• Windows Server 2019 ISO for DC1, DC2, SAN, FILE1, FILE2, HV1, HV2 as Server Core

• pfSense for NAT and Firewall

• CentOS 8 Stream x86_64-latest-dvd1.iso for the Linux DHCP server

1. In Hyper-V create a new VM named “ParentServer2019-Core” with 4096 MB of memory

2. Turn off the VM’s automatic checkpoints

3. Connect and start the VM

4. Install Windows Server Datacenter (without Desktop Experience) then reboot

5. Set a admin password

6. Enter PS by typing powershell

7. From PowerShell open the System Preparation Tool (Sysprep) with:

   cd C:\Windows\System32\Sysprep\
   ls
   .\sysprep.exe

   

8. Set SysPrep to the following:
   • System Cleanup Action: Enter System Audit Mode
   • Generalize: unchecked
   • Shut down options: Reboot

9. Install all updates by entering sconfig > type6 To Download an Install Updates

10. Reboot the VM

11. Set SysPrep to the following:
    • System Cleanup Action: Enter System Out-of-Box Experience (OOBE)
    • Generalize: Checked
    • Shut down options: Shutdown

12. Delete the ParentServer2019-Core VM from Hyper-V and make the vhdx file read only

13. Create a VM on the host with the differencing disk by either:
    • Option 1: In Hyper-V, create a new differencing hard disk > create a new VM and attach the child vhdx
    • Option 2: Use the following script:

      #
      # Create a VM with Windows Server 2019 (Core) with 2GB Static Memory on a Differencing Disk
      # Connect to the LAN switch
      # Disable automatic checkpoints & enable VM Guest Services
      #
      $VMName = Read-Host -Prompt 'Input the VM name'
      $parentpath = "V:\VMs\VHDX\ParentServer2019-Core.vhdx"
      $VHDPath = "V:\VMs\VHDX\" + $VMName + ".vhdx"
      
      # Create VM with a differencing disk, update settings ,and start vm
      New-VHD -ParentPath $parentpath -Path $VHDPath -Differencing
      New-VM -Name $VMName -MemoryStartupBytes 2GB -VHDPath $VHDPath -Generation 2 -SwitchName LAN
      Set-VM $VMName -AutomaticCheckpointsEnabled $false
      Set-VMMemory $VMName -DynamicMemoryEnabled $false
      Enable-VMIntegrationService -VMName $VMName -Name "Guest Service Interface"
      Start-VM -Name $VMName
      VMConnect.exe

1. From the host’s (Thinkpad laptop) Hyper-V Manager > click Virtual Switch Manager...

2. Click new virtual network switch > and create the following:

   Switch Name	Switch Type	Notes
   WAN	External
   LAN	Internal	192.168.3.0 /28 → 14 hosts, 16 IPs 192.168.3.1 - 192.168.3.14
   iSCSI	Private	iSCSI SAN: 192.168.10.0 /29 → 6 hosts, 8 IPs 192.168.10.1 - 192.168.10.6
   HB	Private	FS cluster heartbeat 192.168.20.0 /29 → 6 hosts, 8 IPs 192.168.20.1 - 192.168.20.6
   LM	Private	Live Migration192.168.30.0 /30 → 2 hosts, 4 IPs 192.168.30.1 - 192.168.30.2

   

3. (Optional) Go to the host’s Network Connections > view the adapter properties

   

4. (Optional) on the host, enter ipconfig /all

   

1. From a web browser on the host machine go to 192.168.1.254 and login

2. Set a IP addressing range for DHCP and make note of the excluded range

   

1. Create a VM named “pfSense” with the following:
   • Name: “pfSense”
   • Generation: Generation 2
   • Memory: 2048 MB Dynamic (this will be set to 512 MB Static after configuration is complete)
   • Network: WAN
   • Hard Disk: 40GB Dynamic Expanding
   • Operating System: pfSense.iso

   

2. Right click the pfSense VM > select Settings... > Edit the following:
   • Security: Uncheck Enable Secure Boot
   • Checkpoints: Uncheck Use Automatic Checkpoints
   • Click Add Hardware > Network Adapter > Virtual Switch: select LAN

