I believe in Hyper-V!

Datacenter on Laptop [Active Directory configuration, domain members etc]-Part III

Hi there,

Continuing a series of blog posts with ADDS installation and configuration, how to setup OUs, Security groups and how to join all installed VMs to the AD domain. To remind you, below is the picture with all VMs on the laptop.

8

As we can assume, on the DC01 I’ll install ADDS role. Installation of ADDS is pretty stride forward.
1
2
3
5
6

Here we are done with a initial installation of Active Directory. Before we go further I’d like to mention one big important things, that is Time synchronization integration service and how to setup Time Server on the Domain Controller.

Uncheck Time synchronization under DC vm Settings.
7

then follow instructions how to configure an authoritative time server, on this link or you can follow instructions below. My recommendation is to use an external time source and fix to yourself.
”Let me fix it myself

To configure an internal time server to synchronize with an external time source, follow these steps:

  1. Change the server type to NTP. To do this, follow these steps:
    • Click Start, click Run, type regedit, and then click OK.
    • Locate and then click the following registry subkey:

      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
      Services\W32Time\Parameters\Type

    • In the pane on the right, right-click Type, and then click Modify.
    • In Edit Value, type NTP in the Value data box, and then click OK.
  2. Set AnnounceFlags to 5. To do this, follow these steps:
    • Locate and then click the following registry subkey:

      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
      Services\W32Time\Config\AnnounceFlags

    • In the pane on the right, right-click AnnounceFlags, and then click Modify.
    • In Edit DWORD Value, type 5 in the Value data box, and then click OK.
  • If an authoritative time server that is configured to use an AnnounceFlag value of 0x5 does not synchronize with an upstream time server, a client server may not correctly synchronize with the authoritative time server when the time synchronization between the authoritative time server and the upstream time server resumes. Therefore, if you have a poor network connection or other concerns that may cause time synchronization failure of the authoritative server to an upstream server, set the AnnounceFlag value to 0xA instead of to 0x5.
  • If an authoritative time server that is configured to use an AnnounceFlag value of 0x5 and to synchronize with an upstream time server at a fixed interval that is specified in SpecialPollInterval, a client server may not correctly synchronize with the authoritative time server after the authoritative time server restarts. Therefore, if you configure your authoritative time server to synchronize with an upstream NTP server at a fixed interval that is specified in SpecialPollInterval, set the AnnounceFlag value to 0xA instead of 0x5.

3. Enable NTPServer. To do this, follow these steps:

  1. Locate and then click the following registry subkey:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
    Services\W32Time\TimeProviders\NtpServer

  2. In the pane on the right, right-click Enabled, and then click Modify.
  3. In Edit DWORD Value, type 1 in the Value data box, and then click OK.

4. Specify the time sources. To do this, follow these steps:

  • Locate and then click the following registry subkey:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
    Services\W32Time\Parameters

  • In the pane on the right, right-click NtpServer, and then click Modify.
  • In Edit Value, type Peers in the Value data box, and then click OK.

Note Peers is a placeholder for a space-delimited list of peers from which your computer obtains time stamps. Each DNS name that is listed must be unique. You must append ,0x1 to the end of each DNS name. If you do not append ,0x1 to the end of each DNS name, the changes that you make in step 5 will not take effect.

5. Select the poll interval. To do this, follow these steps:

  • Locate and then click the following registry subkey:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
    Services\W32Time\TimeProviders\NtpClient\SpecialPollInterval

  • In the pane on the right, right-click SpecialPollInterval, and then click Modify.
  • In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.

Note TimeInSeconds is a placeholder for the number of seconds that you want between each poll. A recommended value is 900 (decimal). This value configures the Time Server to poll every 15 minutes.

6. Configure the time correction settings. To do this, follow these steps:

  • Locate and then click the following registry subkey:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
    Services\W32Time\Config\MaxPosPhaseCorrection

  • In the pane on the right, right-click MaxPosPhaseCorrection, and then click Modify.
  • In Edit DWORD Value, click to select Decimal in the Base box.
  • In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.

Note

  • TimeInSeconds is a placeholder for a reasonable value, such as 1 hour (3600) or 30 minutes (1800). The value that you select will depend on the poll interval, network condition, and external time source. 
  • The default value of MaxPosPhaseCorrection is 48 hours in Windows Server 2008 R2 or later.
    • Locate and then click the following registry subkey:

      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
      Services\W32Time\Config\MaxNegPhaseCorrection

    • In the pane on the right, right-click MaxNegPhaseCorrection, and then click Modify.
    • In Edit DWORD Value, click to select Decimal in the Base box.
    • In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.
  • TimeInSeconds is a placeholder for a reasonable value, such as 1 hour (3600) or 30 minutes (1800). The value that you select will depend on the poll interval, network condition, and external time source. 
  • The default value of MaxNegPhaseCorrection is 48 hours in Windows Server 2008 R2 or later.

7. Close Registry Editor.

8. At the command prompt, type the following command to restart the Windows Time service, and then press Enter:

net stop w32time && net start w32time

Next step is preparation of Active Directory Users and Computers. As you can see on the pictures below, I’ve created few additional Organizational Units, Groups and Users as well.

9

On this Domain Controller I have installed DNS and DHCP too!

image

The next step is joining all virtual machines what I’ve installed to the domain. We have two possibility for that, one by one or with a PowerShell all together. I chose PowerShell.

image

#add VMs to the domain

Set-Item WSMan:\localhost\Client\TrustedHosts -Value hvnode01, hvnode02, hvnode03, hvnode04, router
-Concatenate $LocalCredential = Get-Credential administrator $DomainCredential = Get-Credential mlinar.local\romeo Add-Computer -ComputerName hvnode01, hvnode02, hvnode03, hvnode04, router
-DomainName mlinar.local -Credential $DomainCredential -LocalCredential $LocalCredential
-Restart -PassThru

image

We’re done with the essential requirements! The next step in this scenario is the preparation of storage (Storage Spaces Direct), installation and configuration of Failover Clustering feature etc.

Until then enjoy in holidays with your family!
I wish you Merry Christmas and Happy New Year Smile

105539

Cheers,

Romeo

Datacenter on Laptop [VM with Routing and Remote Access Server]–Part II

Hi there,

As promised in my previous post, here I’ll show you how to install and configure Remote Access role in one Virtual Machine on laptop. Why do we need router between Laptop and virtual machines? For virtual machines in lab environment I need isolated network segment, different from other networks, my production network, home network etc. but the most important thing is because I don’t want to switch virtual network adapters (wired and wireless), on every virtual machine every time when I am on a different network. For example; when I’m at the Office have been using wired network, when I’m at home have been using wi-fi, when I’m speaker at conferences have been using mixed network connections. In this case I need switch virtual network adapters only on one virtual machine (“Router”).

As you can see here I have three virtual network adapters created. The first is RomeLabInt for all virtual machines inside Lab network. The second is WiFivLan which I have been using on WiFi network and the third is WiredvLanv when I have been using on wired network.
image
image
image

Next step in this configuration is installation of “Router” virtual machine. OS is WS2016 TP4. Virtual machine has two virtual network adapters, one External and one Internal. Internal adapter has a fixed IP address, in my case this is network subnet 10.10.20.0/8, Router’s IP is 10.10.20.1 and other virtual machines will be use that IP address as a default gateway. External adapter has IP assigned by local DHCP.

imageimage

Now we are ready to install Remote Access role on Router virtual machine what’s simple as that. Only what you need is to follow pictures below Smile.

image
image
image
image
imageimage
imageimage
image

Remote Access role is installed and now we need to configure RRAS. Follow the pictures again.

image
imageimage
imageimage
imageimage
image

We are done with RRAS and now can access to outside world from Internal network and from the our Hyper-V virtualized hosts as well.

image

The network stack is set up and now we can go further. The next step in this scenario is installation of Active Directory and will be installed on virtual machine in one of Hyper-V virtualized hosts.
In the previous post I explained how to enable nested virtualization on Hyper-V virtual machine and already have VM installed as well as I have VM promoted as a primary domain controller. Domain controller is the DNS and DHCP server.

image

So, what’s the next step? In the next post we will see how to prepare Active Directory domain, how to setup Organizational Units with security groups, how to add Hyper-V hosts in that group, how to prepare virtualized Hyper-V hosts and whole infrastructure for the High Availability etc.

Until then, stay tuned Smile

Cheers,

Romeo

Hyper-V nested virtualization made my life easier [Datacenter on my laptop]–Part I

Hi there,

I’d like to show you how I have been creating the small datacenter on my laptop. Thanks to Hyper-V nested virtualization, now I can run Hyper-V Cluster inside my laptop and can try all new features and the most important, I can troubleshoot without to affecting production environment.
I have three SSDs, 32GB of ram, i7 CPU and Windows 10 build 10586 installed.
image
image

The scenario is as follows:
1. Hyper-V hosts runs on Windows Server 2016 TP4
2. Set Hyper-V hosts in a separate network segment.
3. Install virtual machine with Remote Access role [Internet access for the VMs] I’ll write about this configuration in my next post…
2. Install of Hyper-V Cluster with four nodes. [for Storage Spaces Direct]
3. Create an Active Directory domain for the future lab

Setup environment on the laptop

After Hyper-V role installed I set virtual network adapters. On the pictures below you can see two of virtual networks, two External networks and one Internal network.
Druga

External network will use for internet access and internal network will use for the lab environment only, but still, virtual machines from the internal network will be able to go on the internet because of router between external and internal network. In the next blog post I’ll write about how to setup Remote Access role in Windows Server 2016 TP4

Create virtual machines and enable Nested virtualization

As you can see I created five virtual machines, one called Router and four Hyper-V nodes
Router virtual machine has a 2GB of ram (dynamic memory), 1CPU and small dynamically expanding virtual disk, but the Hyper-V nodes have 4-6GB of ram, 4CPUs and 100GB of virtual disk. Why I mentioned Hyper-V hardware resources? Because this is very important!
To enable Nested Virtualization in Hyper-V, Microsoft created a script you can use or you can do it manually following this steps:

  • Disable Dynamic Memory on every Virtual Machine on which you want run nested virtualization
  • Enable MAC Address Spoofing
  • Set minimum of 4GB RAM per virtual machine
  • Enable Virtualization Extensions on the vCPU

To set the Virtualization Extension for the vCPU use PowerShell command:
Set-VMProcessor -VMName “Hyper-V host name” -ExposeVirtualizationExtensions $true

image

Hyper-V nested virtualization has some limitations!
More about Hyper-V nested virtualization you can read on Thomas Maurer blog.

imageCetvrta

Now we are ready to install Hyper-V role on the Virtual Machines in the environment. You can install Hyper-V role through GUI or PowerShell, your choice. If you like GUI go to Server Manager –> Add Roles and Features and follow the wizard. If you prefer PowerShell, open PowerShell in elevated mode and run:

Install-WindowsFeature –Name Hyper-V -ComputerName <computer_name> -IncludeManagementTools -Restart

After server restart we have Hyper-V role installed and we are almost ready to go. I recommend setting default location for Virtual Machines configuration files and VHDXs as well. In this case I’ll put VMs in C:\\Hyper-V folder, than will setup virtual network.

67

I did the same on every virtual Hyper-V host in my environment!

Now we are initially prepared. The next step is “Router” installation. That will be virtual machine with Remote Access role installed as I mentioned above.

Until next post stay tuned Smile

Cheers,

Romeo