Domain Controller on Hyper-V Server

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
TangoWhiskey9

TangoWhiskey9

Active Member
Jun 28, 2013
402
59
28
Sounds like we have a lot of windows folks here. I was following recommendations in Patrick's thread and trying to build-out a Windows lab.

Machine 1
Memory 32GB
Drives 32GB boot SSD, 4TB Seagate NAS, 240GB scratch

Machine 2
Memory 32GB
Drives 32GB boot SSD, 2TB WD, 240GB scratch

Here is what I have done so far:
1. Installed Hyper-V on Machine 1's 32GB SSD
2. Made a share on the 32GB SSD (used Server manager)
3. Made a VM sitting in the shared folder and installed Windows Server 2012 Std
4. Added domain controller on 2012 Std VM
5. Made a domain test.local
6. Made a user called HyperV test.local

When I tried to join the Hyper-V server to test.local using test\HyperV it said it could not reach the DC. I can troubleshoot this but it isn't done yet.

Next I want to do the following:
1n. Install Hyper-V on the second machine
2n. Make a second domain controller on the second machine
3n. Somehow make a shared pool using the (2) 240GB ssd and (2) hard drives
4n. Get both the DCs VMs on that shared pool
5n. Start adding VMs on the shared pool

My question is really twofold:
a) Is 3n doable? What should I be googling to research how to make a cluster/share pool across machines?
b) I'm thinking whatever I do in a) and 3n I need to be doing on the Hyper-V servers right? Or should I pass the disks through to another VM? I am saying this since IF the Hyper-V host gets powered down, if I did a pass-through a VM would not be able to see the disks after the live migration right?

Thanks in advance! Just need a few pointers on where to look as Microsoft has 500 different types of sharing.
 
N

nitrobass24

Moderator
Dec 26, 2010
1,087
131
63
TX
Did you setup DNS on your domain controller?
are your Hyper-V host able to resolve the domain? e.g. on your hosts, open a cmd prompt, nslookup test.local. Should resolve the IP of your domain controller...if it cant do this it will not be able to connect.
 
P

PigLover

Moderator
Jan 26, 2011
3,186
1,546
113
For your problem joining the domain: I assume that when you set up the DC for test.local (in the 2012 Std VM instance) you also installed a DNS server on that same machine to serve test.local? In order for the HV Server host to find test.local when you join it you need to update its network information to use your new VM - the one that hosts the DC and DNS - as the DNS server. Remember that Active Directory uses SRV records in the DNS in order to find the domain controllers.

I have the same question on the file sharing. I think you'd like to set up shares directly from the Hyper-V server - but in order to do that then the HV Server instance would have to at least support the "storage spaces" role. But I'm not sure that it does.
 
TangoWhiskey9

TangoWhiskey9

Active Member
Jun 28, 2013
402
59
28
Thanks for the advice. Will try in the home lab and report back.

I did install DNS. I did not reboot the servers or anything that might force an update.
 
P

PigLover

Moderator
Jan 26, 2011
3,186
1,546
113
Just re-booting things won't get the DNS pointers set up. A couple of practices you should follow:

  • The DC (and its associated DNS) should be on a static IP - not one assigned by your DHCP server unless you use reservations to simulate static.
  • You'll probably need to add a pointer in the DNS server to point out to your ISP DNS for any non-local addresses (by default, the Server 2012 R2 DNS will have reference pointers to the common top-level domains but that is probably not going to get everything).
  • The members of the domain need to have their DNS server address pointed to the DC/DNS

So - for this setup - you'll need to set IP address for the DC to static and then go into the Hyper-V server network configuration and set it to use the new DC as is DNS (which probably requires you to set up the Hyper-V server on a static address too because your DHCP transaction will probably over-ride the DNS).

Then you should have no problem joining the Hyper-V server to the domain.
 
M

mrkrad

Well-Known Member
Oct 13, 2012
1,244
52
48
With 2008/R2 what happens upon cold startup where no dns/dc/ad servers are active.

On 2003 DC, the DNS service won't start until first replication which will fail until DNS is started so that it can resolve dns (PITA! takes 30 minutes to work itself out).

Does the ALL DC/DNS down bug still exist nowadays?

The last time I had do to this was a scheduled 4+ hour power outage where I didn't feel like pushing the limits of the A/D esxi servers and fear the amount of time a power loss would take its toll on a the entire server (corruption,etc).

Took forever to get things going, and of course, I had AD tied into VCENTER so I could't do squat using the auto-logon vcenter 5 exe client a/D accounts :(
 
T

TallGraham

Member
Apr 28, 2013
143
23
18
Hastings, England
I am very interested in this thread. Especially what what mrkrad said

With 2008/R2 what happens upon cold startup where no dns/dc/ad servers are active.
Click to expand...
I have another thread going in here regarding some network speed and NIC teaming issues with my DC also being my Hyper-V host. One of my potential solutions is to virtualise the DC and leave the physical box as just a Hyper-V Host but still joined to the domain. If I find anything then I will post it here.
 
M

mrkrad

Well-Known Member
Oct 13, 2012
1,244
52
48
I read here you do not ever want to create teaming with a DC controller, as it causes issues with re-enumeration of a mic, inapplicable

Can you separate your fore AD/DNS/DHCP to a physical box and run everything else over HYPER-V?
 
