For my customer I had to set up the VMM Delegated Administrator role for their Tenant Operations team in order to gain ‘connect to console’ functionality (without providing too much additional rights in the VMM console).
Setting up delegated user roles is in fact very easy to follow: https://technet.microsoft.com/en-us/library/gg696971.aspx
Trying this out in the QA environment went real smooth, so I rerun the same actions on the Production environment,
tested it out and things looked fine … until I had to perform the demo …
During the demo I could log into the VMM cluster and launch the VMM console, only it seemed to fail on the part that was of interest;
the VM console access.
I received errors that claimed I did not have sufficient rights to perform that action and no further clues were to be found in VMM or in the server logs ….
Back on Monday with fresh pair of brains, I thought about fixing it with mighty PowerShell.
Running the get-help *connect* led me to the following command: Grant-VMconnectAccess
As I already had setup a security group called ‘CS-WS-Role-VMM_Console_Access’ I just needed to run the following command on the hyper-V host holding the tenants to enable it on ALL deployed VMs:
Grant-VMconnectAccess –Vmname * -username “CS-WS-Role-VMM_Console_Access” -verbose
(I added the -verbose parameter so that I could see on what objects it was applied)
Rerunning the connect to console seemed to work fine from here on 🙂