An Error Occurred While Attempting To Start The Selected Virtual Machine ‘General Access Denied Error’ #HyperV

5 min read

Hello folks,

The other day, I upgraded my Hyper-V host with the fastest Solid State Drive in the market right now.

It’s quite expensive, but it deserve the performance.

Sequential Read: 550 MB/s.
Sequential Write: 550 MB/s.
Random Read: 100,000 IOPS.
Random Write: 90,000 IOPS.

Now before I replaced the disk, I copied all my Virtual Machines to a safe location, I replaced the disk and then restore all the Virtual Machines back.

When I attempt to start one of the Virtual Machine…

Sorry!

Start-VM-GeneralAccessDenied-01

The error message indicates clearly that Hyper-V does not have enough permissions to access the virtual hard drive. The problem is because I copied all my VMs from one drive to an external drive. Therefore the virtual Machine SID of the virtual hard disk is missing.

Start-VM-GeneralAccessDenied-02

A while ago I came across a similar issue here An Attempt to initialize VM saved state failed – Could Not Create or Access Saved State File.

The most common solution is to simply go to the security tab for each Virtual Hard Disk and add the account. Set the permissions (Read/Write). However there is a lot of room for error on this approach, so it is not my favorite. There is always the possibility you missed a setting and something might not work as intended.

The second option is to use icacls as documented in the following KB article.

The third and my favorite option is to Use Hyper-V manager to remove the disk from the Virtual Machine and then go back in and add it again.

Start-VM-GeneralAccessDenied-03

Because every time you add a virtual hard disk, Hyper-V will give that Virtual Machine account the required permissions to the virtual hard disks.

Start-VM-GeneralAccessDenied-04

Now this works great if you have couples of Virtual Machines, but what about if you have dozens of VMs, and each VM with several virtual hard disks.

Start-VM-GeneralAccessDenied-05

PowerShell to the rescue again!

For that reason, I wrote a script that would allow you to specify a single virtual machine or a Hyper-V host, and the script would:

1. Turn Off the VM if it’s running (most of time the VM is in offline state because of the missing permission, but there are certain scenarios where the VM is in Saved State, you need to force shut down).
2. Remove any VHD/X files attached to any of the VM’s controllers with missing Virtual Machine Id permission.
3. Check if the VM is using Shared VHD/X.
4. Attach the VHD/X files back to the same controllers and locations in the VM settings.
5. Start the virtual machine.

<#
 	.SYNOPSIS
	Reset Virtual Hard Disk Permission Tool.

	.DESCRIPTION
	Reset Virtual Hard Disk Permission for a single or all Virtual Machines.

	.NOTES
	========================================================================
	File Name    : Reset-VHDPermission.ps1
	Author       : Charbel Nemnom
	Version      : 1.0
	Date created : 23.June.2015
	Last modified: 26.June.2015
	Requires     : PowerShell Version 4.0 or above
	OS           : WS 2012, WS 2012 R2, WS 2016 Hyper-V TP2
	Module       : Hyper-V-PowerShell
	=========================================================================

	.LINK
	To provide feedback or for further assistance please visit:
	https://charbelnemnom.com

	.EXAMPLE
	.\Reset-VHDPermission.ps1 -VMName <VMName>
	This example will reset the selected VM by turnig Off the VM if it is in Saved State,
    Then remove any VHD/X files attached to any of the VM controllers,
    Check if the VM is using Shared VHDX, then attach the VHD/X files back
    To the same controllers and locations, and finally start the virtual machine.
    
    .EXAMPLE
	.\Reset-VHDPermission.ps1 -HVHost <Hyper-V Host>
	This example will reset all Virtual Machines by turnig Off the VM if it is in Saved State,
    Then remove any VHD/X files attached to any of the VM’s controllers,
    Check if the VM is using Shared VHDX, then attach the VHD/X files back
    To the same controllers and locations, and finally start the virtual machine.    
#>

[CmdletBinding ()]
Param (
	[Parameter(Mandatory = $true, HelpMessage = 'Virtual Machine Name', ParameterSetName = "VM")]
	[String]$VMName,
	
	[Parameter(Mandatory = $true, HelpMessage = 'Hyper-V Host', ParameterSetName = "Host")]
	[String]$HVHost
	
)


Function VirtualMachine
{
	$VM = Get-VM $VMName
	
	$VMStatus = $VM.State
	[string]$VMid = $VM.VMid
	
	if ($VMStatus -eq "Saved")
	{
		# Turn Off the VM if it is in Saved State and wait 5 seconds
		Write-Output "Turn Off $VMName Virtual Machine"
		Stop-VM $VMName -Force -TurnOff
		Sleep 5
	}
	
