none
[Forum FAQ] How to implement Hyper-V replica in Workgroup environment RRS feed

  • General discussion

  • When we are in workgroup and want to use hyper-v replica between two hyper-v hosts, we can use certificate-based authentication to achieve hyper-v replica.

    Here is the guide about how to implement this.

    Lab environment

    • Hyper-V Host 1 (Test005): 192.168.0.5/24
    • Hyper-V Host 2 (Test010): 192.168.0.10/24

    1. Configure DNS suffix (test.com) for both machines (Figure 1 and Figure 2).

    Figure 1: Configure DNS suffix for Test005

    Figure 2: Configure DNS suffix for Test010

    2. Download the makecert.exe to create self-signed certificates for both machines.

    How to get makecert.exe:

    http://blogs.technet.com/b/kingstonhui/archive/2013/12/24/where-is-makecert-exe-updated-answer-for-2013.aspx

    Reference:

    http://msdn.microsoft.com/en-us/library/aa386968.aspx

    You can copy the makecert.exe to C:\, and then open an elevated command prompt on both machines.

    On Hyper-V Host 1 (Test005):

    a) Run the following command to create a self-signed root certificate.

    makecert -pe -n "cn=PrimaryTestRootCA" -ss root -sr localmachine -sky signature -r "PrimaryTestRootCA.cer"

    b) Run the following command to create a certificate signed by root certificate of Test005.

     

    makecert -pe -n "cn=test005.test.com" -ss my -sr localmachine -sky exchange -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 -in "PrimaryTestRootCA" -is root -ir localmachine -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 PrimaryTestCert.cer

    Figure 3: Commands on Test005

    On Hyper-V Host 2 (Test010):

    a) Run the following command to create a self-signed root certificate on Test010.

    makecert -pe -n "cn=RecoveryTestRootCA" -ss root -sr localmachine -sky signature -r "RecoveryTestRootCA.cer"

    b) Run the following command to create a certificate signed by root certificate of Test010.

    makecert -pe -n "cn=test010.test.com" -ss my -sr localmachine -sky exchange -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 -in "RecoveryTestRootCA" -is root -ir localmachine -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 RecoveryTestCert.cer

    Figure 4: Commands on Test010

    After running the commands, there will be two certificate files on each host in the same location as the makecert.exe file. Please copy the PrimaryTestRootCA.cer from Test005 to Test010, and then import it. Do the same for Test005.

    How to import certificate:

    Open mmc -> file -> Add/Remove Snap-in... -> Select Certificates in Available snap-ins -> click Add -> Computer account -> Local computer --> Finish --> OK -> Console Root -> Expand Certificates (local computer) -> Trusted Root Certification Authorities -> Right click Certificates -> All Tasks -> Import... -> Next -> Select the certificate file -> Click next to Finish.

    Please note, by default, a certificate revocation check is mandatory and Self-Signed Certificates don’t support Revocation checks.

    Please modify registry key value DisableCertRevocationCheck to 1 to disable it:

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Replication\

    3. To resolve each other correctly, we need to add IP and FQDN of each other to the hosts file (%systemroot%\System32\drivers\etc).

    Figure 5: Modify HOSTS file on Test005

    Figure 6: Modify HOSTS file on Test010

    4. Enable the firewall rule of hyper-v replica Https Listener on both machines (Figure 7).

    Figure 7: Enable the firewall rule

    5. Add the windows credential for each other.

    Open Control panel\User accounts\Credential manager\Windows credentials, click “Add a Windows Credential”

    After the steps above, you can enable the Hyper-V Replica via right clicking on one VM you want to replica in Hyper-V Manager, then choose enable replication and finish the wizard.

    Furthermore, you can change the hosts file to specify the replica traffic on your preferred NIC.

    If you need further assistance, welcome to post questions in the Hyper-V forum.


    Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

    Wednesday, April 30, 2014 9:47 AM