How to Configure Kerberos Authentication for Hyper-V Nutanix

In PRISM

  1. Login to your PRISM console
  2. Click the Gear icon in the top right and select Kerberos Management
  3. Flip the switch for Kerberos Required and enter credentials with rights to modify the Nutanix Storage Cluster active directory computer object
  4. Click Save

On a Domain Controller (DC)

  1. Logon to one of your DC’s in the domain the Nutanix cluster is a part of
  2. Drill down to the Nutanix Storage Cluster computer object so we can add the Hyper-V Node delegations
  3. Right click the Nutanix Storage Cluster computer object and select Properties
  4. Select the Delegation tab
  5. Select Trust this computer for delegation to specified services only and Use any authentication protocol
  6. Click Add
  7. Click Users or Computers
  8. Type in the name of the 1st Hyper-V Host and click Check Name
  9. Once resolved then click OK
  10. Add CIFS and Microsoft Virtual System Migration Service
  11. Repeat step 8-10 for each Hyper-V Host in the Nutanix Cluster
  12. Now find the other Hyper-V Host computer objects so we can add the delegation for the Nutanix Storage Cluster
  13. Right click each Hyper-V Host computer object and select Properties
  14. Select the Delegation tab
  15. Select Trust this computer for delegation to specified services only and Use any authentication protocol
  16. Click Add
  17. Click Users or Computers
  18. Type the Nutanix Storage Cluster computer object and click Check Name
  19. Once resolved then click OK
  20. Add the CIFS

    (MUST use the Fully Qualified Domain Name for the Nutanix Storage Cluster computer object)

  21. Now we need to sync these AD changes to other DCs

Repadmin /syncall /AeD

Repadmin /syncall /AeDP

On a Controller VM (CVM)

  1. Logon to any CVM in the Nutanix Cluster
  2. Run the following command to purge the klist on each Hyper-V Host

allssh winsh klist purge

On Each Hyper-V Host

  1. Logon to each Hyper-V host
  2. Open Powershell as Administrator
  3. Run the following commands:

Set-SMBClientConfiguration -RequireSecuritySignature $True -Force

Restart-Service -Name VMMS -Force

That’s it! You will be able to create, manage VMs from the Windows Failover Cluster Manager via secure Kerberos authentication. Enjoy!

Ref links:

https://portal.nutanix.com/#/page/docs/details?targetId=HyperV-Admin-AOS-v51:hyp-kerberos-enable-t.html

https://portal.nutanix.com/#/page/docs/details?targetId=Web-Console-Guide-Prism-v55:hyp-kerberos-enable-t.html
https://portal.nutanix.com/#/page/kbs/details?targetId=kA03200000098ECCAY

Keywords:

Nutanix Hyper-V Constrained Delegation

The Virtual Machine Management service encountered an error while configuring

the hard disk on virtual machine New Virtual Machine. Failed to create the virtual hard disk.

The server encountered an error while creating New Virtual Machine. Failed to create a new virtual machine.

Failed to create the virtual hard disk.

Failed to create a new virtual machine.

Event ID 27262

The description for Event ID 27262 from source Microsoft-Windows-Hyper-V-VMMS cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

0x8007052E

Categories: Uncategorized

Leave a Reply

%d bloggers like this: