How to configure virt-who service to communicate with Hyper-V

Environment

• virt-who
• Hyper-V

Issue

• Virtual machines are hosted on Hyper-V hypervisor and virt-who service needs to be configured to perform hosts-to-guests mapping.

Resolution

• Use this procedure to configure virt-who to connect to a Microsoft Hyper-V hypervisor.

• For more details on using the virt-who-password utility to encrypt the password of the hypervisor’s virt-who user, refer to How to configure virt-who with encrypted password?.

• Makes sure that the following additional requirements are met on the Hyper-V server(s):

  1. Windows Remote Management must be enabled and HTTP or HTTPS listener must be running:

     • To enable Windows Remote Management:

     ```
     C:\> winrm quickconfig
     ```
     

     • To check if HTTP/HTTPS listener is running:

     ```
     C:\> winrm enumerate winrm/config/listener
     ```
     

  2. Firewall must allow Remote Administration.

  3. Un-encrypted connection must be enabled for HTTP (not required for HTTPS).

     • To enable un-encrypted connection for HTTP:

     ```
     C:\> winrm set winrm/config/service @{AllowUnencrypted="true"}
     ```
     

  4. Only Basic and NTLM authentication methods are supported.

     • To enable Basic authentication mode:

     ```
     C:\> winrm set winrm/config/service/auth @{Basic="true"}
     ```
     
     
      Note that on Windows Server 2012 R2, the `@{}` part should be protected by single quotes:
     
     
      ```
      C:\> winrm set winrm/config/service '@{AllowUnencrypted="true"}'
      C:\> winrm set winrm/config/service/auth '@{Basic="true"}'
      ```
     

  5. Use the Administrator account in virt-who.
     If for security concerns Administrator account cannot be used to authenticate to Hyper-V, then it is necessary to create an additional user and assign the user to the following groups (Windows 2012 Server): Hyper-V Administrators and Remote Management Users.

  These settings can be checked by running the following command (use cmd and not PowerShell):

  C:\Users\administrator.ONE>winrm get winrm/config/service
  Service
      RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
      MaxConcurrentOperations = 4294967295
      MaxConcurrentOperationsPerUser = 1500
      EnumerationTimeoutms = 240000
      MaxConnections = 300
      MaxPacketRetrievalTimeSeconds = 120
      AllowUnencrypted = true                   <---------- virt-who required
      Auth
          Basic = true                          <---------- virt-who required
          Kerberos = true
          Negotiate = true
          Certificate = false
          CredSSP = false
          CbtHardeningLevel = Relaxed
      DefaultPorts
          HTTP = 5985                          <----- virt-who uses this  port
          HTTPS = 5986
      IPv4Filter = *
      IPv6Filter = *
      EnableCompatibilityHttpListener = true
      EnableCompatibilityHttpsListener = false
      CertificateThumbprint
      AllowRemoteAccess = true                 <---------- virt-who required
      AllowRemoteAccess = true
  

For more KB articles/solutions related to Virt-who and Virtual Datacenter (VDC) Subscriptions Issues, please refer to the Consolidated Troubleshooting Article for Virt-who and Virtual Datacenter (VDC) Subscriptions Issues

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.