用以下powershell 去產生selfsign cert
New-SelfSignedCertificate -DnsName "Server01.abc.local", "Server01" -CertStoreLocation "cert:\LocalMachine\My" -KeyExportPolicy exportable -TestRoot
-testroot 就是產生張 intermeidate cert 而且自动放入去CA, 但是还要把证书放到root 哪里
Get-ChildItem -Path cert:\LocalMachine\ca\4A3333FC4E1274995AF5A95810881C86F2DF7FBD | Export-Certificate -FilePath C:\mypfx.cer
Import-Certificate -FilePath C:\mypfx.cer -CertStoreLocation Cert:\LocalMachine\Root
因为hyperV 會檢查證書, 所以我們要停掉, 否則selfsign cert 會出錯誤
set-ItemProperty -name DisableCertRevocationCheck -Value 1 -path “HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Replication”
找出之前的证书的Thumbprint
Get-ChildItem -Path cert:\LocalMachine\my
$StoreLocation = "c:\hyper-v\virtual hard disks" #放哪里
$cert = “A4B2E3855BC03B1B53A73401236E3234F11E281F” #上一个步的Thumbprint
Set-VMReplicationServer -AllowedAuthenticationType Certificate -ReplicationAllowedFromAnyServer $true -DefaultStorageLocation $StoreLocation -CertificateThumbprint $cert -RepEnabled $true
重复以上在Server02 上后
Enable-VMReplication VM Server01 -AuthenticationType Certificate -CertificateThumbprint A4B2E3855BC03B1B53A73401236E3234F11E281F -ReplicaServerPort 443
Microsoft 有文檔說不過不是用powershell
留言
發佈留言