Setting up 2012 R2 Hyper-V

TechMinerUK · 28 Aug 2016 at 21:49

Hi everyone,

Recently I've started to meddle with my home servers again (Using them to study for my Microsoft qualifications) and I was struggling with setting up Hyper-V to be able to run the VM's from my Laptop.

I can use Server manager to interface with the server and set up a local domain (Is it worth setting up a full TLD domain for my home?) but when I try to connect via the Hyper-V manager it says I don't have the authority to authorize a connection to the server?

Does anyone have any ideas where I'm messing up?

Saundie · 29 Aug 2016 at 10:37

I'm a little confused about what you've set up. Do you have a domain with both the Hyper-V server and the laptop as members? If so, is the user account you're using an administrator on the Hyper-V server?

nutcase · 29 Aug 2016 at 12:16

I've found a few times that getting RSAT or another 2012 R2 server to talk to a hyper-v server a bit finicky. Have you looked at this:

https://code.msdn.microsoft.com/windowsdesktop/Hyper-V-Remote-Management-26d127c6

TechMinerUK · 29 Aug 2016 at 16:03

Saundie said:
I'm a little confused about what you've set up. Do you have a domain with both the Hyper-V server and the laptop as members? If so, is the user account you're using an administrator on the Hyper-V server?

I've tried setting up the server in a local domain, setting up the computer in a work group with no avail. I've also tried the Administrator account and a second account set up as an administrator.

nutcase_1uk said:
I've found a few times that getting RSAT or another 2012 R2 server to talk to a hyper-v server a bit finicky. Have you looked at this:
https://code.msdn.microsoft.com/windowsdesktop/Hyper-V-Remote-Management-26d127c6

I'll have a go at this however will it not just say that it still needs authenticating as it is still administering the Hyper-V server

Saundie · 29 Aug 2016 at 18:28

Strange. I have only ever had problems with authentication when trying to manage a Hyper-V server that's a member of a domain from a workstation that isn't a member - if they're both members of the same domain then it should "just work". At which point are you being told that you don't have authorisation to connect? When you pick "Connect to Server" from within the Hyper-V Manager?

PurplePhoenix · 29 Aug 2016 at 20:01

Download vmware workstation . Set up a dc and a vhost on it. Use snapshots etc so you can undo something before you scew up the server. Saves a lot of time.

I am guessing you have made your lab linked into your home network.

jfish · 30 Aug 2016 at 11:00

run HyperV manager as a different user and connect with the credentials to your 2012 box

TechMinerUK · 30 Aug 2016 at 13:44

Saundie said:
Strange. I have only ever had problems with authentication when trying to manage a Hyper-V server that's a member of a domain from a workstation that isn't a member - if they're both members of the same domain then it should "just work". At which point are you being told that you don't have authorisation to connect? When you pick "Connect to Server" from within the Hyper-V Manager?

I don't think the PC's are on the same domain as the domain for the server is a local one so when I tried putting the PC on it it didn't work. Would it be worth while setting up a full network domain (Apologies if it's the incorrect terminology as I'm new to this area of things)

PurplePhoenix said:
Download vmware workstation . Set up a dc and a vhost on it. Use snapshots etc so you can undo something before you scew up the server. Saves a lot of time.
I am guessing you have made your lab linked into your home network.

Can't as it's there for me to learn about what my works clients are using so I can do a bit of self training/practicing

jfish said:
run HyperV manager as a different user and connect with the credentials to your 2012 box

Tried but it still didn't work

PurplePhoenix · 30 Aug 2016 at 14:11

TechMinerUK said:
I don't think the PC's are on the same domain as the domain for the server is a local one so when I tried putting the PC on it it didn't work. Would it be worth while setting up a full network domain (Apologies if it's the incorrect terminology as I'm new to this area of things)

Can't as it's there for me to learn about what my works clients are using so I can do a bit of self training/practicing

Tried but it still didn't work

Not sure how you set up your lab then ? My view is everything should be separate in it own box from your own network.Screw up just go back to an old snapshot. I had free nas set up as a San with 2 hyper v hosts, dc and a client all running in vm workstation.

Saundie · 30 Aug 2016 at 16:21

TechMinerUK said:
I don't think the PC's are on the same domain as the domain for the server is a local one so when I tried putting the PC on it it didn't work. Would it be worth while setting up a full network domain (Apologies if it's the incorrect terminology as I'm new to this area of things)

If the laptop isn't on the same domain as the Hyper-V server, then you'll need to run the Hyper-V Manager as a user on that domain as jfish suggested. That means you'll have to include the domain name with the username, for example if your Hyper-V server is in the "contoso" domain then you'd log on as "contoso\administrator".

I have a server at home which is configured as a domain controller with the Hyper-V role enabled, and my PC is a member of that domain. It makes it much easier to configure access this way, as I simply log onto the PC as a domain admin, which automatically grants me the permission to manage Hyper-V.

El Pew · 30 Aug 2016 at 19:35

TechMinerUK said:
I don't think the PC's are on the same domain as the domain for the server is a local one so when I tried putting the PC on it it didn't work.

This doesn't make any sense. Have you actually installed a Domain Controller? Do you have an Active Directory domain set up? If not, you have workgroups, not domains, and I'm not sure the Hyper-V client will even work in that scenario.

What version of Hyper-V have you installed - the standalone Hyper-V server, or a 2012 server with the Hyper-V role installed?

TechMinerUK · 31 Aug 2016 at 11:23

PurplePhoenix said:
Not sure how you set up your lab then ? My view is everything should be separate in it own box from your own network.Screw up just go back to an old snapshot. I had free nas set up as a San with 2 hyper v hosts, dc and a client all running in vm workstation.

I have a backup server, I'm planning on getting a storage server and right now I'm trying to get this server with hyper-v setup using any means as to be honest I agree with you that separate boxes are better as if one fails it doesn't break everything (Most of the time

)

Saundie said:
If the laptop isn't on the same domain as the Hyper-V server, then you'll need to run the Hyper-V Manager as a user on that domain as jfish suggested. That means you'll have to include the domain name with the username, for example if your Hyper-V server is in the "contoso" domain then you'd log on as "contoso\administrator".
I have a server at home which is configured as a domain controller with the Hyper-V role enabled, and my PC is a member of that domain. It makes it much easier to configure access this way, as I simply log onto the PC as a domain admin, which automatically grants me the permission to manage Hyper-V.

I tried using a domain user as the login for the server but still to no avail, it's really odd as from what I've read it should have just worked

El Pew said:
This doesn't make any sense. Have you actually installed a Domain Controller? Do you have an Active Directory domain set up? If not, you have workgroups, not domains, and I'm not sure the Hyper-V client will even work in that scenario.
What version of Hyper-V have you installed - the standalone Hyper-V server, or a 2012 server with the Hyper-V role installed?

It's a weird situation as I sort of have an active directory if that makes sense which uses "Element.local" however it won't let others connect as it is a local domain (Not .com etc). That's why I was wondering if it would be worth while setting up a full domain server and getting a tld to use for my home lab network to get the system running smoothly. I apologies if I'm not very clear in explaining as it's all new territory for me

Saundie · 31 Aug 2016 at 13:05

TechMinerUK said:
It's a weird situation as I sort of have an active directory if that makes sense which uses "Element.local" however it won't let others connect as it is a local domain (Not .com etc). That's why I was wondering if it would be worth while setting up a full domain server and getting a tld to use for my home lab network to get the system running smoothly. I apologies if I'm not very clear in explaining as it's all new territory for me

If your laptop can't locate a login server for the "element.local" domain then I guess it won't be able to authenticate your Hyper-V Manager session. What happens when you try to join the laptop to the "element.local" domain? If it says it can't find it, you might need to change your DNS settings on the laptop so that it can locate the domain controller...

El Pew · 31 Aug 2016 at 13:38

TechMinerUK said:
It's a weird situation as I sort of have an active directory if that makes sense which uses "Element.local" however it won't let others connect as it is a local domain (Not .com etc). That's why I was wondering if it would be worth while setting up a full domain server and getting a tld to use for my home lab network to get the system running smoothly. I apologies if I'm not very clear in explaining as it's all new territory for me

There's no reason why a .local domain wouldn't work, I use them all the time. The main reason not to use .local domains is because Mac clients can't connect to them if you use that name (because they use .local instead of localhost IIRC).

Also you didn't answer my question - have you created a DC already for the "element.local"? Are you using Hyper-V or Win2012 with the Hyper-V role installed.

When you use terms like "full domain server" or say "the domain for the server is a local one" it becomes very confusing because that simply doesn't make sense.

Liquidfox · 31 Aug 2016 at 14:19

El Pew said:
There's no reason why a .local domain wouldn't work, I use them all the time. The main reason not to use .local domains is because Mac clients can't connect to them if you use that name (because they use .local instead of localhost IIRC).

Mac's can definitely connect to .local domains. It's MS recommend that you don't use it as it may be released to the public in the future, they prefer a subdomain of your existing TLD.

El Pew · 31 Aug 2016 at 15:02

Liquidfox said:
Mac's can definitely connect to .local domains. It's MS recommend that you don't use it as it may be released to the public in the future, they prefer a subdomain of your existing TLD.

Okay, guess I must have completely misunderstood something.

TechMinerUK · 31 Aug 2016 at 16:26

Saundie said:
If your laptop can't locate a login server for the "element.local" domain then I guess it won't be able to authenticate your Hyper-V Manager session. What happens when you try to join the laptop to the "element.local" domain? If it says it can't find it, you might need to change your DNS settings on the laptop so that it can locate the domain controller...

It just won't join so I assume it means the domain is unavailable to the laptop, if so how would I go about making the domain available so the laptop can join it?

El Pew said:
There's no reason why a .local domain wouldn't work, I use them all the time. The main reason not to use .local domains is because Mac clients can't connect to them if you use that name (because they use .local instead of localhost IIRC).
Also you didn't answer my question - have you created a DC already for the "element.local"? Are you using Hyper-V or Win2012 with the Hyper-V role installed.
When you use terms like "full domain server" or say "the domain for the server is a local one" it becomes very confusing because that simply doesn't make sense.

I apologies for any vague/unanswered questions but for my domain I am using the TS140 which is also running Hyper-V within Server 2012 R2. I was considering creating a separate domain server but only if I have to as I don't really have the cash for more servers (Not yet anyway

)

El Pew · 31 Aug 2016 at 18:23

TechMinerUK said:
It just won't join so I assume it means the domain is unavailable to the laptop, if so how would I go about making the domain available so the laptop can join it?

What error message do you get when you try to join the domain? Are you connecting everything together using a cheap home router? If so It's probably a DNS error where your client doesn't know how to resolve the domain, because the domain name won't have been registered in your router's DNS. What happens when you try to ping element.local? If the name can't be resolved, add the DNS server for that domain to your IP config.

TechMinerUK said:
I apologies for any vague/unanswered questions but for my domain I am using the TS140 which is also running Hyper-V within Server 2012 R2. I was considering creating a separate domain server but only if I have to as I don't really have the cash for more servers (Not yet anyway )

Why can't you install a DC on a VM within Hyper-v? You might have to get creative with your DNS but there's no reason why you can't do it this way. I do.

TechMinerUK · 1 Sep 2016 at 08:57

El Pew said:
What error message do you get when you try to join the domain? Are you connecting everything together using a cheap home router? If so It's probably a DNS error where your client doesn't know how to resolve the domain, because the domain name won't have been registered in your router's DNS. What happens when you try to ping element.local? If the name can't be resolved, add the DNS server for that domain to your IP config.
Why can't you install a DC on a VM within Hyper-v? You might have to get creative with your DNS but there's no reason why you can't do it this way. I do.

Yeah it's using a relatively cheap router (Some TP-Link thing). I'm away from home at the moment however I'll try pinging the element.local domain and seeing if that works. Also there's no reason why I shouldn't be able to run the DC within a VM other than I just haven't thought about it

As for being creative with the DNS, what would this entail as would it be easier just to get something like an Edgerouter X/Lite to get rid of the current router as an issue?

El Pew · 1 Sep 2016 at 09:37

TechMinerUK said:
As for being creative with the DNS, what would this entail as would it be easier just to get something like an Edgerouter X/Lite to get rid of the current router as an issue?

It's not a problem with the equipment, it's a config issue. You should be able to get it working with your current router, you'll probably just need to add the IP address of the DNS server for the element.local to your client. No need to throw money away.

The problem is that your TP-Link router doesn't know how to forward DNS requests to the element.local DNS servers, so when your client (which is presumably getting IP settings from the router via DHCP?) looks for element.local, the router doesn't know what this host is, hence you can't connect.

You'll have the same problem if you put a new AD/DNS server on your Hyper-V server. You'll need to manually set up your clients with a valid DNS server for that domain.

Honestly, what you really need to do is take a step back away from your keyboard, and then think and plan what you are going to do. It doesn't sound like you have the best grasp of networking or Active Directory based on what you've posted here, so your next step should be to write down what you're looking to achieve, then work out how to do it. Put together a little network diagram, have a bit of a read of how DNS works, plan out how you want AD to look, think about which other VM servers you'll want to work on. Otherwise, you'll end up with something that doesn't work properly and spend loads of time figuring out issues that are peculiar to your setup, and not the things you actually want to learn.