March 2, 2012

Win8: Could not find usable certificate. Error: Element not found. 0x80070490

Problem


When trying to start Hyper-V virtual machine in Windows 8 CP, you get error

Could not find usable certificate. Error: Element not found. 0x80070490.

Thoughts


Restarting Windows doesn't help.

Solution


Check that your Hyper-V VMM service has generated a self-signed certificate required to run virtual machines.

Steps (from KB967902):
  1. Click Start , click Run, type mmc, and then click OK.
  2. On the File menu, click Add/Remove Snap-in.
  3. Click Certificates , and then click Add.
  4. Click Service account , and then click Next.
  5. Click Local Computer , and then click Next.
  6. Click Hyper-V Virtual Machine Management , and then click Finish.
  7. Click OK to close the Add/Remove Snap-in window.
  8. SEE BELOW! Expand Certificates - Service , expand vmms\Personal, and then click Certificates.
  9. SEE BELOW! Double-click the VMM Service certificate, and you should be able to view it's properties, such as expiration date.
If you don't see the Certificates folder under vmms\Personal, you don't have the required certificate.

Creating the missing certificate is easy:

  1. Open Hyper-V Manager
  2. Right click on the name of your local Hyper-V host machine
  3. Select Stop Service, then Turn Off
  4. Right click on the name of your local Hyper-V host machine
  5. Select Start Service
  6. Refresh the Certificate MMC window you hopefully still have open, and you will see the new certificate under vmms\Personal\Certificates, and you're good to go for the next 1000(!) years.

8 comments:

  1. I've got extactly this error, however nothing I do seems to cause it to re-recreate the certificate. So there may be another step required under some circumstances (??).

    ReplyDelete
  2. Please try removing and re-adding the Hyper-V role in Win8.

    ReplyDelete
  3. Thanks for the suggestion! Obvious, and I overlooked it.

    By removing and re-adding the role, I assume you mean go to windows features -> deselect the complete Hyper-V node in the feature list, reboot, select the feature node, reboot, and try running the VM again.

    This did not help either, unfortunatley. The cert never shows up in the cert store that is detailed in the KB article, and I get the same error starting.

    ReplyDelete
  4. Yes, that's what I meant. Double check that you're looking at the right Certificate location. When adding the the snap in, make sure you selected service account. Other than that I can't think of more suggestions, as this was new area for me as well. Will post suggestions if I come to think of any later.

    ReplyDelete
  5. Thanks!

    I've done it twice now (the mmc plug in) so I'm sure I've gotten the service account setting correct.

    I have a complete backup now (I think), so I might blow it away and try a fresh install and see if that fixes thing.

    ReplyDelete
  6. I've followed all the suggestions, including deleting the hyper-v role and I don't get the certificate either

    ReplyDelete
  7. same here. certificate never appears in the vmms personal certificate store even after restarting the service and removing (and re-adding) the Hyper-V role for the Win 8 machine. I have UAC turned off - does this matter?

    ReplyDelete
  8. If you cannot get the certificate to regenerate, check the following registry key:

    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Virtualization"

    If "DisableSelfSignedCertificateGeneration" exists and is set to 1, you need to delete it or change it to 0 and then you should be able to re-create the certificate. This was tested on Server 2012 R2.

    ReplyDelete