A new KB by Microsoft covers a scenario where you get a "Access denied error" when Hyper-V Replica Broker goes online in a Windows Server 2012 or Windows Server 2012 R2 cluster.
Symptoms
Consider the following scenario:
- You have a Windows Server 2012 R2 or Windows Server 2012 failover cluster that is in a domain, and the domain has a disjoint namespace.
- You set the primary Domain Name Service (DNS) suffix of the Windows Server 2012 failover cluster to the disjoint domain name.
- You create a Hyper-V Replica Broker in the failover cluster, and then you bring the Hyper-V Replica Broker online.
In this scenario, this issue occurs, and an error message that resembles the following is logged in the cluster log:
Virtual Machine Replication Broker <Hyper-V Replica Broker BROKER>: ‘Hyper-V Replica Broker BROKER’ failed to register the service principal name: General access denied error.
The fix is included in the August 2014 update rollup.