Introduction
Hyper-V, Microsoft’s native hypervisor, is a powerful tool for virtualization on Windows servers. It allows the creation and management of virtual machines (VMs), providing a robust environment for various applications. However, users may encounter issues, such as the ‘General access denied error’ (0x80070005), which occurs when attempting to open a virtual disk in a chain of differencing disks. This article provides a detailed guide on understanding and resolving this issue.
Understanding the Problem
The Error Message
The error message typically looks like this:
'General access denied error' (0x80070005) 'My-Server': Failed to open virtual disk 'C:\Users\Public\Documents\Hyper-V\Virtual hard disks\My-Server_3ED989D0-CD4B-4358-8123-A676727B9F2F.avhdx'.
A problem was encountered opening a virtual disk in the chain of differencing disks, 'IDE/ATAPI' (referenced by '0/0'): 'General access denied error' (0x80070005).
(Virtual machine ID 1185F165-D699-43C2-8959-249A35B072F7)This error indicates that the virtual machine is unable to access a virtual disk in the chain due to permission issues.
Root Cause
The core issue is related to access permissions. Hyper-V uses differencing disks (.avhdx files) to store changes made to the parent virtual hard disk (.vhdx). If the Hyper-V virtual machine lacks the necessary permissions to access these disks, the snapshot chain breaks, leading to the ‘General access denied error’.
Solution
Step-by-Step Guide
- Identify the Virtual Machine ID (VMID)
To resolve the issue, you first need the GUID (Globally Unique Identifier) of the virtual machine. Use the following PowerShell command to get the VMID:
Get-VM | Format-List VMName, VMIdThis command lists all virtual machines along with their VMIDs. Note down the VMID of the affected VM.
- Grant Permissions Using ICACLS
Use the ICACLS command to grant full access permissions to the VM. Replace<VMID>with your actual VMID, and<PathToDisk>with the path to each virtual disk involved.
icacls "C:\Users\Public\Documents\Hyper-V\Virtual hard disks\MyServer.vhdx" /grant "NT VIRTUAL MACHINE\<VMID>":(F)
icacls "C:\Users\Public\Documents\Hyper-V\Virtual hard disks\MyServer_A899DD5A-1D77-49A8-A577-66E3A7298DFF.avhdx" /grant "NT VIRTUAL MACHINE\<VMID>":(F)
icacls "C:\Users\Public\Documents\Hyper-V\Virtual hard disks\My-Server_3ED989D0-CD4B-4358-8123-A676727B9F2F.avhdx" /grant "NT VIRTUAL MACHINE\<VMID>":(F)These commands grant full control permissions to the virtual machine over the specified virtual disks.
- Verify Permissions
After running the ICACLS commands, verify that the permissions have been correctly applied. You can do this by checking the security properties of the files through Windows Explorer or using the ICACLS command to list current permissions. - Restart Hyper-V Services
Restart the Hyper-V services to ensure that the changes take effect. You can restart the services using the Services console (services.msc) or by using the following PowerShell commands:
Restart-Service -Name vmms
Restart-Service -Name nvspwmi- Power On the Virtual Machine
Try powering on the virtual machine again. If the permissions have been correctly set, the VM should start without encountering the ‘General access denied error’.
Conclusion
The ‘General access denied error’ (0x80070005) in Hyper-V can be a daunting issue, especially when it involves a broken snapshot chain. However, by understanding the root cause and systematically applying the right permissions using the ICACLS command, you can resolve this error efficiently. Always ensure that your virtual machine has the necessary access rights to its differencing disks to prevent such issues in the future.
