Building Free Hyper-V 3 Replica Step by Step Guide in Workgroup Mode

Please note before going further that if you copy/paste the code given below there will be an error showing up so you must first copy/paste the code to notepad and chose the option to replace ” character with ” and then proceed to normal copy/paste.

  1. Download free Hyper-V from Microsoft.
  2. Install Hyper-V on both  Nodes.
  3. Configure both nodes following this example:

On Node1:

Computer Name: hyperv-node1

Workgroup Mode

IP Address: 192.168.1.1 , Netmask: 255.255.255.0, Gateway: 192.168.1.254, DNS: 192.168.1.254 (Note that default g/w and dns are necessary only if you want internet access on hyper-v nodes)

Enable Remote Management (Option 4) and Remote Desktop (Optional).

On Node2:

Computer Name: hyperv-node2

Workgroup Mode

IP Address: 192.168.1.2 , Netmask: 255.255.255.0, Gateway: 192.168.1.254, DNS: 192.168.1.254 (Note that default g/w and dns are necessary only if you want internet access on hyper-v nodes)

Enable Remote Management (Option 4) and Remote Desktop (Optional).

Add DNS Suffix on both nodes:

netdom computername hyperv-node1 /Add:hyperv-node1.domain.local

netdom computername hyperv-node1  /MakePrimary:hyperv-node1.domain.local

 and…

netdom computername hyperv-node2 /Add:hyperv-node2.domain.local

netdom computername hyperv-node2  /MakePrimary:hyperv-node2.domain.local

 Open https port on both nodes (TCP 443):

netsh advfirewall firewall add rule name=”Https Replica in” dir=in protocol=TCP localport=443 action=allow

Create and import self signed certificates using makecert.exe utility:

On node1:

Run the following elevated command to Create a self-signed root authority certificate

makecert -pe -n “CN=PrimaryTestRootCA” -ss root -sr LocalMachine -sky signature -r “PrimaryTestRootCA.cer”

The command installs a test certificate in the root store of the local machine and is saved as a file locally

Run the following elevated command to create a new certificate signed by the test root authority certificate

makecert -pe -n “CN=hyperv-node1.domain.local” -ss my -sr LocalMachine -sky exchange -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 -in “PrimaryTestRootCA” -is root -ir LocalMachine -sp “Microsoft RSA SChannel Cryptographic Provider” -sy 12 PrimaryTestCert.cer

The command installs a test certificate in the Personal store of the local machine and is saved as a file locally. The certificate can be used for both Client and Server authentication

On Node2:

Run the following elevated command to Create a self-signed root authority certificate

makecert -pe -n “CN=RecoveryTestRootCA” -ss root -sr LocalMachine -sky signature -r “RecoveryTestRootCA.cer”

The command installs a test certificate in the root store of the local machine and is saved as a file locally.

Run the following elevated command to create a new certificate signed by the test root authority certificate

makecert -pe -n “CN=hyperv-node2.domain.local” -ss my -sr LocalMachine -sky exchange -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 -in “RecoveryTestRootCA” -is root -ir LocalMachine -sp “Microsoft RSA SChannel Cryptographic Provider” -sy 12 RecoveryTestCert.cer

Finishing Up

Copy “RecoveryTestRootCA.cer” from the Replica server to the Primary and import by running the following command elevated

certutil -addstore -f  Root “RecoveryTestRootCA.cer”

 Copy “PrimaryTestRootCA.cer” from the Primary server to the Replica and import by running the following command elevated

certutil -addstore -f  Root “PrimaryTestRootCA.cer”


By default, a certificate revocation check is mandatory and Self-Signed Certificates don’t support Revocation checks. Hence, both modify the following registry key on both the Primary and Replica servers to disable the CRL check

reg add “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Replication” /v DisableCertRevocationCheck /d 1 /t REG_DWORD /f

 

Update:

  1. Add a local administrator  (sconfig.cmd option 3)
    1. with same username and password as you are using on the Windows 8 Server/Client
    2. with other username and password (on client you need to use

      cmdkey /add:<ServerName> /user:<UserName> /pass:<password>

For other remote admin like Event Viewer, Volume Management etc. some firewall rules need to be enabled:

netsh advfirewall firewall set rule group=”Remote Administration” new enable=yes
netsh advfirewall firewall set rule group=”File and Printer Sharing” new enable=yes
netsh advfirewall firewall set rule group=”Remote Service Management” new enable=yes
netsh advfirewall firewall set rule group=”Performance Logs and Alerts” new enable=yes
Netsh advfirewall firewall set rule group=”Remote Event Log Management” new enable=yes
Netsh advfirewall firewall set rule group=”Remote Scheduled Tasks Management” new enable=yes
netsh advfirewall firewall set rule group=”Remote Volume Management” new enable=yes
netsh advfirewall firewall set rule group=”Remote Desktop” new enable=yes
netsh advfirewall firewall set rule group=”Windows Firewall Remote Management” new enable =yes
netsh advfirewall firewall set rule group=”windows management instrumentation (wmi)” new enable =yes
sc config vds start= auto
net start vds

Ok, if all steps went we are finished setting up both nodes and the next step is to remotely control them using RSAT tools for Windows 8 or Windows 2012 Server.

 Personally I tried Windows Server 2012 Evaluation. Download it and install it on a separate computer or VM.

 When finished use “Add Roles & Features” and install “Remote Administration Tools”. Then open “Hyper-V Manager” and connect  to Node1 and Node2 using their respective IP addresses.

 To enable Replica go to Node2, right click  the node and select  “Hyper-V Settings” and then “Replication Configuration”.

 Click  to select  “Enable this Computer as a replica server” . Use Certificate Based Authentication (https), port  443.

 Click  “Select Certificate” and select the one and only certificate from the list. If it does not appear there then something went wromg with the certificates import procedure explained above.Repeat the steps there carefully.

 Select  “Allow replication from any authenticated Server” and press OK. If all are ok hyper-v manager should not complain.

 Now, go to Node1 and create a test vm using the well known procedure. After that right click  the newly created vm and select “Enable Replication”.

 Click Next to the wizard main page. Click Next again.

Specify the name of the target Hyper-V server(hyperv-node2.domain.local). Click Next.

Select the authentication type (certificate-based) and whether compression should be used. Click Next.

Select the hard disks of the VM to be replicated. Click Next.

Select recovery point options–either Only the latest recovery point or Additional recovery points (see screenshot below). Here you can also specify the number of additional recovery points to be stored. You also have the option to take Volume shadow Copy Service (VSS) incremental snapshots at a specific interval. This provides an application-integrity-assured snapshot, as any VSS writers are called during the VSS replica snapshot creation. Make the selections and click Next.

Select how the initial replication of data should be performed–whether over the network, via external media, or using an existing VM on the replica Hyper-V server. Select a time to start replication, and click Next.

View the summary and click Finish, which will begin the replication.