VMM 2012: VM Console Error (0×0107, 0×0000)

VMM 2012: VM Console Error (0×0107, 0×0000)

0×0107, 0×0000After an initial/clean installation of VMM, I was getting the following error message, “(0×0107, 0×0000)” upon trying to connect to VM via console in VMM. I was also getting password prompts several times and it was not accepting any valid credentials. There were no issues with opening the console through Hyper-V Console remotely.

Workaround

First, I found a workaround by importing Hyper-V host certificate onto VMM. To do this, you need to export the certificate from the host:

Be careful here, you need to select “service account” while adding the certificate mmc on Hyper-V host, then locate Windows Remote Management (WS-Management) under services.

service account

Windows Remote Management (WS-Management)

Then under “WinRMTrusted Root Certification Authorities”, export host certificate. This certificate needs to be imported into “Trusted Root Certification Authorities” section under computer account on VMM host.

While I was doing this, I had been thinking why I need to do this as all the servers in my setup were in the same domain and I thought the behavior is similar to Kerberos double-hop delegation issues.  Thinking that I started investigating the SPNs.

Fix: SPNs

First, for more information about what SPN (Service Principal Names) is, please visit http://blogs.msdn.com/b/autz_auth_stuff/archive/2011/04/28/what-is-spn-and-why-should-you-care.aspx

When I checked SPNs, all servers was missing two imported SPNs that needs to be registered in the hosts’ computer account. These are:

Microsoft Virtual System Migration Service/

Microsoft Virtual Console Service/

These needs to have both hostname and FQDN at the end of “/” (see below)

(I also added “Hyper-V Replica Service/” just in case)

For SCVMM: SCVMM/

 

Apparently, the user account that I used to install VMM agent did not have rights to create SPNs in the respective OU (the environment was restrictive; so be careful in such installations as the user (run as account) pushing VMM agent needs to have rights to register SPNs on computer accounts).

SPNs can be registered with setspn and the syntax is:

Example:

To list registered SPNs: setspn –L myhost1

To register SPNs: setspn -S http/myhost1 myhost1

 

Below is screenshot of my demo environment showing the SPNs registered:

setspn –L

Then I removed the certs and all things started working again normally.

Bulent Tolu

No comments.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Share
Translate »