3. In Hyper-V right-click on the pfSense VM > Connect... > click Start
   • Use the arrow keys to navigate, SPACE to toggle and ENTER to select

4. Complete the installation with the following:
   • Copyright and Trademark Notice > Accept
   • Welcome to pfSense: Select Install > Install pfSense > OK
   • Keymap Selection: Leave the default option Continue with default keymap as is> Select
   • Partitioning: Leave the default Auto (ZFS) Guided Root-on-ZFS selected > OK
   • Configure options: Install Proceed with Installation > Select
   • Select Virtual Device Type: Select Stripe - No Redundancy > OK
   • ZFS Configuration: Press the Space Bar to select the Msft Virtual Disk > OK
   • Select YES when asked to destroy the da0 disk
   • The distribution files will extract and install

     

5. When asked to make any final manual modifications when the installation is finished, select YES

6. From the shell type poweroff

   

7. Open the Hyper-V settings for pfSense

8. Click Firmware > Select the Hard Drive pfSense.vhdx and move up to become first in the boot order

9. Click SCSI Controller > DVD Drive > Remove the pfsense.iso file

10. Expand the WAN Network Adapter > Click Advanced Features > View the MAC Address

11. Expand the LAN Network Adapter > Click Advanced Features > View the MAC Address

    

1. Start the pfSense VM

2. View the valid interfaces hn0 and hn1 and notice the last hexadecimal digit (hn0 = 03 → WAN network adapter)

3. Configure the interface’s for WAN hn0 and LAN hn1 with the following:
   • Do VLANS need to be setup now? > n
   • Enter the WAN interface name > hn0
   • Enter the LAN interface name > hn1
   • Do you want to proceed? > y to write configuration

     

4. Set the LAN interface IP to 192.168.3.14 /28 by selecting option 2 and entering the following:
   • Enter the number of the interface you wish to configure > 2
   • Enter the new LAN IPv4 address > 192.168.3.14
   • Enter the new LAN IPv4 subnet bit count > 28
   • For a WAN, enter the new LAN IPv4 upstream gateway address > press ENTER for none
   • Enter the new LAN IPv6 address > press ENTER for none
   • Do you want to enable the DHCP server on LAN? > y
   • Do you want to revert to HTTP as the webConfigurator protocol? > y

     

5. (Optional) Set the WAN interface IP to 192.168.1.10 /24 by selecting option 2 and entering the following:
   • Enter the number of the interface you wish to configure > 1
   • Enter the new LAN IPv4 address > 192.168.1.10
   • Enter the new LAN IPv4 subnet bit count > 24
   • For a WAN, enter the new LAN IPv4 upstream gateway address > 192.168.1.254
   • Enter the new LAN IPv6 address > press ENTER for none

     

1. On the Thinkpad host, go to the vEthernet (LAN) network adapter > Properties > IPv4

2. Set a static IP of 192.168.3.13 with a subnet mask 255.255.255.240

   

3. From pfSense, selecting option 7 to ping the following hosts:
   • google.ca

     

   • Thinkpad Host WAN192.168.1.74 & LAN 192.168.3.13

     

     

4. From Host Thinkpad , ping 192.168.3.14 the LAN interface on pfSense

   

1. From the host Thinkpad, go to a web browser and enter 192.168.3.14 in the address bar

2. Enter the default pfSense credentials to login
   • Username: admin
   • Password: pfsense

3. Complete the 9 steps in the Wizard / pfSense Setup
   • Step 1 - Netgate Global support: > Click Next
   • Step 2 - General Information: Leave the hostname, domain, and DNS settings as is > Next
   • Step 3 - Time Server Information: Select timezone US/Pacific > Next
   • Step 4 - Configure WAN Interface: Leave DHCP Selected Type as Static > Next
   • Step 5 - Configure LAN interface: Leave the LAN IP address and subnet mask as 192.168.3.14 /28 > Next
   • Step 6 - Set Admin webGUI Password: EnterPa$$w0rd as the new admin password > Next
   • Step 7 - Reload Configuration: Click Reload
   • Step 8 - Reload in progress: Wait for the reload to finish
   • Step 9 - Wizard completed: Click Check for Updates

   

4. View the pfSense dashboard

   

1. From the pfSense Web GUI go to the Firewall tab > click Aliases

2. Click New to make a alias for both nested Hyper-V Servers
   • Name: ‘HV’
   • Type: Select Hosts
   • IP: 192.168.3.5 and 192.168.3.6
   • Click Save

3. Repeat for SAN 192.168.3.4 & DC2 192.168.3.2

   

4. Go to Firewall > Rules > click LAN

5. Click Add to create a new firewall rule to block the alias HV from reaching the internet with the following:
   • Action: Select Block
   • Protocol: Select Any
   • Address Family: IPv4+IPv6
   • Source: Select Single host or alias > HV
   • Destination: Select Any
   • Click Save

     

6. Repeat for Alias SAN and DC2

   

7. Disable all of the firewall rules while the network infrastructure is being created

8. In Hyper-V, set the RAM for pfSense to 512 MB Static

9. ⏲ Take a checkpoint of pfSense named “FW configuration complete”

1. On the host Thinkpad and open PowerShell as an administrator and run the script below to create a VM with the following properties:
   • Name: DC1
   • Generation: Generation 2
   • Memory: 2048 MB Static (this will be set to 512 MB Static after configuration is complete)
   • Network: LAN
   • Hard Disk: Differencing disk to ParentServer2019-Core.vhdx
   • Operating System: Windows Server 2019 (Core)
   • Automatic Checkpoints: Disabled
   • VM Guest Services: Enabled

   #
   # Create a VM with Windows Server 2019 (Core) with 2GB Static Memory on a Differencing Disk
   # Connect to the LAN switch
   # Disable automatic checkpoints & enable VM Guest Services
   #
   $VMName = Read-Host -Prompt 'Input the VM name'
   $parentpath = "V:\VMs\VHDX\ParentServer2019-Core.vhdx"
   $VHDPath = "V:\VMs\VHDX\" + $VMName + ".vhdx"
   
   # Create VM with a differencing disk, update settings ,and start vm
   New-VHD -ParentPath $parentpath -Path $VHDPath -Differencing
   New-VM -Name $VMName -MemoryStartupBytes 2GB -VHDPath $VHDPath -Generation 2 -SwitchName LAN
   Set-VM $VMName -AutomaticCheckpointsEnabled $false
   Set-VMMemory $VMName -DynamicMemoryEnabled $false
   Enable-VMIntegrationService -VMName $VMName -Name "Guest Service Interface"
   Start-VM -Name $VMName
   VMConnect.exe

   

2. Enter Pa$$w0rd as the new credentials for Administrator

1. On DC1 open Server Configuration by enteringsconfig

   

2. Select 8to edit Network Settings

3. Select option 1 to Set Network Adapter Address
   • Select: s for Static IP
   • Enter Static IP address: 192.168.3.1
   • Enter Subnet Mask: 255.255.255.240
   • Enter Default Gateway: 192.168.1.14

     

4. From the Network Adapter Settings options, select option 2 to set DNS Servers > enter new preferred DNS server: 8.8.8.8

5. From the Server Configuration options, select option 15 to Exit to Command Line

6. Typepowershell

7. Test network connectivity with:
   • ping google.ca
   • ping 192.168.3.14 (pfSense)
   • ping 192.168.3.13 (Thinkpad Host)

     

   • tracert google.ca

     

8. Return to Server Configuration with sconfig

9. Download and install updates by selecting option 6
   • Search for all updates with A
   • Install all updates with A

   

10. From Server Configuration, select option 11 for Windows Activation
    • Select 2 to Activate Windows
    • Select 1 to Display License Info

    

11. From Server Configuration, select option 2 to change the computer name to “DC1”

    

12. Restart the server with option 13 to apply the name change

1. Enter PowerShell on DC1 with powershell

2. Rename the local user account Administrator to “_sysadmin” with the following:

   Get-LocalUser
   Rename-LocalUser -Name "Administrator" -NewName "_sysadmin"
   #View changes
   Get-LocalUser

