Docker issue logon failure: the user has not been granted the requested logon type at this computer

Issue:

When performing a live migration of a guest VM, this error occurs: ‘…Failed to create Planned Virtual Machine at migration destination: Logon failure: the user has not been granted the requested logon type at this computer. (0x80070569)’

Event log would show these messages:

The Virtual Machine Management Service failed to register the configuration for the virtual machine at 'TESTVM': Logon failure: the user has not been granted the requested logon type at this computer. (0x80070569). If the virtual machine is managed by a failover cluster, ensure that the file is located at a path that is accessible to other nodes of the cluster.

Based on the failure policies for the resource and role, the cluster service may try to bring the resource online on this node or move the group to another node of the cluster and then restart it. Check the resource and group state using Failover Cluster Manager or the Get-ClusterResource Windows PowerShell cmdlet.

d. When attempting to check the Settings via Cluster Manager

[Main Instruction]
Failed to create or launch virtual machine settings dialog for 'Virtual Machine TESTVM'

[Content]
An error occurred while opening virtual machine settings for 'Virtual Machine TESTVM'.
Make sure the virtual machine configuration resource is online.
Check the event log for more information.

[Expanded Information]

Exception has been thrown by the target of an invocation.
Hyper-V encountered an error trying to access an object on computer 'TESTVM' because the object was not found. The object might have been deleted, or you might not have permission to perform the task. Verify that the Virtual Machine Management service on the computer is running. If the service is running, try to perform the task again by using Run as Administrator.
Not found

Create or edit the Group policy that applies to this Hypervisor:

Computer configuration > Policies > Windows Settings > Security Settings > Local Policies > User Rights Assignment

Right-click ‘Log on as a service’ > add ‘Virtual Machines’ onto the definitions list > OK > Apply this GP at the correct OU where Hyper-V host virtual machines reside > set it to ‘enforced’

We may either wait for AD replication and GP automatic application to set on Hyper-V hosts, or run the script below to update the hosts immediately:

Source: https://docs.microsoft.com/en-us/troubleshoot/windows-server/virtualization/starting-or-live-migrating-hyper-v-vms-fails

