Skip to main content

Domain Controller on top of Hyper-V - Firewall problem

By

The problem:


I have:

1. A single physical server which is a Hyper-V host running Windows Server 2012 R2.
2. A single Windows Server 2012 R2 Essentials Guest VM running on top and acting as a domain controller.

Now I have researched a lot whether I should join the host to the domain running on top of it or leave it in a separate workgroup. There is no best practice but many sources confirm that this is possible and joining the domain offers many management benefits, e.g. here see Option #4:
http://blogs.msdn.com/b/virtual_pc_guy/archive/2008/11/24/the-domain-controller-dilemma.aspx

Now the problem is that after having joined the host to the domain sometimes everything works fine and the host manages to join the domain on startup but sometimes this seems to fail - I think that the join process times out as the DC in the Guest VM does not start up in time. In this case the firewall tells me that the host is connected to a "public network" instead of the "domain network" and I cannot connect to the server via remote desktop as this is not allowed by default. If I disable and reenable the network adapter the "domain network" is recognized fine but this has to be done manually.

The solution:

In the meantime I am pretty sure that I solved the problem:

On my host I had entered two DNS servers: The first was the IP of the Server Essentials Guest VM and the second was Google's DNS server (8.8.8.8); my idea was to have access to the internet even if my Guest VM DNS does not run.

Now I am pretty sure that this second DNS server confused the firewall configuration on startup - it could not detect the primary DNS because the Guest still has not started up, but then saw this second DNS server and fell back to "public network" instead of the desired "domain network" mode. After removing Google's DNS server from the IP v4 configuration now the host seems to start up fine and always ends up in the "domain network".

Delayed domain join?

I really like the idea to delay domain joining on start up but I have not found a way to do this. I only found how to add longer timeouts but this is not really solving all problems:

http://superuser.com/questions/328739/how-to-delay-windows-7-autologon-so-that-the-domain-will-be-available

Any hints on completely delaying domain join on startup are welcome.

Anguel
Labels:

Comments

Post a Comment

Popular posts from this blog

SOLVED: Making Wake-on-Lan (WOL) work in Windows 10 / 8.x

By
WINDOWS 10 UPDATE: THIS FIX ALSO APPLIES TO WINDOWS 10 , IT IS EVEN MORE IMPORTANT,  BECAUSE WINDOWS 10 TURNS "FAST STARTUP" (read below) BACK ON AFTER UPDATES (yes, Microsoft does not stop creating nonsense features / bugs). TO DISABLE FAST STARTUP ON WIN 10 THROUGH GROUP POLICY PREFERENCES CREATE THE FOLLOWING KEY: HKLM\System\CurrentControlSet\Control\Session Manager\Power\HiberbootEnabled and set its value to 0 ! I had very serious problems getting Wake-On-Lan (WOL) to work on my new Dell Optiplex 9020 MT (MiniTower) on Windows 8.1 Pro. I finally got this to work and would like to share my experience here. Note: At the time of this writing the current Dell BIOS for Optiplex 9020 MT was A05. UPDATE: The same behavior is also observed with DELL BIOS A07. Maybe Dell needs to comply with some power saving requirements and therefore enables Deep Sleep instead of Wake-On-LAN? Whatever the reason is, it is extremely annoying that this is the default and it is not ...
34 comments
Read more

Changing the Reserved IP Address in a Static DHCP Reservation in Windows Server

By
  Static IPs preferred DHCP is a good thing if it works - set and forget. But what happens if the DHCP server is down for some reason? Exactly - the whole network stops working. Another problem of DHCP are those random IPs a client gets each time. This is very bad for printers that use DHCP. Therefore I prefer static IPs over dynamic.   Windows Server 2012 R2 Essentials: You cannot stop Windows LAN Configuration Service anymore Unfortunately, there is some strange behavior on Server 2012 R2 Essentials if you just enter static IPs on your Windows clients - your Windows OS will show exclamation marks on your network connection from time to time, etc. There is actually a Windows Server LAN Configuration service which keeps overwriting your manual settings and the bad thing is that you cannot stop that service in Server 2012 R2 any more for some reason...So, instead, I decided to use DHCP on the server and add an Alternative IP Configuration with all static data as...
Post a Comment
Read more

Veeam Backup & Replication: "Failed to execute script in guest OS" (Linux Guest VM on Hyper-V)

By
Problem: Veeam Pre-Freeze / Post-Thaw .sh Scripts Fail on Linux Guest VMs (e.g. Ubuntu) with "Failed to execute script in guest OS" although the scripts run fine. I use Hyper-V but that should not matter. Failing scripts are configured to "Require successful script execution" under "Application-Aware Processing Options" under "Guest Processing" in the Veeam backup job. My Solution: Some commands executed inside the scripts seem to return error output which is passed back to Veeam through the script and confuse Veeam so it reports that the script was not successful. So we must redirect error output from such commands to 2>/dev/null or some file, otherwise error status is passed back to this script and Veeam reports a failure. For information about discarding error output, see https://bash.cyberciti.biz/guide//dev/null_discards_unwanted_output Additional information: Also make sure that Veeam scripts (*.sh) are located on the Veea...
Post a Comment
Read more