access denied error (0x80070005) when create a VM on a SMB share


  • I have three servers.

    Server A - Windows 2012 data center with Hyper-V role
    Server B - Hyper-V 2012 server
    Server C - Windows 2012 data center as SMB server

    All servers are in the same domain. Both server A and B are configured for CIFS delegation to Server C. I am using server A's Hyper-V management console to manage the server B's Hyper-V service. A SMB share is created on server C with full access permision for both server A, B and the user which is a domain admin.

    Here is the problem I have. When I try to create a VM on the server B via the server A's console and specify the storage on a SMB share on the server C, I get the following error.

    [Window Title]
    New Virtual Machine Wizard

    [Main Instruction]
    The server encountered an error while creating t2.

    The operation failed.

    Failed to create external configuration store at '\\server-C\hypervshare\t2': General access denied error. (0x80070005)

    [Expanded Information]
    The operation failed.

    User 'domain\admin' failed to create external configuration store at '\\server-C\hypervshare\t2': General access denied error. (0x80070005)

    Any advice is appreciated.

    jeudi 21 février 2013 19:43


Toutes les réponses

  • I had something similar happen to me the other day, but I was creating a SQL cluster to an SMB environment.  So, similar but different.  In my case, I must have done something wrong in creating the share the first time around.  All the permissions looked good, but I know that I had made some errors in their initial creation, so I went in after creating the share to adjust the security permissions to what I thought they should be.  For some reason that didn't work.  So I went back to square one.  I deleted the existing share and made absolutely positive that when I created the share, I created the share with all the correct privileges.  Then the share worked fine.  So, did you try to adjust the permissions after you had created the share, or did you get them all right the first time?  Have you tried creating another share to see if it works?

    .:|:.:|:. tim

    jeudi 21 février 2013 21:41
  • You are doing a double hop in this case, so you are running into a constrained delegation issue.

    You are being denied because between your console on Server A and Server B it is you.  From Server B to Server C it is attempting to be you, but Server B can't impersonate you.

    JoseB blogged about this a while back.  See if this fits:

    Or TaylorB's here:

    Brian Ehlert
    Learn. Apply. Repeat.
    Disclaimer: Attempting change is of your own free will.

    jeudi 21 février 2013 21:44
  • Thanks Tim and Brian for your responses. The problem seems caused by our domain controllers. We have multiple Windows 2003 domain controller nodes. Probably it didn't replicate immediately after I configured the delegation. Now it works fine. I can create a VM running on the Hyper-V core server B and saved on the SMB share of server C via the management server A's Hyper-V console or using powershell from the the Hyper-V core server's RDP session.

    I tried to mark Brian's response as an answer but the session always failed.

    vendredi 22 février 2013 15:40