Virtual Machine Migration Operation Failed to Authenticate The Connection at the source Host: The Target Principal Name is Incorrect. (0x80090322) #HyperV

Hyper-V-LM-Error-0x80090322-00

While moving a virtual machine from HOST-03 to HOST-02, I encountered the following error:

There was an error during move operation.
Virtual machine migration operation failed at migration source.
Failed to establish a connection with host ‘HV02’: The target principal name is incorrect. (0x80090322).
Failed to authenticate the connection at the source host: The target principal name is incorrect. (0x80090322).
Virtual machine migration operation for ‘VMNAME’ failed at migration source ‘HV03’. (Virtual machine ID 4DEAE151-010C-4AC5-9A0F-0D5E7B43FD84)
The Virtual Machine Management Service failed to establish a connection for a Virtual Machine migration with host ‘HV02’: The target principal name is incorrect. (0x80090322).
The Virtual Machine Management Service failed to authenticate the connection for a Virtual Machine migration at the source host: The target principal name is incorrect. (0x80090322).

SNAGHTMLb29c599

If we do the same live migration operation using PowerShell, we receive the exact same error:

Hyper-V-LM-Error-0x80090322-02

If we look at the event log on the server where I am migrating from, we can see the following error:

Hyper-V-LM-Error-0x80090322-04

I am using Kerberos as authentication protocol and constrained delegation is set in Active Directory accordingly.Hyper-V-LM-Error-0x80090322-03

A quick overview about Kerberos protocol for Live Migration… Kerberos is more secure and is not subject to the single hop limitation, in other words, you can initiate Live Migration from your management machine without the need to log in remotely to the Hyper-V host. If you are still logging in to the host, please stop doing that! However Kerberos requires the use of constrained delegation.

This error indicates that it tried to connect to a particular machine, but a different machine responded. There are three things you need to check in the following order:

  1. 1- Duplicate IPs.
  2. 2- Duplicate DNS entries.
  3. 3- Using the incorrect network to do a live migration.

In my case it was a duplicate IP address between the Management OS and the live migration network which was difficult to find.

I opened the Management network to confirm that all IPs are set correctly, when I hit ok. I received the following warning!

Hyper-V-LM-Error-0x80090322-05

I opened the network interface to check if the IP is duplicate.

Hyper-V-LM-Error-0x80090322-06

And then I query the same interface using PowerShell

Hyper-V-LM-Error-0x80090322-07

As you can see we have only one IP address and it’s different IP: 172.21.25.12 Thinking smile

This is really weird! I opened again the network interface properties, under Advanced TCP/IP, I found the following:

Two IP addresses, the first IP is the one which is set on the Management interface as well.

Hyper-V-LM-Error-0x80090322-08

To resolve this issue, remove the duplicate IP from the Live Migration network.

Now you can Live Migrate successfully. Bingo!

Hyper-V-LM-Error-0x80090322-09

Hope this helps!

Cheers,
-Charbel

About Charbel Nemnom 311 Articles
Charbel Nemnom is a Microsoft Cloud Consultant and Technical Evangelist, totally fan of the latest's IT platform solutions, accomplished hands-on technical professional with over 15 years of broad IT Infrastructure experience serving on and guiding technical teams to optimize performance of mission-critical enterprise systems. Excellent communicator adept at identifying business needs and bridging the gap between functional groups and technology to foster targeted and innovative IT project development. Well respected by peers through demonstrating passion for technology and performance improvement. Extensive practical knowledge of complex systems builds, network design and virtualization.

Be the first to comment

Leave a Reply