Setting up Hyper-V Replica on Windows 2012 in Workgroup Mode Using SSL Certificates

This guide is specifically for setting up Hyper-V Replica between two Windows 2012 (not Windows 2012 R2) servers in Workgroup mode (not joined to a domain) using SSL/HTTPS over port 443 (not PLAIN/HTTP over port 80) and focuses on the configuration of the SSL certificates.

Note: PrimaryServer is the server with the VM that we want to replicate. SecondaryServer is the server that will host the replica of the VM.

  1. Disable Windows Firewall on both servers (or at least allow port 80 and port 443 inbound on both servers)
  2. Make sure the user account you are setting up Hyper-V replica as, exists as member of the Administrators group on both servers, with the same password!
    1. For simplicity sake, you could use the Administrator account, with the same password on both servers.
  3. Add entries to the c:windowssystem32driversetchosts file as follows
    1. IP-Address Hostname. For example:
      1. 192.168.1.1 PrimaryServer
      2. 192.168.1.2 SecondaryServer
    2. Do this step on both servers. You should be able to ping both hostnames from both servers without using an IP Address (using the hostname instead).
  4. Download MakeCert on to both machines. You can download it here.
  5. Open a command prompt on the PrimaryServer (not powershell) and run the following commands in the makecert directory 
    1. makecert -pe -n "CN=PrimaryServerRootCA" -ss root -sr LocalMachine -sky signature -r "PrimaryServerRootCA.cer"
    2. makecert -pe -n "CN=PrimaryServerHostName" -ss my -sr LocalMachine -sky exchange -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 -in "PrimaryServerRootCA" -is root -ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 PrimaryServer.cer
  6. Open a command prompt on the SecondaryServer (not powershell) and run the following commands in the makecert directory 
    1. makecert -pe -n "CN=SecondaryServerRootCA" -ss root -sr LocalMachine -sky signature -r "SecondaryServerRootCA.cer"
    2. makecert -pe -n "CN=SecondaryServerHostName" -ss my -sr LocalMachine -sky exchange -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 -in "SecondaryServerRootCA" -is root -ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 SecondaryServer.cer
  7. Copy the PrimaryServerRootCA.cer file from the makecert directory on the PrimaryServer to the makecert directory on the SecondaryServer
  8. Copy the SecondaryServerRootCA.cer file from the makecert directory on the SecondaryServer to the makecert directory on the PrimaryServer
  9. Open a command prompt on the PrimaryServer (not powershell) and run the following commands in the makecert directory 
    1. certutil -addstore -f Root "SecondaryServerRootCA.cer"
    2. reg add "HKLMSOFTWAREMicrosoftWindows NTCurrentVersionVirtualizationReplication" /v DisableCertRevocationCheck /d 1 /t REG_DWORD /f
    3. reg add "HKLMSOFTWAREMicrosoftWindows NTCurrentVersionVirtualizationFailoverReplication" /v DisableCertRevocationCheck /d 1 /t REG_DWORD /f
  10. Open a command prompt on the SecondaryServer (not powershell) and run the following commands in the makecert directory 
    1. certutil -addstore -f Root "PrimaryServerRootCA.cer"
    2. reg add "HKLMSOFTWAREMicrosoftWindows NTCurrentVersionVirtualizationReplication" /v DisableCertRevocationCheck /d 1 /t REG_DWORD /f
    3. reg add "HKLMSOFTWAREMicrosoftWindows NTCurrentVersionVirtualizationFailoverReplication" /v DisableCertRevocationCheck /d 1 /t REG_DWORD /f
  11. You can now follow the steps here: http://technet.microsoft.com/en-us/library/jj134207.aspx to set up Hyper-V Replica on Windows Server 2012 (skip over the SSL certificate stuff, you just did that). Ignore the Hyper-V Replica Broker detail. If you’re clever enough to be setting up a Hyper-V Replica Cluster with a Broker, you don’t need to be reading this guide 😉
    1. For the rest of us, proceed as follows:
      1. http://technet.microsoft.com/en-us/library/jj134153.aspx  – Prepare to Deploy Hyper-V Replica (skip sections 1.4 and 1.5).
      2. http://technet.microsoft.com/en-us/library/jj134240.aspx – Enable Replication (skip section 2.2)
      3. http://technet.microsoft.com/en-us/library/jj134165.aspx – Test the Replication Deployment
      4. http://technet.microsoft.com/en-us/library/jj134194.aspx – Perform a Planned Failover
      5. http://technet.microsoft.com/en-us/library/jj134169.aspx – Respond to an Unplanned Failover