Home / server / Questions / 779738
Accepted
InteXX
Asked: 2016-05-30 18:41:19 +0800 CST

Move-VMStorage failing with error 0x80070005

  • 772

I'm issuing this command on the Hyper-V host SERVER2:

Clear; Get-VM | ForEach { 
  Write-Host "Migrating: "$_.Name;
  Move-VMStorage `
    -VM $_ `
    -DestinationStoragePath "\\SERVER1\D$";
}

Both servers are domain-joined, non-clustered.

This is the result I'm getting:

Move-VMStorage : Storage migration for virtual machine 'ADMIN' (4F452569-7DB9-4606-9371-A905267A7B0F) failed with error 'General access denied error' (0x80070005). Migration did not succeed. Could not start mirror operation for the VHD file 'D:\Virtual Hard Disks\ADMIN.vhdx' to '\SERVER1\D$\Virtual Hard Disks\ADMIN.vhdx': 'General access denied error'('0x80070005'). You do not have permission to perform the operation. Contact your administrator if you believe you should have permission to perform this operation.

ACLs are correctly configured:

PS C:\Users\domain.admin> Get-Acl 'D:\Virtual Hard Disks' | FL


Path   : Microsoft.PowerShell.Core\FileSystem::D:\Virtual Hard Disks
Owner  : BUILTIN\Administrators
Group  : DOMAIN\Domain Users
Access : CREATOR OWNER Allow  268435456
         NT AUTHORITY\SYSTEM Allow  FullControl
         BUILTIN\Administrators Allow  FullControl
         BUILTIN\Users Allow  CreateFiles, AppendData
         BUILTIN\Users Allow  ReadAndExecute, Synchronize
         NT VIRTUAL MACHINE\Virtual Machines Allow  CreateFiles, AppendData, Read, Synchronize
         DOMAIN\SERVER2$ Allow  -2147483642
         DOMAIN\SERVER2$ Allow  CreateFiles, AppendData, Read, Synchronize
Audit  :
Sddl   : O:BAG:DUD:AI(A;OICIIO;GA;;;CO)(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;CI;DCLC;;;BU)(A;OICI;0x1200a9;;;BU)(A;OICI;0x
         12008f;;;S-1-5-83-0)(A;CIIO;DCLCGR;;;S-1-5-21-369066176-630964511-2072824237-1119)(A;;0x12008f;;;S-1-5-21-3690
         66176-630964511-2072824237-1119)

and:

C:\Users\domain.admin>net localgroup Administrators
Alias name     Administrators
Comment        Administrators have complete and unrestricted access to the compu
ter/domain

Members

-------------------------------------------------------------------------------
Administrator
DOMAIN\Domain Admins
The command completed successfully.

C:\Users\domain.admin>net group "Domain Admins"  <==(on the PDC)
Group name     Domain Admins
Comment        Designated administrators of the domain

Members

-------------------------------------------------------------------------------
Administrator            domain.admin
The command completed successfully.

C:\Users\domain.admin>whoami
DOMAIN\domain.admin

I've delegated Kerberos as discussed here. Incoming and outgoing migrations are enabled on both machines, on Kerberos under any available network. Both firewalls are off.

I've contacted my administrator and I don't know what's wrong either.

Where to look next?

live-migration hyper-v-server-2012-r2

1 Answers

  1. Best Answer

    The problem was that I hadn't added the source and target machines to the target share's permissions:

    # Create folder
MD X:\VMS

# Create file share
New-SmbShare -Name VMS1 -Path X:\VMS -FullAccess Domain\HVAdmin, Domain\HV1$, Domain\HV2$, Domain\HVC$

# Set NTFS permissions from the file share permissions
Set-SmbPathAcl VMS1

    This is documented here:

    https://technet.microsoft.com/en-us/library/jj134187(v=ws.11).aspx#BKMK_Step3

    Once I added them the migration sailed right through.

    • 0