Connecting a SIRIS to a Hyper-V Hypervisor / Virtualization Offload to a Hyper-V Host



This article describes the process for connecting a SIRIS to a Hyper-V hypervisor. These instructions apply to virtual and physical SIRIS appliances.

For vSphere instructions, see Connecting A SIRIS To A VMware Hypervisor.


  • Datto SIRIS
  • Microsoft Hyper-V
  • Windows Server 2012R2
  • Windows Server 2016



Datto SIRIS appliances can establish connections to Hyper-V environments for the purpose of offloading screenshot and disaster recovery virtualizations to the hypervisor. This allows the virtualizations to take advantage of the expanded system resources available on the Hyper-V host, delivering increased virtual machine performance, while decreasing overhead on your Datto appliance.

Hyper-V connections cannot be used for agentless backups. Support for agentless pairings is limited to VMware environments only.

Technical Notes

  • Hyper-V integration is currently supported on Windows Server 2012R2 and Windows Server 2016.
  • SIRIS Hyper-V virtualizations are Hyper-V Generation 1 virtual machines.
  • SIRIS shares out backup images for Hyper-V restores via iSCSI.
  • Datto appliances do not currently support Hyper-V Shared Live Migration.
  • iSCSI targets containing underscores (such as datto_device) are not supported.
  • Virtualizations and screenshots offloaded to Hyper-V rely on virtual IDE controllers. This limits virtualizations to a maximum of the boot volume and three attached disks.
  • To prevent connections between your Datto appliance and the target hypervisor from being blocked, create any necessary network exceptions in your antivirus and firewall solutions before attempting this procedure.
  • If your hypervisor is using Webroot anti-malware software, you will also need to create an exception for %systemroot%\Windows\winexesvc.exe to prevent connections between the SIRIS and the protected system from being blocked.

Configuring Hyper-V

Depending on the configuration of your Hyper-V host, you may need to make the following changes to allow your SIRIS to connect to the hypervisor. Run the commands shown directly on the host.

NOTE: Setting up and configuring Hyper-V requires local administration rights. To set up Hyper-V as a domain account, follow this procedure, simulating local admin permissions. 

1. From an elevated Command Prompt session, run the winrm quickconfig command to enable remote management.

Figure 1: Enabling remote management

2. Enable basic authentication: winrm set winrm/config/service/auth @{Basic="true"}

Figure 2: Enabling basic authentication

3. Enable transfer of unencrypted data on the WinRM service:

Enabling this feature will allow transmission of authentication information over HTTP.

winrm set winrm/config/service @{AllowUnencrypted="true"}

Figure 3: Enabling unencrypted data transfer

4. Create a new Inbound rule to allow TCP ports 139, 445, 5985, 5986, and 3260 through the Windows Firewall. These ports are for Samba, WinRM and iSCSI.

5. Launch the Windows Firewall with Advanced Security control panel, and select Inbound Rules  → New Rule. In the New Inbound Rule Wizard, select Port, and click Next, as shown in Figure 4.

Figure 4: New Inbound Rule Wizard

6. Select TCP, and then select Specific local ports. Specify ports 13944559855986, and 3260 for the forwarding rule, and click Next.

Figure 5: Configuring ports

7. Select Allow the connection on the Action tab, and click Next.

Figure 6: Allow the connection

8 Select Domain, Private, and Public on the Profile tab, and click Next.

Figure 7: Applying rule locations

9. Select a name for the new firewall rule, and Finish.

7_-_Windows_Firewall_-_Name_Firewall_Rule.pngFigure 8: Rule name and description



When running the winrm quickconfig -q command, you receive output similar to the following:

C:\Users\ottad>winrm quickconfig -q
WinRM service is already running on this machine.
WinRM is not set up to allow remote access to this machine for management.
The following changes must be made:
Configure LocalAccountTokenFilterPolicy to grant administrative rights remotely to local users.
    Message = Access is denied.
Error number:  -2147024891 0x80070005
Access is denied. 


According to Microsoft, local Administrator accounts other than the built-in Administrator account may not have rights to manage a server remotely, even if remote management is enabled on the production machine.

You will need to configure the Remote User Account Control (UAC) LocalAccountTokenFilterPolicy registry setting to allow local Administrator accounts to remotely manage the server

To disable these restrictions, follow the below steps.

You may need to reboot the production machine for these changes to take effect.

