Virtual Machine Migration Operation Failed to Authenticate The Connection at the source Host: The Target Principal Name is Incorrect. (0x80090322) #HyperV

2 Min. Read

Hyper-V-LM-Error-0x80090322-00

While moving a virtual machine from HOST-03 to HOST-02, I encountered the following error:

There was an error during move operation.
Virtual machine migration operation failed at migration source.
Failed to establish a connection with host ‘HV02’: The target principal name is incorrect. (0x80090322).
Failed to authenticate the connection at the source host: The target principal name is incorrect. (0x80090322).
Virtual machine migration operation for ‘VMNAME’ failed at migration source ‘HV03’. (Virtual machine ID 4DEAE151-010C-4AC5-9A0F-0D5E7B43FD84)
The Virtual Machine Management Service failed to establish a connection for a Virtual Machine migration with host ‘HV02’: The target principal name is incorrect. (0x80090322).
The Virtual Machine Management Service failed to authenticate the connection for a Virtual Machine migration at the source host: The target principal name is incorrect. (0x80090322).

SNAGHTMLb29c599

If we do the same live migration operation using PowerShell, we receive the exact same error:

Hyper-V-LM-Error-0x80090322-02

If we look at the event log on the server where I am migrating from, we can see the following error:

Hyper-V-LM-Error-0x80090322-04

I am using Kerberos as authentication protocol and constrained delegation is set in Active Directory accordingly.Hyper-V-LM-Error-0x80090322-03

A quick overview about Kerberos protocol for Live Migration… Kerberos is more secure and is not subject to the single hop limitation, in other words, you can initiate Live Migration from your management machine without the need to log in remotely to the Hyper-V host. If you are still logging in to the host, please stop doing that! However Kerberos requires the use of constrained delegation.

This error indicates that it tried to connect to a particular machine, but a different machine responded. There are three things you need to check in the following order:

  1. 1- Duplicate IPs.
  2. 2- Duplicate DNS entries.
  3. 3- Using the incorrect network to do a live migration.

In my case it was a duplicate IP address between the Management OS and the live migration network which was difficult to find.

I opened the Management network to confirm that all IPs are set correctly, when I hit ok. I received the following warning!

Hyper-V-LM-Error-0x80090322-05

I opened the network interface to check if the IP is duplicate.

Hyper-V-LM-Error-0x80090322-06

And then I query the same interface using PowerShell

Hyper-V-LM-Error-0x80090322-07

As you can see we have only one IP address and it’s different IP: 172.21.25.12 Thinking smile

This is really weird! I opened again the network interface properties, under Advanced TCP/IP, I found the following:

Two IP addresses, the first IP is the one which is set on the Management interface as well.

Hyper-V-LM-Error-0x80090322-08

To resolve this issue, remove the duplicate IP from the Live Migration network.

Now you can Live Migrate successfully. Bingo!

Hyper-V-LM-Error-0x80090322-09

Hope this helps!

Cheers,
-Charbel

Previous

How to Switch a VM From Dynamic IP To Static IP Pool in Virtual Machine Manager? #VMM #SCVMM #SysCtr #HyperV

Background disk merge failed to complete: The requested operation could not be completed due to a file system limitation (0x80070299)

Next

Let me know what you think, or ask a question...

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to Stay in Touch

Never miss out on your favorite posts and our latest announcements!

The content of this website is copyrighted from being plagiarized!

You can copy from the 'Code Blocks' in 'Black' by selecting the Code.

Please send your feedback to the author using this form for any 'Code' you like.

Thank you for visiting!