Non-Domain Management of Hyper-V Server 2016 with Windows 10 Hyper-V Manager

While Microsoft lays out the process in an MSDN article, I felt the article left out a bit of information.  Especially for any developer who may not have prior systems administration experience.   So below I’ll attempt to expand on the content MS has provided in this article

Step 1:  Enable PS Remoting on the Host.

In order to do this properly you need to be in powershell on the Hyper-V Server.   So login to the Server

hv-desktop
Hyper-V Server’s glorious desktop

Now that you are logged in, you need to launch powershell.  You can either enter 14 to Exit to the command line, or you can simply toggle to the cmd.exe window that is already opened behind the sconfig window.  Once you are at the command line simply type powershell and press enter.  This will start powershell.

Starting Powershell
Starting Powershell

Once you have the PS command prompt you are ready to enable your environment for connectivity.

Now you enter the command Enable-PSRemoting  at the Powershell prompt. This will not provide feedback. It will simply do its job then drop you back at the PS prompt.  After which you will enter Enable-WSManCredSSP -Role server to enable Remote Management.  This one will provide feedback and a confirmation prompt.

Step 2:  Configure the Windows 10 client to support the host connection.

Since the machine is not on the domain, I don’t actually use a FQDN. Instead I use NetBios.  However, I typically include the entry in my hosts file because I find NetBios to be a little flaky.   Even so, I also sometimes find it easy to just connect using the IP address.  Since this Windows 10 + Hyper-V 2016 setup supports that, I configure it both ways (Note: I’ve never actually tested the IP address connection so I don’t know if it works).

As listed in the article, you have 2 commands and a gpedit in your future. First, as instructed in the article, issue the following command:

Then, optionally for IP support, issue this command as well:

With the Trusted Hosts added, now you enable credssp on the client, exactly as the article indicates.

I think this is supposed to add an entry to the server list in the group policy for Allow delegating fresh credentials with NTLM-only server authentication. However, it seems that it sometimes adds it under Allow delegating fresh credentials instead.  So I found it was necessary to manually edit both of these and ensure the following entries were in my server list.  Again, if you don’t want to include IP support you can drop that one.

Policy editor allowing delegation of fresh credentials
Policy editor allowing delegation of fresh credentials

If you are not familiar with group policy, you simply click start and type gpedit and it will appear in your search results.  Both of these group policy settings are found under Computer Configuration > Administrative Templates > System > Credentials Delegation 

After this I was finally able to get into the machine remotely to manage Hyper-V.

This was a little bearish to setup even with the instructions.  I hope this will help someone else who encounters the same struggle.

Leave a Reply

Your email address will not be published. Required fields are marked *