . . . :

      DHCPv6 IAID . . . . . . . . . . . : 369623079

      DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-28-3F-98-00-24-1D-17-92-74

      DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1

                                          fec0:0:0:ffff::2%1

                                          fec0:0:0:ffff::3%1

      NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter VirtualBox Host-Only Network #2:

      Connection-specific DNS Suffix  . :

      Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter #2

      Physical Address. . . . . . . . . : 08-00-27-00-08-C5

      DHCP Enabled. . . . . . . . . . . : No

      Autoconfiguration Enabled . . . . : Yes

      Link-local IPv6 Address . . . . . : fe80::4dee:46b6:94ab:291f%17(Preferred)

      IPv4 Address. . . . . . . . . . . : 192.168.33.200(Preferred)

      Subnet Mask . . . . . . . . . . . : 255.255.255.0

      Default Gateway . . . . . . . . . :

      DHCPv6 IAID . . . . . . . . . . . : 419954727

      DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-28-3F-98-00-24-1D-17-92-74

      DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1

                                          fec0:0:0:ffff::2%1

                                          fec0:0:0:ffff::3%1

      NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter VirtualBox Host-Only Network #3:

      Connection-specific DNS Suffix  . :

      Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter #3

      Physical Address. . . . . . . . . : 08-00-27-00-0C-54

      DHCP Enabled. . . . . . . . . . . : No

      Autoconfiguration Enabled . . . . : Yes

      Link-local IPv6 Address . . . . . : fe80::c9ff:fbf5:7c1d:6288%19(Preferred)

      IPv4 Address. . . . . . . . . . . : 10.1.4.1(Preferred)

      Subnet Mask . . . . . . . . . . . : 255.255.0.0

      Default Gateway . . . . . . . . . :

      DHCPv6 IAID . . . . . . . . . . . : 487063591

      DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-28-3F-98-00-24-1D-17-92-74

      DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1

                                          fec0:0:0:ffff::2%1

                                          fec0:0:0:ffff::3%1

      NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter VirtualBox Host-Only Network #4:

      Connection-specific DNS Suffix  . :

      Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter #4

      Physical Address. . . . . . . . . : 08-00-27-00-74-DA

      DHCP Enabled. . . . . . . . . . . : No

      Autoconfiguration Enabled . . . . : Yes

      Link-local IPv6 Address . . . . . : fe80::29dc:9fba:ac1f:ee57%21(Preferred)

      IPv4 Address. . . . . . . . . . . : 10.2.4.1(Preferred)

      Subnet Mask . . . . . . . . . . . : 255.255.0.0

      Default Gateway . . . . . . . . . :

      DHCPv6 IAID . . . . . . . . . . . : 554172455

      DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-28-3F-98-00-24-1D-17-92-74

      DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1

                                          fec0:0:0:ffff::2%1

                                          fec0:0:0:ffff::3%1

      NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter isatap.{2CAA4D2C-AC6C-4291-BF98-0907F415786F}:

      Media State . . . . . . . . . . . : Media disconnected

      Connection-specific DNS Suffix  . :

      Description . . . . . . . . . . . : Microsoft ISATAP Adapter

      Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

      DHCP Enabled. . . . . . . . . . . : No

      Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter 6TO4 Adapter:

      Connection-specific DNS Suffix  . : navsses.navy.mil

      Description . . . . . . . . . . . : Microsoft 6to4 Adapter

      Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

      DHCP Enabled. . . . . . . . . . . : No

      Autoconfiguration Enabled . . . . : Yes

      IPv6 Address. . . . . . . . . . . : 2002:9dbb:102b::9dbb:102b(Preferred)

      Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301

      DNS Servers . . . . . . . . . . . : 157.187.25.201

                                          157.187.25.241

      NetBIOS over Tcpip. . . . . . . . : Disabled

    Tunnel adapter Teredo Tunneling Pseudo-Interface:

      Media State . . . . . . . . . . . : Media disconnected

      Connection-specific DNS Suffix  . :

      Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

      Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

      DHCP Enabled. . . . . . . . . . . : No

      Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.navsses.navy.mil:

      Media State . . . . . . . . . . . : Media disconnected

      Connection-specific DNS Suffix  . : navsses.navy.mil

      Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2

      Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

      DHCP Enabled. . . . . . . . . . . : No

      Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{B76F6344-BE3E-4827-929A-A85C0A8CECDE}:

      Media State . . . . . . . . . . . : Media disconnected

      Connection-specific DNS Suffix  . :

      Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3

      Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

      DHCP Enabled. . . . . . . . . . . : No

      Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{5FB165FF-2153-4181-8B8E-664A487A56C3}:

      Media State . . . . . . . . . . . : Media disconnected

      Connection-specific DNS Suffix  . :

      Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4

      Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

      DHCP Enabled. . . . . . . . . . . : No

      Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{19F19DCE-5ED1-4E94-A2BD-D8F4AB6C0D70}:

      Media State . . . . . . . . . . . : Media disconnected

      Connection-specific DNS Suffix  . :

      Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5

      Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

      DHCP Enabled. . . . . . . . . . . : No

      Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{6288435B-9B79-4771-B139-83DEC84E82E4}:

      Media State . . . . . . . . . . . : Media disconnected

      Connection-specific DNS Suffix  . :

      Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6

      Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

      DHCP Enabled. . . . . . . . . . . : No

      Autoconfiguration Enabled . . . . : Yes

    ——————————————————————————-

    Stored Credentials

    ——————————————————————————-

    Currently stored credentials:

       Target: Domain:target=shipinabox.virtualship.local

       Type: Domain Password

       User: kellydj

    ——————————————————————————-

    2 warning(s) or error(s) were found in the configuration. Review the

    detailed output above to determine whether you need to take further action.

    Summary is below.

    1: Anonymous Logon has remote access (may be ok)

    2: You *may* need to set credentials for access to the server

    ——————————————————————————-

    ——————————————————————————-

    Did you know…. HVRemote can help diagnose common errors?

    Instead of running HVRemote /show, run HVRemote /show /target:servername.

    This runs a series of tests against the server to verify connectivity.

    Note that there is documentation on the HVRemote site to assist with the

    most commonly asked questions. Please consult that before asking for

    assistance.

