Configuring constrained delegation to authenticate live migrations

Share this:

Constrained delegation allows live migrations to be started using any remote management tool and might help in providing more flexibility to move your VMs.

If the connection between the source and destination computers cannot be authenticated, an error occurs and the following message is displayed:

Virtual machine migration operation failed at migration Source.

Failed to establish a connection with host<computer name>: No credentials are available in the security package (0x8009030E).

To solve this issue you have to configuring constrained delegation to authenticate live migrations on both Hyper-V servers.

To enable it, just follow this steps

1. Open Active Directory Users and Computers

2. Right-click on the host computer account

3. Click on Properties.

clip_image002

4. In the Properties window, click on the Delegation tab, select Trust this computer for delegation to the specified services only

clip_image004

5. Select Use Kerberos only.

6. Click on Add

clip_image006

7. Click Users or Computers.

clip_image008

8. In the Select Users or Computers box, type the destination host server name and click OK.

9. In the Add Services dialog box

a. Select cifs

clip_image010

b. Select Microsoft Virtual System Migration Service

clip_image012

c. Click on OK. The two services will be listed in the service type, as shown in the next screenshot:

clip_image014

10. Click on OK to close the computer properties window and repeat the same process on the destination server computer account.

NOTE: The configuration changes do not take effect until the following has occurred:

· The changes have replicated to the domain controllers that the servers running Hyper-V are logged into.

· A new Kerberos ticket has been issued.

After that, you can change the live migration authentication type to use Kerberos.

Written by Marcos Nogueira

Marcos Nogueira

With more than 18 years experience in Datacenter Architectures, Marcos Nogueira is currently working as a Principal Cloud Solution Architect. He is an expert in Private and Hybrid Cloud, with a focus on Microsoft Azure, Virtualization and System Center. He has worked in several industries, including Aerospace, Transportation, Energy, Manufacturing, Financial Services, Government, Health Care, Telecoms, IT Services, and Gas & Oil in different countries and continents.

Marcos was a Canadian MVP in System Center Cloud & Datacenter Managenment and he has +14 years as Microsoft Certified, with more than 100+ certifications (MCT, MCSE, and MCITP, among others). Marcos is also certified in VMware, CompTIA and ITIL v3. He assisted Microsoft in the development of workshops and special events on Private & Hybrid Cloud, Azure, System Center, Windows Server, Hyper-V and as a speaker at several Microsoft TechEd/Ignite and communities events around the world.

Related Post

New version of Azure Backup Server introduces Mode... WOW! What a day for me! Microsoft Azure just announces new and improved features on the new version Azure Backup Server. Let’s start! They announce...
Managing Hyper-V Server remotely through PowerShel... Working with PowerShell can be very common for daily tasks and Hyper-V Server management. However, as there is more than one server to be managed, som...
Virtualizing Your Data Center with Hyper-V and Sys... Free online event with live Q&A: http://aka.ms/virtDC Wednesday, February 19th from 9am – 5pm PST If you're new to virtualization, or if you hav...
Configuring a Hyper-V / Windows Server to use Dell... How to configure a Dell Storage device (in this case MD3200i) to be used by Hyper-V, but the same procedure can be used for Windows Server in general....