I am trying to do my first live migration with Windows server 2012 hyper-v 3.0. I have two servers joined into a domain.local domain and both are hypervisors with constrained delegation setup. Each server has the CIFS and Microsoft virtual service delegated with Kerberos. Both hypervisors have Kerberos only setup for the live migration.

Replica works great, but when I try to do a live migration (not a VM that is being replicated either) I get this when trying to select a destination computer, even though I have all firewalls turned off (the servers and the domain are private no internet access only):

An error occurred while attempting to contact the Virtual Machine Management service on destination computer "blah". Verify that the service is running and that you are authorized to connect to the destination computer. You do not have the required permission to complete this task. Contact the administrator of the authorization policy for the computer "blah".

Anyone have an idea? I'm fairly new to AD-DS but the domain controller I believe was seutp with the correct constrained delegation.

Could it be some sort of super user I need to setup or login as a particular user into the hypervisor? I feel like I am just missing something rather simple here but have spent a good deal of time looking online and haven't quite found anything that relevant to my problem.


Solution 1:

You didn't mention which services are delegated to. You should have the following on each Hyper-V host:

  • Microsoft Virtual System Migration Service/COMPUTER
  • Microsoft Virtual System Migration Service/COMPUTER.FQDN
  • cifs/COMPUTER
  • cifs/COMPUTER.FQDN

Have you tried (as a test) allowing all services to be delegated?

Solution 2:

An answer to this old question. It's a bug. You have to start the migration from the source server and not from the destination server or the Hyper-V GUI installed on another machine.

If you're doing this on server core or Hyper-V server 2012, you need to log into the source server and initiate the migration from the powershell console. If you're using the GUI, again, it must launch it from the destination machine.

Try this and migrations should work properly.

HTH