Sorry to all of the IT guys that decided not to use VMMS and Hyper-V and went a different direction because of this issue.
Had to get a support call to Microsoft on this and worked 7 hours working through the issues.
This just recently happened. Situation. Windows 2008R2SP1 server with Hyper-Visor installed become unresponse in VMMS Console. 1st research I found instructed me to uninstall and reinstall the VMMS agent from the 2008R2SP1 server. That became an issue when I was unable to reinstall the agent through the VMMS Add Host wizard or to get the agent installed manually to connect through to the VMMS server. (There is a technet item on this process)
The add host resulted in a
Error 421, Agent installation failed on svraschv16.epcc.local because of a WS-Management configuration error.
Recommended Action
Ensure that the Windows Remote Management service is enabled and running on the server <FQDN server name>. Additionally, in the Local Group Policy Editor (gpedit.msc), navigate to Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM), and then ensure that there are no policy settings configured for WinRM Client or WinRM Service.
I performed the recommended actions. No action required everything look correct. I reinstalled the 2008R2SP1 OS (after a refreshed server hardware changeout). No success. I removed the server account and readded the server to the domain. No success. So I went back to the errors and started to troubleshoot.
Lookng at the WinRm error I ran a command, winrm qc. On the VMMS Host server all was good, on the new Host server being installed it responded with a Error number -2144108387 0x8033809D An unknown security error occurred. I could log on as the local admin and it would respond correctly.
I was also seeing a Security-Kerberos event ID 4 error in the System Event Log, on the VMMS host. The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server <Servername> The target name used was HTTP <Servername>. ... Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (DOMAIN.LOCAL) is different from the client domain (DOMAIN.LOCAL), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
This issue came down to 2 things.
1. Duplicate SPNs for the FQDN server name.
2. I ran the setspn -T <forestname> -F -Q HTTP/* (change the <forest name> to your forest name ie Microsoft) from the DC and found the offending duplicates.
3. I then removed the offending SPN with
Setspn -D HTTP/<SERVERNAME> CWAService
Setspn -D HTTP/<SERVERNAME>. <forestname>.local CWAService
(replace the <ServerName> <Forestname> with your server and forest names.
This allowed the winrm qc command to work correctly, which allowed me to look at the second issue, Ports.
Here's what I found on that. The VMMS Applcation manages hosts with ports 80 and 443 dependent on if you're using secure or unsecure HTTP. WinRM v2.0 installed by default on Win2008R2 comes with ports HTTP 5985 and HTTPS 5986 enabled. WinRM v1.1 comes with ports 80 and 443. VMMS can't cut through it so it comes back with the WinRM 421 error. So to solve that, delete the default listener and create a new listener for the port you're using HTTP or HTTPS. A great link to follow for this is
(Thanks to the guy that wrote it)
After that use the VMMS and run the Add New Host wizard. In our case it worked great.
Note: I do have other Hyper-V servers that are Win2008R2SP1 that this issue did not affect them. Why, I don't know. They do have the correct listeners, port 80 and therefore respond correctly to the VMMS Server.
Hope this helps. Couple of other links I used to support the fix.
Had to get a support call to Microsoft on this and worked 7 hours working through the issues.
This just recently happened. Situation. Windows 2008R2SP1 server with Hyper-Visor installed become unresponse in VMMS Console. 1st research I found instructed me to uninstall and reinstall the VMMS agent from the 2008R2SP1 server. That became an issue when I was unable to reinstall the agent through the VMMS Add Host wizard or to get the agent installed manually to connect through to the VMMS server. (There is a technet item on this process)
The add host resulted in a
Error 421, Agent installation failed on svraschv16.epcc.local because of a WS-Management configuration error.
Recommended Action
Ensure that the Windows Remote Management service is enabled and running on the server <FQDN server name>. Additionally, in the Local Group Policy Editor (gpedit.msc), navigate to Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM), and then ensure that there are no policy settings configured for WinRM Client or WinRM Service.
I performed the recommended actions. No action required everything look correct. I reinstalled the 2008R2SP1 OS (after a refreshed server hardware changeout). No success. I removed the server account and readded the server to the domain. No success. So I went back to the errors and started to troubleshoot.
Lookng at the WinRm error I ran a command, winrm qc. On the VMMS Host server all was good, on the new Host server being installed it responded with a Error number -2144108387 0x8033809D An unknown security error occurred. I could log on as the local admin and it would respond correctly.
I was also seeing a Security-Kerberos event ID 4 error in the System Event Log, on the VMMS host. The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server <Servername> The target name used was HTTP <Servername>. ... Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (DOMAIN.LOCAL) is different from the client domain (DOMAIN.LOCAL), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
This issue came down to 2 things.
1. Duplicate SPNs for the FQDN server name.
2. I ran the setspn -T <forestname> -F -Q HTTP/* (change the <forest name> to your forest name ie Microsoft) from the DC and found the offending duplicates.
3. I then removed the offending SPN with
Setspn -D HTTP/<SERVERNAME> CWAService
Setspn -D HTTP/<SERVERNAME>. <forestname>.local CWAService
(replace the <ServerName> <Forestname> with your server and forest names.
This allowed the winrm qc command to work correctly, which allowed me to look at the second issue, Ports.
Here's what I found on that. The VMMS Applcation manages hosts with ports 80 and 443 dependent on if you're using secure or unsecure HTTP. WinRM v2.0 installed by default on Win2008R2 comes with ports HTTP 5985 and HTTPS 5986 enabled. WinRM v1.1 comes with ports 80 and 443. VMMS can't cut through it so it comes back with the WinRM 421 error. So to solve that, delete the default listener and create a new listener for the port you're using HTTP or HTTPS. A great link to follow for this is
(Thanks to the guy that wrote it)
After that use the VMMS and run the Add New Host wizard. In our case it worked great.
Note: I do have other Hyper-V servers that are Win2008R2SP1 that this issue did not affect them. Why, I don't know. They do have the correct listeners, port 80 and therefore respond correctly to the VMMS Server.
Hope this helps. Couple of other links I used to support the fix.
