I believe in Hyper-V!

Windows Server 2016Category Archives

WEBINAR: Troubleshooting Microsoft Hyper-V – 4 Tales from the Trenches

Join to this amazing webinar organized by Altaro Software. In this webinar you’ll learn Hyper-V troubleshooting basics and solutions to common problems represented by Andy Syrewicze (@asyrewicze) and Didier van Hoye (@WorkingHardInIT)

Sign up now to join us on February 25th, 2016 at 4pm CET / 10am EST
(30-45mins + live Q&A!) for some tales from the trenches!

Sign up here:

webinar-Join-button-troubleshooting-hyperv

Romeo Mlinar
February 15, 2016
Administration, Hyper-V, OnTheField, Virtualization, Windows Server 2016
0 comments

Datacenter on Laptop [Active Directory configuration, domain members etc]-Part III

Hi there,

Continuing a series of blog posts with ADDS installation and configuration, how to setup OUs, Security groups and how to join all installed VMs to the AD domain. To remind you, below is the picture with all VMs on the laptop.

8

As we can assume, on the DC01 I’ll install ADDS role. Installation of ADDS is pretty stride forward.
1
2
3
5
6

Here we are done with a initial installation of Active Directory. Before we go further I’d like to mention one big important things, that is Time synchronization integration service and how to setup Time Server on the Domain Controller.

Uncheck Time synchronization under DC vm Settings.
7

then follow instructions how to configure an authoritative time server, on this link or you can follow instructions below. My recommendation is to use an external time source and fix to yourself.
”Let me fix it myself

To configure an internal time server to synchronize with an external time source, follow these steps:

  1. Change the server type to NTP. To do this, follow these steps:
    • Click Start, click Run, type regedit, and then click OK.
    • Locate and then click the following registry subkey:

      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
      Services\W32Time\Parameters\Type

    • In the pane on the right, right-click Type, and then click Modify.
    • In Edit Value, type NTP in the Value data box, and then click OK.
  2. Set AnnounceFlags to 5. To do this, follow these steps:
    • Locate and then click the following registry subkey:

      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
      Services\W32Time\Config\AnnounceFlags

    • In the pane on the right, right-click AnnounceFlags, and then click Modify.
    • In Edit DWORD Value, type 5 in the Value data box, and then click OK.
  • If an authoritative time server that is configured to use an AnnounceFlag value of 0x5 does not synchronize with an upstream time server, a client server may not correctly synchronize with the authoritative time server when the time synchronization between the authoritative time server and the upstream time server resumes. Therefore, if you have a poor network connection or other concerns that may cause time synchronization failure of the authoritative server to an upstream server, set the AnnounceFlag value to 0xA instead of to 0x5.
  • If an authoritative time server that is configured to use an AnnounceFlag value of 0x5 and to synchronize with an upstream time server at a fixed interval that is specified in SpecialPollInterval, a client server may not correctly synchronize with the authoritative time server after the authoritative time server restarts. Therefore, if you configure your authoritative time server to synchronize with an upstream NTP server at a fixed interval that is specified in SpecialPollInterval, set the AnnounceFlag value to 0xA instead of 0x5.

3. Enable NTPServer. To do this, follow these steps:

  1. Locate and then click the following registry subkey:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
    Services\W32Time\TimeProviders\NtpServer

  2. In the pane on the right, right-click Enabled, and then click Modify.
  3. In Edit DWORD Value, type 1 in the Value data box, and then click OK.

4. Specify the time sources. To do this, follow these steps:

  • Locate and then click the following registry subkey:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
    Services\W32Time\Parameters

  • In the pane on the right, right-click NtpServer, and then click Modify.
  • In Edit Value, type Peers in the Value data box, and then click OK.

Note Peers is a placeholder for a space-delimited list of peers from which your computer obtains time stamps. Each DNS name that is listed must be unique. You must append ,0x1 to the end of each DNS name. If you do not append ,0x1 to the end of each DNS name, the changes that you make in step 5 will not take effect.

5. Select the poll interval. To do this, follow these steps:

  • Locate and then click the following registry subkey:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
    Services\W32Time\TimeProviders\NtpClient\SpecialPollInterval

  • In the pane on the right, right-click SpecialPollInterval, and then click Modify.
  • In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.

Note TimeInSeconds is a placeholder for the number of seconds that you want between each poll. A recommended value is 900 (decimal). This value configures the Time Server to poll every 15 minutes.

6. Configure the time correction settings. To do this, follow these steps:

  • Locate and then click the following registry subkey:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
    Services\W32Time\Config\MaxPosPhaseCorrection

  • In the pane on the right, right-click MaxPosPhaseCorrection, and then click Modify.
  • In Edit DWORD Value, click to select Decimal in the Base box.
  • In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.

Note

  • TimeInSeconds is a placeholder for a reasonable value, such as 1 hour (3600) or 30 minutes (1800). The value that you select will depend on the poll interval, network condition, and external time source. 
  • The default value of MaxPosPhaseCorrection is 48 hours in Windows Server 2008 R2 or later.
    • Locate and then click the following registry subkey:

      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
      Services\W32Time\Config\MaxNegPhaseCorrection

    • In the pane on the right, right-click MaxNegPhaseCorrection, and then click Modify.
    • In Edit DWORD Value, click to select Decimal in the Base box.
    • In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.
  • TimeInSeconds is a placeholder for a reasonable value, such as 1 hour (3600) or 30 minutes (1800). The value that you select will depend on the poll interval, network condition, and external time source. 
  • The default value of MaxNegPhaseCorrection is 48 hours in Windows Server 2008 R2 or later.

7. Close Registry Editor.

8. At the command prompt, type the following command to restart the Windows Time service, and then press Enter:

net stop w32time && net start w32time

Next step is preparation of Active Directory Users and Computers. As you can see on the pictures below, I’ve created few additional Organizational Units, Groups and Users as well.

9

On this Domain Controller I have installed DNS and DHCP too!

image

The next step is joining all virtual machines what I’ve installed to the domain. We have two possibility for that, one by one or with a PowerShell all together. I chose PowerShell.

image

#add VMs to the domain

Set-Item WSMan:\localhost\Client\TrustedHosts -Value hvnode01, hvnode02, hvnode03, hvnode04, router
 -Concatenate

$LocalCredential = Get-Credential administrator
$DomainCredential = Get-Credential mlinar.local\romeo

Add-Computer -ComputerName hvnode01, hvnode02, hvnode03, hvnode04, router
 -DomainName mlinar.local -Credential $DomainCredential -LocalCredential $LocalCredential
 -Restart -PassThru

image

We’re done with the essential requirements! The next step in this scenario is the preparation of storage (Storage Spaces Direct), installation and configuration of Failover Clustering feature etc.

Until then enjoy in holidays with your family!
I wish you Merry Christmas and Happy New Year Smile

105539

Cheers,

Romeo

Romeo Mlinar
December 22, 2015
Hyper-V, Virtualization, Windows Server, Windows Server 2016
0 comments

Datacenter on Laptop [VM with Routing and Remote Access Server]–Part II

Hi there,

As promised in my previous post, here I’ll show you how to install and configure Remote Access role in one Virtual Machine on laptop. Why do we need router between Laptop and virtual machines? For virtual machines in lab environment I need isolated network segment, different from other networks, my production network, home network etc. but the most important thing is because I don’t want to switch virtual network adapters (wired and wireless), on every virtual machine every time when I am on a different network. For example; when I’m at the Office have been using wired network, when I’m at home have been using wi-fi, when I’m speaker at conferences have been using mixed network connections. In this case I need switch virtual network adapters only on one virtual machine (“Router”).

As you can see here I have three virtual network adapters created. The first is RomeLabInt for all virtual machines inside Lab network. The second is WiFivLan which I have been using on WiFi network and the third is WiredvLanv when I have been using on wired network.
image
image
image

Next step in this configuration is installation of “Router” virtual machine. OS is WS2016 TP4. Virtual machine has two virtual network adapters, one External and one Internal. Internal adapter has a fixed IP address, in my case this is network subnet 10.10.20.0/8, Router’s IP is 10.10.20.1 and other virtual machines will be use that IP address as a default gateway. External adapter has IP assigned by local DHCP.

imageimage

Now we are ready to install Remote Access role on Router virtual machine what’s simple as that. Only what you need is to follow pictures below Smile.

image
image
image
image
imageimage
imageimage
image

Remote Access role is installed and now we need to configure RRAS. Follow the pictures again.

image
imageimage
imageimage
imageimage
image

We are done with RRAS and now can access to outside world from Internal network and from the our Hyper-V virtualized hosts as well.

image

The network stack is set up and now we can go further. The next step in this scenario is installation of Active Directory and will be installed on virtual machine in one of Hyper-V virtualized hosts.
In the previous post I explained how to enable nested virtualization on Hyper-V virtual machine and already have VM installed as well as I have VM promoted as a primary domain controller. Domain controller is the DNS and DHCP server.

image

So, what’s the next step? In the next post we will see how to prepare Active Directory domain, how to setup Organizational Units with security groups, how to add Hyper-V hosts in that group, how to prepare virtualized Hyper-V hosts and whole infrastructure for the High Availability etc.

Until then, stay tuned Smile

Cheers,

Romeo

Romeo Mlinar
December 11, 2015
Hyper-V, Microsoft, Virtualization, Windows Server 2016
0 comments