All posts by admin

Hyper-V Replication between two workgroup servers with a self signed SSL Certificate.

 

Hyper-V Replication between two workgroup servers with a self signed SSL Certificate.

The Certificate part I got from http://blogs.catapultsystems.com/IT/archive/2014/04/04/hyper-v-replication-between-two-workgroup-servers.aspx every other guide I tried on this part failed. This seems to be because of the quotes in the other guides.

Enabling Hyper-V between two workgroup servers requires issuing self-signed certificates with makecert.exe and a registry key to bypass the revocation check.

Download makecert.exe here you can download it here http://1drv.ms/1gv52cK or get it from microsoft development kit.

The reason why makecert is required is because the certificate Enhanced Key Usage must support both Client and Server authentication, and the default IIS certificate CSR wizard does not include the client EKU.

DNS has to match the cert so setup local DNS servers if possible.

Hyper-V Server 1
1. Generate a root cert:
makecert -pe -n CN=PrimaryRootCA -ss root -sr LocalMachine -sky signature -r PrimaryRootCA.cer

2. Generate a self-signed cert from the root cert:
makecert.exe -pe -n CN=secondary.hv.local -ss my -sr LocalMachine -sky exchange -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 -in PrimaryRootCa -is root -ir LocalMachine -sp “Microsoft RSA SChannel Cryptographic Provider” -sy 12 secondary.hv.local.cer

3. Disable the revocation checking since that won’t work on self-signed certs:

reg add “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Replication” /v DisableCertRevocationCheck /d 1 /t REG_DWORD /f
Hyper-V Server 2
1. Generate a root cert:
makecert -pe -n CN=SecondaryRootCA -ss root -sr LocalMachine -sky signature -r SecondaryRootCA.cer

2. Generate a self-signed cert from the root cert:
makecert.exe -pe -n CN=primary.hv.local -ss my -sr LocalMachine -sky exchange -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 -in SecondaryRootCa -is root -ir LocalMachine -sp “Microsoft RSA SChannel Cryptographic Provider” -sy 12 primary.hv.local.cer
(Note: even though it outputs a .cer file, it automatically inserts into the LocalMachine certificate store, so there is no additional import step)

3. Copy the PrimaryRootCA.cer from Machine 2 and then run this command: certutil -addstore -f RootPrimaryRootCA.cer

4. Copy the SecondaryRootCA.cer from Machine 1 and then run certutil -addstore -f Root SecondaryRootCA.cer

5. Disable the revocation checking since that won’t work on self-signed certs:

reg add “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Replication” /v DisableCertRevocationCheck /d 1 /t REG_DWORD /f
6. Now you can select the self-signed certificate in replication on both servers.

Now add Hyper-V Replications

First setup your server names primary.hv.local and secondary.hv.local next install DNS and Hyper-V.

When DNS is installed setup a zone hv.local on both primary and secondary server. If you are using an internal network to replicate set the records to go to this ips.

primary.hv.local 10.10.10.1
secondary.hv 10.10.10.2

Set these A records up on both servers. The need to resolve to work correctly. You can probably do this in the host file as well..

Now you have DNS Setup now setup Firewall rules to allow access on both servers.

Now you need to setup a replication network using the virtual switch manager. This needs to be done on both servers if you right click the server name in hypver manager you will see Virtual Switch Manager. Create an External network with the same name on both servers on the nic you want replication to go over.

Now create a VM in Hyper-V and enable replication

Right click on the VM and enable replication. A wizard will pop up enter the full qualified domain name of your second server in our case secondary.hv.local if the second servetr is not ready there will be a link to configre it click it.

This opens the Hyper-V settings Windows for the second server. Select HTTPS and select the new certificate you created. Once done apply it and replication will start.

 

Hyper-V and Networking – Part 5: DNS

The last couple of posts in this series have dealt with how Ethernet frames and IP packets get to their destination. In this post, we’ll step up a little bit and look at the role DNS plays in getting those packets to the correct IP address. We’ll see how this works in general and the…

Original post link: Hyper-V and Networking – Part 5: DNS

The post Hyper-V and Networking – Part 5: DNS appeared first on Hyper-V Hub – Altaro’s Microsoft Hyper-V blog.