Few days ago I installed Hyper-V Server 2012, Microsoft’s free virtualization platform and the equivalent of VMware ESXi.
The very first thing that I was stuck with is that Hyper-V Manager available through RSAT doesn’t have an option to mount an ISO or capture a drive from a machine on which is running. Instead it gives you drives of the Hyper-V host, and that would of course require you to have an ISO or the disc itself present on the host.
For most of us this is very inconvenient, we like the ability to mount an ISO from a network share or our machine. One would think, this a Windows box, no problem, i will map a network drive with my ISOs. The mapping would succeed, but mapped drive (letter) will not be visible in Hyper-V manager when trying to mount an ISO. Ok, the next step that the one would consider is mounting from UNC share directly, but that would also fail, with the message “‘VM’ failed to add device ‘Virtual CD/DVD Disk'” & “User account does not have permission required to open attachment”.
The cause of this is that the Hyper-V is intended to run with VMM Library Server and to mount files from it, not any random share. To circumvent this:
- You need to assign full NTFS and share permissions to computer account of Hyper-V on a shared folder with ISO’s you want to mount.
- In AD on the computer account of Hyper-v machine delegate specific service ‘cifs’ to the machine you want your ISO’s mounted from, microsoft calls this constrained delegation.
Here is step by step procedure for the constrained delegation:
- Go to Active Directory Users and Computers
- Find the Hyper-V server computer account and open up its properties.
- Go to Delegation tab.
- Select Trust this computer for delegation to the specified services only radio button.
- Click the Add button.
- Click the Users or Computers… button.
- In the Add Services window, click Users or Computers and enter the computer account that will act as a library server and click OK.
- Select the cifs Service Type and click OK.
The resulting setup should look something like this:
You could reboot the Hyper-V server just for the good measure.