none
Hyper-V 2012 Live migration fails, quick migration works

    Question

  • Hi.

    My Environment is two 2012 Hyper-V (Datacentre) servers, clustered. These servers have different hardware but the network cards are named the same. When I do a quick migration it works perfectly but when I do a live migration it fails both ways with the errors below. Cluster validation does not show significant errors.

    I have had a look at this article but cannot figure out how to check the spn's or get this fixed. Any help will be appreciated thanks.

    http://social.technet.microsoft.com/Forums/en-US/winserverhyperv/thread/968cf45f-fd6f-4ce1-a402-40a5cb425399/

    Live migration of 'Virtual Machine OFF003' failed.

    Virtual machine migration operation for 'OFF003' failed at migration source 'HPV003'. 
    (Virtual machine ID 2FDE8951-A9DA-4A93-B410-CEF0CDDAE755)

    The Virtual Machine Management Service failed to establish a connection for a Virtual Machine migration with host 'HPV002': 
    The specified target is unknown or unreachable (0x80090303).

    The Virtual Machine Management Service failed to authenticate the connection for a Virtual Machine migration at the source host: 
    The specified target is unknown or unreachable (0x80090303).

    Live migration of 'Virtual Machine OFF003' failed.

    Virtual machine migration operation for 'OFF003' failed at migration source 'VHPV002'. (Virtual machine ID 2FDE8951-A9DA-4A93-B410-CEF0CDDAE755)

    The Virtual Machine Management Service failed to establish a connection for a Virtual Machine migration with host 'HPV003': 
    The specified target is unknown or unreachable (0x80090303).

    The Virtual Machine Management Service failed to authenticate the connection for a Virtual Machine migration at the source host: 
    The specified target is unknown or unreachable (0x80090303).


    Best Regards, Morris Fury AFRIDATA.net


    • Edited by Morris Fury Thursday, April 4, 2013 6:33 AM Update
    • Moved by BrianEhMVP Thursday, April 4, 2013 3:03 PM
    Thursday, April 4, 2013 6:32 AM

Answers

  • Hi Lawrence.

    Thanks for your reply. I saw this same info on another article but did not know how to configure the spn's. What is worrying is that none of the SPN's were there except for the HOST one's. For those others that get stuck here, below are the commands I ran. Substitute mydomain.com with your own domain. My live migration is now working perfectly.

    setspn -S "Hyper-V Replica Service/HPV003" HPV003
    setspn -S "Hyper-V Replica Service/HPV003.mydomain.com" HPV003
    setspn -S "Microsoft Virtual Console Service/HPV003" HPV003
    setspn -S "Microsoft Virtual Console Service/HPV003.mydomain.com" HPV003
    setspn -S "Microsoft Virtual System Migration Service/HPV003" HPV003
    setspn -S "Microsoft Virtual System Migration Service/HPV003.mydomain.com" HPV003


    setspn -S "Hyper-V Replica Service/HPV002" HPV002
    setspn -S "Hyper-V Replica Service/HPV002.mydomain.com" HPV002
    setspn -S "Microsoft Virtual Console Service/HPV002" HPV002
    setspn -S "Microsoft Virtual Console Service/HPV002.mydomain.com" HPV002
    setspn -S "Microsoft Virtual System Migration Service/HPV002" HPV002
    setspn -S "Microsoft Virtual System Migration Service/HPV002.mydomain.com" HPV002


    Best Regards, Morris Fury AFRIDATA.net

    Friday, April 5, 2013 8:22 AM
  • Hi,

    Service principal names (SPN) are associated with the security principal (user or groups) in whose security context the service executes. SPNs are used to support mutual authentication between a client application and a service. An SPN is assembled from information that a client knows about a service. Or, it can obtain information from a trusted third party, such as Active Directory. A service principal name is associated with an account and an account can have many service principal names.

    To check SPN, you can use following methods:

    • Use LIDFDE to search for the SPN within all domains of the forest.
    • Use LDP to search for the SPN within all domains of the forest.
    • Use querySPN.vbs. 