    ——————————————————————————-

    As far as I can tell, everything seems OK, but I still seem to have problems.

    Thanks.

  218. ClayE says:

    Thank you, you have helped me so much with this script 🙂

  219. james says:

    I had a password change come up and now my remote management on both Hyperv and server manager aren’t letting me gain access.  Up until this point Hyper-V server core has been great, but it is things like this that make me miss the ability to interface graphically.

    I have all but exhausted resources on your blog site.  Any suggestions?

  220. sdgsdgdfsgdsg says:

    GOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOD

  221. William says:

    OMG!!! The 10 second guide worked the first time. THANK YOU!

    FYI – Both the client and server have Symantec Endpoint Protection  v11.9.5002.333 (the full suite) and the 10 second guide still worked.

  222. kris de cree says:

    Thanks a milion for this briliant script and explination. This makes setting up HV-Remote management a breeze.

    A pitty that fcts like these do not come with the product itself.

  223. ronny h. says:

    greetings from germany

    i'm experimenting alot with hyper-v in workgroups and you initially helped me alot with your step-by-step guide. And now with the "HVRemote"-tool it's almost too easy. 😛

    thank you very much for your help and effort. 😀

  224. Rajesh Chawla says:

    Thanks for taking the time to put this together. I can now access Hyper-V running on a server core from Windows 7 in a workgroup.

    The time you saved me was significant. Thanks again!

  225. Peter Smekal says:

    Hi, John.

    This is a great tool, thank you very much, it is very helpful.

    However I'm having a problem with one thing – if I follow your steps in the scenario of domain client and a workgroup server (preparing a new hyperv server for my client and having no connection to their domain) the connection to the hyperv server does work perfectly, I can change the hyperv settings, I can add vm's, I can create virtual networks – but when I try to connect to a vm, I always get a prompt for credentials – whatever I type (correct user + correct password, incorrect user, correct user + incorrect password, domain users, local users, remote users, etc.) I get an error, that the administrator did not allow me to connect to this remote computer.

    The only way to make it work is to join the new hyperv server to my domain – then it works without any issue. After I'm done with configuration, I can disconnect from the domain here and connect again to the customer's network – however I don't really feel fine about this procedure.

    So it seems that there is some permission problem somewhere – do you have a clue, where the problem could be?

    Thanks for any help – I have tried to google and read your blogs, but I could fine any similar issue reported.

    Regards,

               Peter Smekal.

  226. Peter Smekal says:

    Hi John.

    Thank you for the tool – it is a great help.

    However I'm having an issue with the following scenario – my computer is a member of my domain and I'm preparing a new hyperv server for my customer, but I don't have access to their domain, so I'd like to prepare the server in workgroup. I have selected from your steps the scenario with domain client and workgroup server – the configuration works for connecting to the server, so I can see the server in the MMC, I can change its properties, I can add VMs, create virtual networks, etc.

    But the problem start when trying to connect to VMs – I got always prompt for credentials – and whatever I type (correct or incorrect user, correct or incorrect password) I get a error message, that the administrator of the system did not allow me to connect to the system. I have tried logged as a local administrator, local user matching the server's local user, domain user with the same username as on the server, but always with the same result…

    It starts working ONLY (no change at the client side, even a restart) after the server is joined to my domain – then everything works perfectly – of course I can now make all the changes I need, move the server to the client, remove it from my domain and join to the customer's domain, but this is not exactly correct way, is it?

    I would appreciate much, if you could try to identify, what is wrong with my config, as it seems only as a permission problem.

    Thank you very much.

    Regards,

        Peter Smekal.

  227. John says:

    What a great little tool.  Thanks so much!  Was starting to get frustrated after installing Hyper-V Server in a test workgroup.

  228. Kostas_dak says:

    i try everything and all fail.

    I can connect from windows 7 laptop to Hyper-V with 1: remote desktop and 2:net use shares but i cant connect with mmc or hyper-v manager .

    mmc give access denied and hyper-v manager says "you dont have privileges or virtual machine management service is not available"

    Any trouble shooting ?

    Thanks

  229. Alp says:

    Very nice tool!

    I was getting bored of trying to find the right setting to change, and the script just told me what to do, awesome!

  230. Steve says:

    I am curious. Is there a way to back out all these changes? Like an "Undo" cscript or something? I am not that impressed with HyperV… even in R2 and will go back to ESXi. I just don't like registry changes, hacks, and firewall rules all having to be updated on my desktop client in order to connect to it. ESXi is far easier and doesn't require all this jazz to setup.

    I haven't seen anything, but if you know of anything- please send something

  231. Sigi says:

    This is a great tool. I used it in a workgroup for testing and it works fine. Thank you, John!

  232. jim says:

    Got Hyper-V remote management working eventually. This tool is a great time saver. I was getting really frustrated and nearly went back to VMware. I had to configure my netgear router to open TCP ports 2179 and 3389 directly to my Hyper-V server machine.

  233. Rainer says:

    can not connect to rpc.

    i did all the tasks, but no success.

    the result on client:

    C:Windowssystem32>cscript hvremote.wsf /show /target:ns214082.ovh.net

    Microsoft (R) Windows Script Host, Version 5.8

    Copyright (C) Microsoft Corporation 1996-2001. Alle Rechte vorbehalten.

    Hyper-V Remote Management Configuration & Checkup Utility

    John Howard, Hyper-V Team, Microsoft Corporation.

    blogs.technet.com/jhoward

    Version 0.7 7th August 2009

    INFO: Computername is XPSWIN7

    INFO: Computer is in workgroup WORKGROUP

    INFO: Current user is XPSWIN7Rainer

    INFO: Assuming /mode:client as the Hyper-V role is not installed

    INFO: Build 7600.16617.x86fre.win7_gdr.100618-1621

    INFO: Detected Windows 7/Windows Server 2008 R2 OS

    INFO: Remote Server Administration Tools are installed

    INFO: Hyper-V Tools Windows feature is enabled

    ——————————————————————————-

    DACL for COM Security Access Permissions

    ——————————————————————————-

    Jeder    (S-1-1-0)

        Allow: LocalLaunch RemoteLaunch (7)

    NT-AUTORITÄTANONYMOUS-ANMELDUNG    (S-1-5-7)

        Allow: LocalLaunch RemoteLaunch (7)

    VORDEFINIERTDistributed COM-Benutzer    (S-1-5-32-562)

        Allow: LocalLaunch RemoteLaunch (7)

    VORDEFINIERTLeistungsprotokollbenutzer    (S-1-5-32-559)

        Allow: LocalLaunch RemoteLaunch (7)

    ——————————————————————————-

    ANONYMOUS LOGON Machine DCOM Access

    ——————————————————————————-

    ANONYMOUS LOGON has remote access

    ——————————————————————————-

    Firewall Settings for Hyper-V Management Clients

    ——————————————————————————-

    Private Firewall Profile is active

      Enabled:  Hyper-V-Verwaltungsclients – WMI (Asynchron eingehend)

      Enabled:  Hyper-V-Verwaltungsclients – WMI (TCP ausgehend)

      Enabled:  Microsoft Hyper-V-Verwaltungsclients – WMI (TCP eingehend)

      Enabled:  Microsoft Hyper-V-Verwaltungsclients – WMI (DCOM eingehend)

    ——————————————————————————-

    Windows Firewall exception rule(s) for mmc.exe

    ——————————————————————————-

    Private Firewall Profile is active

      Enabled:  Microsoft Management Console (HVRemote.wsf Created) (UDP)

      Enabled:  Microsoft Management Console (HVRemote.wsf Created) (TCP)

    ——————————————————————————-

    IP Configuration

    ——————————————————————————-

    Windows-IP-Konfiguration

      Hostname  . . . . . . . . . . . . : XPSWIN7

      Prim"res DNS-Suffix . . . . . . . :

      Knotentyp . . . . . . . . . . . . : Hybrid

      IP-Routing aktiviert  . . . . . . : Nein

      WINS-Proxy aktiviert  . . . . . . : Nein

    Ethernet-Adapter Bluetooth-Netzwerkverbindung:

      Medienstatus. . . . . . . . . . . : Medium getrennt

      Verbindungsspezifisches DNS-Suffix:

      Beschreibung. . . . . . . . . . . : Bluetooth-Ger"t (PAN)

      Physikalische Adresse . . . . . . : 00-1E-4C-CC-B6-5F

      DHCP aktiviert. . . . . . . . . . : Ja

      Autokonfiguration aktiviert . . . : Ja

    Ethernet-Adapter LAN-Verbindung:

      Verbindungsspezifisches DNS-Suffix:

      Beschreibung. . . . . . . . . . . : Intel(R) 82566DC-2 Gigabit-Netzwerkverbin

    dung

      Physikalische Adresse . . . . . . : 00-22-19-06-E3-54

      DHCP aktiviert. . . . . . . . . . : Ja

      Autokonfiguration aktiviert . . . : Ja

      Verbindungslokale IPv6-Adresse  . : fe80::8195:7840:fa0e:b1fd%11(Bevorzugt)

      IPv4-Adresse  . . . . . . . . . . : 192.168.1.6(Bevorzugt)

      Subnetzmaske  . . . . . . . . . . : 255.255.255.0

      Lease erhalten. . . . . . . . . . : Montag, 31. Januar 2011 06:57:04

      Lease l"uft ab. . . . . . . . . . : Dienstag, 1. Februar 2011 06:57:04

      Standardgateway . . . . . . . . . : 192.168.1.1

      DHCP-Server . . . . . . . . . . . : 192.168.1.1

      DHCPv6-IAID . . . . . . . . . . . : 234889753

      DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-13-0C-B8-02-00-22-19-06-E3-54

      DNS-Server  . . . . . . . . . . . : 192.168.1.1

      NetBIOS ?ber TCP/IP . . . . . . . : Aktiviert

    Tunneladapter isatap.{86E8547C-30BE-4264-BD88-63A20B636438}:

      Medienstatus. . . . . . . . . . . : Medium getrennt

      Verbindungsspezifisches DNS-Suffix:

      Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter

      Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0

      DHCP aktiviert. . . . . . . . . . : Nein

      Autokonfiguration aktiviert . . . : Ja

    Tunneladapter LAN-Verbindung* 4:

      Verbindungsspezifisches DNS-Suffix:

      Beschreibung. . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

      Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0

      DHCP aktiviert. . . . . . . . . . : Nein

      Autokonfiguration aktiviert . . . : Ja

      IPv6-Adresse. . . . . . . . . . . : 2001:0:5ef5:79fd:40b:686:2a66:cbe4(Bevorz

    ugt)

      Verbindungslokale IPv6-Adresse  . : fe80::40b:686:2a66:cbe4%12(Bevorzugt)

      Standardgateway . . . . . . . . . : ::

      NetBIOS ?ber TCP/IP . . . . . . . : Deaktiviert

    Tunneladapter isatap.{DBDF4D87-3781-4A96-BB5F-D6BC7E4FC1CB}:

      Medienstatus. . . . . . . . . . . : Medium getrennt

      Verbindungsspezifisches DNS-Suffix:

      Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter #2

      Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0

      DHCP aktiviert. . . . . . . . . . : Nein

      Autokonfiguration aktiviert . . . : Ja

    ——————————————————————————-

    Stored Credentials

    ——————————————————————————-

    Momentan gespeicherte Anmeldeinformationen:

       Ziel: Domain:target=TERMSRV/ns214082.ovh.net

       Typ: Dom"nenkennwort

       Benutzer: ns214082VirtHyperV5!

       Best"ndigkeit des lokalen Computers

       Ziel: WindowsLive:target=virtualapp/didlogical

       Typ: Allgemeine

       Benutzer: 02ptzxrqyasr

       Best"ndigkeit des lokalen Computers

       Ziel: Domain:target=www2.dtg.de

       Typ: Dom"nenkennwort

       Benutzer: XPSWIN7intoursh

       Ziel: Domain:target=ns214082.ovh.net

       Typ: Dom"nenkennwort

       Benutzer: ns214082Rainer

       Ziel: LegacyGeneric:target=Microsoft_ExpressionWeb_Rainer_ftp://www.cardxper

    ts.net

       Typ: Allgemeine

       Ziel: Domain:target=nsns214082.ovh.net

       Typ: Dom"nenkennwort

       Benutzer: ns214082.ovh.netRainer

    ——————————————————————————-

    Testing connectivity to server:ns214082.ovh.net

    ——————————————————————————-

    1: – nslookup for DNS verification.

        Note that failure is OK if you don't have a DNS infrastructure

    ~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~

    Server:  UnKnown

    Address:  192.168.1.1

    Name:    ns214082.ovh.net

    Address:  188.165.234.49

    Nicht autorisierende Antwort:

    ~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~

    2: – ping attempt (ping -4 -n -1 ns214082.ovh.net)

        Note the ping may timeout – that is OK. However, if you get an

        error that ns214082.ovh.net could not be found, you need to fix DNS

        or add an entry to the hosts file. Test 3 will fail and provide more

        guidance.

        This may take a second or two…

    ~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~

    Ping wird ausgef?hrt f?r ns214082.ovh.net [188.165.234.49] mit 32 Bytes Daten:

    Antwort von 188.165.234.49: Bytes=32 Zeit=40ms TTL=118

    Ping-Statistik f?r 188.165.234.49:

       Pakete: Gesendet = 1, Empfangen = 1, Verloren = 0

       (0% Verlust),

    Ca. Zeitangaben in Millisek.:

       Minimum = 40ms, Maximum = 40ms, Mittelwert = 40ms

    ~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~

    3: – Connect to rootcimv2 WMI namespace

        PASS – Connection established

    4: – Connect to rootvirtualization WMI namespace

        PASS – Connection established

    5: – Simple query to rootcimv2 WMI namespace

        PASS – Simple query succeeded

    6: – Simple query to rootvirtualization WMI namespace

        PASS – Simple query succeeded

        – 1 computer system(s) located

    7: – Async notification query to rootvirtualization WMI namespace

        PASS – Async notification query succeeded

    INFO: Are running the latest version

    C:Windowssystem32>

    The result on server:

    C:UsersRainerDownloadshvremote>cscript hvremote.wsf /show /target:xpswin7

    Microsoft (R) Windows Script Host Version 5.8

    Copyright (C) Microsoft Corporation. All rights reserved.

    Hyper-V Remote Management Configuration & Checkup Utility

    John Howard, Hyper-V Team, Microsoft Corporation.

    blogs.technet.com/jhoward

    Version 0.7 7th August 2009

    INFO: Computername is NS214082

    INFO: Computer is in workgroup WORKGROUP

    INFO: Current user is NS214082Rainer

    INFO: Assuming /mode:server as the role is installed

    INFO: Build 7600.16617.amd64fre.win7_gdr.100618-1621

    INFO: Detected Windows 7/Windows Server 2008 R2 OS

    ——————————————————————————-

    DACL for WMI Namespace rootcimv2

    Required for Hyper-V remote mangement: Allow, EnabAct, RemEnab, InheritAce

    HVRemote also sets NoPropInheritAce and ValidInheritFlags

    ——————————————————————————-

    NS214082Rainer    (S-1-5-21-346029918-1981979368-465589482-1003)

        Allow: EnabAct RemEnab (33)

        Flags: InheritAce NoPropInheritAce ValidInheritFlags  (6)

    BUILTINAdministrators    (S-1-5-32-544)

        Allow: Exec FullWrt PartWrt ProvWrt EnabAct RemEnab RdSec EdSec (393279)

        Flags: InheritAce InheritedAce ValidInheritFlags  (18)

    NT AUTHORITYNETWORK SERVICE    (S-1-5-20)

        Allow: Exec ProvWrt EnabAct (19)

        Flags: InheritAce InheritedAce ValidInheritFlags  (18)

    NT AUTHORITYLOCAL SERVICE    (S-1-5-19)

        Allow: Exec ProvWrt EnabAct (19)

        Flags: InheritAce InheritedAce ValidInheritFlags  (18)

    NT AUTHORITYAuthenticated Users    (S-1-5-11)

        Allow: Exec ProvWrt EnabAct (19)

        Flags: InheritAce InheritedAce ValidInheritFlags  (18)

    ——————————————————————————-

    DACL for WMI Namespace rootvirtualization

    Required for Hyper-V remote mangement: Allow, EnabAct, RemEnab, InheritAce

    HVRemote also sets NoPropInheritAce and ValidInheritFlags

    ——————————————————————————-

    NS214082Rainer    (S-1-5-21-346029918-1981979368-465589482-1003)

        Allow: EnabAct RemEnab (33)

        Flags: InheritAce NoPropInheritAce ValidInheritFlags  (6)

    BUILTINAdministrators    (S-1-5-32-544)

        Allow: Exec FullWrt PartWrt ProvWrt EnabAct RemEnab RdSec EdSec (393279)

        Flags: InheritAce InheritedAce ValidInheritFlags  (18)

    NT AUTHORITYNETWORK SERVICE    (S-1-5-20)

        Allow: Exec ProvWrt EnabAct (19)

        Flags: InheritAce InheritedAce ValidInheritFlags  (18)

    NT AUTHORITYLOCAL SERVICE    (S-1-5-19)

        Allow: Exec ProvWrt EnabAct (19)

        Flags: InheritAce InheritedAce ValidInheritFlags  (18)

    NT AUTHORITYAuthenticated Users    (S-1-5-11)

        Allow: Exec ProvWrt EnabAct (19)

        Flags: InheritAce InheritedAce ValidInheritFlags  (18)

    ——————————————————————————-

    Contents of Authorization Store Policy

    ——————————————————————————-

    Hyper-V Registry configuration:

    – Store: msxml://C:ProgramDataMicrosoftWindowsHyper-VInitialStore.xml

    – Service Application: Hyper-V services

    Application Name: Hyper-V services

    Operation Count: 34

       100 – Read Service Configuration

       105 – Reconfigure Service

       200 – Create Virtual Switch

       205 – Delete Virtual Switch

       210 – Create Virtual Switch Port

       215 – Delete Virtual Switch Port

       220 – Connect Virtual Switch Port

       225 – Disconnect Virtual Switch Port

       230 – Create Internal Ethernet Port

       235 – Delete Internal Ethernet Port

       240 – Bind External Ethernet Port

       245 – Unbind External Ethernet Port

       250 – Change VLAN Configuration on Port

       255 – Modify Switch Settings

       260 – Modify Switch Port Settings

       265 – View Switches

       270 – View Switch Ports

       275 – View External Ethernet Ports

       280 – View Internal Ethernet Ports

       285 – View VLAN Settings

       290 – View LAN Endpoints

       295 – View Virtual Switch Management Service

       300 – Create Virtual Machine

       305 – Delete Virtual Machine

       310 – Change Virtual Machine Authorization Scope

       315 – Start Virtual Machine

       320 – Stop Virtual Machine

       325 – Pause and Restart Virtual Machine

       330 – Reconfigure Virtual Machine

       335 – View Virtual Machine Configuration

       340 – Allow Input to Virtual Machine

       345 – Allow Output from Virtual Machine

       350 – Modify Internal Ethernet Port

       355 – Allow Virtual Machine Snapshot

    1 role assignment(s) were located

    Role Assignment 'Administrator' (Targetted Role Assignment)

      – All Hyper-V operations are selected

      – There are 2 member(s) for this role assignment

      – BUILTINAdministrators (S-1-5-32-544)

      – NS214082Rainer (S-1-5-21-346029918-1981979368-465589482-1003)

    ——————————————————————————-

    Contents of Group Distributed COM Users

    ——————————————————————————-

    2 member(s) are in Distributed COM Users

      – NS214082Rainer

      – NS214082VirtHyperV5!

    ——————————————————————————-

    DACL for COM Security Launch and Activation Permissions

    ——————————————————————————-

    BUILTINAdministrators    (S-1-5-32-544)

        Allow: LocalLaunch RemoteLaunch LocalActivation RemoteActivation (31)

    Everyone    (S-1-1-0)

        Allow: LocalLaunch LocalActivation (11)

    BUILTINDistributed COM Users    (S-1-5-32-562)

        Allow: LocalLaunch RemoteLaunch LocalActivation RemoteActivation (31)

    BUILTINPerformance Log Users    (S-1-5-32-559)

        Allow: LocalLaunch RemoteLaunch LocalActivation RemoteActivation (31)

    ——————————————————————————-

    Firewall Settings for Hyper-V

    ——————————————————————————-

    Public Firewall Profile is active

      Enabled:  Hyper-V (REMOTE_DESKTOP_TCP_IN)

      Enabled:  Hyper-V (MIG-TCP-In)

      Enabled:  Hyper-V (RPC)

      Enabled:  Hyper-V (RPC-EPMAP)

      Enabled:  Hyper-V – WMI (Async-In)

      Enabled:  Hyper-V – WMI (TCP-Out)

      Enabled:  Hyper-V – WMI (TCP-In)

      Enabled:  Hyper-V – WMI (DCOM-In)

    ——————————————————————————-

    Firewall Settings for Windows Management Instrumentation (WMI)

    ——————————————————————————-

    Public Firewall Profile is active

      Enabled:  Windows Management Instrumentation (ASync-In)

      Enabled:  Windows Management Instrumentation (WMI-Out)

      Enabled:  Windows Management Instrumentation (WMI-In)

      Enabled:  Windows Management Instrumentation (DCOM-In)

    Note: Above firewall settings are not required for Hyper-V Remote Management

    ——————————————————————————-

    IP Configuration

    ——————————————————————————-

    Windows IP Configuration

      Host Name . . . . . . . . . . . . : ns214082

      Primary Dns Suffix  . . . . . . . :

      Node Type . . . . . . . . . . . . : Hybrid

      IP Routing Enabled. . . . . . . . : No

      WINS Proxy Enabled. . . . . . . . : No

    Ethernet adapter Local Area Connection 3:

      Media State . . . . . . . . . . . : Media disconnected

      Connection-specific DNS Suffix  . :

      Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connectio

    n #2

      Physical Address. . . . . . . . . : 00-25-90-0D-09-AD

      DHCP Enabled. . . . . . . . . . . : Yes

      Autoconfiguration Enabled . . . . : Yes

    Ethernet adapter Local Area Connection:

      Connection-specific DNS Suffix  . :

      Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connectio

    n

      Physical Address. . . . . . . . . : 00-25-90-0D-09-AC

      DHCP Enabled. . . . . . . . . . . : No

      Autoconfiguration Enabled . . . . : Yes

      Link-local IPv6 Address . . . . . : fe80::9c96:3bb3:9a04:1ff8%3(Preferred)

      IPv4 Address. . . . . . . . . . . : 188.165.234.49(Preferred)

      Subnet Mask . . . . . . . . . . . : 255.255.255.0

      Default Gateway . . . . . . . . . : 188.165.234.254

      DNS Servers . . . . . . . . . . . : 213.186.33.99

      NetBIOS over Tcpip. . . . . . . . : Enabled

    ——————————————————————————-

    Testing connectivity to client: xpswin7 (2 tests in total)

    ——————————————————————————-

    Test 1

    ——

       This test verifies your DNS infrastructure. For Hyper-V remote management,

       NS214082 must be able to resolve the IP address of xpswin7.

       If you do not have a DNS infrastructure, test 1 may legitimately fail.

       However, you will have to edit windowssystem32driversetchosts on this

       computer to add an entry for xpswin7.

       If you have a DNS infrastructure and test 1 fails, this is a strong

       indication that Hyper-V remote management will not work.

           a) Verify that xpswin7 is the correct client name

           b) On NS214082, run ipconfig /flushdns

           c) On xpswin7, run ipconfig /registerDNS

       If you have a DNS infrastructure and test 1 succeeds, verify the IPv4

       address returned matches the IPv4 address of xpswin7. This can be

       found by running ipconfig /all on xpswin7.

       If you find the incorrect IP address is returned, follow steps a) to c)

       described above, plus step d) below.

           d) Check the hosts file on NS214082 for incorrect entries.

    ~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~

    Server:  cdns.ovh.net

    Address:  213.186.33.99

    *** cdns.ovh.net can't find xpswin7: Non-existent domain

    ~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~

    Test 2

    ——

       This test attempts to ping xpswin7. Like test 1, the aim is to

       verify name resolution. Examine the output to ensure the IP address is

       that of xpswin7.

       If an incorrect IP address is shown, follow resolution steps a)

       through d) listed above.

       A ping timeout is OK. It is likely the firewall on the client machine

       is blocking inbound pings. No action need be taken.

