Hyper-V Program Manager
A while ago I noticed that when I started virtual machines on Hyper-V on my laptop – they were taking just over a minute to start. Looking at the Hyper-V management console showed that for most of this time the virtual machine was sitting at “Starting (6%)” under the status column.
After a bit of investigation I discovered that this was the result of a known issue. When this happens the cause is usually because there is a problem with Hyper-V finding a valid certificate. To give a bit more context:
When you start a virtual machines, we start a Remote Desktop listener that will allow you to connect to the virtual machine and view the display of the virtual machine. In order to do this in a secure fashion – we check certificate store on your computer to find the best available certificate to secure the Remote Desktop connection with.
The problem happens when you have certificates in your certificate store that we are unable to validate.
In my case my laptop had certificates on it that could only be validated when I was connected to the Microsoft corporate networks. When I was at home it was not possible to validate them.
Luckily – there is a relatively simple fix. One of our developers, Stefan Wernli, has posted a PowerShell script that will identify a valid certificate and configure Hyper-V to always use that certificate – instead of searching for the best certificate each time you start a virtual machine.
You can grab the script from here: http://gallery.technet.microsoft.com/ScriptCenter/en-us/5b4a7114-218b-466c-a9c1-7eb2f725e707
Thanks. Is the problem due to checking for certification revocation (CRL) and time-outs?
Totally unrelated, but dude what happened with your hair?
Could this problem exist and be solved with that script in Windows Virtual PC?
I've run into a similar problem with RDP on non-virtualized hosts, as well. There seem to be some edge conditions that can cause the RDP certificate not to be generated properly during first run. As you might imagine, this causes problems with RDP later on.
Never could find out how to regenerate an RDP cert (or import a cert file as an RDP cert in MMC Certificate snap-in). Searched and searched and searched -- no blog posts, no forum postings. Ended up rebuilding the machine from bare metal, and the problem went away.
It's nice that there's a workaround for Hyper-V. But ideally, what should happen is that Remote Desktop should handle the certificate situation better -- and then Hyper-V can hand off the certificate selection job to RDP.
Yep the guy looks like prison escapee now. Why?
Wow. I can't thank you enough. I've been fighting this problem on at least a dozen different servers with Hyper-V, both 2008 and 2008 R2. I can't begin to express how frustrating it has been. I've reinstalled Windows on some of those hosts 3 or 4 times in an attempt to fix this very issue.
For the record, the percentage for this issue is different between 2008 and 2008 R2--in 2k8, it was a hang at 30%, while it's 6% in R2. This script seems to fix both.
Ben, thanks for the blog post - we've been hunting for this for a while now, due to seeing this after someone mangled our root CA.
Robk & Kimmo - the problem isn't so much the hair as the photo. I saw Ben presenting at Tech.Ed a little while back and he's just as close to bald in real life, but doesn't look so "convict-y" without that mugshot-grey background.
Thanks a million! I've been having this issue with 20 guests on a hyper-v cluster, and in addition to this problem Live Migration would hang at 5% for a few minutes before finally failing. I've been working with MS Support for 3 weeks trying to resolve this and haven't been getting anywhere. Running this script solved it for me right away.
Even a few years later this is still extremely handy to have. Fixed an issue I was seeing, thanks so much!
doesn't work for 2012 R2. I just get Error: Local machine certificate not found.
I just get errors when I run the script?
At C:\temp\certfix.ps1:18 char:96
+ ... Virtualization' `
Missing closing ')' in expression.
At C:\temp\certfix.ps1:19 char:9
+ -name AuthCertificateHash -value ([byte]$hexstrarray)
Unexpected token '-name' in expression or statement.
At C:\temp\certfix.ps1:19 char:15
Unexpected token 'AuthCertificateHash' in expression or statement
At C:\temp\certfix.ps1:17 char:6
Missing closing '}' in statement block.
At C:\temp\certfix.ps1:19 char:64
Unexpected token ')' in expression or statement.
At C:\temp\certfix.ps1:20 char:1
Unexpected token '}' in expression or statement.
+ CategoryInfo : ParserError: (:) , ParseException
+ FullyQualifiedErrorId : MissingEndParenthesisInExpression
I see that this is an old post, but recently encountered the a very simular problem. Just want to share my experience.
I installed a fresh 2012 R2 VM on Hyper-V 2012 R2. VHDX (version 2), Secure Boot enabled and UEFI. Ended up installing three times before I fixed it.
My problem was that my VM got stuck at "updating your system (6%)" after installing Windows Updates. I guess people having the same problem as I did will stumble upon this article.
The script didn't fix the problem for me. But that is likely, because this article is actually about an older Hyper-V version. But it seems that lately people that seem to experience the same problem as I did, commented in this post.
In my case the problem was update KB3000850: support.microsoft.com/.../en-gb. Read the Known Issues section in this KB. The advice is to install KB2975061 before you install KB3000850.
This is how I fixed it:
First installed all available Windows Updates EXCEPT KB3000850, but including KB2975061: support.microsoft.com/.../2975061.
After completing installation of all Windows Updates, installed KB30000850 again.
Hope this helps....
Well, the problem seems to be the KB30000850, but what we need to do to fix the servers which are stuck on the boot process ?
I read something related to delete the pending.xml file on C:\windows\WinSxS. That fixed the problem related with the updating system process, but my VM hangs on the boot continuously yet.