Well i have spend the best part of today trying to get Hyper-V replication working in Server 2012. Lets just say Microsoft documented it well…….

After working through trying to get KERBOS working, i gave up and resorted to using certs.

 

Reading through the guide here, i was struggeling on two points.

Creating the replication cert and actually using the cert.

 

They have gotten the commands around the wrong way when trying to create the replica cert, the real way is below.

 

On the Main Server

makecert -pe -n “CN=PrimaryTestRootCA” -ss root -sr LocalMachine -sky signature -r “PrimaryTestRootCA.cer”

makecert -pe -n “CN=Servername.domain.local” -ss my -sr LocalMachine -sky exchange -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 -in “PrimaryTestRootCA” -is root -ir

LocalMachine -sp “Microsoft RSA SChannel Cryptographic Provider” -sy 12 PrimaryTestCert.cer

On the Replica Server

makecert -pe -n “CN=ReplicaTestRootCA” -ss root -sr LocalMachine -sky signature -r “ReplicaTestRootCA.cer”

makecert -pe -n “CN=Replicaserver.domain.local” -ss my -sr LocalMachine -sky exchange -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 -in “ReplicaTestRootCA” -is root –

ir LocalMachine -sp “Microsoft RSA SChannel Cryptographic Provider” -sy 12 ReplicaTestCert.cer

Then folow the infomation about importing the CAs into each of the servers

Copy the created CA file to the other server

On the main server

certutil -addstore -f Root “ReplicaTestRootCA.cer”

 

On the Replica

certutil -addstore -f Root “PrimaryTestRootCA.cer”

 

Then it came to the Revocation Check. They included one reg hack, but not the other one.

Run these on both servers

reg add “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\FailoverReplication” /v DisableCertRevocationCheck /d 1 /t REG_DWORD /f

reg add “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Replication” /v DisableCertRevocationCheck /d 1 /t REG_DWORD /f

 

 

Oh, and to get makecert.exe you need to run the web install of the Windows SDK from

 

http://msdn.microsoft.com/en-us/windowsserver/bb980924.aspx

 

Just select the “Tools” and you will get MakeCert.exe

 

Thanks for making our lives easy M$ 🙁

« »