Problem How in bobs name....

Discussion in 'Virtual and Cloud Computing' started by surfthegecko, Jan 26, 2010.

  1. surfthegecko

    surfthegecko Bit Poster

    21
    0
    2
    Hi,

    Im trying to get a 70-291 lab setup using virtual pc 2007 and its driving me crazy trying to get this setup working.

    I have the following setup:

    Physical PC: Quad Core 2Ghz, 2GB Ram

    My current virtual/physical setup is as follows:


    PhysicalPC:
    IP: 192.168.10.24 /24
    DG: 192.168.10.23 /24


    VirtualServer1: - Acting as DC, DNS, DHCP
    This is using the physical NIC
    IP: 192.168.10.40
    DG: ????

    VirtualPC1:
    This is using the physical NIC
    IP: 192.168.10.65
    DG: ????


    The only way I can get the pc to join the domain is if I set the DG on both the server and the virtual pc to 192.168.10.40, but then neither can get out to the internet.

    If I set them to that of the router (192.168.10.23) then they can get to the internet, but cant see each other (must be a dns thing).

    If I use the 'Local Only' setting on the virtual pc adapter then they cant see the internet
    If I use the 'NAT' option setting on the virtual pc adapter then the routing between them and the internet still fails

    I cant seem to get both communicating together and allow them access to the internet at the same time, and its driving me crackers.

    Has anybody else had the same problem, or managed to resolve it.

    Anyhelp is appreciated.

    Thanks
     
  2. DC Pr0Mo

    DC Pr0Mo Kilobyte Poster

    268
    9
    41
    Try setting the default gateway on both to the router.

    DNS on the server to itself 127.0.0.1 and secondary dns as the router

    DNS on VirtualPC1 to the server.
     
    Certifications: MCDST | BSc Network Computing | 365 Fundamentals
  3. SimonD
    Honorary Member

    SimonD Terabyte Poster

    3,681
    440
    199
    You need to use the DNS on the server so that it's your clients DNS server (you would set up a forwarder so that the virtual DNS server would use your existing ISP DNS servers to look up anything it doesn't know about).

    The default gateway HAS to be the router as that's your gateway out to the net.

    To recap.

    Use the DNS server on your server to provide name resolution, have it configured with your ISP's DNS servers as your forwarder. Configure your Router with the IP address of the Virtual server as your primary DNS, you could also issue your ISP's DNS server as your secondary lookup, saves you any sorts of issues if your DC is offline at all.

    Do an IPCONFIG /RENEW (or /release and /renew) to get the new IP settings.

    That should be it, you should be able to join the domain and still have name resolution working.

    One other thing... in all honesty you would be better off using a secondary virtual machine as your workstation client rather than using your physical machine, why you ask? well if you start playing with GPO's etc you can cause all sorts of issues on your main machine but if it's a virtual then you can just revert your snapshots.
     
    Certifications: CNA | CNE | CCNA | MCP | MCP+I | MCSE NT4 | MCSA 2003 | Security+ | MCSA:S 2003 | MCSE:S 2003 | MCTS:SCCM 2007 | MCTS:Win 7 | MCITP:EDA7 | MCITP:SA | MCITP:EA | MCTS:Hyper-V | VCP 4 | ITIL v3 Foundation | VCP 5 DCV | VCP 5 Cloud | VCP6 NV | VCP6 DCV | VCAP 5.5 DCA
  4. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,878
    181
    256
    Simon is spot on 8)
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  5. surfthegecko

    surfthegecko Bit Poster

    21
    0
    2
    Thanks for the prompt responses. Simon I wasnt going to use the physical to connect to the domain in anyway, I will eventually be creating another virtual xp client :-)

    Can I check to see if I have this right:

    Router Config:
    Primary DNS Server: 192.168.10.40
    Secondary DNS Server: Set to my ISP's Primary DNS

    Virtual Server:
    Set the DNS forwarder properties to be that of the ISP's Primary DNS Server

    Wont this cause a potential loop?

    Is there not a better way to do this without changing the DNS on my router, because when I dont have my virtual server launched, it will take longer to resolve addresses? I suppose I could change it back each time?

    What would I then configure my virtual xp client to? Would I just use DHCP from the server, and let this take care of the default Gateway settings and dns
     
  6. surfthegecko

    surfthegecko Bit Poster

    21
    0
    2
    by joe I think its worked.

    Thanks SimonD

    For now I have just set the following:

    Virtual Server Primary DNS: 192.168.10.40 (Its own IP)
    Virtual Server Secondary DNS: ISP Primary DNS

    Virtual PC Primary DNS: 192.168.10.40


    I havent yet changed the routers dns properties, and both Vserver and Vclient are talking fine, and both are accessing the internet.

    Next thing I need to do is get the server to issue IP Addresses, currently the Vclient has been issued an IP address from the routers DHCP scope.

    I think I will just set my physical pc with a static address and then disable the DHCP properties on my router, and allow my virtual server to deal with this.

    Either that, or is there any fancy way that my router can still issue 192.168.10.1 to .40, and then have my Vserver issue .41 to xx
    Then I need a way to make sure that the router doesnt issue the dhcp request.
    Would the easiest way be to decrease the DHCP scope on the router, so it is fully utilised, forcing the server to offer?
     
  7. SimonD
    Honorary Member

    SimonD Terabyte Poster

    3,681
    440
    199
    There is another way you could deal with this.

    On your virtual environment there is nothing stopping you having two NICs on the DC and using a completely different scope on your virtual environment (for instance a 10.x.x.x network), as long as your server has two nics (1 with the 10.x.x.x and the other with the 192.168.x.x) you should be able to segment your environments just fine.

    As far as DNS queries go, if you notice the time between looking up your Server dns and your ISP's dns servers you're a better man than me, I should tell you that my router currently issues out two DNS servers, my DC and my ISP's. My DC is currently off (as is my entire virtualised environment) whilst I am waiting for a new display card for my SAN box. I don't notice the difference in lookups at all (after all it's a small environment).

    I would also suggest that if you went down the route of segmented IP addressing you also setup your DHCP scope then, it's better to do that then start playing with your router unless you're really happy doing so. As far as I am concerned I know how my environment works and how to resolve issues should something fail (it can happen).

    In your shoes however I would go with the segmented route and use the virtualised environment for testing and the physical environment for normal every day work, in my case it's all on the same lan segment but that's not a problem for me.
     
    Certifications: CNA | CNE | CCNA | MCP | MCP+I | MCSE NT4 | MCSA 2003 | Security+ | MCSA:S 2003 | MCSE:S 2003 | MCTS:SCCM 2007 | MCTS:Win 7 | MCITP:EDA7 | MCITP:SA | MCITP:EA | MCTS:Hyper-V | VCP 4 | ITIL v3 Foundation | VCP 5 DCV | VCP 5 Cloud | VCP6 NV | VCP6 DCV | VCAP 5.5 DCA
  8. surfthegecko

    surfthegecko Bit Poster

    21
    0
    2
    Lol, good point, I actually havent noticed a difference since doing this.

    I think the idea of 2 networks off of two nics might not be a bad way to go.
    Then I can link my server to the physical pc/router using one nic, and the virtual environment using the second nic.

    I can then also use DHCP on my server using the second scope to dish out DHCP offerings.

    Its late now, so im gonna call it a night, but will try this dual scope using dual nics tomorrow.

    Thanks again SimonD
     
  9. SimonD
    Honorary Member

    SimonD Terabyte Poster

    3,681
    440
    199
    It's not a dual scope, the virtual lan will have the new dhcp scope whilst the server should have two static addresses, one internal to the virtual lan, the second from the physical lan. As far as the server goes, it will have to virtual nics, one of which would be set to local, the other bridged so that the local interface is purely on the 10.x network whilst the bridged one can see the router (and always use static addresses for servers, causes hell if you don't and an address changes later down the line, you learn that the hard way and it's a royal pain).

