Zack Salazar
asked on
Seeking solid advice on installing 2 on premise VMs (1) VM Win 2016 AD and (2) a VM Exchange 2016 server separately on the same hosting Hyper-V 2016 server
I am aware that Exchange is not to be integrated with an AD Controller. I am also aware that installing a 2nd Windows server (2016) as a domain member with Exchange (2016) installed is the preferred method. However, when I created the primary Win 2016 DC in a virtual environment, I was unable to add a member domain using a different NIC on the hosting Hyper-V 2016 server as, there was a LAN IP conflict using (ie... 192.168.0.5 on NIC1 and 192.168.0.6 on NIC4). Windows Server 2016 on the hosting Hyper-V server will not permit two different IPs on the Same LAN using two different NICs on the hosting server. What am I doing incorrectly?
ASKER
Mahesh, Thank you for your response. Your response - "If you have DC role, you can add exchange on top of that, again its not recommended".
I thought I clearly stated each --Exchange and DC would NOT be on the same "server" yet, same Hyper-V host virtually as 1) AD and 2) Exchange as a joined member of AD.
Note, I can make it work if I have each VM server on TWO different box servers --just not on the same Hyper-V hosted server -because of the NIC conflicts.
I thought I clearly stated each --Exchange and DC would NOT be on the same "server" yet, same Hyper-V host virtually as 1) AD and 2) Exchange as a joined member of AD.
Note, I can make it work if I have each VM server on TWO different box servers --just not on the same Hyper-V hosted server -because of the NIC conflicts.
Note, I can make it work if I have each VM server on TWO different box servers --just not on the same Hyper-V hosted server -because of the NIC conflicts.
why you are getting NIC conflict, I don't see any reason for NIC conflicts
What are you trying to achieve ?
It is very simple
1 hyper v host
create 2 vms,
vm1 --> First set up your domain controller with one IP address
vm2 --> Install and configure exchange 2016 server with different IP address
As Mr Mahesh mentioned earlier posts, it is not recommended to install both AD and exchange in the same server. Also note that Exchange is heavily integrated with AD. so you better keep a separate server for AD and make sure AD/DNS have configured properly.
It is very simple
1 hyper v host
create 2 vms,
vm1 --> First set up your domain controller with one IP address
vm2 --> Install and configure exchange 2016 server with different IP address
As Mr Mahesh mentioned earlier posts, it is not recommended to install both AD and exchange in the same server. Also note that Exchange is heavily integrated with AD. so you better keep a separate server for AD and make sure AD/DNS have configured properly.
ASKER
I totally get it. However, each VM requires SSL and each are on there own LAN IPs within the same network/LAN.....
Why do you need SSL for AD ? You can use SSL for Exchange connectivity
Yes, you can keep same vlan IP address for AD and Exchange servers
Yes, you can keep same vlan IP address for AD and Exchange servers
you can have multiple VMs connected to single virtual switch and in turn single network card as well
That is where virtualization is called upon
All you can do, create on virtual switch pointing to one NIC on host and in switch properties, deselect "allow management operating system to share this network adapter"
This will dedicate that adapter to virtual machines
Use 2nd NIC for host management and configure another IP in same VLAN as 1st on that NIC
That is where virtualization is called upon
All you can do, create on virtual switch pointing to one NIC on host and in switch properties, deselect "allow management operating system to share this network adapter"
This will dedicate that adapter to virtual machines
Use 2nd NIC for host management and configure another IP in same VLAN as 1st on that NIC
You should have just 1 external virtual switch on the host. Both VMs would have their NIC attached to the virtual switch.
The virtual switch is either shared with the host, in which case that should be the only NIC used. Other option is to have host on a totally separate NIC, and to have virtual switch not shared with the host. The host should have only 1 configured NIC with an IP address for a simple deployment.
The virtual switch is either shared with the host, in which case that should be the only NIC used. Other option is to have host on a totally separate NIC, and to have virtual switch not shared with the host. The host should have only 1 configured NIC with an IP address for a simple deployment.
