System Center Virtual Machine Manager
A family of System Center products that enable enterprise-wide management of virtual machines.
392 questions
Hi,
There is a similar thread you can reference:
Cannot login to VMM \ Server Core edition with other accounts
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 23%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERS%3C/text%3E%3C/svg%3E)
Richard Smith
1
Reputation point
I recently built a VMM 2019 \ UR2 server on 2019 Core edition using SQL 2019. All works ok except i can only login to the console using the VMM service account.
If i try another account i added into the Administrator User Role group, i get
VMM is unable to perform this operation without a connection to a Virtual Machine Manager management server.
Use the Get-VMMServer cmdlet or the -VMMServer parameter to connect to a Virtual Machine Manager management server. For more information, type at the command prompt: Get-Help Get-VMMServer -detailed.
ID: 1615
I never had this issue before when i ran "desktop version" Server 2019, what am i missing from Core edition?
Firewall ports are controlled via GPO 8100 etc and the VM is under the same group but then again, it works perfectly fine under the service account credentials.
Anyone seen this before? Never installed VMM on core edition before, any tips?
Thanks
2 answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 92%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXM%3C/text%3E%3C/svg%3E)
XinGuo-MSFT 18,771 Reputation points2021-02-10T02:36:11.853+00:00 -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 36%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERS%3C/text%3E%3C/svg%3E)
Richard Smith 1 Reputation point2021-03-12T11:46:42.42+00:00 i've already looked at that thread, doesn't fix it.
I also set recently the "allow local logon" to the vmm service account, which wasn't set. That resolved another issue where vmm console was getting access denied on the vmm server itself.but this issue of been able login as other users, is still not working. those users are also part of the local admin group on the server, just in case.
what i don't understand is the service account can login. i think this is a missing component when installed on core edition.
Sign in to comment -
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 46%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENP%3C/text%3E%3C/svg%3E)
Nitesh Pal 1 Reputation point Microsoft Employee2021-10-15T18:37:17.13+00:00 Virtual Machine Manager setup creates a login for the VMM service account and adds it to db_owner role in the VMM database. MemberShip in the db_owner role is required for the service account of SCVMM. Removing that account from the db_owner role triggers Login FAilures . Assigning any combination of roles with less permissions and individual permissions instead of db_owner for the VMM service account will not work and its not supported.
Whenever user connect to SCVMM through the console or a command shell, the VMM service dynamically adds the user to the VMM database. When the user disconnects, the VMM service automatically removes the user from the VMM database.
As a connected user performs actions, the VMM service runs EXECUTE AS statements to run database stored procedures on the user's behalf. For it to work, the VMM service account must have the IMPERSONATE permission on the user. Non-dbo users don't have this permission.
You can't work around this limitation by explicitly granting the IMPERSONATE permission to a non-dbo service account because you can grant IMPERSONATE only on an existing principal. Because the VMM service dynamically adds and removes database users, you can't grant IMPERSONATE permissions on them ahead of time. The user must exist at the time you grant permissions.
The SQL Server language reference specifically documents the requirement that a principal must exist when the IMPERSONATE permission is granted to the principal. For more information, see Specifying a User or Login Name.
]2For your information this is my SCVMM service account in your case that could be different. Please check SCVMM service account of “System Center Virtual Machine Manager” service, account, it could be different in your infra.
Make sure your db_owner is assigned correctly.
Thanks regards,
Nitesh Pal