Friday, November 5, 2010

Hyper-V Virtual Machine Failed to Start after Copying VHD

Hyper-V Virtual Machine Failed to Start after Copying VHD


On Windows Server 2008 R2 running Hyper-V, I copied a VHD to an external drive using Windows Explorer. After compacting the drive, I copied the VHD back to its original location and tried to start the virtual machine. I got a long message telling me that the virtual machine failed to start due to an access denied error.


The Message

Here are the important bits of the message, along with the corresponding event IDs in the Hyper-V-Worker Admin event log:



‘VM01’ failed to start.


Microsoft Emulated IDE Controller (Instance ID {…}): failed to Power on with Error ‘General access denied error’ (0×80070005). [Event ID 12010]


IDE/ATAPI Account does not have sufficient privilege to open attachment ‘D:\Virtual Machines\VM01\Virtual Hard Disks\DRIVE01.VHD’. Error: ‘General access denied error’ (0×80070005). [Event ID 12290]


‘VM01 failed to start. (Virtual machine ID 6B78D45F5-71DF-4725-B4B2-E651800BE80EF) [Event ID 12030]


Okay, so I understand that it can’t access the VHD file. But what is the “IDE/ATAPI Account”? I see no such account in the list of available users and groups when I try to modify the VHD file’s permissions using the GUI. What I do see, when I examine the permissions of a working VHD, is what looks like a GUID as a user name with Read and Write permissions:


Hyper-V VHD Permissions GUI

Virtual Machine SID

It turns out that the virtual machine’s unique identifier (SID) actually needs direct access to the file. The details are in this Microsoft knowledge base article:


Hyper-V virtual machines may not start, and you receive an error: “‘General access denied error’ (0×80070005)”
http://support.microsoft.com/kb/2249906

Update the Permissions

The solution is to give the SID Full control of the VHD using the command line.


Tip: Rather than type (or mistype) the SID by hand, cut and paste it from the event log message or from the XML file name in the Virtual Machines folder.


The command:


icacls /grant "NT VIRTUAL MACHINE\":F


Note that there is no space before the :F. For example:


icacls "D:\Virtual Machines\VM01\Virtual Hard Disks\DRIVE01.VHD" /grant "NT VIRTUAL MACHINE\6B78D45F5-71DF-4725-B4B2-E651800BE80EF":F


Once that permission has been added, you should be able to start the virtual machine.

Posted by at
Labels: , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)