1. In the Windows Registry, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System, and change the value of the LocalAccountTokenFilterPolicy key to 1.

2. If the LocalAccountTokenFilterPolicy entry does not exist, create a new DWORD Value called LocalAccountTokenFilterPolicy. Change the key's value to 1.


You are unable to add a Hyper-V connection to the Datto appliance using domain credentials, but you can add it without issue using local credentials.


This indicates that the domain administrator account does not have the correct permissions to remotely manage Hyper-V hosts with Hyper-V Manager. See this article (external link) for information about configuring a domain administrator account with Remote Management permissions.

Setting up the Hypervisor Connection

1. Access the GUI of your SIRIS over your LAN or through a Remote Web connection.

2. From the Datto appliance's Overview page, click Configure → Hypervisor Connections.

3. Click Add Connection.

Hypervisor_1.PNGFigure 9: Hypervisor connections screen

4. Enter a unique name for the new hypervisor connection, and the IP address, hostname, or FQDN of the Hyper-V host that the Datto appliance needs to connect to. Select Hyper-V from the Hypervisor Type menu.

H-V-address.PNGFigure 10: Connection Name tab

5. On the Hypervisor Login tab, enter the credentials for a user that has the appropriate permissions to configure and control Hyper-V on your host. You will need the username and password, as well as the domain for the user (if applicable).

H-V-login-creds.PNGFigure 11: Hypervisor Login tab

If you receive an error message stating "Failed to execute command on host," review the Technical Notes section of this article to ensure that your Hyper-V configuration meets the specified requirements.

X_-_Hypervisor_Failed_-_Check_Requirements.pngFigure 12: Failed to execute command on host

6. If the wizard does not report any errors, the connection was created successfully. Click Finish to exit the Hypervisor Connection wizard.

Figure 13: Successful connection

The Datto appliance will return you to the Hypervisor Connections screen, where you will see the newly-added connection listed in the HyperV Connections pane. Click the radio button under Use for Screenshots if you would like the agent to use the resources of your hypervisor during screenshot verification.

Figure 13a: Hyper-V screenshot offload option

If you need to update the hypervisor credentials for an existing connection, delete the old connection, and then replace it using the *original* connection name and the new credentials. You will not lose data.

Performing a Hyper-V Restore

When you create a hypervisor connection to your host, you can use the connection to restore systems that are protected by your SIRIS appliance. To start, click the Restore tab at the top of the Datto appliance's GUI.

Figure 14: Restore tab

1. On the Restore tab, select the protected system that you want to restore to your Hyper-V server, and then select Virtualize via Hypervisor. Select the Recovery Point and the Hypervisor connection for the restore, and then click Start Virtualization.

H-V-Recovery-Point.PNGFigure 15: Restore from a Backup

2. The virtualization settings page will load, and the VM's resources will be automatically allocated by the Datto appliance based on the OS type detected. You can make resource adjustments or add network adapters to the Virtual Machine directly from the Hyper-V Manager on your server.

For Hyper-V virtualizations, there is no view of the virtual machine's console in the SIRIS UI. For direct console access to the VM, use Hyper-V Manager on the Hyper-V host to connect to the console.

Figure 16: Virtualization settings page

3. If you need to make modifications to the virtual machine, Datto recommends gracefully powering off the virtual machine from within the guest operating system. It is possible to stop the VM directly from the SIRIS UI, but this would be equivalent to a hard power-off instead of a graceful shutdown.

Figure 17: Shutting down a VM in Hyper-V

4. After making the resource changes, use Hyper-V Manager or the SIRIS UI to power the VM back on. In Figure 18, a technician increased the virtualization's core count from 1 to 4, provisioned 4 GB of RAM, and added a network adapter.

Manual resource changes made in Hyper-V Manager do not reflect in the SIRIS UI at this time.

Figure 18: Modifying VM settings through Hyper-V

5. When you are finished using your restore, return to the SIRIS Restore tab and select Stop and Unmount. Note that this will completely destroy the Hyper-V virtualization, along with all changes made to it since the VM was first booted. If the virtual machine was in production, make sure you back up your changes before unmounting it.

Do not destroy the Virtual Machine directly from Hyper-V Manager on the Hyper-V host. This will result in a hung restore on your SIRIS, which will require assistance from Datto Technical Support to resolve. 

Additional Resources

Was this article helpful?

4 out of 5 found this helpful

You must sign in before voting on this article.

Want to talk about it? Head on over to our Community Forum!