   

3. Log off as user Administrator with sconfig > Select option 12

4. Log into DC1 with the user _sysadmin

5. Open powershell

6. Rename the network adapter from Ethernet to “LAN” with the following:

   Get-NetAdapter
   Rename-NetAdapter -Name "Ethernet" -NewName "LAN"
   Get-NetAdapter
   
   #To view additional properties of the adapter (can omit -Name or -Property) 
   Get-NetAdapter -Name "LAN" | Format-List -Property *

   

7. In Hyper-V, create and attach a 10 GB Dynamically expanding VHDX named DC1db to DC1

8. From powershell on DC1 initialize, partition, and format the volume with the following:

   Get-Disk
   Initialize-Disk -Number 1
   New-Partition -DiskNumber 1 -UseMaximumSize
   Get-Partition -DiskNumber 1
   Get-Partition -DiskNumber 1 -PartitionNumber 2 | Format-Volume -FileSystem NTFS
   Get-Partition -DiskNumber 1 -PartitionNumber 2 | Set-Partition -NewDriveLetter D

   

9. Create directories ‘SYSVOL’ and ‘NTDS’ in the new volume D:\ with md SYSVOL & md NTDS

   

10. ⏲ Checkpoint DC1 & name it “Before AD Role”

1. From PowerShell DC1, install the Active Directory Domain Services role with the following:

   #Install ADDS and Group Policy Management Console (GPMC)
   Install-WindowsFeature -Name AD-Domain-Services,GPMC -IncludeManagementTools -Verbose
   
   #Make sure that the AD-Domain-Services role is installed
   Get-WindowsFeature -Name *AD*
   
   #use ADDSDeployment module cmdlets to deploy a new domain
   Get-Command -Module ADDSDeployment

   

2. ⏲ Checkpoint DC1 with the name “Before new domain”

3. From PowerShell create a new forest root domain cap.int with the following:

   # 
   # Windows PowerShell script for AD DS Deployment
   # Install-ADDSForest: Installs a new forest root domain
   #
   
   Import-Module ADDSDeployment
   Install-ADDSForest `
   -DatabasePath "D:\NTDS" `
   -DomainMode "WinThreshold" `
   -DomainName "cap.int" `
   -DomainNetbiosName "cap" `
   -ForestMode "WinThreshold" `
   -InstallDns:$true `
   -LogPath "D:\NTDS" `
   -NoRebootOnCompletion:$false `
   -SysvolPath "D:\SYSVOL" `
   -Force:$true
   
   #Enter Pa$$w0rd as the SafeModeAdministrator password

   

4. Reboot the DC1 server (may take up to 10 minutes on first reboot) and login with userPrincipleName (UPN) _sysadmin@cap.int or cap\_sysadmin
   • ❗ To change the user, have the VM connection in ‘Basic Session’ and hit the ESC key twice

   

5. (Optional) Verify the successful installation of the services in PowerShell

   # List the status of the AD related services on DC
   Get-Service adws,kdc,netlogon,dns
   
   # List configuration details of the DC
   Get-ADDomainController
   
   # List details of Active Directory Domain
   Get-ADDomain cap.int
   
   # List Active Directory Forest details
   Get-ADForest cap.int

   

6. ⏲ Checkpoint DC1 and name it “Before Aidan Admin Creation”

1. In PowerShell, create a new User named “Aidan” & copy the properties of _sysadmin

   Import-Module ActiveDirectory
   
   #Create new Active Directory User
   New-ADUser `
   -Name "Aidan" `
   -GivenName "Aidan" `
   -Surname "Waugh" `
   -SamAccountName "Aidan" `
   -UserPrincipalName "Aidan@cap.int" `
   -AccountPassword (ConvertTo-SecureString "Password123" -AsPlainText -Force) `
   -ChangePasswordAtLogon $true `
   -Enabled $true
   
   #View User Details (Optional)
   Get-ADUser -Identity Aidan -Properties *
   
   #Copy _Sysadmin's property "Member of"
   $getusergroups = Get-ADUser –Identity _sysadmin -Properties memberof | Select-Object -ExpandProperty memberof
   
