Menu Close
0 Comments

Manage Hyper-V Server 2016 in a workgroup using Windows 10 Hyper-V Manager

Here is an end-to-end guide for using Windows 10 Hyper-V Manager to manage Hyper-V Server 2016 in a workgroup.

NOTE: Windows 10 Professional or Enterprise or Education edition will be needed. Windows 10 Home edition cannot be used as it does not contain the Hyper-V Manager option.

These steps have been used successfully to manage multiple installations of Hyper-V. If you’ve followed some other WWW instructions and your configuration is not working, or is flaky, then do a fresh install of Hyper-V Server before following these steps.

Tested with Hyper-V Server 2016, and Windows 10 Pro Build 1607 (Anniversary Edition) , Build 1703 (Creator’s Edition), and Build 1709 (Fall Creator’s Edition).

Assumptions:

  1. The Hyper-V server and the Windows 10 computer are on the same LAN and in the same IP subnet and in the  same VLAN (if such exists).
  2. The server and workstation are in the same DNS domain.

So, start with a simple configuration. You can move things around after you’ve gotten it working.

Note: If DNS is not yet setup, then add the Hyper-V hostname to the hosts file on the Windows 10 computer — it’ll make things significantly easier.

Lets begin the process:

NOTE: references to “domain” in the subsequent steps of this article refer to DNS domain, not Active Directory Domain.
Remember, Hyper-V is being setup in a workgroup, i.e., not associated with any Active Directory domain.
For this article, my DNS domain is “fshome.local”. My Hyper-v server will be “hyperv2”

If starting with a fresh install of Hyper-V Server 2016, here’s the typical screen after the install:

If you configure in the following order, the necessary reboots will be at the end of the process…

7) Remote Desktop – enabled. Select the choice of authentication as applicable to you. I used option 2) Allow clients running any version of Remote Desktop (less secure)

3) Add Local Administrator
NOTE: the local administrator user name/password is significant as it will be used later in the management processBTW, this password is valid for 42 days by default but we’ll fix that in Part 1, Step 2 of this article.

4) Configure Remote Management – leave Enabled
Configure Server Response to Ping – Yes

5) Windows Update Settings – set to your perference

8) Network Settings — will be easier if set to a Static IP

9) Date and Time — set as appropriate for your location

10) Telemetry Settings — set to your preference

1) Domain/Workgroup — leave it as WORKGROUP or change to your Workgroup name

2) Computer Name — will require server reboot
Note: the computer name can be just a hostname, e.g., “hyperv2”. It does not need to be a FQDN, e.g., “hyperv2.fshome.local

6) Download and Install Updates – will require server reboot

We’re now done with the fresh install configuration.


Part 1: Hyper-V Server Configuration

After the post intallation setup and rebooting here is what it looks like:

hv_step1

Now select the command prompt window – it’s hidden behind the blue window.

Step 1: disable the Hyper-V built-in firewall. You’re behind your firewall/router so doing this is OK, don’t worry. However, I would not do this in a production network. See at the bottom of this page for more specific Firewall settings. in fact i did not do this at all on my production server and it worked just fine for connecting the manager. Did not work for ping or RDP . Enter the following:

netsh advfirewall set allprofiles state off

Step 2: disable the password age out. By default, the Local Administrator users’ password is valid for 42 days. You don’t want to get locked out of your Hyper-V server if using RDP. So enter:

net accounts /maxpwage:unlimited

Verify the new value is set

net accounts
hv_step3

Step 3: allow PowerShell Remoting.

At the C:\ command prompt type powershell. Once PowerShell is running, enter the following:

enable-psremoting

That is it. The three steps are *ALL* that are required on the Hyper-V server side.

NOTE: Step 3 is not needed on Hyper-V Server 2016. It is enabled by default (Option # 4 in the Hyper-V server configuration screen).

Here is a summary of the three steps:

Part 2: Windows 10 Configuration

Let’s now move over to to the Windows 10 computer.

Verify we can reach the Hyper-V server by pinging it by its hostname.

ping hyperv2

If ping is not successful, you’ll need to troubleshoot and fix before moving on.

Step 4: Install the Hyper-V Manager

hv_turn_windows_feature_on_off

After the Hyper-V manager install has completed, start PowerShell with  “Run As Administrator“.

Step 5: set the network connection profile – we have to change to PRIVATE

Set-NetConnectionProfile -NetworkCategory private

Step 6: verify the net-connectionprofile new settings

Get-NetConnectionProfile

hv_step6

Step 7: setup remote management.

Set-WSManQuickConfig

hv_step7

Step 8: enable a trusted host. In this case the trusted host will be the Hyper-V server

Set-Item WSMan:\localhost\Client\TrustedHosts -Value “hyperv2.fshome.local

Or, if there are multiple trusted hosts in the same DNS domain you can do it this way by using the * as the hostname wildcard

Set-Item WSMan:\localhost\Client\TrustedHosts -Value *.fshome.local

Or, if there are multiple hosts in any domain, then use the * modifier globally as shown

Set-Item WSMan:\localhost\Client\TrustedHosts -Value *

Step 9: Now let’s check to make sure the trusted host is correct

Get-Item WSMan:\localhost\Client\TrustedHosts

hv_step9

Step 10: Add the alternate user credentials (aka, the Local Administrator) configured in Step 3 of the fresh install of Hyper-V.

