Hello guys,

I wanted to ask if any of you actually had similar problem, and found a way to make things work correctly.

We have a few Hyper-V hypervisors installed on Windows Server 2016, and we wanted to give our testers/devs permissions to manage VMs inside them BUT NOT the Hyper-V settings or the host itself. Role-based access control came to help, with WAC Hyper-V Administrators group.  Everything works fine except the "Connect" button in the Virtual Machines Inventory. Every time we get the same error - Remote desktop connections are not allowed to this computer.

To give you a few more details:

-Hyper-V hosts allow remote desktop connections (tried with GPO, as well as manual setup)

-User cannot connect to the host through Hyper-V Manager console (access denied).

-User can use RDP directly to the host and virtual machine without any problems.

-User can download .RDP file through WAC, and he would connect to the virtual machine correctly.

-When granted local administrator privileges on the Hyper-V host, user can miraculously use "Connect" button without any problems.

Quick edit: Tested with WAC 1809, 1809.5 and 1812 preview - result are always the same.

We have tried a lot of different set of permissions, and built-in group membership with no success.

User can be a member of Hyper-V Administrators, WAC Hyper-V Administrators, Remote Desktop Users, we can grant him access to virtual machine with Grant-VMConnectAccess, and he would still not be able to use VMConnect feature through WAC.

I would love to get some hints from you all, as I have no idea what else can I do in this situation.

Feel free to ask for any more details.

Thank you,

Sebastian