Server 2012 New Network Assistance

Hi, I hope someone can point me in the right direction. It has been a number of years since I had anything to do with networking and I am obviously way out of practice, also
I have never used Server 2012 so I am getting confused.
I have been asked if I can help set up a network for a very small company who can only stretch to one server, as such I am probably trying to ask a lot from one machine. As
you can see from the diagram below, I am trying to implement a secure internal network (e.g. internal.local) and an external connection (e.g. external.com). On the external side I would like a website and DirectAccess, on the internal side I need a subnet
(?) that can accommodate file and printer sharing. The maximum number of internal nodes will be 15 – 20; with some of them requiring wireless access.
One of the issues I’m facing is the fact that, due to locality, the only access for the internet is via an Osprey Black from EE 4G, . Although this device can connect up to
10 wireless nodes I want to use it for the sole purpose of internet connection, I will also need to ensure that they have a static IP address.
My questions are 1) is this possible with one server running 2012 R2 (or is there a better way)? And 2) do I need two NIC’s and bridge them?
Any assistance would be greatly appreciated.

Hi Tim,
Thank you very much for the reply and I apologise for the delayed response.
I know, a locked room with no power supply and definitely no humans = a secure computer (maybe!) :)
Setting up the physical server as a Hyper-V host and running two VM instances of Windows Server seems a
good solution.
I was hoping to use a Hardware Firewall on the external side but may have to rely on individual machines defences internally.
After spending a little time researching I believe I am OK with the idea of setting up the VM instances and configuring them (I have downloaded an
evaluation copy of server 2012 and using VirtualBox to test). However, for the life of me I can't figure out the first steps :( There are a lot of good resources and tutorials about setting up Hyper-V but that large number is a little confusing.
Assuming I have just returned from the store with my shiny new machine and downloaded the correct version of Server 2012 - do I simply install Server 2012 onto the machine
and then create the VM's?
Sorry if this sounds really dumb
Thanks

Similar Messages

Using NIC Teaming and a virtual switch for Windows Server 2012 host networking and Hyper-V.

Using NIC Teaming and a virtual switch for Windows Server 2012 host networking!
http://www.youtube.com/watch?v=8mOuoIWzmdE
Hi thanks for reading. Now I may well have my terminology incorrect here so I will try to explain as best I can and apologies from the start.
It’s a bit of both Hyper-v and Server 2012R2.
I am setting up a lab with Server 2012 R2. I have several physical network cards that I have teamed called “HostSwitchTeam” from those I have made several Virtual Network Adaptors such as below
examples.
New-VMSwitch "MgmtSwitch" -MinimumBandwidthMode weight -NetAdaptername "HostSwitchTeam" -AllowManagement $false
Add-VMNetworkAdapter -ManagementOS -Name "Vswitch" -SwitchName "MgmtSwitch"
Add-VMNetworkAdapter -ManagementOS -Name "Cluster" -SwitchName "MgmtSwitch"
When I install Hyper-V and it comes to adding a virtual switch during installation it only shows the individual physical network cards and the
HostSwitchTeam for selection. When installed it shows the Microsoft Network Multiplexor Driver as the only option.
Is this correct or how does one use the Vswitch made above and incorporate into the Hyper-V so a weight can be put against it.
Still trying to get my head around Vswitches,VMNetworkadapters etc so somewhat confused as to the way forward at this time so I may have missed the plot altogether!
Any help would be much appreciated.
Paul
Paul Edwards

Hi P.J.E,
>>I have teams so a bit confused as to the adapter bindings and if the teams need to be added or just the vEthernet Nics?.
Nic 1,2
HostVMSwitchTeam
Nic 3,4,5
HostMgmtSwitchTeam
>>The adapter Binding settings are:
HostMgmtSwitchTeam
V-Curric
Nic 3
Nic 4
Nic 5
V-Livemigration
HostVMSwitch
Nic 1
Nic 2
V-iSCSI
V-HeartBeat
Based on my understanding of the description , "HostMgmtSwitchTeam and
HostVMSwitch " are teamed NIC .
You can think of them as two physical NICs (do not use NIC 1,2,3,4,5 any more , there are just two NICs "HostMgmtSwitchTeam and
HostVMSwitch").
V-Curric,
V-Livemigration , V-iSCSI ,
V-HeartBeat are just VNICs of host (you can change their name then check if the virtual switch name will be changed )
Best Regards
Elton Ji
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

