Issue
Trying to move a virtual machine from one Hyper-V 2016 host to another while running Hyper-V Management Tools from a separate management server. Following error is displayed shortly after starting the move operation:
There was an error during move Operation.
Virtual machine migration Operation failed at migration source.
Failed to establish a connection with host "DESTINATION-SERVER": The credentials supplied to the package were not recognized (0x8009030D).
The Virtual Machine Management Service failed to authenticate the connection for a Virtual Machine migration at the source host: no suitable credentials available. Make sure the Operation is initiated on the source host of the migration, or the source host is configured to use Kerberos for the authentication of migration connections and Constrained Delegation is enabled for the host in Active Directory.
Resolution
As the error message above suggests there are two possible ways to resolve this.
Option 1 - Initiate the move operation at the source server
Obviously, that's not an option if the source server doesn't have management tools installed.
Option 2 - Enable Kerberos authentication and configure Constrained Delegation
To be able to initiate the move operation from a remote management machine (within the same domain) perform following steps:
- Enable Kerberos Authentication for Live Migrations (for both Hyper-V hosts)
- Go to Hyper-V Settings > Live Migrations > Advanced Features and select Use Kerberos under Authentication Protocol.
- Go to Hyper-V Settings > Live Migrations > Advanced Features and select Use Kerberos under Authentication Protocol.
- Configure Constrained Delegation (for both Hyper-V hosts)
- Open Active Directory Users and Computers, find your Hyper-V host computer account, open Properties dialog, and navigate to Delegation tab
- Select Trust this computer for delegation to specified services only and Use any authentication protocol
- Click Add, choose computer account of another Hyper-V host and add cifs (required to migrate storage) and Microsoft Virtual System Migration Service (required to migrate virtual machine).
- It may take a little time for changes to take effect (AD replication and re-issue of Kerberos ticket). Logging of and back on may help with Kerberos ticket...
July 2017
Windows Server 2016
Hyper-V 2016
Ultimate solution and works fine. Thanks a lot for your help to solve issue.