N

nitrobass24

Moderator
Dec 26, 2010
1,087
131
63
TX
mrkrad said:
With 2008/R2 what happens upon cold startup where no dns/dc/ad servers are active.

On 2003 DC, the DNS service won't start until first replication which will fail until DNS is started so that it can resolve dns (PITA! takes 30 minutes to work itself out).

Does the ALL DC/DNS down bug still exist nowadays?

The last time I had do to this was a scheduled 4+ hour power outage where I didn't feel like pushing the limits of the A/D esxi servers and fear the amount of time a power loss would take its toll on a the entire server (corruption,etc).

Took forever to get things going, and of course, I had AD tied into VCENTER so I could't do squat using the auto-logon vcenter 5 exe client a/D accounts :(
Click to expand...
I ran this config on 2008R2 and never experienced this issue.
 
Patrick

Patrick

Administrator
Staff member
Dec 21, 2010
12,519
5,827
113
PigLover said:
Just re-booting things won't get the DNS pointers set up. A couple of practices you should follow:

  • The DC (and its associated DNS) should be on a static IP - not one assigned by your DHCP server unless you use reservations to simulate static.
  • You'll probably need to add a pointer in the DNS server to point out to your ISP DNS for any non-local addresses (by default, the Server 2012 R2 DNS will have reference pointers to the common top-level domains but that is probably not going to get everything).
  • The members of the domain need to have their DNS server address pointed to the DC/DNS

So - for this setup - you'll need to set IP address for the DC to static and then go into the Hyper-V server network configuration and set it to use the new DC as is DNS (which probably requires you to set up the Hyper-V server on a static address too because your DHCP transaction will probably over-ride the DNS).

Then you should have no problem joining the Hyper-V server to the domain.
Click to expand...
TangoWhiskey9 - I replicated (except for the hard drives) your setup locally. Once I changed the DNS server on the Hyper-V server the domain login worked.

Since it is a single Hyper-V instance that hosts the DC and DNS - I rebooted the Hyper-V machine after joining the domain.

Update: Hyper-V booted. The DC / DNS machine booted at startup. About 2min 45s in Hyper-V got off of "Please Wait" and everything works.
 
Patrick

Patrick

Administrator
Staff member
Dec 21, 2010
12,519
5,827
113
Not super awake right now. Here are the roles and features:
Microsoft Hyper-V Server 2012 R2 Roles


Microsoft Hyper-V Server 2012 R2 Features


What else do you need me to test?
 
Patrick

Patrick

Administrator
Staff member
Dec 21, 2010
12,519
5,827
113
Hey TangoWhiskey9 - I am at about the same pace as you in terms of making a testing environment for the colo. I did something this morning which I think is going to help a lot.

On the Hyper-V server I made a Windows 8 Pro VM. That VM I joined to the domain and am adding all of the Hyper-V manager, server manager and etc tools to. That way I can Remote Desktop into that machine and not have to deal with a machine that has to live sometimes on the VPN and Domain and sometimes off the VPN/ Domain.
 
P

PigLover

Moderator
Jan 26, 2011
3,186
1,546
113
Didn't you already create a VM with Server 2012 R2 Standard to contain the DC/DNS role? Why not just RDP into that VM and run Server Manager & Hyper-V Manager from there? I don't think you need a dedicated "management" VM.
 
Patrick

Patrick

Administrator
Staff member
Dec 21, 2010
12,519
5,827
113
PigLover said:
Didn't you already create a VM with Server 2012 R2 Standard to contain the DC/DNS role? Why not just RDP into that VM and run Server Manager & Hyper-V Manager from there? I don't think you need a dedicated "management" VM.
Click to expand...
I did. My thought was that if I wanted to use Teamviewer or something similar one of these days I did not want it running on the DC/ DNS server.

One other thought is using Windows Server 2012 R2 Essentials, at least for the second DC/ DNS server. Saves a few hundred dollars using Essentials as the DC/ DNS. Having the management box helps quite a bit as I can also use it for IPMI into the servers instead of installing JAVA, Firefox, Chrome and etc on the DC/ DNS.
 
Jeggs101

Jeggs101

Well-Known Member
Dec 29, 2010
1,529
241
63
Patrick - If you do end up going with VMM you need to run that on Windows Server not Windows 8. Also you'll need SQL server.
 
Patrick

Patrick

Administrator
Staff member
Dec 21, 2010
12,519
5,827
113
Great point. Trying to see if I can do without. That will get very expensive quickly.
 
P

PigLover

Moderator
Jan 26, 2011
3,186
1,546
113
If trying to limit expense...are you willing to give it a try with a non-MS domain controller? No license fees for Centos+Samba4. In this use case you are not doing anything really sophisticated with AD - no group policy management, etc. Just authorizing/authenticating a couple of users and generally making Hyper-V Server and RSAT happy to play nice together. Simple stuff and limited risk that Samba4 isn't "complete enough".

I've been working (very, very slowly) on something similar to your setup at home. Its been a long road with lost of learning, but I think I'm going to give this a try.

GREAT tutorial on setting up Samba4 as AD DC here: CentOS Samba 4 - Active Directory Domain Controller | Alexwyn Information Services.

With this, you should be able to set things up with NO licensed Server 2012 instances. Just one or two licensed Windows 8.1 instances in VMs to run RSAT/HVM. You'd only need Server 2012 if you wanted VMM and clustering.
 
Last edited:
You must log in or register to reply here.
Top Bottom