Server 2012 R2 Network Teaming Issues After Adding WOW64 Feature

Recently I have had a specific issue adding the WOW64 feature to an active Server 2012 R2 server in core mode (no management). The server had two active virtual machines. A server 2008 R2 in version 1 mode and a 2012 R2 in version 2.
All were up2date as of April 10 2015. This was a domain connected core with domain connected virtual machines. We are the domain administrator.
After using powershell to install WOW64 and issuing a restart we lost all external network connectivity to the server once the server came back up. From the console we could ping 127.0.0.1 and all the network addresses of each VM but not the
default gateway or any address on the local network. We tried several resolutions including disabling all firewall rules and assigning a known VLAN but nothing worked. Something went completely haywire within Windows 2012 R2 and network teaming
and the virtual switch that supplies the VM's with communication.
What we had to do was remove one of the physical network adapters from the team using powershell from the core console. We then assigned an address to the nic and whallah we were able to remotely communicate to the server again but the problem
still remained with communicating to the team.
After hours of trials we finally stumbled on a solution deleting the hyper-v virtual switch though a remote console, then the team through powershell. This of course broke all the hyper-v VM's. We said f'it and rebooted.
This is the magical combination apparently
We then recreated the team using the remote management GRAPHICAL widget using every physical EXCEPT the nic we were communicating to.   Then we recreated the hyper-v virtual switch remotely again with the GRAPHICAL widget and assigned
it an address using the command line sconfig tool.   We then went into the GRAPHICAL hyper-v manager and assigned all VM's to the new virtual switch. WOW everything works again
Let me just say here in this post that the lack of graphical management in CORE mode is a complete nightmare. The fact we have to use some graphical tools to perform certain tasks and the command line for others is just silly. The sconfig.exe
tool should have built-in teaming commands as inexperienced remote administrators are very difficult to work with over the phone trying to explain spelling of the upper/lowercase commands.
This post is more informative than really asking a specific question but if I were to ask one I'd ask, why did installing the WOW64 feature and rebooting break the external communication of the team and the virtual switch?

Hi gettnmorebetter,
Could you try to confirm whether you have in the following situation, if you do not found the related symptom please try to install the latest update then monitor the issue
again.
Event ID 106 when a Hyper-V virtual switch is bound to an LBFO team
https://support.microsoft.com/en-us/kb/2974384
I’m glad to be of help to you!
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

How to do Server 2012 R2 Network Policy Server MAC Authentication without adding ad users?

I have a Network Policy Server running on Server 2012 R2. I have set it up to do certificate and PEAP authentication for our 802.1x wireless authentication
and that works great.
Now I want to add a policy to this server so I can also do MAC address authentication our unauthenticated open wireless ssid so i can assign roles based on the
mac address. I got our Aruba controller setup to send the mac address to the radius server, but the radius server just denies access because I am not sure how to get it to use themsNPCallingStationID attribute.
I have found several ways do to this included adding active directory users for every single MAC address with the mac address as the username and password. I
do not want to do that. This is not an option.
I have also found several posts about using ieee802Device. I can't find a way to get that to work.
I also found a suggestion to use msNPCallingStationID ad attribute. I can easily set this for each user as their mac addresses but how do I configure the
NPS server to use this attribute to authenticate this?
If you have any other ideas on how to get MAC authentication to work, I would greatly appreciate it!
Thank you for your assistance!

Hi,
I think you may have some misunderstand about the MAC address Authorization, MAC address authorization is based on the MAC address of the network adapter installed in
the access client computer. Like ANI authorization, MAC address authorization uses the Calling-Station-ID attribute instead of user name and password or certificate-based credentials to identify the user during the connection attempt.
MAC address authorization is performed when the user does not type in any user name or password, and refuses to use any valid authentication method. In this case, Network
Policy Server (NPS) receives the Calling-Station-ID attribute, and no user name and password. To support MAC address authorization, Active Directory Domain Services (AD DS) must have user accounts that contain MAC addresses as user names, therefore you need
add the MAC address as the computer user name and password,
To use the MAC address as user name and password is Cisco® switch require condition, about your switch device please ask your hardware vendor.
If you want to combine the MAC address MAC filtering and
EAP Authentication, you can refer the following related article:
Enhance your 802.1x deployment security with MAC filtering
http://blogs.technet.com/b/nap/archive/2006/09/08/454705.aspx
More information:
MAC Address Authorization
http://technet.microsoft.com/en-us/library/dd197535(v=ws.10).aspx
Authorization by User and Group
http://technet.microsoft.com/en-us/library/dd197615(v=ws.10).aspx
The similar thread:
NPS: Override User-Name and User Identity Attribute
http://social.technet.microsoft.com/Forums/windowsserver/en-US/6dd983f9-973f-4d23-be0c-032d3a1592d0/nps-override-username-and-user-identity-attribute?forum=winserverNAP
The related third party article:
Configuring IEEE 802.1x Port-Based Authentication
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3550/software/release/12-2_25_see/configuration/guide/3550SCG/sw8021x.html#wp1170569
MAC Filters with Wireless LAN Controllers (WLCs) Configuration Example
http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/91901-mac-filters-wlcs-config.html#backinfo
Hope this helps.

Server 2012 Domain Network

Hi, I have windows server 2012 as a domain controller, is there any way for me to see which files are being shared by clients in our network. I mean if each those shared files can be managed in domain controller, like editing the permissions. Thanks

Hello,
The TechNet Wiki Forum is a place for the TechNet Wiki Community to engage, question, organize, debate, help, influence and foster the TechNet Wiki content, platform and Community.
Please note that this forum exists to discuss TechNet Wiki as a technology/application.
As it's off-topic here, I am moving the question to the
Where is the forum for... forum.
Karl
When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer.
My Blog: Unlock PowerShell
My Book:
Windows PowerShell 2.0 Bible
My E-mail: -join ('6F6C646B61726C406F75746C6F6F6B2E636F6D'-split'(?<=\G.{2})'|%{if($_){[char][int]"0x$_"}})

Sql Server 2012 features

Hi,
What are the new features in SQL Server 2012/2014 for DBA's prospective?

SQL Server 2012 new features:
http://www.sqlusa.com/sql-server-2012-new-features/
Kalman Toth Database & OLAP Architect
SELECT Video Tutorials 4 Hours
New Book / Kindle: Exam 70-461 Bootcamp: Querying Microsoft SQL Server 2012

Best Practices when replacing 2003 server R2 with a new domainname and server 2012 r2 on same lan network

I have a small office (10 computers with five users) that have a Windows 2003 server that has a corrupted AD. Their 2003 server R2 is essentially a file server and provides authentication. They purchased a new Dell 2012 R2 server.
It seems easier to me to just create a new domain (using their public domain name).
But I need as little office downtime. as possible . Therefore I would like to promote this server to its new domain on the same lan as the current domain server. I plan to manually replicate the users and folder permissions. Once done, I plan to
remove the old server from the network and join the office computers to the new domain.
They also they are also running a legacy application that will require some tweaking by another tech. I have been hoping to prep the new domain prior to new legacy tech arriving. That is why I would like both domain to co-exist temporarily. I have read
that the major issues involved in this kind of temporary configuration will then be related to setting up dns. They are using the firewall to provide dhcp.
Are there any best practices documents for this situation?
Or is there a better or simpler strategy?
Gary Metz

I followed below two links. I think it should be the same even though the links are 2008 R2 migration steps.
http://kpytko.pl/active-directory-domain-services/adding-first-windows-server-2008-r2-domain-controller-within-windows-2003-network/
http://blog.zwiegnet.com/windows-server/migrate-server-2003-to-2008r2-active-directory-and-fsmo-roles/
Hope this help!

New Server 2012 -- Network Location Awareness & Power Failure

Could you try setting up a dependency or delay on the boot? This would be more of a temporary solution, but should help you confirm that the only issue was with communication with the DC.

Hello everyone,This is kind of a mixed question of AD/Domain/GPO, Server 2012 R2 Standard, Windows 7 clients, and File Sharing.. please bare with me.We had an interesting event this morning..We have a 2012 R2 STD member file server on the domain. We had a total power failure, and I believe the file server came up faster than any domain controller. Anyhow, we couldn't access the shares on the server. Upon further investigation, I saw that the network location on the file server was 'unknown' and decided to restart the server. After that, it went back to its domain profile.Are there any known solutions to this scenario? Can I force the server to use the domain profile at all times? I've briefly read about the local GP edit trick, but haven't tried it out yet. Apparently, you can allow changes to adapter profiles, and then manually set...
This topic first appeared in the Spiceworks Community

Server 2012 R2 - The system failed to register host (A or AAAA) resource records (RRs) for network adapter

We seem to be having an issue recently after introducing new Windows Server 2012 R2 servers where they fail to register DNS correctly. The Windows Firewall is off and the servers are on the same VLAN with no firewalls between them.
When I do an ipconfig /registerdns or wait 24 hours for the system to try we get the following error:
The system failed to register host (A or AAAA) resource records (RRs) for network adapter
with settings:
Adapter Name : {4A0ECF05-193F-4BEA-AA46-BEC593BA752B}
Host Name : SRV-DATA
Primary Domain Suffix : internal.local
DNS server list :
192.168.0.50, 192.168.0.42
Sent update to server : <?>
IP Address(es) :
192.168.0.99
The reason the system could not register these RRs was because the DNS server contacted refused the update request. The reasons for this might be (a) you are not allowed to update the specified DNS domain name, or (b) because the DNS server authoritative
for this name does not support the DNS dynamic update protocol.
To register the DNS host (A or AAAA) resource records using the specific DNS domain name and IP addresses for this adapter, contact your DNS server or network systems administrator.
On our DNS server we have set for the internal.local zone Secure Updates only so that looks good because it is Active Directory that should be handling this authentication to update the record I assume. Just to mention that when also doing an ipconfig /regsiterdns
the update fails within a few seconds.
Source: DNS Clients Events
Event ID: 8018
User: NETWORK SERVICE
This issue is only affecting Windows Server 2012 R2 clients and testing with Windows Server 2008 R2 clients works no issues. So is this a mis-configuration or a bug with Windows 2012 R2? I have checked all DNS settings on client / server which all look good
to me so reaching out now to see if anyone has any ideas?
Environment:
- Windows Server 2012 R2 Domain Controllers (Forest/Domain Levels 2012 R2)
- Windows Server 2012 R2 Client machines (Physical and Virtual)
- Windows Server 2008 R2 Client machines (Physical and Virtual)

The zone is configured as "Secure Only"
The PDC is the SOA for the zone
I dont have a packet capture from the DC, only the client.
The query you asked me to run is too long to paste in here, however this is the DNS zone it cannot update:
NotifyServers :
SecondaryServers : {10.2.0.3, 10.2.0.5}
AllowedDcForNsRecordsAutoCreation :
DistinguishedName : DC=internal.local,cn=MicrosoftDNS,DC=ForestDnsZones,DC=internal,DC=local
IsAutoCreated : False
IsDsIntegrated : True
IsPaused : False
IsReadOnly : False
IsReverseLookupZone : False
IsShutdown : False
ZoneName : internal.local
ZoneType : Primary
DirectoryPartitionName : ForestDnsZones.internal.local
DynamicUpdate : Secure
IsPluginEnabled : False
IsSigned : False
IsWinsEnabled : False
Notify : NoNotify
ReplicationScope : Forest
SecureSecondaries : TransferToSecureServers
ZoneFile :
PSComputerName :
CimClass : root/Microsoft/Windows/DNS:DnsServerPrimaryZone
CimInstanceProperties : {DistinguishedName, IsAutoCreated, IsDsIntegrated, IsPaused...}
CimSystemProperties : Microsoft.Management.Infrastructure.CimSystemProperties

Windows Server 2012 Hyper-V network latencies

Hi All,
I have an issue with our Windows Server 2012 Hyper-V hosts that I can't seem to figure out. Situation:
2 x Dell PowerEdge R815 servers with AMD opteron 6376 16 core CPU's and 128 GB RAM running Windows Server 2012 with Hyper-V.
2 virtual machines running on the same physical host and connected to the same virtual switch show high TCP connection latencies. One virtual machines runs a SQL Server 2012 database instance and a Dynamics AX 2012 R2 instance. The other machine a
SharePoint 2013 instance and the AX client. We see latencies of 20ms and higher on most of the TCP connections that are made from the sharepoint machine to the sql server machine.
At first I thought it might have something to do with the physical NIC's. It turned out that VMQ wasn't correctly supported by the firmware of the Broadcom BCM5709c cards. By default this setting is enabled. Turning off the VMQ setting somewhat improved
the situation but the latencies are still at 8ms and higher.
What I don't understand is what influence enabling/disabling VMQ should have on network performance. As I understand it now virtual machines connected to the same virtual switch bypass the physical altogether. Another point is that VMQ should actually improve
performance, not decrease it.
Another question I have is about the various tcp offloading settings on the physical NIC's. After installing the new firmware and drivers from Dell most of these settings are set to disabled. The documents I have been able to find talk about Windows Server
2008, any thought how these settings relate to Windows Server 2012 and whether they should be enabled?
Thanks in advance for your time and thoughts
Kind regards,
Dennes Schuitema

Hi Denes,
Please try to update your BroadCom NIC driver version ,the newest version should be 7.8.51
For details please refer to following link :
http://www.broadcom.com/support/ethernet_nic/netxtremeii.php
Best Regards
Elton Ji
If it is not the answer , you can unmark it to continue .
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

Enabling network discovery on Windows Server 2012 R2

Good afternoon.
As per the title, I have set-up a new server at work. The server is running no problem but none of the other computers connected to the network can 'see' the new server. I've gone into the control panel and tried to turn on the network discovery, but it just
defaults back to 'off'.
I did so a search on here first before troubling anyone and I did find this answer :
Thanks for the post.
I did some research and found this issue may occur if the dependency services are disabled. Please make sure the following services are enabled and running.
- SSDP Discovery
- UPnP Device Host
Disabling Network Discovery/Network Resources"
That may well be the answer, but unfortunately that means absolutely nothing to me.
Is someone able to help me try and switch this on, but by offering an explanation an 'idiot' would understand.
Thanks in advance.

Hi,
This issue occurs for one of the following reasons:
•The dependency services for Network Discovery are not running.
•The Windows firewall or other firewalls do not allow Network Discovery.
To resolve the issue, follow these steps:
1.Make sure that the following dependency services are started:
DNS Client
Function Discovery Resource Publication
SSDP Discovery
UPnP Device Host
2.Configure the Windows firewall to allow Network Discovery. To do this, follow these steps:
Open Control Panel, click System and Security, and then click Windows Firewall.
In the left pane, click Allow an app or feature through Windows Firewall if you are running Windows Server 2012. Or, click Allow a program or feature through Windows Firewall if you are running Windows Server 2008 or Windows Server 2008 R2.
Click Change settings. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
Select Network discovery, and then click OK.
3.Configure other firewalls in the network to allow Network Discovery.
4.Turn on Network Discovery in Network and Sharing Center
Quote from http://support.microsoft.com/kb/2722035
Steven Lee
TechNet Community Support

Server 2012 R2 how to view RDP user network use?

Hi All,
In Server 2008 you were able to go into tsadmin, click right on a user and click "Status" which would show their network usage (bytes received, bytes sent).
I noticed in Server 2012, when I check users under Collections this option is no longer there. How can I view a user's network usage?

Hi,
I would like to check if you need further assistance.
Thanks.
Jeremy Wu
TechNet Community Support

Network Location not showing domain name in Server 2012 R2 after demoting 2003 PDC

The single active NIC in my new Server 2012 R2 no longer shows the Network Location of "DOMAIN.LOCAL" like it did before I demoted the only Server 2003 domain controller. The NIC now shows "NETWORK" as the Network Location.
The registry still shows a Profile with the correct PROFILENAME in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles
but that name does not show up in the Network List Manager Policies inside Local Security Policy.
The 2012 R2 Srv has all of the FSMO roles, Client PC's can connect to the domain but will not get new map drives from a script, they must be created manually. My Quickbooks Enterprise clients cannot see the QB Server Manager on this server and I think it
is related to this issue because of firewall restrictions.
The Windows Firewall pointed me in this direction because the "Private Networks" is connected to my NIC named "Network" but the Firewall "Domain Networks" is reported as "Not connected."
Any Help is appreciated,
CrazyDog

Hi,
Based on my research,
Network Location Awareness (NLA) service expects to be able to enumerate the
domain’s forest name to choose the right network profile for the connection. The service does this by calling
DsGetDcName on the forest root name and issuing an LDAP query on UDP port 389 to a root Domain Controller.
If something hinders the DNS name resolution or the connection attempt to the DC, NLA is not able to set the appropriate network profile on the connection.
Therefore, I suggest you check the DNS settings on DCs and other domain-joined machines, which should point to the existing DC as preferred DNS server, and secondary DC as alternate DNS server, IP address of demoted DC should be
removed. In addition, please do not use loopback IP address.
Here are some articles below I suggest you refer to:
Network Location Awareness (NLA) and how it relates to Windows Firewall Profiles
http://blogs.technet.com/b/networking/archive/2010/09/08/network-location-awareness-nla-and-how-it-relates-to-windows-firewall-profiles.aspx
Network Location Awareness
http://technet.microsoft.com/en-us/library/cc753545(v=WS.10).aspx
Complete Step by Step to Remove an Orphaned Domain controller
http://msmvps.com/blogs/acefekay/archive/2010/10/05/complete-step-by-step-to-remove-an-orphaned-domain-controller.aspx
Best Regards.
Amy

Deleted failed DC from the domain (Server 2012 R2) - Now after doing metadata and DNS cleanup, I can no longer promote a new DC to the domain

I work for a university and teach IT courses to undergrad and graduate students. The details below are pertaining an isolated lab environment
I had a storage failure in my lab and the DCs became corrupt. This is a university lab environment so there isn't anything crucial on here. I just would rather avoid rebuilding the domain/forest and would rather use this as a learning experience with my
students...
So after the storage failed and was restored, the VMs hosted became corrupt. I did a NTDSUTIL to basically repair the NDTS.dit file but one of my DCs reverted to a state before DC promotion. Naturally, the domain still had this object in AD. After numerous
failed attempts at trying to reinstall the DC on the server through the server manager wizard in 2012 R2, I decided that a metadata cleanup of the old failed object was necessary.
Utilizing this article, I removed all references of the failed DC from both AD and DNS (http://www.petri.com/delete_failed_dcs_from_ad.htm)
So now that the failed object is removed completely from the domain and the metadata cleanup was successful, I then proceeded to re-install the necessary AD DS role on the server and re-promote to the existing domain. Pre-Requisites pass but generate some
warning around DNS Delgation, and Dynamic Updates (delegation is ignored because the lab is isolated from external comms, and dynamic updates are in fact enabled on both my _msdcs and root domain zones).
Upon the promotion process, I get the following error message (also worth mentioning - the account performing these operations is a member of DA, EA, and Schema Admins)
The operation failed because:
Active Directory Domain Services could not create the NTDS Settings object for this Active Directory Domain Controller CN=NTDS Settings,CN=domainVMDC1,CN=Servers,CN=Default-
First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=school,DC=edu on the remote AD DC domainVMDC2. Ensure the provided network credentials have sufficient permissions.
"While processing a change to the DNS Host Name for an object, the Service Principal Name values could not be kept in sync."
As you can see, this error seems odd considering. Now that I'm down to a single DC and DNS server, the sync should be corrected. I've run a repadmin /syncall and it completed successfully. Since then, I've run dcdiags and dumped those to a text as well and
here are my results...
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = domainVMDC2
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\domainVMDC2
Starting test: Connectivity
......................... domainVMDC2 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\domainVMDC2
Starting test: Advertising
......................... domainVMDC2 passed test Advertising
Starting test: FrsEvent
......................... domainVMDC2 passed test FrsEvent
Starting test: DFSREvent
......................... domainVMDC2 passed test DFSREvent
Starting test: SysVolCheck
......................... domainVMDC2 passed test SysVolCheck
Starting test: KccEvent
......................... domainVMDC2 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... domainVMDC2 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... domainVMDC2 passed test MachineAccount
Starting test: NCSecDesc
......................... domainVMDC2 passed test NCSecDesc
Starting test: NetLogons
......................... domainVMDC2 passed test NetLogons
Starting test: ObjectsReplicated
......................... domainVMDC2 passed test ObjectsReplicated
Starting test: Replications
......................... domainVMDC2 passed test Replications
Starting test: RidManager
......................... domainVMDC2 passed test RidManager
Starting test: Services
......................... domainVMDC2 passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x00001795
Time Generated: 12/18/2014 00:35:03
Event String:
The program lsass.exe, with the assigned process ID 476, could not authenticate locally by using the target name ldap/domainvmdc2.domain.school.edu. The target name used is not valid. A target name should
refer to one of the local computer names, for example, the DNS host name.
......................... domainVMDC2 passed test SystemLog
Starting test: VerifyReferences
......................... domainVMDC2 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
For the partition
(DC=ForestDnsZones,DC=domain,DC=school,DC=edu) we encountered
the following error retrieving the cross-ref's
(CN=3098109a-ff99-41d4-8926-0e814ac8efde,CN=Partitions,CN=Configuration,DC=domain,DC=school,DC=edu)
information:
LDAP Error 0x52e (1326).
......................... ForestDnsZones failed test CheckSDRefDom
Starting test: CrossRefValidation
For the partition
(DC=ForestDnsZones,DC=domain,DC=school,DC=edu) we encountered
the following error retrieving the cross-ref's
(CN=3098109a-ff99-41d4-8926-0e814ac8efde,CN=Partitions,CN=Configuration,DC=domain,DC=school,DC=edu)
information:
LDAP Error 0x52e (1326).
......................... ForestDnsZones failed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
For the partition
(DC=DomainDnsZones,DC=domain,DC=school,DC=edu) we encountered
the following error retrieving the cross-ref's
(CN=2f0b8ac0-2630-441a-891f-b5fcb91498a8,CN=Partitions,CN=Configuration,DC=domain,DC=school,DC=edu)
information:
LDAP Error 0x52e (1326).
......................... DomainDnsZones failed test CheckSDRefDom
Starting test: CrossRefValidation
For the partition
(DC=DomainDnsZones,DC=domain,DC=school,DC=edu) we encountered
the following error retrieving the cross-ref's
(CN=2f0b8ac0-2630-441a-891f-b5fcb91498a8,CN=Partitions,CN=Configuration,DC=domain,DC=school,DC=edu)
information:
LDAP Error 0x52e (1326).
......................... DomainDnsZones failed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
For the partition
(CN=Schema,CN=Configuration,DC=domain,DC=school,DC=edu) we
encountered the following error retrieving the cross-ref's
(CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=domain,DC=school,DC=edu)
information:
LDAP Error 0x52e (1326).
......................... Schema failed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
For the partition
(CN=Configuration,DC=domain,DC=school,DC=edu) we encountered
the following error retrieving the cross-ref's
(CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=domain,DC=school,DC=edu)
information:
LDAP Error 0x52e (1326).
......................... Configuration failed test CrossRefValidation
Running partition tests on : domain
Starting test: CheckSDRefDom
......................... domain passed test CheckSDRefDom
Starting test: CrossRefValidation
For the partition (DC=domain,DC=school,DC=edu) we encountered
the following error retrieving the cross-ref's
(CN=domain,CN=Partitions,CN=Configuration,DC=domain,DC=school,DC=edu)
information:
LDAP Error 0x52e (1326).
......................... domain failed test CrossRefValidation
Running enterprise tests on : domain.school.edu
Starting test: LocatorCheck
......................... domain.school.edu passed test
LocatorCheck
Starting test: Intersite
......................... domain.school.edu passed test Intersite
From what I can gather, there is a definite DNS issue but I don't have any stale records to the old DC stored anywhere. I've tried this with a new server as well and get similar errors...
At this rate I'm ready to rebuild the entire forest over again. I'm just reluctant to do so as I want to make this a learning experience for the students.
Any help would be greatly appreciated. Thanks!

