About a year ago John Howard published guidance on how to get Hyper-V Manager to connect to Hyper-V servers over VPN. His network monitoring and suggestion to change the VPN connection IP settings so that the VPN adapter registers the machine’s new address in DHCP/DNS went a long way towards fixing the issue for me – however, we recently uncovered a couple of caveats as detailed in the comments on his original post.
First, I found it was necessary to disable the DNS cache on the Hyper-V server so that it would find the newly-registered VPN-connected IP address of the client machine so that it can correctly route all traffic back to it. This can be rectified for testing purposes with an IPCONFIG /FLUSHNDS but it would be a massive annoyance if all remote Hyper-V users had to log on to the Hyper-V server via remote desktop and flush the DNS cache before connecting with Hyper-V Manager. In order to disable DNS caching at all times just disable the DNS client service. Granted, this introduces the overhead of DNS requests for all network activity on the root partition, but in this case we can live with that, especially since most Hyper-V hosts probably won’t have a lot of traffic on the management NIC.
Once this fix was in place we could establish a Hyper-V Manager connection over VPN, the server’s activity pane expanded and I could even modify the server’s settings. Strangely, the Hyper-V virtual machine pane remained empty and never enumerated the guests. At this point I started to detail the new problem for John and he suggested connecting using the WMI testing tool, WBEMTEST. He provided me with the query syntax and I confirmed that WMI was able to enumerate all of the virtual machines over VPN when Hyper-V Manager could not. John also asked if we were using SC Virtual Machine Manager (VMM) in this environment (we are), which unfortunately means that we can’t use his HVRemote tool to gather additional test results, as it doesn’t support VMM-managed Hyper-V servers.
We’re going to rebuild the Hyper-V Server on Windows Server 2008 R2 RTM in a few weeks and test connections before bringing it under VMM-management and test with HVRemote in more detail if there are problems. Until then, it would be interesting to know if anyone else has this problem with VMM-managed Hyper-V servers.
22/10/09 update: we still have the same problem after rebuilding the server. The rebuilt machine is not VMM-manager. Still no solution for this presently.
One thought on “Hyper-V Manager over VPN may fail if the server is VMM-managed”
I have identified why in my environment why Hyper-v Manager does not get a list of guests and displays the message “No virtual machines were found on this server”.
I have two active NICs on the Hyper-V host. The main IP 192.168.10.65 is registered in DNS. The second NIC 192.168.10.55 is associated with Hyper-V Networking and not registered in DNS and Allow Management is enabled.
When using netmon and pinging my laptop (which is over a SSL-VPN connection) the ping fails using the 192.168.10.55 IP. Of I do a ping -S 192.168.10.65 laptop the ping succeeds.
So the issue is that the server can’t send outbound traffic using 192.168.10.55 which is seems to want to default to. I changed the order of my network to force 192.168.10.65 to be first, but it still uses the .55
So the question is why, when in Allow Management, the .55 can’t send a ping?
The firewall is enabled with Allow all inbound and Allow all outbound for Domain Profile.
If I modify Hyper-V networking to not Allow Mangement everything starts working. As a result the OS only sees my management IP and therefore uses that to respond on and everything starts working.
As for why I have two NICs and allow management on the Hyper-V one, well that is just how I have it.