Setup 2 Hyper-V 2016 Servers, enable Hyper-V Replica with self-created certificates and connect to Server Manager on Windows

Peter Bengert
Feb 28, 2018 · 7 min read

I’ll give you a brief walkthrough how you can setup the free Microsoft Hyper-V Server 2016 on two computers and create a Hyper-V Replica for failover purpose. Furthermore, we’ll setup Microsoft Server-Manager on another Windows 10 computer so that you can manage both servers remotely. If you want we’ll also install Altaro Hyper-V backup in the end.

Step 1: Get Hyper-V Server 2016 from https://www.microsoft.com/en-us/evalcenter/evaluate-hyper-v-server-2016

Install Hyper-V Server on both machines, we’ll start the walkthrough right after installation.

Select 2 and assign a new name: HYPERV2016 then goto 8 and assign your network settings.

The next step should be to add a local administrator. Please use the same username and password that you will use on the Windows 10 machine later to administer the system. (Choose option 3)

When done reboot the server with option 12.

Do the same on the replica machine. Here we will use the name: HYPERV2016REPLICA

Step 2: Install Server-Manager RAST on Windows 10 and configure it and enable Hyper-V GUI Management Tools

Here I’ve been following most steps from https://www.server-essentials.com/support/articleid/142/how-to-install-and-configure-rsat-on-windows-10-and-make-it-a-management-workstation-that-connects-to-a-hyper-v-2016-core-server-in-a-workgroup with little tweaks to make it work with more than 1 server.

You can get it here: https://www.microsoft.com/en-us/download/confirmation.aspx?id=45520

Then use the search window in Windows 10 to look for ‘feature’ and open Turn Windows features on or off.

Turn Hyper-V Management Tools on. Now you should restart Windows 10.

Now please head over to https://www.server-essentials.com/support/articleid/142/how-to-install-and-configure-rsat-on-windows-10-and-make-it-a-management-workstation-that-connects-to-a-hyper-v-2016-core-server-in-a-workgroup and follow this guide until you reach point 8.’

Here we will enter our 2 servers.

192.168.1.40 HYPERV2016
192.168.1.38 HYPERV2016REPLICA

Go on to Step 10 but please use the following command:

Set-Item WSMan:\localhost\Client\TrustedHosts -Value HYPERV2016 -Force -ConcatenateSet-Item WSMan:\localhost\Client\TrustedHosts -Value HYPERV2016REPLICA -Force -Concatenate

The difference is that you add -Concatenate, otherwise you overwrite the first command with the second.

You can than check if it worked with:

Get-Item WSMan:\localhost\Client\TrustedHosts

Check that both servers have been added.

Now follow the next steps but add both servers HYPERV2016 and HYPERV2016REPLICA to the Server Manager.

It should like this in the end:

Now we have to Hyper-V Servers up and running and we have connected them to a Windows 10 Server Manager.

The next step is to setup the replica.

Step 3: Setup Hyper-V Replica

Here is a brief outline what we are going to to: first on Windows 10 we create certificates and export them to the Hyper-V Servers, than we are adjusting the firewall and enable the replica. We are following some steps from: http://blog.fedenko.info/2016/06/hyper-v-replica-with-self-signed.html

Temporarily disable Windows Firewall on both Hyper-V Servers:

On Windows 10 in Server Manager, you can get a PowerShell and execute commands on the remote server. Run this command on both servers:

Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled false

(don’t forget to enable it later again)

Close Server Manager an run PowerShell on your Windows 10 computer as administrator and run the following commands:

New-SelfSignedCertificate -Type "Custom" -KeyExportPolicy "Exportable" -Subject "HYPERVDEMO" -CertStoreLocation "Cert:\LocalMachine\My" -KeySpec "Signature" -KeyUsage "CertSign" -NotAfter (Get-Date).AddDays(10000)

Then you will get the thumbprint of your key, here it is 84D00B06A1ACE238FD068EB5E6FD64406D77ACB4 but yours will be different, you will have to replace it with yours in the following commands

New-SelfSignedCertificate -type "Custom" -KeyExportPolicy "Exportable" -Subject "CN=HYPERV2016" -CertStoreLocation "Cert:\LocalMachine\My" -KeySpec "KeyExchange" -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2") -Signer "Cert:LocalMachine\My\84D00B06A1ACE238FD068EB5E6FD64406D77ACB4" -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" -NotAfter (Get-Date).AddDays(10000)

and in the next one too.

