Hyper-V Virtual Machine Failed to Start after Copying VHD

On Windows Server 2008 R2 running Hyper-V, I copied a VHD to an external drive using Windows Explorer. After compacting the drive, I copied the VHD back to its original location and tried to start the virtual machine. I got a long message telling me that the virtual machine failed to start due to an access denied error.

The Message

Here are the important bits of the message, along with the corresponding event IDs in the Hyper-V-Worker Admin event log:

‘VM01’ failed to start.

Microsoft Emulated IDE Controller (Instance ID {…}): failed to Power on with Error ‘General access denied error’ (0x80070005). [Event ID 12010]

IDE/ATAPI Account does not have sufficient privilege to open attachment ‘D:\Virtual Machines\VM01\Virtual Hard Disks\DRIVE01.VHD’. Error: ‘General access denied error’ (0x80070005). [Event ID 12290]

‘VM01 failed to start. (Virtual machine ID 6B78D45F5-71DF-4725-B4B2-E651800BE80EF) [Event ID 12030]

Okay, so I understand that it can’t access the VHD file. But what is the “IDE/ATAPI Account”? I see no such account in the list of available users and groups when I try to modify the VHD file’s permissions using the GUI. What I do see, when I examine the permissions of a working VHD, is what looks like a GUID as a user name with Read and Write permissions:

Hyper-V VHD Permissions GUI

Virtual Machine SID

It turns out that the virtual machine’s unique identifier (SID) actually needs direct access to the file. The details are in this Microsoft knowledge base article:

Hyper-V virtual machines may not start, and you receive an error: “‘General access denied error’ (0x80070005)”
http://support.microsoft.com/kb/2249906

Update the Permissions

The solution is to give the SID Full control of the VHD using the command line.

Tip: Rather than type (or mistype) the SID by hand, cut and paste it from the event log message or from the XML file name in the Virtual Machines folder.

The command:

icacls <Path of .vhd file> /grant "NT VIRTUAL MACHINE\<Virtual Machine SID>":F

Note that there is no space before the :F. For example:

icacls "D:\Virtual Machines\VM01\Virtual Hard Disks\DRIVE01.VHD" /grant "NT VIRTUAL MACHINE\6B78D45F5-71DF-4725-B4B2-E651800BE80EF":F

Once that permission has been added, you should be able to start the virtual machine.

5 thoughts on “Hyper-V Virtual Machine Failed to Start after Copying VHD

  1. Hugo Grimes

    I’ve had similar problems and solved them just by reattaching the disk from the settings of the machine – that makes sure all the permissions are OK :)

  2. Jeroen Hems

    It is simpler indeed, but it’s so much cooler to use the old-fashioned command line :)

    I just ran into this, and not only do I now know how to do it the easy way, but I also know a bit more of Hyper-V’s inner workings as well.

    Thanx for the info!

  3. Mark Berry Post author

    Just hit this again, now under Server 2012 R2 with .vhdx files. I couldn’t re-attach the drives from the UI because I had Saved the state rather than shutting down. “Some settings cannot be modified because the virtual machine was saved when this window was opened.” Command line to the rescue again! And really, it only takes about a minute ;).

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.