How to add Microsoft Hyper-V Targets to the VMTurbo appliance

To add a Hyper-V server as a target, you must provide 'domain\username' in the User Name field. In addition, the user that you specify must be one of the target server's "WBEM Scripting Locator" owners. 

Each Hyper-V server requires specific permissions to allow management via WMI. These permissions are set in the host’s WBEM Scripting Locator registry key. To set the permissions, you edit the registry key to add owners and grant them full control.

To add an owner to the Hyper-V server’s registry key:

  1. Launch regedit on that machine as Administrator
  2. Find the following registry key:
    HKEY_CLASSES_ROOT\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}
  3. Right click the key and choose Permissions
  4. Click Advanced and display the Owner tab
  5. In the owners list, add the user you want to allow to connect to the machine
  6. Click Ok
  7. Highlight the user and grant Full Control

Note: For some versions of Windows (including Windows 2012 R2), there is also a second registry key that needs to be updated as shown above. Search for the following key in the registry:

 

HKLM\Software\Classes\Wow6432Node\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}

If it exists, follow steps 1-7 above, for this key also.

 

Once you have carried out the above steps, you can specify the Hyper-V server as an appliance target, using credentials for an owner that has Full Control privileges.

 

 If the discovery is still unsuccessful,  you may have problems with firewall setup.

There are many different firewalls, so we can offer the following general advice:

  • The WMI protocol, communicates initially on port 135 (from VMTurbo to the Hyper-V server)
  • Additionally, port 445 needs to be opened.
  • Next, a random non-privileged port is chosen, to continue the conversation on (for example, 9942)
  • Most firewalls are aware of this and 'follow' the conversation so allowing communications
  • Microsoft's own default firewall setup does NOT allow this 'port change'
So, you have two choices - either, lock down the WMI configuration on each target HyperV server so that a static port is chosen (see the following link for advice):
 

MSDN - Configure WMI for a fixed port (opens in a new window)

The firewall would then need to be opened for the VMTurbo appliance to talk on the port you chose.

Alternatively, you may wish to instead configure the firewall to track WMI's 'port changing'. Most commercial firewalls already support this, but for Microsoft, the following command can be used to set enable this 'tracking':

 

netsh advfirewall firewall add rule name = VMTurbo dir = in protocol = tcp action = allow localport = rpc remoteip = <IP address of appliance> profile = DOMAIN

 A graphical way to achieve the same result as the above command is shown in the following KB article:

https://support.vmturbo.com/hc/en-us/articles/200681536

 

If you still encounter trouble, WMI diagnostics can be tried, first on the local HyperV machine (can it talk WMI to itself?) and then to a 'remote' machine from a test machine (can one machine talk to another via WMI?).

Some guidance and tools for this can be found at the following link:

Microsoft - WMI testing tools (opens in a new window)

 

Please refer the following articles for the port configurations:

https://www.netiq.com/documentation/platespin_portabilitysuite_810/config/data/bgxmcqq.html
https://dev.c-ware.de/confluence/display/PUBLIC/Config+Changes+needed+to+make+J-Interop+work

Have more questions? Submit a request

Comments