    And I agree, now past midnight :o
     
    Certifications: CNA | CNE | CCNA | MCP | MCP+I | MCSE NT4 | MCSA 2003 | Security+ | MCSA:S 2003 | MCSE:S 2003 | MCTS:SCCM 2007 | MCTS:Win 7 | MCITP:EDA7 | MCITP:SA | MCITP:EA | MCTS:Hyper-V | VCP 4 | ITIL v3 Foundation | VCP 5 DCV | VCP 5 Cloud | VCP6 NV | VCP6 DCV | VCAP 5.5 DCA
  10. surfthegecko

    surfthegecko Bit Poster

    21
    0
    2
    Hi Simon,

    Can I just check this config with you please? It doesnt seem to be working.

    I thought I understand your last reply but obviously im doing something wrong here....


    Virtual Server:
    Nic1 - IP 192.168.10.40 /24, DG 192.168.10.23
    DNS 192.168.10.40 / 194.xxx.x.xxx
    Nic2 - IP 172.16.16.1 /24
    DG 192.168.10.23 (Bridged to physical network)
    DNS 172.16.16.1 / 194.xxx.x.xxx

    The local virtual network having a DHCP Scope of 172.16.16.1 /24 with DNS also configured on the virtual network.
    IM then guessing the fact that the DG on the virtual side being bridged should then allow it access to the internet still?

    I know its something obvious, but I have tried a number of combinations out and its still not working.

    THanks again in advance
     
  11. SimonD
    Honorary Member

    SimonD Terabyte Poster

    3,681
    440
    199
    Hi mate,

    Ideally you want

    Virtual Server:

    Nic1 - IP 192.168.10.40 /24
    DG 192.168.10.23
    DNS 172.16.16.1

    Nic2 - IP 172.16.16.1 /24
    DNS 172.16.16.1

    You would then have your clients using the 172.16.16.1 address as their default gateways.

    You don't need to configure a gateway on the internal port on the server because the Route Mapping for any other traffic would already go out via 192.168.10.23 anyway.

    As far as DNS goes, I would still leave it that it uses the internal server as the DNS server (on a single address, you don't want to start having 2 IP addresses and starting to confuse the situation) and have forwarders configured for your external ISPs DNS servers (again because of routing you only need to put the entry in, it 'should' find the route out).

    Hope that makes it a little clearer?
     
    Certifications: CNA | CNE | CCNA | MCP | MCP+I | MCSE NT4 | MCSA 2003 | Security+ | MCSA:S 2003 | MCSE:S 2003 | MCTS:SCCM 2007 | MCTS:Win 7 | MCITP:EDA7 | MCITP:SA | MCITP:EA | MCTS:Hyper-V | VCP 4 | ITIL v3 Foundation | VCP 5 DCV | VCP 5 Cloud | VCP6 NV | VCP6 DCV | VCAP 5.5 DCA
  12. surfthegecko

    surfthegecko Bit Poster

    21
    0
    2
    That makes more sense, I have configured it in the way you suggest, but my virtual pc still struggles to obtain an ip via dhcp


    VirtualServer
    NIC 1:- Set to use physical NIC
    IP: 192.168.10.40 /24
    DG: 192.168.10.23
    1st DNS: 172.16.16.1
    2nd DNS: 194.168.4.100 **I have tried with and without this, when its without, I tried placing a forwarder)**

    NIC 2:- Set to Local
    IP: 172.16.16.1 /24
    DNS: 172.16.16.1

    THe server is running DHCP using the server IP 172.16.16.1. This is using a DHCP scope of 172.16.16.2-254
    The server is also running DNS using the server IP 172.16.16.1 - I have removed all forwarders

    VirtualPC
    NIC 1: Set to Local
    I have tried picking up a 172.16.16.x ip without configuring any properties, and I have also tried by adding 172.16.16.1 as the dns server.

    Still no luck.

    Im sure im obviously misunderstanding something here, so once again any help would be appreciated. I am going to watch a couple of videos on DNS as well because im sure its this thats causing most of the problems for me.


    Thanks
     
  13. surfthegecko

    surfthegecko Bit Poster

    21
    0
    2
    scrap the last post, I was being a muppet......

    I hadn't authorised the DHCP server (I accidently deleted the server earlier, instead of the old scope). Thought I had re-authorised.

