RDCMan v2.7 Unknown disconnection reason 3848

RDCMan-logo

Last week Microsoft released Remote Desktop Connection Manager version 2.7 (aka RDCMan).  It has some really cool features and supports Windows 8.1 and Windows Server 2012 R2.  This tool is essential if you run a lot of virtual machines.  One of the new features allows the ability to connect directly to virtual machines (called virtual machine connect-to-console support).  Configuring a connection for this new feature is rather easy once you have the ID of the virtual machine.  The following PowerShell command should do the trick:

get-vm VMName | Select Id

Once you have this information, enter it on the Server Settings tab like in the following screen shot:

RDCMan

The Server name field is the name or IP address of the Hyper-V host and not the VM.

Once you have this setup, you should be all set…that is unless you get the following error like I did (BTW – I am running Windows 8.1 Enterprise x64 on my laptop as my Hyper-V host):

RDCMan2

Disconnected from VMNAME (192.168.1.243)
[Unknown disconnection reason 3848]

The reason for the error appears to be that the Credential Security Service Provider (CredSSP) policy on the Hyper-V host is not enabled to authenticate user credentials from a remote location.  Setting the following registry keys fixed part of the problem for me.

#Disclaimer:
#Your use of these example scripts or cmdlets is at your sole risk. This information is provided “as-is”, without any warranty, whether express or implied, of accuracy,
#completeness, fitness for a particular purpose, title or non-infringement. I shall not be liable for any damages you may sustain by using these examples, whether direct,
#indirect, special, incidental or consequential.

New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowDefaultCredentials -Name Hyper-V -PropertyType String -Value "Microsoft Virtual Console Service/*" -Force
New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowDefaultCredentialsDomain -Name Hyper-V -PropertyType String -Value "Microsoft Virtual Console Service/*" -Force
New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentials -Name Hyper-V -PropertyType String -Value "Microsoft Virtual Console Service/*" -Force
New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentialsDomain -Name Hyper-V -PropertyType String -Value "Microsoft Virtual Console Service/*" -Force
New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentialsWhenNTLMOnly -Name Hyper-V -PropertyType String -Value "Microsoft Virtual Console Service/*" -Force
New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentialsWhenNTLMOnlyDomain -Name Hyper-V -PropertyType String -Value "Microsoft Virtual Console Service/*" -Force
New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowSavedCredentials -Name Hyper-V -PropertyType String -Value "Microsoft Virtual Console Service/*" -Force
New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowSavedCredentialsDomain -Name Hyper-V -PropertyType String -Value "Microsoft Virtual Console Service/*" -Force
New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowSavedCredentialsWhenNTLMOnly -Name Hyper-V -PropertyType String -Value "Microsoft Virtual Console Service/*" -Force

One other thing that I had to do in order to get this to work was to add my account into the local Hyper-V Administrators group on my Hyper-V host (even though my account was already a local administrator).  Now when you connect to a VM and you are prompted for credentials, use your credentials for the Hyper-V host for the initial prompt.  These credentials can also be saved on the RDCMan Server Properties under the Logon Credentials tab.  Once connected, that will bring you to the logon screen of the VM where the credentials for the VM are entered.

More information about the CredSSP policy issue, as well as alternate configurations (i.e. GPO), can be found in the following knowledge base article:

When I use the Virtual Machine Connection tool to connect to a virtual machine on a Windows Server 2008 Hyper-V-based computer I receive an error message: “A connection will not be made because credentials may not be sent to the remote computer”

Originally posted on https://miketerrill.net/

6 thoughts on “RDCMan v2.7 Unknown disconnection reason 3848

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s