esSJae's Virtualization Blog

Virtualization and other IT topics

Posts Tagged ‘Virtualization’

« Previous Entries

B450I GAMING PLUS AC MS-7a40 v2.0 SVM BIOS

Posted by essjae on April 11, 2023

Just a quick note for enabling hardware virtualization on this motherboard.

The SVM (AMD’s hardware virtualization) setting is buried in the BIOS under

Overclocking\CPU Features\

Apologies for the poor quality screenshot, I’m accessing this computer via a Raspberry PiKVM.

Posted in Computers, Virtualization | Tagged: | Leave a Comment »

Hyper-V, Credential Guard, Device Guard, or why doesn’t VMware Workstation or VirtualBox work on Windows 10?

Posted by essjae on June 21, 2019

It’s frustrating if you’re seeing the the message from VMware Workstation about Device Guard or Credential Guard or the similar one from VirtualBox.

But, there are a few thing to clarify before going off on a search for those devices.  First, if you’ve got Hyper-V installed, that is the most likely culprit here and disabling or removing that feature should solve your issue.

Some things to consider:

If you’ve got Windows 10 Home, then you don’t have Hyper-V enabled. See: https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/reference/hyper-v-requirements

If you have Windows 10 Home or Pro you do not have Credential Guard enabled.  It is a feature only in Enterprise, Education, and IoT Enterprise versions of Windows 10. See: https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard-requirements

 

This is great info, but what do you do about getting Workstation or VirtualBox to work?

Again, the most likely culprit is Hyper-V.  Disabling or removing and a reboot should resolve this.

Disable or Remove Hyper-V

Disable Hyper-V

Open an elevated command prompt or PowerShell (right-click and select Run as Administrator)

Enter: bcdedit /set hypervisorlaunchtype off

Reboot.  (To re-enable Hyper-V, open an elevated prompt and enter:  bcdedit /set hypervisorlaunchtype auto and reboot.)

Remove Hyper-V

Go to Control Panel–>Programs and Features, select Turn Windows features on or off.

Expand Hyper-V, then expand Hyper-V Platform.

Uncheck Hyper-V Hypervisor.

Reboot.  Please note that removing Hyper-V could affect the functionality of other features of Windows 10 such as Docker.

 

Windows Hypervisor Platform

While this is supposed to allow 3rd party virtualization to access the hardware virtualization on the host, it doesn’t seem to work for either Workstation or VirtualBox.  Workstation  gives the same standard Credential Guard message.  VirtualBox is supposed to work per their changelog, but the communities have posts reporting failure and a bug report on it.

Disable Windows Hypervisor Platform

Go to Control Panel–>Programs and Features, select Turn Windows features on or off.

Uncheck Windows Hypervisor Platform

Reboot.

 

Disable Device Guard

Editing the Registry will disable this feature.  Please make sure you have a backup of your system, as editing the Registry can result in an unusable or broken Windows.

Edit the following key:  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity

Set:  Name = “Enabled”  Type =dword  Data = 0

Reboot.

Alternately, you can use the Local Group Policy Editor to manage Device Guard.

Start gpedit.msc or find Local Security Policy from the start menu.

Expand Computer Configuration\Administrative Templates\System\Device Guard and change the state to disabled.  If you see the same settings as below, you probably don’t have Device Guard enabled.

 

Credential Guard

Credential Guard is controlled via Group Policy, so it’s likely that if this is the issue, you’ll be unable to do anything about it yourself.  You’ll need to contact your IT department to have this turned off.  Again, Credential Guard is only available on Enterprise, Education, and IoT Enterprise.  If you don’t have one of these versions, this isn’t the culprit.

 

Antivirus Utilities

There is one more culprit that could be causing the issue.  Some antivirus software blocks hardware virtualization.

Check with your antivirus vendor to confirm this isn’t an issue and if there is a way to disable it on your AV software.

 

Due to the various builds of Windows 10, you might not find these settings in exactly the same place as described or shown.

 

More info:  https://support.microsoft.com/en-us/help/3204980/virtualization-applications-do-not-work-together-with-hyper-v-device-g

 

Update: I’ve added a new post here:

https://smudj.wordpress.com/2023/10/02/why-is-there-a-hypervisor-enabled/

Another culprit that uses a hypervisor is Core Isolation.  Check the link above for more details, but if you’ve enabled Core Isolation, then you’ve got a hypervisor running.

To disable: Settings>Privacy & Security>Windows security>Device Security>Core Isolation

Slide to OFF.

 

Posted in Hyper-V, VirtualBox, Virtualization, VMWare, Windows 10, Workstation | Tagged: , , , , , , | Leave a Comment »

The Poor Tech’s Hyper-V Lab Setup

Posted by essjae on March 18, 2019

A lot of lab tutorials assume you have access to powerful systems with 32 or 64GB of RAM, RAID arrays, dual CPU server systems and so on.

Like my VMware Workstation set up here:

Setting Up an All-in-One Windows AD Test Environment (VMware Workstation Edition)

or VirtualBox

Setting up an All-In-One Windows AD Test Environment (VirtualBox Edition)

This one’s different.  I’m taking a couple relatively modern workstations with 16GB or less RAM each and creating a Windows Active Directory domain environment.  The cool thing here is with an extra switch we can add multiple physical systems into our virtual lab.

Keep in mind that you can still use a powerful workstation/server setup here and just skip setting up the second physical workstation and end up with the same setup as the VMware Workstation or VirtualBox tutorial.

Hardware used:

Workstation 1 (W1): Windows 10 Pro (1809) with Hyper-V, i5-4570, 16GB RAM, 500GB SSD, dual NICs (one onboard NIC, one SB3 1Gb NIC)

*workstation 1 requires 2 network cards.

Workstation 2 (W2): Windows 10 Pro (1809) with Hyper-V,  i7-870, 12GB RAM, 256GB SSD, onboard NIC

optional:  Ethernet switch (not used in your existing network environment), additional Windows 10 Pro, Windows Server, Hyper-V Server workstations

ISO media needed:

At the time of writing Windows Server 2012–2019 are currently available.  This lab will use Windows Server 2016.

Optional ISOs

Download these ISOs and place then in an easily accessible location for later use.

