Error (12700)
VMM cannot complete the Hyper-V operation on the [virtualhost.domain.com] server because of the error: ‘[VIRTUALGUEST]‘ failed to add device ‘Microsoft Emulated Ethernet Port’. (Virtual machine ID 26DD8B56-0594-446A-8084-405218737EB0)

The Virtual Machines configuration 26DD8B56-0594-446A-8084-405218737EB0 at ‘J:\VS\[VIRTUALGUEST]‘ is no longer accessible: The requested operation cannot be performed on a file with a user-mapped section open. (0x800704C8)
(Unknown error (0×8000))

Recommended Action
Resolve the issue in Hyper-V and then try the operation again.

Well, that’s really good advice – clear the error and try again.  So, a quick Google-ing turned up a Microsoft KB article: Creating or starting a Hyper-V virtual machine on Windows Server 2008 or Microsoft Hyper-V Server 2008 may fail with error: 0x800704C8.  Oddly enough, this was exactly my issue:

CAUSE

This issue can be caused by antivirus software that is installed in the parent partition and the real-time scanning component is configured to monitor the Hyper-V virtual machine files.

RESOLUTION

To resolve this issue, configure the real-time scanning component within the antivirus software to exclude the following directories and files:

• Default virtual machine configuration directory (C:\ProgramData\Microsoft\Windows\Hyper-V)
• Custom virtual machine configuration directories
• Default virtual hard disk directory (C:\Users\Public\Documents\Hyper-V\Virtual Hard Disks)
• Custom virtual hard disk directories
• Snapshot directories
• Vmms.exe
• Vmwp.exe

Notes:

• If virtual machines are missing from the Hyper-V Management console, you must configure the antivirus exclusions, and then restart the Hyper-V Virtual Machine Management service.
• If the error code was 0x800704C8, it is likely that the virtual machine configuration file was corrupted and the virtual machine may need to be re-created or restored from backup if restarting the Hyper-V Virtual Machine Management service does not resolve the issue.

Chalk one up for Microsoft KB articles.  Now, a little further down in the KB article, it suggests (per Planning for Hyper-V Security) installing the antivirus on the guest (which we do) and not on the host (which we do, too):

Do not run any applications in the parent partition. Run all applications on virtual machines, which use child partitions. For example, if antivirus is required, be sure to run it on the VMs rather than the parent partition. Keeping the parent partition free of applications and running on a Windows Server 2008 core installation means fewer host updates, since nothing needs software updates except the Windows Server 2008 core installation, the Hyper-V service components, and the small (~600KB) hypervisor.

The post.

And an excerpt:

So, I’m sitting there today working on something for a client when I received an unsolicted Skype Message with an “Important Business Proposal”.

I normally mess with these guys a little, just to waste their time , but as I was on the phone to a client I just decided to get rid of him quickly.

As you can see – he was suprisingly honest about his ultimate intentions.

Anyway, there is an open source project called (go figure) OpenSSL.  OpenSSL is an SSL toolkit – that happens to be free for commercial and non-commercial uses.  While they offer a self signing feature, it’s not generally recommended for production applications (you’ve been warned).  For me, however, it works perfectly.  And there’s even a version for Windows.  Now, the cool thing about this is it will create a private key in a variety of encryption protocols, it will create your certificate request (if you’re well-to-do and can afford a real one), and it will even create a “test” certificate (which is what I wanted).

So, I downloaded the 64-bit version for Windows.  When you’re done (use the defaults – they work just fine), open a command prompt, browse to your OpenSSL installation folder (C:\OpenSSL be default) and type:

openssl

You’ll be at a prompt that looks like “OpenSSL>”.  Once you’re here, you’re ready to create your private key and your certificate.  In my case, the following command works perfectly.  It creates a private key and a certificate all at once.  If you’re going to buy a certificate, you’ll need to Google the procedure for creating a private key and a certificate request, then do whatever you need to do to install the certificate from that company into your program(s) that require it.  But, I digress – the command:

OpenSSL> req -new -newkey rsa:1024 -days [DAYS] -nodes -x509 -keyout www.example.com.pem -out www.example.com.pem

You’ll need to follow the following prompts (asking for your country, name, email, etc.).  The above command will create a 1024-bit RSA private key, then create a certificate (I think it does the certificate request in the background).  The certificate will expire in the number of days you set via the [DAYS] variable.  The -keyout tells OpenSSL to export your private key to a file called “www.example.com.pem” and the -out switch tells it to export your certificate to “www.example.com.pem.”  Now, I’ll state the obvious and recommend that you change the file names (ie, examplekey.com.pem and examplecert.com.pem).  The key and certificate are both created in the same folder (C:\OpenSSL by default).

Now, the one caveat I will offer is this: this self-signed certificate is not trusted by anyone.  Internet Explorer, Firefox, Outlook, Safari, etc. will all reject this certificate as “identity unknown.”  For me, that’s okay.  For someone else, think about it first.  You can get around the constant “this certificate is not valid” prompts by adding the certificate to the Trusted Root Certification Authorities in Windows’s Certificates Manager.

Now you know.