    The following command will show all the HealthService SPN's in the domain:

    Ldifde -f c:\ldifde.txt -t 3268 -d DC=DOMAIN,DC=COM -r "(serviceprincipalname=MSOMHSvc/*)" -l serviceprincipalname -p subtree

    To view SPN's for a specific server: 

    "setspn -L servername"

    Check that and make sure following SPN were created:

    HOST/HOSTNAME
    HOST/HOSTNAM_FQDN
    Hyper-V Replica Service/HOSTNAME
    Hyper-V Replica Service/HOSTNAME_FQDN
    Microsoft Virtual Console Service/HOSTNAME
    Microsoft Virtual Console Service/HOSTNAME_FQDN
    Microsoft Virtual System Migration Service/HOSTNAME
    Microsoft Virtual System Migration Service/HOSTNAME_FQDN

    For more information please refer to following MS articles:

    Service Principal Names
    http://technet.microsoft.com/en-us/library/cc961723.aspx
    Live Migration failing for new cluster node quick migration works
    http://social.technet.microsoft.com/Forums/en-US/winserverhyperv/thread/d7a8b5ab-6072-4dd4-a632-baeb64dd9a9c
    Kerberos Authentication problems – Service Principal Name (SPN) issues
    http://blogs.technet.com/b/askds/archive/2008/05/29/kerberos-authentication-problems-service-principal-name-spn-issues-part-1.aspx

    Hope this helps!

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.

     


    Lawrence

    TechNet Community Support

    • Marked as answer by Morris Fury Friday, April 5, 2013 8:18 AM
    Friday, April 5, 2013 2:01 AM
    Moderator

All replies

  • Hi Morris,

    please specify different hardware. Is it as well different processors? In this case, please make sure in the VM Configuration, the check box Migrate to a physical computer with a different processor version is ticked.

    This will limit the processor features a VM is allowed to use in order to ensure compatibility.

    Best Regards,
    Jens


    jensit.wordpress.com

    Thursday, April 4, 2013 1:00 PM
  • Your error speaks of an authentication problem or a management network routing problem between the two hosts.

    The Live Migration network of the servers must be routable, the management network of the Servers must be routable, and the cluster network must be routable between them as well.

    Check your cluster configuration and make sure that you have not excluded Cluster traffic from the wrong places.


    Brian Ehlert
    http://ITProctology.blogspot.com
    Learn. Apply. Repeat.
    Disclaimer: Attempting change is of your own free will.

    Thursday, April 4, 2013 3:03 PM
  • Hi,

    Service principal names (SPN) are associated with the security principal (user or groups) in whose security context the service executes. SPNs are used to support mutual authentication between a client application and a service. An SPN is assembled from information that a client knows about a service. Or, it can obtain information from a trusted third party, such as Active Directory. A service principal name is associated with an account and an account can have many service principal names.

    To check SPN, you can use following methods:

    • Use LIDFDE to search for the SPN within all domains of the forest.
    • Use LDP to search for the SPN within all domains of the forest.
    • Use querySPN.vbs. 

    The following command will show all the HealthService SPN's in the domain:

    Ldifde -f c:\ldifde.txt -t 3268 -d DC=DOMAIN,DC=COM -r "(serviceprincipalname=MSOMHSvc/*)" -l serviceprincipalname -p subtree

    To view SPN's for a specific server: 

    "setspn -L servername"

    Check that and make sure following SPN were created:

    HOST/HOSTNAME
    HOST/HOSTNAM_FQDN
    Hyper-V Replica Service/HOSTNAME
    Hyper-V Replica Service/HOSTNAME_FQDN
    Microsoft Virtual Console Service/HOSTNAME
    Microsoft Virtual Console Service/HOSTNAME_FQDN
    Microsoft Virtual System Migration Service/HOSTNAME
    Microsoft Virtual System Migration Service/HOSTNAME_FQDN

    For more information please refer to following MS articles:

    Service Principal Names
    http://technet.microsoft.com/en-us/library/cc961723.aspx
    Live Migration failing for new cluster node quick migration works
    http://social.technet.microsoft.com/Forums/en-US/winserverhyperv/thread/d7a8b5ab-6072-4dd4-a632-baeb64dd9a9c
    Kerberos Authentication problems – Service Principal Name (SPN) issues
    http://blogs.technet.com/b/askds/archive/2008/05/29/kerberos-authentication-problems-service-principal-name-spn-issues-part-1.aspx

    Hope this helps!

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.

     


    Lawrence

    TechNet Community Support

    • Marked as answer by Morris Fury Friday, April 5, 2013 8:18 AM
    Friday, April 5, 2013 2:01 AM
    Moderator
  • Hi Jens.

    Thanks for your reply. I ticked the check box, started the vm and tried the live migration but it failed with the same error again. The hardware is very different. We are in the process of standardizing the hardware so it should not be a problem in future. However, I would like to get it working on the current hardware. Both servers have intel motherboards and processors but different models.


    Best Regards, Morris Fury AFRIDATA.net

    Friday, April 5, 2013 7:41 AM
  • Hi BrianEh

    Thanks for your reply. Both these servers are on the same subnet and physical switch. No routing involved. (192.168.0.x/24) There are multiple network involved but only the local lan network cards have been enabled for cluster traffic. Is that what you mean with exclusions, that I may have excluded a network card? I also cannot see how to add additional network cards on the cluster network config if I wanted to change it. Do the network cards on which the cluster traffic run have to have the same name?