   #Assign Aidan to be a member of the same groups > become a domain admin
   $getusergroups | Add-ADGroupMember -Members Aidan -verbose
   
   #Verify
   Get-ADUser -Identity Aidan -Properties memberof | Select-Object -ExpandProperty memberof

   

2. Login to DC1 with the aidan@cap.int account

   

2. ⏲ In Hyper-V, delete the checkpoint subtree on DC1

3. ⏲ Checkpoint DC1 and name it “Before Thinkpad joins domain”

1. Set the LAN vEthernet adapter DNS settings to 192.168.3.1

   

2. Verify that DC1 can be found

   

3. On Thinkpad right-click the Windows Icon > System and view the About Page

4. Click Rename this PC (advanced) > click Change...

5. In the popup Computer Name/Domain Changes complete the following:
   • Domain: cap.int
   • Credentials: aidan@cap.int

     

6. Restart Thinkpad
   • ❗ Note - as Thinkpad is a Type 1 Hypervisor, any VM’s that are running will restart when the host does. And can be accessed from any account thinkpad\aidan or cap\aidan

7. Log into the local user account thinkpad\aidan

8. Reboot & log into thinkpad\aidan

9. View the computer name from Settings > About and notice that the full device name is now thinkpad.cap.int

   

10. Switch user and log into cap\aidan. If using RDP to access Thinkpad, enter cap\aidan as the new credentials.
    • View the networking - the IP’s are the same
    • Open Hyper-V and notice that the VMs are present
    • ❗ The rest of the project should be completed on Thinkpad logged in as the domain administrator cap\aidan. Errors will occur if working from the local computer account even when the domain credentials are used.

1. On Thinkpad search for “Optional Features” > click Add a feature > Install the following Remote Server Administration Tools (RSAT) tools:

   

2. Open Server Manager

3. In the toolbar click Manage > Add Servers

4. Select the DNS tab > search for dc1 & select > click OK to add

   

   

5. If using the local thinkpad\aidan account (not recommended), right click server DC1 > select Manage as... > Enter domain admin credentials aidan@cap.int

   

1. In Server Manager’s left panel, click on DNS

2. Right click DC1 > Select DNS Manager

3. From DNS Manager, right click DC1.cap.int > Properties > Open the Forwarders tab

   

4. Navigate to Forward Lookup Zones and click on cap.int to view the existing entries

   

5. Right click the directory Reverse Lookup Zones > select New Zone.. to open the Wizard

6. Complete the New Zone Wizard with the following:
   • Zone Type: Primary Zone
   • Active Directory Zone Replication Scope: To all DNS servers running on domain controllers in this domain: proj.int (2nd option)
   • Reverse Lookup Zone Name: IPv4 Reverse Lookup Zone
   • Network ID: 192.168.3
   • Dynamic Update: Allow only secure dynamic updates (1st option which is recommended for Active Directory)

     

7. ⏲ Checkpoint DC1 and name it “DNS complete”

1. From Server Manager, right click DC1 > select Active Directory User and Computers

2. Click on cap.int and view the existing organizational units (OU)
   • DC1 → Domain Controllers
   • Thinkpad (computer) → Computers
   • Aidan (user) → Users

   

3. Create OUs to match the following organizational diagram.
   • Move the Thinkpad computer object from Computers to Win10
   • Move user Aidan from Users to Domain_Users - any GPO’s applied to the domain users will not affect the administrator.

   

   

4. (Optional) View the distinguished name (the OU path required for PowerShell)

   

5. Create 4 users in ADUC or with PowerShell

   

   #
   #PowerShell commands for basic user creation
   #
   Import-Module ActiveDirectory
   New-ADUser `
   -Name "Amy Li" `
   -GivenName "Amy" `
   -Surname "Li" `
   -SamAccountName "Amy.Li" `
   -UserPrincipalName "amy.li@cap.int" `
   -Path "OU=FIN_Accountants,OU=FIN,OU=Domain_Users,DC=cap,DC=int" `
   -AccountPassword (ConvertTo-SecureString "Password123" -AsPlainText -Force) `
   -ChangePasswordAtLogon $true `
   -Enabled $true

6. ⏲ Checkpoint DC1 and name it “Before LinDHCP”

7. Shut down DC1 and set the memory to 512 MB static

8. Start DC1

1. On Thinkpad’s Hyper-V, create a new VM named “LinDHCP” with the following:
   • Memory: 2048 MB Static (this will be set to 512 MB after configuration)
   • Network: LAN
   • Operating System: CentOS-Stream-8.iso

     

2. Edit the following Hyper-V settings of LinDHCP
   • Secure Boot: Disabled
   • Checkpoints: Uncheck automatic checkpoints

3. Connect and start the LinDHCP VM

4. Select Install CentOS Stream 8-stream > Press ENTER

5. On the welcome installation screen, select language English (Canada) > Click Continue to go to the Installation Summary Page

   

6. Click Time & Date > Pick Vancouver on the map> Done

7. Click Installation Destination > Click on the disk and ensure it is selected > Done

   

8. Click Software Selection > Select Server as the base environment and Network Servers as additional software to be installed

   

9. Click Network & Host Name
   • Enter the Host Name as “LinDHCP”
   • To setup the eth0 (LAN interface) in the bottom left corner of the screen click Configure...

10. From the Editing LAN popup click on the tab IPv4 Settings

11. Enter the following settings for the LAN network interface then click Save:
    • Connection Name: “LAN”
    • Method: Manual
    • Address: 192.168.3.3
    • Netmask: 28
    • Gateway: 192.168.3.14
    • DNS Servers: 192.168.3.1
    • Search Domains: cap.int

      

12. Connect the ethernet by clicking the on/off toggle and view the summary of the configured settings > Click Done to return to the Installation Summary Page

    

13. Click User Creation and create a administrator user named “_lsysadmin” with the password Pa$$w0rd > Done

14. Click Root Password and enter Pa$$w0rd > Done

15. Click Begin Installation

    

16. When the installation is complete, click Reboot System

17. Login to LinDHCP with _lsysadmin and Pa$$w0rd

18. View networking configuration with ifconfig

19. Test internet connectivity by entering ping google.ca

    

20. ❗ Note: Pay attention to the prompt $ or #

    

21. Update the OS with # dnf update (note that # yum update -y also works)

22. (Optional) Install traceroute with # yum install traceroute -y and run $ traceroute google.ca

    

1. Install the dhcp server package and dependencies with # dnf install dhcp-server

   

2. Open the dhcpd configuration file with # nano /etc/dhcp/dhcpd.conf

3. Write the following into dhcpd.conf

   ❗ Note: all entries need to be manually entered as copying into a Linux guest VM does not work, or create from a SSH session.

   # set lease times
   default-lease-time 600;
   max-lease-time 7200;
   
   # declare the DHCP Server
   authoritative;
   
   # Set Network address, subnet mask and gateway
   subnet 192.168.3.0 netmask 255.255.255.248 {
   	option routers 192.168.3.14;
   	option broadcast-address 192.168.3.15;
   	option subnet-mask 255.255.255.240;
   	option domain-search "cap.int";
     option domain-name-servers 192.168.3.1;
   	# IP address scope range - set only 1 which will be used for thinkpad
     range 192.168.3.13 192.168.3.13;  
   }
   
   #Set DHCP Reservations for servers, find the MAC address in Hyper-V Settings
   host DC1 {
   	hardware ethernet 00:15:5D:05:4A:06;
   	fixed-address 192.168.3.1;
   }
   
   host LinDHCP {
   	hardware ethernet 00:15:5D:05:4A:08;
   	fixed-address 192.168.3.3;
   }

   

4. When finished editing press CTRL+S then CTRL+X to save and exit
   • Note: CTRL is shown as ^

5. Start the service dhcpd, check the status to verify it is active, and set the service to start on reboot with:
   • # systemctl start dhcpd
   • # systemctl status dhcpd
   • # systemctl enable dhcpd.service

   

