From the course: Windows Server 2019: High Availability
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Configure CredSSP and Kerberos authentication - Windows Server Tutorial
From the course: Windows Server 2019: High Availability
Configure CredSSP and Kerberos authentication
- [Instructor] By default, Hyper-V hosts use the Credential Security Support Provider protocol, or CredSSP, to authenticate with members of the cluster to run live migrations. Microsoft chooses CredSSP by default because there's no further configuration to apply in order for live migration to work. However, CredSSP has two main issues regarding security. It's less secure than Kerberos, and it doesn't allow you to pass credentials in more than one server to another. So if you want to run a live migration, you must log in on the node which host the VM you want to migrate. It can't be done remotely. If we go to the Hyper-V settings of host one, and we go to Live Migrations, and then Advanced Features, we can see that Kerberos is enabled. However, it's not working because constrained delegation has not been set up. Constrained delegation restricts the services to which the specified server can act on the behalf of a user. So we need to go in to Active Directory Users and Computers to set…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.