HyperV Migration – 0x80090303 – Failed to Authenticate

HyperV Live Migration SPNs – 442 Failed to Authenticate (0x80090303)

Good golly, I just want to move, export, or replicate a VM from one HyperV Server to another. Why is it so frustrating? Commonly received is the rror 0x80090303, meaning that a HyperV host is not allowed to make a live migration connection to another HyperV host — It must become delegated.

 

The reasons for why this has to be so much work (at least, per worthless Microsoft Technet articles), are beyond the scope of this article. The fix can be quick and easy. From my personal experience, I’ve only gotten CredSSP to work once after a lot of pain and agony. Kerberos through constrained delegation can work, but only if the SPNs are set correctly. Make sure both servers are joined to the same domain, and the VM to be migrated has it’s Processor expanded Compatibility Settings configured for “Migrate to a physical computer with a different process version” checked.

 

Delegation can be done through Active Directory Users and Computers, but then you have to get the servers to pull their new SPN settings through either a reboot or “gpupdate /force”, which even then only occasionally works.

 

The quick and easy fix

Take the code below, find & replace the SERVERA, SERVERB, and domain.local fields, and punch it into each server. ServerA commands entered into an administrative command prompt on Server A, and ServerB commands for Server B. By reloading the vmms service you force pull the new settings.

If you cannot find the Active Directory Attribute Editor button for “Trust this computer”, don’t worry about it, the SPNs are really what matter.

Punch in the commands, close and re-open HyperV manager on both, and give your move/export/replication another whirl.

=-=-=-=-=-=-= Hyper-V Live Migrations =-=-=-=-=-=-=
Active Directory > Right-Click Machine > Properties > Delegation > Trust this computer for delegation to any service (Kerberos Only)

For SERVERA
setspn -S "Hyper-V Replica Service/SERVERA" SERVERA
setspn -S "Hyper-V Replica Service/SERVERA.domain.local" SERVERA
setspn -S "Microsoft Virtual Console Service/SERVERA" SERVERA
setspn -S "Microsoft Virtual Console Service/SERVERA.domain.local" SERVERA
setspn -S "Microsoft Virtual System Migration Service/SERVERA" SERVERA
setspn -S "Microsoft Virtual System Migration Service/SERVERA.domain.local" SERVERA
net stop vmms && net start vmms
----
For SERVER B
setspn -S "Hyper-V Replica Service/SERVERB" SERVERB
setspn -S "Hyper-V Replica Service/SERVERB.domain.local" SERVERB
Setspn -S "Microsoft Virtual Console Service/SERVERB" SERVERB
setspn -S "Microsoft Virtual Console Service/SERVERB.domain.local" SERVERB
setspn -S "Microsoft Virtual System Migration Service/SERVERB" SERVERB
setspn -S "Microsoft Virtual System Migration Service/SERVERB.domain.local" SERVERB

net stop vmms && net start vmms

 

 

2 thoughts on “HyperV Migration – 0x80090303 – Failed to Authenticate

Leave a Reply

Your email address will not be published. Required fields are marked *