Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article helps resolve an issue where a YubiKey USB device doesn't appear in a Hyper-V virtual machine (VM) and provides guidance on using a YubiKey USB device for hardware encryption in a Hyper-V VM. It explains how to achieve USB passthrough in Hyper-V, a feature not natively supported, and offers alternative methods to enable this functionality.
Note
Before proceeding, confirm:
- You have administrative access to both the Hyper-V host and the VM.
- The YubiKey USB device is connected to the Hyper-V host.
- The VM is running an operating system that supports YubiKey.
- Remote Desktop Protocol (RDP) is enabled on the VM if you use the RDP method.
When you use Hyper-V, a YubiKey USB device doesn't appear in the VM or can't be accessed, even though it's connected to the Hyper-V host.
Hyper-V doesn't natively support USB passthrough to VMs
This issue occurs because Hyper-V doesn't include built-in support for USB passthrough. This limitation prevents VMs from being directly accessing USB devices connected to the host. If you're accustomed to this functionality on other virtualization platforms, such as VMware, you might need clarification on how to achieve similar results in Hyper-V.
Resolution 1: Use Enhanced Session Mode
Enhanced Session Mode enables interaction between the host and the VM, allowing USB devices to be redirected to the VM. To use Enhanced Session Mode, follow these steps:
Open Hyper-V Manager on the host.
Select the Hyper-V host in the left-hand pane.
In the right-hand pane, select Hyper-V Settings.
Under Server, ensure that Enhanced Session Mode Policy is enabled.
Under User, ensure that Enhanced Session Mode is enabled.
Start the VM you want to connect the YubiKey to.
Once the VM is running, open it in Enhanced Session Mode:
- Close the VM window if it's already open.
- Reconnect to the VM and select Show Options.
- Navigate to the Local Resources tab.
- Under Local devices and resources, select More.
- Expand the Other supported Plug and Play (PnP) devices section and select the YubiKey device.
- Select OK and reconnect to the VM.
The YubiKey should now be accessible in the VM.
Resolution 2: Use RDP
RDP allows USB devices connected to the host to be redirected to the VM. To use RDP, follow these steps:
Configure the VM to allow RDP connections:
- Sign in to the VM and enable Remote Desktop in the system settings.
- Allow the necessary firewall rules for Remote Desktop.
From the Hyper-V host, open the Remote Desktop Connection application.
In the RDP connection window, select Show Options.
Navigate to the Local Resources tab.
Under Local devices and resources, select More.
Expand the Other supported Plug and Play (PnP) devices section and select the YubiKey device.
Select OK and connect to the VM using RDP.
Once connected via RDP, the YubiKey will be redirected and available in the VM.
If neither solution resolves the issue, consider the following points:
- Verify that the YubiKey is supported by the VM's operating system.
- Ensure that the USB device is functioning correctly on the host machine.
- Check for any additional configuration requirements specific to the YubiKey model.
For further assistance, consult the YubiKey documentation or contact Microsoft Support.