Saturday, May 15, 2010

Virtual Machine Folder ACL access denied

I upgraded a Windows 2008 Hyper-V server to R2 and one of the virtual machine failed to start with error “Account does not have sufficient priviledge to open attachment “<Virtual machine file>” (0x80070005). (Virtual machine ID <GUID>)”.

Hyper-V could not read the virtual machine files due to ACL issues. Added SYSTEM account, etc does not work as Hyper-V has it’s own Service SID “NT VIRTUAL MACHINE”

To resolve this, try the follow:

  • Open the directory that stores your virtual machine
  • Open the “Virtual Machines” subdirectory under your virtual machine directory
  • Record the GUID as per the file name of the .xml file in this directory
  • Run icacls “<virtualmachinefolder>” /grant “NT VIRTUAL MACHINE\<virtualmachineguid>”:F /T