In one of my previous posts I went over how to configure live migration (for all three types). One of the biggest pain points there is setting up the Constrained Delegation and Live Migration Authentication (needed for Hyper-V Manager Migration/move-vm), so I've written up a script to simplify the setup. Take a look below the break for more!
Simply copy this into a notepad (or the PowerShell ISE) and save it as a .ps1 file. You can then run it by simply running .\[script_name] from powershell (cd into the directory where the script is saved).
You may need to change your Execution Policy with the command Set-ExecutionPolicy Unrestricted from an elevated prompt
Simply copy this into a notepad (or the PowerShell ISE) and save it as a .ps1 file. You can then run it by simply running .\[script_name] from powershell (cd into the directory where the script is saved).
You may need to change your Execution Policy with the command Set-ExecutionPolicy Unrestricted from an elevated prompt
#script to configure Kerberos Authentication on the hosts in a particular cluster #and to configure constrained delegation (CD) for the cluster #run from a workstation logged in as a domain admin as we need to edit domain objects for CD
#written 4/2015 by rtpchris.com
param( [Parameter(Mandatory=$True,Position=0)] [string]$clusterName ) $clusterNodes = @(get-clusternode -cluster $clusterName) $DNs = @() $FQDNs = @() $domainName = (get-addomain).forest #In this loop we get the AD DN and the FQDN for each host in the cluster #after that we check if authentication is set to kerberos on the host #and set change it to kerberos if not foreach ($node in $clusterNodes) { $DNs += (Get-ADComputer $node.name).DistinguishedName $FQDNs += ($node).name + "." + $domainName if((get-vmhost $node.name).VirtualMachineMigrationAuthenticationType -notcontains "Kerberos") { Set-VMHost ($node).Name -VirtualMachineMigrationAuthenticationType Kerberos } } #in this loop we setup the constrained delegation (CD) #the first loop iterates though the nodes in the cluster that we are configuring CD for #the second loop iterates though the other nodes that we need to add to that #for live migration we need CIFS and Microsoft Virtual System Migration Service for ($i = 0; $i -le ($DNs).Length - 1; $i++) { for ($j = 0; $j -le ($DNs).Length; $j++) { if ($j -eq $i) {Continue} $name = ($clusterNodes[$j]).name Set-ADObject $DNs[$i] -Add @{"msDS-AllowedToDelegateTo"="cifs/$name","Microsoft Virtual System Migration Service/$name"} } } Write-host "Script complete. Please verify AD settings, purge the tickets on the hosts and log out/log in of the management server to use live migration" Write-host "If running Nutanix run the following command to purge all the tickets at once" Write-host "allssh `"source /etc/profile; winsh `'klist purge`'`""