I am starting a new thread on this as my previous question was probably a symptom, not a cause.
When I try to do a live migration, it fails. This is due to a Kerberos error. This error is also generated regularly when the cluster tries to register itself in DNS.
Eventd ID is 4771. Source: Microsoft Windows Security. Task Category: Kerberos Authentication Service. Keywords: Audit failure.
Following is the text of the error.
Kerberos pre-authentication failed. Domain is obscured.
Account Information:
Security ID:xxxxx\hypervcluster$
Account Name:hypervcluster$
Service Information:
Service Name:krbtgt/xxxxx.local
Network Information:
Client Address:::ffff:10.0.0.2
Client Port:32637
Additional Information:
Ticket Options:0x40810010
Failure Code:0x18
Pre-Authentication Type:2
Certificate Information:
Certificate Issuer Name:
Certificate Serial Number:
Certificate Thumbprint:
Certificate information is only provided if a certificate was used for pre-authentication.
Pre-authentication types, ticket options and failure codes are defined in RFC 4120.
If the ticket was malformed or damaged during transit and could not be decrypted, then many fields in this event might not be present.
The DC that logs the audit event is 192.168.10.11, but the event seems to be related to another DC in a different site being 10.0.0.2
The HyperV host that is currently the cluster master is 192.168.10.1 and its hostname is hyperv1
The cluster appears to work fine, but there are many of these errors in the log.
I am wondering if this is a cluster related error, or an AD general problem. There are quite a few other 4771 errors in the log from different users and computers.
Details are :
Clustername hypervcluster
Cluster ip: 192.168.10.10
HyperV1 HyperV2012: 192.168.10.1
HyperV2 HyperV2012: 192.168.10.2
HyperV3 HyperV2012: 192.168.10.3
Site DC: Global catalog server: 192.168.10.11
Domain Functional level: Windows 2003.
That is about all I can think of just now.
Regards
Mark Dutton.
Regards
Mark Dutton
Datamerge