ASKER
Kevin, the server has an integrated 2 port NIC (NIC1 - port 1 IP 192.168.0.5 (AD)) and a PCIe 4 port NIC (NIC2 - port 1 IP 192.168.0.6(Exchange)). Yet, Windows is stating a conflict when I assign a second IP address on the same LAN NIC2.
AD NIC1(port1) and Exchange NIC2(port1)
AD NIC1(port1) and Exchange NIC2(port1)
The Hyper-V host only needs 1 NIC and 1 IP. You have six physical NICs available, and you should really start off with 1, since it seems like you're a little bit confused about what you should be doing. More than 1 NIC is only needed for high bandwidth environments, redundant switches, or separated switches such as DMZ.
ASKER
So Kevin, how about assisting in clearing up any confusion?
How about a solution or a real case scenario with how you'd handle TWO virtual servers each with their own LAN IP Yet, same LAN and each requiring the use of SSL on the same hosting Hyper-v physical box. Thanks!
To clear up any "confusion", what I'm saying is there's more than one need for SSL (port 443) from two different VM servers on the same LAN network --apparently so that the Exchange member server (192.168.0.6) can communicate with the DC (192.168.0.5).
***NIC port 1 (192.168.0.5) will be a "Win-DC". Win-DC will need SSL port forwarding to its 192.168.0.5.
NIC port 2 (192.168.0.6) "Win-Exch" will have Win 2016 with Exchange 2016 connecting to "Win-DC" as a member server to "Win-DC".
"Win-Exch" will also need to use SSL.
**I have multiple Public WAN user assignable IP addresses and two firewalls I can setup for
1) "Win-DC"/pub.lic.add.re1 pointing port 443 to 192.168.0.5 and
2) "Win-Exch"/pub.lic.add.re2
1. Going back to my original question, the hosting Hyper-V Windows server states "a conflict when using TWO IP ***addresses on the same Hyper-V host's LAN When I assign 192.16.0.5 to NIC port 1 and assign 192.168.0.6 to NIC port 2, the hosting physical Hyper-V server throws up a red flag.
2. How can I use the same firewall (1 Static IP) to forward to both, "Win-DC"/192.168.0.5 And "Win-Exch"/192.168.0.6?
How about a solution or a real case scenario with how you'd handle TWO virtual servers each with their own LAN IP Yet, same LAN and each requiring the use of SSL on the same hosting Hyper-v physical box. Thanks!
To clear up any "confusion", what I'm saying is there's more than one need for SSL (port 443) from two different VM servers on the same LAN network --apparently so that the Exchange member server (192.168.0.6) can communicate with the DC (192.168.0.5).
***NIC port 1 (192.168.0.5) will be a "Win-DC". Win-DC will need SSL port forwarding to its 192.168.0.5.
NIC port 2 (192.168.0.6) "Win-Exch" will have Win 2016 with Exchange 2016 connecting to "Win-DC" as a member server to "Win-DC".
"Win-Exch" will also need to use SSL.
**I have multiple Public WAN user assignable IP addresses and two firewalls I can setup for
1) "Win-DC"/pub.lic.add.re1 pointing port 443 to 192.168.0.5 and
2) "Win-Exch"/pub.lic.add.re2
1. Going back to my original question, the hosting Hyper-V Windows server states "a conflict when using TWO IP ***addresses on the same Hyper-V host's LAN When I assign 192.16.0.5 to NIC port 1 and assign 192.168.0.6 to NIC port 2, the hosting physical Hyper-V server throws up a red flag.
2. How can I use the same firewall (1 Static IP) to forward to both, "Win-DC"/192.168.0.5 And "Win-Exch"/192.168.0.6?
check if you have else adapter on same physical server which had already setup with above two IPs
Probably you could run some kind of ip scanner tool to identify if IP already leased out elsewhere
Probably you could run some kind of ip scanner tool to identify if IP already leased out elsewhere
I am not sure exactly what you're doing or where all the IP addresses are assigned. I would honestly start over.
