VirtuallyAware

Experiences in a Virtual World

Hyper-V Constrained Delegation of Authority – Remote Mounting of ISO with Management Console

with 8 comments

I have been working with Hyper-V for a while and have had this problem with mounting ISO files that sit on a common file share within our organization.  The problem was when I tried to mount them from my remote Hyper-V management console I would get the error below.  If I mounted it from the Hyper-V host Hyper-V management console everything worked as expected.

This stumped me for a while, but then I got to thinking.  Where had I seen this before….  Virtual Server 2005.  Constrained delegation of authority settings on the Virtual Host objects was necessary there in order to both mount remove ISO images and in order to manage the virtual hosts from a common management web page.  So I made similar modifications to my Hyper-V host objects and now all seems to be working correctly.  Below are the steps I took to make mounting ISO images with my remote Hyper-V management console, work like a charm

 

Open Active Directory Users and Computers, Right-Click the Hyper-V host server object and select properties.  Then click on the Delegation tab. 

Select "Trust this computer for delegation to specified services only" and "Use any authentication protocol."  Then click "Add"  to select the service necessary to pass credentials to the remote file server where your ISOs are located.

 

Click on "Users or Computers"

Enter the name of the remote resource you need to pass credentials to through the Hyper-V Host and click OK. (i.e. File Server that houses your ISO images)

Select CIFS as the service type and click OK twice.

 

The refresh on this procedure can take a few minutes to propagate to the Hyper-V host object.  Once this is completed you will be able to successfully mount an ISO from your remote Hyper-V management console.  I suspect that this type of information will be in the final Hyper-V documentation, but as of yet, I have not seen any public documentation outlining this.  If I missed anything or you have any questions, feel free to comment or send an email along. 

About these ads

Written by VirtuallyAware

June 23, 2008 at 10:39 PM

Posted in Hyper-V

8 Responses

Subscribe to comments with RSS.

  1. ?? – All you need to do is add the computer account of the Hyper-V server to the Share & NTFS permissions of where the ISO file is stored. There is no need for all the above changes.
     
    When adding the Computer account to the share permissions, you need to enable the dialog to show computer accounts as well.

    Nick

    July 23, 2008 at 8:40 PM

  2. Actually, constrained delegation is required if you are administrating from a remote computer. If you have the full version of Windows Server 2008 installed as your Hyper-V Node this is unnecessary because you can run the Hyper-V management console directly from the node. If you are using Server Core however, there is no Hyper-V management console, so you need to allow your remote workstation permission to speak to the NAS on behalf of the Hyper-V Node. Of course, running with Server Core is always recommended ;)

    Landon

    October 10, 2008 at 6:42 PM

  3. Hi! As we can see, this method is still not documented oficially yet. And worst of all it didn\’t work for me. I\’ve tried it two completely separated environments — test and producion.
     
    Did you test it with the final version of Hyper-V? Are there some expected requirements or additional procedures you didn\’t mention?
     
    By the way, the error dialog now clearly suppose you provide access rights for Host computer account to the network share. Seems very confusing for me.
     
    Thanks in advance

    Artem

    October 29, 2008 at 5:18 PM

  4. I discovered your blog site on google and check a few of your early posts. Continue to keep up the very good operate. I just additional up your RSS feed to my MSN News Reader. Seeking forward to reading more from you later on!?

    suchheini

    November 5, 2010 at 12:52 AM

  5. I generally don’t submit in Blogs but your weblog forced me to, remarkable do the job.. attractive …

    dai dai hua

    December 4, 2010 at 6:53 AM

  6. Obtain and select some good things from you and it helps me to solve a problem, thanks.

    - Rob

  7. *bump*

    Hopefully, I’m not the only one flogging a dead horse here, but I’m trying to run Hyper-V in a workgroup. All of my machines are in a workgroup, so then, how do I go about assigning the delegated permissions?

    - cheers

    AG

    June 12, 2011 at 8:11 AM


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 276 other followers

%d bloggers like this: