none
Cannot connect to VM due to authentication cert being invalid?? RRS feed

  • Question

  • Hello,

    I am running Windows 2008 Datacenter with Hyper-V and have been working on two VM images.  One 2003, One Win2k..

    I have been connecting to them via the Hyper-V console while I build the OS's out.  I just tried to connect again and I now get this error and I am unable to get a console on either system:


    "Cannot connect to the virtual machine because the authentication certificate is expired or invalid.  Would you like to try connecting again..  "


    Any idea how to resolve this error??  Thanks
    Monday, October 13, 2008 6:41 PM

Answers

  • Hello,

     

    This problem may occur if the client machine' time is not synchronized with the time server. If you are in the Active Directory domain, the time server is the PDC.

     

    For example, if the client machine's time is 10:00 and the Hyper-V server's time is 11:00, the authentication certificate may be expired.

     

    You can firstly check if the client machine and the Hyper-V server are at the same time. If they don't match, try the following command on the client machine and on the Hyper-V server to see how it goes:

     

    Net time /setsntp:<PDC or other time server>

     

    Net stop w32time

     

    Net start w32time

     

    Best regards,

    Chang Yin
    • Marked as answer by Chang Yin Tuesday, October 21, 2008 2:02 AM
    Wednesday, October 15, 2008 12:04 PM

All replies

  • Hello,

     

    This problem may occur if the client machine' time is not synchronized with the time server. If you are in the Active Directory domain, the time server is the PDC.

     

    For example, if the client machine's time is 10:00 and the Hyper-V server's time is 11:00, the authentication certificate may be expired.

     

    You can firstly check if the client machine and the Hyper-V server are at the same time. If they don't match, try the following command on the client machine and on the Hyper-V server to see how it goes:

     

    Net time /setsntp:<PDC or other time server>

     

    Net stop w32time

     

    Net start w32time

     

    Best regards,

    Chang Yin
    • Marked as answer by Chang Yin Tuesday, October 21, 2008 2:02 AM
    Wednesday, October 15, 2008 12:04 PM
  • Rocha,

    Here is what you need to do, there is a certificate for the Hyper-V Virtual Machine Management service that has expired. By default the certificate is a self signed certificate and is only good for one year. Here is how to resolve it:

    1) Open Services.msc and go to the Hyper-V Virtual Machine Management service and stop the service.
    2) Next go to Start - Run and enter MMC - Ok
    3) In the MMC go to File - Add/Remove Snap-in, in the list of Available snap-ins select Certificates then Add.
    4) In the next window select Service Account and Next. In the Select Computer select the default of Local Computer then Next.
    5) Now under the Service Account drill down to the Hyper-V Virtual Machine Management and select it then Finish and OK.
    6) Now in the left hand pane expand Certificates, vmms\Personal and highlight Certificates. In the right hand pane double click on the certificate, should show the Issued To as the host machine name.
    7) On the General tab of the certificate at the bottom it should show Valid from and a starting and ending date. The problem is that the certificate has expired.
    8) Now close the window for the certificate and then in the right hand pane right click and select delete.
    9) Go back to the Services.msc and restart the Hyper-V Virtual Machine Management service.
    10) Back to the MMC console and refresh the Personal\Certificates and you should see a new one there. Double click on it and verify the new valid dates.
    11) To be able to access the VM's now you will either have to restart the VM or simply use the save state then start the VM back up.

    Hope this helps.

    Mark

    • Proposed as answer by Brian Borg Tuesday, February 17, 2009 4:09 AM
    Wednesday, February 11, 2009 9:21 PM
  • Renewing the certificate works superb!
    Thanks!
    fnilsen
    Monday, February 16, 2009 9:54 AM
  • Hi Mark,
    I'm have the same problem as Rocha, however my certificate is not expired. 
    I double checked the dates & times and they are within minutes of each other, so I don't think it's that.
    I'm also using windows server core edition, so i used the mmc and connected to the remote server and deleted the cert anyway (just to make sure) however when I try and connect to the vm again using the Hyper-V snap in I just keeping getting the same stupid error about the certificate.  Any Ideas here?

    Jed.

    Tuesday, February 17, 2009 10:12 PM
  •   To regenerate the self-signed server certificate, try stopping and re-starting the vmms service.  It should recognize that the certificate has expired (or is otherwise invalid) and generate a new one.
    This posting is provided "AS IS" with no warranties, and confers no rights.
    Thursday, February 19, 2009 9:24 PM
  • Solution works great thanks! Is there any way to generate the certificate so it doesn't expire?
    Thursday, October 15, 2009 1:19 PM
  • Mark

     I did the above steps but still it won't connect and still gives the same error about the certificate being invalid. 

     I verified and Cert was updated for the next year.  However, maybe where I dropped the ball was on the save - I went to file > Save and save Console 1 in Admin Tools is what popped up.

     Do you have any additional instruction you can provide.
    Wednesday, February 24, 2010 3:26 PM
  • you did not have to save the console,

    what is important that you restart the guest vm. it should work fine then.

    regards.

    Thursday, April 8, 2010 3:04 PM