Hi, I am having a Hyper-V cluster managed by a SCVMM with Kerberos enabled. I already did: Join the cluster and hosts to domain Create the MSFC and join to domain Add hosts and Nutanix container share to SCVMM Enable Kerberos and configure Delegation But, from each host, I currently cannot: Access to Nutanix container via SMB path (\\VIP\container). When I type the SMB path into file explorer, it requires me to login. I tried to use the AD account used to enable Kerberos on Prism as well as AD admin account but could not make it Create the VM (I could create the VM by using SCVMM instead). “Failed to create the virtual hard disk” error window appears every time I try to create Is this the normal behavior of the whole system? As I am quite new to Hyper-V, I am getting lost in finding the solution to solve it

Question

[Hyper-V] Cannot access Nutanix container by using SMB

4 years ago
15 January 2020
4 replies
1933 views

Userlevel 2

+17

hienle
Outrider
62 replies

Hi,

I am having a Hyper-V cluster managed by a SCVMM with Kerberos enabled.

I already did:

Join the cluster and hosts to domain
Create the MSFC and join to domain
Add hosts and Nutanix container share to SCVMM
Enable Kerberos and configure Delegation

But, from each host, I currently cannot:

Access to Nutanix container via SMB path (\\VIP\container). When I type the SMB path into file explorer, it requires me to login. I tried to use the AD account used to enable Kerberos on Prism as well as AD admin account but could not make it
Create the VM (I could create the VM by using SCVMM instead). “Failed to create the virtual hard disk” error window appears every time I try to create

Is this the normal behavior of the whole system? As I am quite new to Hyper-V, I am getting lost in finding the solution to solve it

This topic has been closed for comments

4 replies

Userlevel 2

+17

hienle
Author
Outrider
62 replies
4 years ago
16 January 2020

Any help on this please?

I am facing the same issue.

Userlevel 2

+17

hienle
Author
Outrider
62 replies
4 years ago
28 January 2020

I am facing the same issue.

I resolved it by diving deeper about configuration.

About the first one related to SMB path, the reason is that I already ran the below command to enable SMB signing feature on host.

Set-SMBClientConfiguration -RequireSecuritySignature $True –Force

→ As it is the optional command written in Kerberos settings in Nutanix guide AOS 5.5 above, you can safely disable OR do not need to run it when you configure Kerberos for Nutanix in case you do not so serious of security

About second problem, this MAYBE also relate to Kerberos as each host need a kerberos ticket to be granted access to Nutanix storage

→ use “klist tickets” in host Powershell to list current granted tickets that being allowed

Userlevel 2

+17

hienle
Author
Outrider
62 replies
4 years ago
30 January 2020

I resolved 2 above problems by logging in to the host by a AD account that registered to and joined in the Admin group of the host.

In my case, I am using the account that being used to access the SCVMM server to login and create a temporarily VM in the host to get the Kerberos tickets.

We can use 2 commands: “klist tgt” and “klist tickets”, “klist sessions” to check whether the host has got the Kerberos tickets or not.

Then, log out and login again by local Admin account (if preferred). We can create the VM and access to Nutanix container without problems

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded