Avalon Lab Service Portal

“HostGuradianService” issue in Hyper-V Live migration?

October 6, 2024 By nabenabe Off

You may see that the Live migration (Migrating a VM in between Hyper-V Hyper Visors while running the guest VM machine.) never gets succeeded due to the following kind of message in Hyper-V/FailoverCluster.

*This may happen if you use the VM image using the TPM getting turned on. It requires the node to have the same TPM trust which is signed by machine certificate. You need to follow the step for installing the certificate exported from other hyper-V node into all nodes each other.

Live migration of ‘Virtual Machine KSWDINV0001’ failed.

Virtual machine migration operation for ‘KSWDINV0001’ failed at migration destination ‘KSWSHV002’. (Virtual machine ID 20BB82E7-2B69-44FD-AE88-855557AE5EE7)

The version of the device ‘Microsoft Virtual TPM Device’ of the virtual machine ‘KSWDINV0001’ is not compatible with device on physical computer ‘KSWSHV002’. (Virtual machine ID 20BB82E7-2B69-44FD-AE88-855557AE5EE7)

The key protector for the virtual machine ” could not be unwrapped. HostGuardianService returned: The parameter is incorrect. (0x80070057) . Details are included in the HostGuardianService-Client event log. (Virtual machine ID )

Step You need to follow is

1Export Cert from all hyper-V node.
2Share all Cert exported from all hyper-V node.
3Import cert exported from other node to all node individually.

Step1 : Export Cert file from all Hyper-V node

  • Log on to the node.
  • Copy This powershell Script to somewhere local location of Cluster Shared Volume.
    export_gurdian
  • Confirm and adjust the following value in Script.

  • Execute the script in Powershell.



  • You may find that one or more your Hyper-V Server shows the error in the script.
    You may need to create the new Host Guradian on it as it may be the actual root cause.

    > New-HgsGuardian -Name “UntrustedGuardian” -GenerateCertificates
export_gurdianDownload

Step2: Import cert file which got exported from other node to all node individually

  • Log on to the node.
  • Copy This powershell Script to somewhere local location of Cluster Shared Volume.
    import_Guradian.ps1
  • Confirm and adjust the following value in Script.
  • Execute the script in Powershell Administrator mode.

  • Everything is completed. Test the live migration.

import_GuradianDownload

CategoryUncategorized