Hello,
We are currently having some issues getting hyper-v with system center up and running. The issue is when a user try's to connect to the vm's console from either system center or app controller. When the console screen comes up the message "Your Credentials did not work: Your system administrator does not allow the use of default credentials to log on to the remote computer SUNBL00-HV00.vcenter.emcc because its identity is not fully verified. Please enter new credentials".
How the root CA certificate exists on all servers and workstations and has the appropriate properities and values set on the certificate for both the ca and machines. I have imported the certificate into various places but according to one document it should go in the personal location under the computer account and a registry value set with the thumb print under Local Machine > Software > Microsoft > Windows NT > Virtualization and AuthCertificateHash. That has been done and the permissions have been set to allow "Virtual Machines" to read..
There seems to be many posts about this but with none with any resolutions that I have found to work.
So I guess here is what I am after, I would like to be able to access the console of a vm from Failover Cluster Manager/Hyper-V Manager (I can do that now) and I would like to be able to have people access the console's of VM from either system center or app controller (after logging in) without having to have an additional account defined on the hyper-v hosts as that is simply not an option.
Here is the script from on of the other posts that I used to set the reg key and cert permissions as outlined in a MS article.
$fprint = Read-Host 'Enter fingerprint: '
$certs = dir cert:\ -recurse | ? { $_.Thumbprint -eq $fprint.Replace(" ", "") }
$cert = @($certs)[0]
$location = $cert.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName
$folderlocation = gc env:ALLUSERSPROFILE
$folderlocation = $folderlocation + "\Microsoft\Crypto\RSA\MachineKeys\"
$filelocation = $folderlocation + $location
icacls $filelocation /grant "*S-1-5-83-0:(R)"
$thumbprint = $cert.Thumbprint
reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Virtualization" /v "AuthCertificateHash" /f /t REG_BINARY /d $thumbprint
net stop vmms
net start vmms
If anyone has managed to get management working in both hyper-v/failover cluster and system center/app controller I would appreciate any insight on this.
The OS's on the Hypver-V/System Center/Domain Controllers are all windows 2012 with all current updates, system center is 2012 sp1 with all current updates applied.
Thanks
Jeremy