[Samba] kerberos issue (SPN not found) with windows Hyper-V ( samba 4.5.3 AD)

Kacper Wirski k.wirski at babkamedica.pl
Sun Mar 19 22:06:50 UTC 2017

To be more precise, live migration works, but only when started directly 
from the hyper-v that I'm directly logged into (via RDP for example), as 
in: logged into host A, I can live migrate from host A to host B, to 
migrate the other way round I have to log into host B first and start 
migration there.

Bug must  be somewhere  within kerberos constrained delegation or maybe 
it's still connected to the weird hyper-v SPN's (weird as in: with 
whitespaces within their names) and my proposed workaround to get 
anything started (hyper-v replica  and live migration with 
aforementioned limitations).

I've tried to read up more on possible causes for the kerberos error, 
but I'm too much of a newbie to have any chance to truly understand 
what's not working. Or even if it's supposed to work at all.

Anyway I made a further test and I created a simple 2 node Hyper-V 
failover cluster on top of those hyper-v hosts used earlier, and within 
the cluster live migration works perfectly in every direction imagined 
(when using failover cluster manager, I can live migrate VM from host a 
to host b, then directly from host b to host a without changing machines 
i'm logged into), but  then again it is overall a lot complicated 
solution which I'm not ready to use in production yet.

Overall some issues I did manage to solve, so I guess that's that. :-)

W dniu 2017-03-19 o 21:18, Luke Bigum via samba pisze:
> Hello,
> This won't be a very helpful reply, but I can confirm I've had the exact same issue. I ran into this a few years ago and could not get HyperV migrations to work with a Samba DC. I even went so far as to install a Windows DC just to prove to myself that it is supposed to work, and it does, perfectly (with ADDC it even creates all the SPNs for you auto-magically).
> Unfortunately at the time I was focused on a Windows VM Disaster Recovery problem, so ended up dropping HyperV entirely in favour of KVM and DRBD. As such, I never raised a bug with Samba or Catalyst about this - I probably should have :-/ Sorry I can't be of more help other than to add my voice to "there is  a bug somewhere in Samba".

More information about the samba mailing list