Enable Hyper-V replication between two workgroup servers

Hyper-V replication is an essential ‘server availability’ tool for any organization. Whilst it is not a substitute for good backups; it will allow you to restore an up-to-date copy of your virtual servers very quickly, should your primary host hardware fail.

In this tutorial, i have built two Windows 2012 R2 servers using a pair of old Dell Optiplex 580’s (AMD Phenom CPU, upgraded to 8GB RAM each), and a single 8 port Netgear GB switch.

Hyper-V-logo

The Primary server name is: Truro

The Secondary server name is: Exeter

Lets get started…

Step 1: Build your host servers

  • Build two physical host servers – they need to be running the same version of Windows Server 2016, 2012 R2, or 2012 (which has less functionality).
  • Install the Hyper-V role on both.
  • Make sure both servers are fully patched though Windows update.
  • See if any of the hyper-v hotfixes apply to your situation

If you are doing this in a clustered environment, you will need to know the replication broker name on each cluster.

rep broker name

Step 2: Download MakeCert

Download makecert (extract from the full SDK), http://www.microsoft.com/en-us/download/details.aspx?id=8279

or, download both 32bit and 64bit versions from here (you’ll want 64bit): https://1drv.ms/u/s!AqcygLZtv7MtlbUm6aQj-b460K1ncw

Step 3: Prepare the server directories

On both servers, make the following file structure:

C:\makecert

C:\makecert\copy

C:\makecert\import

Copy makecert.exe to c:\makecert on both servers

image 1

Step 4: Making the certificates

Using an admin command prompt (do not use Powershell on server 2012 R2, or 2012).

Run the following commands on the Primary Server:

c:\makecert\makecert -pe -n "CN=PrimaryTestRootCA" -ss root -sr LocalMachine -sky signature -r "c:\makecert\PrimaryTestRootCA.cer"

image003

Then run this command (change the text in bold to match your server name);

c:\makecert\makecert -pe -n "CN=TRURO" -ss my -sr LocalMachine -sky exchange -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 -in "PrimaryTestRootCA" -is root -ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 "c:\makecert\PrimaryTestCert.cer"

If you’re using certificates in a domain environment,  you will need to replace “CN=TRURO” with “CN=TRURO.DOMAIN.LOCAL” for this to work correctly.

image005

reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Replication" /v DisableCertRevocationCheck /d 1 /t REG_DWORD /f

image007

On the primary server you will see the following:

make cert final image

Next, run these commands on the Replica Server:

c:\makecert\makecert -pe -n "CN=ReplicaTestRootCA" -ss root -sr LocalMachine -sky signature -r c:\makecert\ReplicaTestRootCA.cer"

image009

c:\makecert\makecert -pe -n "CN=EXETER" -ss my -sr LocalMachine -sky exchange -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 -in "ReplicaTestRootCA" -is root -ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 C:\makecert\ReplicaTestCert.cer

If you’re using certificates in a domain environment,  you will need to replace “CN=EXETER” with “CN=EXETER.DOMAIN.LOCAL” for this to work correctly.

image012

reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Replication" /v DisableCertRevocationCheck /d 1 /t REG_DWORD /f

image014

On the replica server you will see the following:

make cert final image replica

If you hit any issues at this stage; you can open a new mmc console, add the certificates snap in (local computer), head to Trusted Root Certification Authorities, Certificates. Find the ReplicaTestRootCA or PrimaryTestRootCA certificate and delete them, then re-running the above commands once corrected.

Step 5: Export the certificates

On both the primary and replica servers

Launch an MMC

click File > Add/Remove Snap-in…

image015

In the Add or Remove Snap-ins window, select Certificates from the Available Snap-ins list;

image017

Click Add >; the Certificates snap-in window will appear;

In the Certificates snap-in window, click the Computer account radio button; click Next to continue;

image018

In the Select Computer window, make sure the Local computer radio button is clicked; then click Finish;

image020

In the Add or Remove Snap-ins window, click OK.

image022

In the Microsoft Management Console on the primary server, expose the contents of Certificates (Local Computer), which can be found under the Console Root directory:

Expose the contents of the Personal directory; click the Certificates directory;

image023

Right-click on the Truro certificate – PrimaryTestRootCA.cer; in the context menu that appears, mouse over All Tasks >; In the sub-menu that appears, click Export…

image025

In the wizard, click next

image027

In the Certificate Export Wizard that appears, click the Yes, Export the private key radio button and click Next;

image029

Check and click next

image031

Enter a password, click next

image033

Export the key to to c:\makecert\copy\truroserver.pfx

image035

Click finish

image037

click ok

image039

Repeat the above steps for the Replica server (Exeter).

Step 6: Import the certificates

On the primary server (Truro)

Copy:

PrimaryTestCert

PrimaryTestRootCA.cer

TruroServer.pfx

To the replica servers (Exeter) c:\makecert\import directory

On the replica server (Exeter)

Copy:

ReplicaTestCert

ReplicaTestRootCA.cer

ExeterServer.pfx

To the replica servers (Truro) c:\makecert\import directory

This is what you should now see on your Primary server (Truro):

image041

run in admin cmd on Primary Server

certutil -addstore -f Root C:\makecert\import\ReplicaTestRootCA.cer

image043

In the MMC on the primary server, make sure your still in Certificates (Local Computer)

Personal directory;

image045

On the wizard that appears, click next.

image047

Navigate and select the exeterserver.pfx file (you’ll need to select the dropdown menu to all items before it will appear).

image049

Enter the password you set during the export

image051

Click next

image053

Click finish

image055

Click ok.

image057

Repeat for the Replica server (summary below):

run in admin cmd on Replica Server

certutil -addstore -f Root C:\makecert\import\PrimaryTestRootCA.cer

In the MMC on the replica server, make sure your still in Certificates (Local Computer)

Personal directory;

Right click on Personal directory, mouse over All Tasks >; in the submenu that appears, click Import…;

Locate the TruroServer.pfx file. enter the password (as per the export section)

 

Step 7: Configuring Hyper-V replication

On both primary and replica servers:

In Hyper-V manager, right click on the host server and select Hyper-V settings (in a cluster, open Failover Cluster Manager, rmb on the Hyper-V Replica Broker and select replication settings).

image059

Select Replication Configuration Enabled as a Replica Server

Check the box – Enable this computer as a replica server

Select Use certificate-based Authentication (HTTPS)

Select the Allow replication from any authenticated server check box.

image061

Then choose “Select Certificate…”

Make sure Truro is selected.

image062

On the next screen, click ok.

image064

Step 8: Check the firewall settings

Check the firewall rules are configured to allow hyperv replication. (Control Panel, Windows Firewall, Advanced). – both should have green ticks (if not, right click and enable).

image066

Repeat on the replica server.

Step 9: Configuring the VM

Configure replication on the VM (right click, enable replication)

image068

In the wizard, click next

image070

Enter the name of the replica server (ie Exeter)

image071

Select Certificate

 image072

image062

Select the vhds you wish to replicate (you may wish to exclude swap partition drives if you have those configured)

image073

Choose the replication frequency (30 seconds, 5 minutes or 15 minutes).

image074

choose whether you need any recovery points (useful if you need to roll back the server to a previous state).

image075

you may wish to seed the initial replica if your working on slow links.

image076

Review and confirm

image077

Step 10: Checking replication status and health

Primary server status: Normal

image080

Right click on the VM – select view replication health

image082

Replication should be normal

image084

They’re you go….Hyper-V replication configured between two workgroup computers.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s