My one-box Windows server infrastructure is working fine, but I ran into a little problem with DHCP. I’d decided to have the host operating system run not only Hyper-V, but also domain services, including Active Directory, DNS and DHCP. I’m not sure this is best practice. Sander Berkouwer has a useful couple of posts in which he explains first that making the host OS a domain controller is poor design:
From an architectural point of view this is not a desired configuration. From this point of view you want to separate the virtualization and platforms from the services and applications. This way you’re not bound to a virtualization product, a platform, certain services or applications. Microsoft’s high horse from an architectural point of view is the One Server, One Server Role thought, in which one server role per server platform gets deployed. No need for a WINS server anymore? Simply shut it down…
Next, he goes on to explain the pitfalls of having your DC in a VM:
Virtualizing a Domain Controller reintroduces possibilities to mess up the Domain Controller in ways most of the Directory Services Most Valuable Professionals (MVPs) and other Active Directory enthusiasts have been fixing since the dawn of Active Directory.
He talks about problems with time synchronization, backup and restore, saved state (don’t do it), and possible replication errors. His preference after all that:
In a Hyper-V environment I recommend placing one Domain Controller per domain outside of your virtualized platform and making this Domain Controller a Global Catalog. (especially in environments with Microsoft Exchange).
Sounds good, except that for a tiny network there are a couple of other factors. First, to avoid running multiple servers all hungry for power. Second, to make best user of limited resources on a single box. That means either risking running a Primary Domain Controller (PDC) on a VM (perhaps with the strange scenario of having the host OS joined to the domain controlled by one of its VMs), or risking making the host OS the PDC. I’ve opted for the latter for the moment, though it would be fairly easy to change course. I figure it could be good to have a VM as a backup domain controller for disaster recovery in the scenario where the host OS would not restore, but the VMs would – belt and braces within the confines of one server.
One of the essential services on a network is DHCP, which assigns IP numbers to computers. There must be one and only one on the network (unless you use static addresses everywhere, which I hate). So I disabled the existing DCHP server, and added the DHCP server role to the new server.
It was not happy. No IP addresses were served, and the error logged was 1041:
The DHCP service is not servicing any DHCPv4 clients because none of the active network interfaces have statically configured IPv4 addresses, or there are no active interfaces.
Now, this box has two real NICs (one for use by ISA), which means four virtual NICs after Hyper-V is installed. The only one that the DHCP server should see is the virtual NIC for the LAN, which is configured with a static address. So why the error?
I’m not the first to run into this problem. Various solutions are proposed, including fitting an additional NIC just for DHCP. However, this one worked for me.
I simply changed the mask on the desired interface from 255.255.255.0 to 255.255.0.0, saved it, then changed it back. Suddenly the interface appeared in the DHCP bindings.
Strange I know. The configuration afterwards was the same as before, but the DHCP server now runs fine. Looks like a bug to me.
THANK YOU, THANK YOU! 🙂
Just went through the same – and have been strugling for more than an hour with this. Did your subnet trick…and everything worked (after a reboot).
This worked for me. Thanks for posting!
Tim;
In regards to the “tiny network,” I’ve been trying to find if it’s possible to run Exchange 7/2010 in a Hyper-V session on a single physical DC. Any thoughts?
@Ron
I’ve got Exchange 2010 in a VM. I put AD on another VM on the same box, doesn’t need much RAM, so that’s what I’d suggest.
Tim
You’re a GOD 🙂
Been smacking my head on the walls thinking it was something wrong that I’ve configured…
I’m pleased to post my web and mail system is now running on a 2008R2 server machine that holds the FSMO roles, and hosts Exchange 2010 running in a VM.
In early March, I gutted a Dell Poweredge 830 server case and installed an Intel Core i7-920 with a Supermicro board populated with 12gig of Crucial memory. The system runs a RAID level 1 with WD drives.
I found no insoluable problems to the domain controller being on the physical hardware and hosting the Exchange system. The DC gets 4gig of memory and Exchange 2010 is assigned 2 processors and 8Gig of memory. I have the Hyper-V manager set to start the Exchange system after the main system is fully loaded.
This is a nice, responsive, system for a SOHO. The icing is that I’m getting all the improvements of Exchange 2010 with it’s excellent Outlook Web App instead of Exch 2007, on bloated SBS 2008.
Thanks a lot! this did the trick for me!
Dear Tim,
It’s been a long time you have written this article and I would like to know about your experience with the setup as I in a very similar situation (1 box setup – small business).
– Would you recommend installing AD on the host and on a VM vs. on 2 VMs as MS rather suggests?
– Where would you install DHCP? (Host/VM)
I have tested these scenarios in test environment and I don’t see much difference in performance or reliability, so I would say any of these choices would work, however in the live installation I would really like to consider some real life experience.
Thank you.
All that really matters AIUI is not to risk having a domain-joined host that you cannot get into because of some problem with the AD VM. Currently I have two domain-joined physical servers both running Hyper-V, with an AD VM on one and a backup AD VM on the other. I have DHCP on a VM too, it works fine though I can see the advantage of having DHCP on one of the hosts.
Tim
Dear Tim,
Thank you. All servers will be hosted on this one box. No other servers are available.
Actually I am now considering to put both the AD and DHCP on VMs and leave the host in a workgroup instead for security purposes. This would allow me to have the host on a separate network (for management purposes only) and thus if any VM is compromized the Hyper-V host is still somewhat secure.
What advantage did you find having the DHCP on the host vs. a VM ?
Thank you,
Zoltan