How to Configure Kerberos Authentication for Hyper-V Nutanix
- By g2
- February 13, 2018
- No Comments
In PRISM
- Login to your PRISM console
- Click the Gear icon in the top right and select Kerberos Management
- Flip the switch for Kerberos Required and enter credentials with rights to modify the Nutanix Storage Cluster active directory computer object
- Click Save
On a Domain Controller (DC)
- Logon to one of your DC’s in the domain the Nutanix cluster is a part of
- Drill down to the Nutanix Storage Cluster computer object so we can add the Hyper-V Node delegations
- Right click the Nutanix Storage Cluster computer object and select Properties
- Select the Delegation tab
- Select Trust this computer for delegation to specified services only and Use any authentication protocol
- Click Add
- Click Users or Computers
- Type in the name of the 1st Hyper-V Host and click Check Name
- Once resolved then click OK
- Add CIFS and Microsoft Virtual System Migration Service
- Repeat step 8-10 for each Hyper-V Host in the Nutanix Cluster
- Now find the other Hyper-V Host computer objects so we can add the delegation for the Nutanix Storage Cluster
- Right click each Hyper-V Host computer object and select Properties
- Select the Delegation tab
- Select Trust this computer for delegation to specified services only and Use any authentication protocol
- Click Add
- Click Users or Computers
- Type the Nutanix Storage Cluster computer object and click Check Name
- Once resolved then click OK
- Add the CIFS
(MUST use the Fully Qualified Domain Name for the Nutanix Storage Cluster computer object)
- Now we need to sync these AD changes to other DCs
Repadmin /syncall /AeD
Repadmin /syncall /AeDP
On a Controller VM (CVM)
- Logon to any CVM in the Nutanix Cluster
- Run the following command to purge the klist on each Hyper-V Host
allssh winsh klist purge
On Each Hyper-V Host
- Logon to each Hyper-V host
- Open Powershell as Administrator
- Run the following commands:
Set-SMBClientConfiguration -RequireSecuritySignature $True -Force
Restart-Service -Name VMMS -Force
That’s it! You will be able to create, manage VMs from the Windows Failover Cluster Manager via secure Kerberos authentication. Enjoy!
Ref links:
https://portal.nutanix.com/#/page/docs/details?targetId=Web-Console-Guide-Prism-v55:hyp-kerberos-enable-t.html
https://portal.nutanix.com/#/page/kbs/details?targetId=kA03200000098ECCAY
Leave a Reply