Error (20406)
VMM could not enumerate instances of class Msvm_VirtualSystemManagementService on the server CBS2019.xyz.com. Failed with error HRESULT 0x80070005 The WinRM client cannot process the request. The authentication mechanism requested by the client is not supported by the server or unencrypted traffic is disabled in the service configuration. Verify the unencrypted traffic setting in the service configuration or specify one of the authentication mechanisms supported by the server. To use Kerberos, specify the computer name as the remote destination. Also verify that the client computer and the destination computer are joined to a domain. To use Basic, specify the computer name as the remote destination, specify Basic authentication and provide user name and password. Possible authentication mechanisms reported by server: Negotiate Kerberos
Use the RunAs account that has administrator access on the Hyper-V host. VMM will use this RunAs account to execute any future administrative operations. You might choose a RunAs account that does not have admin rights (in the local administrator’s group) on the Hyper-V host, or the RunAs account entered in VMM might have the wrong password.
- We communicate to the hyper-v host using WinRM and It might be disabled on the Hyper-V server. It seems like you enabled GPO's for credssp or WinRM. I will suggest you to move this hyper-V host to default OU(Where no policies are applied) and see the behaviour.
- You can check the communication using below
Run this from VMM server to querry hyper-V host.
Winrm id -remote:http://hyper-V-Host-**FQDN:5985**
Enter-pssession -computername hyper-vHostName
Run this on non working hyper-V host and share the results
winrm enum winrm/config/listener
This will confirm you if WinRM working correctly.
To enable CredSSP, VMM automatically does the following for you:
- SCVMM server setup configures the machine’s group policy settings to allow WinRM to use the CredSSP authentication provider.
- Enable WinRM client GPO: Computer Configuration\Administrative template\Windows Components\Windows Remote Management (WinRM)\WinRM Client
[Allow CredSSP authentication] = true
OR
Command Line: winrm set winrm/config/client/auth '@{CredSSP="true"}'
- If the VMM server side WinRM client configuration CredSSP setting is set to false by a domain GPO then you would
- If the host side WinRM service configuration CredSSP setting is set to false by a domain GPO after agent installation you will see the following error:
Error (20552)
VMM does not have appropriate permissions to access the resource on the Host1.local.com server.
Recommended Action
Ensure that Virtual Machine Manager has the appropriate rights to perform this action.
Also, verify that CredSSP authentication is currently enabled on the service configuration of the target computer Host1.local.com. To enable the CredSSP on the service configuration of the target computer, run the following command from an elevated command line: winrm set winrm/config/service/auth @{CredSSP="true"}