require SMB signing client/server e.g. [ms network client/server...(always) = enabled]
require ntlm v2 only, reject ntlm v1 (same settings as current MSFT baselines)
I've phased this trio onto everything else in our environment with no problem - clients, member servers, DC's: everything was/is working fine. However when I applied this same set of group policy on one of our WS 2012 R2 Hyper-V nodes in our 2-node failover cluster, 10 different VM's crashed at the guest level seeming to think their disk(s) were surprise removed and the other node took over driver's seat on the CSV, those VM's were automatically started but *some* got a boot failure; manually stopping/starting them got them to boot normally with no observed issues.
Why did this happen- and why only these 10 random VM's, which weren't even ALL the VM's on that node at the time the change was applied?
Why did these changes make the CSV coordinator be moved to another node? This is DAS shared storage (Dell MD1400) over HBA in Storage Spaces.
Any insight you can provide would be helpful, I'm totally stumped and I *really* need to get this policy set applied for security reasons in light of vulnerabilities/best practice recommendations that came to light after patches last month (month 6 in 2019).