How to: Remotely manage a Hyper-V Server / Enable Firewall exceptions
How to: Remotely manage a Hyper-V Server / Enable Firewall exceptions
Unfortunately one of the things you will find out when you install a Hyper-V Server 2012 is that it is completely locked down. You are provided with a very neat utility that allows you to easily perform common tasks like enabling remote management, configuring your network, etc. but it has a few shortcomings. One of them is that you cannot configure your network switch or the VLAN for management through it (you can of course use PowerShell). The other one which this guide is focused on is how to enable all the firewall exceptions you need to effectively manage remotely the server. If I am not mistaken when you select the option to enable remote management on Hyper-V server 2008 it generates the required exceptions on the machine… but for some reason Hyper-V 2012 does not.
Below are a few Powershell commands you can run to enable the most common management exceptions for your Hyper-V server host:
Enable-NetFirewallRule -DisplayGroup “Windows Remote Management”
which in turn enables the following:
- Remote Service Management
- Remote Volume Management
- Remote Event Log Management
- Remote Scheduled Tasks Management
- Remote Volume Management
- Windows Firewall Remote Management
- Windows Remote Management
which can be enabled manually or individually like so:
netsh advfirewall firewall set rule group=”Remote Administration” new enable=yes
netsh advfirewall firewall set rule group=”File and Printer Sharing” new enable=yes
netsh advfirewall firewall set rule group=”Remote Service Management” new enable=yes
netsh advfirewall firewall set rule group=”Performance Logs and Alerts” new enable=yes
Netsh advfirewall firewall set rule group=”Remote Event Log Management” new enable=yes
Netsh advfirewall firewall set rule group=”Remote Scheduled Tasks Management” new enable=yes
netsh advfirewall firewall set rule group=”Remote Volume Management” new enable=yes
netsh advfirewall firewall set rule group=”Remote Desktop” new enable=yes
netsh advfirewall firewall set rule group=”Windows Firewall Remote Management” new enable =yes
netsh advfirewall firewall set rule group=”windows management instrumentation (wmi)” new enable =yes
net start vds
And if you are trying to run a replica server using HTTPS:
netsh advfirewall firewall add rule name=”Https Replica in” dir=in protocol=TCP localport=443 action=allow
- Disk Management. You must first start the Virtual Disk Service (VDS) on the Hyper-V server. You must also configure the Disk Management rules appropriately on the computer that is running the MMC snap-in.
- IP Security Monitor. You must first enable remote management of this snap-in. To do this, at a command prompt, type:
Cscript windowssystem32scregedit.wsf /im 1 - Reliability and Performance. The snap-in does not require any further configuration, but when you use it to monitor a Hyper-V server, you can only monitor performance data. Reliability data is not available.