In my network I have multiple Hyper-V servers, and the Trusted Hosts is set as “*.fshome.local”, so the user is added for each Hyper-V server in my network like so:

cmdkey /add:hyperv /user:sysadmin /pass:PaSsWoRd

cmdkey /add:hyperv2 /user:sysadmin /pass:PaSsWoRd

cmdkey /add:hyperv3 /user:sysadmin /pass:PaSsWoRd

If there was a different user and password for each Hyper-V server, we would adjust the above to reflect that. In my case, the user and password are the same across all my Hyper-V servers to keep things sane.

*Note: let’s say you did not have DNS setup, nor your …\drivers\etc\hosts file, then this is how you’d setup cmdkey using IP addressing

cmdkey /add:192.168.1.111 /user:sysadmin /pass:PaSsWoRd

And, every step in this article where there is reference to the Hyper-V server name you would replace with the IP address.

When you go to add the Hyper-V server in the Hyper-V Manager, you’d also add it by IP address

hv_step10a

Step 11: Allow the user credentials  (configured in the above cmdkey) on this computer (Windows 10) to be sent to the remote computer (the Hyper-V server):
(note: the entries are all on one line even though WordPress shows multiple lines)

Enable-WSManCredSSP -Role client -DelegateComputer “hyperv.fshome.local

Now the command will only allow one computer, hyperv.fshome.local. So, to allow the user credentials to be sent to another remote computer we add the other computer’s name:

Enable-WSManCredSSP -Role client -DelegateComputer “hyperv2.fshome.local

Or, we can configure multiple computers at one time

Enable-WSManCredSSP -Role “Client” -DelegateComputer “hyperv.fshome.local”, “hyperv2.fshome.local”, “hyperv3.fshome.local

Or, to allow the users credentials on this computer to be sent to any Hyper-V host in the same DNS domain, we can just use the hostname wild card:

Enable-WSManCredSSP -Role client -DelegateComputer “*.fshome.local

Or, to allow the users credentials on this computer to be sent to any Hyper-V host in any DNS domain, we can just use the host and domain wild card:

Enable-WSManCredSSP -Role client -DelegateComputer “*”

Tip: for Managed Service Providers deploying Hyper-V, the above method is useful if you carry one laptop that is used on-site for all your customers – each being their unique DNS domains. Of course, you’d want to set one universal local admin user/password across all your customers for sake of making this useful.

Step 12: now let’s verify the WSManCredSSP configuration

Get-WSManCredSSP

hv_step12_2

Now, if there was a mistake that was made, or a need to reconfigure, or to start over from scratch, or just to experiment, whatever, the WSManCredSSP configuration can be cleared by doing the following and restarting from Step 11

Disable-WSManCredSSP -Role Client

Step 13: allow COM Security anonymous login remote access. While still in PowerShell, type the following:

dcomcnfg

double-click on the Computers folder

right-click on the My Computer icon

click on COM Security

in the Access Permissions section of the window, click Edit Limits…

 Select ANONYMOUS LOGON
 Check the box for Remote Access
 Click OK

Close the dcomcnfg window.

That is it. The Window 10 configuration steps are complete. You are done!

At this point you should be able to launch the Windows 10 Hyper-V Manager and successfully connect and add the Hyper-V server(s) to the manager.

hv_success

Most of the above taken from https://theserverplaypen.wordpress.com/2018/01/23/manage-hyper-v-server-2012r22016-in-a-workgroup-with-windows-10-hyper-v-manager-in-13-simple-steps

Remote Desktop Hyper-V Server 2016 

uptop we enabled  Remote Desktop – enabled. Select the choice of authentication as applicable to you. I used option 2) Allow clients running any version of Remote Desktop (less secure)
Enabling Remote Desktop using the prompts on #7 of the option screen might make one think that it is therefore possible to connect immediately via an RDP client. Due to a Microsoft security setting, this does not work
This is because the network interface is set to public, yep public for a server. This does not allow RDP. To fix do the bellow in windows Powershell on the HyperV server…

  • Use Get-NetConnectionProfile to find the InterfaceIndex #X
  • Set-NetConnectionProfile -InterfaceIndex X -NetworkCategory Private
  • Verify using Get-NetConnectionProfile again

Hyper-V Server 2012 R2 Set Network from Public to Private

Enable File and Print Sharing Hyper-V Server 2016 

If you have Windows server 2012/16 Core or Hyper-V 2012/16 server you can face problems where you want to open admin shares on server. If you type \\servername\”share”$ you will receive error message that you can’t reach this share.

This is because File and Printer sharing is disabled by default in Windows Server 2012/16 and in Hyper-V Core 2012/16. To enable File and Printer Sharing in command prompt you must type:

netsh advfirewall firewall set rule group=”File and Printer Sharing” new enable=Yes

After this you will be able to reach admin shares.

Leave a Reply

Your email address will not be published. Required fields are marked *