This guide is based on the following 3 products:
Windows server 2012 (core)
Windows 8
Hyper-V server v3 / Hyper-V server 2012

The following guide will enable you to:

1: remotely manage your Hyper-V Virtual Machines with Hyper-V manager
2: remotely manage your Hyper-V servers' firewall with a MMC snap-in.
3: remotely manage your Hyper-V server (2012) with server manager

! This should also work for Core installations of server 2012, but I haven't tried.

This guide is purely focussed on servers in a WORKGROUP, or as a stand alone.
I CAN NOT tell you what you need to do to get it working in a domain.


* You can run these commands straight from the console (Physically at the machine) or through RDP.
* You will need to be logged on as an administrator.
* Commands are listed in somewhat random order; I do however advise to follow the steps as listed.
* Commands with ? in front of them are only ment to be helpfull for troubleshooting,
* and to identify settings and changes made.
* Commands and instructions with ! in front of them are mandatory.

- server: means the server core or hyper-v server (non gui)
- client: means the machine you want to use for remote administration.
- Some commands are spread over 2 lines; be sure to copy the full syntax.

> To enable the Hyper-V manager to connect to your server, you need to perform the following 2 actions: (Assuming you have already installed the feature)

1:
! Client: Locate the C:\Windows\System32\Drivers\etc\hosts file.
! right-click --> properties --> security
! click --> edit --> add --> YOURUSERNAME or Administrator --> OK
! then select this new user, and tick the "modify"-box under the "allow"-section.
! apply the change, and close.
! doubleclick the file, and open with notepad
! add the ip-address and name of your server (no // or other crap needed)
! Save the file
# I recommend putting a shortcut to this file on the desktop.
# If you change the ip-address of your server (e.g. move the server from staging to a live environment)
# you might forget to do so in the hosts file.
# Hyper-V manager, MMC, RSAT, and Server-manager all rely on the hosts-file to resolve the name.
# some of these might connect to their respective service on an i.p.-level, but some don't.
# This is the main reason you need to modify this file.

! USE AN ELEVATED CMD/POWERSHELL PROMPT TO CONTINUE !
# the next config needs to be done on windows 8.
# It seems that it's already preconfigured under server 2012

2:
! Client: dcomcnfg
! open component services --> computers
! right-click -> my computer -> properties
! select "COM SECURITY" tab
! under "ACCESS PERMISSIONS" select "edit limits"
! select "ANONYMOUS LOGON", and tick "remote access" under ALLOW
# Without this adjustment, you can't connect to your Hyper-V server
# with the Hyper-V manager if you're not in a domain.

> And if you haven't done so already... make sure you have enabled remote management number 4 on the Hyper-V server console.
----------------------------------------------------------------------


> Next, is to get the MMC firewall snap-in working.
   The reason for this, is to have a GUI available to configure it.
   If you're happy without it, you may skip this and use a shell instead to do so.

? server: netsh advfirewall show currentprofile
# shows the current profile (public/domain/private) and its settings
# depending on your needs, you should set the right profile to fit your needs.
# You can easily do this when the MMC snap-in is done. (after you've followed these steps)

! server: netsh advfirewall set currentprofile settings remotemanagement enable
# enables remote management of the firewall on an application level 
# (In other words: allows the firewall to be remotely managed)

! server: netsh advfirewall firewall set rule group="Windows Firewall Remote Management" new enable=yes
# allows remote management of the firewall, through the required firewall ports with TCP protocol.
# 4 rules will be updated to allow access: public & Domain, dynamic and endpoint-mapper.
# You can disable/add/change the rule from the MMC snap-in after finishing this guide.
# e.g. set the firewall through the MMC-GUI to only allow specific ip-addresses etc.

? server: netsh advfirewall firewall show rule all
# Shows a list of available rules, and their current state.
# when run from cmd, the list exceeds the maximum length for review.
# (from cmd,type:) start powershell, and run the command from there.

