Tags

, , , , ,

Hello Everyone,

My CRM servers are distributed to 3 VM’s: Web, App and DB individually. All these 3 VM’s are hosted on a single host machine. Till last night everything was working fine. Until due to a power trip early morning, the host machine had to shutdown unexpectedly. My CRM was down! Even restarting the host machine didn’t work. 😦

I then logged into the machine only to find that my Web Server VM was off/not connected. I tried to start it but failed with the below error:

An error occurred while attempting to start the selected virtual machine(s).” 😮

For a moment I froze; but went on to read the complete detail error list.

Account does not have permission to open attachment <vhdx file path>. Error: ‘General access denied error’ (0x80070005)

<VM> failed to start. <Virtual machine ID>

Cause:

The issue occurs if the permission on the virtual hard disk (.vhd) file or the snapshot file (.avhd) are incorrect.

Every Hyper-V virtual machines has a unique Virtual Machine ID (SID). If the Virtual Machine SID is missing from the security permissions on the .vhd or .avhd file, the virtual machine does not start, and you receive the “‘General access denied error’ (0x80070005)”

I opened the Security permission of both the working and non-working vms. Noticed that SID is missing in the security permissions on the .vhd file

Meaning, the SID is missing the rights and hence must be granted the full control permission to their relative VM to operate.

Resolution:

  1. Get the Virtual Machine ID. It is there in the error details already. However, I needed to double confirm.
  • Open Powershell.
  • Use the cmdlet GET-VM to find any virtual machine ID
  • Get-VM ‘Dynamics365-Web’ | Select-Object VMID

 I confirmed the SID for both my App and Web VM’s

2. Use the following icacls command to give the Virtual Machine ID access to the related .vhd or .avhd

Syntax:

icacls <path of .vhd or .avhd file> /grant ‘Virtual Machine ID’:F

If the output is : Successfully processed 1 files; failed processing 0 files.

Means the SID is added to the security permission with read/write to the mentioned .vhd file

3. Start the Virtual Machine. (fingers crossed)

Yes, the VM started back. 🙂

A support article from Microsoft can be found here for reference.

Hope this was helpful to someone. Thanks !