6. Reboot the DHCP server and verify that the dhcpd service starts automatically with:
   • # reboot
   • # systemctl status dhcpd

1. On Thinkpad set the LAN network adapter settings to Obtain an IP address automatically

2. On Thinkpad open PowerShell as an administrator and run the following:
   • ❗ If using RDP to access Thinkpad exit the session and work directly on the host. Reconnect after the settings are renewed.

   ipconfig /release
   ipconfig /renew
   ipconfig /all

3. View the DHCP Server IP for vEthernet LAN and notice it points to LinDHCP

4. From LinDHCP view the DHCP leases with $ cat /var/lib/dhcp/dhcpd.leases

   

1. Install the required packages on LinDHCP
   • # dnf install realmd sssd oddjob oddjob-mkhomedir adcli samba-common-tools krb5-workstation

     

2. Join the cap.int domain
   • Use the Aidan admin credentials # realm join --user=aidan cap.int
   • View the computer object in ADUC

   

3. Move the computer object LINDHCP into the OU=DHCP

4. On LinDHCP login with the domain admin aidan@cap.int

   

5. In DNS Manager on Thinkpad add a A record for LinDHCP

6. ⏲ Checkpoint LinDHCP and name it “Functional DHCP - future reservations need to be added”

7. Shut down the VM and set the memory to 512 MB static

1. ⏲ Checkpoint DC1 and name it “Before SAN”

2. In Hyper-V on Thinkpad, create a new VM named “SAN” with using the script from Appendix E to create the following:
   • Memory: 2048 MB Static (will be set to 512 MB after)
   • Network: LAN
   • Hard Disk: Differencing disk to ParentServer2019-Core.vhdx
   • Operating System: Windows Server 2019 (Core)

3. Connect and start the SAN virtual machine

4. Set the admin password to Pa$$w0rd

5. Set LAN networking in sconfig
   • IP Address: 192.168.3.4
   • Subnet: 255.255.255.240 (/28)
   • Default Gateway: 192.168.3.14
   • DNS: 192.168.3.1 & 8.8.8.8

6. From PowerShell run the following:

   Get-NetAdapter
   Rename-NetAdapter -Name "Ethernet" -NewName "LAN"
   
   Get-LocalUser
   Rename-LocalUser -Name "Administrator" -NewName "_lsysadmin"
   
   Restart-Computer -Force

7. From sconfig select option 2 to rename the computer to “SAN”

8. Verify all post-install tasks are complete and are configured correctly as per Appendix G

9. Restart the VM with Restart-Computer -Force

1. On Thinkpad open PowerShell and run the following commands:

   # Update hosts file to map SAN's IP to name "SAN"
   Add-Content -Path C:\Windows\System32\drivers\etc\hosts -Value "192.168.3.4 SAN"
   
   #Start the WinRM service
   Start-Service -Name WinRM
   
   #Set SAN host as trusted
   Set-Item -Path WSMan:\localhost\Client\TrustedHosts -Value SAN -Concatenate -Force
   
   #View the list
   Get-ChildItem -Path WSMan:\localhost\Client\TrustedHosts | Format-List

2. Open Server Manager and add SAN from the DNS tab

3. To fix the Kerberos authentication error, right-click SAN > Manage As > Enter the following credentials
   • User: san\_lsysadmdin - as SAN is a workgroup computer not a cap.int domain member, the domain value is san\ for the VM’s name
   • Password: Pa$$w0rd

     

     

1. From Thinkpad on PowerShell create eight 25GB disks and attach to the SAN VM with the following:
   • ❗ This may take some time as the disk size is fixed

   New-VHD -Path V:\VMs\VHDX\Disk1.vhdx -Fixed -SizeBytes 25GB
   Add-VMHardDiskDrive -VMName SAN -Path V:\VMs\VHDX\Disk1.vhdx
   
   New-VHD -Path V:\VMs\VHDX\Disk2.vhdx -Fixed -SizeBytes 25GB
   Add-VMHardDiskDrive -VMName SAN -Path V:\VMs\VHDX\Disk2.vhdx
   
