Disable Settings on the Guest NIC on Server Core
We are currently running Windows Server 2003 with Virtual Server 2005 R2 SP1. One on the things we do is setup a "Shared Virtual Network" in which the guest virtual machines use a dedicated NIC seperate from the one the host uses. To do this we take one of the server NICs and unbind all the protocols and clients (i.e. Client for Microsoft Networks, Network Load Balancing, File and Printer Sharing, TCP/IP) except for Virtual Machine Network Services.
How do you do the same type of configuration on the NIC in Windows Server 2008 Server Core with Hyper-V?
A full version of Server 2008 has the following components bound to the NIC:
-
Client fro Microsoft Networks
-
QoS
-
File and Printer Sharing
-
IP v6
-
IPv4
-
Link-Layer Topology Discovery Mapper I/O Driver
-
Link-Layer Topology Discovery Responder
How can we tell what components are bound to the NIC in Server Core and then how can we disable them? Do they need to be disabled with Hyper-V?
I have seen the following solution on how to disable IPv6.
"Unlike Windows XP, IPv6 in Windows Vista cannot be uninstalled. However, you can disable IPv6 in Windows Vista by doing one of the following:
In the Connections and Adapters folder, obtain properties on all of your connections and adapters and clear the check box next to the Internet Protocol version 6 (TCP/IPv6) component in the list under This connection uses the following items. This method disables IPv6 on your LAN interfaces and connections, but does not disable IPv6 on tunnel interfaces or the IPv6 loopback interface.
Add the following registry value (DWORD type) set to 0xFF:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisabledComponents
This method disables IPv6 on all your LAN interfaces, connections, and tunnel interfaces but does not disable the IPv6 loopback interface. You must restart the computer for this registry value to take effect."Thanks,
Andrew
-
Réponses
Andrew Mason wrote: Unfortunately, I don't know if the virtual NIC needs an IP on the host, the virtualization forum would be best for that question. Have a look at this thread regarding Virtual Switches under Hyper-V.
Cheers,
Stephen Edgar
Stephen Edgar [Netweb] wrote: Andrew Mason wrote: Unfortunately, I don't know if the virtual NIC needs an IP on the host, the virtualization forum would be best for that question. Have a look at this thread regarding Virtual Switches under Hyper-V.
Cheers,
Stephen Edgar
When Hyper-V is configured with a Virtual Network that is connected to a physical NIC (External) the network components on the physical NIC are all unselected except for the "Microsoft Virtual Network Switch Protocol". A new virtual NIC is created to allow the host to communicate with the VMs via a virtual switch. This virtual NIC on the host can be disabled and the VMs can still access the physical network.
So, in Server Core the only thing that needs to be done in a multi-NIC situation is to disable the new virtual NIC that gets created because by default it is setup for DHCP and will get an IP number from a DHCP server if available. In addition the NICs could be renamed to reflect if they are assigned to the host or the guests.
Toutes les réponses
Hi,
You can change the binding order and bindings by editing the registry. The below example shows how to figure out which binding is which.
The registry key to change is HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage and HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Linkage if IPv4 is disabled.
Initial values for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage
Bind REG_MULTI_SZ \Device\{FEA1D7C4-6A2A-4EEA-86EE-B472C33C70F0}\0\Device\{18C90CD9-C246-498D-B94D-10751B8BF6B7}
Route REG_MULTI_SZ "{FEA1D7C4-6A2A-4EEA-86EE-B472C33C70F0}"\0"{18C90CD9-C246-498D-B94D-10751B8BF6B7}"
Export REG_MULTI_SZ \Device\Tcpip_{FEA1D7C4-6A2A-4EEA-86EE-B472C33C70F0}\0\Device\Tcpip_{18C90CD9-C246-498D-B94D-10751B8BF6B7}
To change the NIC binding order:
First get the ID’s for the NIC’s using wmic:
C:\test>wmic nicconfig get Description,SettingID
Description SettingID
Broadcom NetXtreme Gigabit Ethernet {18C90CD9-C246-498D-B94D-10751B8BF6B7}
Microsoft ISATAP Adapter {B5731EAB-64E1-447C-B8C8-AC30B0EE5497}
Broadcom NetXtreme Gigabit Ethernet #2 {FEA1D7C4-6A2A-4EEA-86EE-B472C33C70F0}
Run regedit and open HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage
The Bind, Route and Export key’s contain a list of NIC’s separated by a NULL (\0).
