VMM 2012: VM Console Error (0×0107, 0×0000)

VMM 2012: VM Console Error (0×0107, 0×0000)

After an initial/clean installation of VMM, I was getting the following error message, “(0×0107, 0×0000)” upon trying to connect to VM via console in VMM. I was also getting password prompts several times and it was not accepting any valid credentials. There were no issues with opening the console through Hyper-V Console remotely.

Workaround

First, I found a workaround by importing Hyper-V host certificate onto VMM. To do this, you need to export the certificate from the host:

Be careful here, you need to select “service account” while adding the certificate mmc on Hyper-V host, then locate Windows Remote Management (WS-Management) under services.

Then under “WinRMTrusted Root Certification Authorities”, export host certificate. This certificate needs to be imported into “Trusted Root Certification Authorities” section under computer account on VMM host.

While I was doing this, I had been thinking why I need to do this as all the servers in my setup were in the same domain and I thought the behavior is similar to Kerberos double-hop delegation issues.  Thinking that I started investigating the SPNs.

Fix: SPNs

First, for more information about what SPN (Service Principal Names) is, please visit http://blogs.msdn.com/b/autz_auth_stuff/archive/2011/04/28/what-is-spn-and-why-should-you-care.aspx

When I checked SPNs, all servers was missing two imported SPNs that needs to be registered in the hosts’ computer account. These are:

Microsoft Virtual System Migration Service/

Microsoft Virtual Console Service/

These needs to have both hostname and FQDN at the end of “/” (see below)

(I also added “Hyper-V Replica Service/” just in case)

For SCVMM: SCVMM/

Apparently, the user account that I used to install VMM agent did not have rights to create SPNs in the respective OU (the environment was restrictive; so be careful in such installations as the user (run as account) pushing VMM agent needs to have rights to register SPNs on computer accounts).

SPNs can be registered with setspn and the syntax is:

Example:

To list registered SPNs: setspn –L myhost1

To register SPNs: setspn -S http/myhost1 myhost1

Below is screenshot of my demo environment showing the SPNs registered:

Then I removed the certs and all things started working again normally.

• Author
• Recent Posts

Bulent Tolu

Systems Engineer at Veeam

Bulent is an IT professional with MSc in MIS and close to 20-years of experience in broad range of technologies. He has a passion to continually research, test and evaluate new technologies and follow industry best practices to secure and optimize IT systems and solve IT challenges for enteprises. Currently, he lives in Ankara and works as Systems Engineer at Veeam.

Latest posts by Bulent Tolu (see all)

• VMware Identity Manager – Workspace ONE – Provide Access to Horizon Desktops and Apps & Workspace ONE mode - 17 September 2017
• VMware Identity Manager 2.9.2 – Workspace ONE – Installation in DMZ with Outbound-Only Connection Mode - 17 September 2017
• Deploy Unified Access Gateway (UAG) 3.0 with Horizon - 17 September 2017