locked
Error 0x80070490 trying to launch VM without SCVMM on Windows 2008 Server R2 RRS feed

  • Question

  • Hello everybody,

    I get a weird issue trying to launch a VM.

    This is the current situation : I get a server, Windows 2008 R2. I've only install Hyper-V and Failover Cluster. I can create a VM but when I try to launch it, I get an error message into a popup (translated from french) : "The application encountered an error during modification of 'vm_name' state". "'vm_name' could not be initialize". "Could not initialize machine remoting system. Error 'Element not found'. (0x80070490). "Could not find a usable certificate. Error: 'Element not found'. (0x80070490)."

    So, I'm unable to launch my vm's.

    I'm not using SCVMM yet. I want to resolve this issue before.

    I read some articles and posts about SCVMM certificate issue but I'm not using SCVMM.
    More fun, I read articles about this issue but on Windows 2008 Server (not R2) : problem resolved by a fix, unapplicable on my Windows 2008 R2 :)

    I'm totalyblocked and ain't got no idea how I can resolve it.

    If someone gets I idea ...

    Cheers,

    Nicolas

    Wednesday, August 18, 2010 10:15 AM

All replies

  • Please try to restart VMMS service
    Wednesday, August 18, 2010 10:46 AM
  • Done. No change.

    I tried to restart 3 hyper-v services. No change.

    Wednesday, August 18, 2010 1:49 PM
  • How about the use the following script to start the VM locally.

     

    Starting a Hyper-V Virtual Machine

    http://blogs.msdn.com/virtual_pc_guy/archive/2008/01/29/starting-a-hyper-v-virtual-machine.aspx

    Wednesday, August 18, 2010 2:19 PM
  • Unfortunatly, same behavior.
    Wednesday, August 18, 2010 5:08 PM
  • Hi Nicolas

    I am assuming that this is not your primary AD/DNS server.
    For saying that, could you please check the DNS name resolution and the Certificate Services.

    I had this issue in the past and I found after that the Certificate Services and the DNS.

    As a first step, query the DNS for a list of writable domain controllers in the domain.

    nltest /dnsgetdc:yourdomain.local /WRITABLE

    Next, reset the secure channel that is currently used

    nltest /sc_reset

    Finally, verify if the secure channel is now set up with a writable domain controller.

    nltest /sc_query:yourdomain.local

    Restart the Host and try again

     


    If this post is helpful, please mark it as such
    ________________________________________
    Alessandro Cardoso
    MVP | Microsoft Heroes | MCT
    blog: http://itaustralia.spaces.live.com
    http://cardosoalessandro.spaces.live.com
    Wednesday, August 18, 2010 10:59 PM
  • Done and no change.

    I tested with an old VM (created before this tip) and with a new one created after that.

    Still the error.

    Thursday, August 19, 2010 8:34 AM
  • Try to remove Hyper-V role and then enable it agian, I understand that you have cluster running.
    Monday, August 23, 2010 7:28 AM
  • Done but no change. Still certificate error.

    Cheers,

    Monday, August 23, 2010 9:42 AM
  • Hi Nicolas

    Can you post the errors that is showing in event log ( not only this error, but the error/warning ) before that.

     


    If this post is helpful, please mark it as such
    ________________________________________
    Alessandro Cardoso
    MVP | Microsoft Heroes | MCT
    blog: http://itaustralia.spaces.live.com
    http://cardosoalessandro.spaces.live.com
    Tuesday, August 24, 2010 3:53 AM
  • I got the same error. I solved it by removing a certificate from my Trusted Root Certificate Authorities container. The certificate is a self-signed cert generated by Remote Desktop Gateway service.
    Tuesday, March 15, 2011 3:43 PM
  • Environment: Windows 8.1 in an Active Directory Domain (2012R2) with MS Certficates Services support NAP/Health Registry, etc. 

    Error:  Attempts to start a Hyper-V VM on a machine generates the error message Error 0x80070490 trying to launch VM:
    "'vm_name' could not be initialize". "Could not initialize machine remoting system. Error 'Element not found'. (0x80070490). "Could not find a usable certificate. Error: 'Element not found'. (0x80070490)."

    Note: 

    VMM can manage other Hyper-V servers in environment from same machine, just not local machine.
    VMM on remote machine generates same error message when attempting to manage new VM machine
    Certificates - Service (Hyper-V Virtual Machine Management) on Local Computer shows 0 certificates under vmms\Personal

    Fixes Attempted and Failed except for #5!

    1) hotfix directly: Windows6.0-KB967902-x64.msu -> Failed: 0x80096002, Windows Update Standalone Installer.  The certificate for the signer of the message is invalid or not found.
    2) hotfix via pkgmgr: PkgMgr.exe has been deprecated. Please update scripts to use DISM.exe.  0x80070307
    3) Reset Certificates: 
     Start > Run > MMC
     Add the Certificates Snap-In
     Select Service Account
     Under the Select Account to Manager, select Hyper-V  Image Management Service
     Complete the Snap-In Wizard
     Expand the Certificates under Personal Category
     Notice the certificate generated has been created ‘for the future’ (assuming you’re suppose to revert the date & time to 2010, the certificate should display as invalid because it was created at 2013)
     Delete the Certificate(s)
     Go to the Services Console and Restart all Hyper-V Services
     Result: No certificate auto generated

    4) Uninstall / reinstall hyper-v service and management service addons from Windows features.  

    5) ‎did the following from http://technet.microsoft.com/en-us/library/ff935311(v=ws.10).aspx (WORKED!!! -> Note, their PS script has an error, add a dash(-) before the word recurse)
    reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Virtualization" /v "DisableSelfSignedCertificateGeneration" /f /t REG_QWORD /d 1
    24 ca 36 b5 bd 6d ef 7e eb aa a5 74 df e5 fd 41 ef ab 1c 29
    $certs = dir cert:\ -recurse | ? { $_.Thumbprint -eq "24ca36b5bd6def7eebaaa574dfe5fd41efab1c29" }
    $cert = @($certs)[0]
    $location = $cert.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName
    $folderlocation = gc env:ALLUSERSPROFILE
    $folderlocation = $folderlocation + "\Microsoft\Crypto\RSA\MachineKeys\"
    $filelocation = $folderlocation + $location
    icacls $filelocation /grant "*S-1-5-83-0:(R)"
    Friday, April 4, 2014 10:16 PM