PrepAway - Latest Free Exam Questions & Answers

Your network contains an Active Directory domain. The domain contains two Hyper-V hosts.

Your network contains an Active Directory domain. The domain contains two Hyper-V hosts.

You plan to perform live

migrations between the hosts.

You need to ensure that the live migration traffic is authenticated by using Kerberos.

What should you do first?

A. From Server Manager, install the Host Guardian Service server role on a domain controller.

B. From Active D

irectory Users and Computers, add the computer accounts for both servers to the Cryptographic Operators group.

C. From Active Directory Users and Computers, modify the Delegation properties of the computer accounts for both servers.

D. From Server Manager,

install the Host Guardian Service server role on both servers.

Explanation:

If you have decided to use Kerberos to authenticate live migration traffic, configure constrained delegation before you proceed to the rest of the steps.

To configure

constrained delegation

Open the Active Directory Users and Computers snap-in.

From the navigation pane, select the domain and double-click the Computers folder.

From the Computers folder, right-click the computer account of the source server and then click

Properties.

In the Properties dialog box, click the Delegation tab.

On the delegation tab, select Trust this computer for delegation to the specified services only.

Under that option, select Use Kerberos only.

References:

https://docs.microsoft.com/en-us

/windows-server/virtualization/hyper-v/deploy/set-up-hosts-for-live-migration-without-failover-clustering

One Comment on “Your network contains an Active Directory domain. The domain contains two Hyper-V hosts.

  1. minkus says:

    C- is Correct

    Go to Active Directory Users and Computers and find your hosts’ computer object in their respective organizational unit. Right click on the object, go to properties, then go to the Delegation tab. Select the radio button that says “Trust this computer for delegation to specific services only” and the nested radio tab of “Use Kerberos only.” Click “Add” and select only these two services: “cifs” and “Microsoft Virtual System Migration Service” for all the servers you want to be able to migrate to/from. In this case, we are on HYPER-VDR4’s properties, so this step must be repeated for all the other cluster nodes’ computer account properties.

    But then you must Also enable Kerberos in the VM settings in advanced features of the VM settings.

    https://www.credera.com/blog/uncategorized/hyper-v-live-migration-and-constrained-delegation/




    2



    0

Leave a Reply