Have you recently downloaded the free Hyper-V Server Core 2016/2019 to virtualize your environment? Then you probably tried to connect to it with Hyper-V Manager and got this error message: Delegation of credentials to the server could not be enabled (CredSSP).

One of our customers, a small business owner, asked us to replace his current server. There was an old installation of Windows Server 2008 R2 installed directly on the server. Of course, we immediately decided to use the free Hyper-V Server offered by Microsoft, and utilize the two VM virtualization rights included in the Windows 2019 Standard license. For security reasons, the first VM would be used to host the domain controller and other core services, and the second VM would host file, print, and other user services.

First, I read a post here on 4sysops written by Wolfgang about the features and limitations of the free Hyper-V Server 2019. His post mentioned there is no Hyper-V Manager. At that point, I was thinking, "How am I going to manage the hypervisor? I don't really want to do everything by PowerShell or via the Windows Admin Center!"

While it is true that the Hyper-V Manager is not included in the free Hyper-V Server installation, as the installation is a Server Core version, you can still use the Hyper-V Manager installed on your Windows 10 machine and connect remotely. If you don't have Hyper-V Manager installed yet, go to Programs and Features > Turn Windows features on or off and enable Hyper-V Management Tools.

So I installed the hypervisor and did basic network configuration. At this point, as this was the first server available in my environment, I had no Active Directory domain available. The Hyper-V Server was a WORKGROUP member. Next, I opened Hyper-V Manager on my Windows 10 machine and selected Connect to Server…

Connecting to the server in Hyper V Manager

Connecting to the server in Hyper V Manager

Note that I used the short NetBIOS name "HVTEST" and selected Connect as another user. Once I entered the credentials and confirmed, I was prompted to Enable delegation of user credentials.

Enable delegation of user credentials

Enable delegation of user credentials

At this point, I was asked to delegate credentials to an FQDN "HVTEST.local" instead of just "HVTEST." After I clicked Yes, the following error message was returned: "Delegation of credentials to the server "HVTEST" could not be enabled."

Delegation of credentials to the server could not be enabled

Delegation of credentials to the server could not be enabled

The message also said that administrator privileges are required to enable CredSSP.

At this point, I started to search for advice on the internet. I found multiple articles. Some of them contained totally misleading information, such as modifying COM object security settings. Others, like the one in Microsoft documentation, did not contain very specific details or contained extra steps that were unnecessary. That's why I dove deep into this topic and got everything tested for you. In this post, you will find the exact steps needed to make things work.

Enable PowerShell remoting ^

The first step in the MS documentation is to enable PowerShell remoting on both Hyper-V server and Windows 10. But hold on a second—my Hyper-V console shows that remote management is already enabled.

Hyper V Server console

Hyper V Server console

It is important to mention here that after you install the Hyper-V Server, the network profile is set to Public and Remoting is still enabled.

Hyper V Server network profile

Hyper V Server network profile

If you would try to enable PowerShell remoting on a Windows 10 machine with a Public profile set, it will fail.

Enable PSRemoting on Windows 10 with Public network profile

Enable PSRemoting on Windows 10 with Public network profile

So I only enable remoting on my Windows 10 machine:

Enable CredSSP authentication ^

The next step is to enable CredSSP on my Hyper-V server.

Next, since I am still in a workgroup, I need to add my Hyper-V server to the TrustedHosts list on my Windows 10 machine.

I also need to enable CredSSP on my Windows 10 machine.

Modifying the local group policy ^

The last step to fix this issue is to modify credential delegation settings in the local group policy. In the Local Group Policy Editor (gpedit.msc), go to Computer Configuration > Administrative Templates > System > Credentials Delegation. Here you may notice that Allow delegating fresh credentials is already enabled.

Allow delegating fresh credentials

Allow delegating fresh credentials

This was actually configured by the Enable-WsManCredSSP command we executed. Note that two values were added – wsman/HVTEST and wsman/HVTEST.local.

I also have to enable these values for the Allow delegating fresh credentials with NTLM-only server authentication to my host option.

Allow delegating fresh credentials with NTLM only server authentication

Allow delegating fresh credentials with NTLM only server authentication

Note that it also works if I add only wsman/HVTEST.local, but will not work if I add only wsman/HVTEST.

That's it. Now I can manage my free Hyper-V Server Core with the Hyper-V Manager in a workgroup.

Hyper V Manager is finally working

Hyper V Manager is finally working

Adding the Hyper-V Server Core to the domain ^

If you already have Active Directory available, it is a completely different thing. Simply join the Hyper-V Server to your domain (option 1 in the Hyper-V Server console) and you are free to use the Hyper-V Manager with no further configuration. Watch out for two things—correct time settings on your Hyper-V Server and a proper DNS record available for your host. Kerberos authentication does not like incorrect time configuration and cannot be used with the IP address.

Conclusion ^

I really like the free Hyper-V Server offered by Microsoft as I can deploy it for my customers and fully utilize their hardware. As you can see, when you download and install the free Hyper-V Server Core, it might be a little tricky to connect to it with the Hyper-V Manager, especially if you have no domain available yet. I hope this article helped you to solve this issue with the fewest possible configuration steps. This procedure also applies to both Hyper-V Server 2016/2019 and Hyper-V Server with GUI installation.

Read 4sysops without ads by becoming a member!

Your question was not answered? Ask in the forum!

2+
Share
0 Comments

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2020

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account