Last week Microsoft released Remote Desktop Connection Manager version 2.7 (aka RDCMan). It has some really cool features and supports Windows 8.1 and Windows Server 2012 R2. This tool is essential if you run a lot of virtual machines. One of the new features allows the ability to connect directly to virtual machines (called virtual machine connect-to-console support). Configuring a connection for this new feature is rather easy once you have the ID of the virtual machine. The following PowerShell command should do the trick:
get-vm VMName | Select Id
Once you have this information, enter it on the Server Settings tab like in the following screen shot:
The Server name field is the name or IP address of the Hyper-V host and not the VM.
Once you have this setup, you should be all set…that is unless you get the following error like I did (BTW – I am running Windows 8.1 Enterprise x64 on my laptop as my Hyper-V host):
Disconnected from VMNAME (192.168.1.243)
[Unknown disconnection reason 3848]
The reason for the error appears to be that the Credential Security Service Provider (CredSSP) policy on the Hyper-V host is not enabled to authenticate user credentials from a remote location. Setting the following registry keys fixed part of the problem for me.
#Disclaimer: #Your use of these example scripts or cmdlets is at your sole risk. This information is provided “as-is”, without any warranty, whether express or implied, of accuracy, #completeness, fitness for a particular purpose, title or non-infringement. I shall not be liable for any damages you may sustain by using these examples, whether direct, #indirect, special, incidental or consequential. New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowDefaultCredentials -Name Hyper-V -PropertyType String -Value "Microsoft Virtual Console Service/*" -Force New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowDefaultCredentialsDomain -Name Hyper-V -PropertyType String -Value "Microsoft Virtual Console Service/*" -Force New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentials -Name Hyper-V -PropertyType String -Value "Microsoft Virtual Console Service/*" -Force New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentialsDomain -Name Hyper-V -PropertyType String -Value "Microsoft Virtual Console Service/*" -Force New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentialsWhenNTLMOnly -Name Hyper-V -PropertyType String -Value "Microsoft Virtual Console Service/*" -Force New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentialsWhenNTLMOnlyDomain -Name Hyper-V -PropertyType String -Value "Microsoft Virtual Console Service/*" -Force New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowSavedCredentials -Name Hyper-V -PropertyType String -Value "Microsoft Virtual Console Service/*" -Force New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowSavedCredentialsDomain -Name Hyper-V -PropertyType String -Value "Microsoft Virtual Console Service/*" -Force New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowSavedCredentialsWhenNTLMOnly -Name Hyper-V -PropertyType String -Value "Microsoft Virtual Console Service/*" -Force
One other thing that I had to do in order to get this to work was to add my account into the local Hyper-V Administrators group on my Hyper-V host (even though my account was already a local administrator). Now when you connect to a VM and you are prompted for credentials, use your credentials for the Hyper-V host for the initial prompt. These credentials can also be saved on the RDCMan Server Properties under the Logon Credentials tab. Once connected, that will bring you to the logon screen of the VM where the credentials for the VM are entered.
More information about the CredSSP policy issue, as well as alternate configurations (i.e. GPO), can be found in the following knowledge base article:
Originally posted on https://miketerrill.net/
Thanks Man, your Registry Keys are the only ones that actually resolve this problem.
Really appreciate
Hi Alessandro, I am glad it worked for you. Thanks for your kind words!
-Mike
HI Alessandro,
I am getting the 3848 error as you describe but the solutions you suggested doesn’t seem to work. Do you have any other suggestions?
Frank
Thanks Mike, you are a legend! I am now able to connect to my local VM’s in one place.
Thanks a lot. Work perfectly on my desktop for my labs.
Thanks for this – work perfectly for me.
could you please tell me what is the reason for this.
Unknown disconnection reason 3335.
Sorry – not sure.
Quick question : the registry entries are required on the client or on the server side ?
Client side.
Pingback: RDC Manager on reset Surface Pro 4 disconnection reason 3848 when connecting to Hyper-V virtual machine - Windows Overflow
After I did the registry now I am getting code 3079, Do you know how to fix this code?
Sorry – no clue on that one. However, if you do figure it out, post a comment back and let me know.
weird, but probably just my weird setup. I followed these steps and it works for one of the guest VM’s running Windows 10. But the other VM guests, running Windows 10, 11, and Windows Server 2022 it just keeps prompting for the username/password and saying it’s invalid. The guests are all in the same AD domain, and the same creds work from the Hyper-V console. Not sure why it works on some and not others.
In my scenario I was able to narrow it down to just these two keys:
AllowFreshCredentials
AllowFreshCredentialsWhenNTLMOnly