The last (rightmost) device is the first on the list. In the reg info pasted above you can see that the Broadcom NetXtreme Gigibit ({18C90CD9-C246-498D-B94D-10751B8BF6B7}) is first. To make Broadcom…#2 the first nic the three values should be:
Bind REG_MULTI_SZ \Device\{18C90CD9-C246-498D-B94D-10751B8BF6B7}\0\Device\{FEA1D7C4-6A2A-4EEA-86EE-B472C33C70F0}
Route REG_MULTI_SZ "{18C90CD9-C246-498D-B94D-10751B8BF6B7}"\0"{FEA1D7C4-6A2A-4EEA-86EE-B472C33C70F0}"
Export REG_MULTI_SZ \Device\Tcpip_{18C90CD9-C246-498D-B94D-10751B8BF6B7}\0\Device\Tcpip_{FEA1D7C4-6A2A-4EEA-86EE-B472C33C70F0}
A reboot is required for the changes to take affect.
Thank you for the information on reordering the NICs that TCP/IP is bound. This can be helpful also, but I was actually looking to disable the network components or "features" that are enabled by default on the NIC such as Client for Microsoft Networks, QoS, File and Printer Sharing, IPv6, IPv4, Link-Layer Topology Discovery Mapper I/O Driver,Link-Layer Topology Discovery Responder.Hi,
i was doing the same thing, disabling all protocols and services on the Virtual Servers nic. Seems this is no longer necessary once you use HyperV
see ben's blog: http://blogs.msdn.com/virtual_pc_guy/archive/2008/01/08/understanding-networking-with-hyper-v.aspx
or http://blog.baeke.info/blog/_archives/2007/12/16/3413344.html
you just disable the virtual nic in de parent partition
This tread however kicked me into finding the bindings and trying to disable them. you can still do that but it requires some registry tweaking
Use the above wmic command to identify your nics
Than use registry editor to change the bind parameter of the linkage key under every service
ie: for 'file and print sharing'
go to hklm\system\currentcontrolset\services\lanmanserver\linkage
open value 'bind'
remove all lines containing the guid of the nic you want to unbind
you need to do this for following regkeys
LanmanServer - File and Printer Sharing
LanmanWorkstation - Client for Ms Networks
lltdio (Link-Layer Discovery Mapper I/O Driver)
rspndr (Link-Layer Topology Discovery Responder)
tcpip (TCP/IPv4)
tcpip6 (TCP/IPv6)there are some other keys with a linkage subkey and bind parameter, but comparing with an installation with interface does not show unbinding of these services
it seems to work for file sharing and stuff, i do however continue to get ip-addresses. Solved that problem by registry editing: In hklm\system\currentcontrolset\tcpip\interfaces\guid (for each of the unbound nics) I changed value EnableDHCP to 0 and put RegistrationEnabled to 0 as well. The nics now get apipa addresses and do not register with dns, for now this will do for me.
If anyone has any idea to solve that last problem, i think we've got it
Bert
Update:
Andrew Mason wrote: Hi,
You can change the binding order and bindings by editing the registry. The below example shows how to figure out which binding is which.
The registry key to change is HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage and HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Linkage if IPv4 is disabled.
Initial values for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage
Bind REG_MULTI_SZ \Device\{FEA1D7C4-6A2A-4EEA-86EE-B472C33C70F0}\0\Device\{18C90CD9-C246-498D-B94D-10751B8BF6B7}
Route REG_MULTI_SZ "{FEA1D7C4-6A2A-4EEA-86EE-B472C33C70F0}"\0"{18C90CD9-C246-498D-B94D-10751B8BF6B7}"
Export REG_MULTI_SZ \Device\Tcpip_{FEA1D7C4-6A2A-4EEA-86EE-B472C33C70F0}\0\Device\Tcpip_{18C90CD9-C246-498D-B94D-10751B8BF6B7}
To change the NIC binding order:
First get the ID’s for the NIC’s using wmic:
C:\test>wmic nicconfig get Description,SettingID
Description SettingID
Broadcom NetXtreme Gigabit Ethernet {18C90CD9-C246-498D-B94D-10751B8BF6B7}
Microsoft ISATAP Adapter {B5731EAB-64E1-447C-B8C8-AC30B0EE5497}
Broadcom NetXtreme Gigabit Ethernet #2 {FEA1D7C4-6A2A-4EEA-86EE-B472C33C70F0}
Run regedit and open HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage
The Bind, Route and Export key’s contain a list of NIC’s separated by a NULL (\0).
The last (rightmost) device is the first on the list. In the reg info pasted above you can see that the Broadcom NetXtreme Gigibit ({18C90CD9-C246-498D-B94D-10751B8BF6B7}) is first. To make Broadcom…#2 the first nic the three values should be:
Bind REG_MULTI_SZ \Device\{18C90CD9-C246-498D-B94D-10751B8BF6B7}\0\Device\{FEA1D7C4-6A2A-4EEA-86EE-B472C33C70F0}
Route REG_MULTI_SZ "{18C90CD9-C246-498D-B94D-10751B8BF6B7}"\0"{FEA1D7C4-6A2A-4EEA-86EE-B472C33C70F0}"
Export REG_MULTI_SZ \Device\Tcpip_{18C90CD9-C246-498D-B94D-10751B8BF6B7}\0\Device\Tcpip_{FEA1D7C4-6A2A-4EEA-86EE-B472C33C70F0}
A reboot is required for the changes to take affect.
Ok...
I now see why you were telling me about changing the binding order. When you create a virtual network in Hyper-V the physical NIC's network components are all disabled by default except for "Microsoft Virtual Network Switch Protocol". So, that NIC is fine. However, a new virtual NIC is created as a virtual switch to be used by the guest VMs and the host. This new NIC gets an IP number by default (dhcp). With the host server now having 2 IP numbers there is a need to direct traffic to the NIC that you want it on. Thus the reason I think you gave the answer you did about the binding order.
I can't decide now if the new virtual NIC actually needs an IP number. I don't want the host using this NIC. Instead I only want the guest VM to have access. So, can all the network components be disabled on the virtual NIC? Or disable the entire virtual NIC?
I know this is getting into stuff that should probably be in the Virtualization Forum. However, once I know how the NICs need to be configured the question will be how I do this in Core.
Thank you!
Hi,
Unfortunately, I don't know if the virtual NIC needs an IP on the host, the virtualization forum would be best for that question.
Andrew
Andrew Mason wrote: Unfortunately, I don't know if the virtual NIC needs an IP on the host, the virtualization forum would be best for that question. Have a look at this thread regarding Virtual Switches under Hyper-V.
Cheers,
Stephen Edgar
Stephen Edgar [Netweb] wrote: Andrew Mason wrote: Unfortunately, I don't know if the virtual NIC needs an IP on the host, the virtualization forum would be best for that question. Have a look at this thread regarding Virtual Switches under Hyper-V.
Cheers,
Stephen Edgar
When Hyper-V is configured with a Virtual Network that is connected to a physical NIC (External) the network components on the physical NIC are all unselected except for the "Microsoft Virtual Network Switch Protocol". A new virtual NIC is created to allow the host to communicate with the VMs via a virtual switch. This virtual NIC on the host can be disabled and the VMs can still access the physical network.
So, in Server Core the only thing that needs to be done in a multi-NIC situation is to disable the new virtual NIC that gets created because by default it is setup for DHCP and will get an IP number from a DHCP server if available. In addition the NICs could be renamed to reflect if they are assigned to the host or the guests.
- all you have to do is Connect to server core remotely using hyper-V admin tools and manage the either net adapters. here is the article on
How Route between two different virtual networks in Hyper-V
- I'm not clear on this.
If you install the currently available Server Core 2008 (not R2 RC1) on a physcial server with 2 internal NICs, do you have to do anything on the local server via command line to set one nic for the parent partition "management" and the other for the VMs or do you make all the changes remotely via Hyper-V Manager or do you need to go through that list of custom registry changes above or can you configure this with VMM 2008? - There is no need to disable the individual settings on the virtual network adapter. Just like everyone else is saying, just disable the virtual adapter in your parent partition.
You can even do this on server core and hyper-v server installs via the command line like this:
netsh
interface
set interface name="Local Area Connection X" admin=DISABLED
You can view help on this command by typing 'set interface /?' while at the netsh interface prompt
The above info about disabling a network connection via command line was found on this site .
I don't really see why the virtual network is enabled by default in the first place. It just seems to complicate things by adding a second network adapter to your host server that doesn't need to be there (Your server will still have connectivity once you disable it). And the fact that it picks up a DHCP address by default makes it even more troublesome...
Can someone tell us why this is the default behavior in Hyper-V?
