Setting Up R730, Part Three
Coming back to that error I experienced connecting to the server from Hyper-V Manager on my desktop:
…Check that the Virtual Machine Management service is running and that you are authorized to connect to the server. You do not have the required permission to complete this task. Contact the administrator of the authorization policy for the computer…
I go back through Microsoft’s documentation wondering if I missed something. Everything I am reading says if the Hyper-V server is part of the domain it is ready to be connected to remotely. I confirm the server is set to enabled for remote management. My desktop has no problem connecting to other Hyper-V servers in the domain with the domain administrator’s credentials. The only difference there I can think of is this new server is just the bare metal hypervisor.
As I read around the internet every search and page just points back to the extra configuration required for when a Hyper-V server is not part of a domain. That doesn’t apply to me in this scenario. I know my credentials are good they let me connect to the server via Windows Admin Center and Server Manager without issue. Well maybe the remote management settings aren’t enough? On the server:
Enable-PSRemoting
Testing produces the same error. I find a Microsoft forum post that indicates this can be caused by the client also being a Hyper-V server that has the default local Hyper-V switch being set to public. Checking my desktop the default virtual switch is set to private so that shouldn’t be an issue. So I pull up Hyper-V manager on the other two hypervisor servers in the domain and try to connect with the domain admin credentials. They both get the same error. What the heck?
Then I have a thought, when testing from the two Hyper-V servers I was using the Connect as another user option then manually typing in the domain admin credentials. Since I’m already logged into the servers as the domain admin this is unnecessary. I try again without specifying credentials and now the two Hyper-V servers connect to the new server just fine.
So it only errors out if I specify the user account. It almost seems like Hyper-V Manager is not passing along the specified credentials like I would expect. I tried a few more things. I find a forum entry suggesting it is an issue of IPv6 being disabled. IPv6 is enabled across my lab so that shouldn’t be an issue. I try connecting with the FQDN instead of the hostname and get the same error.
What else could I try? Maybe it’s a bad cached credential? No that doesn’t make much sense considering I’ve never actually connected to this server to cache the credentials. I clear the cached credentials anyways just to test. I reconnect the other Hyper-V servers just fine but get the same error with this new one.
I come across another suggestion of adding the account to the local Hyper-V Administrators
group. This seems irrelevant since the domain admins group is already part of the local administrators group, surely that would cover a Hyper-V admin role? Especially since the domain admin can connect if you are logged in with that account. I give it a try by adding the domain admins group to the local Hyper-V Administrators
group. Testing produces the same error message. Could the domain group not be passing along its members properly? I add the domain admin to the local Hyper-V Administrators
group and still get the same error message.
On a whim I added my regular user account that is logged in on my desktop to the local Hyper-V Administrator
group and test. The error remains. I add my regular user that is logged in on my desktop to the local Remote Management Users
group and now I can connect provided I do not specify a log on account.
So why can’t I connect to my bare metal Hyper-V server as a different user when I can connect to Hyper-V servers running in Windows Server? What am I missing? I searched online but could not find any information on this. Maybe I’m just using the wrong search words. Is this something you’ve come across before? Do you know why this is happening?