function getHyperVHostsInForest{ function includeRSAT{ $ErrorActionPreference='stop' [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 #$rsatWindows7x32='https://download.microsoft.com/download/4/F/7/4F71806A-1C56-4EF2-9B4F-9870C4CFD2EE/Windows6.1-KB958830-x86-RefreshPkg.msu' $rsatWindows7x64='https://download.microsoft.com/download/4/F/7/4F71806A-1C56-4EF2-9B4F-9870C4CFD2EE/Windows6.1-KB958830-x64-RefreshPkg.msu' $rsatWindows81='https://download.microsoft.com/download/1/8/E/18EA4843-C596-4542-9236-DE46F780806E/Windows8.1-KB2693643-x64.msu' $rsat1709 = "https://download.microsoft.com/download/1/D/8/1D8B5022-5477-4B9A-8104-6A71FF9D98AB/WindowsTH-RSAT_WS_1709-x64.msu" $rsat1803 = "https://download.microsoft.com/download/1/D/8/1D8B5022-5477-4B9A-8104-6A71FF9D98AB/WindowsTH-RSAT_WS_1803-x64.msu" $rsatWs2016 = "https://download.microsoft.com/download/1/D/8/1D8B5022-5477-4B9A-8104-6A71FF9D98AB/WindowsTH-RSAT_WS2016-x64.msu" # This command does not work on Windows 2012R2 #$releaseId=(Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion" -Name ReleaseId).ReleaseId #Get-ItemProperty : Property ReleaseId does not exist at path HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows #NT\CurrentVersion. #At line:1 char:2 #+ (Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion" -Na ... #+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # + CategoryInfo : InvalidArgument: (ReleaseId:String) [Get-ItemProperty], PSArgumentException # + FullyQualifiedErrorId : System.Management.Automation.PSArgumentException,Microsoft.PowerShell.Commands.GetItemPropertyCommand $releaseId=(Get-Item "HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion").GetValue('ReleaseID') $osVersion=[System.Environment]::OSVersion.Version [double]$osVersionMajorMinor="$($osVersion.Major).$($osVersion.Minor)" $osName=(Get-WmiObject Win32_OperatingSystem).Name #$osType=switch ((Get-CimInstance -ClassName Win32_OperatingSystem).ProductType){ # 1 {'client'} # 2 {'domaincontroller'} # 3 {'memberserver'} # } $windowsVersion=(Get-CimInstance Win32_OperatingSystem).Version switch ($releaseId){ 1607{write-host 'Windows Server 2016 Release 1607 detected';$link=$rsatWs2016;break} 1709{write-host 'Windows Server 2016 Release 1709 detected';$link=$rsat1709;break} 1803{write-host 'Windows Server 2016 Release 1803 detected';$link=$rsat1803} } switch ($osVersionMajorMinor){ {$_ -eq 6.0}{write-host 'Windows Server 2008 or Windows Vista detected';$link=$rsat1709;break} {$_ -eq 6.1}{write-host 'Windows Server 2008 R2 or Windows 7 detected';$link=$rsatWindows7x64;break} {$_ -eq 6.2}{write-host 'Windows Server 2012 or Windows 8.1 detected';$link=$rsatWindows81;break} {$_ -eq 6.3}{write-host 'Windows Server 2012 R2 detected';$link=$rsatWindows81} } if (!(Get-Module -ListAvailable -Name ActiveDirectory -EA SilentlyContinue)){ Write-host "Prerequisite checks: module ActiveDirectory NOT currently available on this system. Please wait while the program adds that plugin..." try{ # If OS is Windows Server, then install RSAT using a different method if ($osName -match "^Microsoft Windows Server") { # This sequence has confirmed to be valid on Windows Server 2008 R2 and above Write-Verbose "Importing Windows Feature: RSAT-AD-PowerShell" Import-Module ServerManager Add-WindowsFeature RSAT-AD-PowerShell } else{ Write-Verbose "This sequence targets Windows Client versions" $destinationFile= ($ENV:USERPROFILE) + "\Downloads\" + (split-path $link -leaf) Write-Host "Downloading RSAT from $link..." Start-BitsTransfer -Source $link -Destination $destinationFile $fileCheck=Get-AuthenticodeSignature $destinationFile if($fileCheck.status -ne "valid") {write-host "$destinationFile is not valid. Please try again...";break} $wusaCommand = $destinationFile + " /quiet" Write-host "Installing RSAT - please wait..." Start-Process -FilePath "C:\Windows\System32\wusa.exe" -ArgumentList $wusaCommand -Wait } return $true } catch{ write-warning "$($error[0].Exception)" return $false } }else{ Write-host "Prerequisite checks: module ActiveDirectory IS currently available on