How to configure virt-who service to communicate with Hyper-V

Solution Verified - Updated 2 Aug 2024

Environment

virt-who
Hyper-V

Issue

Virtual machines are hosted on Hyper-V hypervisor and virt-who service needs to be configured to perform hosts-to-guests mapping.

Resolution

In /etc/sysconfig/virt-who make sure the following values are defined:

# Enable hyperv mode
VIRTWHO_HYPERV=1

An alternative is to configure a file in /etc/virt-who.d directory:

[hyperv]
type=hyperv
# The value under "org ID" as provided by "subscription-manager identity" command
owner=<org ID>
server=hyperv.domain.com
username=administrator
password=
env=Library
hypervisor_id=hostname

Configuring virt-who using /etc/virt-who.d files has an advantage as it is possible to configure virt-who to report using hypervisor hostname instead of its UUID (hypervisor_id=hostname). Moreover, it is possible to use encrypted password:
How to configure virt-who with encrypted password?

Additional settings are required on the Hyper-V server:

Windows Remote Management must be enabled and HTTP or HTTPS listener must be running
Firewall must allow Remote Administration
Unencrypted connection must be enabled for HTTP (not required for HTTPS)
Only Basic and NTLM authentication methods are supported
Use "Administrator" account in virt-who. If for security concerns "Administrator" account cannot be used to authenticate to Hyper-V, then it is necessary to create an additional user and assign the user to the following groups (Windows 2012 Server): "Hyper-V Administrators" and "Remote Management Users"

These settings can be checked by running the following command (use "cmd" and not PowerShell):

C:\Users\administrator.ONE>winrm get winrm/config/service
Service
    RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
    MaxConcurrentOperations = 4294967295
    MaxConcurrentOperationsPerUser = 1500
    EnumerationTimeoutms = 240000
    MaxConnections = 300
    MaxPacketRetrievalTimeSeconds = 120
    AllowUnencrypted = true                   <---------- virt-who required
    Auth
        Basic = true                          <---------- virt-who required
        Kerberos = true
        Negotiate = true
        Certificate = false
        CredSSP = false
        CbtHardeningLevel = Relaxed
    DefaultPorts
        HTTP = 5985                          <----- virt-who uses this  port
        HTTPS = 5986
    IPv4Filter = *
    IPv6Filter = *
    EnableCompatibilityHttpListener = true
    EnableCompatibilityHttpsListener = false
    CertificateThumbprint
    AllowRemoteAccess = true                 <---------- virt-who required
    AllowRemoteAccess = true

Enable Windows Remote Management:

C:\> winrm quickconfig

Check if HTTP/HTTPS listener is running:

C:\> winrm enumerate winrm/config/listener

Enable unencrypted connection for HTTP:

C:\> winrm set winrm/config/service @{AllowUnencrypted="true"}

Enable Basic authentication mode:

C:\> winrm set winrm/config/service/auth @{Basic="true"}

Note that on Windows Server 2012 R2, the @{} part should be protected by single quotes:

C:\> winrm set winrm/config/service '@{AllowUnencrypted="true"}'
C:\> winrm set winrm/config/service/auth '@{Basic="true"}'

For more KB articles/solutions related to Virt-who and Virtual Datacenter (VDC) Subscriptions Issues, please refer to the Consolidated Troubleshooting Article for Virt-who and Virtual Datacenter (VDC) Subscriptions Issues

SBR

SysMgmt

Product(s)

Red Hat Enterprise Linux

Components

virt-who

Category

Configure

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.