Hi all,
I am running some tests in a lab environment and have run into an issue that's left me quite confused. I'm running some base VMs in VMware Workstation, two of which are nested virtualization Hyper-V machines installed on Windows Server 2016 Datacenter Core. One last machine simple serves as a GUI management node and Veeam host.
A visual representation of my environment:
>Workstation Host (VMware Workstation as hypervisor)
>>LAB-VHOST01
>>>>LAB-DC01
>>>>LAB-ADCS01
>>>>LAB-NANO01
>>LAB-VHOST02
>>LAB-MGMT01
My challenge lies within trying to live migrate a VM from LAB-VHOST01 to LAB-VHOST02 using the management console on LAB-MGMT01 using Kerberos authentication. I've set up the cifs and 'Microsoft Virtual System Moving Service' services on LAB-VHOST01 to delegate to LAB-VHOST02, and vise versa.
However, when I initiate a VM migration with those two services delegated, it fails with a 'no credentials are available in the security package' Kerberos error message, and the event log on LAB-MGMT01 reports an Audit Failure on a null SID.
When I configure either of the VHOSTs to delegate to any service, the live migration is successful. My question then is, what services and/or hosts are actually involved in this process? I've tried delegating every service to the opposite host, but it fails as well. It only succeeds when automated delegation to any service is used. I've had no luck looking online and would appreciate any input.