During Machine creation after copying the Master Image and start creating the Preparation VM we get an error message: HResult: 0x80070005 (E_AccessDenied) due to WMI. There are WMI stack authentication errors.
 

Issue has been resolved by removing and adding the Admin user accounts back to the Local Admin Security group (Administrators Group) on each Hyper-V Server.

Scenario 1: Accounts used for Studio Integration already part of Hyper-V Local Admin Group. Still getting WMI Access Denied error 
- Article CTX213938 states: "The user account used for Studio integration must also be a member of the administrators local security group on each Hyper-V server to support VM life cycle management (such as VM creation, update, and deletion)." 
- In certain cases, these accounts are already listed. 
- Remove the accounts from the Local Administrators Security Group and add them back in
- Something may of occurred with the AD accounts which has caused inconsistencies with the permissions, which can cause the WMI Access Denied error 

Scenario 2: Scenario 1 is properly set and does not resolve the WMI Access Denied error during Machine Creation, try the following
- Troubleshoot the WMI/DCOM permissions and verify if they can communicate to the Hyper-V Host from the DDC
* Follow https://support.microsoft.com/en-us/kb/969965 (Altered for our needs) 
1. Make sure that the account that is used for the Studio Integration is a member of the local Administrators group on the Hyper-V Host Servers. 

*** Note: This is especially important if the SCVMM server and Hyper-V Host Server(s) are in different domains.

2. Verify WMI connectivity to the CIMV2 namespace on the Hyper-V Host Server(s). To do this, follow these steps on the SCVMM server.
- Open the WBEMtest window from the DDC. To do this, click Start, point to Run, type WBEMtest in the Open box, and then click OK.
- Click Connect in the upper-right corner.
- Connect to the CIMV2 namespace on the Hyper-V Host Server. For example, type \\Source\ROOT\CIMV2.

*** Note: Make sure to use the name of your Hyper-V Host Server.

- Click Connect to complete the connection.
- Verify your connection by accessing a sample object. To do this, click Open Class, and then type Win32_PhysicalMemory (If more than one Hyper-V Host Server, check on each)

*** Note: You should see objects populate the Object Editor window. The actual content that is returned is not important. This purpose of this step is only to verify that a remote connection to the CIMV2 namespace has been established.

3. RDP into the Hyper-V Host Server (If more than one Hyper-V Host Server, check on each)
- Open wmimgmt.msc to verify connectivity to the local computer and also to check the Remote Enable permissions. To do this, follow these steps:
- Open the WMI Control (Local) window. To do this, click Start, point to Run, type wmimgmt.msc, and then click OK.
- Right-click the WMI Control (Local) node, and then click Properties.
- Click the Security tab, select Root, and then click the Security button in the lower-right corner.
- Click to select the Remote Enable permission for Everyone or the specific user account that you want to grant this permission to check box.

4. RDP into the Hyper-V Host Server (If more than one Hyper-V Host Server, check on each)

*** Note: This action does not require that you restart the computer.

- Open dcomcnfg to verify that the DCOM service is running and also to check the Remote Activation permission. To do this, follow these steps:
- Open the Component Services snap-in. To do this, click Start, point to Run, type dcomcnfg, and then click OK.
- Expand Component Services, expand Computers, and then expand My Computer.

*** Note: If the My Computer node has a red down-arrow mark, this means that the DCOM service is not running and must be started.

- Right-click My Computer, click Properties, and then click the COM Security tab.
- Under Launch and Activation Permissions, click Edit Limits.
- For the Everyone user group, click to select the Allow check box for the Remote Activation row. Alternatively, add the specific user account to which you want to grant this permission.

*** Note: You may receive an "Access Denied" error message if the appropriate WMI permission is not granted to the user. The error message may include Error code 0x80041003.

5. RDP into the Hyper-V Host Server (If more than one Hyper-V Host Server, check on each)
- Verify whether the Ole registry key is missing or has an incorrect value on the Hyper-V Host Server. To do this, follow these steps:
- Start Registry Editor.
- Locate the following subkey:
*** HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole
- Look for an EnableDCOM entry that has a type of REG_SZ and a value of Y.

Alternate Test: Run this command from the DDC to see if we get the proper WMI information as well. This will prove we can create a catalog manually: 
Get-WmiObject -ComputerName Hyper-VServerName -NameSpace root\Virtualization -Query "Select * from MSVM_ComputerSystem" 
This resulted with the following : 
__GENUS : 2 
__CLASS : Msvm_ComputerSystem 
__SUPERCLASS : CIM_ComputerSystem 
__DYNASTY : CIM_ManagedElement 
__RELPATH : Msvm_ComputerSystem.CreationClassName="Msvm_ComputerSystem",Name="DBF3A01C-D 
7DA-4439-B9A7-4AA40584D5F6" 
__PROPERTY_COUNT : 45 
__DERIVATION : {CIM_ComputerSystem, CIM_System, CIM_EnabledLogicalElement, 
CIM_LogicalElement...} 
__SERVER : UCSVDIHV1 
__NAMESPACE : root\Virtualization\v2 
__PATH : \\UCSVDIHV1\root\Virtualization\v2:Msvm_ComputerSystem.CreationClassName="Ms
vm_ComputerSystem",Name="DBF3A01C-D7DA-4439-B9A7-4AA40584D5F6" 
AvailableRequestedStates : 
Caption : Virtual Machine 
CommunicationStatus : 
CreationClassName : Msvm_ComputerSystem 
Dedicated : 
Description : Microsoft Virtual Machine 
DetailedStatus : 
ElementName : XDGIS011 
EnabledDefault : 3 
EnabledState : 3 
EnhancedSessionModeState : 3 
FailedOverReplicationType : 0 
HealthState : 5 
IdentifyingDescriptions : 
InstallDate : 20140827205950.351405-000 
InstanceID : 
LastApplicationConsistentReplicationTime : 16010101000000.000000-000 
LastReplicationTime : 16010101000000.000000-000 
LastReplicationType : 0 
LastSuccessfulBackupTime : 
Name : DBF3A01C-D7DA-4439-B9A7-4AA40584D5F6 
NameFormat : 
NumberOfNumaNodes : 1 
OnTimeInMilliseconds : 0 
OperatingStatus : 
OperationalStatus : {2} 
OtherDedicatedDescriptions : 
OtherEnabledState : 
OtherIdentifyingInfo : 
PowerManagementCapabilities : 
PrimaryOwnerContact : 
PrimaryOwnerName : 
PrimaryStatus : 
ProcessID : 
ReplicationHealth : 0 
ReplicationMode : 0 
ReplicationState : 0 
RequestedState : 12 
ResetCapability : 1 
Roles : 
Status : OK 
StatusDescriptions : {Operating normally} 
TimeOfLastConfigurationChange : 20160721201054.154626-000 
TimeOfLastStateChange : 20160721201054.170250-000 
TransitioningToState : 
PSComputerName : UCSVDIHV1 

Scenario 3: Scenario 1 or 2 provided no help? Create a new hosting Connection 
- At this point if the above scenarios keep failing, try creating a new hosting connection in Studio 
- Click Add Connection and Resources: 

- Enter the SCVMM connection and credentials: 

- Once created, try creating a new Machine Catalog. If it reoccurs move on to the next scenario 

Scenario 4: Confirm Firewall and Anti-Virus is not at fault
- This step is generally performed first, but reconfirm if it was missed 
- Also confirm, there is not another Security application blocking the creation of machines
Possible Security Apps: Parity, Carbon Black, etc 
 

Problem Cause