VSS KB Articles

DFS management console throws a “the value does not fall within the expected range”
1/13/2018
Windows Server DFS management console throws a “the value does not fall within the expected range”


How to change network profiles on Window 2012R2 Server
1/12/2018
After a restart of one of our servers (a Windows Server 2012 R2), all private connections become public and vice versa. Things like pinging and iSCSI stopped working, and after some investigation it turned out this was the cause.


How to create Self-Signed Certificates for Hyper-V Replication
1/9/2018
How to create Self-Signed Certificates for Hyper-V Replication


Hyper-V virtual machine may not start, and you receive a “‘General access denied error’ (0x80070005)” error message
1/9/2018
Hyper-V virtual machine may not start, and you receive a “‘General access denied error’ (0x80070005)” error message


How to Change/Extend the Expiration Date of Certificates
1/9/2018
Need to change/extend the subordinate CA certificate validity,CA certificate and the template is valid for 5 years but certificates that are issued is showing only 2 years validity.


    

1/9/2018
How to create Self-Signed Certificates for Hyper-V Replication

 How to create Self-Signed Certificates for Hyper-V Replication

Here is the quick and simple lowdown on how to create Self-Signed SSL Certificates for use in Hyper-V Replication. There is a great article on Technet which gives more background into this process – http://blogs.technet.com/b/virtualization/archive/2013/04/13/hyper-v-replica-certificate-based-authentication-makecert.aspx

You will need Makecert.EXE which can be found from http://msdn.microsoft.com/en-us/library/bfsktky3.aspx or here – http://msdn.microsoft.com/en-us/library/windows/desktop/aa386968(v=vs.85).aspx

On the First Server, in an elevated command prompt.

  1. Run makecert -pe -n “CN=FirstRootCA” -ss root -sr LocalMachine -sky signature -r “FirstRootCA.cer”
  2. Run makecert -pe -n “CN=[FQDN1]” -ss my -sr LocalMachine -sky exchange -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 -in “FirstRootCA” -is root -ir LocalMachine -sp “Microsoft RSA SChannel Cryptographic Provider” -sy 12 FirstServer.cer
  3. Copy SecondRootCA.cer from Second Hyper-V
  4. Run certutil -addstore -f Root “SecondRootCA.cer”
  5. Run reg add “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Replication” /v DisableCertRevocationCheck /d 1 /t REG_DWORD /f

On the Second Server, in an elevated command prompt.

  1. Run makecert -pe -n “CN=SecondRootCA” -ss root -sr LocalMachine -sky signature -r “SecondRootCA.cer”
  2. Run makecert -pe -n “CN=[FQDN2]” -ss my -sr LocalMachine -sky exchange -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 -in “SecondRootCA” -is root -ir LocalMachine -sp “Microsoft RSA SChannel Cryptographic Provider” -sy 12 SecondServer.cer
  3. Copy FirstRootCA.cer from First Hyper-V
  4. Run certutil -addstore -f Root “FirstRootCA.cer”
  5. Run reg add “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Replication” /v DisableCertRevocationCheck /d 1 /t REG_DWORD /f

Then you can use these certificates in Hyper-V replication. The steps to setting this up can be found here – http://blog.powerbiz.net.au/hyperv/hyper-v-replica-for-small-business/