Cannot connect to VM due to authentication cert being invalid??
-
Monday, October 13, 2008 6:41 PMHello,
I am running Windows 2008 Datacenter with Hyper-V and have been working on two VM images. One 2003, One Win2k..
I have been connecting to them via the Hyper-V console while I build the OS's out. I just tried to connect again and I now get this error and I am unable to get a console on either system:
"Cannot connect to the virtual machine because the authentication certificate is expired or invalid. Would you like to try connecting again.. "
Any idea how to resolve this error?? Thanks
Answers
-
Wednesday, October 15, 2008 12:04 PM Hello,
This problem may occur if the client machine' time is not synchronized with the time server. If you are in the Active Directory domain, the time server is the PDC.
For example, if the client machine's time is 10:00 and the Hyper-V server's time is 11:00, the authentication certificate may be expired.
You can firstly check if the client machine and the Hyper-V server are at the same time. If they don't match, try the following command on the client machine and on the Hyper-V server to see how it goes:
Net time /setsntp:<PDC or other time server>
Net stop w32time
Net start w32time
Best regards,
Chang Yin- Marked As Answer by Chang Yin Tuesday, October 21, 2008 2:02 AM
All Replies
-
Wednesday, October 15, 2008 12:04 PM Hello,
This problem may occur if the client machine' time is not synchronized with the time server. If you are in the Active Directory domain, the time server is the PDC.
For example, if the client machine's time is 10:00 and the Hyper-V server's time is 11:00, the authentication certificate may be expired.
You can firstly check if the client machine and the Hyper-V server are at the same time. If they don't match, try the following command on the client machine and on the Hyper-V server to see how it goes:
Net time /setsntp:<PDC or other time server>
Net stop w32time
Net start w32time
Best regards,
Chang Yin- Marked As Answer by Chang Yin Tuesday, October 21, 2008 2:02 AM
-
Wednesday, February 11, 2009 9:21 PM
Rocha,
Here is what you need to do, there is a certificate for the Hyper-V Virtual Machine Management service that has expired. By default the certificate is a self signed certificate and is only good for one year. Here is how to resolve it:
1) Open Services.msc and go to the Hyper-V Virtual Machine Management service and stop the service.
2) Next go to Start - Run and enter MMC - Ok
3) In the MMC go to File - Add/Remove Snap-in, in the list of Available snap-ins select Certificates then Add.
4) In the next window select Service Account and Next. In the Select Computer select the default of Local Computer then Next.
5) Now under the Service Account drill down to the Hyper-V Virtual Machine Management and select it then Finish and OK.
6) Now in the left hand pane expand Certificates, vmms\Personal and highlight Certificates. In the right hand pane double click on the certificate, should show the Issued To as the host machine name.
7) On the General tab of the certificate at the bottom it should show Valid from and a starting and ending date. The problem is that the certificate has expired.
8) Now close the window for the certificate and then in the right hand pane right click and select delete.
9) Go back to the Services.msc and restart the Hyper-V Virtual Machine Management service.
10) Back to the MMC console and refresh the Personal\Certificates and you should see a new one there. Double click on it and verify the new valid dates.
11) To be able to access the VM's now you will either have to restart the VM or simply use the save state then start the VM back up.
Hope this helps.
Mark- Proposed As Answer by Brian Borg Tuesday, February 17, 2009 4:09 AM
-
Monday, February 16, 2009 9:54 AMRenewing the certificate works superb!
Thanks!
fnilsen -
Tuesday, February 17, 2009 10:12 PMHi Mark,
I'm have the same problem as Rocha, however my certificate is not expired.
I double checked the dates & times and they are within minutes of each other, so I don't think it's that.
I'm also using windows server core edition, so i used the mmc and connected to the remote server and deleted the cert anyway (just to make sure) however when I try and connect to the vm again using the Hyper-V snap in I just keeping getting the same stupid error about the certificate. Any Ideas here?
Jed.
-
Thursday, February 19, 2009 9:24 PM To regenerate the self-signed server certificate, try stopping and re-starting the vmms service. It should recognize that the certificate has expired (or is otherwise invalid) and generate a new one.
This posting is provided "AS IS" with no warranties, and confers no rights.- Proposed As Answer by Christopher Eck [MSFT] Thursday, February 19, 2009 9:24 PM
-
Thursday, October 15, 2009 1:19 PMSolution works great thanks! Is there any way to generate the certificate so it doesn't expire?
-
Wednesday, February 24, 2010 3:26 PMMark
I did the above steps but still it won't connect and still gives the same error about the certificate being invalid.
I verified and Cert was updated for the next year. However, maybe where I dropped the ball was on the save - I went to file > Save and save Console 1 in Admin Tools is what popped up.
Do you have any additional instruction you can provide. -
Thursday, April 08, 2010 3:04 PM
you did not have to save the console,
what is important that you restart the guest vm. it should work fine then.
regards.
.png){kind=spacer}
