Hyper-v Replica Certificate Based with your own Root Authority #WS2012 #hyperv #HRM #DRAAS #TEE13 @MSTeched   2 comments

With the new products that are available end of 2013 ( Windows 2012R2 and the system center R2 ) releases Replication will be important all the way and will be easier to create but also the environment will be more complex.  Replication on kerberos is easy to uses even shared nothing is quick and fast but what about certificate based ?

Easy to use click a certificate and use it. It is that easy or not ? well it is almost.

image

In this case I have My DC that hold a Enterprise Root CA and two clusters and 4 VMM servers,

Well You will only need the Root CA and Two Hyper-v server Clustered in different clusters.

yes we will do Clustered Based Certificate Based Replication ( CBCBR )

 

image

Open Certification Authority (certsrv.msc) from Administrative Tools

Right click on Certificate Template and click on Manage then we duplicate the Workstation Authentication template

image image

 

 

imageGive the Certificate a nice name like  Hyper-v Replica Authentication

That you know where the certificate is for.

There are a few things we need to change or can change

image I choose for 2012 usage only in the compatible settings Certificate recipient and authority can be set to Windows Server 2012

image The Security settings Ensure that Authenticated Users are allowed to Read and Enroll.

image imageimage

Edit Application Policies and add Server Authentication

Subject Name Change the option to Supply in the Request

image

 

Now that the Certificate template is ready we are going to import this certificate

imageimage

Open Certification Authority on the server and click on Certificate Templates

Select Action and choose the New option followed by Certificate Template to Issue.

Choose the certificate template name from the pop-up box

imageimage

Now that the basic is ready on our DC we can deploy the Certificate to the clusters / hyper-v server

If you try to add a cert now in the Hyper-v broker. You will see a nice error wrong or no certificate.

image A cool thing in 2012 is that you can do PowerShell in the certificate store.

image

go to c:\windows\system32

cd cert:

use the :

then

cd .\\localmachine\root  then a Dir and you will see all the certificates

How cool is that !

image  Open an MMC and open the localmachine store.Requesting Hyper-V Replica Certificates from an Enterprise CA based on our current template.

image image

Next and see here is our new certificate template

image Now check the certificate and click on the blue line more information is required.

imageUse the CN = Common name  / friendly name to identify the certificate. and use the computer names to connect to the certificate but you can also use the *.domain.local for a wildcard certificate

hit apply and the next on enroll

imageimage

and in the certificate store the certificate should been listed image

 

And that’s the process for customizing and requesting certificates. Your final step in configuring Hyper-V Replica happens back in Cluster Failover Manager.

image now check the broker Role in the cluster and do right click

Launch replication Settings and click the Select Certificate button in Replication Configuration. If you’ve done everything correctly, you’ll see your recently installed and customized certificate

image image

and I n my case I have two clusters and won’t to replicate from and to the both clusters.

there for I used the same certificate import and export with private key and put it on all the nodes remember the node name should be in the certificate FQDN !

 

image image In the VM you can enable replication and choose the certificate. But you can also mix one VM with Kerberos and the other with a certificate

 

image

Once It is done it is keep working unless the certificate is expired !

 

Next stop will be Hyper-v Replication Manager.

Posted June 18, 2013 by Robert Smit [MVP] in Hyper-V, Hyper-v Recovery Manager

Tagged with

2 responses to “Hyper-v Replica Certificate Based with your own Root Authority #WS2012 #hyperv #HRM #DRAAS #TEE13 @MSTeched

Subscribe to comments with RSS.

  1. Pingback: Continuous Availability #Deploying and Managing Clusters Using #Windows Server 2012 R2 #ws2012r2 #TEE13 | The Windows Server Cluster Failover Blog

  2. Pingback: Hyper-V 3.0 網域環境使用企業CA Replica 設定 | MIS的背影

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

  • Twitter

  • %d bloggers like this: