Move-VMStorage 失败,错误 0x80070005

tag-icon tag-icon hyper-v-server-2012-r2 live-migration
Move-VMStorage 失败,错误 0x80070005

我在 Hyper-V 主机 SERVER2 上发出此命令:

Clear; Get-VM | ForEach { 
  Write-Host "Migrating: "$_.Name;
  Move-VMStorage `
    -VM $_ `
    -DestinationStoragePath "\\SERVER1\D$";
}

两台服务器均已加入域且未加入集群。

这是我得到的结果:

Move-VMStorage:虚拟机“ADMIN”(4F452569-7DB9-4606-9371-A905267A7B0F)的存储迁移失败,错误为“常规访问被拒绝错误”(0x80070005)。迁移未成功。无法启动 VHD 文件“D:\Virtual Hard Disks\ADMIN.vhdx”到“\SERVER1\D$\Virtual Hard Disks\ADMIN.vhdx”的镜像操作:“常规访问被拒绝错误”(“0x80070005”)。您无权执行此操作。如果您认为您应该有权执行此操作,请联系您的管理员。

ACL 配置正确:

PS C:\Users\domain.admin> Get-Acl 'D:\Virtual Hard Disks' | FL


Path   : Microsoft.PowerShell.Core\FileSystem::D:\Virtual Hard Disks
Owner  : BUILTIN\Administrators
Group  : DOMAIN\Domain Users
Access : CREATOR OWNER Allow  268435456
         NT AUTHORITY\SYSTEM Allow  FullControl
         BUILTIN\Administrators Allow  FullControl
         BUILTIN\Users Allow  CreateFiles, AppendData
         BUILTIN\Users Allow  ReadAndExecute, Synchronize
         NT VIRTUAL MACHINE\Virtual Machines Allow  CreateFiles, AppendData, Read, Synchronize
         DOMAIN\SERVER2$ Allow  -2147483642
         DOMAIN\SERVER2$ Allow  CreateFiles, AppendData, Read, Synchronize
Audit  :
Sddl   : O:BAG:DUD:AI(A;OICIIO;GA;;;CO)(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;CI;DCLC;;;BU)(A;OICI;0x1200a9;;;BU)(A;OICI;0x
         12008f;;;S-1-5-83-0)(A;CIIO;DCLCGR;;;S-1-5-21-369066176-630964511-2072824237-1119)(A;;0x12008f;;;S-1-5-21-3690
         66176-630964511-2072824237-1119)

和:

C:\Users\domain.admin>net localgroup Administrators
Alias name     Administrators
Comment        Administrators have complete and unrestricted access to the compu
ter/domain

Members

-------------------------------------------------------------------------------
Administrator
DOMAIN\Domain Admins
The command completed successfully.

C:\Users\domain.admin>net group "Domain Admins"  <==(on the PDC)
Group name     Domain Admins
Comment        Designated administrators of the domain

Members

-------------------------------------------------------------------------------
Administrator            domain.admin
The command completed successfully.

C:\Users\domain.admin>whoami
DOMAIN\domain.admin

我已经按照讨论的方式委派了 Kerberos这里. 两台机器均启用了传入和传出迁移,在任何可用网络下使用 Kerberos。两台防火墙均已关闭。

我已经联系了我的管理员,但我也不知道出了什么问题。

下一步该看哪儿?

答案1

问题是我没有将源机器和目标机器添加到目标共享的权限中:

# Create folder
MD X:\VMS

# Create file share
New-SmbShare -Name VMS1 -Path X:\VMS -FullAccess Domain\HVAdmin, Domain\HV1$, Domain\HV2$, Domain\HVC$

# Set NTFS permissions from the file share permissions
Set-SmbPathAcl VMS1

此处记录了这一点:

https://technet.microsoft.com/en-us/library/jj134187(v=ws.11).aspx#BKMK_Step3

一旦我添加了它们,迁移就顺利完成了。

相关内容