This is completely incomprehensible how this issue is so pervasive. I want to do something VERY SIMPLE: move a VM from one computer (HOST1) to another (HOST2), but some bull$h!t error ALWAYS HAPPENS NO MATTER WHAT.
Attempt 1: Use the "Move" button
Simple, a button that will just move a VM from one computer to another, and it even does lve migrations. It didn't matter what security settings I changed (kerberos, CredSSP, constrained delegation (truly a stupid security protocol), et cetera), it always spat some bull$h!t security error.
Attempt 2: Export and Import it
Exporting it to a local disk was fine, it was the importing process that refused under any circumstance. I tried just creating a network share, add DOMAIN\HOST1$ and DOMAIN\Domain Computers with full permissions, and importing it from HOST2 (I first tried to use the remote Hyper-V MMC Snap-in because the server was running Server Core, but I found some idiot saying that it wasnt supported on Core, so I spent an entire day reinstalling the host for the same bull$h!t to happen with RDP). Turns out that Hyper-V will completely disregard set permissions on remote storage and instead just deny it's own access with the bull$h!t error: "The folder \HOST1\VM could not be found. You might not have permission to access it".
Attempt 3: Copy exported files to HOST2
If it was just some obscure issue with importing/exporting to remote storage, then surely copying the files to the host would fix it. IT DIDN'T! I triple checked the permissions of the copied files and several times overwrote them with inherited permissions with the same issue! I cannot comprehend why this shouldn't work!
Attempt 4: Shut down the VM, copy the live files over to the host, and import.
The same exact error. Does there exist some sort of data field within the VM configuration file that specifies which host "owns" the VM?
Attempt 5 (actually worked): Copy the VHD, create a brand-new VM, and attach the disk to the VM
While I could do that, I have dozens of VMs that need to be moved from development servers to production servers and this is way too much hassle.
Frankly, I don't care about the magical "Move" button working, I just want to be able to export the VM to remote storage and import it. Why does this security bull$h!t have to interfere with such a simple operation. What permission changes do I have to make to get this to work? Is this some sort of GPO crap?
System Details:
HOST1:
Windows Server 2022 VNext Desktop (yes, I know 11.2 configuration version VMs exist, I was only working with version 11.0 VMs)
HOST2:
Windows Server 2022 Retail both Core and Desktop
Group Policy security options (in case it is GPO)
Computer Configuration (Enabled)PoliciesWindows SettingsSecurity SettingsAccount Policies/Password PolicyPolicy Setting
Enforce password history: 10 passwords remembered
Maximum password age: 30 days
Minimum password age: 7 days
Minimum password length: 8 characters
Password must meet complexity requirements: Enabled
Account Policies/Account Lockout PolicyPolicy Setting
Account lockout duration: 10 minutes
Account lockout threshold: 5 invalid logon attempts
Allow administrator account lockout: Enabled
Reset account lockout counter after: 10 minutes
Local Policies/Audit PolicyPolicy Setting
Audit account logon events Success, Failure
Audit account management Success, Failure
Audit directory service access Success, Failure
Audit logon events Success, Failure
Audit object access Success, Failure
Audit policy change Success, Failure
Audit privilege use Success, Failure
Audit process tracking Success, Failure
Audit system events Success, Failure
Local Policies/Security OptionsAccountsPolicy Setting
Accounts: Administrator account status: Enabled
Interactive LogonPolicy Setting
Interactive logon: Do not require CTRL+ALT+DEL: Disabled
Interactive logon: Number of previous logons to cache (in case domain controller is not available): 10 logons
Interactive logon: Prompt user to change password before expiration: 14 days
User Account ControlPolicy Setting
User Account Control: Admin Approval Mode for the Built-in Administrator account: Enabled
User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode: Prompt for consent on the secure desktop
User Account Control: Behavior of the elevation prompt for standard users: Prompt for credentials on the secure desktop
OtherPolicy Setting
Interactive logon: Display user information when the session is locked User display name, domain and user names
Minimum password length audit: 14 characters
Administrative TemplatesPolicy definitions (ADMX files) retrieved from the local computer.
System/LogonPolicy Setting Comment
Turn on convenience PIN sign-in: Enabled
System/PIN ComplexityPolicy Setting Comment
Maximum PIN length: Enabled
Maximum PIN length: 127
Policy Setting Comment
Minimum PIN length: Enabled
Minimum PIN length: 4
