Certificate Based Replication between Hyper V Servers

(Based on Server 2012 R2)

Level: Intermediate

The purpose of this article is configure certificate based replication enabled and working between Microsoft’s Hyper V platform.


This procedure performed here uses Self Signed Certificate which we will generate during the process.


If you already have a live environment then you will have the following already in place:


  1. 2 Physical Servers which host Virtualization
  2. Windows Server 2012 R2 Standard installed on both servers
  3. exe which will help you create self signed certificates
  4. A Virtual Machine on the primary server



You can download makecert.exe from here

Makecert.exe is part of Windows SDK w

hich can be accessed here

Step 1: Download Makecert.exe and save it in a folder c:\makecert

Step 2: Open Up elevated Command Prompt and navigate to the folder c:\makecert as shown in the pic

Figure 1-CD to makecert Folder

Figure 1-CD to makecert folder



Step 3:

Type the commands as below:

  1. exe –pe –n “CN=ReplicaServerRootCA” –ss root –sr LocalMachine –sky signature –r “ReplicaServerRootCA.cer”
    1. What you have done above is create a Certificate Authority which you can use to issue certificates locally.


  1. exe –pe –n “CN=ntc-dc1” –ss my –sr LocalMachine –sky exchange –eku, –in “ReplicaServerRootCA” –is root –ir LocalMachine –sp “Microsoft RSA SChannel Cryptographic Provider” –sy 12 ntc-dc1
    1. What you have done here is use the same CA i.e: ReplicaServerRootCA to issue a certificate. You need to make sure you run “hostname” command in command prompt to get the exact hostname.

Explanation of Parameters in abov

e 2 commands

pe : this parameter means the private key generated is exportable & can be included in the certificate

n: “CN=CARoot” The certificate name must be formatted as the standard

sr: LocalMachine The certificate’s store location

ss root : The certificate store name

r: indicates the certificate is self signed

sky: this parameter specifies key type i.e: signature,exchange or integer

eku: usage object identifiers

You can learn more about fully parameters by following this link

Figure 2 - Create Certificates

Figure 2-Create Certificates

Step 4:

Reg add “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virutalization\Replication” /v DisableCertRevocationCheck /d 1 /t REG_DWORD /f

By default, a certificate revocation check is mandatory. Because self signed certificates which we are using here do not support checks, we amend the registry to disable the check with above registry value.

Figure 3 - Cert Revocation

Figure 3-Cert Revocation

At this point you should be able to see your certificate in MMC/Certificates/Computer Account Snap In as shown in the screenshot

Open Certificates Snap by following steps:

Type mmc in Command Prompt and below window will open

Figure 4 - CMD MMC

Figure 4-CMD MMC

Click on File -> Add / Remove Snap Ins

Figure 5 - MMC Computer Account

Figure 5-MMC Computer Account

Add as a Computer Account

Figure 6 - Snap In Local Computer

Figure 6-Snap In Local Computer

Figure 7 - MMC Certificates

Figure 7-MMC Certificates

Step 7:


Open up Hyper-V manager as shown and you should be able to see the certificate once you check Use Certificate-based Authentication (HTTPS)

Figure 8-HyperV Manager on Replica Server

Figure 8-Hyper V Manager on Replica Server


At this point, repeat Step 2 – Step 7 on the Primary Server to generate a certificate.

Figure 9-Generate Cert on Primary

Figure 10- HyperV Manager on Primary Server

Figure 10-HpyerV Manager on Primary Server


Once, that is complete, the only left to do is to add the certificate of Primary Server to the Replica Server and vice versa.


Adding Certificates to both servers

You will need to copy certificates to certificate stores on both servers.


  1. Open Up MMC by going to Run -> MMC

Figure 13 - Snap In Open

Figure 11-Snap In Open

  1. You will be saving the certificate you generated in Personal and Trusted root Certification Authorities Store.

Figure 13 - Snap In Open Figure 12-Cert Locations

Figure 12-Cert Locations

  1. Right Click and Import

Figure 12 - Right Click Import

Figure 13-Right click import

  1. You need to import your server certificate in here.
  2. Go to Trusted Root Certification Authorities -> Certificates and import CA certificate in there.
  3. Repeat the process to import the certificate on other server.



Enable Replication


  1. Open Up Hyper-V Manager on the Primary Server and right click on the VM which you want to replicate to the Replica Server.

Click Next

Enter the replica server name and click Next

Choose your port which you defined on replica server and select the certificate as below


Figure 13 - enable replication

replication wizard page 1

replication wizard page 2

replication wizard page 3

replication wizard page 4

replication wizard page 5

replication wizard page 6

replication wizard page 7

replication wizard page finish


Hyper V Certificate Based Replication – How To
Tagged on:                                                     

Leave a Reply

Your email address will not be published. Required fields are marked *

Animated Social Media Icons by Acurax Wordpress Development Company
Visit Us On TwitterVisit Us On FacebookVisit Us On Google PlusVisit Us On YoutubeVisit Us On Linkedin