Hyper-V virtual machine connection failed – Authentication certificate issues

We run a lot of virtual machines at Black Marble. Our virtual machines run on Hyper-V and we’ve got things setup so we can connect to them from desktop machines within Black Marble. I was a little perturbed therefore when I got the following error shown when I tried to connect to one of the virtual machines in use:

Interestingly, this only occurred on one of the servers we run; connections to virtual machines on other servers worked fine. In addition, after RDPing onto the Hyper-V server itself, I still wasn’t able to make connections to those guest machines from the host machine itself via Hyper-V manager.

The problem occurs because the self generated certificate Hyper-V manager uses when communicating with the guest machines had expired. The steps to solve the problem are:

1. On the server affected, stop the Hyper-V Virtual Machine Management service
2. Open MMC and add the certificates add-in; select ‘Service Account’ from the list of options, then ‘Local Computer’, then select ‘Hyper-V Virtual Machine Management’ from the list of services available
3. Expand vmms\Personal in the left pane of the certificates window and then click on the ‘Certificates’ folder immediately underneath it
4. Double-click on the certificate in the right pane of the certificates window (note that it should say ‘issued to’ and ‘issued by’ the host machine) and examine the expiry date
5. Close the certificate window, right-click on the certificate in the right pane of the certificates window and select ‘Delete’
6. Restart the Hyper-V Virtual Management service
7. If you wish to check the validity of the certificate that will have just been created, refresh the certificates window and examine the certificate as before

Update (3rd March 2009): There is now a hotfix to correct this issue for Hyper-V, KB967902.

Technorati Tags: Hyper-V,certificates,virtual machines,remote management