Share via

Live Migration Requirements Connectivity & Live Migration Failure

DSIC_ 0 Reputation points
2024-02-14T08:42:20.0966667+00:00

Hi,

We are looking for sources about requirements on how to set up Live Migration with 2 hosts Hyper-V. There is nothing clear about what is really needed about Live Migration in terms of steady connectivity to DNS, AD, Kerberos.

We have a case when Live Migration fails which seems not great. Our cluster is composed of 2 hosts Hyper-v on the same area but 2 IT rooms separated and enough spreaded to be secure. Although, DNS, AD, Keberos are working but through WAN (won't be possible to change). On every host ,we have a dedicated management network to reach these services and heartbeat configured with two other networks. We noticed that when we lose the management connection on one host (let's say switches failure) , Live Migration is impossible. Service Cluster tries to Live Migrate but its fails so VMS are dangling there on host which is not what we want. The message we noticed is " The Kerberos client could not find a domain controller for domain XXXX: 0xC000005E. Kerberos authentication requires communication with a domain controller".

That's what bothers us. We setup Kerberos to manage Live Migration. In case of WAN failure, lost management of host we can't realize Live Migration. That's weird considering on workstation there is kerberos cache for that kind of problem.

Is there anything we are missing there or it's just how Microsoft Live Migration works?

We tried too with Credssp but still not working.

One thing interesting is Quick Migration is working in any case. But because it can't be automated, it's not what we want.

Sincerely,

Hyper-V
Hyper-V
A Windows technology providing a hypervisor-based virtualization solution enabling customers to consolidate workloads onto a single server.
2,636 questions
Windows Server Clustering
Windows Server Clustering
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Clustering: The grouping of multiple servers in a way that allows them to appear to be a single unit to client computers on a network. Clustering is a means of increasing network capacity, providing live backup in case one of the servers fails, and improving data security.
980 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ian Xue (Shanghai Wicresoft Co., Ltd.) 34,271 Reputation points Microsoft Vendor
    2024-02-22T06:58:54.2+00:00

    Hi DSIC,

    Thanks for your post. Before you inspect the Kerberos protocol, make sure that the following services or conditions are functioning properly:

    • The network infrastructure is functioning properly, and all computers and services can communicate.
    • The domain controller is accessible. You can run the command nltest /dsgetdc:<Domain Name> /force /kdc (for example, nltest /dsgetdc:contoso.com /force /kdc) on the client or target server.
    • Domain Name System (DNS) is configured properly and resolves host names and services appropriately.
    • The clocks are synchronized across the domain.
    • All critical updates and security updates for Windows Server are installed.
    • All software, including non-Microsoft software, is updated.
    • The computer is restarted if you're running a server operating system.
    • The required services and server are available. The Kerberos authentication protocol requires a functioning domain controller, DNS infrastructure, and network to work properly. Verify that you can access these resources before you begin troubleshooting the Kerberos protocol.

    Reference: Kerberos authentication troubleshooting guidance - Windows Server | Microsoft Learn If the guide still not help, it is suggested to refer the following live migration troubleshooting guide for any other evidence. Troubleshoot live migration issues - Windows Server | Microsoft Learn   Best Regards,

    Ian Xue

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments