Hyper-V failed to enable replication

Hyper-V failed to enable replication

If you receive this error while enabling the Hyper-V replication, there is the possibility that you might need to configure the hosts’ SPN attributes manually. SPN refers to Service Principal Name. It is also possible that Kerberos is having a hard time communicating over the VPN in case you are using a slow virtual private network link.

By default, Kerberos uses UDP which means packets that arrive out of sequence aren’t re-assembled. It would be better to configure Kerberos to use TCP when it is being used for authentication on a slow VPN connection. If you are using Hyper-V on a slow VPN connection, here’s how you can configure Kerberos.

Because many VPN routers are set to drop or release fragmented packets which cause Kerberos to fail the authentication, you need to make sure that your router is configured to allow fragmented packets over the virtual private network tunnel and set Kerberos to utilize TCP instead of UDP as the default transmission protocol. See image.

To enable or allow fragmented packet handling, you need to refer to your VPN router’s installation manual. Every router will be different depending on the model and brand. Another way is to force Kerberos to use TCP instead of UDP using the registry. To use this method, click Start, Run, and then type without quotes “regedit” then hit Enter. Find this entry in the registry: “HKEY_LOCAL_MACHINESystemCurrentControlSetControlLsaKerberosParameters”.

Right-click Parameters then point to New then select DWORD Value and then name it MaxPacketSize. See image.

Double-click MaxPacketSize then change the value to 1 and then click OK. See image.

After this restart your server. You must apply this method of modifying the registry on both the target and source Hyper-V servers and you should permit fragmented packet handling on both ends of the tunnel.