none
Starting Hyper-V 2012 Replication RRS feed

  • Question

  • For testing purposes I have set up 2 Hyper-V server 2012 on thier own lan and they can see each other fine. Running the details below on the relevant machines with no problems until i try and run the enable-VMreplication when i get the following error.

    Enable-VMReplication : Hyper-V failed to enable replication for virtual machine'test': General access denied error (0x800700005). (Virtual Machine ID E67E43C0-65A1-4C97-84F2-F6E567914372) You do not have permission to perform the operation. Contact your administrator if you believe you should have permission.

    Have checked and the machine ID has read write permissions on the VHD file.

    setup commands

    Creating the self-signed certificates for authentication

      • On the primary server, copy the Makecert.exe utility locally.
      • Create a self-signed test root authority certificate by running the following command from an elevated command prompt:

    makecert -pe -n "CN=PrimaryTestRootCA" -ss root -sr LocalMachine -sky signature -r "PrimaryTestRootCA.cer"

    1. Create a new certificate signed by the test root authority certificate by running the following command from an elevated command prompt, supplying the FQDN of the primary server:

    makecert -pe -n "CN=<FQDN>" -ss my -sr LocalMachine -sky exchange -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 -in "PrimaryTestRootCA" -is root -ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 PrimaryTestCert.cer

    1. On the Replica server, copy the Makecert.exe utility locally.

     

    1. Create a self-signed test root authority certificate by running the following command from an elevated command prompt:

    makecert -pe -n "CN=ReplicaTestRootCA" -ss root -sr LocalMachine -sky signature -r "ReplicaTestRootCA.cer"

    1. Create a new certificate signed by the test root authority certificate by running the following command from an elevated command prompt, supplying the FQDN of the Replica server:

    makecert -pe -n "CN=<FQDN>" -ss my -sr LocalMachine -sky exchange -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 -in "ReplicaTestRootCA" -is root -ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 ReplicaTestCert.cer  

    1. Copy the file ReplicaTestRootCA.cer from the Replica server to the primary server, and then import it with the following command:

    certutil -addstore -f Root "ReplicaTestRootCA.cer"

    1. Copy the file PrimaryTestRootCA.cer from the primary server to the Replica server, and then import it with the following command:

    certutil -addstore -f Root "PrimaryTestRootCA.cer"

    1. By default, a certificate revocation check is required; however, self-signed certificates don’t support revocation checks. Disable the check by editing the registry on both the primary and Replica servers with the following command:

    reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\FailoverReplication" /v DisableCertRevocationCheck /d 1 /t REG_DWORD /f

    run regedit HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Replication

    Give DWord  DisableCertRevocationCheck a value of 1

     

    On Replica Server

    1. Cmd:     powershell
    2. Cmd:     cd cert:
    3. Cmd:     cd .\\LocalMachine\My
    4. Cmd:     ls
    5. Cmd:     Set-VMReplicationServer –ReplicationEnabled $true –AllAllowedAuthenticationType Certificate –CertificateThumbprint “Enter Thumbprint from certificate in step 4” –CertAuthPort 4000 –ReplicationAllowedFromAnyServer $true –DefaultStorageLocation “C:\Replica”
    6. Repeat Step 5 on Primary Hypervisor if replica’s will be held on that as well.

    On Primary Server

    1. Cmd:     Powershell
    2. Cmd:     Cd cert:
    3. Cmd:     Cd .\\LocalMachine\My
    4. Cmd:     ls
    5. Cmd:     Enable-VMReplication –VMName VM Name for replication can be * for all –CertificateThumbprint “Enter Thumbprint from certificate in step 4” –ReplicaServerName Replica Server Name –ReplicaServerPort 4000 –AuthenticationType Certificate
    6. Cmd:     Start-VMInitialReplication
    Cmd:     Get-VMReplication         Use this to check if replication has began

    Thursday, September 13, 2012 9:26 AM

Answers

All replies

  • Hello,

    I'd start by validating you can replicate by configuring it with the GUI.  Here is how:

    http://blog.concurrency.com/infrastructure/configure-hyper-v-replica-in-windows-8/

    Then, your certificates must match the system name.  Otherwise, you can use Kerberos if it is on a private network.

    Nathan Lasnoski


    http://blog.concurrency.com/author/nlasnoski/

    Friday, September 14, 2012 7:13 PM
  • Hi Nathan,

    I have now get the servers to replicate after several rebuilds, but when I load the Hyper-v settings for either server.

    I get a replication configuration load failed error with the message "there was an error loading the data for this setting. Hyper-v encountered an error trying to access an object on computer 'DR' because the object was not found. The object might have been deleted. Verify that the virtual machine management service on the computer is running.

    If i go to view Replication health I get a very similar error.

    I think this is down to either an access issue or a credential issue from the win8 system trying to manage the Hyper-v's

    Tuesday, September 25, 2012 1:26 PM