Accessing Hyper-V VM Console Using RDCMan

Remote Desktop Connection Manager (RDCMan) is an official utility from Microsoft to connect to servers via RDP (which replaced the Remote Desktops snap-in) and efficiently handle the daily management tasks by System Administrator. The version of RDCMan 2.7 has interesting feature it can be used to connect directly to the Hyper-V virtual machine console using VMConnect. The connection is made through Enhanced Session Mode, which uses the VMBus (a logical inter-partition communication channel between the Hyper-V host and the virtual machines).

To connect to a virtual machine, the first thing to do is to get its VM ID. You can get it using PowerShell, for example:

Get-VM -Name lon-dc01 | select ID

vm console connect

After you’ve got the virtual machine ID, open RDCMan and add a new server. Check item VM console connect. Then specify the name of the Hyper-V server on which the VM resides in the Server name field. In the id field specify its identifier obtained in the previous step and save the settings.

vm console connect id

To connect to the VM, you need to specify a user account with Hyper-V Administrator privileges.

Note. Even if your account is included in the local group Administrators, add it also to the Hyper-V Administrators group.

remote desktop connection manager vm console connect

Now you can connect to the virtual machine console on the hypervisor Hyper-V as to normal server. The advantage of connecting to the console is that the VM can be in the internal isolated private network, the access via RDP may be disabled, it may does not have a network adapter at all you are still able to connect to it.

Tip. On Hyper-V server TCP port 2179 must be opened.

remote desktop connection manager hyper-v

If you want to provide the ability to connect to a particular VM’s console to a regular user (not an Administrator), you must grant the appropriate permissions.

Grant-VMConnectAccess -ComputerName hv-srv-01 -VMName lon-srv-01 -UserName contosojpatrick

In case you are facing with “Unknown disconnection reason 3848” error when connecting, you need to configure a number of registry settings. The problem is that the CredSSS (Credential Security Service Provider) policy on Hyper-V host doesn’t allow to authenticate remote users by default.

unknown disconnection reason 3848

Start the PowerShell console with administrative privileges and run the following commands:

New-ItemProperty -Path HKLM:SYSTEMCurrentControlSetControlLsaCredsspPolicyDefaultsAllowDefaultCredentialsDomain -Name Hyper-V -PropertyType String -Value "Microsoft Virtual Console Service/*" -Force
New-ItemProperty -Path HKLM:SYSTEMCurrentControlSetControlLsaCredsspPolicyDefaultsAllowSavedCredentialsDomain -Name Hyper-V -PropertyType String -Value "Microsoft Virtual Console Service/*" -Force
New-ItemProperty -Path HKLM:SYSTEMCurrentControlSetControlLsaCredsspPolicyDefaultsAllowDefaultCredentials -Name Hyper-V -PropertyType String -Value "Microsoft Virtual Console Service/*" -Force
New-ItemProperty -Path HKLM:SYSTEMCurrentControlSetControlLsaCredsspPolicyDefaultsAllowFreshCredentialsDomain -Name Hyper-V -PropertyType String -Value "Microsoft Virtual Console Service/*" -Force
New-ItemProperty -Path HKLM:SYSTEMCurrentControlSetControlLsaCredsspPolicyDefaultsAllowFreshCredentials -Name Hyper-V -PropertyType String -Value "Microsoft Virtual Console Service/*" -Force
New-ItemProperty -Path HKLM:SYSTEMCurrentControlSetControlLsaCredsspPolicyDefaultsAllowFreshCredentialsWhenNTLMOnly -Name Hyper-V -PropertyType String -Value "Microsoft Virtual Console Service/*" -Force
New-ItemProperty -Path HKLM:SYSTEMCurrentControlSetControlLsaCredsspPolicyDefaultsAllowFreshCredentialsWhenNTLMOnlyDomain -Name Hyper-V -PropertyType String -Value "Microsoft Virtual Console Service/*" -Force
New-ItemProperty -Path HKLM:SYSTEMCurrentControlSetControlLsaCredsspPolicyDefaultsAllowSavedCredentials -Name Hyper-V -PropertyType String -Value "Microsoft Virtual Console Service/*" -Force
New-ItemProperty -Path HKLM:SYSTEMCurrentControlSetControlLsaCredsspPolicyDefaultsAllowSavedCredentialsWhenNTLMOnly -Name Hyper-V -PropertyType String -Value "Microsoft Virtual Console Service/*" -Force

Now try to connect again. It should work!

So, using RDCMan you can remotely connect to any virtual machine console running on the Hyper-V host, regardless of the guest OS (whether it’s Window, Linux, MacOs, or anything else).

One comment

  1. In case you are facing with “Unknown disconnection reason 3848”:
    Under the Powershell commands for editing the registery, the slashes are missing,
    The commands should be:
    New-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowDefaultCredentialsDomain -Name Hyper-V -PropertyType String -Value “Microsoft Virtual Console Service/*” -Force
    New-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowSavedCredentialsDomain -Name Hyper-V -PropertyType String -Value “Microsoft Virtual Console Service/*” -Force
    New-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowDefaultCredentials -Name Hyper-V -PropertyType String -Value “Microsoft Virtual Console Service/*” -Force
    New-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentialsDomain -Name Hyper-V -PropertyType String -Value “Microsoft Virtual Console Service/*” -Force
    New-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentials -Name Hyper-V -PropertyType String -Value “Microsoft Virtual Console Service/*” -Force
    New-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentialsWhenNTLMOnly -Name Hyper-V -PropertyType String -Value “Microsoft Virtual Console Service/*” -Force
    New-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentialsWhenNTLMOnlyDomain -Name Hyper-V -PropertyType String -Value “Microsoft Virtual Console Service/*” -Force
    New-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowSavedCredentials -Name Hyper-V -PropertyType String -Value “Microsoft Virtual Console Service/*” -Force
    New-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowSavedCredentialsWhenNTLMOnly -Name Hyper-V -PropertyType String -Value “Microsoft Virtual Console Service/*” -Force

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.