Tuesday, 2 August 2016

Hyper-V copy/paste of Virtual Machine folder security problems

Have you seen this in your error logs?:

The Virtual Machines configuration 6ED5794F-DD19-46D3-8121-0880FEB592AE at 'D:\Hyper-V VM Data\VM NAME' is no longer accessible: General access denied error (0x80070005).

With Event ID: 4096 and much sadness because your VMs won't boot?

And did you move the folders that your VMs are living in to a new location but it should just work?! Well the chances are the security permissions on the files are wrong. I'm not talking about "Administrators" having all rights, but specific Virtual Machine rights.

I recently upgraded my home server with a new array of disks - a jump from 500GB of storage to 2TB. It's a modest increase, but this is a hyper-v server, not a NAS. I copied off the VMs from the old disk to an external drive and then copied them back. Oh noes! Two of my virtual Linux servers declined to start again - bastards!

So it was to the inter webs, and here, gentle reader, I hope you can find answers. If you check the permissions on the .xml configuration file for the VM you might see just the regular stuff on it. What you should also see is an entry for "NT VIRTUAL MACHINE\6ED5794F-DD19-46D3-8121-0880FEB592AE" there as well. Now in this instance the "6ED5794F-DD19-46D3-8121-0880FEB592AE" is specific to my virtual machine - you will have a different one.

It's important to note that ID. You can get it from your .xml configuration file and various other places (I find the .xml to be the easiest).

Now to fix this, open an elevated command prompt and type in the following:

icicles "path to .vhd or .xml" /grant "NT VIRTUAL MACHINE\virtual machine ID":(F) and hit enter.

You should have a return of"

processed file: "path to .vhd or .xml"
Successfully processed 1 files; Failed processing 0 files

It looks like this:

Do this for both the .vhdx (as in this case) and the .xml file. Once you go back to the Hyper-V management console, your VM should work. Otherwise, something else is b0rked and you'll need to chase it in Event Viewer!

I hope this saves someone else the half an hour of Googling that I did this morning to sort it out. Best of luck!

No comments:

Post a Comment