New-SelfSignedCertificate -type "Custom" -KeyExportPolicy "Exportable" -Subject "CN=HYPERV2016REPLICA" -CertStoreLocation "Cert:\LocalMachine\My" -KeySpec "KeyExchange" -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2") -Signer "Cert:LocalMachine\My\84D00B06A1ACE238FD068EB5E6FD64406D77ACB4" -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" -NotAfter (Get-Date).AddDays(10000)

Now we will export the certificates:

For the root certificate we do not need the private key.

Well save it to deskop in a folder called certificates and name it HYPERVDEMO.cer

The we’ll export HYPERV2016 but now with the private key and uncheck “Include all certificates in the certification path if possible”, set a password and save the certificate as HYPERV.pfx. Then repeat it with the HYPERV2016REPLICA certificate.

Now we should have the following certificates:

Now you will copy these files to the servers. You can get access from Windows Explorer with \\HYPERV2016\C$ and \\HYPERV2016REPLICA\C$

If it is not working check if you disabled the firewall earlier.

Use Server-Manager to open a PowerShell on both the servers

Run the following commands in PowerShell on the servers:

(first, navigate to the folder where you copied the certificates)

On HYPERV2016 and HYPERV2016REPLICA run:

Import-Certificate -CertStoreLocation Cert:\LocalMachine\Root\ -FilePath .\HYPERVDEMO.cer

On HYPERV2016 run:

$mypwd = Get-Credential -UserName 'Enter password below' -Message 'Enter password below'

enter password and run

Import-PfxCertificate -CertStoreLocation Cert:\LocalMachine\my\ -FilePath .\HyperV2016.pfx -Password $mypwd.Password

On HYPERV2016REPLICA run:

$mypwd = Get-Credential -UserName 'Enter password below' -Message 'Enter password below'

enter password and run

Import-PfxCertificate -CertStoreLocation Cert:\LocalMachine\my\ -FilePath .\HyperV2016Replica.pfx -Password $mypwd.Password

On HYPERV2016 and HYPERV2016REPLICA run:

REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Replication" /v DisableCertRevocationCheck /d 1 /t REG_DWORD /f

On HYPERV2016REPLICA run to enable firewall rules:

netsh advfirewall firewall set rule group=“Hyper-V Replica HTTPS” new enable=yes

Now make sure both servers will find each other in the network using their name HYPERV2016 and HYPERV2016REPLICA. Edit the HOSTS file on each server (or do it on your DNS):

Press Win+R on Windows 10 and run

notepad.exe \\HYPERV2016\C$\windows\system32\drivers\etc\hosts

and add the entries:

192.168.1.40 HYPERV2016
192.168.1.38 HYPERV2016REPLICA

Save and edit the same file on HYPERV2016REPLICA with the same entries

notepad.exe \\HYPERV2016REPLICA\C$\windows\system32\drivers\etc\hosts

(if you want to be sure that it worked you can run on each server:

ping HYPERV2016
and
ping HYPERV2016REPLICA

to see that everything went right)

Now let’s create a virtual machine and enable replica:

Use Server Manager to open the Hyper-V Manager for HYPERV2016REPLICA

On HYPERV2016 enable replication, choose https and select our imported certificate and allow replication from any authenticated server.

Now create a sample virtual machine on HYPERV2016, I’ll call mine TestVM.

Right-click the VM and Enable Replication and enter HYPERV2016REPLICA to the server field. Choose ‘Use certificate-based authentication’, select our created certificate and keep all other settings.

Press Finish. If you are lucky you will not get an error message now! Now you have a Hyper-V 2016 Replica working with your self-created certificates.

Select your VM and View Replication Health and check if everything is okay.

Well done!

The last step is to re-enable the firewall running the following command on both servers:

Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled true

BONUS

If you are still not satisfied as a bonus we’ll add a backup solution to your HYPERV2016. But this optional.’

Head over to https://www.altaro.com/hyper-v-backup/ and get the free trial (which will work forever in a limited 2 VM setup).

Copy the file to your HYPERV2016 like we did with the certificates before (maybe you have to adjust your firewall again) and follow this guide:

https://www.altaro.com/files/Installing-Altaro-Hyper-V-Backup-on-Core.pdf

Now you can start the Altaro Backup Management Console directly from the command line on HYPERV2016 with the following command:

STARTALTARO

Furthermore, you can grab the Altaro Management Tools from https://www.altaro.com/vm-backup/download-tools.php and install these tools on your Windows 10 machine. Now you can access the backups from there.

Good luck and have fun!

Peter Bengert

Written by

Father of 3. Mostly doing stuff.

More From Medium

Related reads

Also tagged Microsoft

Apr 4 · 3 min read

130

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade