locked
Can't connect Server 2016/Win10 Hyper-V Manager to existing 2012R2 Hyper-V servers RRS feed

  • Question

  • I have an existing Domain environment of Server 2012R2 Hyper-V with constrained delegation.  Everything communicates, remotely supports, live migration, etc. without issue.

    Setting up first Server 2016 Hyper-V server and I can't connect it to my existing 2012R2 servers in Hyper-V manager.  I also can't connect my Windows 10 computer to the 2012R2 servers (same error message)

    Yet I can connect my 2012R2 Hyper-V servers to the 2016 server without issue and can manage it remotely.

    I can connect Server Manager to any of the servers w/out issue as well (in either direction).  I've rebuilt the 2016 server twice now but I'm just missing something that I can't put my finger or Google on.  

    Member of both local Admin and Hyper-V Administrators, not a firewall issue as I've disabled it.  Network is on Domain so no connectivity issues there.  I've removed the Hyper-V Role and re-added w/out resolution.  I've moved the server out of the OU that has my GPOs for member servers.

    Is there a service that I might have disabled that I need for Hyper-V Manager?  I've disabled a lot of services per Microsoft guidance that are safe to disable.

    When I look at the installed Roles/Features, one difference I see is on 2012R2, File Server is installed, where on the 2016 it is not.  Otherwise, they are identical on what is installed.

    I do get the following event 10154 that I just can't seem to fix.  

    I've added the Validated write to service principle name rights to NETWORK SERVICE but for some reason I still get that error at reboot.  

    This is also where I noticed that in ADSI, when looking at the container for my Hyper-V servers, my 2012R2 servers both have a container w/in the server name that says Microsoft Hyper-V, yet my 2016 server's container does not

    One other EventID I can't seem to shake - 20406

    when I run netstat -a, I do see that the server is in fact listening on port 6600

    I've seen the suggested fix that entails the MOFCOMP command.  I've already tried this once on one of my 2012R2 Hyper-V servers and on the first build of my 2016 Hyper-V server.  Both times, it destroys the server in that all boot items are gone and removed from each and every existing/subsequent VM.  I'd rather not have to do this on my other production 2012R2 servers as that would entail too much downtime. I also tested Live Migration and was able to move a VM w/out issue from 2012R2 to 2016 (from the 2012R2 Hyper-V Manager).  However, when I try to move the VM back over to the 2012R2 server (using the 2016 Hyper-V Manager) I get the same error message as rec'd in the OP

    Yet, from the 2012R2 server itself, I can move it back w/out issue:

    Tuesday, April 10, 2018 3:54 PM

Answers

  • The solution to the original problem of this thread is indeed the MOFCOMP command as you indicated originally.

    However, one must then remove/re-add the Hyper-V role to fix the problem that the MOFCOMP command causes on the server where all boot items are removed from VMs and new VMs will not boot. 

    Since I'm rebuilding my 2012R2 Hyper-V servers to 2016 anyway, and I don't want to have to remove/re-add Hyper-V role to fix MOFCOMP, I'm not going to worry about this since nothing is inherently wrong with the 2016 server as you stated and from my testing.

    Event ID 10154 - finally figured out how to get this to go away.  In addition to adding the "Validated write to service principle name" rights to NETWORK SERVICE, one must also change the WinRM service to "Automatic (Delayed Start)".  I no longer see 10154 in Event Viewer.

    Event ID 20406 - this is logged at reboot and reboot only...don't know why this shows up for VM migration when nothing is being done for migration except for possibly due to the OS being much faster than the network, which is why the secondary solution to the WinRM error was to delay it's start...assuming  this only ever shows up at reboot, we can safely ignore this message.

    ADSI and the CN=Microsoft Hyper-V container missing - Don't understand this, but I just rebuilt one of my 2012R2 Hyper-V to 2016 Hyper-V and the container shows up for it...but still not for the initial 2016 Hyper-V server...???

    thanks for following up Frank.  Any thoughts on the ADSI weirdness? 


    • Marked as answer by lavee45 Friday, April 20, 2018 3:46 PM
    • Edited by lavee45 Friday, April 20, 2018 3:49 PM
    Friday, April 20, 2018 3:09 PM

All replies

  • Hi,
    Based on the complexity and the specific situation, we need do more researches. If we have any updates or any thoughts about this issue, we will keep you posted as soon as possible. Your kind understanding is appreciated. If you have further information during this period, you could post it on the forum, which help us understand and analyze this issue comprehensively.
    Sorry for the inconvenience and thank you for your understanding and patience.
    Best Regards,

    Frank

    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, April 11, 2018 9:23 AM
  • Still nothing.  I completely rebuilt the server again.

    I'm using the 2016 ISO which I believe is the latest version (non-1709):  SW_DVD9_Win_Server_STD_CORE_2016_64Bit_English_-4_DC_STD_MLF_X21-70526.ISO

    I rebuilt the server, this time making sure I didn't run any of my customization scripts.  I completely deleted the computer from the domain this time too.

    This build was strictly a rebuild, change necessary settings on NICs, place in teams, add to domain, install Hyper-V role, uninstall Windows Defender feature, add server name to GPO for Creating Symbolic Links, add "cifs" and "Microsoft Virtual System Migration Service" in Delegation tab of all Hyper-V servers (and update existing servers with the new server), ADSI edit server container giving NETWORK SERVICE allow rights to "Validated write to service principal name", move to OU that has GPOs, create the virtual switches, finalize Hyper-V settings...

    I then tried to add the 2012R2 server to Hyper-V manager and still same thing.

    I'm also still getting those two EventIDs - 10154 and 20406...which the ADSI edit should have resolved the 10154 error...why it still shows up is beyond me.

    Also, while I was in ADSI, the 2016 server container still does not include a sub container called "CN=Microsoft Hyper-V" like my other 2012R2 Hyper-V servers (see picture from original post)...don't know if 2016 needs this or not.  Prior to this latest rebuild I did add the missing container and tested to no avail (using info from here:  https://serverfault.com/questions/824419/hyper-v-serviceconnectionpoint-missing )

    I'm at a loss...based on that error message when I'm connecting Hyper-V Manager...there has to be some security setting somewhere that I'm missing that is required for Server 2016 to communicate with 2012R2 Hyper-V Manager...


    • Edited by lavee45 Wednesday, April 11, 2018 10:21 PM
    Wednesday, April 11, 2018 10:17 PM
  • Hi ,


    Thank you very much for your detailed information.

    From the description of the problem, it seems that the problem caused by the corrupted MOF file, WindowsVirtualization.V2.mof, in the Hyper-V server.

    To narrow down the problem, please perform those actions below.

    -------------------------------

    1. Open CMD with “run as administrator”.
    2. Run the command:MOFCOMP %SYSTEMROOT%\System32\WindowsVirtualization.V2.mof to repair the MOF file.
    3. we need to restart the VMMS Service in order to make changes effective. This can also be done from the same command prompt. Run following commands to stop and start the service:

    ------------------

    Net stop vmms

    Net start vmms

    If there is any question, please feel free to let me know.


    Best Regards,

    Frank


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    • Proposed as answer by Jay Gu Monday, April 23, 2018 5:04 AM
    Thursday, April 12, 2018 9:45 AM
  • As stated earlier, this command doesn't work as well as it rips out the boot files for any and all VMs.

    So just to show, I ran your command:

    and it still doesn't connect to my 2012R2 server:

    also, as stated previously it rips out all boot entries for my VMs, new or existing:

    Thursday, April 12, 2018 3:31 PM
  • "Setting up first Server 2016 Hyper-V server and I can't connect it to my existing 2012R2 servers in Hyper-V manager."

    That's because it is not supported to manage a 2016 Hyper-V environment from a 2012 R2 Hyper-V management console.  See https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/manage/remotely-manage-hyper-v-hosts for the combinations that work.

    Hyper-V Manager version Hyper-V host version
    Windows 2016, Windows 10 - Windows Server 2016—all editions and installation options, including Nano Server, and corresponding version of Hyper-V Server
    - Windows Server 2012 R2—all editions and installation options, and corresponding version of Hyper-V Server
    - Windows Server 2012—all editions and installation options, and corresponding version of Hyper-V Server
    - Windows 10
    - Windows 8.1
    Windows Server 2012 R2, Windows 8.1

    - Windows Server 2012 R2—all editions and installation options, and corresponding version of Hyper-V Server
    - Windows Server 2012—all editions and installation options, and corresponding version of Hyper-V Server
    - Windows 8.1


    tim


    Friday, April 13, 2018 1:12 PM
  • "Setting up first Server 2016 Hyper-V server and I can't connect it to my existing 2012R2 servers in Hyper-V manager."