this system." -ForegroundColor Green return $true } } function listAllHyperVNodes($verbose=$true){ try{ $timer=[System.Diagnostics.Stopwatch]::StartNew() $domains=(Get-ADForest).Name|%{(Get-ADForest -Identity $_).Name} foreach ($domain in $domains){ #[string]$dc=(get-addomaincontroller -DomainName "$domain" -Discover -NextClosestSite).HostName write-host "Collecting all Hyper-V Clusters in $domain. This may take a while, depending on cluster sizes." $allClusters=(get-cluster -domain $domain).Name if($verbose){ $elapsed=[math]::round($timer.Elapsed.TotalMinutes,2) write-host "Minutes elapsed $elapsed`: cluster names collected" } $allHyperVNodes=@() foreach ($cluster in $allClusters){ $nodes=.{$x=Get-ClusterNode -Cluster $cluster -ea SilentlyContinue if($x){ $x|Where-Object{$_.State -eq 'Up'}|Select-Object Name,@{name='Cluster';e={$cluster}} }else{ $false } } if($nodes){$allHyperVNodes+=$nodes} } if($verbose){ $elapsed=[math]::round($timer.Elapsed.TotalMinutes,2) write-host "Minutes elapsed $elapsed`: Hyper Node names collected..." } <# $nodes=$allClusters|%{try{Get-ClusterGroup -Cluster $_ -ea SilentlyContinue}catch{}} if($verbose){ $elapsed=[math]::round($timer.Elapsed.TotalMinutes,2) write-host "Minutes elapsed $elapsed`: Hyper V node names collected" } $allHyperVNodes=$nodes|Group-Object -Property OwnerNode if($verbose){ $elapsed=[math]::round($timer.Elapsed.TotalMinutes,2) write-host "Minutes elapsed $elapsed`: Hyper V node names collected - Done!" } #> } return $allHyperVNodes }catch{ Write-Error $_ return $false } } try{ $null=includeRSAT; $hyperVHosts=listAllHyperVNodes #$hyperVHostNames=sortArrayStringAsNumbers $hyperVHosts $hyperVHostNames=$hyperVHosts|sort -property Cluster return $hyperVHostNames }catch{ Write-Error $_ return $false } } function selectCluster($clusters){ function pickList($list){ # Although it's more efficient to obtain the index and set it as display, # humans prefer see a list that starts with 1, instead of 0 $display=for ($i=0;$i -lt $list.count;$i++){ "$($i+1)`:`t$($list[$i])`r`n"; } $lines=($display | Measure-Object -Line).Lines write-host $($display) $maxAttempts=3 $attempts=0; while ($attempts -le $maxAttempts){ if($attempts++ -ge $maxAttempts){ write-host "Attempt number $maxAttempts of $maxAttempts. Exiting loop..`r`n" break; } $userInput = Read-Host -Prompt 'Please pick a number from the list above'; try { $value=[int]$userInput; }catch{ $value=-1; } if ($value -lt 1 -OR $value -gt $lines){ cls; write-host "Attempt number $attempts of $maxAttempts`: $userInput is an invalid value. Try again..`r`n" write-host $display }else{ $item=$list[$value-1]; write-host "$userInput corresponds to $item`r`n"; return $item } } } $uniqueClusters=$clusters|select -unique $pickedCluster=$(pickList $uniqueClusters) if($pickedCluster){ return $pickedCluster }else{ write-warning 'No clusternames were picked.' return $false } } function sortArrayStringAsNumbers([string[]]$names){ $hashTable=@{} foreach ($name in $names){ #[int]$x=.{[void]($name -match '(?:.(\d+))+$');$matches[1]} #$x=.{[void]($name -match '(?:.(\d+)+)$');@($name.substring(0,$name.length-$matches[1].length),$matches[1])} $x=.{[void]($name -match '(?:.(\d+)+)$');($name.substring(0,$name.length-$matches[1].length))+$matches[1].PadLeft(8,'0')} $hashTable.Add($name,$x) } $sorted=foreach($item in $hashTable.GetEnumerator() | Sort Value){$item.Name} return $sorted } # Get Cluster and associated hosts $hyperVHostsInForest=getHyperVHostsInForest $pickedCluster=selectCluster $hyperVHostsInForest.Cluster $pickedHosts=$hyperVHostsInForest|?{$_.Cluster -eq $pickedCluster} $pickedNames=sortArrayStringAsNumbers $pickedHosts.Name $command={ $null=gpupdate /force return @{$env:computername=[datetime]::FromFileTime(([Int64] ((Get-ItemProperty -Path "Registry::HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}").startTimeHi) -shl 32) -bor ((Get-ItemProperty -Path "Registry::HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}").startTimeLo))} } $pickedNames|ForEach-Object{invoke-command -computername $_ -scriptblock $command}