While moving a virtual machine in Hyper-V from HOST-03 to HOST-02, I encountered the following error:
There was an error during the move operation.
Virtual machine migration operation failed at migration source.
Failed to establish a connection with host ‘HV02’: The target principal name is incorrect. (0x80090322).
Failed to authenticate the connection at the source host: The target principal name is incorrect. (0x80090322).
Virtual machine migration operation for ‘VMNAME’ failed at migration source ‘HV03’. (Virtual machine ID 4DEAE151-010C-4AC5-9A0F-0D5E7B43FD84)
The Virtual Machine Management Service failed to establish a connection for a Virtual Machine migration with host ‘HV02’: The target principal name is incorrect. (0x80090322).
The Virtual Machine Management Service failed to authenticate the connection for a Virtual Machine migration at the source host: The target principal name is incorrect. (0x80090322).
If we do the same live migration operation using PowerShell, we receive the exact same error:
If we look at the event log on the server where I am migrating from, we can see the following error:
I am using Kerberos as authentication protocol and constrained delegation is set in Active Directory accordingly.
A quick overview about Kerberos protocol for Live Migration… Kerberos is more secure and is not subject to the single hop limitation, in other words, you can initiate Live Migration from your management machine without the need to log in remotely to the Hyper-V host. If you are still logging in to the host, please stop doing that! However, Kerberos requires the use of constrained delegation.
This error indicates that it tried to connect to a particular machine, but a different machine responded. There are three things you need to check in the following order:
- 1- Duplicate IPs.
- 2- Duplicate DNS entries.
- 3- Using the incorrect network to do a live migration.
In my case, it was a duplicate IP address between the Management OS and the live migration network which was difficult to find.
I opened the Management network to confirm that all IPs are set correctly when I hit ok. I received the following warning!
I opened the network interface to check if the IP is duplicated.
And then I query the same interface using PowerShell:
As you can see we have only one IP address and it’s different IP: 172.21.25.12
This is really weird! I opened again the network interface properties, under Advanced TCP/IP, I found the following:
Two IP addresses, the first IP is the one which is set on the Management interface as well.
To resolve this issue, remove the duplicate IP from the Live Migration network.
Now you can Live Migrate successfully. Bingo!
Hope this helps!