Should my Windows Hyper-V server run DNS?
I have a Windows 2016 Hyper-V server which hosts a Primary Domain Controller (PDC01) and a SQL Database Server (DB01)
I have DHCP and DNS running on PDC01 and the Hyper-V host points to the DNS on PDC01. This is all fine when PDC01 is running but when I shut PDC01 down, the Hyper-V server can't find a DNS server.
Should I install DNS on the Hyper-V and point the Hyper-V to that as its primary DNS and to the DNS on PDC01 as the secondary?
I have DHCP and DNS running on PDC01 and the Hyper-V host points to the DNS on PDC01. This is all fine when PDC01 is running but when I shut PDC01 down, the Hyper-V server can't find a DNS server.
Should I install DNS on the Hyper-V and point the Hyper-V to that as its primary DNS and to the DNS on PDC01 as the secondary?
ASKER
Hmm, hadn't considered licencing. I'll look into that.
The only reason I'm considering DNS on the Hyper-V is to allow me to run my backups to a local NAS when the DB01 and PDC01 VMs are shutdown.
I use BackupAssist and the configuration of that requires me to specify the destination. When the PDC01 server is not running, BackupAssist can't find the NAS. When I start PDC01 it can so I assumed it was something to do with DNS. The Hyper-V Virtual Ethernet switch points to the DNS on PDC01.
The Host is not a member of the domain.
The only reason I'm considering DNS on the Hyper-V is to allow me to run my backups to a local NAS when the DB01 and PDC01 VMs are shutdown.
I use BackupAssist and the configuration of that requires me to specify the destination. When the PDC01 server is not running, BackupAssist can't find the NAS. When I start PDC01 it can so I assumed it was something to do with DNS. The Hyper-V Virtual Ethernet switch points to the DNS on PDC01.
The Host is not a member of the domain.
No.
Hyper-V needs sole access to the network stack. Period.
All other Roles belong in a guest or guests.
I have two very thorough EE articles on all things Hyper-V:
Some Hyper-V Hardware and Software Best Practices
Practical Hyper-V Performance Expectations
Some PowerShell Guides:
PowerShell Guide - Standalone Hyper-V Server
PowerShell Guide - New VM PowerShell
PowerShell Guide - New-VM Template: Single VHDX File
PowerShell Guide - New-VM Template: Dual VHDX Files
Here are some focused articles:
Set up PDCe NTP Domain Time in a Virtualized Setting
Slipstream Updates Using DISM and OSCDImg
Protecting a Backup Repository from Malware and Ransomware
Disaster Preparedness: KVM/IP + USB Flash = Recovery. Here’s a Guide
Hyper-V needs sole access to the network stack. Period.
All other Roles belong in a guest or guests.
I have two very thorough EE articles on all things Hyper-V:
Some Hyper-V Hardware and Software Best Practices
Practical Hyper-V Performance Expectations
Some PowerShell Guides:
PowerShell Guide - Standalone Hyper-V Server
PowerShell Guide - New VM PowerShell
PowerShell Guide - New-VM Template: Single VHDX File
PowerShell Guide - New-VM Template: Dual VHDX Files
Here are some focused articles:
Set up PDCe NTP Domain Time in a Virtualized Setting
Slipstream Updates Using DISM and OSCDImg
Protecting a Backup Repository from Malware and Ransomware
Disaster Preparedness: KVM/IP + USB Flash = Recovery. Here’s a Guide
"BackupAssist can't find the NAS "
Can you configure it to access the NAS by IP address?
Can you configure it to access the NAS by IP address?
With Windows AD, the DNS must run on one of the DC's.... so definitely not on any other server.
If the https://github.com/lf-edge/eden#raspberry-pi-4-supportDC is a guest on the Hyper-V host then ensure the Hyper-V host can hold it's own if the DC is down.
(put one or two crucial servers in the hosts file if you need a snapshot made to some backup system while the DC is down).
You NAS can be a candidate for entering in the hosts file.
If the https://github.com/lf-edge/eden#raspberry-pi-4-supportDC is a guest on the Hyper-V host then ensure the Hyper-V host can hold it's own if the DC is down.
(put one or two crucial servers in the hosts file if you need a snapshot made to some backup system while the DC is down).
You NAS can be a candidate for entering in the hosts file.
ASKER
Yes, tried that but it seems to make no difference. Without PDC01 it just sits at the "check destination" step forever. The moment I start PDC01 then off it goes to the next step.
I would look into why you can't get the backup to see the NAS by IP address. That really should work and will make life easier in the long run. I'm assuming the NAS has a static IP.
Is BackupAssist telling you what it can't locate? Are you backing up the VM VHDX or?
Is BackupAssist telling you what it can't locate? Are you backing up the VM VHDX or?
The only reason I'm considering DNS on the Hyper-V is to allow me to run my backups to a local NAS when the DB01 and PDC01 VMs are shutdown.
Is there a reason why those VMs are being shut down? Especially the domain controller - it's performing an important function, especially if it's the only one in the domain. You wouldn't just shut down a physical DC arbitrarily, so why shut down that VM?
ASKER
I'm trying to isolate a backup fault. The backup to RD1000 drive fails regularly with Volsnap errors (I have an EE question open on the subject). My plan was to shut down the VMs to isolate the source of the Volsnap. Given the EE advice above, perhaps that wasn't a good line of investigation.
If it is DNS-related, it's very odd that you can't find the NAS after placing an entry for it into your hosts file. You could possibly use Wireshark find the cause (if it's querying DNS for something other than the name of the NAS, for instance). The NAS isn't integrated into AD in some way that would require it to authenticate with the DC, is it?
I know you said it didn't work for you but adding an entry to the "hosts" file should do the trick. Can you try it again? Maybe you made a typo before... Anyway, you definitely shouldn't install DNS on the host. Leave it on a DC and focus on why you cannot communicate with NAS.
I concur with Hello There's advice as noted above.
If the ONLY dependency between the host & NAS is the IP address. Then an entry like below in the host file should fix that.
If a username is needed or any other access from the backup system or the NAS (or the Hyper-V system) to the AD then you are fried the moment a DC stops.
You may consider setting a second hyper-V host and have a second DC active there and ensure only one DC is down at any moment.
ip.ad.dre.ss hostname.fqdn hostname If a username is needed or any other access from the backup system or the NAS (or the Hyper-V system) to the AD then you are fried the moment a DC stops.
You may consider setting a second hyper-V host and have a second DC active there and ensure only one DC is down at any moment.
HOSTS file is generally ignored by Windows Server.
Veeam. It's free for the first 10 VMs so long as this is _your_ company that you are working for.
Drop BackupAssist.
The NAS can be set up as a destination (Please read my Protecting a Backup Repository post linked above) using an IP address and have a username and password set so that only the Veeam username and password has MOD.
Volume Snapshots require in-guest acquiescence for SQL and other active database workloads. BA is probably not syncing correctly with the built-in SQL Volume Shadow Copy Service (VSS).
Veeam. It's free for the first 10 VMs so long as this is _your_ company that you are working for.
Drop BackupAssist.
The NAS can be set up as a destination (Please read my Protecting a Backup Repository post linked above) using an IP address and have a username and password set so that only the Veeam username and password has MOD.
Volume Snapshots require in-guest acquiescence for SQL and other active database workloads. BA is probably not syncing correctly with the built-in SQL Volume Shadow Copy Service (VSS).
ASKER
I've isolated my problem further.
I have a backup job that backs up to the NAS using a data container, the other backup job just writes to the NAS into a folder.
* The backup job that writes to the NAS folder is fine when PDC01 is not online.
* The backup that writes to a data container on the NAS hangs at "Check Destination" if PDC01 is not online.
I have a backup job that backs up to the NAS using a data container, the other backup job just writes to the NAS into a folder.
* The backup job that writes to the NAS folder is fine when PDC01 is not online.
* The backup that writes to a data container on the NAS hangs at "Check Destination" if PDC01 is not online.
You may want to check what authentication is needed for the container. based on IP address of the Hyper-V host or some thing that requires DC access.
and if you can change that authentication.
and if you can change that authentication.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Please note: if you make a backup to the same NAS the services use for production then anything happning to the NAS MAY also compromise the backup.
etter keep your backup data physiscally separate from production data.
So IMHO it's better to have two NAS systems 1 provides data storage, the other backup storage.
etter keep your backup data physiscally separate from production data.
So IMHO it's better to have two NAS systems 1 provides data storage, the other backup storage.
ASKER
Thanks, useful to know but in this case the only job of the NAS is to support the backups.
In that case there should be no need for the NAS to be dependent on an DC. A backup NAS should never rely on anything that needs to be backup.
Otherwise you run into trouble when you need to restore. ie. You cannot restore the DC because the DC is not reachable...??
Otherwise you run into trouble when you need to restore. ie. You cannot restore the DC because the DC is not reachable...??
HOSTS file is generally ignored by Windows Server.
I feel like this should be clarified.
The hosts file is completely ignored by the DNS Server service, but it is used by the DNS Client service, whether that service is running in a server or client OS. Queries to a DNS server from elsewhere won't use the hosts file on the server, but queries issued from the server itself will (unless you're using a tool like dig or nslookup, which have their own resolver mechanisms and bypass the DNS Client service altogether).
ASKER
Thanks for all the good advice and help. I now know the DNS on the Hyper-V is a no-no so I'll avoid that.
As it turns out Philip Elder was right on the money when he suggested that the NAS was setup with AD integration. This was a left-over from the days before Hyper-V and got overlooked in the upgrade/migration of the new server. I have removed the AD integration and BackupAssist now happily backs up when both the PDC01 and DB01 are offline.
As it turns out Philip Elder was right on the money when he suggested that the NAS was setup with AD integration. This was a left-over from the days before Hyper-V and got overlooked in the upgrade/migration of the new server. I have removed the AD integration and BackupAssist now happily backs up when both the PDC01 and DB01 are offline.
Is your host on the domain? Do you need to resolve local addresses on the host? In general, hosts shouldn't really do much of anything other than host the VMs.