Trobuleshooting: Resolving certificate name mismatches issue when managing a Hyper-V host in VMM
Use following steps to resolve a name mismatch error when viewing remote desktop connection of a VM on Hyper-V host through VMM (using Virtual Machine Viewer app). When you execute "Connect to virtual machine" action from VMM Administrator Console, you’ll get error: "The remote computer couldn’t be authenticated due to problems with its security certificate. It mabe be unsafe to proceed". In this case, the popup with error will give you Name mismatch parameters. For e.g.: Requested remote computer: 192.168.1.250 | Name in the certificate from the remote computer: democomputer.redmond.contoso.corp.com.
How to troubleshoot and fix this issue:
- Use the Internal nic for all virtual machines including the Virtual Machine Management server
- Add the FQDN of the Hyper-V server to local hosts file on the VMM server (which is located in C:\Windows\System32\Drivers\etc\host. You’ll need to change the folder options to view the extensions for known file types. An example entry looks like this. 192.168.1.250 democomputer.redmond.contoso.corp.com.
- When adding the host into Virtual Machine Manager, make sure you use the FQDN (democomputer.redmond.contoso.corp.com) and clear the option for host to be in a trusted domain (use the non-trusted domain authentication)
- Finish the rest of the steps to add the host.
- It will take a few minutes to populate all the virtual machines that are running on the Hyper-V host. Once populated, select a VM and connect to it. You’ll get prompted with an error warning. Click on the View certificate button and install the certificate by choosing to manually decide where to place the certificate and click the browse button to install it to the trusted root certification authority. Close the dialog box.
- From your VMM server click start, run, and type MMC. From the menu bar select File, then select Add\Remove Snap-in. Select Certificates and then select Add for User. Repeat this process and Add Certificates for local computer.
- Next copy your democomputer.redmond.contoso.corp.com certificate from the user trusted root to the following three places. Right-click the certificate and select copy and then paste into:
a. Certificates – Current User -> Personal -> Certificates
b. Computer (Local Computer) -> Personal -> Certificates
c. Computer (Local Computer) -> Trusted Root Certification Authorities
- Go back to VMM console and attempt to connect to the VM. You’ll probably be prompted for your credentials. Enter your valid domain credentials, i.e. contoso\anotheradmin and select the option to remember my credentials.
- At this point you should now be able to connect to a virtual machine without any errors.
This entry was posted on Thursday, September 9th, 2010 at 12: 21 and is filed under Ben. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.