Hyper-V Network Configuration

Discussion in 'Virtual and Cloud Computing' started by greenstarthree, Aug 21, 2013.

  1. Sparky
    Highly Decorated Member Award 500 Likes Award

    Sparky Zettabyte Poster Moderator

    10,718
    543
    364
    Not sure of your exact setup mate but if all the AD\DNS servers are meant to be talking to each other boot them all up and log into one of them and open up AD.

    In there the AD snapin should default to the server you are on but you can specify a domain controller to connect to - try connecting to the other servers that way and see what happens.

    Might help to list what servers you have running and what roles they have also.

    - - - Updated - - -

    Check all servers can ping each other by FQDN and also check that DCs have a fully populated SYSVOL directory.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) MS-900 AZ-900 Security+ Network+ A+
    WIP: Microsoft Certs
  2. greenstarthree

    greenstarthree Nibble Poster

    52
    2
    34
    Thanks Sparky,

    I was looking into DNS server best practices in the meantime and believe it might have something to do with each of the 3 DNS servers having only it's own address in it's DNS settings in ipconfig. I've read that using a DNS server's own address or loopback as primary DNS server can cause similar issues (DNS islanding???), which is effectively how these are set up (as guided by the training kit). This paired with the fact that there are delegations between the three servers sort of suggests that maybe they just didn't know about each other, was complaining about not being able to sync their zones/delegations? Not sure if I'm understanding that properly!

    I was testing earlier and noticed that adding all three server's IP addresses to the DNS list in ipconfig helped things out. The only time I got the hang at Applying Computer Settings was when initially booting the 3 servers up, when I guess none are fully available to each other. Once they were up and running a while and I rebooted one server at a time, things were much smoother.

    I'll keep testing things and also try the steps you've suggested - thanks again for the guidance.
     
    Certifications: MCP, MCTS 70-640, MCTS 70-642, MCSA 70-646
  3. GSteer

    GSteer Megabyte Poster

    627
    31
    109
    Standard setup is that if a server is a DNS server then it's NICs primary DNS server should be itself, secondary and tertiary should then be other DNS servers in the domain.

    If you've got your DNS AD integrated then it should be syncing along with the AD. It sounds like you've got some AD synching issues going on, might want to check that's all working as expected, Sparky's info on going into the AD snapin a first stop, then start running dcdiag's against all three to check their statuses.
     
    Last edited: Nov 21, 2013
    Certifications: BSc. (Comp. Sci.), MBCS, MCP [70-290], Specialist [74-324], Security+, Network+, A+, Tea Lord: Beverage Brewmaster | Courses: LFS101x Introduction to Linux (edX)
    WIP: CCNA Routing & Switching
  4. greenstarthree

    greenstarthree Nibble Poster

    52
    2
    34
    The setup is a lab of 3 virtual servers, which the training kit guides you through in order to practice certain elements of DNS. What I have is:

    IP range of 10.0.10.x
    3 Servers in this range
    All 3 have AD DS role and DNS role installed.
    Gateway of 10.0.10.1 is on a virtual server with RRAS installed to give internet access to these servers.

    SERVER10:
    IP: 10.0.10.10
    SUB: 255.255.255.0
    GW: 10.0.10.1
    DNS: 10.0.10.10
    10.0.10.20
    10.0.10.30

    AD Forest: treyresearch.net
    AD Domain: treyresearch.net


    SERVER20:
    IP: 10.0.10.20
    SUB: 255.255.255.0
    GW: 10.0.10.1
    DNS: 10.0.10.10
    10.0.10.20
    10.0.10.30

    AD Forest: treyresearch.net
    AD Domain: northwindtraders.com (Tree root in treyresearch forest)


    SERVER30:
    IP: 10.0.10.30
    SUB: 255.255.255.0
    GW: 10.0.10.1
    DNS: 10.0.10.10
    10.0.10.20
    10.0.10.30

    AD Forest: treyresearch.net
    AD Domain: intranet.treyresearch.net (child domain)


