Kerberos for logging on to Hyper-V can only be used in a Windows Domain context, it cannot be used for a local logon.
The next fallback in the list of authentication protocols would be NTLM, which may be undesirable.
In a scenario where local logon to Hyper-V is required, like in a Disaster-Recovery scenario where no functioning Domain Controllers are available Administrators should consider configuring Hyper-V to accept the "CredSSP" authentication protocol, which is an option during installation.
To configure Hyper-V for CredSSP access, follow the below procedure:
On the Hyper-V host to be managed, open a Windows PowerShell session as Administrator.
Create the necessary firewall rules for private network zones:
To allow remote access on public zones, enable firewall rules for CredSSP and WinRM:
Enable-WSManCredSSP -Role server
Next, configure the computer you'll use to manage the Hyper-V host.
Open a Windows PowerShell session as Administrator.
Run these commands:
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "fqdn-of-hyper-v-host"
Enable-WSManCredSSP -Role client -DelegateComputer "fqdn-of-hyper-v-host"
You might also need to configure the following group policy:
Open Hyper-V Manager.
In the left pane, right-click Hyper-V Manager.
Click Connect to Server.
© 2021 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Nutzungsbedingungen Datenschutz