    That's because it is not supported to manage a 2016 Hyper-V environment from a 2012 R2 Hyper-V management console.  See https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/manage/remotely-manage-hyper-v-hosts for the combinations that work.

    Hyper-V Manager version Hyper-V host version
    Windows 2016, Windows 10 - Windows Server 2016—all editions and installation options, including Nano Server, and corresponding version of Hyper-V Server
    - Windows Server 2012 R2—all editions and installation options, and corresponding version of Hyper-V Server
    - Windows Server 2012—all editions and installation options, and corresponding version of Hyper-V Server
    - Windows 10
    - Windows 8.1
    Windows Server 2012 R2, Windows 8.1

    - Windows Server 2012 R2—all editions and installation options, and corresponding version of Hyper-V Server
    - Windows Server 2012—all editions and installation options, and corresponding version of Hyper-V Server
    - Windows 8.1


    tim


    Tim...

    Thanks for the reply...but please see my original and subsequent posts...that is not the issue.

    Maybe I wasn't clear...but I CAN'T connect TO 2012R2 FROM my 2016 server or from my Windows 10 computer...yet I have NO issues with connecting TO 2016 FROM my 2012R2 server...

    Please let me know what is missing on this.  I could accept if it was upstream connectivity issues, but this is strictly a downstream connectivity issue and should not be the case.

    I've rebuilt the 2016 server 4-5 times now all with differing build processes and I still can't connect to my 2012R2 servers.  But each and every time, there is no issue with connecting TO my 2016 FROM my 2012R2 servers...there has to be some permission somewhere (based off the error message I get) that is not allowing 2016 Hyper-V Manager to connect to 2012R2 Hyper-V Manager...

    Friday, April 13, 2018 2:52 PM
  • I really think it's because the "Microsoft Hyper-V" container is missing in ADSI...I don't know...I'm at a loss and grabbing at straws...5 rebuilds and nothing.  I guess it's time to use the older ISO and see if that fixes it...but if it's the missing Microsoft Hyper-V on the computer object...or some missing permission(s), then no amount of ISO/rebuilds is going to fix it until I find out what permission is missing so the computer object can be updated with a sub container with "Microsoft Hyper-V"...if that's even the issue...but it's weird that all my 2012R2 servers in AD have the sub-container that states "CN=Microsoft Hyper-V" yet the 2016 server does not.  Even going in and adding the sub container manually doesn't seem to work...

    Does anyone else have a Server 2016 Hyper-V server that can check ADSI to see if they have that container under the server container?  See the pic in the original post...

    oh...and the older ISO I have is:  SW_DVD9_Win_Svr_STD_Core_and_DataCtr_Core_2016_64Bit_English_-3_MLF_X21-30350.ISO

    Sorry if I seem short/curt...but 2 weeks of rebuilding and google searching has lead to nothing and I've got to get this brand new server into production so I can start the process of rebuilding my 2012R2 servers into 2016 and I don't feel confident in 2016 until it can connect w/out issue to my existing 2012R2 servers.


    • Edited by lavee45 Friday, April 13, 2018 3:38 PM
    Friday, April 13, 2018 3:06 PM
  • Hi,

    May I know which Hyper-V host we run the command to repair?

    We need run those command on the Hyper-V host, which we are trying to connect.

    Best Regards,

    Frank


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, April 16, 2018 9:51 AM
  • Thanks for the reply Frank.

    I've ran that command on both my 2012R2 and 2016 servers and both give me the same result which is all boot items removed from all existing/future VMs (sorry I don't have a screenshot of my 2012R2):

    The only resolution to that added issue is to remove the Hyper-V role and then re-add the role to get boot entries back and set everything back up.  I was able to test that on my 2 servers only because one is no longer in production and this new server since it hasn't been placed into production yet.  I'm trying to avoid from having to run this command on my 2 other production 2012R2 servers.

    But...having said that...am I to understand that there isn't anything "wrong" with the 2016/Win10 systems?  Because if that's the case, then I'll simply finish the new server, place it into production...move everything over using my 2012R2 server, then rebuild it to 2016 and everything should be good-to-go correct? 

    That's the reason I'm trying to figure this out, because I don't like putting anything into production if I don't have the warm-and-fuzzies about the server!  :D  And not being able to connect Hyper-V Manager doesn't give me warm-and-fuzzies.

    Monday, April 16, 2018 2:52 PM
  • Hi,

    I noticed that the boot items gone after run the command on Hyper-V host. May I know did we have the problem last time?

    am I to understand that there isn't anything "wrong" with the 2016/Win10 systems?  Because if that's the case, then I'll simply finish the new server, place it into production...move everything over using my 2012R2 server, then rebuild it to 2016 and everything should be good-to-go correct? 

