Hyper-V Authentication Certificate issue

By Andrei Ungureanu - Last updated: Friday, November 16, 2012 - Save & Share - Leave a Comment

Hyper-V foloseste un certificat auto generat pentru conexiunile la consola masinii virtuale. Dar acel certificat expira dupa un an si exista cazuri in care acel certificat nu se reinnoieste automat.

Log Name:      Microsoft-Windows-Hyper-V-VMMS-Admin
Source:        Microsoft-Windows-Hyper-V-VMMS
Event ID:      12510
Task Category: None
Level:         Warning
User:          SYSTEM
Description:  The certificate used for server authentication will expire within 30 days. Remote access to virtual machines will not be possible after the certificate expires. Please renew or recreate the certificate.

Exista si un hotfix descris aici:


Si mai exista si cazul in care chiar daca ati facut renew la certificat tot nu va puteti conecta la consola masinilor virtuale:


Pentru a face renew urmati urmatoarea procedura:

1. Click Start, Run, mmc

2. Add/Remove Snap-in

3. Click Certificates, click Add

4. Click Service Account, Next

5. Click Local Computer, Next

6. Click Hyper-V Virtual Machine Management, Finish, Ok.

7. Go to Certificates – Service\Vmms\Personal – Certificates

8. Delete the expired certificate or the one that is about to expire.

9. Restart the Hyper-V Virtual Machine Management service.

10. Check if a new certificate was created and if the console connections to the VMs works.


Modul de functionare este descris in articolul Configuring Certificates for Virtual Machine Connection

When VMMS starts, Hyper-V searches for an existing, valid certificate to prepare for future communication requests. If one is not found, Hyper-V generates a self-signed certificate in the VMMS certificate store. The search for a certificate occurs as follows:

  1. First, Hyper-V checks the registry for the thumbprint value of a certificate, under \HKLM\Software\Microsoft\Windows NT\CurrentVersion\Virtualization\AuthCertificateHash. Hyper-V uses this value to try to locate a matching certificate.
  2. If no matching, valid certificate is found, Hyper-V checks the certificate store of the computer.
  3. If no valid certificate is found in the certificate store of the computer, Hyper-V checks the VMMS certificate store, under Hyper-V Virtual Machine Management Service (VMMS).
  4. If the VMMS certificate store does not contain a certificate that is valid for use with Hyper-V, VMMS generates a self-signed certificate in its service certificate store.
Posted in Virtualization, Windows Server • Tags: Top Of Page

Write a comment