I wanted to ask if any of you actually had similar problem, and found a way to make things work correctly.
We have a few Hyper-V hypervisors installed on Windows Server 2016, and we wanted to give our testers/devs permissions to manage VMs inside them BUT NOT the Hyper-V settings or the host itself. Role-based access control came to help, with WAC Hyper-V Administrators group. Everything works fine except the "Connect" button in the Virtual Machines Inventory. Every time we get the same error - Remote desktop connections are not allowed to this computer.
To give you a few more details:
-Hyper-V hosts allow remote desktop connections (tried with GPO, as well as manual setup)
-User cannot connect to the host through Hyper-V Manager console (access denied).
-User can use RDP directly to the host and virtual machine without any problems.
-User can download .RDP file through WAC, and he would connect to the virtual machine correctly.
-When granted local administrator privileges on the Hyper-V host, user can miraculously use "Connect" button without any problems.
Quick edit: Tested with WAC 1809, 1809.5 and 1812 preview - result are always the same.
We have tried a lot of different set of permissions, and built-in group membership with no success.
User can be a member of Hyper-V Administrators, WAC Hyper-V Administrators, Remote Desktop Users, we can grant him access to virtual machine with Grant-VMConnectAccess, and he would still not be able to use VMConnect feature through WAC.
I would love to get some hints from you all, as I have no idea what else can I do in this situation.