    >>>From the description above, I believe out Windows Server 2016 and Windows 10 should be OK.

    Best Regards,

    Frank


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, April 17, 2018 9:27 AM
  • The boot items being removed happens every single time...regardless the version OS.  It happened on both my 2012R2 and 2016 servers.  The MOFCOMP command totally removes it and all new VMs won't boot. 

    That's why I'm trying to find an alternative solution to the MOFCOMP command to resolve my inability to connect my 2016/Win10 Hyper-V managers to any of my 2012R2 Hyper-V servers...I have a total of 3 2012R2 Hyper-V servers...yet all 3 of my 2012R2 servers have no issue with connecting to my 2016 Hyper-V...

    I just don't have the time to take 3 production Hyper-V servers down to fix the issue the MOFCOMP command causes since it requires the removal/re-add of the Hyper-V role...especially if I'm just going to be rebuilding them to 2016.  I just want to make 100% certain that there isn't anything wrong with the 2016 server before moving forward.  If the issue is strictly with the 2012R2 servers or there is no permissions issue, then I'll move forward.


    • Edited by lavee45 Tuesday, April 17, 2018 3:49 PM
    Tuesday, April 17, 2018 2:56 PM
  • I'm still curious about the ADSI container missing and my 2 EventID issues I can't seem to get rid of on the 2016 server...

    Does 2016 Hyper-V no longer create the sub container "CN=Microsoft Hyper-V" like all of my 2012R2 Hyper-V servers have?

    And my 2 Events that won't go away:

    Tuesday, April 17, 2018 3:01 PM
  • Anyone have any thoughts on my above?  CN=Microsoft Hyper-V and the two Event IDs?
    Wednesday, April 18, 2018 2:54 PM
  • Hi,

    For the event ID 10154, we can manually create SPNs using Setspn.exe tool. For how to create it, we could open a new case in AD DS forum.

    For the event ID 20406, it indicate the VM migration. It should not relate with the current problem.

    Best Regards,

    Frank


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, April 20, 2018 10:12 AM
  • The solution to the original problem of this thread is indeed the MOFCOMP command as you indicated originally.

    However, one must then remove/re-add the Hyper-V role to fix the problem that the MOFCOMP command causes on the server where all boot items are removed from VMs and new VMs will not boot. 

    Since I'm rebuilding my 2012R2 Hyper-V servers to 2016 anyway, and I don't want to have to remove/re-add Hyper-V role to fix MOFCOMP, I'm not going to worry about this since nothing is inherently wrong with the 2016 server as you stated and from my testing.

    Event ID 10154 - finally figured out how to get this to go away.  In addition to adding the "Validated write to service principle name" rights to NETWORK SERVICE, one must also change the WinRM service to "Automatic (Delayed Start)".  I no longer see 10154 in Event Viewer.

    Event ID 20406 - this is logged at reboot and reboot only...don't know why this shows up for VM migration when nothing is being done for migration except for possibly due to the OS being much faster than the network, which is why the secondary solution to the WinRM error was to delay it's start...assuming  this only ever shows up at reboot, we can safely ignore this message.

    ADSI and the CN=Microsoft Hyper-V container missing - Don't understand this, but I just rebuilt one of my 2012R2 Hyper-V to 2016 Hyper-V and the container shows up for it...but still not for the initial 2016 Hyper-V server...???

    thanks for following up Frank.  Any thoughts on the ADSI weirdness? 


    • Marked as answer by lavee45 Friday, April 20, 2018 3:46 PM
    • Edited by lavee45 Friday, April 20, 2018 3:49 PM
    Friday, April 20, 2018 3:09 PM
  • Worked perfectly for me, TY!
    Friday, August 10, 2018 12:32 PM
  • Thanks!   I had the same problem, and this saved my day.
    Tuesday, September 4, 2018 8:35 PM
  • Hi,

    I actually had the same error a few days ago while trying to connect from Windows 10 Hyper-V manager to Hyper-V server 2016.
    I found the solution which required 2 PowerShell commands on the server side and 2 commands and GPO edit on the windows 10 side. i made easy and short step by step video that i hope will help for future users.

    https://youtu.be/nlPbBIAb9JY

    Hope it helps

    Adi
    Wednesday, June 5, 2019 9:30 AM