Cannot connect to VM due to authentication cert being invalid??
- Hello,
I am running Windows 2008 Datacenter with Hyper-V and have been working on two VM images. One 2003, One Win2k..
I have been connecting to them via the Hyper-V console while I build the OS's out. I just tried to connect again and I now get this error and I am unable to get a console on either system:
"Cannot connect to the virtual machine because the authentication certificate is expired or invalid. Would you like to try connecting again.. "
Any idea how to resolve this error?? Thanks
答案
- Hello,
This problem may occur if the client machine' time is not synchronized with the time server. If you are in the Active Directory domain, the time server is the PDC.
For example, if the client machine's time is 10:00 and the Hyper-V server's time is 11:00, the authentication certificate may be expired.
You can firstly check if the client machine and the Hyper-V server are at the same time. If they don't match, try the following command on the client machine and on the Hyper-V server to see how it goes:
Net time /setsntp:<PDC or other time server>
Net stop w32time
Net start w32time
Best regards,
Chang Yin- 已标记为答案Chang Yin 2008年10月21日 2:02
全部回复
- Hello,
This problem may occur if the client machine' time is not synchronized with the time server. If you are in the Active Directory domain, the time server is the PDC.
For example, if the client machine's time is 10:00 and the Hyper-V server's time is 11:00, the authentication certificate may be expired.
You can firstly check if the client machine and the Hyper-V server are at the same time. If they don't match, try the following command on the client machine and on the Hyper-V server to see how it goes:
Net time /setsntp:<PDC or other time server>
Net stop w32time
Net start w32time
Best regards,
Chang Yin- 已标记为答案Chang Yin 2008年10月21日 2:02
Rocha,
Here is what you need to do, there is a certificate for the Hyper-V Virtual Machine Management service that has expired. By default the certificate is a self signed certificate and is only good for one year. Here is how to resolve it:
1) Open Services.msc and go to the Hyper-V Virtual Machine Management service and stop the service.
2) Next go to Start - Run and enter MMC - Ok
3) In the MMC go to File - Add/Remove Snap-in, in the list of Available snap-ins select Certificates then Add.
4) In the next window select Service Account and Next. In the Select Computer select the default of Local Computer then Next.
5) Now under the Service Account drill down to the Hyper-V Virtual Machine Management and select it then Finish and OK.
6) Now in the left hand pane expand Certificates, vmms\Personal and highlight Certificates. In the right hand pane double click on the certificate, should show the Issued To as the host machine name.
7) On the General tab of the certificate at the bottom it should show Valid from and a starting and ending date. The problem is that the certificate has expired.
8) Now close the window for the certificate and then in the right hand pane right click and select delete.
9) Go back to the Services.msc and restart the Hyper-V Virtual Machine Management service.
10) Back to the MMC console and refresh the Personal\Certificates and you should see a new one there. Double click on it and verify the new valid dates.
11) To be able to access the VM's now you will either have to restart the VM or simply use the save state then start the VM back up.
Hope this helps.
Mark- 已建议为答案Brian Borg 2009年2月17日 4:09
- Renewing the certificate works superb!
Thanks!
fnilsen - Hi Mark,
I'm have the same problem as Rocha, however my certificate is not expired.
I double checked the dates & times and they are within minutes of each other, so I don't think it's that.
I'm also using windows server core edition, so i used the mmc and connected to the remote server and deleted the cert anyway (just to make sure) however when I try and connect to the vm again using the Hyper-V snap in I just keeping getting the same stupid error about the certificate. Any Ideas here?
Jed.
- To regenerate the self-signed server certificate, try stopping and re-starting the vmms service. It should recognize that the certificate has expired (or is otherwise invalid) and generate a new one.
This posting is provided "AS IS" with no warranties, and confers no rights.- 已建议为答案Christopher Eck [MSFT] 2009年2月19日 21:24
- Solution works great thanks! Is there any way to generate the certificate so it doesn't expire?