As you can see, there seems to be some errors. The one that I did correct was the one around the _msdcs NS record being unable to resolve. For whatever, reason the name wasn't resolving the IP but all other NS tabs and records were. Just that one _msdcs
sub-zone. Furthermore, the mentioning of any connections to root hint servers can be viewed as false positives. There is no external comms to this lab so no communication with outside IPs can be expected. Lastly, they mentioned a connectivity issue yet mention
that I should check the firewall settings. All three profiles are disabled in Windows Firewall (as they have been the entire time). Thank you in advance for your help!
C:\Windows\system32>dcdiag /test:dns /v
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine domainVMDC2, is a Directory Server.
Home Server = domainVMDC2
* Connecting to directory service on server domainVMDC2.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=domain,DC=school,DC=edu,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=school,DC=edu
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=domain,DC=school,DC=edu,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=domainVMDC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=school,DC=edu
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\domainVMDC2
Starting test: Connectivity
* Active Directory LDAP Services Check
The host
3a38b19c-4bb3-4542-acb6-9e5e97cc15c4._msdcs.domain.school.edu
could not be resolved to an IP address. Check the DNS server, DHCP,
server name, etc.
Got error while checking LDAP and RPC connectivity. Please check your
firewall settings.
......................... domainVMDC2 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\domainVMDC2
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
See DNS test in enterprise tests section for results
......................... domainVMDC2 passed test DNS
Running partition tests on : ForestDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : DomainDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Schema
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Configuration
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : domain
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running enterprise tests on : domain.school.edu
Starting test: DNS
Test results for domain controllers:
DC: domainVMDC2
Domain: domain.school.edu
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
Error: No LDAP connectivity
The OS
Microsoft Windows Server 2012 R2 Datacenter (Service Pack level: 0.0)
is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000010] vmxnet3 Ethernet Adapter:
MAC address is 00:50:56:A2:2C:24
IP Address is static
IP address: *.*.100.26
DNS servers:
*.*.100.26 (domainVMDC2) [Valid]
No host records (A or AAAA) were found for this DC
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders are not configured on this DNS server
Root hint Information:
Name: a.root-servers.net. IP: 198.41.0.4 [Invalid (unreachable)]
Name: b.root-servers.net. IP: 192.228.79.201 [Invalid (unreachable)]
Name: c.root-servers.net. IP: 192.33.4.12 [Invalid (unreachable)]
Name: d.root-servers.net. IP: 199.7.91.13 [Invalid (unreachable)]
Name: e.root-servers.net. IP: 192.203.230.10 [Invalid (unreachable)]
Name: f.root-servers.net. IP: 192.5.5.241 [Invalid (unreachable)]
Name: g.root-servers.net. IP: 192.112.36.4 [Invalid (unreachable)]
Name: h.root-servers.net. IP: 128.63.2.53 [Invalid (unreachable)]
Name: i.root-servers.net. IP: 192.36.148.17 [Invalid (unreachable)]
Name: j.root-servers.net. IP: 192.58.128.30 [Invalid (unreachable)]
Name: k.root-servers.net. IP: 193.0.14.129 [Invalid (unreachable)]
Name: l.root-servers.net. IP: 199.7.83.42 [Invalid (unreachable)]
Name: m.root-servers.net. IP: 202.12.27.33 [Invalid (unreachable)]
Error: Both root hints and forwarders are not configured or
broken. Please make sure at least one of them works.
TEST: Delegations (Del)
Delegation information for the zone: domain.school.edu.
Delegated domain name: _msdcs.domain.school.edu.
Error: DNS server: domainvmdc2. IP:<Unavailable>
[Missing glue A record]
[Error details: 9714 (Type: Win32 - Description: DNS name does not exist.)]
TEST: Dynamic update (Dyn)
Test record dcdiag-test-record added successfully in zone domain.school.edu
Warning: Failed to delete the test record dcdiag-test-record in zone domain.school.edu
[Error details: 13 (Type: Win32 - Description: The data is invalid.)]
TEST: Records registration (RReg)
Network Adapter [00000010] vmxnet3 Ethernet Adapter:
Matching CNAME record found at DNS server *.*.100.26:
3a38b19c-4bb3-4542-acb6-9e5e97cc15c4._msdcs.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_ldap._tcp.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_ldap._tcp.a9241004-88ea-422d-a71e-df7b622f0d68.domains._msdcs.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_kerberos._tcp.dc._msdcs.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_ldap._tcp.dc._msdcs.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_kerberos._tcp.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_kerberos._udp.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_kpasswd._tcp.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_ldap._tcp.Default-First-Site-Name._sites.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_kerberos._tcp.Default-First-Site-Name._sites.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_ldap._tcp.gc._msdcs.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_gc._tcp.Default-First-Site-Name._sites.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_ldap._tcp.pdc._msdcs.domain.school.edu
Error: Record registrations cannot be found for all the network
adapters
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.228.79.201 (b.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.228.79.201
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.58.128.30
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 199.7.83.42 (l.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 199.7.83.42
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 199.7.91.13 (d.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 199.7.91.13
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: *.*.100.26 (domainVMDC2)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
Domain: domain.school.edu
domainVMDC2 PASS FAIL FAIL FAIL WARN FAIL n/a
......................... domain.school.edu failed test DNS
Test omitted by user request: LocatorCheck
Test omitted by user request: Intersite

