Configure Shared-nothing & Hyper-V 2016 Replica

On our last post, we learned how to set up a nested Hyper-V 2016 lab inside VMware Workstation, which can be a great tool for us to learn more, freely explore, and obtain deeper understanding of a great virtualization platform from Microsoft. Now this post is a start of us running wild and testing some of the things we can do in Hyper-V 2016, and we’ll start off with configuring Shared-nothing setup, followed by Hyper-V 2016 Replica. Let’s begin.

Set up Shared-nothing Hyper-V 2016

Normally, we’d have to set up and connect a shared storage to our virtualization hosts before we can do live migrations (migrating VMs from one host to another while the VM is turned on). On the contrary, shared-nothing setup of Hyper-V allows us to do live migrations without a shared storage at all.

However, we should understand that VMs that were running on a Hyper-V host that unexpectedly turned off will not auto-migrate/restart to other Hyper-V hosts in shared-nothing Hyper-V setup. But in case of planned downtime or maintenance, you can live migrate VMs to another Hyper-V host, patch and restart the empty Hyper-V host, and then move VMs back to it again.

1. Let’s start off with configuring constrained delegation. Open PowerShell of dc02 and run this script (I copied and pasted this block of code on Notepad and then saved it as SetKCD.ps1).

$OU = [ADSI]"LDAP://CN=Computers,DC=lab,DC=pri"
$DNSSuffix = "lab.pri"
$Computers = @{} # Hash table

foreach ($child in $OU.PSBase.Children){
   # add each computer in the OU to the hash table
   if ($child.ObjectCategory -like '*computer*'){
      $Computers.Add($child.Name.Value, $child.distinguishedName.Value)

# Process each AD computer object in the OU in turn
foreach ($ADObjectName in $Computers.Keys){
   Write-Host $ADObjectName
   Write-Host "Enable VM Live Migration and set authentication to Kerberos"
   Enable-VMMigration -ComputerName $ADObjectName
   Set-VMHost -ComputerName $ADObjectName -VirtualMachineMigrationAuthenticationType Kerberos -UseAnyNetworkForMigration $true
   Write-Host "Processing KCD for AD object"
   # Add delegation to the current AD computer object for each computer in the OU
   foreach ($ComputerName in $Computers.Keys){
      Write-Host (" Processing "+$ComputerName+", added ") -NoNewline
      $ServiceString = "cifs/"+$ComputerName+"."+$DNSSuffix,"cifs/"+$ComputerName
      Set-ADObject -Identity $Computers.$ADObjectName -Add @{"msDS-AllowedToDelegateTo" = $ServiceString}
      Write-Host ("cifs") -NoNewline
      $ServiceString = "Microsoft Virtual System Migration Service/"+$ComputerName+"."+$DNSSuffix,"Microsoft Virtual System Migration Service/"+$ComputerName
      Set-ADObject -Identity $Computers.$ADObjectName -Add @{"msDS-AllowedToDelegateTo" = $ServiceString}
      Write-Host (", Microsoft Virtual System Migration Service")

Hyper-V 2016 Shared-nothing and Replica 01

Credits to the Author of Robin CM’s IT Blog for sharing block of codes that I simply modified a little bit.

2. After running the script above, we need to do these things:

a. Unfortunately, modifying AD objects still requires calling up WMI classes, which makes PowerShell commands complicated than they need to be just to get simple things done via CLI. The script above helped with some heavy lifting by adding the hosts and their services that need to be trusted, but we still need to change the authentication method in Active Directory Users and Computers MMC from Use Kerberos to Use any authentication protocol.

Hyper-V 2016 Shared-nothing and Replica 02

b. For some reason I don’t know, we have to reboot the Hyper-V hosts or Shared-nothing VM migration will not work even if all the settings are properly set.

3. At this point, I’ll add the Hyper-V hosts of my lab to Server Manager and Hyper-V Manager of dc02 so I can carry-on with some of the tasks using GUI. There are only so much we can do on command-line until it becomes more efficient to do things via GUI, like creating one OS-less VM and moving it to another Hyper-V host to test your configuration.

Hyper-V 2016 Shared-nothing and Replica 03

But for the sake of learning, here’s the PowerShell command to create a VM, start it, and move it to another host:

New-VM -Name "TestVM01" -MemoryStartupBytes 1GB -Generation 2 -NewVHDPath "C:\Users\Public\Documents\Hyper-V\Virtual Hard Disks\TestVM01.vhdx" -NewVHDSizeBytes 127GB | Start-VM
#Make sure this command is run using a domain admin account.
Move-VM TestVM01 -DestinationHost hv01 -DestinationStoragePath "C:\users\public\Documents\hyper-v\Virtual hard disks" -IncludeStorage

And just like that, we have can do Shared-nothing Live migration of VMs from one host to another – no shared storage, no Hyper-V cluster. Let’s move on to setting up Hyper-V Replica.

Set up Hyper-V 2016 Replication

One way to make VMs highly available in Hyper-V is to get those VMs replicated to another host. In case the original host go down, with replication enabled on those Hyper-V hosts and VMs, we can manually reboot the VMs on other hosts. This is different from making VMs highly available using Failover Cluster, which we will go through in another post.

1. Use these commands to create a new Trust Group with hv01 and hv02 as members, and then enable replication on the Hyper-V host with Kerberos authentication.

New-VMReplicationAuthorizationEntry -AllowedPrimaryServer "hv01.lab.pri" -ReplicaStorageLocation "C:\users\public\Documents\hyper-v\Virtual hard disks" -TrustGroup "lab.pri"
New-VMReplicationAuthorizationEntry -AllowedPrimaryServer "hv02.lab.pri" -ReplicaStorageLocation "C:\users\public\Documents\hyper-v\Virtual hard disks" -TrustGroup "lab.pri"
Set-VMReplicationServer $true -AllowedAuthenticationType Kerberos -AllowAnyServer $false

2. Run this command to enable replication on a VM, set other necessary parameters, and start the initial replication immediately.

#Make sure this command is run using a domain admin account
Enable-VMReplication -VMName TestVM01 -ReplicaServerName hv01.lab.pri -ReplicaServerPort 80 -AuthenticationType Kerberos | Start-VMInitialReplication

Since my test VM is simply an empty shell, the replication completed in a few seconds and I can see a copy of this VM on the second Hyper-V host.

I tried to do a Planned Failover but received an error message that the VM should be turned off. I thought it’s the copy VM that should be off. Turns out, it’s the original / source VM should be off.

It’s awesome to be able to test these things out without causing permanent damage on our CV’s as virtualization experts. We’ll continue playing with our nested Hyper-V 2016 lab soon.

By |2018-10-07T12:54:57+00:00November 18th, 2017|Microsoft, Technology|0 Comments

About the Author:

Leave A Comment