       If the ping cannot locate xpswin7, you may need to add an entry

       in windowssystem32driversetc (described above). If you have a DNS

       infrastructure, follow steps a) through c).

       This test may take a second or two…

    ~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~

    Pinging xpswin7 [213.153.52.27] with 32 bytes of data:

    Request timed out.

    Ping statistics for 213.153.52.27:

       Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),

    ~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~

    INFO: Are running the latest version

    C:UsersRainerDownloadshvremote>

    I can connect with server-manager and the storage manager is available for example.

    Any idea what i can do ?

  234. eagle says:

    Hi. I have exactly the same problem like tonyfada. Everything looks ok but still cant get connection from Win7 to Hyper-V standalone. Output from client:

    Microsoft (R) Windows Script Host Version 5.8

    Copyright (C) Microsoft Corporation. All rights reserved.

    Hyper-V Remote Management Configuration & Checkup Utility

    John Howard, Hyper-V Team, Microsoft Corporation.

    blogs.technet.com/jhoward

    Version 0.7 7th August 2009

    INFO: Computername is TREX-PC-WIN7

    INFO: Computer is in workgroup WORKGROUP

    INFO: Current user is Trex-PC-Win7Trex

    INFO: Assuming /mode:client as the Hyper-V role is not installed

    INFO: Build 7600.16617.x86fre.win7_gdr.100618-1621

    INFO: Detected Windows 7/Windows Server 2008 R2 OS

    INFO: Remote Server Administration Tools are installed

    INFO: Hyper-V Tools Windows feature is enabled

    ——————————————————————————-

    DACL for COM Security Access Permissions

    ——————————————————————————-

    Everyone    (S-1-1-0)

        Allow: LocalLaunch RemoteLaunch (7)

    NT AUTHORITYANONYMOUS LOGON    (S-1-5-7)

        Allow: LocalLaunch RemoteLaunch (7)

    BUILTINDistributed COM Users    (S-1-5-32-562)

        Allow: LocalLaunch RemoteLaunch (7)

    BUILTINPerformance Log Users    (S-1-5-32-559)

        Allow: LocalLaunch RemoteLaunch (7)

    ——————————————————————————-

    ANONYMOUS LOGON Machine DCOM Access

    ——————————————————————————-

    ANONYMOUS LOGON has remote access

    ——————————————————————————-

    Firewall Settings for Hyper-V Management Clients

    ——————————————————————————-

    Private Firewall Profile is active

    Public Firewall Profile is active

      Enabled:  Hyper-V Management Clients – WMI (Async-In)

      Enabled:  Hyper-V Management Clients – WMI (TCP-Out)

      Enabled:  Hyper-V Management Clients – WMI (TCP-In)

      Enabled:  Hyper-V Management Clients – WMI (DCOM-In)

    ——————————————————————————-

    Windows Firewall exception rule(s) for mmc.exe

    ——————————————————————————-

    Private Firewall Profile is active

    Public Firewall Profile is active

      Enabled:  Microsoft Management Console (HVRemote.wsf Created) (UDP)

      Enabled:  Microsoft Management Console (HVRemote.wsf Created) (TCP)

    ——————————————————————————-

    IP Configuration

    ——————————————————————————-

    Windows IP Configuration

      Host Name . . . . . . . . . . . . : Trex-PC-Win7

      Primary Dns Suffix  . . . . . . . :

      Node Type . . . . . . . . . . . . : Hybrid

      IP Routing Enabled. . . . . . . . : No

      WINS Proxy Enabled. . . . . . . . : No

      DNS Suffix Search List. . . . . . : home

    Ethernet adapter Local Area Connection:

      Connection-specific DNS Suffix  . : home

      Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)

      Physical Address. . . . . . . . . : 00-00-00-00-00-00

      DHCP Enabled. . . . . . . . . . . : Yes

      Autoconfiguration Enabled . . . . : Yes

      Link-local IPv6 Address . . . . . : fe80::ac00:0000:0000:edae%11(Preferred)

      IPv4 Address. . . . . . . . . . . : 192.168.1.72(Preferred)

      Subnet Mask . . . . . . . . . . . : 255.255.255.0

      Lease Obtained. . . . . . . . . . : 31 January 2011 01:09:56

      Lease Expires . . . . . . . . . . : 01 February 2011 13:09:56

      Default Gateway . . . . . . . . . : 192.168.1.254

      DHCP Server . . . . . . . . . . . : 192.168.1.254

      DHCPv6 IAID . . . . . . . . . . . : 234890269

      DHCPv6 Client DUID. . . . . . . . : 00-00-00-00-00-00-00-DA-00-00-00-D0-EC-16

      DNS Servers . . . . . . . . . . . : 192.168.1.254

      NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter VirtualBox Host-Only Network:

      Connection-specific DNS Suffix  . :

      Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter

      Physical Address. . . . . . . . . : 00-00-20-00-00-00

      DHCP Enabled. . . . . . . . . . . : No

      Autoconfiguration Enabled . . . . : Yes

      Link-local IPv6 Address . . . . . : fe00::00c0:0000:000:bea6%37(Preferred)

      IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred)

      Subnet Mask . . . . . . . . . . . : 255.255.255.0

      Default Gateway . . . . . . . . . :

      DHCPv6 IAID . . . . . . . . . . . : 621281319

      DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-00-00-00-DA-00-24-1D-D0-EC-16

      DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1

                                          fec0:0:0:ffff::2%1

                                          fec0:0:0:ffff::3%1

      NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter isatap.lan:

      Media State . . . . . . . . . . . : Media disconnected

      Connection-specific DNS Suffix  . :

      Description . . . . . . . . . . . : Microsoft ISATAP Adapter

      Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

      DHCP Enabled. . . . . . . . . . . : No

      Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 11:

      Connection-specific DNS Suffix  . :

      Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

      Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

      DHCP Enabled. . . . . . . . . . . : No

      Autoconfiguration Enabled . . . . : Yes

      IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:0000d:000c:240f:ae68:2205(Preferred)

      Link-local IPv6 Address . . . . . : fe80::3cfc:240f:0008:00005%12(Preferred)

      Default Gateway . . . . . . . . . : ::

      NetBIOS over Tcpip. . . . . . . . : Disabled

    Tunnel adapter isatap.home:

      Media State . . . . . . . . . . . : Media disconnected

      Connection-specific DNS Suffix  . :

      Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2

      Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

      DHCP Enabled. . . . . . . . . . . : No

      Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{929859F7-3C17-44DC-887F-5B11FE7464FC}:

      Media State . . . . . . . . . . . : Media disconnected

      Connection-specific DNS Suffix  . :

      Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4

      Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

      DHCP Enabled. . . . . . . . . . . : No

      Autoconfiguration Enabled . . . . : Yes

    ——————————————————————————-

    Stored Credentials

    ——————————————————————————-

    Currently stored credentials:

    * NONE *

    ——————————————————————————-

    Testing connectivity to server:192.168.1.76

    ——————————————————————————-

    1: – nslookup for DNS verification.

