Sunday, December 18, 2011

Annoying "You cannot access VMM management server scvmm.domain.local" 1604 error: "Contact the Virtual Machine Manager administrator to verify that your account is a member of a valid user role and then try the operation again."

Seen this before??

I just introduced SCVMM 2012 RC to my Hyper-V cluster lab environment. Set it up on a VM, it immediately saw my hosts, and I was able to manage VMs, fabrics, libraries, everything worked perfecly!

I then installed the VMM console on my PC, typed the VMM server FQDN and port, and used "current Microsoft Windows session identity" credentials.

Clicked connect and boom, got the above error window. The account I was currently logged on not only already was a member of the Administrator User Role, it's a bleedin' Domain Admin user. So I went to "Specify Credentials" and typed it myself again as per the instructions: contoso\domainuser. Same error. I poured all over the Internet checked potential domain credential issues, kerveros key status, potential SCP issues, ran queries on the VirtualManagerDB database, ran vmmtrace, you name it. Nothing worked.

Now I could very well fudge it and just work on the SCVMM virtual machine, but I just cannot let such things go, it would just kill me!!

Then I gave the Self-Service Portal a go (same account) and it popped up a message about the user not being a member of a self-service user profile type: "Unable to log on to the Self-Service Portal because the specified account is not a member of a self-service user role. Please try again using a self-service user account." Fair enough, I created the user role and tried again... same error message!

Then I remembered a silly bug with SCVMM 2008 and R2: if you typed the account as domain\username you got an error message, but if you just typed the account, no domain name it worked. You'd think after 3 editions of the product it would have been fixed... Tried it on the self service portal, and bingo!!

Tried it on the VMM console, bingo again!!

So there you have it: instead of typing domain\username and password, just type username and password.


  1. And still in the RTM version this bug exists. Problem is that users in a different domain than where the server lives cannot connect remotely!

  2. Jesus Christ, you'd think that after 4 years and 3 versions they'd get round to fixing it...

  3. Thanks..... Really annoying bug....

  4. Thank u for this "solution"


  5. Amazing. This just boggles my mind. Thanks for the blog post on this. Just saved me from beating my head against the wall about network connectivity problems.

  6. We are seeing 1604 errors too but they are intermittent and we don't know of the exact repro steps. My question to those who saw this is - was this intermittent to you? In other words when the error comes up, is it consistent and continually occuring on repeated attempts?

    Thanks Rags

  7. This is actually not a bug. This is because you installed the VMM software as the service account which you are using to run the service (in the documentation you are not supposed to use the service account for anything - including installation). If you re-install the product and use a different account to install SCVMM, it works fine. Keep in mind, try opening the Powershell console from within the console... it won't work, and you can't specify non-domain credentials to "fix" it.

    The only real "FIX" is to re-install the product using an account that is not the service account.

  8. This comment has been removed by a blog administrator.

  9. Matthew, I have temporarily removed your site link while I test your suggestion, although I am pretty sure that in the dozens of installations I've done since version 2007 came out, I should have used a different account at least once. Matter of fact I think I've always used the domain admin to install SCVMM and a different account for the service. But I'll test it nonetheless.

    Mind you though, that uninstalling and reinstalling anything cannot qualify as a "fix".

    Furthermore, as you can see here there is no mention that the service account should only be used to run the service. What it does mention is that the domain account should be made part of the Local Admins group. This grants the account full access to the machine, and installing any application should not pose a problem.

    Also, the PowerShell console opens fine from within the SCVMM console.

    This will remain a bug in my book, until proven otherwise

  10. Thanks! Saved me so much grief on this one!

  11. Thanks for the help, this bug still exists in SP1!

  12. The UI tells you to login with credentials formatted as DOMAIN\Username... This fix works perfectly (login with just Username), but why is this even a bug? If this is a "feature" as another anonymous comment suggested, why would they not update the UI to reflect this? Even a small warning would've been nice.

    Regardless, this is a great post and I am glad it helped me out!

  13. hahaha thanks a lot!!!!!!!!!!!!

  14. OMFG.... and it actually even asks for a domain\username in the GUI.

  15. Saved me hours of research! Thanks

  16. Thank-you for this !!! Saved me from going completely stir crazy!

  17. It worked on a fresh install of Windows System Center 2012 R2 VMM , I couldn't log in and tried your method and voila it works ! ! !

  18. Thank you. This has saved a lot of frustration. Although I still have a fair bit as I cant get the install to work on a machine that has had an older VMM console installed on it. I have even uninstalled the old version but the 2012 install says there are still VMM components installed and only allows you to remove components !!

  19. Hi mate - you wrote this article three years ago and it is STILL helpful to this day. I've wasted a day trying to log into a demo VMM environment and your solution finally got me in.
    This is a truly RIDICULOUS bug to contend with.
    Thanks for posting!

  20. haha!! This has just got me too and my environment is running SCVMM 2012 R2. admittedly I've not ran any updates as it's a lab env but still....

    Many Thanks!!! :)

  21. Waned to throw in my 2 cents for my experience.

    We had some difficulties getting SCVMM 2012R2 UR5 installed. During this the local service would not start, so *someone* changed it to run as SYSTEM rather than our domain Service account. Once we had UR5 installed, we saw this issue; it would accept UserId but not Domain\UserId.

    When I was reading through the comments the one suggestion of reinstalling was submitted as a "fix". That got me thinking...during the install you specify the service account for it to use. Not only does VMM set the local service to run with this account, it also makes it the database owner. If you're unsure what account you used originally, open SQL Management Studio, Expand to your SCVMM database> Security> Users and open up the user "VMMServer". There you should see the account you originally specified VMM to use as the service account during the installation.

    Stepping back, once we corrected the local scvmmservice to run as our domain account we originally used, all was well! AdminConsole Login, Powershell, AzurePack; everything! Hopefully this helps out others and was not completely specific to my instance.


Total Pageviews


Search This Blog

Popular Posts