locked
Hyper-V Firewall Issue RRS feed

  • Question

  • So I have a windows server 2012r2 install running a guest install of server 2012 as a Domain Controller. I was reviewing my logs on my controllers when I noticed some issues.

    First off:

    We have 3 DC's- two Server 2012r2 (1 physical and 1 virtual) and one 2008r2 (physical) I noticed on my physical 2012r2 DC the AD DS role has several 5008 events for error 1722. I took at look at other servers and the 2008r2 has the same events they report the issue is DFSR replication with the virtual controller.  I went over and looked at the virtual, no issues all is good.  So I started doing some DNS and repadmin checks from the various controllers.  After a couple of days I have come to the conclusion that the issue is with the Virtual Controllers host OS firewall settings.  When I run the "repadmin /replsum" and "repadmin /showrepl gila*" it returns errors 58 and 81.  NLTEST /dclist:domainname  returns cannot find DC...status=1355...

    This command fail on both the physical DCs when dealing with the virtual DC.  The Virtual DC reports no errors and all looks good when you run the commands from it.   I turned off the host firewall and then everything worked as advertised from all DC's.. SO I know the issue it is tied to the host windows firewall. 

    But I can not figure out what I need to set.  I tried adding all the AD DS firewall ports to the host firewall but that made no difference.  I am suspecting my hyper-v virtual switch setup as the issue?  The host machine has a 10G NIC and 4 1GNic's plus 1 management NIC. 

    I set the virtual machine up to use its own 1G NIC using a Virtual Switch.

    Hyper-V Host Server IPconfig sanitized output:


    Windows IP Configuration

       Host Name . . . . . . . . . . . . : Gila
       Primary Dns Suffix  . . . . . . . : domainname
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : domainname

    Tunnel adapter Local Area Connection* 11:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft Failover Cluster Virtual Adapter
       Physical Address. . . . . . . . . : 02-9B-26-6B-C3-6F
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes

    Ethernet adapter vEthernet (Internal_Hyper_V):

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #3
       Physical Address. . . . . . . . . : 00-15-5D-14-F2-00
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::ccb2:f7c1:b347:d839%27(Preferred)
       Autoconfiguration IPv4 Address. . : 169.254.216.57(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.0.0
       Default Gateway . . . . . . . . . :
       DHCPv6 IAID . . . . . . . . . . . : 889197917
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-16-4A-21-00-0E-1E-98-FB-22
       DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                           fec0:0:0:ffff::2%1
                                           fec0:0:0:ffff::3%1
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter vEthernet (External_Hyper_V):

       Connection-specific DNS Suffix  . : domain
       Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #2
       Physical Address. . . . . . . . . : 44-A8-42-30-55-0F
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 10.14.21.96(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.254.0
       Lease Obtained. . . . . . . . . . : Wednesday, October 28, 2015 8:53:37 PM
       Lease Expires . . . . . . . . . . : Monday, November 9, 2015 8:47:03 PM
       Default Gateway . . . . . . . . . : 10.14.20.1
       DHCP Server . . . . . . . . . . . : 10.14.20.9
       DNS Servers . . . . . . . . . . . : 10.14.20.240
                                           10.14.20.243
                                           10.14.30.11
                                           10.14.20.9
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter Ethernet:

       Connection-specific DNS Suffix  . : local
       Description . . . . . . . . . . . : iDRAC Virtual NIC USB Device
       Physical Address. . . . . . . . . : 44-A8-42-30-55-14
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 169.254.0.2(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Lease Obtained. . . . . . . . . . : Wednesday, October 28, 2015 8:53:43 PM
       Lease Expires . . . . . . . . . . : Tuesday, November 17, 2015 8:53:41 PM
       Default Gateway . . . . . . . . . :
       DHCP Server . . . . . . . . . . . :
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter SLOT 5 Port 1:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : QLogic BCM57810 10 Gigabit Ethernet (NDIS VBD Client) #43
       Physical Address. . . . . . . . . : 00-0E-1E-98-FB-20
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 10.14.20.242(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.254.0
       Default Gateway . . . . . . . . . : 10.14.20.1
       DNS Servers . . . . . . . . . . . : 10.14.20.240
                                           10.14.20.9
                                           10.14.30.11
                                           10.14.20.243
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter Hyper-V-PS-Gila:

       Connection-specific DNS Suffix  . : domain
       Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet #2
       Physical Address. . . . . . . . . : 44-A8-42-30-55-10
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 10.14.21.95(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.254.0
       Lease Obtained. . . . . . . . . . : Wednesday, October 28, 2015 8:53:40 PM
       Lease Expires . . . . . . . . . . : Monday, November 9, 2015 8:47:25 PM
       Default Gateway . . . . . . . . . : 10.14.20.1
       DHCP Server . . . . . . . . . . . : 10.14.20.9
       DNS Servers . . . . . . . . . . . : 10.14.20.240
                                           10.14.20.243
                                           10.14.30.11
                                           10.14.20.9
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter SLOT 5 Port 2:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : QLogic BCM57810 10 Gigabit Ethernet (NDIS VBD Client) #44
       Physical Address. . . . . . . . . : 00-0E-1E-98-FB-22
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.domain:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : domain
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.local:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : local
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{32E42481-6868-4DAD-A72A-E2E1D54C4535}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{2A47DACF-E542-4DCE-AF91-2C3CCC6D2F8B}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Hyper-V Guest DC Ipconfig output:

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : Gila-DC
       Primary Dns Suffix  . . . . . . . : domainname
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : domain

    Ethernet adapter Ethernet:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter
       Physical Address. . . . . . . . . : 00-15-5D-14-F2-02
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 10.14.20.243(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.254.0
       Default Gateway . . . . . . . . . : 10.14.20.1
       DNS Servers . . . . . . . . . . . : 10.14.20.240
                                           10.14.30.11
                                           10.14.20.9
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter isatap.{FDA93FC7-DFA9-4D88-8B09-69E89505066A}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Like I said I know the issue is a either the host machines Hyper-V config or Windows Firewall as dropping the firewall on the host machine resolves all the issues with VM DC returning information to the other controllers on request.

    Monday, November 9, 2015 10:43 PM

All replies

  • Hmm  After some monkeying around with the virtual switches and a restart of the virtual machine things seem to be working today. Only issue I seen was 5002 event with an error 1753.  I still had to old domain controller servers names listed in the site and services even though they had been previously demoted and roles transferred.  I deleted them see if that clears the latest issues. 

    Tuesday, November 10, 2015 4:09 PM