How to Add Untrusted Hyper-V Hosts and Host Clusters in VMM


Updated: May 13, 2016

Applies To: System Center 2012 SP1 - Virtual Machine Manager, System Center 2012 R2 Virtual Machine Manager, System Center 2012 - Virtual Machine Manager

You can use the following procedure to add Hyper-V hosts or Hyper-V host clusters that are in an untrusted Active Directory domain as managed Hyper-V hosts in Virtual Machine Manager (VMM). During agent installation, VMM generates a certificate that is used to help secure communications with the host. When VMM adds the host, the certificate is automatically imported into the VMM management server’s trusted certificate store.


You cannot perform a local installation of the VMM agent on a computer that is in an untrusted domain. You must follow the procedure in this topic to perform a remote agent installation.


Before you begin this procedure, review the following prerequisites:

  • If you use Group Policy to configure Windows Remote Management (WinRM) settings, understand that VMM does not support the configuration of WinRM Group Policy settings (Service or Client) on hosts that are in an untrusted Active Directory domain. If WinRM Group Policy settings are enabled, installation of the VMM agent may fail.


    The WinRM policy settings are located in the Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM) node of the Local Group Policy Editor or the Group Policy Management Console (GPMC).

  • Although it is not a required prerequisite, you can create a Run As account before you begin this procedure. (You can also create the account during the procedure.) The Run As account must have administrative rights on all hosts that you want to add.

    For example, create the Run As account Untrusted Hyper-V Hosts.


    You can create Run As accounts in the Settings workspace. For more information about Run As accounts, see How to Create a Run As Account in VMM.

To add a Hyper-V host that is in an untrusted Active Directory domain

  1. Open the Fabric workspace.

  2. In the Fabric pane, click Servers.

  3. On the Home tab, in the Add group, click Add Resources, and then click Hyper-V Hosts and Clusters.

    The Add Resource Wizard opens.

  4. On the Resource location page, click Windows Server computer in an untrusted Active Directory domain, and then click Next.

  5. On the Credentials page, next to the Run As account box, click Browse, click the Run As account that has administrative rights on the hosts that you want to add, click OK, and then click Next.


    If you do not already have a Run As account, click Browse, and then in the Select a Run As Account dialog box, click Create Run As Account.

    For example, if you created the example Run As account that is described in the Prerequisites section of this topic, click the Untrusted Hyper-V Hosts account, and then click OK.

  6. On the Target resources page, in the Fully qualified domain name (FQDN) or IP address box, enter the FQDN or the IP address of the Hyper-V host or Hyper-V host cluster that you want to add, and then click Add.


    If you are adding a Hyper-V host cluster, you can either specify the cluster name or the name of one of the cluster nodes.

    If discovery succeeds, the host is listed under Computer Name.

    Repeat this step to add multiple hosts. When you are finished, click Next.

    For example, enter the name, where is the name of the untrusted domain.

  7. On the Host settings page, do the following:

    1. In the Host group list, click the host group to which you want to assign the host or host cluster.

      For example, assign the host to the New York\Tier2_NY host group.

    2. In the Add the following path box, enter the path on the host where you want to store the files for virtual machines that are deployed on hosts, and then click Add. Repeat this step if you want to add more than one path. Note the following behavior:

      • If you leave the box empty, the default path of %SystemDrive%\ProgramData\Microsoft\Windows\Hyper-V is used. Be aware that it is a best practice not to add default paths that are on the same drive as the operating system files.

      • If you specify a path that does not already exist, the path is created automatically.

      • When you add a host cluster, you do not specify default virtual machine paths, as you would for a stand-alone host. For a host cluster, VMM automatically manages the paths that are available for virtual machines based on the shared storage that is available to the host cluster.

    3. When you are finished, click Next.

  8. On the Summary page, confirm the settings, and then click Finish.

    The Jobs dialog box appears to show the job status. Make sure that the job has a status of Completed, and then close the dialog box.

  9. To verify that the host was successfully added, in the Fabric pane, expand the host group where you added the host, click the host, and then in the Hosts pane, verify that the host status is OK.


    To view detailed information about host status, right-click a host in the VMM console, and then click Properties. On the Status tab you can view the health status for different areas such as overall health, host agent health, and Hyper-V role health. If there is an issue, you can click Repair all. VMM will to try to automatically fix the issue.

See Also

Adding Windows Servers as Hyper-V Hosts in VMM Overview