ankso

Δοκίμασε να κάνεις αυτό που λέει ο Νίκος, να προσπαθήσεις όταν υπάρχει το πρόβλημα να κλείνεις ένα-ένα VM για να κάνεις το αρχικό troubleshooting στο αν φταίει κάποιο vm ή το πρόβλημα είναι στο hyper-v host και κάτω.

Hello, Before some days CentOS team released a new version with number 6.6. After some upgrades and lab tests in the infrastructure I found some problems with the backing up procedure from the DPM and generally with the VSS. To be more specific when you try to take a backup from a CentOS 6.6 upgraded image from CentOS 6.5 with Hyper-V Backup Essentials installed (the module/package which was till 6.5 responsible for the VSS backup on Linux VMs) you are getting freeze the VM (hang) with kernel panic errors on the /var/log/messages file. So the only thing you can do is to hard reset your VM in order to be operational. The thing is that after the hard reset of your VM you will still can't take backup with VSS enabled. The one way to don't mess with this thing is to go on your Hyper-V Manager -> Virtual Machine settings and uncheck the Backup on the Integration Services configuration. The second way to avoid all this thing and use operational the VSS, please follow the below instructions: 1. You have to remove your integration services so you can install again the new released package for CentOS 6.6 (hyperv-daemons) which includes the Online backup ability without any problem rpm -e microsoft-hyper-v kmod-microsoft-hyper-v When uninstall complete please reboot your VM. 2. After the reboot please login on your VM and install the hyperv-daemons package (if you are not root run it with sudo in front of the command below) yum install hyperv-daemons When install complete please reboot your VM. Even after the above instructions completed and the VM is working fine, when you try to backup your VM you will get some errors on your remote console of hang_task_timeout_secs and inside the /var/log/messages file that the Hyper-V VSS: VSS: freeze of /boot: Permission denied. After a contact with Microsoft and some other on Technet the workaround is below. These problems occurs because of the SELINUX is not disable and be more specific it doesn't allow the hyper-v vss daemon to run. To workaround it please do the following: 1. Disable SELINUX 1.1 vi /etc/selinux/config1.2 disable SELINUX1.3 press ESC1.4 :wq1.5 reboot 2. If you are having strictly policy and for some reason you are using the SELINUX firewall module, run the following command in order to give rights on the hyper-v vss daemon to run on your CentOS semanage permissive -a hypervvssd_t If you get an error "command not found" is because you have to install the python policy core utilities that SELINUX uses. Run the following command in order to install them: yum install policycoreutils-python These things above have been tested on Windows Server Hyper-V 2012 R2 and DPM 2012 R2 UR3 and works without any problem (for now) Please, bofore do anything on your production Virtual Machines please test it on your infrastructure too because some things might not be the same or not fitting with the guide above. If you have any additional informations please comment. Have a nice day.

Our scenario is about Hyper-V Replica between two different domains, one with the stand alone Hyper-V 2012 Nodes (primary site) and the other with a Clustered Infrastructure of Hyper-V 2012 R2 (repilica site). After a lot of trial and error with some configurations for this scenario I ended with the following config. First of all this config is based on Certificates and not Kerberos because of the different domains between the Hyper-V Infrastructures. Bellow you will find the steps to make it work, so let's start. 1. We must create the Hyper-V Replica Broker (on the Replica site, where our cluster nodes exhists): Open the Failover Cluster Configure Role Select Hyper-V Replica Broker and hit "Next" Add the Name of the replica broker e.g replicabroker (Note: this will be translated as an fqdn and also will be add on the domain controller the a record replicabroker.domain.local) Add the IP for the Replica Broker (you have to add one unused IP from your local/public network (of course must be an ip from the same network as hosts and generally a routable IP) this will be a Virtual IP for the Host so you don't need to add another network interface) Then click "Finish" 2. We must open the Inbound Replica Broker rule on the Advanced Firewall of all Hyper-V nodes (the rule has been automatically created and named as: Hyper-V Replica HTTPS Listener (TCP-In)) 3. We must create the certificates and the CAs, to do that we will use the makecert.exe tool. This tool you can download it if you don't have it from here. 4. After you install and locate the makecert.exe utility copy & paste it to the Primary site on the Primary server node you want to enable replication. 5. Run the following command from an elevated command prompt (cmd) on the primary server. This commands creates a self-signed root authority certificate. Also installs a Certificate in the root store of the local machine and is saved as a file locally to the current directory: In primary server run this: 1. makecert -pe -n "CN=PrimaryRootCA" -ss root -sr LocalMachine -sky signature -r "PrimaryRootCA.cer" and hit enter 2. makecert -pe -n "CN=<fqdn.of.the.primary.server>" -ss my -sr LocalMachine -sky exchange -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 -in "PrimaryRootCA" -is root -ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 <PrimaryServerName>.cer (this will have to do it as times as the stand alone Hyper-V nodes we need to enable replication, the only thing we must change is the <fqdn> and the <PrimaryServerName>). 3. We run one more time the upper command with the difference instead of the <fqdn> will add *.domain.local and in the <PrimaryServerName> you add something to remembers you that is for the replica site so lets say it ReplicaSite.cer. 6. We need to export the replica site certificate that we created in step 5.1.3 so we open the MMC -> Add/Remove Snap-In -> Add Certificate -> Computer Account -> Next,Next & Finish 7. We go to Personal -> Certificates and with right-click Export the ReplicaSite Certificate. We proceed with Export including the key and the file will be as .pfx also you have to give a password for the certificate. 8. After this we copy and paste this exported certificate the certificate of the CA that we have been created at step 5.1.1 (this will be located on the current directory that you run the cmd commands) on all Hyper-V Cluster nodes of the Replica Site (a good directory is C:\). 9. We open an elevated command prompt (cmd) and we run the certutil: certutil -addstore -f Root "C:\PrimaryRootCA.cer" (this will have to do it on every Hyper-V cluster node in the Replica Site). 10. After this we have to import the ReplicaSite certificate that we have exported as .pfx from the Primary Site to the Hyper-V Cluster nodes (again we must do it on every Hyper-V Cluster node in our Replica Site). To do this we open MMC -> Add/Remove Snap-In -> Add Certificates -> Computer Account -> Next, Next & Finish 11. Then we navigate to Personal -> Certificates -> Right-click and Import -> You must give the password that you have setup on the step 7. 12. Before we proceed with the replica configuration we have to disable the Revocation Check. This we have to do it on every Hyper-V server (primary site (stand alone nodes) and replica site (cluster nodes). To do this we must run this two commands bellow from an elevated command prompt (cmd): reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\FailoverReplication" /v DisableCertRevocationCheck /d 1 /t REG_DWORD /f reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Replication" /v DisableCertRevocationCheck /d 1 /t REG_DWORD /f 13. After we have finished with the Import of the CA certificate and the ReplicaSite certificate and also with the disable of the Revocation Check we must select it to the Replica Broker configuration. To do this follow the steps bellow: Open The Failover Cluster and Navigate to Roles Right-click on the replica broker and select "Replication Settings" Check the "Enable this Cluster as a Replica Server" Check the "Use certificate-based Authentication (HTTPS)" Specify the port on 443 (leave it as it is) Now you must select the ReplicaSite Certificate that we have created and imported it to the Hyper-V Cluster nodes Specify the Cluster Storage directory And click OK 14. Now you have to Enable Replication in a VM on the Primary Server 15. To do this following the instruction bellow: Right-Click on the VM you want to replicate and select Enable Replication Just hit "Next" on the first page with the description "Before You Begin" Specify the Replica Server, you must add the FQDN for the replica site (just to mention, all the Hyper-V nodes and the Replica Broker must have access to Internet and have FQDNs in the public dns servers of your Infrastructure so thay can "communicate" also they must have open the port 443 on the local firewall or if you use a dedicated appliance and NAT you must do the Network config there too) for me the FQDN is replicabroker.domain.local and hit "Next" After the Verification of the Replica we must specify the Connection Parameters. The only thing in that page that we must change (of course based on our scenario) is the Certificate, so we must select the Certificate with FQDN that we have been created based on the current server. "Next" on the Replication VHD (except we have 2 vhds and we want to replicate only one of them) In the Configure Recovery History you can configure whatever you want on your scenario and "Next" Initial Replication again whatever you want to do on your scenario "Next" "Finish" if all of the above is setup correct you must see the Enable Replication pop-up window and after a second (based on your network) you must see in the Hyper-V Manager on the Status, the percentage of the Replication. That's it guys. If you need any advice or to edit something please leave a comment. Thank you a lot!