Estou emitindo este comando no host do Hyper-V SERVER2:
Clear; Get-VM | ForEach {
Write-Host "Migrating: "$_.Name;
Move-VMStorage '
-VM $_ '
-DestinationStoragePath "\SERVER1\D$";
}
Ambos os servidores são ingressados no domínio, sem cluster.
Este é o resultado que estou recebendo:
Move-VMStorage : Storage migration for virtual machine 'ADMIN' (4F452569-7DB9-4606-9371-A905267A7B0F) failed with error 'General access denied error' (0x80070005). Migration did not succeed. Could not start mirror operation for the VHD file 'D:\Virtual Hard Disks\ADMIN.vhdx' to '\SERVER1\D$\Virtual Hard Disks\ADMIN.vhdx': 'General access denied error'('0x80070005'). You do not have permission to perform the operation. Contact your administrator if you believe you should have permission to perform this operation.
As ACLs estão configuradas corretamente:
PS C:\Users\domain.admin> Get-Acl 'D:\Virtual Hard Disks' | FL
Path : Microsoft.PowerShell.Core\FileSystem::D:\Virtual Hard Disks
Owner : BUILTIN\Administrators
Group : DOMAIN\Domain Users
Access : CREATOR OWNER Allow 268435456
NT AUTHORITY\SYSTEM Allow FullControl
BUILTIN\Administrators Allow FullControl
BUILTIN\Users Allow CreateFiles, AppendData
BUILTIN\Users Allow ReadAndExecute, Synchronize
NT VIRTUAL MACHINE\Virtual Machines Allow CreateFiles, AppendData, Read, Synchronize
DOMAIN\SERVER2$ Allow -2147483642
DOMAIN\SERVER2$ Allow CreateFiles, AppendData, Read, Synchronize
Audit :
Sddl : O:BAG:DUD:AI(A;OICIIO;GA;;;CO)(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;CI;DCLC;;;BU)(A;OICI;0x1200a9;;;BU)(A;OICI;0x
12008f;;;S-1-5-83-0)(A;CIIO;DCLCGR;;;S-1-5-21-369066176-630964511-2072824237-1119)(A;;0x12008f;;;S-1-5-21-3690
66176-630964511-2072824237-1119)
e:
C:\Users\domain.admin>net localgroup Administrators
Alias name Administrators
Comment Administrators have complete and unrestricted access to the compu
ter/domain
Members
-------------------------------------------------------------------------------
Administrator
DOMAIN\Domain Admins
The command completed successfully.
C:\Users\domain.admin>net group "Domain Admins" <==(on the PDC)
Group name Domain Admins
Comment Designated administrators of the domain
Members
-------------------------------------------------------------------------------
Administrator domain.admin
The command completed successfully.
C:\Users\domain.admin>whoami
DOMAIN\domain.admin
Eu deleguei o Kerberos como discutido aqui . As migrações de entrada e saída são ativadas nas duas máquinas, no Kerberos, sob qualquer rede disponível. Ambos os firewalls estão desligados.
Entrei em contato com meu administrador e também não sei o que está errado.
Onde procurar a seguir?
O problema é que eu não adicionei as máquinas de origem e de destino às permissões do compartilhamento de destino:
# Create folder
MD X:\VMS
# Create file share
New-SmbShare -Name VMS1 -Path X:\VMS -FullAccess Domain\HVAdmin, Domain\HV1$, Domain\HV2$, Domain\HVC$
# Set NTFS permissions from the file share permissions
Set-SmbPathAcl VMS1
Isso está documentado aqui:
Depois que eu adicionei a migração, ela passou direto.