mountainss Cloud and Datacenter Management Blog

Microsoft SystemCenter blogsite about virtualization on-premises and Cloud

#Microsoft Windows Server 2012 #Hyperv Replica via SSL Port 443

1 Comment


 

Hyper-V Replica tracks the write operations on the primary virtual machine and then replicates these changes to the Replica server over a WAN. The network connection between the two servers uses the HTTP protocol and supports Kerberos authentication and certificate-based authentication, with optional support for encryption. Hyper-V Replica is closely integrated with failover clustering in Windows Server 2012, and it provides nearly seamless replication across different migration scenarios in the primary and Replica servers. This allows virtual hard disks to be stored in a different location to enable recovery in case the data center goes down due to natural disaster or other causes.

In this case we have Windows Server 2012 Hyper-V Replica with SSL via HTTPS :

We have two Hypervisors Hyperv-V1 and Hyperv-V2.

– open on hyper-v1 and hyper-v2 the appropriate Hyper-V HTTPS firewall rules

– in our test environment we are using two self signed certificates via the tool “Makecert”.
MakeCert is available as part of the Windows SDK, which you can download from http://go.microsoft.com/fwlink/?linkid=84091
– Copy the “makecert” utility to the primary server hyper-v1 and to the replica server hyper-v2
– On hyper-v1 create a self-signed test root authority certificate by running the following command from an elevated command prompt:

makecert -pe -n “CN=PrimaryTestRootCA” -ss root -sr LocalMachine -sky signature -r “PrimaryTestRootCA.cer”

– Create a new certificate signed by the primary test root authority certificate by running the following command from an elevated command prompt, supplying the FQDN of the primary server:

makecert -pe -n “CN=<FQDN>” -ss my -sr LocalMachine -sky exchange -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 -in “PrimaryTestRootCA” -is root -ir LocalMachine -sp “Microsoft RSA SChannel Cryptographic Provider” -sy 12 PrimaryTestCert.cer

 

 

– Two certificates are created in the root where “makecert” was run.

 

– On hyper-v2 create a self-signed test root authority certificate by running the following command from an elevated command prompt:

makecert -pe -n “CN=ReplicaTestRootCA” -ss root -sr LocalMachine -sky signature -r “ReplicaTestRootCA.cer”

– Create a new certificate signed by the replica test root authority certificate by running the following command from an elevated command prompt, supplying the FQDN of the Replica server:

makecert -pe -n “CN=hyper-v2.unx.local” -ss my -sr LocalMachine -sky exchange -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 -in “ReplicaTestRootCA” -is root -ir LocalMachine -sp “Microsoft RSA SChannel Cryptographic Provider” -sy 12 ReplicaTestCert.cer

 

– Two certificates are created in the root where “makecert” was run

 

– Copy the file ReplicaTestRootCA.cer from the Replica server to the primary server, and then import it with the following command:

certutil -addstore -f Root “ReplicaTestRootCA.cer”

 

– Copy the file PrimaryTestRootCA.cer from the Primary server to the replica server, and then import it with the following command:

certutil -addstore -f Root “PrimaryTestRootCA.cer”

 

– By default, a certificate revocation check is required; however, self-signed certificates don’t support revocation checks. Disable the check by editing the registry on both the primary and Replica servers with the following command:

reg add “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Replication” /v DisableCertRevocationCheck /d 1 /t REG_DWORD /f

 

– On the primary server Enable replication

 

– Click Select Certificate and OK

 

– Click Apply

 

– On the primary server Enable replication

 

– Click Select Certificate

 

 

 

 

 

 

 

 

 

 

– initial replication will start (via HTTP port 443 using the self-signed certificates)

 

Advertisements

Author: James van den Berg

I'm Microsoft Architect and ICT Specialist and Microsoft MVP System Center Cloud and Datacenter Management

One thought on “#Microsoft Windows Server 2012 #Hyperv Replica via SSL Port 443

  1. Thank You very much for this guide. Worked perfectly for me.

    The ONLY issue I had was copy/pasting in cmd prompt wouldn’t work, it would error even though the text looked correct. I had to manually type the commands.

    Pasting into Notepad, and copying from there may take away the formatting that was causing errors, but I didn’t try.

    Thanks again.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s