- Open the Group Policy Management console and browse to the policy that manages User Rights
- Edit the policy to include "NT Virtual Machine\Virtual Machines" on the entries for Log on as a Service user right
- Initiate 'gpupdate /force' on the Hyper-V host to refresh policy.
You might be wondering why it took so long for this issue to occur. In our environment, the Windows Server 2012 hypervisor was performing flawlessly for several weeks prior to this incident. Here is an explanation from the Microsoft Support article:
"This issue occurs because the NT Virtual Machine\Virtual Machines special identity does not have the Log on as a Service right on the Hyper-V host computer. Usually, the Virtual Machine Management Service (VMMS) replaces this user permission at every Group Policy refresh to ensure it is always present. However, you may notice that Group Policy refresh does not function correctly in certain situations."