Replica servers should be configured to identify specific primary servers authorized to send replication traffic
Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016
For more information about best practices and scans, see Run Best Practices Analyzer Scans and Manage Scan Results.
| Property | Details |
|---|---|
| Operating System | Windows Server 2016 |
| Product/Feature | Hyper-V |
| Severity | Warning |
| Category | Configuration |
In the following sections, italics indicates UI text that appears in the Best Practices Analyzer tool for this issue.
Issue
As configured, this Replica server accepts replication traffic from all primary servers and stores them in a single location.
Impact
All replication from all primary servers is stored in one location, which might introduce privacy or security problems.
Resolution
Use Hyper-V Manager to create new authorization entries for the specific primary servers and specify separate storage locations for each of them. You can use wildcard characters to group primary servers into sets for each authorization entry.
Create authorization entries using Hyper-V Manager
Open Hyper-V Manager. (From Server Manager, click Tools > Hyper-V Manager.)
From the list of hosts, right-click the one you want, then click Hyper-V Settings.
In the navigation pane, click Replication Configuration.
Under Authorization and storage, click Allow replication from the specified servers.
Below the list of servers, click Add.
Under Add Authorization Entry:
Type the fully qualified name of the first server.
Specify a dedicated location to store only that server's files.
Click OK.
Repeat for each primary server.
Click OK again to finish and close the window.
Create authorization entries using Windows PowerShell
Open Windows PowerShell. (From the desktop, click Start and start typing Windows PowerShell.)
Right-click Windows PowerShell and click Run as administrator.
Run a command similar to the following, replacing:
The primary server name of server01.domain01.contoso.com with the fully qualified domain name of your server.
The location of D:\ReplicaVMStorage with your location.
The trust group named DEFAULT with name of your group, if you've created one. If not, use DEFAULT.
New-VMReplicationAuthorizationEntry server01.domain01.contoso.com D:\ReplicaVMStorage DEFAULT
See Also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for