        Note that failure is OK if you don't have a DNS infrastructure

    ~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~

    Server:  BThomehub.home

    Address:  192.168.1.254

    Name:    37L4247H28-25.home

    Address:  192.168.1.76

    ~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~

    2: – ping attempt (ping -4 -n -1 192.168.1.76)

        Note the ping may timeout – that is OK. However, if you get an

        error that 192.168.1.76 could not be found, you need to fix DNS

        or add an entry to the hosts file. Test 3 will fail and provide more

        guidance.

        This may take a second or two…

    ~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~

    Pinging 192.168.1.76 with 32 bytes of data:

    Reply from 192.168.1.76: bytes=32 time<1ms TTL=128

    Ping statistics for 192.168.1.76:

       Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

       Minimum = 0ms, Maximum = 0ms, Average = 0ms

    ~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~

    3: – Connect to rootcimv2 WMI namespace

        PASS – Connection established

    4: – Connect to rootvirtualization WMI namespace

        PASS – Connection established

    5: – Simple query to rootcimv2 WMI namespace

        PASS – Simple query succeeded

    6: – Simple query to rootvirtualization WMI namespace

        PASS – Simple query succeeded

        – 1 computer system(s) located

    7: – Async notification query to rootvirtualization WMI namespace

        PASS – Async notification query succeeded

    INFO: Are running the latest version

    Somebody know how to solve it?

  235. Trido says:

    Hi.  Great article and great tool but I am having some issues if anyone could help me.  Everything seemed to go ok.  When I ran the tests from my client it was fine.  Tests 1 and 2 failed, but 1 failed because I have no DNS, 2 failed due to ping timeout which it says should be ok and all other tests passed.  On the server, Test 1 failed, however I added IP HOSTNAME to my HOSTS file and Test 2 passed.  When I connect via the RSAT MMC snapin, I get:

    Cannot connect to the RPC service on computer '10.0.0.0.254'. Make sure your RPC service is running.

    From what I can see, everything should be working right.  Looks like it is a common issue but the suggestions have not worked for me.  I can ping the Client from the Server, but cannot the other way around.  Could that be causing a problem?  I also cannot use the servers hostname to try to connect via the Snapin.  I have to use the IP.

  236. Javad says:

    Dear john

    I am confuse now.

    I install hyper-v server 2008 on h server an now I want to add 3 virtuall machine but I dont kow what should I do now?

    Thanks

  237. How am I supposed to get the .wsf onto Hyper-V, there is no GUI so I can't start IExplorer.

    The fact that I'm messing around trying to do this, but ESXi and Xen work flawlessly straight out of the box, tells me Hyper-V is already pretty much finished, it's just Microsoft havn't worked that out yet.

  238. Thx, yea… I did that 😉

  239. JDM4 says:

    Thanks for the great article and tool.

    If you have a firewall sitting between the two machines what ports do you need to make sure are open between the two.  I know probably two of them are 135 and 445 but are there others?

    Thanks,

  240. MG says:

    Hello John, it seems that many people have some troubles managing vhd files, me too.

    archive.msdn.microsoft.com/…/View.aspx

    When I try to create or modify a vhd file from my notebook using RSAT, the process hangs, though the vhd files get correctly created or modified. The server is domain member while my notebook isn't. If I work on a domain member client, the error doesn't happen, but I need to manage my customers' servers from my notebook and not from their own computers.

    Is there a way to find the reason why it's so difficult to create and modify vhd files? Everything else seems running very fine, I ran hvremote on both server and client and I didn't get any error.

    The point is that I was able to reproduce this strange event on another system (my lab), after I had encountered it for the first time when I was working on a customer's server.

  241. Gert says:

    Thanks a lot for this excellent script !!!!

  242. Gert says:

    Thanks a lot for this excellent script !!!!

  243. Darren Boyer says:

    John – Chalk up another win for the HVRemote tool.  Worked great for us.  Thank you for releasing this for others benefit.

  244. Why? says:

    I've spent a Friday fooling around with this idiotic program… damn, what is wrong with Microsoft?

  245. Why? says:

    I've spent a Friday fooling around with this idiotic program… damn, what is wrong with Microsoft?

  246. Andreas Hertle says:

    Great stuff, thx for that.

    A.H.

  247. Alan Osborne says:

    I'm playing with Hyper-V Server 2008 R2 for the first time. My intent was to quickly stand-up a hypervisor host, deploy a VM, and then play around with the Hyper-V Manager console from a Windows 7 workstation. Neither the workstation nor the Hyper-V Server was joined to a domain, so your HVRemote script saved me a ton of time getting this to work. Worked flawlessly.

    Thanks!!!

  248. bill says:

    Great Jobs!

    Shouldn't have to go through all of this to get this working. Maybe setting up hyper v server with an appropriately configured answered file would be an easier method?

  249. Arnie Rowland says:

    Does HVRemote work the same with Windows 8 Hyper-V Server beta?

  250. Bryan says:

    Thanks for writing the blog post.  This just saved me hours of research on why my Hyper V manager on a workgroup wouldn't connect.  Setup in under 5 minutes now and already using it.  

  251. Akira says:

    Nice job. Is a useful tool.

  252. Sinisa says:

    First of all  thanks for your walk through and this great tool. I am new to this and it helped me a lot. I tested everthing severel times on test machine and server 2005 r2, now on my new server I had to install 2008 r2 SP1 and after few reinstalls and first using walkthroug and then tool closes I got is massage: Routing and Remote Access

    —————————

    The system cannot find the file specified.

    both  machines have identical user and pass and are in same workgroup , when I try tu run test only warnings I get is that firewall is off

    pls help

  253. Sinisa says:

    John,

    I solved problem. Clinet side – format c:.  I guess something got messed up  – I used thet machine during testing faze on several servers so something just did not work properly.

    Thanks again for grate walk through and even better tool.

    I am quite new to all this and have never worked with Hyper-V. But wity your help I managed to set up HV server on Core installation.

    Thank you sincerely.

    Sinisa 🙂

  254. Austin says:

    Hey All,

    Thanks so much for the great tool

    Mine was failing becuase i was using IPaddress instead of hostname in a workgroup setup.  Hope this helps someone, it works beautifully now 🙂

  255. Rick says:

    Are you freaking kidding me with all this happy hoo ha with just trying to connect remotly to the V server? No wonder why vmware is superior. You connect with vsphere clinet in exactly 1 minutue after you yes via a web browser connect to the IP of the host and download the client. Microsoft should be ashamed of themselves, but realistically it is more of the same from the Bloatware king of the world.

  256. Nikrampi says:

    Great automation tool! It does not only save time and boring keyboard typing, but checks for missing KBs and warns of "unsupported" configurations… that's more than I could ask for!

    Thank you so much!

    Nik

  257. Marcus says:

    Thank you so much! Work`s grat for me…

  258. nick says:

    Thanks man, this was very useful.  Made it very easy to add new users to the server (non domain) and grant access to a domain user.

  259. Riccardo says:

    Great tool !

    Only a question :

    It is possible (for me it's not working) to manage an HyperV server from a client behind a nat without open ports (on router/firewall) ?

  260. Dan_IT says:

    Hi John – I'm trying to get this to work on Windows 8 Client Hyper-V, both on a workgroup, signed in with Microsoft accounts.  AFAIK these accounts appear to act like local accounts and both have the same name and password on each machine.

    I'm trying to connect the Hyper-V console on my laptop to my desktop which is acting as a server but keep getting permissions errors even after running this tool.

    Have you tested such a scenario?

  261. Dan_IT says:

    I managed to get this working between two Win8 machines, but only if I create a matching local account on both – I cannot get it to work the Microsoft account that I currently used.  Can anyone help?

  262. Hi, thanks for the VERY helpful thing, now waiting for version 1.x 😉 Cheers!

  263. David Rees-Clark says:

    Great tool, thanks a lot. Also works on Windows Server 6.2 (which is Windows Server 2012).

  264. Karen Dean says:

    Fabulous!!! Thank you so much – what a time (and hair pulling) saver!!! The latest version released 2012.03.28 totally worked for setting up remote management between a brand new Lenovo WS 2012 host server (with its many VMs) and the W8Pro VM sitting on it…took less than 5 minutes. And, voila – there I see all the VMs sitting in the client's HyperV Manager!!

    Yesterday I was prepared to do the looooooong setup version that I did in my lab in January 2013, configuring for remote management of a server and client in the same workgroup. I ran into an authorization error trying to connect to the server from within HyperV Manager in the client…did a search online for the error – and to my delight – found this newly posted solution. Thank you, thank you, thank you!

  265. ThankYou But says:

    Thank you, but really, Microsoft should be embarrassed to have to release such a tool, it's ridiculous.

  266. Sri says:

    Brilliant stuff! Thank you John 🙂

  267. Mon says:

    Hi John Great tool. Usefull with W8 but with W7 no so good. I have an VMware Workstation enviroment lab with w2k12 and W7Pro. I can't use Hyper-V manager to create new VM. The error in a client side is "The operation on computer "server" failed. When I
    use hvremote /show in the "server" the only warning is 1: Remote machine is Windows 7 !. Can you help me?. best Regards

  268. Son says:

    I wanted to confirm that this does not work with Server 2012 R2?

  269. Mon says:

    2012 R2. I follow all tutorial steep by steep and doesn't work. The only warning is that. Remote machine is Windows 7 !. 🙁

  270. Mon says:

    Thank john. Great work. Any way.. I'm testing because is a probable scenario with W2k2 R2 and W7Pro, but I'll test with W8. Let's see. Best Regards.

  271. imran says:

    Dear John what I understand that server Hyper V 2012 R2 cannot manage through windows 7.. we can only manage server Hyper V 2012 through windows 7.??

  272. Son says:

    @John Howard – I should have been more clear, I wanted to confirm that this does not work with Server 2012 R2 + Windows 7 Pro. Which it looks like you did confirm this right before I typed my question. Thanks!

  273. MEK says:

    great tool

  274. imran says:

    I also try server hv 2012 R2 to manage through windows server 2008 R2 sp1 but failed getting same error …..The operation on computer "server" failed. ……….

  275. imran says:

    Thanks Dear for the clarity.

  276. raha says:

    Hi there
    thanks for sharing this Article
    I have a problem In hyper-v on windows 8.1 . I enable hyper-v on win 8.1 and installed win-server 2012 on this hyper-v and then I create hyper-v as a map drive in file explorer in the win 8.1 . after then on I'm not able to connect to win-server 2012 . win-server 2012 can be start but I can't connect to . when I click to connect hyper-v wants me to enter my credentials . I try the win-server 2012 credentials and win 8,1 credentials but no one is effective . give me this Error for for of credentials : The credentials that were used to connect to hyper-v did not work .Please enter new credentials :
    Please help me how can I fix it and connect to this vm
    Great Regards :
    Raha

  277. Jean L. says:

    Thank you for this great tool!

  278. rajeev says:

    This is a very good tool. I was struggling to remote manage my hyperv and fortunately found this. This did a magic and within few minutes i was able to connect. Thanks for the tool.

  279. Jeeves says:

    Can't see to get remote management working. Both PC's are joined to the domain. The Client PC is running 8.1 Pro while the server is running Hyper-V Server 2012R2. Outputs are as follows:

    Server:

    https://drive.google.com/file/d/0B0yvVaAI46rkZVJRRzFiQnByMnM/view?usp=sharing

    Client:

    https://drive.google.com/file/d/0B0yvVaAI46rkc3ctNnFfOVcwVzA/view?usp=sharing