VMM - Host not responding

Catherine_299 1 Reputation point
2021-09-02T04:15:20.727+00:00

Issues with System Centre 2019 Virtual Machine Manager – All showing Host Not Responding

Background – The guy who initially set this up left the company in Jul 2021. Several days after he left all servers added to VMM status’ changed to Host Not Responding. All the servers are up and running as per normal. I could be missing something very simple like the guys credentials have been saved somewhere within the program/setup but can not find them. I have gone through VMM and completed the following actions -

Selected a server -
The only options available are
Refresh
Repair
Connect or View – View Networking
Delete
Properties

Select Refresh – Status Failed with the following errors –

Error (20406)
VMM could not enumerate instances of class Msvm_VirtualSystemManagementService on the server CBRVS2019.dir.svc.accenture.com. Failed with error HRESULT 0x80070005 The WinRM client cannot process the request. The authentication mechanism requested by the client is not supported by the server or unencrypted traffic is disabled in the service configuration. Verify the unencrypted traffic setting in the service configuration or specify one of the authentication mechanisms supported by the server. To use Kerberos, specify the computer name as the remote destination. Also verify that the client computer and the destination computer are joined to a domain. To use Basic, specify the computer name as the remote destination, specify Basic authentication and provide user name and password. Possible authentication mechanisms reported by server: Negotiate Kerberos

Recommended Action
Ensure the provider is running, and then try the operation again.

Checked all passwords associated were correct – reset passwords and added them where required – no change

VMM – Run As Account
SCOM Action Accounts – APPID password, Data Warehouse Report Deployment Account, SQL Reporting services in the Service Account, Database and Execution Account. VMM – Run as Account for this APPID

Ran the following PS script as an Administrator –

winrm set winrm/config/client/auth '@{Basic="true"}'

Results -

PS C:\> winrm set winrm/config/client/auth '@{Basic="true"}'
Auth
Basic = true
Digest = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = false

Client computer and destination computer are both joined to the same domain

Provide is running.

I tried removing and adding a server back in, options chosen as adding the server –

Resource Location - Windows Server computers in a trusted Active Directory domain
Credentials – Use an existing Run as Account – chose the same Run As Account that is used for all my other servers
Specify Windows Server computers by name – entered the Server name
Chose the server once it appeared
Host Group – chose the appropriate city host group
Confirmed the settings

Status - Failed

Error (20552)
VMM does not have appropriate permissions to access the resource 'C:\windows\system32\vmms.exe' on the pervs2019.dir.svc.accenture.com server.

Recommended Action
Ensure that Virtual Machine Manager has the appropriate rights to perform this action.

Also, verify that CredSSP authentication is currently enabled on the service configuration of the target computer pervs2019.dir.svc.accenture.com. To enable the CredSSP on the service configuration of the target computer, run the following command from an elevated command line: winrm set winrm/config/service/auth @{CredSSP="true"}

Warning (10444)
The VMM management server was unable to impersonate the supplied credentials.

Recommended Action
To add a host in a disjointed domain namespace, ensure that the credentials are valid and of a domain account. In addition, the SCVMMService must run as the local system account or a domain account with sufficient privileges to be able to impersonate other users.

Ran the elevated command –

C:\>winrm set winrm/config/service/auth @{CredSSP="true"}
WSManFault
Message
ProviderFault
WSManFault
Message = The config setting CredSSP cannot be changed because is controlled by policies. The policy would need to be set to "Not Configured" in order to change the config setting.

Error number: -2144108406 0x8033808A
Cannot change GPO controlled setting.
C:\>

Changed the Group Policy to enable CredSSP and double checked the Run As Account is an Administrator on the target server – tried re-adding the server – same results

Have also checked with the network team on the firewall rules – nothing is being blocked

System Center Virtual Machine Manager
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Nitesh Pal 1 Reputation point Microsoft Employee
    2021-10-07T06:08:43.393+00:00

    Error (20406)
    VMM could not enumerate instances of class Msvm_VirtualSystemManagementService on the server CBS2019.xyz.com. Failed with error HRESULT 0x80070005 The WinRM client cannot process the request. The authentication mechanism requested by the client is not supported by the server or unencrypted traffic is disabled in the service configuration. Verify the unencrypted traffic setting in the service configuration or specify one of the authentication mechanisms supported by the server. To use Kerberos, specify the computer name as the remote destination. Also verify that the client computer and the destination computer are joined to a domain. To use Basic, specify the computer name as the remote destination, specify Basic authentication and provide user name and password. Possible authentication mechanisms reported by server: Negotiate Kerberos

    Use the RunAs account that has administrator access on the Hyper-V host. VMM will use this RunAs account to execute any future administrative operations. You might choose a RunAs account that does not have admin rights (in the local administrator’s group) on the Hyper-V host, or the RunAs account entered in VMM might have the wrong password.

    • We communicate to the hyper-v host using WinRM and It might be disabled on the Hyper-V server. It seems like you enabled GPO's for credssp or WinRM. I will suggest you to move this hyper-V host to default OU(Where no policies are applied) and see the behaviour.
      • You can check the communication using below

    Run this from VMM server to querry hyper-V host.

    Winrm id -remote:http://hyper-V-Host-**FQDN:5985**

    Enter-pssession -computername hyper-vHostName

    Run this on non working hyper-V host and share the results

    winrm enum winrm/config/listener

    This will confirm you if WinRM working correctly.

    To enable CredSSP, VMM automatically does the following for you:

    • SCVMM server setup configures the machine’s group policy settings to allow WinRM to use the CredSSP authentication provider.
    • Enable WinRM client GPO: Computer Configuration\Administrative template\Windows Components\Windows Remote Management (WinRM)\WinRM Client

    [Allow CredSSP authentication] = true

    OR

    Command Line: winrm set winrm/config/client/auth '@{CredSSP="true"}'

    • If the VMM server side WinRM client configuration CredSSP setting is set to false by a domain GPO then you would
      • If the host side WinRM service configuration CredSSP setting is set to false by a domain GPO after agent installation you will see the following error:

    Error (20552)

    VMM does not have appropriate permissions to access the resource on the Host1.local.com server.

    Recommended Action

    Ensure that Virtual Machine Manager has the appropriate rights to perform this action.

    Also, verify that CredSSP authentication is currently enabled on the service configuration of the target computer Host1.local.com. To enable the CredSSP on the service configuration of the target computer, run the following command from an elevated command line: winrm set winrm/config/service/auth @{CredSSP="true"}

    0 comments