It’s possible to configure a Hyper-V host running core to be fully managed remotely. I have read various suggestions on the web saying it’s better and more secure to leave the Hyper-V host in a workgroup, but the effort required when doing that just doesn’t make it worth it in my opinion.
And we actually want 1st and 2nd line technicians to be able to do as much troubleshooting as possible before escalating, rather than adding complexity.
OK if you haven’t already run the following on the core server do it now:
If you don’t know the hostname, run the command now.
All being well, that should be the last time we need to run commands locally on the core server. The machine you use to administer the core server must have the required Remote Server Administration Tools installed and, for ease of access, be a member of the domain.
So let’s connect to the host (obviously switch “oobehostname” for whatever the hostname of your machine is).
Next, rename it specifying your credentials
Rename-Computer -NewName "contosohv012" -DomainCredential contoso\admdel.griffith -Restart
Once the server has restarted, reconnect. Then you can either do
Install-WindowsFeature -Name Hyper-V -Restart
Or to execute the command remotely
Install-WindowsFeature -Name Hyper-V -ComputerName "contosohv012" -Restart
If you aren’t sure whether Hyper-V is installed or not, you can run
Get-WindowsFeature -Name Hyper-V -ComputerName "contosohv012"
Next comes the firewall settings. This Microsoft document explains that to enable remote management of a 2016 core server you should run:
Enable-NetFirewallRule -DisplayGroup "Remote Administration"
But this group was removed starting with Windows Server 2012. So instead I ran:
Get-NetFirewallRule | select-object -expand DisplayGroup
to find the names of the services I needed. To allow access for each follow these steps:
Windows Firewall with Advanced Security
(I preferred just setting this on the Domain profile so I edited the rule first)
Set-NetFirewallRule -DisplayGroup "Windows Firewall Remote Management" -Profile Domain
Enable-NetFirewallRule -DisplayGroup "Windows Firewall Remote Management"
Enable-NetFirewallRule -DisplayGroup "Remote Service Management"
Enable-NetFirewallRule -DisplayGroup "Remote Event Log Management"
Enable-NetFirewallRule -DisplayGroup "File and Printer Sharing"
Performance Logs and Alerts
There are rules on each of the different profiles, so just the regular -DisplayGroup won’t cut the mustard here
Disk Management is also a little more complicated. First run this on the remote machine:
Enable-NetFirewallRule -DisplayGroup "Remote Volume Management"
Then run the same command on the local machine. Next, we need to start the virtual disk service.
Set-Service -Name vds -StartupType Automatic
Set-Service -Name vds -Status Running -PassThru
Now you should be able to connect computer management, and all other required mmc consoles by right clicking and choosing “Connect to another computer”.