Hi
We have a Hyper-V 2012 3 node cluster, the VMs are stored on a Server 2012 based 2 node Scale Out File Server.
We created this setup from new in October 2013 and it has generally worked OK since but we do get the occasional "General Access Denied Error (0x80070005)" when we try to live migrate a virtual machine. The instructions in the below TechNet article do not work for us - the result indicates success but when we try the Live Migration again we get the same error message.
http://support.microsoft.com/kb/2249906/en-gb
I have in the past resolved this by removing the virtual machine from Failover Cluster Manager, migrating it via Hyper-V Manager, logging on to the destination Hyper-V host and re-importing it to Failover Cluster Manager from there.
However last night I was doing some system maintenance and went to drain a host via Failover Cluster Manager. The host had around 20 VMs on it and only two VMs successfully migrated - the other VMs did not migrate and now I cannot move them from that host for love nor money!
The Event Log for FCM indicates they have the "General Access Denied" error.
I have tried the following:
- Use instructions in above mentioned TechNet article (shows success, but same error happens when I try to Live Migrate)
- Tried the method I have mentioned above (removing from FCM etc.). Get the Access Denied message
- Checking the folder permissions on the "Virtual Machines" folder where XMLs are stored. Permissions appear OK for all Hyper-V hosts (also checked the VMs VHD permissions)
- Trying the Live Migration directly on Hyper-V host rather than via a Constrained Delegation scenario
- Checking Constrained Delegation in AD (seems fine as per when I set it up in October)
- Checking permissions on the Scale Out File Server
With regards to the Scale Out File Server I have noticed in the past some odd permissions things going on. I have seen the permissions for the Hyper-V hosts going from (for example) "Full Access" on "This Folder, Subfolders & Files" to random things like " Read/Modify" on "This Folder Only". Manually changing the permissions back to Full Control resolves the issue, but does not stop it recurring again.
So I'm a bit confused really! It looks like a mixed basket of permissions issues going on! Some of our most critical machines are on that host at the moment and they cannot be moved. Any suggestions appreciated.
Many thanks