    Best Regards, Morris Fury AFRIDATA.net

    Friday, April 5, 2013 7:46 AM
  • Hi Lawrence.

    Thanks for your reply. I saw this same info on another article but did not know how to configure the spn's. What is worrying is that none of the SPN's were there except for the HOST one's. For those others that get stuck here, below are the commands I ran. Substitute mydomain.com with your own domain. My live migration is now working perfectly.

    setspn -S "Hyper-V Replica Service/HPV003" HPV003
    setspn -S "Hyper-V Replica Service/HPV003.mydomain.com" HPV003
    setspn -S "Microsoft Virtual Console Service/HPV003" HPV003
    setspn -S "Microsoft Virtual Console Service/HPV003.mydomain.com" HPV003
    setspn -S "Microsoft Virtual System Migration Service/HPV003" HPV003
    setspn -S "Microsoft Virtual System Migration Service/HPV003.mydomain.com" HPV003


    setspn -S "Hyper-V Replica Service/HPV002" HPV002
    setspn -S "Hyper-V Replica Service/HPV002.mydomain.com" HPV002
    setspn -S "Microsoft Virtual Console Service/HPV002" HPV002
    setspn -S "Microsoft Virtual Console Service/HPV002.mydomain.com" HPV002
    setspn -S "Microsoft Virtual System Migration Service/HPV002" HPV002
    setspn -S "Microsoft Virtual System Migration Service/HPV002.mydomain.com" HPV002


    Best Regards, Morris Fury AFRIDATA.net

    Friday, April 5, 2013 8:22 AM
  • Hey Morris,

    Just wanted to give you kudos. I don't know why but the setup process I follow for all my nodes never ends up with the SPN entries. I'm wondering if it's because I've been adding the nodes in the failover cluster manager then refreshing the cluster in SCVMM and using add host in there, instead of just adding the host before it's part of the cluster.

    Either way found this after literally 6 hours of searching and you are a legend!

    Cheers,

    - Will

    Monday, May 27, 2013 11:48 AM
  • Thanks Morris,

    I have faced this issue.

    the specified target is unknown or unreachable (0x80090303) while Live Migration. Event id 21502 in Failover Cluster of windows 2012.

    I have checked Setspn -l hpv003 and setspn - l hpv002 and found spn's are not there.

    Finally i do it manually.

    setspn -S "Hyper-V Replica Service/HPV003" HPV003
    setspn -S "Hyper-V Replica Service/HPV003.mydomain.com" HPV003
    setspn -S "Microsoft Virtual Console Service/HPV003" HPV003
    setspn -S "Microsoft Virtual Console Service/HPV003.mydomain.com" HPV003
    setspn -S "Microsoft Virtual System Migration Service/HPV003" HPV003
    setspn -S "Microsoft Virtual System Migration Service/HPV003.mydomain.com" HPV003
    ----
    setspn -S "Hyper-V Replica Service/HPV002" HPV002
    setspn -S "Hyper-V Replica Service/HPV002.mydomain.com" HPV002

    Setspn -S "Microsoft Virtual Console Service/HPV002" HPV002
    setspn -S "Microsoft Virtual Console Service/HPV002.mydomain.com" HPV002

    setspn -S "Microsoft Virtual System Migration Service/HPV002" HPV002
    setspn -S "Microsoft Virtual System Migration Service/HPV002.mydomain.com" HPV002

    Thanks


    Kirpal Singh

    Thursday, October 31, 2013 10:38 AM
  • Hi,

    Sorry to continue an old thread, I have recently had this and the solution provided here worked for me. however my question is for what reasons do the SPNs not get registered for in the first place?

    thanks

    Steve

    Thursday, November 13, 2014 2:54 PM
  • Elimine el cluster y lo volvi a crear pero nada funciono.

    finalmente segui tus pasos y funciono.

    Creo que fue porque cambie los discos aunque los habia eliminado previamente. Tenia discos de 10K en una cabina DELL y los cambie a 15K volvi a reecrear todo pero luego ya no se movian las maquinas por live migration.

    GRACIAS POR TU AYUDA.


    Jesús Ángel Señorán López. Administrador de sistemas y seguridad.

    Monday, August 27, 2018 3:02 PM
  • Hi All,

    I had the same issue. I am able to resolve the issue by following the below link:

    http://flemmingriis.com/share-nothing-live-migration-element-not-found-0x80070490/

    Wednesday, April 17, 2019 6:25 AM