	# Get all the disks in the VM
	$AllVHD = Get-VMHardDiskDrive $VMName
	if ($AllVHD -eq $NULL)
	{
		Write-Output "There are no virtual hard disks attached to the VM"
		Break
	}
	foreach ($VHD in $AllVHD)
	{
		# Get the VM VHD details
		[string]$VHDXFile = Get-Item $VHD.Path
		[string]$ControllerType = $VHD.ControllerType
		[string]$ControllerNumber = $VHD.ControllerNumber
		[string]$ControllerLocation = $VHD.ControllerLocation
		[string]$SharedVHDX = $VHD.SupportPersistentReservations
		
		[string]$objACL = @((get-acl -Path $VHD.Path).Access | Select-Object -ExpandProperty IdentityReference)
		If ($objACL -notmatch $VMid)
		{
			# Remove the VHD(x)
			Write-Output "Removing $VHDXFile from $VMName Virtual Machine"
			Remove-VMHardDiskDrive $VHD
			Sleep 3
			
			# Attach the VHD/X files back to the same controllers and locations
			Write-Output "Adding $VHDXFile to $VMName  Virtual Machine"
			If ($SharedVHDX -eq $true)
			{
				Add-VMHardDiskDrive -VMName $VMName -Path $VHDXFile -ControllerType $ControllerType -ControllerNumber $ControllerNumber -ControllerLocation $ControllerLocation -SupportPersistentReservations
			}
			Else
			{
				Add-VMHardDiskDrive -VMName $VMName -Path $VHDXFile -ControllerType $ControllerType -ControllerNumber $ControllerNumber -ControllerLocation $ControllerLocation
			}
			Sleep 3
			
		}
		
	}
	
	# Start the VM
	Write-Output "Starting $VMName Virtual Machine"
	Start-VM $VMName
	Write-Output "Reset VHD Permission of $VMName has completed"
	
}

Function HyperV-Host
{
	$VMs = Get-VM -ComputerName $HVHost
	
	foreach ($VM in $VMs)
	{
		$VMStatus = $VM.State
		$VMName = $VM.Name
		[string]$VMid = $VM.VMid
		
		if ($VMStatus -eq "Saved")
		{
			# Turn Off the VM if it is in Saved State and wait 5 seconds
			Write-Output "Turn Off $VMName Virtual Machine"
			Stop-VM $VMName -Force -TurnOff
			Sleep 5
		}
		
		# Get all the disks in the VM
		$AllVHD = Get-VMHardDiskDrive $VMName
		if ($AllVHD -eq $NULL)
		{
			Write-Output "There are no virtual hard disks attached to the VM $VMName"
			Break
		}
		foreach ($VHD in $AllVHD)
		{
			# Get the VM VHD details
			[string]$VHDXFile = Get-Item $VHD.Path
			[string]$ControllerType = $VHD.ControllerType
			[string]$ControllerNumber = $VHD.ControllerNumber
			[string]$ControllerLocation = $VHD.ControllerLocation
			[string]$SharedVHDX = $VHD.SupportPersistentReservations
			
			[string]$objACL = @((get-acl -Path $VHD.Path).Access | Select-Object -ExpandProperty IdentityReference)
			If ($objACL -notmatch $VMid)
			{
				# Remove the VHD(x)
				Write-Output "Removing $VHDXFile from $VMName Virtual Machine"
				Remove-VMHardDiskDrive $VHD
				Sleep 3
				
				# Attach the VHD/X files back to the same controllers and locations
				Write-Output "Adding $VHDXFile to $VMName  Virtual Machine"
				If ($SharedVHDX -eq $true)
				{
					Add-VMHardDiskDrive -VMName $VMName -Path $VHDXFile -ControllerType $ControllerType -ControllerNumber $ControllerNumber -ControllerLocation $ControllerLocation -SupportPersistentReservations
				}
				Else
				{
					Add-VMHardDiskDrive -VMName $VMName -Path $VHDXFile -ControllerType $ControllerType -ControllerNumber $ControllerNumber -ControllerLocation $ControllerLocation
				}
				Sleep 3
				
				
			}
			# Start the VM
			Write-Output "Starting $VMName Virtual Machine"
			Start-VM $VMName
			Write-Output "Reset VHD Permission of $VMName has completed"
		}
		
	}
	
}


Switch ($PSCmdlet.ParameterSetName)
{
	"VM" { VirtualMachine }
	"Host" { HyperV-Host }
}

Start-VM-GeneralAccessDenied-06

Hope this helps!

Enjoy your weekend…

Cheers,
/Charbel

About Charbel Nemnom 579 Articles
Charbel Nemnom is a Cloud Architect, Swiss Certified ICT Security Expert, Microsoft Most Valuable Professional (MVP), and Microsoft Certified Trainer (MCT), totally fan of the latest's IT platform solutions, accomplished hands-on technical professional with over 17 years of broad IT Infrastructure experience serving on and guiding technical teams to optimize the performance of mission-critical enterprise systems. Excellent communicator is adept at identifying business needs and bridging the gap between functional groups and technology to foster targeted and innovative IT project development. Well respected by peers through demonstrating passion for technology and performance improvement. Extensive practical knowledge of complex systems builds, network design, business continuity, and cloud security.

Be the first to comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.