Like most IT guys. They have a repository of their ISO images saved on a network share so that they can mount the ISO if needed on multiple machines. I recently switched to Hyper-V and have been having an issue with creating VMs and using my ISO from my network share to do so.
Hyper-V Manager available through RSAT doesn’t have an option to mount an ISO or capture a drive from a machine on which is running. Instead it gives you drives of the Hyper-V host, and that would of course require you to have an ISO or the disc itself present on the host. I didn’t want to do that. I would rather have my repository share available for that purpose to allow for all the drive space to be available on the Hyper-V host.
So, I would map a network drive with my ISOs. The mapping would succeed, but mapped drive (letter) will not be visible in Hyper-V manager when trying to mount an ISO. Okay, so next I tried mounting from UNC share directly, but that would also fail, with the message:
“‘VM’ failed to add device ‘Virtual CD/DVD Disk’” & “User account does not have permission required to open attachment”.
It goes back to the constrained delegation requirement for the Hyper-V host accounts to be used to perform functions such as this. This has been a pain to say in the least, as I have also had issues with live migration with my machines not being clustered due to different hardware.
So, in researching, I found this blog post. It has helped me through this issue with mapping the shared folder with the ISOs.
The cause of the problem is that the Hyper-V is intended to run with VMM Library Server and to mount files from it, not any random share. To re-mediate this:
- You need to assign full NTFS and share permissions to computer account of Hyper-V on a shared folder with ISO’s you want to mount.
- In AD on the computer account of Hyper-V machine delegate specific service ‘cifs’ to the machine you want your ISO’s mounted from. Microsoft calls this constrained delegation.
Here is step by step procedure for the constrained delegation:
- Go to Active Directory Users and Computers
- Find the Hyper-V server computer account and open up its properties.
- Go to Delegation tab.
- Select Trust this computer for delegation to the specified services only radio button.
- Click the Add button.
- Click the Users or Computers… button.
- In the Add Services window, click Users or Computers and enter the computer account that will act as a library server and click OK.
- Select the cifs Service Type and click OK.
The resulting setup should look something like this:
I added both the server that contained the ISO images and the server that I run my RSAT tools from just to be safe. I next rebooted the Hyper-V host (that is a requirement).
When the host rebooted, I was able to successfully create the VM.
Hopefully, this will also solve my issue with live migration between my hosts. I will have to test that again and will inform everyone here if that succeeds as well!
PLEASE COMMENT!
THANKS FOR READING!
References:
Hyper-V Server 2012 won’t mount ISO from a network share
Hyper-V authentication in Windows Server 2016 for managing remote Hyper-V servers through RSAT
Constrained Delegation
You know, it’s incredible how much Microsoft makes me miss VMWare. I’m not sure if that’s just familiarity, but I could spin up an ESXi host and have it running in minutes. The same with Hyper-V has taken hours. And the sheer amount of 2 steps forward, 1 step backwards in infuriating. Thanks for posting stuff like this that is still relevant in 2019 (where I have ventured into the world of Core installation for the first time.). I’m still not convinced, but perhaps I’ll get used to it. They both have their quirks.