    The virtual pc is now picking up an IP address from the DHCP pool, and its picking up the localised 172.16.16.1 default gateway as expected, along with the dns entry.

    So now the virtual PC is able to ping both NIC's (172.16.16.1 & 192.168.10.40), but it cant ping the servers gateway on 192.168.1.23, or get to the internet?

    Im guessing this is because the pc's dns server is 172.16.16.1 and this is a local virtual nic, so it wont have access out to the internet? Its not bridging the two networks.
     
  14. SimonD
    Honorary Member

    SimonD Terabyte Poster

    3,681
    440
    199
    If you have configured the forwarder correctly then you will be able to get out to the internet correctly, have you made sure you don't have any issues with a firewall on your physical host?

    Can you actually ping your physical host?

    The idea of the second nic on the server is that it's acting as the gateway out to the other subnet, as long as you can ping the server from your physical machine and vice versa you 'should' be able to get out to everywhere, the only thing that would stop that would be a firewall.
     
    Certifications: CNA | CNE | CCNA | MCP | MCP+I | MCSE NT4 | MCSA 2003 | Security+ | MCSA:S 2003 | MCSE:S 2003 | MCTS:SCCM 2007 | MCTS:Win 7 | MCITP:EDA7 | MCITP:SA | MCITP:EA | MCTS:Hyper-V | VCP 4 | ITIL v3 Foundation | VCP 5 DCV | VCP 5 Cloud | VCP6 NV | VCP6 DCV | VCAP 5.5 DCA
  15. surfthegecko

    surfthegecko Bit Poster

    21
    0
    2
    I have tried setting the virtual server up with static dns entry of 172.16.16.1 (local virtual DNS server)
    I have then tried setting the forwarder properties to 192.168.10.23 and the isp 194.x.x.x, as well as both and still no luck.

    It must be a firewall issue.

    I can ping from my physical host to the virtual servers interface on the same network, but not on the alternate network.

    I will take a look at the firewall properties.

    I might actually consider just setting up ICS or NAT
     
  16. surfthegecko

    surfthegecko Bit Poster

    21
    0
    2
    Okay its looking better now, so far it stands as:

    Physical Host can ping: Physical Router, Both Virtual Server interfaces (provided NAT firewall is off)

    Virtual Server can ping: Physical Router, Physical PC, Both its own interfaces (192/172 lol), and virtual pc (no that I have added ICMP exceptions to local xp firewall)

    Virtual PC can ping: Everything

    So now both servers and pc's can get to the internet via NAT on the Virtual Server.


    I think it might be cracked. Although I cheated by using NAT instead of fixing the firewall problem on my physical pc :biggrin
     
    Last edited: Jan 29, 2010
  17. SimonD
    Honorary Member

    SimonD Terabyte Poster

    3,681
    440
    199
    Well at least it's working :)
     
    Certifications: CNA | CNE | CCNA | MCP | MCP+I | MCSE NT4 | MCSA 2003 | Security+ | MCSA:S 2003 | MCSE:S 2003 | MCTS:SCCM 2007 | MCTS:Win 7 | MCITP:EDA7 | MCITP:SA | MCITP:EA | MCTS:Hyper-V | VCP 4 | ITIL v3 Foundation | VCP 5 DCV | VCP 5 Cloud | VCP6 NV | VCP6 DCV | VCAP 5.5 DCA
  18. surfthegecko

    surfthegecko Bit Poster

    21
    0
    2
    Thanks for all your help Simon. Its much appreciated.

    I really needed a lab environment to work on. 2 Weeks ago I rather foolishly decided to sit the 70-291 with 2 weeks to prepare, and havent really managed a great deal of study time yet.

    The odds are that im going to fail, but there is nothing like a challenge. :-)

    Thanks to your explanations I now have a second server up and running, utilising the DHCP 80/20 split theory. I also have it configured with secondary zone dns.

    Tomorrow I will be implementing a RRAS server and RADIUS server. Then I will get my client to attempt to dial in.

    Fingers Crossed.

    Right off to get my head stuck in a book
     

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.