Monitoring and reporting for Veeam Backup & Replication, VMware vSphere and Microsoft Hyper-V
Vitaliy S.
Product Manager
Posts: 22131
Liked: 1382 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Hyper-V Account Does Not Have Permission Event

Post by Vitaliy S. » Mar 18, 2015 1:41 pm

Yes, can you please provide it and I will forward it to our QC team as additional info about this case.

mbrinkho
Enthusiast
Posts: 28
Liked: 2 times
Joined: Jan 03, 2014 5:14 pm
Full Name: M Brinks
Contact:

Re: Hyper-V Account Does Not Have Permission Event

Post by mbrinkho » Mar 18, 2015 1:58 pm 1 person likes this post

Here it is - it's not pretty but it does work for me. I've sanitized it a bit so in order to make it work you'll have to replace the relevant bits. It also adds live migration delegation but I didn't have time to strip that out. There is a much easier way to do it in Powershell using Enable-SmbDelegation but it requires that the AD forest be at Server 2012 functional level and we aren't there.

Code: Select all

# HV-SetServerDelegationInAD.ps1
# sets constrained delegation for all hyper-v servers TO all hyper-v servers in AD + SMB3 servers used for remote storage
# mostly borrowed from http://rcmtech.wordpress.com/2013/07/19/powershell-kerberos-constrained-delegation-for-hyper-v-live-migration/
# 10/8/14 Matt Brinks
# 10/23/14 MB Added SMB delegation for other HV hosts as well as live migration delegation

# OU that your servers are in in AD
$serversOU = [ADSI]"LDAP://OU=Computers,DC=MYDOMAIN,DC=LOCAL"
# DNS Suffix
$DNSSuffix = "MYDOMAIN.local"
# array of SMB3 servers to give delegation to
$smbServers = "SMB3Server1","SMB3Server2","SMB3Server3"
# empty hash table
$hvHosts = @{}
# regular expression that identifies Hyper-V hosts by name 
$hostNameRegex = 'HYPERVSERVER[0-9][0-9]'

foreach ($child in $serversOU.PSBase.Children) {
    # add each computer in the OU to the hash table
    if ($child.ObjectCategory -like '*computer*' -and $child.Name.Value -match $hostNameRegex) {
        $hvHosts.Add($child.Name.Value, $child.distinguishedName.Value)
    }
}
# create a list of short names for the hyperv hosts
$hvHostsShort = @()
foreach ($hostShortName in $hvHosts.keys) {
    $hvHostsShort += $hostShortName
    }
# add the hyperv hosts to the list of smb servers so they can access each others local drives
$smbServers += $hvHostsShort

# Process each AD computer object in the OU in turn
foreach ($hvHost in $hvHosts.values) {
    Write-Host "Setting Delegation for Hyper-V Host : $hvHost"
    foreach ($smbServer in $smbServers) {
        Write-Host ("Adding cifs delegation for $smbServer")
        Set-ADObject -Identity $hvHost -Add @{"msDS-AllowedToDelegateTo" = "cifs/"+$smbServer}
        Set-ADObject -Identity $hvHost -Add @{"msDS-AllowedToDelegateTo" = "cifs/"+$smbServer+"."+$DNSSuffix} 
        }
    # add the live migration delegation for all of the other hyperv hosts
    foreach ($hvHostShort in $hvHostsShort) {
        Write-Host ("Adding live migration delegation for $hvHostShort")
        Set-ADObject -Identity $hvHost -Add @{"msDS-AllowedToDelegateTo" = "Microsoft Virtual System Migration Service/"+$hvHostShort}
        Set-ADObject -Identity $hvHost -Add @{"msDS-AllowedToDelegateTo" = "Microsoft Virtual System Migration Service/"+$hvHostShort+"."+$DNSSuffix} 
        }
    write-host "-----------------------------------"
}

torstende
Novice
Posts: 5
Liked: 2 times
Joined: Mar 31, 2015 7:55 am
Full Name: torsten
Contact:

Re: Hyper-V Account Does Not Have Permission Event

Post by torstende » Mar 31, 2015 7:58 am

I have the same error on all Hyper-V cluster hosts here.
Are there any updates?

Vitaliy S.
Product Manager
Posts: 22131
Liked: 1382 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Hyper-V Account Does Not Have Permission Event

Post by Vitaliy S. » Mar 31, 2015 3:40 pm

If you have the same issue, please open a support case with our technical team. For further troubleshooting you can give a reference to this thread.

torstende
Novice
Posts: 5
Liked: 2 times
Joined: Mar 31, 2015 7:55 am
Full Name: torsten
Contact:

Re: Hyper-V Account Does Not Have Permission Event

Post by torstende » Apr 02, 2015 11:21 am 1 person likes this post

I followed the advice from mbrinko and did a bit more researching for SMB Delegation.
Here is a good article for Windows 2012 R2 environments:
http://blogs.technet.com/b/josebda/arch ... ation.aspx

After implementing the delegation the error is gone.

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests