Configure an Azure management certificate so that Microsoft Virtual Machine Converter can migrate VMs to Azure


When you select the Migrate to Microsoft Azure option on the Migration Destination screen in Microsoft Virtual Machine Converter (MVMC), you receive one of the following error messages on the Azure Connection page:

Error message 1
The certificate with thumbprint THUMBPRINT was not found in the personal certificate store.

Error message 2
The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.

Note The THUMBRPRINT placeholder represents the 40-character certificate thumbprint of your Microsoft Azure certificate.

This error occurs after you enter your Subscription ID and Certificate Thumbprint, and then you click Next.


This issue may occur if a matching certificate has not been added to the current user’s Personal and Trusted Root Certification Authorities stores in addition to the Azure Classic Management Portal as a management certificate. The private certificate must exist in the user’s Personal and Trusted Root Authorities stores, and it must be imported into the Azure Classic Management Portal.


Note The following steps create a self-signed certificate for migration. You can also use an organizational certificate if you have a PKI provider. The certificates that were used by Azure storage cannot be used for this task because they do not support exporting the private key.

To resolve this problem, follow these steps on the computer that has MVMC installed:

  1. Log on to Windows by using the account that will be used to complete the conversion and migration.
  2. Open an elevated PowerShell window.
  3. Run the following PowerShell commands to create the private certificate in the current user’s Personal certificate store:
    Import-Module PKI 
    New-SelfSignedCertificate -DnsName "MVMC" -CertStoreLocation "Cert:\CurrentUser\My" 
    Note The DnsName value is arbitrary for this process. In these steps, "MVMC" is used to easily identify the certificate.

  4. Run the following PowerShell commands to export the public certificate and to import it into the current user’s Trusted Root Certification Authorities certificate store:
    Export-Certificate -Cert (Get-ChildItem Cert:\CurrentUser\My\ -DnsName MVMC) -FilePath $env:TEMP\MVMC.cer 
    Import-Certificate -FilePath $env:TEMP\MVMC.cer -CertStoreLocation Cert:\CurrentUser\Root 
  5. When you are prompted to confirm the import process, click Yes.
  6. Log on to the Azure Classic Management Portal. Select Settings from the list of items on the left side of the portal, and then select Management Certificates from the list of settings.
  7. Click Upload at the bottom of the Management Certificates screen. In the dialog box that opens, click Browse for file, select MVMC.cer from the %TEMP% folder, and then click the check mark icon to upload the public certificate.
  8. Return to MVMC, and then retry the Azure Connection task.