none
Live migration cross domain

    Question

  • We have DomainA and DomainB with two-way trust in place. We want to live migrate VM's from A to B and have set up a user in domain A as member of the local admin and hyper-v admin on a server in domain A and B. We try to use this user to run the live migration with powershell and use CredSSP, but this fails with the following error:

    move-vm : Virtual machine migration operation failed at migration source.
    Failed to create folder.

    The destination path is a local path on the server c:\test\VMNAME

    Sourcepath is tested from both CSV and local disk.

    Local firewalls are off, LM network configured to any, other firewalls checked OK.

    Some article describes this as the only method to acheive this as kerberos constrained delegation cannot be configured cross domains.

    Anyone know what we are doing wrong?


    Monday, April 3, 2017 10:40 AM

All replies

  • Hi Sir,

    Have you tried to configure "delegration" for both hyper-v hosts in trusted domain ( computer property in ADUC):

    Best Regards,

    Elton


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, April 4, 2017 8:23 AM
    Moderator
  • Hi Elton,

    Yes we have tried this, but as we can only use CredSSP, this does not apply.

    Wednesday, April 5, 2017 8:08 AM
  • Hi Sir,

    As the CredSSP mentioned "You must logon to the server to perform Live migration" :

    Have you log on that hyper-v server locally  (which is the owner node of that VM) , then try to live migrate a local VM (not a HA VM) to test ?

     

    Best Regards,

    Elton


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, April 5, 2017 8:55 AM
    Moderator
  • Yes, we logon to the source server to perform the livemigration with an elevated powershell session. Also, the VM cluster role is removed prior to the migration attempt.

    VM is also disconnected from the virtual network and powered off.

    Wednesday, April 5, 2017 9:01 AM