    SERVER10 has a zone delegation to SERVER20.northwindtraders.com, which was set up manually before installing AD DS/DNS on SERVER 20.
    SERVER10 also has a zone delegation to intranet.treyresearch.net, which happens automatically when creating the child domain on SERVER30



    I tried to simplify things earlier and just look at starting up SERVER10 on its own (my router server was the only other vm started up)
    I got the hang at Applying Computer Settings, then logged on. I noticed that it was not showing as connected to the treyresearch.net domain network and had defaulted over to "Network 2".
    I checked the IP settings and they looked fine, but opening up server manager I couldn't expand DNS, where it told me SERVER10 could not be contacted, and AD DS was not working either.
    I went back to IP settings, and pressed OK on them, without changing anything, and my connection to the domain network came back, and after a minute or so DNS and AD were working.
    After this, SERVER 20 and SERVER30 start up without a problem, and ping using their FQDNs etc.

    So it seems as though the issue originates from SERVER10 'dropping off' the domain network on startup.
    Looking at this servers DNS logs, I do have 6 "Waiting for AD DS to signal that initial synchronisation is complete" warning events in a row.
    In the AD DS logs, I see a few errors about not being able to contact SERVER20 or SERVER30, but also "Unable to establish a connection with the Global Catalog", even though the server itself is a GC!?


    So colour me very confused! Can you think of any reason that this server would start up disconnected from the domain network even though it's ip settings are ok?
     
    Certifications: MCP, MCTS 70-640, MCTS 70-642, MCSA 70-646
  5. Sparky
    Highly Decorated Member Award 500 Likes Award

    Sparky Zettabyte Poster Moderator

    10,718
    543
    364
    Plenty to think about here! :)

    The first thing is that the primary DNS server on SERVER20 and SERVER30 is pointing at SERVER10 – this needs to be changed so each server has its own IP address for DNS resolution.

    Change all of this and then start up SERVER10 first, then SERVER30 and finally SERVER20. I take it SERVER20 has a trust relationship with SERVER10 as they are on separate domains?

    Just to confirm – you can ping everything by FQDN? For example can you ping SERVER10.trayresearch.net from SERVER20?
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) MS-900 AZ-900 Security+ Network+ A+
    WIP: Microsoft Certs
  6. greenstarthree

    greenstarthree Nibble Poster

    52
    2
    34
    Isn't there just! I must apologise for the length of that post...!

    Yeah I notice there's some conflict in opinion about the DNS settings, some camps saying use a different DNS server as primary and it's own address/loopback as secondary, and some as you say, vice versa. I notice that the Best Practices Analyzer on our servers here at work (2k8r2 and 2012) suggest that "The loopback address should be included, but not as the primary DNS server". Seems to be a contested issue.

    In any case, the set up is how the training kit instructs, so it seems odd that it would be the reason for issues like this, though I know we shouldn't take it's instructions as gospel!

    I don't think there's a trust set up between server20 and server10, at least I didnt set one up manually. The practice steps were:

    Create the treyresearch.net forest and domain on server10
    Set up a new FLZ on SERVER 10 for northwindtraders.com, stored in AD, replicated to all DNS servers in treyresearch.net domain
    Create a delegation of the northwindtraders.com domain, for SERVER20.northwindtraders.com
    Install the AD DS and DNS role on SERVER20, creating the northwindtraders.com domain in the existing treyresearch.net forest, choosing not to automatically create a delegation

    (I believe the dummy delegation has to be done in advance on SERVER10, and choosing not to automatically create a delegation on SERVER20 stops it requesting a delegation from a root server, which we cannot provide the credentials for).

    Then SERVER30 is set up as a child domain in the treyresearch.net domain which is all nice and easy by comparison!

    So unless a trust is automatically established between SERVER20 and SERVER10 in the process of creating the delegation, I don't believe there is one, as it's in the same forest etc?
    I'll get the servers running (everything seems to work fine after the inital bootup problems, and come back with the ping results. All ideas welcome in the meantime!!

    Cheers
     
    Certifications: MCP, MCTS 70-640, MCTS 70-642, MCSA 70-646
  7. greenstarthree

    greenstarthree Nibble Poster

    52
    2
    34
    May have found a workaround, if not a fix, for this:

    I searched through a few TechNet posts on similar issues, and came the following answer:

    -------------------------------------------------------------------------------------------
    Hi,

    I finally found a solution to this issue with DC that didn`t recognizes thw own domain.

    I my case it was caused because AD replication fails, consequently DNS and Network recognition.

    Add/modify the following key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

    Value name: Repl Perform Initial Synchronizations
    Value type: REG_DWORD
    Value data: 0

    It is a workaround because Microsoft don`t fix it yet.

    source: Troubleshooting DNS Event ID 4013: The DNS server was unable to load AD integrated DNS zones

    -------------------------------------------------------------------------------------------

    My understanding of this is that AD replication's initial synchronisation on SERVER10 does fail, because of the delegations/replications to SERVER20 & SERVER30, which in all my tests have been either switched off or starting up at the same time. This presumably delays the notification to the DNS service, which 'gives up' and throws me onto an unidentified network.

    After creating this registry value on SERVER10 and setting it to zero, then rebooting (with SERVER20 & SERVER30) switched off, I did not get the hang at Applying Computer Settings, and when I logged on I was on the correct domain network.

    I understand this would be no good in a production environment, but for the sake of this lab, it at least allows me to get SERVER10 started up quickly and cleanly, which means I can then turn on SERVER20 & 30, which start up without a problem as long as 10 is running.

    Any comments still welcome of course!
     
    Certifications: MCP, MCTS 70-640, MCTS 70-642, MCSA 70-646
  8. GSteer

    GSteer Megabyte Poster

    627
    31
    109
    Just to note on this, install a 2012 box with the DNS + AD roles, it will set itself to 127.0.0.1 as it's primary DNS server - so MS are setting this themselves by default.
     
    Certifications: BSc. (Comp. Sci.), MBCS, MCP [70-290], Specialist [74-324], Security+, Network+, A+, Tea Lord: Beverage Brewmaster | Courses: LFS101x Introduction to Linux (edX)
    WIP: CCNA Routing & Switching
  9. greenstarthree

    greenstarthree Nibble Poster

    52
    2
    34
    Ah ok, perhaps that's a new best practice in 2012, or maybe it's different in a single DC environment? Good to know in any case.
    I'll give this some proper testing when I have a sec this weekend. In the meantime thank you both for your help, really appreciate it.
     
    Certifications: MCP, MCTS 70-640, MCTS 70-642, MCSA 70-646
  10. GSteer

    GSteer Megabyte Poster

    627
    31
    109
    I've got multiple client networks with multi-DC's using themselves as primary DNS with other DCs/DNS as secondaries - so not limited to single DC environements - but limited to single domain environments.
     
    Certifications: BSc. (Comp. Sci.), MBCS, MCP [70-290], Specialist [74-324], Security+, Network+, A+, Tea Lord: Beverage Brewmaster | Courses: LFS101x Introduction to Linux (edX)
    WIP: CCNA Routing & Switching
    Sparky likes this.
  11. greenstarthree

    greenstarthree Nibble Poster

    52
    2
    34
    Hi All,

    Having worked with those servers some more it definitely seems to be 'fixed' by turning off the initial startup sync. I'm not sure if my explanation of why is dead on, but it does explain why the other subnet in my lab works ok, as there's only one DC in that and so no replication.

    Thanks for your help here, and hope the info is useful to someone else in future.
    Cheers!
     
    Certifications: MCP, MCTS 70-640, MCTS 70-642, MCSA 70-646

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.