Hoping someone can shed some light.
I have 4 servers. 2 are clustered storage (using storage spaces) (connected to an external JBOD chassis)(ST01 & ST02), the other 2 are cluster HyperV 2012 servers (HV02 & HV03). I'm able to perform most HyperV functions (in Failover Cluster Manager)
just fine using the CSV storage presented by the cluster storage (create new VMs, mount drives, mount ISOs, run VMs etc). The problem comes up in this scenario.
- Log into HV02 and open Failover Cluster Manager.
- Create a new virtual machine.
- This works fine and I can see that the owner node for the new VM is HV02.
- Now, if I happen to log into HV03 and open Failover Cluster Manager and try to make a change (for example, move some of the storage on the CSV to a different folder), I get an Access denied error.
- It looks like this.
(I can't post images yet apparently) so...
================
X An error occurred while moving the virtual machine(s) storage.
Failed to get the disk information.
'': account does not have permission required to open attachment '\\server\share\folder\folder\vm.vhdx'. Error: 'General access denied error' (0x80070005). (Virtual machine ID )
=======================
The bolded part is the ONLY thing that I redacted...all the rest is verbatim.
I've been over and over the permissions (both share and NTFS) and cannot discover what I'm missing. The hard part is that it's not entirely clear from this error message what account exactly it is that doesn't have permissions.
The share permissions on the folder where this file lives has HV02$ and HV03$ with Full Control. It also has the HyperVCluster$ machine account that is used by the HV cluster with Full Control.
The NTFS permissions are the same. Full control for all 3 machine accounts.
This isn't the only place this happens either. I get a similar error if I create the machine on HV02, then log into HV03 and attempt to do a live migration.
So it seems that I cannot manage any resource created by HV02 when I'm logged into HV03 (and vice versa).
I've been through dozen of articles discussing permissions (mostly around the NT Virtual Machine type accounts), but this seems like a red herring, since if that were the case I'd have to make manual changes every single time I created a new VM.
Thanks in advance for any help.