3

I have searched and found a couple threads that deal with this topic, but they never quite got to solution. They just seemed to peter out.

I have executed the much recommended:

netsh advfirewall firewall set rule group=“remote administration” new enable=yes

but I still get "Access is denied".

None of the proposed solutions get beyond this step, though no one that initiated these threads said "that did it!"

Steps that I've taken:

1.Install DNS role on ws2008 r2 server core on server box. 2.Install RSAT for Win7 on the Win7 box. 3.Assigned static IP to the server. 4.Install the Windows Feature for DNS snap-in for MMC. 5.Attempt to target it to the server box. At this point I get the "Access is denied" error and...well...(flops on the floor)

Sure would appreciate sufficient next steps to admin the box remotely.

Thanks, Greg

Greg Oliver
  • 143
  • 1
  • 1
  • 4
  • Something occurs to me. The server core box and the windows 7 box are not in the same domain. So - how would the mmc session establish identity to the server? – Greg Oliver Jan 24 '10 at 03:13
  • I found a blog posting by John Howard @ MSFT regarding setting up Hyper-V remote admin in a similar setup. He went through several variants of security model. None of them match my situation. He did workgroup authentication and domain authentication, but I have a server in a workgroup and a client in a domain. I think this is the root of my problem. Thoughts? – Greg Oliver Jan 24 '10 at 17:25
  • "how would the mmc session establish identity to the server" runas? or join the domain? or setup a domain trust? – Matt Dec 30 '10 at 13:13

2 Answers2

1

You can get Hyper-V management console to work from domain client to a non-domain hyper-v host, I've done it several times and this guide with HVRemote from the very same John Howard actually gives you all the variants.

...do remember to launch the management tool "as another user.." and enter a valid administrative user that exists locally on the server (and/or use the HVRemote guide to set it up properly).

Oskar Duveborn
  • 10,760
  • 3
  • 33
  • 48
0

Greg,

I don't think it is possible for a workgroup machine to use MMC to a server core instance. MMC uses Kerberos authentication to verify if the user (and machine) connecting to the server can be trusted. Since a workgroup machine has no kerberos tickets, there is no way to prove the machine's identity to the server. Ideally, you want both to be in the same domain. If that is not possible, then you will need to establish a cross-domain trust between the domains of the two machines.

Also, be sure that the client architecture matches the server type (2008 R2 tools should be installed on a Win 7 64-bit OS), since some 32-bit MMC tools do not work on 64-bit servers.

newmanth
  • 3,943
  • 4
  • 26
  • 47