  1. Hardware Setup
    1. Connect both NICs in W1.
      1. NIC1 will be connected to your regular network environment
      2. NIC2 will be connected to W2 directly, or to the optional switch
        1. Assign a static IP to NIC2
          1. IP Address: 172.16.1.100
          2. Subnet mask: 255.255.255.0
        2. Assign static DNS to NIC2
          1. Primary:  172.16.1.201  Hint: this will be the IP of our Windows domain controller
    2. Connect NIC in W2 to switch**, if not directly connected to W1.  **Most modern NICs no longer need a crossover cable to directly connect.  If you’re having issues with a connection, a switch should resolve this, or a cross-over cable.
  2. Virtual router Setup for Internal lab environment
    1. Create virtual switches on W1
      1. Start Hyper-V Manager
      2. Click Virtual Switch Manager
      3. Select External, and click Create Virtual Switch
      4. Under Name, enter External Access, and assign the NIC connected in step 1 above to your regular network environment, and click OK.
      6. Click select External, Create Virtual Switch again.  Under Name, enter Internal Lab, select the second NIC and click OK.
      7. Click OK to exit the Virtual Switch Manager.
    2. Set IP Address for second NIC.
      1. Go to Control Panel, Network and Sharing Center and click Change Adapter Settings
      2. Right-click on vEthernet (Internal Lab) and select Properties.
      3. Select Internet Protocol Version 4 (TCP/IPv4), then click Properties.
      4. Enter the following IP information:
        1. IP Address: 172.16.1.100   <– this is the address of W1 in the internal lab network
        2. Subnnet mask: 255.255.255.0
        3. Default gateway:  172.16.1.1 <– this is the address of the virtual router we will set up next
      5. Click Ok.  Click Close.
    3. Create the virtual router VM
      1. Return to the Hyper-V Manager and click New –> Virtual Machine.
      2. Click Next to begin the wizard, enter the info in the fields and click Next when finished.
        1. Name:  Lab Router 
        2. Generation: Generation 1
        3. Startup memory: 512MB, uncheck Use Dynamic Memory
        4. Connection:  Select External Access
        5. Virtual Hard Disk:  accept defaults and click Finish
      3. Select Lab Router from Virtual Machines and click Settings.
        1. Select Network Adapter and click Add
        2. Select Internal Lab from Virtual Switch and click Apply
        3. Select DVD Drive, then select Image file. 
        4. Click Browse and go to the location where the IPFire ISO is stored.  Double-click the ISO.  Click OK.
      4. Start the Lab Router VM.
        1. Click Start, then Connect.
      5. Install IPFire.
        1. Press Enter to begin the installation. Note: Window title will appear before instructions for this section.
        2. Language selection: Press Enter to accept English
        3. IPFire: Press Enter to Start installation
        4. License Agreement:  Press tab to move to license acceptance box, then press the spacebar to accept.  Press tab and Enter to complete.
        5. Disk Setup:  Press Enter to accept and Delete all data
        6. Filesystem Selection: Press tab and Enter to accept the default.
        7. Congratulations: Press Enter to reboot
      6. Configure IPFire Pre-config info.
        1. While IPFire is rebooting, we need to determine which NIC’s MAC address is the External Lab’s.
        2. In the Hyper-V Manager with Lab Router selected, click Settings.
        3. Click on plus (+) next to Network Adapter External Accessthen click Advanced Features to view the adapters MAC.
        5. Leave this window open, or make note of the MAC as we will need it soon.
      7. Configure IPFire
        1. Keyboard Mapping:  Press Enter to select the default mapping.
        2. Timezone:  Choose the correct timezone and press enter. Hint: pressing a letter will jump to that section.  US Pacific (press P and arrow to PST8PDT) can be found this way quickly.
        3. Hostname:  Press Enter twice to accept the default, ipfire.
        4. Domain name: Press Enter twice to accept the default.
        5. Root password:  Enter a memorable password, tab to the verification field, and tab again to OK.  Press EnterHint: no characters will appear when entering the password.
        6. Admin password: Enter a memorable password, tab to the verification field, and tab again to OK.  Press EnterHint: no characters will appear when entering the password.  Extra hint:  for our lab, this can be the same password as the root account for simplicity.
        7. Network configuration:  network configuration type: GREEN + RED should already be selected.
        8. Arrow key down to select Drivers and card assignments, press Enter
          1. Assigned cards: GREEN:  Press Enter to select.  Hint: the GREEN network is our Internal Lab network.
            1. Choose the card that does NOT have the MAC from step 6.3.  Use the arrow key to highlight and press Enter
          2. Assigned cards:  use the arrow keys to highlight RED, and press Enter
            1. Press Enter to select the remaining card.
          3. Assigned cards:  press tab to move and highlight Done.  Press Enter
        9. Arrow key down to select Address settings and press Enter
          1. Address settings: GREEN.  Press Enter to reconfigure
            1. Warning: press Enter.  Hint: we are not connected remotely, so this does not apply
            2. Interface GREEN: IP Address:  172.16.1.1  Network mask:  255.255.255.0  Press tab to move between fields, press Enter when complete
          2. Address settings: RED: Press Enter to reconfigure.
            1. Down arrow key to select DHCP, press spacebar to select. Tab to OK and press Enter.  Hint: our external network will use the existing network DHCP server
          3. Address settings:  Press tab to move to Done, press Enter.
        10. Arrow key down to Done and press Enter.  Hint: we do not need to set the DNS and Gateway settings, the DHCP option selected above in 9-2 will autopopulate this for the RED network.
        11. DHCP server configuration:  We will use the DHCP and DNS services on our Windows Server VM that we will set up later.
          1. Tab to OK and press Enter to leave the IPFire DHCP server unconfigured.
        12. Setup is complete:  Press Enter.  IPFire will reboot.
        13. IPFire/Lab Router VM should remain running.
        14. Close the Lab Router settings window, if needed.
  3. Windows Server (Domain Controller) for Internal Lab environment
    1. Create Windows Server VM
      1. Return to the Hyper-V Manager and click New –> Virtual Machine.
      2. Click Next to begin the wizard, enter the info in the fields and click Next when finished.
        1. Name:  Windows Server 1 
        2. Generation: Generation 1
        3. Startup memory: 4096MB, uncheck Use Dynamic Memory
        4. Connection:  Select Internal Lab
        5. Virtual Hard Disk:  accept defaults and click Finish
      3. Select Windows Server 1 from Virtual Machines and click Settings.
        1. Select DVD Drive, then select Image file.
        2. Click Browse and go to the location where the IPFire ISO is stored.  Double-click the ISO.  Click OK.
    2. Install Windows Server 2016
      1. Start Windows Server 1
        1. Click Start, and then Connect.
      2. Install Windows Server 2016
        1. Click Next to begin the installation
        2. Click Install now
        3. Select Windows Server 2016 Datacenter Evaluation (Desktop Experience) and click Next.
        4. Click I accept the license terms, then click Next
        5. Click Custom: Install Windows only
        6. Click Next, to accept the default installation location
        7. Customize settings:  enter a memorable Administrator password, reenter, and click Finish
      3. Configure Windows Server 1 (WS1)
        1. Press control+alt+end to log into WS1, or use the menu options: Action–>Control+Alt+Del
        2. Go to the Control Panel, change View by to Small Icons
        3. Click Network and Sharing Center
        4. Click Change Adapter Settings
        5. Right-click Ethernet and click Properties
          1. Select Internet Protocol Version 4 and click Properties
          2. Click Use the following IP address:
            1. IP Address: 172.16.1.201
            2. Subnet mask: 255.255.255.0
            3. Default gateway: 172.16.1.1
          3. Click Use the following DNS server addresses
            1. Preferred DNS server: 172.16.1.201    Hint: We will setup AD, DNS, and DHCP on this server
          4. Click OK, then click Close
        6. Networks:  when prompted, click Yes to allow your PC to be discoverable.
        7. In Control Panel, go to System.  Under Computer name, click Change Settings.
          1. Click Change, enter WS1, as the computer name.  Click OK.  Click OK at the prompt
          2. Click Close
          3. Click Restart Now
      4. Setup WS1 as a domain controller with DHCP
        1. Start the Add Roles and Feature Wizard
          1. Add the following roles:
            1. Active Directory Domain Services
            2. DHCP Services
            3. DNS Services
          2. Follow the wizard’s steps.  All the defaults can be used for our lab purposes.
          3. Promote: Add a new forest.
          4. Enter the domain name, Hyper-LAB.net, and follow the wizard.  Hint: you will get a warning about DNS, this will be resolved later.
          5. More details for setting up an DC in Windows 2016 can be found here: https://blogs.technet.microsoft.com/canitpro/2017/02/22/step-by-step-setting-up-active-directory-in-windows-server-2016/
        2. Configure DNS and DHCP
          1. Log into your new domain controller.
          2. DNS.  We need to add a forwarder for our DNS settings.
            1. From Administrative Tools (or Server Manager–>Tools), open DNS
            2. Right-click on your server and click Properties.
            3. Click the Forwarders tab
            4. Click Edit, and add your external DNS servers like 4.2.2.1, 4.2.2.2, 8.8.8.8, and 8.8.4.4.
            5. Click OK, when completed.  Click OK, to close Properties.
            6. Close the DNS Manager
          3. DHCP
            1. Double-click DHCP from Administrative Tools or Server Manager–>Tools
            2. Expand IPv4 and right-click, click New Scope from the menu.
            3. Enter a Name: Hyper-Lab client scope, click Next
              1. Start IP address: 172.16.1.50
              2. End IP address:  172.16.1.99
              3. Length: 24 or Subnet mask: 255.255.255.0
              4. Click Next
            4. The remaining settings can be default for now.
            5. When asked to configure scope options, select “Yes” and click Next.
            6. Router/Default gateway will be the IP we used to configure the GREEN NIC, enter: 172.16.1.1.  Click Add. Click Next.
            7. Domain name and DNS should be pre-configured. You should see the server’s IP in IP address box, 172.16.1.201. Click Next.
            8. WINS does not need to be configured at this time.  Click Next.
            9. When prompted to activate scope, select “Yes” and click Next.
            10. Click Finish to complete the wizard.
            11. Right-click on the server’s name under DHCP, and click Authorize from the menu. Right-click the server name and click Refresh and IPv4 should have a green circle with a white check mark
        3. WS1 configuration is complete.  You should be able to ping an IP address, ex: 4.2.2.2 as well as a DNS name:  ex: http://www.google.com
  4. Workstation 2 setup and configuration
    1. After the successful configuration of WS1, a network prompt on W2 should appear
      2. Verify DHCP is configured for W1, if no prompt
      3. Networks:  when prompted, click Yes to allow your PC to be discoverable
      4. Ping will not work until we disable the firewall, or turn on file and print sharing for the Private network.
    2. Set a static IP for W2:
      1. IP Address: 172.16.1.101
      2. Subnet mask: 172.16.1.1
      3. DNS: 172.16.1.201
    3. Configure an External Virtual Switch
      1. Create virtual switches on W1
        1. Start Hyper-V Manager
        2. Click Virtual Switch Manager
        3. Select External, and click Create Virtual Switch
        4. Under Name, enter Internal Lab, and assign the NIC and click OK.
      2. If the network is set to public, we need to change it to private
        1. Open an elevated Powershell
        2. Set Internal Lab to private:  Set-NetConnectionProfile -InterfaceAlias “vEthernet (Internal Lab)” -NetworkCategory Private   Hint: If the Default Switch is set to Public, we need to change that one also
        3. Set Default Switch to private: Set-NetConnectionProfile -InterfaceAlias “vEthernet (Default Switch)” -NetworkCategory Private 
        4. Enable firewall rules and delegation:  Enable-WSManCredSSP -Role server
    4. Set up Remote Desktop for W2
      1. Go to Control Panel, click Category, then Small icons
      2. Click System
      3. Click Remote Settings, select Allow remote connections to this computer, uncheck Allow connections only from computers running with NLA
      4. Click OK
    5. Configure W1 to access W2’s Hyper-V Manager (optional, we can manage W2 via RDP or directly from W2)
      1. Complete details found here: https://timothygruber.com/hyper-v-2/remotely-managing-hyper-v-server-in-a-workgroup-or-non-domain/
      2. When you try to connect with Hyper-V Manager you’ll receive an error from Hyper-V Manager that it’s either not running or you are not authorized.
        1. Start an elevated PowerShell prompt on W1
        2. You may need to set the Internal Lab network to private, then we need to add W2 to the hosts file and run winrm quickconfig:
          1. Set Internal Lab to private:  Set-NetConnectionProfile -InterfaceAlias “vEthernet (Internal Lab)” -NetworkCategory Private
          2. Add W2 to the hosts file:  Add-Content -Path C:\Windows\System32\drivers\etc\hosts -Value “`n172.16.1.101`tW2”   Hint:  the ` is not a single quote, but a grave, the grave/tilde key is left of the 1 key
          3. Run quickconfig:  winrm quickconfig    Enter “y” to make the changes.
          4. Enable delegation: Enable-WSManCredSSP -Role client -DelegateComputer “W2”
        3.   Enable Local Group Policy
          1. Run gpedit
          2. Go to Computer Configuration–>Administrative Templates–>System–>Credentials Delegation->Allow delegating fresh credentials with NTLM-only server authentication
            1. Select Enabled.  Click Show, enter wsman/W2. Click OK twice.
      3. Connect to W2
        1. In Hyper-V Manager, click Connect to Server
        2. Select Another Computer, enter W2.
        3. Select Connect as another user, enter W2\hyperlab1 and the password you set for this account on W2
      4. Copy the Windows 10 ISO to W2 for setting up a new VM
  5. Your basic lab is now setup.  You can manage both Hyper-V systems from W1

You can add more Hyper-V “servers” to your network with a switch for the Internal Lab network between W1, W2, and the other servers, follow the steps for W2 with each new Hyper-V server.

Keep in mind that you can just use low-end workstations for clients in this scenario also.  They just need to be added to the Internal Lab network’s switch.

Posted in Hyper-V, Virtualization, Windows 10 | Tagged: , , , , | 1 Comment »

VirtualBox 6.0.4 Released

Posted by essjae on January 28, 2019

VirtualBox 6.0.4 (released January 28 2019)

This is a maintenance release. The following items were fixed and/or added:

  • Virtualization core: support Shanghai/Zhaoxin CPUs.
  • User interface: handle command line arguments to VirtualBox correctly (bugs #18206 and #18197)
  • User interface: improvements to machine manager window, virtual optical disk creator, storage selector window and log viewer window
  • User interface: various small fixes and improvements
  • Audio: implemented time scheduling for the AC’97 device emulation to keep audio and video in sync
  • Graphics: basic support for VMSVGA graphics device in virtual machines using EFI
  • Network: fix occasional NATNet crashes (bug #13899)
  • Network: worked around problems in certain PCnet drivers on old operating systems
  • Serial: fixed connecting to pseudo terminals on POSIX hosts (6.0.0 regression; bug #18319)
  • Linux hosts and guests: fix for building kernel modules against Linux 5.0. Thank you Kyle Laker

https://www.virtualbox.org/wiki/Changelog

Posted in VirtualBox, Virtualization | Tagged: , , , | Leave a Comment »

Setting Up an All-in-One Windows AD Test Environment (VMware Workstation Edition)

Posted by essjae on January 23, 2019

Build a basic all-in-one lab in VMware Workstation. This how-to shows you how to build a virtual Windows Active Directory environment isolated from your home or work network. This is a follow-up to my same procedure in VirtualBox:  https://smudj.wordpress.com/2019/01/17/setting-up-an-all-in-one-windows-ad-test-environment-virtualbox-edition/

Note: I’m no AD expert, there are better, worse, and different ways to do this and you’re not required to use VMware Workstation.

Requirements:
16GB RAM minimum
SSD or multiple HDDs
Quad-core or better CPU with hardware virtualization enabled

