Monday, January 5, 2015

Manage non-domain Hyper-V servers (Windows Server 2016 Technical Preview) by Hyper-V Manager

As one of my previous posts, I talked about Hyper-V Manager improvements in Windows Server Technical Preview (vNext). In Windows Server 2016 (Technical Preview), we can use "CredSSP" with NTLM authentication with different credentials to manage non-domain Windows Server 2016 (Technical Preview) with Hyper-V, Hyper-V Server Technical Preview or Windows 10 with Technical Preview. I'm going to try to manage Hyper-V servers in non-domain environment.

This lab is based on Windows Server 2016 (Technical Preview).

Lab environment
  • 1 server is installed Windows Server Technical Preview with Hyper-V management tools which is named vNext
  • 1 server is installed Hyper-V Server Technical Preview which is named HV05
  • Both servers with different local administrator password
Goal
Use the Hyper-V Manager of "vNext" to manage the Hyper-V Server, HV05.


High level steps
  • Enable "Remote Management" on HV05
  • Enable "WSManCredSSP" server role on HV05
  • Update the host file on vNext
  • Configure the local group policy on vNext
Steps
1. On HV05, log in as Administrator.
2. By default, "Remote Management" is disabled on Hyper-V Server Technical Preview.


We can enable "Remote Management" on sconfig of Hyper-V server or perform PowerShell cmdlet, Enable-PSRemoting to enable.


3. Perform "Enable-WSManCredSSP -Role Server -Force" on PowerShell console of HV05.


4. Go to vNext, log in as Administrator.
5. Add the host name, HV05, and IP address into Hosts" file as administrator.


6. Save and exit the file.
7. Launch "Local Group Policy Editor" by performing gpedit.msc on Start menu.
8. Navigate to "Computer Configuration > Administrative Templates > System > Credentials Delegation" and then modify "Allow delegating fresh credentials with NTLM-only server authentication".


9. Select "Enable" on on both policies and then click "Show".


10. Under "Value", enter "WSMAN/HV05".


Remark: To manage multi Hyper-V servers, we can insert "WSMAN/*" under "Value".

11. Click "OK" twice and close Local Group Policy Editor.
12. Launch "Hyper-V Manager", try to connect to "HV05" with "Connect as another user" option.


13. Click "Yes" to enable the delegation.


As a result, we can manage the Hyper-V hosts, HV05, with a different credential in non-domain environment.



In Windows Server Technical Preview, we cannot manage the previous versions of Hyper-V servers like Windows Server 2012 and R2 in non-domain environment.


There is a problem in down-level management in the Hyper-V manager of Windows Server Technical Preview.

This posting is provided “AS IS” with no warranties, and confers no rights!

4 comments:

  1. I was having problems connecting to a domain joined hyperv server and all I had to do was the GPO piece. Thank you so much!

    ReplyDelete
    Replies
    1. Can you provide more details of your problem like OS, environment and so on?

      Delete
  2. There was an update on the last preview (4) that made the error more clear for down-level management, simply saying that older versions are not supported to be managed. Which is unfortunate, I was hoping down-level management would become possible in newer versions

    ReplyDelete
    Replies
    1. Thank you for your comment. This article is based on the first preview of Windows Server 2016. I will perform and update this on the Windows Server 2016 RTM version.

      Delete