Cry about...
Windows Hyper-V-Server
Virtual machine fails to start with General access denied error / Account does not have sufficient privilege to open attachment
When trying to start a virtual machine for the first time after copying (or replacing) its virtual hard drive file (.vhd or .vhdx) the virtual machine fails to start with the following error:
(x) An error occurred while attempting to start the selected virtual machine(s).
'PC-Name; failed to start.
Microsoft Emulated IDE Controller (Instance ID XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX): Failed to Power on with Error 'General access denied error'.
IDE/ATAPI Account does not have sufficient privilege to open attachment 'E:\Hyper-V\PC-Name\Virtual Hard Disks\MyVHD.vhdx'. Error: 'General access denied error'.
Where 'PC-Name' is the name of the virtual PC, the instance ID will be a unique series of letters and MyVHDX.vhdx will be the name (and path) of your own virtual hard drive file.
Causes
Each virtual machine is started using a virtual machine account. The virtual machine account needs read and write access to the .vhd/.vhdx file, but if the file has just been copied from somewhere then it most likely lacks the necessary file permissions.
Remedy
- If you don't already have the Hyper-V Manager error dialog open ("An error occurred while attempting to start the selected virtual machine(s) ...") then try to start the virtual machine now. You need the error open.
- Click "See details". This will show additional details, and
will look something like:
'PC-Name' failed to start. (Virtual machine ID B9C4F7D4-0009-4BE2-90FB-9D60B1A06BDD)
'PC-Name' Microsoft Emulated IDE Controller (Instance ID XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX): Failed to Power on with Error 'General access denied error' (0x80070005). (Virtual machine ID B9C4F7D4-0009-4BE2-90FB-9D60B1A06BDD)
'PC-Name': IDE/ATAPI Account does not have sufficient privilege to open attachment 'E:\Hyper-V\PC-Name\Virtual Hard Disks\MyVHD.vhdx'. Error: 'General access denied error' (0x80070005). (Virtual machine ID B9C4F7D4-0009-4BE2-90FB-9D60B1A06BDD)
'PC-Name': Hyper-V Virtual Machine Management service Account does not have sufficient privolege to open attachment 'E:\Hyper-V\PC-Name\Virtual Hard Disks\MyVHD.vhdx'. Error: 'General access denied error' (0x80070005). (Virtual machine ID B9C4F7D4-0009-4BE2-90FB-9D60B1A06BDD)
Where PC-Name will be the name of your virtual PC. The long sequence of letters and numbers (in my case above "B9C4F7D4-0009-4BE2-90FB-9D60B1A06BDD") is the Virtual Machine ID. This number is significant and you need it to fix the problem.
- On the host server open an elevated command prompt.
- Enter the following:
icacls "full-path-to-vhd-or-vhdx-file" /grant "NT VIRTUAL MACHINE\Virtual-Machine-ID":(F)
substituting the path to the vhd/vhdx file - you can obtain this from the original error message, and the Virtual-Machine-ID that you obtained from the "See details" part of the error.
So the line for me was:
icacls "E:\Hyper-V\PC-Name\Virtual Hard Disks\MyVHD.vhdx" /grant "NT VIRTUAL MACHINE\B9C4F7D4-0009-4BE2-90FB-9D60B1A06BDD":(F)
But the path and Virtual Machine ID will be different to mine.
If you get the message "Failed processing 1 files" then check the virtual machine ID.
- Now try to start the virtual machine. The error should no longer be present.
About the author: Brian Cryer is a dedicated software developer and webmaster. For his day job he develops websites and desktop applications as well as providing IT services. He moonlights as a technical author and consultant.