! Client: cmdkey /add:YOURSERVERNAME /user:USERNAMEONTHESERVER /pass:THEPASSWORDOFTHATUSER
# I recommend you to use a username with enough privileges for management
# All capital letters need to be replaced with your input
# CMD answers "credential added successfully" when you're done

! Client: locate MMC, and run it as an admin.
# In windows 8/2012, go to search and type MMC. Right-click the icon, 
# and choose run as admin on the bar below.

! Client: application MMC: select "file" --> Add/remove snap-in 
! --> (left pane) scroll down to "windows firewall" --> select and click "add"
! select "another computer"
! type the name of the server you want to manage (NO workgroup/ or //, just same name as you typed for cmdkey)

* Part 2 is done.
# Have a look by doubleclicking the firewall icon in the left pane.
# It looks and works the same as the GUI version that you are familiar with.

-------------------------------------------------------------------------------

! Next is the Server Manager.
# Follow the steps listed to get your server listed and manageable in the server manager.


! Client: Open the created Firewall snap-in for your server.
! Find the 3 "Remote Event Log Management" entries in the list of INBOUND rules, and enable them.

! Open powershell --> in cmd windows, type: start powershell
! run the following line in powershell
! Client: in C:\Windows\system32> set-item WSMAN:\localhost\client\trustedhosts -value YOURSERVERNAME -concatenate

# WinRM Security Configuration.
# This command modifies the TrustedHosts list for the WinRM client. The computers in the TrustedHosts list might not be
# authenticated. The client might send credential information to these computers. Are you sure that you want to modify
# this list?
# [Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"): y
#
# I recommend to choose yes; unless you like to pull some more hairs...

! server: winrm qc
# WinRM service is already running on this machine.
# WinRM is not set up to allow remote access to this machine for management.
# The following changes must be made:
# Configure LocalAccountTokenFilterPolicy to grant administrative rights remotely
# to local users.
# Make the changes? y / n
!  select yes

! Client: open the server 2012 server manager
! click manage -> add server
! select the DNS tab, and type the name of your server

Done.

You can now manage your remote server through the familiar computer management GUI.

! Right-click your remote server, and select "Computer Management"

--------------------------------------------------------------------------

A few side notes:

? The Performance tab seems to list the local machine's performance, in stead of the remote servers'
? If you want Windows server backup, you need to right-click the server in the server manager, and select "add roles and features.
? it will then become available under the "computer management" of the remote server.


If you liked this guide you may thank my employer, Mr. Chris W.
for giving me the time to work it all out.

Cheers!

  

• Changed type Lawrence,Microsoft contingent staff, Moderator Thursday, October 11, 2012 8:45 AM
• Edited by Michael Star Thursday, October 11, 2012 4:30 PM addition

Nice work!

Hi,

Thanks for sharing your experience!

You experience and solution can help other community members facing similar problems.

Thanks for your contribution to Windows Server Forum!

I have changed the thread type to "question", please copy your posing and paste it again. Then we can make your posting as answer. Answerd thread attract more attention in Forum, can hlep more community members.

Have a nice day!

Just to remove the double post, and mark the post answered.
Feel free to add more info about the separate modules, and firewall-rules that
need to be enabled with them.

• Marked as answer by Michael Star Thursday, October 11, 2012 9:19 AM
• Edited by Michael Star Thursday, October 11, 2012 9:29 AM

Just wanted to thank you (and your employer) for this very, very useful information! :) Good job!

Thanks but we also have to worry about the credentials, without which the server manager will not connect to the Hyper- V server...the simplest way is to use a username and password which matches between the client and the server. I created an account with the username raj with the same password on both client and server...on the server I used the option # 3 on the server core / hyper-v 2012's command line interface [via RDP].

ONLY after that I was able to connect to the hyper-v server using client 's hyper v manager.

Also there was no need for the  hosts files for my Win 8 Ent. client....it worked fine with IP address.

Lastly, since mine was a test server I simply disabled the firewall on the server.

Hence in a nutshell........all I did was the DCOM setting and same username thingy to connecto to my standalone Hyper-V server from my win 8 client machine.

Hi..

My env is workgroup also, but I only need to remotely manage a hosts firewall with the MMC snap-in.

Client: Windows 8 x64

Remote host: Windows 7 x86.

I already have Powershell WinRM correctly setup with the target, and I can Enter-PSSession correctly.

I tried following your guide so I did:

1. on target: netsh advfirewall set currentprofile settings remotemanagement enable

result: OK

2. on target: netsh advfirewall firewall set rule group="Windows Firewall Remote Management" new enable=yes

result: OK

3. on client, in an admin powershell session : cmdkey /add:TARGET /user:USERONTARGET /pass:PWDOFUSERONTARGET

result: OK

4. on client, lanched mmc.exe as admin, added the Windows Firewall with advanced security snap-in for TARGET

the snapin errors out with 0x6D9

Any ideas? it's absurd to not have a tool to remotely administer the Windows Firewall without dropping to powershell or netsh

Hi..

My env is workgroup also, but I only need to remotely manage a hosts firewall with the MMC snap-in.

Client: Windows 8 x64

Remote host: Windows 7 x86.

You do realise you're talking about a completely different OS than what this guide is intended for?!
There's probably similarities, but I doubt that you'll find an answer here for your problem.

As a little update to the post, I'd like to add that replication, clustering and migration will not work in workgroup environments. Unless someone can provide an additional guide for this, I'd recommend anyone to no even bother to try.

To manage the standalone hyper-v server in a remote location over the internet, I would recommend the following:
Install windows 8 pro (x86 uses less resources!) as a vm on the host, and assign 2 network connections to it.

1 external (shared with host) (be sure you have a dedicated ip-address for it!)
1 internal connection.

What I did was this:
As soon as you've installed the win8 guest, proceed with the guide as described.
For the 1st step of the guide (hosts-file) use the ip-address you will later assign to the "internal" network switch of the host!
In my example, I'm using 10.0.0.1 for the host, and 10.0.0.2 for the guest.

To be clear: I first used the guide on a LAN-environment, and did all the steps from a "real" client to server on the LAN.
Then, installed the win8 guest on the host using the "real" clients' hyper-v manager over the LAN.
Next, assigned the 2 network connections to the VM, and configured them as follows:

external - as you would to be able to make your guest reach the internet.
internal - I used the following config:
ip-address: 10.0.0.2
subnet: 255.255.255.252
gateway - blank
dns - Blank

Now, when you get to the console of the hyper-v server (host) or RDP to it, go to network settings.
You'll see that the internal card has been added here as well.
Configure it as follows:
ip-address: static - 10.0.0.1
subnet: 255.255.255.252
gateway - blank
dns - blank

You should now be able to ping your guest (win8) on 10.0.0.2 if it's running.
Don't forget to enable ping response (option 4 on the host) to test connectivity the other way around as well (guest to host)

When you're done, you'll be able to RDP to the guest OS over the internet, and then connect to the host with server manager, hyper-v manager, and MMC.

Don't forget to enable each module on the hosts' firewall to make the snap-ins work!
Remote volume management requires your guest/client firewall INcoming ports to be enabled as well! not just the host.

Either update the firewall rules from the MMC gui as described in the guide, or use the following commands on the hosts' powershell:

Enable the firewall rules with the command Enable-NetFirewallRule -DisplayGroup "USE_THE_COMMANDS_BELOW" (include the " " in the command)

Remote Service Management
Remote Volume Management
Remote Event Log Management
Remote Scheduled Tasks Management
Windows Firewall Remote Management
Windows Remote Management

You can get the list with Get-NetFirewallRule -DisplayName *management*
You can get the list with Get-NetFirewallRule -DisplayName *remote*

Commands provided with credits to F. verstegen

Cheers,

Michael.