If you do that there should be no IP conflicts.
I see no reason why you would make the DC available through the external firewall. I do not make my DCs available from the Internet.
Your Exchange server would typically allow port 25 and 443 from the Internet. Your firewall can do port forwarding, or use an additional public IP and do a static NAT to 192.168.0.6.
- Delete all virtual switches
- Disable all NICs on host except for 1. Leave it set to DHCP for now
- Create an external virtual switch on the host. Share is with the management OS. Assign it to the 1 enabled physical NIC.
- Your host should show 1 NIC. Assign it 192.168.0.4
- Assign your WIN-DC VM to 192.168.0.5
- Assign Win-Exchange to 192.168.0.6
If you do that there should be no IP conflicts.
I see no reason why you would make the DC available through the external firewall. I do not make my DCs available from the Internet.
Your Exchange server would typically allow port 25 and 443 from the Internet. Your firewall can do port forwarding, or use an additional public IP and do a static NAT to 192.168.0.6.
ASKER
Kevin and Mahesh:
Re: "4. Your host should show 1 NIC. Assign it 192.168.0.4
5. Assign your WIN-DC VM to 192.168.0.5
6. Assign Win-Exchange to 192.168.0.6"
How does this address the issue of using a 1) single physical NIC 2) with two virtual NICs yet, 3) SSL forwarded to both VMs' virtual NICs (192.168.0.5 and 192.168.0.6?
Kevin:
Correction re: the DC mentioned earlier. The DC will be a Win 2016 Essentials server hence, requiring port 443/SSL access. Sorry for the confusion.
Re: "4. Your host should show 1 NIC. Assign it 192.168.0.4
5. Assign your WIN-DC VM to 192.168.0.5
6. Assign Win-Exchange to 192.168.0.6"
How does this address the issue of using a 1) single physical NIC 2) with two virtual NICs yet, 3) SSL forwarded to both VMs' virtual NICs (192.168.0.5 and 192.168.0.6?
Kevin:
Correction re: the DC mentioned earlier. The DC will be a Win 2016 Essentials server hence, requiring port 443/SSL access. Sorry for the confusion.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Kevin, Afthab T anad Mahesh, thank you for assisting in addressing the answer to my question.
The original asked question and actual intended question is different
For starting you are talking about IP conflicts hence everybody is gone off the track that how come IP conflicts would be there no matter how many physical NICs you have
Instead you could simply ask at start "how can two Hyper-v VMs on single host connected to single network card (virtual switch) can communicate to internet on same protocol?
In fact I guessed this bit earlier - look at my earlier comment but did not get totally
Conceptually when you created virtual switch, your network card became tunnel for traffic to enter in and out and your public IPs would bind to NIC and IP of virtual machine, so there won't be any conflict
Anyways kevinhsieh has explained this well in his last comment and its glad to here that your question is answered correctly
For starting you are talking about IP conflicts hence everybody is gone off the track that how come IP conflicts would be there no matter how many physical NICs you have
Instead you could simply ask at start "how can two Hyper-v VMs on single host connected to single network card (virtual switch) can communicate to internet on same protocol?
In fact I guessed this bit earlier - look at my earlier comment but did not get totally
Conceptually when you created virtual switch, your network card became tunnel for traffic to enter in and out and your public IPs would bind to NIC and IP of virtual machine, so there won't be any conflict
Anyways kevinhsieh has explained this well in his last comment and its glad to here that your question is answered correctly
This is not true. AD and Exchange never should be installed on same box
Also once you installed exchange on box, you cannot install DC role
If you have DC role, you can add exchange on top of that, again its not recommended
I am not sure why you have two network adapters with same IP scheme on host hyper-v server
Further, that should not create issues, you can latch one NIC to virtual switch and you should be fine as long as NIC is connected to production network