(Request for:) Best practices for setting up a new Windows Server 2012 r2 Hyper-V Virtualized AD DC

Could you please share your best practices for setting up a new Windows Server 2012 r2 Hyper-V Virtualized AD DC, that will be running on a new WinSrv 2012 r2 host server. (This
will be for a brand new network setup, new forest, domain, etc.)
Specifically, your best practices regarding:
the sizing of non virtual and virtual volumes/partitions/drives,
the use of sysvol, logs, & data volumes/drives on hosts & guests,
RAID levels for the host and the guest(s),
IDE vs SCSI and drivers both non virtual and virtual and the booting there of,
disk caching settings on both host and guests.
Thanks so much for any information you can share.

A bit of non essential additional info:
We are small to midrange school district who, after close to 20 years on Novell networks, have decided to design and create a new Microsoft network and migrate all of our data and services
over to the new infrastructure . We are planning on rolling out 2012 r2 servers with as much Hyper-v virtualization as possible.
During the last few weeks we have been able to find most of the information we need to undergo this project, and most of the information was pretty solid with little ambiguity, except for
information regarding virtualizing the DCs, which as been a bit inconsistent.
Yes, we have read all the documents that most of these posts tend point to, but found some, if not most are still are referring to performing this under Srvr 2008 r2, and haven’t really
seen all that much on Srvr2012 r2.
We have read these and others:
Introduction to Active Directory Domain Services (AD DS) Virtualization (Level 100),
Virtualized Domain Controller Technical Reference (Level 300),
Virtualized Domain Controller Cloning Test Guidance for Application Vendors,
Support for using Hyper-V Replica for virtualized domain controllers.
Again, thanks for any information, best practices, cookie cutter or otherwise that you can share.
Chas.

Server 2012 New Network Assistance

Similar Messages

Maybe you are looking for