Small note the command on Client: C:\Windows\system32> set-item WSMAN:\localhost\client\trustedhosts -value YOURSERVERNAME -concatenate didn't work for me. Instead I used Set-Item WSMan:\localhost\Client\TrustedHosts -Value <YourtargetServernameHere> Force and now it works like a charm :)

TechNet: http://technet.microsoft.com/en-us/library/hh831453.aspx

• Edited by Aly Ghoneim Monday, February 11, 2013 2:50 PM update

Michael (and Mr. Chris W. ;)

Thanks for this post - pretty much saved my bacon over this past weekend installing a 2012 Hyper-V server in a workgroup setting to virtualize a client's SBS2003 domain in preparation for migration to Essentials 2012.  Now if only I could find a way to connect to Windows Server Backup remotely ... :)

Mike

Arghhh, just can't get it to work, I can get hyper-v manager up, but get the following message "Virtual Machines" field when trying to connect to the server: Hyper-V encountered an error trying to access an object on computer 'name' because the object was not found. The object might have been deleted. or you might not have permission to perform the task. Verify that the Virtual Machine Management service on the computer is running. If the service is running, try to perform the task again by using Run as Administrator."

• I can start and stop services from computer management and change user permissions.
• I have created a specific administrator on the server, that I'm using to login with. (according to rajdud2's post)
• I have disabled firewall on both server and windows 8 machines.

Anybody got any ideas ?

• Edited by DennisLer Friday, March 01, 2013 10:38 AM

Great work Michael, however Im not able to manage Windows Server Backup remotely, I guess same Im facing the same issue as mcbundus.

"?If you want Windows server backup, you need to right-click the server in the server manager, and select "add roles and features.
it will then become available under the "computer management" of the remote server"

I have added the role, but cannot se Windows Server Backup anywhere in "computer management".

It should be shown in between Storage / Disk Management as it for sure is in a full GUI WS2012 after adding the role, but its not there to be seen in my Hyper-V Free at least  :(

Not supported maybe ?

I found this thread, might be related.

http://social.technet.microsoft.com/Forums/en-US/winserver8gen/thread/b681a87c-76b9-432c-b930-a100dd4d1e75/

Would be awesome to get that working now as WS2012 has native support for backing up Hyper_V VMs :)

Any clues ?

Thank you so much for these instructions.. I didn't even think this was possible without a domain. You've made my year :)

Funny you mention this. 

I'm not in the oppurtunity to look in to this at the moment, and I can't remember exactly the combination of OS's I used when writing this up, but I'm 99% sure that when you add the standalone hyper-v server to the Windows server manager of a server 2012 machine it will work, where as it probably won't work using Windows Server Manager on a Windows 8 machine.

(As a bit of a reference, I can confirm that the above definately works within a domain, where I use server manager on a full gui 2012 server to manage hyper-v servers, including the backup-feature for Hyper-V servers that show up in the computer management panel as I've described)

So for now, I'd say that if you want to use the backup feature built in to hyper-v server, you'll need a full win 2012 server installation to be able to manage that.

I came across an interesting piece of software that I hope is worth mentioning, as I haven't used or tried it myself. It looks promising though, so I hope someone will give it a go.

The author writes:

"I am working a lot with virtualization. 
It is boring to manage hyper-v server without web interface. Of course you can use
Microsoft Virtual Machine Manager, but it requires serious infrastructure.
I wrote simple web interface to resolve this issue.
Currently program allows only basic virtual machine management:
* Start
* Pause
* Save
* Shutdown
* Turn off power
It is a console application. It can work directly from the command line, even on a bare Hyper-V Server, and supports installation as a service. Inside the application I placed with love: a webserver which hosts a small web application that handles virtual machines on a local Hyper-V server.
System requirements for host system: Hyper-V 3.0"

The options are limited, but the idea is great. It's still in alpha stage when I'm writing this, so don't expect a finished product with a full guide.

If you try it, then let us know what you think; you can find it here

Cheers,

Mi

Hi Chris W,

I have tried all steps which is mention in guide but also i am not able to manage Hyper V Server 2012.My system is in Domain and server is in workgroup. or my system and server both in workgroup.

Is there any other steps which i have to do .

Please help.

Regards,

Amarendra

HVRemote - http://code.msdn.microsoft.com/HVRemote

-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~

John Howard, Hyper-V Team, Microsoft.

This posting is provided AS IS with no warranties, and confers no rights. You assume all risk for your use.

Hi Chris W,

I have tried all steps which is mention in guide but also i am not able to manage Hyper V Server 2012.My system is in Domain and server is in workgroup. or my system and server both in workgroup.

Is there any other steps which i have to do .

Please help.

Regards,

Amarendra

Amarendra:  Did you got a solution for this?

I have the same problem as Amarendra.  I have a Hyper-v 2012 R2 standing outside og my domain in a remote datacenter with a public IP.  I have also tried all the steps, but I am still not able to connect with hyper-v manager.  Is there any other steps I can try?

Excellent article..thank you for your effort to provide this tutorial..has save me a lot of headache :-)

Hello,

I follow the step. got a 2 issue

1. first not sure if this is a problem

On the hyper- V when doing the below 2 rule got updated instead of 4 as stated in the direction. I  run the command as admin in the cmd not powershell

! server: netsh advfirewall firewall set rule group="Windows Firewall Remote Management" new enable=yes

===

2. my main issue can't proceed further

! Client: locate MMC, and run it as an admin.
# In windows 8/2012, go to search and type MMC. Right-click the icon, 
# and choose run as admin on the bar below.

! Client: application MMC: select "file" --> Add/remove snap-in 
! --> (left pane) scroll down to "windows firewall" --> select and click "add"
! select "another computer"
! type the name of the server you want to manage (NO workgroup/ or //, just same name as you typed for cmdkey)

-----------

note - MY hyper V name look like   - HYPERV-PC

I am unable to open the snap-in firewall error code: 0x6BA

I found this instruction today, so any help would be good

• Edited by Alvin 101 Monday, January 20, 2014 5:18 PM

Michael Star what a star <applause>

I am doing SBS 2011 + 2008R2 on HyperV2012R2 'free' and being as I am self proclaimed XP/7 expert I was shocked at how much I didnt know (never even heard of powershell until 4 months ago)

The majority of guides I have read before do not cater for novice in their approach - not only was this guide the most complete solution available (I've tried many), I understood it and have come away educated

Thanks Michael

I am VERY NEW to this and even after going through this I cannot connect to the VM.  Credentials do not validate and I cannot access the VM.  The above instruction imply some working knowledge of setting this up and I lack a complete knowledge in this area.

I have a single Windows 8.1 running Hyper-V in a Workgroup setup.  This machine does it all.  I still cannot make it work.

Please help.

It works great! Thanks Michael!

In my case I had to change one more thing:

On server:
Open Server Manager, "Local Server" on left pane.
Changed Remote Desktop from Disabled to Enabled.

Many thanks for this great work and for sharing this magic solution !!

You save me a lot of time !!

I have one question concerning the administrator user names on the server core and the client system.

The article propose to use the following setting for the client to manage the server core:

cmdkey /add:YOURSERVERNAME /user:USERNAMEONTHESERVER /pass:THEPASSWORDOFTHATUSER

In my first experiment I chose different administrator user names on the server core and on the client, and I used the command above to insert the credentials of the server core on the client. Using this method nearly every snap-in worked as expected - except the MMC firewall snap-in. 

I only got the firewall-snap working when I chose to add a new adminstrator account on the server core with the same user name and password as the client admin user. Does anybody knows how this behaviour could. be explained? I have no idea. There is no difference if the firewall on both servers are enabled or disabled.

(My environment: server core is Hyper-V-Server 2012 R2, client is Server 2012 R2 Essentials)

Thanks for any explanation

Thorsten

• Edited by Thorsten_Albrecht Wednesday, January 14, 2015 1:53 PM

Hi Michael,

Thanks for this excellent tutorial. Unfortunately I am getting stuck at the point

! Client: application MMC: select "file" --> Add/remove snap-in 
! --> (left pane) scroll down to "windows firewall" --> select and click "add"
! select "another computer"
! type the name of the server you want to manage (NO workgroup/ or //, just same name as you typed for cmdkey)

* Part 2 is done.
# Have a look by doubleclicking the firewall icon in the left pane.
# It looks and works the same as the GUI version that you are familiar with.

Instead of having access to the Remote Firewall I see the message below -

Any ideas regarding how to overcome this issue will be greatly appreciated.

Kind Regards,

Davo