Configuring Hyper-V Live Migration without Failover Clustering

October 17th, 2019 | Tags:

Shared Nothing Live Migration requirements:

  1. Migration is possible between the servers running the following OSs: Windows Server 2012 R2 or Windows Server 2016
  2. Virtual machine version has to be 5 or higher
  3. Both computers must be located in the same Active Directory domain or in trusted domains
  4. A user performing the configuration must have Hyper-V administrator privileges. While configuring Kerberos constrained delegation, a user must have the domain administrator privileges (or server account privileges)

Suppose, we have 2 servers running Windows Server 2016 with the Hyper-V role: Srv01 and Srv03. Both servers are members of the Active Directory domain and are not clustered (Windows Server Failover Clustering). Start Hyper-V Manager console on any of the servers and add both servers to it.

hyper-v 2016 manager

Then enable Live Migration in the settings of both servers. To do it, right-click a Hyper-V server and select Hyper-V Settings. Go to the Live Migration section and check Enable incoming and outgoing live migrations. Restrict the list of migrations to the IP addresses of two Hyper-V hosts.

Enable incoming and outgoing live migrations

Then select Use Kerberos as the authentication protocol in the Advanced Features section. Use Kerberos as the authentication protocol for live vm migration

You can do the same things using the following PowerShell commands:

Enable-VMMigration
Set-VMMigrationNetwork 192.168.10.41 192.168.10.21
Set-VMHost -VirtualMachineMigrationAuthenticationType

Note. VM Live Migration is also possible using CredSSP protocol, but in this case the administrator will have to sign in (using RDP) on the server that is a source of migration or connect to it remotely using PowerShell Remoting.

To migrate a VM using Kerberos authentication, the administrator doesn’t need to sign in on the server, but the constrained delegation in Active Directory (KCD — Kerberos constrained delegation) has to be configured.

Start the ADUC snap-in, find the account of the first Hyper-V server, open its properties and go to the Delegation tab.

Check Trust this computer for delegation to specified services only and Use Kerberos only and click Add. Trust this computer for delegation to specified services only -> Use Kerberos only

In the next window, click Users and Computers and specify the name of the second Hyper-V server. In the list of available services, select Microsoft Virtual System Migration Service.

Microsoft Virtual System Migration Service

Tip. If you also have to migrate the VM storage, select cifs protocol as well.

Save the delegation settings. Configure the same settings for the second Hyper-V server.

It remains to wait for the replication of the changes in AD and re-issue of the Kerberos ticket, then you can perform live migration of the VM. Right-click the virtual machine and select Move.

hyper-v 2016 - move vm

Select Move the virtual machine as the type of migration.

Move the virtual machine wizard

Specify the name of the Hyper-V host to which you want to migrate VM.

Then select the folder on a target host to move the VM files to (the folder must exist already).

vm location

Click Finish and wait till the Live Migration process of the virtual machine to the second Hyper-V server is over.

Tip. You can start the VM migration using the following PowerShell command:Move-VM srvapp1 Srv01 -IncludeStorage -DestinationStoragePath c:\hyperv\vm

If the processor compatibility isn’t turned on in the VM settings, the migration will be interrupted with the following error:

The virtual machine cannot be moved to the destination computer. The hardware on the destination computer is not compatible with the hardware requirements of this virtual machine.

To solve this problem, you will have to shut down the VM and enable CPU compatibility for it:

Set-VMProcessor srvapp1 -CompatibilityForMigrationEnabled $true

No comments yet.