  1. Download the necessary software. Download the ISO for the OSes you’ll be installing. For this example, I’ll be using IPFire and the MSDN versions of Windows Server 2016 and Windows 10 Pro.
    1. VMware Workstation Pro: https://www.vmware.com/products/workstation-pro.html
    2. Windows OS Evaluation: https://www.microsoft.com/en-us/evalcenter/
    3. IPFire: https://www.ipfire.org/download/ipfire-2.21-core124
  2. Create a folder for your test environment. 
    1. In Workstation, right-click My Computer and click New Folder.  Enter a name like “Allin1 AD” and press Enter.  Click your new folder to select it.
  3. Create an internal network.
    1. Click Edit–>Virtual Network Editor.
    2. Click Change Settings, click Yes at the UAC prompt.
    3. Click Add Network, select a network.  For this example, we’ll use VMnet15.  Click OK.
      1. Under VMnet Information, verify that Host-only is selected.
      2. Uncheck Connect a host virtual adapter to this network.  *This will prevent your physical host from accessing the test environment.
      3. Uncheck Use local DHCP service to distribute IP address to VMs. *We will use the Windows server’s DHCP and DNS for this environment.
      4. Change the subnet address to 192.168.15.0 **Any IP subnet can be used here.  To prevent confusion, use a unique IP range.  10.0.15.0, 10.15.0.0, 172.16.0.0 and 172.16.15.0 are all alternative options. Choose an appropriate subnet.   For the labs purposes, a 255.255.255.0 subnet is acceptable.  Click Apply
      5. Verify your settings for VMnet15 and click OK.
  4. Create your IPFire Router VM
    1. Click File–>New Virtual Machine or CTRL+N.
    2. Select Custom and click Next to begin the New Virtual Machine Wizard.
    3. Click Next, the default hardware compatibility is fine.
    4. Select Installer disc image file (iso) and click Browse.  Go to the location from step 1.3 where the IPFire ISO is located.
      1. Select the ISO and click Open.  
      2. Click Next
    5. Select Linux as the guest OS and click Next.  *IPFire is built from scratch and not based on any Linux distro.
    6. Enter IPFire for the VM’s name.  Select the appropriate location for your VM.  For this document, the name is ipfire-wpdoc and the location is C:\VMs\ipfire-wpdoc
    7. Click Next.
    8. One processor is enough for our IPFire router, click Next.
    9. 512MB is the minimum requirement for IPFire.  Click 512MB and click Next. (https://wiki.ipfire.org/hardware/requirements)
    10. Network type.  Select host-only networking and click Next.
    11. Click Next to select the default I/O controller type.
    12. Click Next to select the default disk type.
    13. Click Next to create a new virtual disk.
    14. Change the disk size to 4GB and click Next. *2GB is the minimum, 4GB is recommended for logs and add-ons. See 4.9 above. 
    15. Click Next to accept the default disk file name and location.
    16. Click Customize Hardware.
      1. Click Add…, 
      2. Click Network Adapter.  
      3. Click Finish.
        1. The new network adapter, network adapter 2, will be selected.  Select NAT or Bridged for the network connection. **NAT will provide a more isolated environment, where bridged will allow the IPFire VM an IP address on your host’s network.  NAT will be used for this document.
        2. Click Advanced. Click Generate under MAC Address.  Make note of this address.  We will need the address when assigning network types in the IPFire installation.  Click OK.
      4. Click Close.
    17. Click Finish.
    18. Click Edit Virtual Machine Settings
      1. Click Network Adapter
      2. Click Custom, select VMnet15, click OK.
    19. Drag the IPFire VM into the folder created in 2.1 above. 
  5. Install IPFire
    1. Click Power on this virtual machine.
    2. Click the IPFire splash screen and press Enter.  
    3. Press Enter to accept the default language selection.
    4. Press Enter to Start Installation. 
    5. Press Tab, press the spacebar to select I accept this license.  Press Tab again and press Enter.
    6. Press Enter to Delete all data.  
    7. Press Enter to accept the default file system.
    8. Press Enter to reboot.
  6. Configure IPFIre
    1. Press Enter to select the default keyboard layout.
    2. Change the timezone.  For this document PST8PDT will be used.  Press Enter.
    3. Press Enter twice to accept the default hostname
    4. Press Enter twice to accept the default domain
    5. Root password.  Enter a password and press Enter twice. Press Enter to continue. 
    6. Enter a password and press Enter twice.  *this is for the admin password, it can be the same for simplicity. 
    7. Press Enter to continue. 
    8. Use the arrow key to move down to Drivers and card assignmentspress Enter.
      1. Green — This is our internal test environment network.  It will have no direct access to the Internet or the host’s network.
        1. Press Enter to select
        2. Compare the MAC addresses and use the one that was not generated in step 4.16.3.2.
        3. Use the arrow keys to select the correct interface and press Enter.  To move between fields, use the Tab key.
      2. Red — this will allow the test environment external access via the NAT network.
        1. Use the arrow key to select Red and press Enter.
        2. There should only be one interface left to select.  Press Enter. 
    9. Both network cards should now be assigned.  Use Tab to move to Done and press Enter.
    11. Tab to Address Settings and press Enter.
      1. Press Enter to reconfigure the Green interface.
      2. Press Enter to acknowledge the warning.  We are not connected remotely, so this does not apply.
      3. Since we are using the 192.168.15.0 subnet, we will assign a 192.168.15.1 IP address to the Green interface as it will be our gateway IP address.  The default subnet mask does not need to be changed.  Press Enter three times to accept the IP, subnet, and return to Address Settings.
      4. Use the arrow key to select Red.  Press Enter.
      5. The Red interface will get an IP address from Workstation’s NAT.  Using the arrow keys and spacebar, select DHCP.  Use Tab to move to OK and press Enter.
      6. Use Tab to move to Done and press Enter
    12. DNS and Gateway settings are only needed if using a static IP. Since we are using DHCP, there is nothing to change here. Tab to Done and press Enter.
    13. We will be using Windows DHCP so we do not need to enable IPFire’s DHCP server.  Tab to OK and press Enter.
    14. Setup is complete.  Press Enter.
    15. Login with root and verify that you can ping an external IP address like 4.2.2.2 or 8.8.8.8.  Press CTRL+C to break the ping.  If unable to ping, verify the network configuration is correct above.
  7. Create a Windows Server 2016 VM.
    1. Press CTRL+N, select Custom, click Next.
    2. Click Next, the default hardware compatibility is fine.
    3. Select Installer disc image file (iso) and click Browse.  Go to the location from step 1.2 where the Windows Server ISO is located.
      1. Select the ISO and click Open.  
      2. Click Next
    4. Click Next to skip the Easy Install InformationClick Yes to accept the product key prompt.
    5. Enter a VM name and location.  For this document, the name is W2016DC1 and D:\VMs\Virtual Machines\W2016DC1
    6. Click Next to select the default BIOS.
    7. Select One Processor and Two Cores. Click Next.
    8. Set RAM to 4096MB. If you have more than 16GB of RAM, you can increase to 6 or 8GB, if needed. Click Next.
    9. Select use host-only networking and click Next.
    10. Click Next to select the default I/O controller type.
    11. Click Next to select the default disk type.
    12. Click Next to create a new virtual disk.
    13. Change the Maximum disk size to 80.0 GB.  Click Next 
    14. Click Next to accept the default disk file name and location.
    15. Click Finish.
    16. Click Exit virtual machine settings.
      1. Click Network Adapter.
      2. Select Custom, VMnet15, and click OK
  8. Install Windows 2016
    1. Install Windows as you normally would.
  9. Configure Windows Server and Domain
    1. Enter the IP information. The IP needs to be on the same subnet as configured for the GREEN network. EX: 192.168.15.200, GW: 192.168.15.1, DNS: 127.0.0.1 since we’ll be creating a domain controller with DNS and DHCP services. *Remember to use the IP address entered in step 6.11.3 for the gateway address.
    2. You should be able to ping an IP address like 192.168.1.15 and 4.2.2.2, but not a DNS name.
    3. Change the name of your server and reboot.
    4. Start the Add Roles and Feature Wizard
      1. Add the following roles:
      –Active Directory Domain Services
      –DHCP Services
      –DNS Services
      2. Follow the wizard’s steps.
      3. Promote: Add a new forest.
      4. Enter your domain name and follow the wizard.  –you will get a warning about DNS, this will be resolved later.
    5. Configure DNS and DHCP
      1. DNS.  We need to add a forwarder for our DNS settings.
        1. From Administrative Tools, open DNS
        2. Right-click on your server and click Properties.
        3. Click the Forwarders tab
        4. Click Edit, and add your external DNS servers like 4.2.2.1, 4.2.2.2, 8.8.8.8, and 8.8.4.4.
      2. DHCP
        1. Double-click DHCP from Administrative Tools
        2. Expand IPv4 and right-click, click New Scope from the menu.
        3. Enter an IP range, ex: 192.168.211.50 to 192.168.211.100
        4. The remaining settings can be default for now.
        5. When asked to configure scop options, verify “Yes” and click Next.
        6. Router/Default gateway will be the IP we used to configure the GREEN NIC, ex: 192.168.15.1
        7. Domain name and DNS should be pre-configured. You should see the server’s IP in IP address box, ex: 192.168.15.200
        8. WINS does not need to be configured at this time.
        9. When prompted to activate scope, verify “Yes” and click Next.
        10. Click Finish to complete the wizard.
        11. Right-click on the server’s name under DHCP, and click Authorize from the menu. Refresh and IPv4 should have a green circle with a white check mark
    6. More details for setting up an DC in Windows 2016 can be found here: https://blogs.technet.microsoft.com/canitpro/2017/02/22/step-by-step-setting-up-active-directory-in-windows-server-2016/
  10.  Managing IPFire via web interface
    1. IPFire can be accessed via web browser.  Enter Enter https://ipfire_ip-address:444, in this document it will be https://192.168.15.1:444
    2. You will get a certificate error when accessing the IPFire management page.
  11. Adding Client VMs
    1. Add your Windows Client OSes.  Install Windows as usual, make sure to set your VM’s network to the custom VMnet15.
  12. Completion! 

Here’s the all-in-one pic!

  • VMware Workstation
  • IPFire
  • Windows 2016 DC via RDP
  • Windows 10 

 

Posted in Linux, Networking, Virtualization, VM OS Install, VMWare, Windows, Windows 2016, Windows 2016, Workstation | Tagged: , , , , , , , | 3 Comments »

Setting up an All-In-One Windows AD Test Environment (VirtualBox Edition)

Posted by essjae on January 17, 2019

Build a basic all-in-one lab in VirtualBox. This how-to shows you how to build a virtual Windows Active Directory environment isolated from your home or work network.  See my follow-up post using VMware Workstation here: https://smudj.wordpress.com/2019/01/23/setting-up-an-all-in-one-windows-ad-test-environment-vmware-workstation-edition/

Note: I’m no AD expert, there are better, worse, and different ways to do this and you’re not required to use VirtualBox.

Requirements:
16GB RAM minimum
SSD or multiple HDDs
Quad-core or better CPU with hardware virtualization enabled

 

  1. Download the necessary software. Download the ISOs for the OSes you’ll be installing. For this example, I’ll be using IPFire and MSDN versions of Windows Server 2012R2 and Windows 10 Pro.
    1. VirtualBox: https://www.virtualbox.org/wiki/Downloads
    2. Windows OS Evaluation: https://www.microsoft.com/en-us/evalcenter/
    3. IPFire: https://www.ipfire.org/download/ipfire-2.21-core124
  2. Create your IPFire router VM
    1. Click New, enter the name of your router, ie “IPFire”
    2. Change the OS to Linux, Ubuntu 64bit is fine as the version. Click Next.
    3. Enter 512MB for memory. Click Next.
    4. Click Create for a new virtual HDD and select VDI. Click Next.
    5. Select Dynamically allocated and click Next.
    6. Change the location here if necessary. The 10GB default is large enough, click Create.
    7. Once created, click Settings and then click Network. We need to modify the networking options.
      1. Adapter 1 should be set to NAT or Bridged.
      2. Adapter 2 needs to be enabled and set to Internal Network. **Make note of the MAC address for adapter 2. You can find it by expanding the Advanced tab.** 
      3. Click OK.

 

  1. Mount the IPFire ISO and install
    1. Click Settings on the IPFire VM. Click Storage.
    2. Click “Empty” next to the CD icon. Click the CD icon next to the far right to mount the ISO.
    3. Select “choose a virtual optical disk file” and browse to the ISO’s location.
    4. Select to mount. Click Ok to close the window.
    5. Power on the VM.
    6. Follow the IPFire prompts. Press enter to select, tab to move between selections, and the space bar to select check boxes.
    7. All defaults can be used.
  2. Configure IPFire
    1. Select the keyboard mapping. I’m using “us.” Press Enter to accept.
    2. Set your timezone. By pressing the first letter of your timezone, you can jump to that section. Select the correct timezone via the arrow keys and press Enter to accept.
    3. Enter a host name, the default is fine for our lab. Press Enter twice.
    4. The default domain is fine for our lab, press Enter twice to continue.
    5. Enter the root password and press Enter each time and once more to continue.
    6. Do the same for the admin password. Password can be the same for both for our lab purposes.–Network Configuration–
      1. Press Enter for “network configuration type”
      2. Select “Green + Red” and press Enter
      3. Arrow down to “drivers and card assignments.” and press Enter.
      4. Green: This is our internal network. Press Enter to select. Compare the MAC and select the correct interface. Press Enter to select the Interface.
      5. Red: This is our internet facing network, NAT or Bridged. Select RED, press Enter, and press Enter again to select the remaining interface.
      6. Tab over to done and press Enter.–Address Settings–
        Press Enter to select.
        GREEN:
        1. Select GREEN and press Enter.
        2. This is a new private, virtual network for our lab. Select a different IP subnet than your host network to avoid confusion.
        3. The IP warning can be ignored as we are not logged in remotely. In this example, the subnet is 192.168.211.1/24. Since this will be the gateway, we can use 192.168.211.1. The subnet mask does not need to change.
        4. Press Enter until you return to the GREEN/RED menu.
        RED:
        1. Select RED and press Enter.
        2. Select DHCP. This interface will get the IP from the VBox NAT or your physical network’s DHCP server. You can modify the hostname here if necessary.
        3. Tab to Done and press Enter.
        –DNS and Gateway settings–
        1. DNS and Gateway settings are only needed if using a static IP. Since we are using DHCP, there is nothing to change here. Tab to Done and press Enter.–DHCP Configuration–
        We will be using Windows DHCP instead of IPFire’s. Tab to OK and press enter without enabling DHCP. Press Enter to close setup.
  3. Create Windows Server 2012 R2 VM
    1. From the VBox main men, click New.
    2. Enter a name, ex: “WS2012R2”, select the appropriate type (Windows 2012) and version (64-bit). Click Next.
    3. Set RAM to 4096MB. If you have more than 16GB of RAM, you can increase to 6 or 8GB, if needed. Click Next.
    4. Create a new virtual hard disk, click Create.
    5. Select VDI and click Next.
    6. Select Dynamically allocated, and click Next.
    7. Enter 80GB and click Create.
    8. Click Settings, then click Network.
    9. Select Internal Network.
    10. Select Storage. Click the CD under storage devices, then click the CD icon to the left of Optical Drive.
    11. Select Choose virtual optical disk file. Browse and select your Windows Server ISO.
    12. Click OK.
  4. Install Windows Server 2012
    1. Install Windows as you normally would.
  5. Configure Windows Server and Domain
    1. Enter the IP information. The IP needs to be on the same subnet as configured for the GREEN network. EX: 192.168.211.200, GW: 192.168.211.1, DNS: 127.0.0.1 since we’ll be creating a domain controller with DNS and DHCP services.
    2. You should be able to ping an IP address, but not a DNS name.
    3. Change the name of your server and reboot.Start the Add Roles and Feature Wizard
      1. Add the following roles:
      –Active Directory Domain Services
      –DHCP Services
      –DNS Services
      2. Follow the wizard’s steps.
      3. Promote: Add a new forest.
      4. Enter your domain name and follow the wizard.  –you will get a warning about DNS, this will be resolved later.
  6. Configure DNS and DHCP

