To achieve Hyper-V replication, usually recommends AD to do replication authentiation, if not, we need to manually generate a self-signed certificate in order to use replication. Here I will setup 2 replica host machine.
- Firstly enable Hyper-V Replica HTTPS in both hosts.
2. In both host, edit the hosts file in “C:\Windows\System32\Drivers\etc”. Add IP Address of each Primary and Secondary host machine vice-versa.
3. Add the following to registry to enable the use of self-signed certificate.
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Replication" /v DisableCertRevocationCheck /d 1 /t REG_DWORD /f4. Before generate certificate, for both host, download makecert, and copy the *.exe to System32. On Host 1, we need to generate 2 certificate, one for the machine and one for the root CA. CN=Hostname.
makecert -pe -n "CN=PrimaryTestRootCA" -ss root -sr LocalMachine -sky signature -r "PrimaryTestRootCA.cer"
makecert -pe -n "CN=VMHOST-1" -ss my -sr LocalMachine -sky exchange -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 -in "PrimaryTestRootCA" -is root -ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 PrimaryTestCert.cer5. On Host 2, we do the same.
makecert -pe -n "CN=SecondaryTestRootCA" -ss root -sr LocalMachine -sky signature -r "SecondaryTestRootCA.cer"
makecert -pe -n "CN=VMHOST-2" -ss my -sr LocalMachine -sky exchange -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 -in "SecondaryTestRootCA" -is root -ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 SecondaryTestCert.cer6. We need to export the rootCA we just created and import to each machine.
Start > Run > mmc.exe > File > Add/Remove Snap-in… to add certificate management console.
7. Add Certificates, it will pop-up a dialogue, just click OK. And then click OK again to close the dialogue.
8. Go to Certificates Current User > Trusted Root Certification Authroties > Certificates, choose the RootCA we just created just now, right click > All Tasks > Export.
9. Just click through next (no need to change any settings), and then specify where to export the certificate file.
10. Here I give the certificate the name on Host 1 “PrimaryTestRootCA”. Copy the file to Host 2, and do the same on Host 2.
11. On Host 1, import the certificate exported from Host 2
certutil -addstore -f Root "SecondaryTestRootCA.cer"Do the same on Host 2
certutil -addstore -f Root "PrimaryTestRootCA.cer"12. CMD screenshot from Host 1.
13. In Hyper-V > Hyper-V settings, Enable Replication on both Hosts. If certificate is generated and imported correctly, it will automatically use the suitable certifcate.
14. On the VM that needs to be replicated, right click and enable replication. Type in the another server’s hostname when it asks for specify replica server.
15. Choose certificate-based authentication, and click Select Certificate, If certificate is generated and imported correctly, it will automatically use the suitable certifcate.
16. Configure any settings as desired. If there are no issue, replication will start in a moment.
Source 1: https://www.17free.tw/en/modules/tadnews/index.php?nsn=218
Soruce 2: https://dotblogs.com.tw/jamesfu/2013/06/09/replica
