Hyper-V Replica & Proxy Servers on primary site

First published on TECHNET on Feb 08, 2014

I was tinkering around with my lab setup which consists of a domain, proxy server, primary and servers. There are some gotchas when it comes to and proxy servers and I realized that we did not have any posts around this. So here goes.

If the primary server is behind a proxy server (forward proxy) and if Kerberos based is used to establish a connection between the primary and server, you might encounter an error:

I have a
Forefront TMG 2010
acting as a proxy server and the logs in the proxy server

I also had

netmon

running in my primary server and the logs didn't indicate too much other than for the fact that the connection never made it to the replica server – something happened between the primary and replica server which caused the connection to be terminated. The primary server name in this deployment is prb8.hvrlab.com and the proxy server is w2k8r2proxy1.hvrlab.com.

If a successful connection goes through, you will see a spew of messages on netmon

When I had observed the issue the first time when building the product, I had reached out to the Forefront folks @ Microsoft to understand this behavior. I came to understand that the Forefront TMG proxy server terminates any outbound (or upload) connections whose content length (request header) is > 4GB.

Replica set a high content length as we expect to transfer large files (VHDs) and it would save us the effort to re-establish the connection each time. A closer inspection of a POST request shows the content length which is being set by Hyper-V Replica (ahem, ~500GB)

The proxy server returns a
what-uh?
response in the form of a bad-request

That isn't superhelpful by any means and the error message unfortunately isn't too specific either. But now you know the reason for the failure – the proxy server terminates the connection the connection request and it never reaches the replica server.

So how do we work around it – there are two ways (1) Bypass the proxy server (2) Use cert based (another blog for some other day).

The ability to by pass the proxy server is provided only in PowerShell in the
ByPassProxyServer
parameter of the
Enable-VMReplication
cmdlet –

http://technet.microsoft.com/en-us/library/jj136049.aspx

. When the flag is enabled, the request (for lack of better word) bypasses the proxy server. Eg:

Enable-VMReplication -vmname NewVM5 -AuthenticationType Kerberos -ReplicaServerName prb2 -ReplicaServerPort 25000 -BypassProxyServer $true Start-VMInitialReplication -vmname NewVM5

This is not available in the Hyper-V Manager or Manager UI. It's supported only in PowerShell (and WMI). Running the above cmdlets will create the replication request and start the initial replication.

 

This article was originally published by Microsoft's Virtualization Blog. You can find the original article here.