DNS.  We need to add a forwarder for our DNS settings.

1. From Administrative Tools, open DNS
2. Right-click on your server and click Properties.
3. Click the Forwarders tab
4. Click Edit, and add your external DNS servers like 4.2.2.1, 4.2.2.2, 8.8.8.8, and 8.8.4.4.

DHCP
1. Double-click DHCP from Administrative Tools
2. Expand IPv4 and right-click, click New Scope from the menu.
3. Enter an IP range, ex: 192.168.211.50 to 192.168.211.100
4. The remaining settings can be default for now.
5. When asked to configure scop options, verify “Yes” and click Next.
6. Router/Default gateway will be the IP we used to configure the GREEN NIC, ex: 192.168.211.1
7. Domain name and DNS should be pre-configured. You should see the server’s IP in IP address box, ex: 192.168.211.200
8. WINS does not need to be configured at this time.
9.When prompted to activate scope, verify “Yes” and click Next.
10. Click Finish to complete the wizard.

Right-click on the server’s name under DHCP, and click Authorize from the menu. Refresh and IPv4 should have a green circle with a white check mark.

9. Managing IPFire via web interface

You can access IPFire’s management console via a web browser.
Enter https://ipfire_ip-address:444, ex: https://192.168.211.1:444
Use “admin” and the password entered during step 4.

Note: You will get a certificate error when accessing the IPFire management page.

9. Adding Client VMs.

Nothing special here.  Install Windows/Linux as usual.  Make sure to select Internal Network for the VM’s network

10. Completion!

Here’s the money shot:
-VirtualBox
-IPFire VM
-WS2012R2 VM – domain controller for sw.net, DHCP and DNS roles
-Win10 VM – joined to sw.net, displaying IPFire’s web management page and network settings.

Posted in Computers, Networking, VirtualBox, Virtualization, VM OS Install, W2012, Windows 10, Windows 2012, Windows 2012 r2 | Tagged: , , , , , , | 1 Comment »

VirtualBox 6.0.2 Released

Posted by essjae on January 15, 2019

https://www.virtualbox.org/wiki/Downloads

This is a maintenance release. The following items were fixed and/or added:

  • User interface: fixed creation of desktop shortcuts for starting virtual machines (bug #18207)
  • User interface: allow the first run window to selecting host drives (bug #18230)
  • User interface: fixed attaching empty host optical drives (bug #18223)
  • User interface: implemented a new virtual optical disk creation window
  • USB: modified Linux backends to reset USB devices (previously, most guest attempts to reset USB devices were ignored)
  • PCnet: fixed a regression which caused some PCnet PCI guest drivers to not detect the emulated hardware (bug #18286)
  • Linux hosts: fixed conflict between Debian and Oracle build desktop files (bug #18264)
  • Linux and MacOS hosts: VirtualBoxVM command not accessible (bug #18257)
  • Windows guests: multiple monitor fixes with VBoxSVGA graphics
  • Windows guests: black screen with VBoxSVGA graphics when 3D is disabled (bug #18205)
  • Linux guests: fixed building drivers on SLES 12.4 (bug #18213)
  • Linux guests: fixed building shared folder driver with older kernels (bug #18238)
  • OS/2 shared folders: fixed write regression introduced in 6.0.0 GA

Posted in VirtualBox, Virtualization | Tagged: , , , | Leave a Comment »

VirtualBox 6.0 Release

Posted by essjae on December 18, 2018

https://www.virtualbox.org/wiki/Downloads

This is a major update. The following major new features were added:

  • Implemented support for exporting a virtual machine to Oracle Cloud Infrastructure
  • User interface: greatly improved HiDPI and scaling support, including better detection and per-machine configuration
  • Major rework of user interface with simpler and more powerful application and virtual machine set-up
  • User interface: a new file manager enabling user to control the guest file system and copy files between host and guest.
  • Graphics: major update of 3D graphics support for Windows guests, and VMSVGA 3D graphics device emulation on Linux and Solaris guests
  • Added support for surround speaker setups (as used by Windows 10 Build 1809)
  • Added utility vboximg-mount on Apple hosts to access the content of guest disks on the host
  • Added support for using Hyper-V as the fallback execution core on Windows host, to avoid inability to run VMs at the price of reduced performance In addition, the following items were fixed and/or added:
  • Execution core: fixed single-stepping in certain circumstances (bug #17316)
  • User interface: video and audio recording can now be separately enabled
  • Audio/Video recording fixes and improvements
  • Audio: better support for attaching and detaching remote desktop connections
  • Serial port emulation fixes
  • Serial ports: allow changing the serial port attachment while a machine is running (bug #6115)
  • Networking: Added a workaround for older guests which do not enable bus mastering for the virtio PCI device
  • Networking: fixed wrong RCODE from DNS AAAA query with –natdnshostresolver1 (bug #18171)
  • iSCSI: In cases where there is no ambiguity, the LUN of an iSCSI target is automatically determined, for targets with non-zero LUNs
  • Transparently resize disk images when merging if possible
  • VBoxManage: support for DHCP options
  • Fixed VNC/RDP (bug #18153)
  • Guest Control: various new interfaces and features (see SDK documentation)
  • Linux hosts: support Linux 4.20 (thank you Larry Finger)
  • Solaris: installer fixes
  • Shared folders: performance improvements
  • Guest Additions: improved shared folder auto-mounting
  • Windows Guest Additions: fix incorrect tablet co-ordinate handling with recent Windows 10 builds
  • Linux Additions: fix for building vboxvideo on EL 7.6 standard kernel, contributed by Robert Conde (bug #18093)
  • Linux guests: support Linux 4.20 (thank you Larry Finger)
  • Linux guests: support VMSVGA in the Linux and X11 Additions
  • MacOS Guest Additions: initial support
  • OS/2 Guest Additions: initial shared folder support
  • BIOS fixes
  • ACPI: Up to four custom ACPI tables can now be configured for a VM

Posted in VirtualBox, Virtualization | Tagged: , , , , , | Leave a Comment »

VirtualBox 5.1.16 Maintenance Release

Posted by essjae on March 8, 2017

Download here: https://www.virtualbox.org/wiki/Downloads

This is a maintenance release.

