Jump to content
RESET Forums (homeservershow.com)

Join WS2012S to one of it VM's WS2012E Domain


Greg Welch
 Share

Recommended Posts

Anyone see a good right up on joining the Host WS2012 standard or Datacenter to one of its VM's a WS2012E's domain. or another way to remote desktop into it while not part of the domain ?. currently am using Supermicro IPMI/KVM thru an out of band network port on motherboard. works well but would like to use REMOTEFX for the VM's and if I do, it kills IPMI / onboard video. hence the for mentioned idea

Link to comment
Share on other sites

  • Replies 25
  • Created
  • Last Reply

Top Posters In This Topic

  • Drashna Jaelre

    3

  • Greg Welch

    5

  • jmwills

    6

  • ikon

    9

ok getting closer, the Host is on bare metal and running Hyper V, so your suggesting I set the Host machines DNS to the VM 2012E running as DC's ip. just the primary or would the secondary do. and thanks item 4 is what I was thinking

Link to comment
Share on other sites

Well, there is this: http://blogs.msdn.co...er-dilemma.aspx

While not really a write up for it, it helps at least.

 

And you'd most likely want to set up a static IP address for the HyperV machine and the DC, and point the hyperV's dns to the DC.

 

A very interesting article. I wonder why he's so emphatic that Saved State/Snapshots NOT be used for the VM DCs?

Link to comment
Share on other sites

If you were to do a restore from a snap shot after to many things on the domain changed , it would be one big domain fracture

Link to comment
Share on other sites

@ikon: actually, that's because of large networks. If the DC misses too many syncs, it causes issues, IIRC.

On the MVP mailing list, this was actually brought up (and why I knew the link actually),. For Essentials, as it's the only DC, using saved state shouldn't be any issue. At least, that was the consensus. among the SBS guys and gals.

Link to comment
Share on other sites

I can't help thinking that, Ben Armstrong's article notwithstanding, the idea of adding the host to a domain which is being run on a VM on that host is a really, really bad idea. His article does hint at possible problems, what happens to the host when it restarts? As part of the startup process on a domain member, it tries to communicate with a domain controller - this is a bit of a problem if the DC is a VM on that host, obviously it won't have started yet. At best you will get slow startup and login times and at worse it is possible that the whole system can get stuck in a deadlock situation where both systems are waiting for the other to startup.

 

What happens if the VM hosting the DC fails or shuts down, the host is left in limbo, no domain controller to authenticate you logging into it, no DNS (remember that best practice for a domain member is to have only the addresses of the domain DNS server-in a SME / home environment, that'll just be the DC) so suddenly there is no internet access for the host (or anyone else for that matter).

 

The thing you need to keep in mind with Microsoft blogs is that they tend to be written assuming that everyone reading them is in charge of a multi-server, enterprise IT setup. In a large setup there would be multiple clustered Hyper-V servers each with VMs running domain services. A failure of the DC on one of them would not be too bad as there would be other DCs running on other hosts. This is just not the case in the SME / home setup.

 

So my advice is to do what I have done; keep the Hyper-V host in it's own workgroup environment with DNS settings pointing to public DNS servers (I'm running Server 2012 with just the Hyper-V role and I've even disabled the GUI interface to reduce the footprint, I tried just the plain Hyper-V server but it was a bit problematic to manage properly from my Mac). Under this is a Server 2012 Essentials running as a VM. This way the host is not dependant at all on the VM running under it - yes I do have to have two separate logins for the host and the VM and other machines on the domain but really is this such a big problem?

 

 

Oh and Drashna is quite right about the problems of restoring a DC from an image snapshot. In a multi server and multi DC environment there are special techniques for restoring a failed domain controller (called active directory restore mode strangely enough) otherwise very bad things can happen to the network when the domain controllers try to sync up. Again this really isn't an issue if you only have one DC.

 

John

Link to comment
Share on other sites

@ikon: actually, that's because of large networks. If the DC misses too many syncs, it causes issues, IIRC.

On the MVP mailing list, this was actually brought up (and why I knew the link actually),. For Essentials, as it's the only DC, using saved state shouldn't be any issue. At least, that was the consensus. among the SBS guys and gals.

 

Thanks. You've articulated it better than I did, what I was getting at. If I have a typical home setup (which the author does talk about 'cause he talks about his own home setup) with a single DC, why would it be a problem? And, honestly, in a home setup, why would you have multiple DC's?

Link to comment
Share on other sites

I can't help thinking that, Ben Armstrong's article notwithstanding, the idea of adding the host to a domain which is being run on a VM on that host is a really, really bad idea. His article does hint at possible problems, what happens to the host when it restarts? As part of the startup process on a domain member, it tries to communicate with a domain controller - this is a bit of a problem if the DC is a VM on that host, obviously it won't have started yet. At best you will get slow startup and login times and at worse it is possible that the whole system can get stuck in a deadlock situation where both systems are waiting for the other to startup.

 

What happens if the VM hosting the DC fails or shuts down, the host is left in limbo, no domain controller to authenticate you logging into it, no DNS (remember that best practice for a domain member is to have only the addresses of the domain DNS server-in a SME / home environment, that'll just be the DC) so suddenly there is no internet access for the host (or anyone else for that matter).

 

The thing you need to keep in mind with Microsoft blogs is that they tend to be written assuming that everyone reading them is in charge of a multi-server, enterprise IT setup. In a large setup there would be multiple clustered Hyper-V servers each with VMs running domain services. A failure of the DC on one of them would not be too bad as there would be other DCs running on other hosts. This is just not the case in the SME / home setup.

 

So my advice is to do what I have done; keep the Hyper-V host in it's own workgroup environment with DNS settings pointing to public DNS servers (I'm running Server 2012 with just the Hyper-V role and I've even disabled the GUI interface to reduce the footprint, I tried just the plain Hyper-V server but it was a bit problematic to manage properly from my Mac). Under this is a Server 2012 Essentials running as a VM. This way the host is not dependant at all on the VM running under it - yes I do have to have two separate logins for the host and the VM and other machines on the domain but really is this such a big problem?

 

 

Oh and Drashna is quite right about the problems of restoring a DC from an image snapshot. In a multi server and multi DC environment there are special techniques for restoring a failed domain controller (called active directory restore mode strangely enough) otherwise very bad things can happen to the network when the domain controllers try to sync up. Again this really isn't an issue if you only have one DC.

 

John

 

I'm going to take a little exception with your comments. Ben Armstrong, the author of that blog post, covered the situation where the DC doesn't come up properly (i.e. make note of the local admin account credentials and test that you have access to the Hyper-V Manager). He even covered using Delayed Start on other VMs you may have, so they don't interfere with the DC VM(s) coming up quickly.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share


×
×
  • Create New...