The following items were fixed and/or added: Changelog https://www.virtualbox.org/wiki/Changelog

  • VMM: don’t access the MSR_IA32_SMM_MONITOR_CTL MSR if dual-monitor treatment is not available (KVM workaround, bug #14965)
  • VMM: another fix for handling certain MSRs on ancient CPUs without VT-x support for MSR bitmaps
  • VMM: fixed VERR_SSM_LOAD_CPUID_MISMATCH errors when restoring a saved state with SMP guests on hosts without the CPUID/HTT bit set (bug #16428)
  • VMM: fixed a bug in call gate emulation
  • VMM: FWAIT instruction fix
  • VMM: fixed a sporadic guest hang under certain conditions
  • GUI: hide the mini-toolbar from the taskbar and the pager on certain X11 hosts
  • GUI: better error handling on the global settings / network / host-only / DHCP server settings
  • GUI: fixes for full-screen with multiple screens
  • Host-only Network: fixed host-only adapter creation issue preventing VirtualBox installation on Windows 10 hosts (bug #16379)
  • NAT network: fixed two potential crashes in the DHCP server
  • ICH9: fixed incorrect initialization of the primary bus for PCI bridges (5.1.14 regression)
  • Storage: LsiLogic fix for Windows 10
  • USB: fixed not being able to attach certain USB devices having invalid characters in the device strings (5.0.18 regression; bug #15956)
  • USB: several fixes for the USB/IP support (bug #16462)
  • VBoxSVC: fixed another crash during shutdown under rare circumstances
  • VBoxSVC: fixed a stack overflow on (Windows debug builds only; bug #16409)
  • OVF: when importing an appliance handle more than 10 network adapters if the OVA was created by VirtualBox (bug #16401)
  • OVF: fixes for exporting and importing appliances with many disks (bug #16402)
  • VBoxManage: fixed regression with modifyhd –resize (bug #16311)
  • rdesktop-vrdp: source code tarball fixes
  • Linux Installers: do not rebuild kernel modules unnecessarily (bug #16408)
  • Linux hosts: added an action for opening the VM manager window to the .desktop file
  • Linux hosts / guests: Linux 4.11 compile fixes (bug #16506)
  • Linux Additions: added vboxsf FS modules alias (bug #16404)
  • Linux Additions: fix for the shared folders kernel module to compile on Linux 4.10
  • Linux Additions: properly install the Linux kernel module override rule on distributions without /etc/depmod.d
  • Windows Additions: fixed a crash with recent Windows 10 builds if 3D is disabled (bug #15973)

Posted in VirtualBox, Virtualization | Tagged: , , , | Leave a Comment »

Hyper-V VMGuest.iso for older Windows OSes in Win10/2016

Posted by essjae on March 2, 2017

If you’re playing around with older OSes in the latest versions of Hyper-V, you’re missing one thing, the Integration Components (IC).

With Win10/Server2016 they no longer include this ISO as the current “supported” OSes all get their IC viaWindows Update.

You can get the IC from Hyper-V 2012/2012R2 Server, a free download, here:

https://www.microsoft.com/en-us/evalcenter/evaluate-hyper-v-server-2012-r2 ( to extract, you’ll need to mount the ISO, open the x:\sources\install.wim file with something like 7zip, browse to Windows\system32, and extract the vmguest.iso or install Hyper-V Server in a VM to get the vmguest.iso)

Or, if you’ve got a Windows 8/8.1/2012/2012R2 VM/system available with Hyper-V installed you’ll find it in the C:\windows\system32\ folder.

I’ve got a copy from Hyper-V 2012 R2 here: https://1drv.ms/u/s!AnbqFQxI6C6pibttEpT9LXnRf4jcYg 

Hyper-V 2008 R2 here: https://1drv.ms/u/s!AnbqFQxI6C6pio4TpkS4Yi9Pl0_Ejg 

Hyper-V 2008 here: https://1drv.ms/u/s!AnbqFQxI6C6pio4UYt3Jn_VLbrQs4w

No guarantees how long MS will allow it will stay up here, though it’s freely distributed with Hyper-V Server.

After installing the IC on OSes older than Windows Server 2012R2,  you will still see 2 unknown devices.  Per Microsoft, this is expected: https://support.microsoft.com/en-us/help/2925727/unknown-device-vmbus-in-device-manager-in-virtual-machine-for-avma

If you view the properties of these devices and check driver details, Hardware IDs or Compatible IDs, they will show the following:

  • vmbus\{4487b255-b88c-403f-bb51-d1f69cf17f87}
  • vmbus\{3375baf4-9e15-4b30-b765-67acb10d607b}
  • vmbus\{99221fa0-24ad-11e2-be98-001aa01bbf6e}
  • vmbus\{f8e65716-3cb3-4a06-9a60-1889c5cccab5}

These Virtual Devices (VDev) are provided for Automatic Virtual Machine Activation (AVMA) to communicate with the host. AVMA is only supported on virtual machines running Windows Server 2012 R2 or later versions of operating systems.

Windows XP Pro running in Hyper-V. Device Manager shows the 2 unknown devices after the IC have been installed.

Update:  The Integration Components won’t install in the Home and Starter versions of Windows.

Posted in Hyper-V, Virtualization, W2012, Windows 10, Windows 2012, Windows 2012 r2, Windows 2016, Windows 8, Windows 8.1 | Tagged: , , , , | 24 Comments »

« Previous Entries