   New-VHD -Path V:\VMs\VHDX\Disk3.vhdx -Fixed -SizeBytes 25GB
   Add-VMHardDiskDrive -VMName SAN -Path V:\VMs\VHDX\Disk3.vhdx
   
   New-VHD -Path V:\VMs\VHDX\Disk4.vhdx -Fixed -SizeBytes 25GB
   Add-VMHardDiskDrive -VMName SAN -Path V:\VMs\VHDX\Disk4.vhdx
   
   New-VHD -Path V:\VMs\VHDX\Disk5.vhdx -Fixed -SizeBytes 25GB
   Add-VMHardDiskDrive -VMName SAN -Path V:\VMs\VHDX\Disk5.vhdx
   
   New-VHD -Path V:\VMs\VHDX\Disk6.vhdx -Fixed -SizeBytes 25GB
   Add-VMHardDiskDrive -VMName SAN -Path V:\VMs\VHDX\Disk6.vhdx
   
   New-VHD -Path V:\VMs\VHDX\Disk7.vhdx -Fixed -SizeBytes 25GB
   Add-VMHardDiskDrive -VMName SAN -Path V:\VMs\VHDX\Disk7.vhdx
   
   New-VHD -Path V:\VMs\VHDX\Disk8.vhdx -Fixed -SizeBytes 25GB
   Add-VMHardDiskDrive -VMName SAN -Path V:\VMs\VHDX\Disk8.vhdx

   

2. In SAN’s settings in Hyper-V, add a Network Adapter and connect it to the iSCSI virtual switch

3. On SAN go to sconfig > Option 8 > set the Network Adapter Settings to the following:
   • IP Address: 192.168.10.3 (Static)
   • Subnet Mask: 255.255.255.248

     

4. From PowerShell in SAN rename the new network adapter to “iSCSI”

   Get-NetAdapter
   Rename-NetAdapter -Name "Ethernet" -NewName "iSCSI"
   
   #View Changes
   Get-NetAdapter

   

5. Enable jumbo packets with the size 9014 bytes by entering the following in PS:

   # View settings before
   Get-NetAdapterAdvancedProperty -Name "iSCSI"
   
   # Enable jumbo frames and set size
   Set-NetAdapterAdvancedProperty -Name "iSCSI" -RegistryKeyword "*JumboPacket" -Registryvalue 9014
   
   # View changes
   Get-NetAdapterAdvancedProperty -Name "iSCSI"

   

1. From Server Manager > go to File and Storage Services > Volumes > Storage Pools

2. Under the Storage Pools section > Windows Storage > Right click Primordial > New Storage Pool... to open the Wizard

   

3. Complete the New Storage Pool Wizard with the following:
   • Pool Name: “Pool1”
   • Physical Disks: Select all 6 and set the allocation to Automatic
   • Confirm & click Create

     

     

4. Create a virtual disk named “vDisk” from PowerShell on SAN with the following

   ❗ Windows Server 2019 has a known bug where vDisks can not be made from Server Manager which is why PowerShell is used instead

   # Create a RAID 6 virtual disk by setting resiliency=parity & physical disk redundancy=2
   New-VirtualDisk `
   -StoragePoolFriendlyName "Pool1" `
   -FriendlyName "vDisk" `
   -Size 100GB `
   -ProvisioningType Fixed `
   -ResiliencySettingName "Parity" `
   -PhysicalDiskRedundancy 2

   

5. From Server Manager on Thinkpad > go to Volumes > Disks

6. Expand SAN (2) right click vDisk > click Bring Online

   

7. Right-click vDisk again > select Initialize

8. In the section Volumes click the link To create a volume, start the New Volume Wizard

9. Complete the New Volume Wizard with the following:
   • Server and Disk: Select SAN and Disk 9
   • Size: 100 GB (the maximum available capacity)
   • Drive Letter or folder: Assign to drive letter D
   • File System Settings: File system set to ReFS and label the volume “HVData”

   

1. In Server Manager click All Servers in the left panel

2. Right click server SAN > click Add Roles and Features

3. Install the iSCSI Target Server role >Accept recommended addons which includes the File Server role

   

1. Open Server Manager navigate to File and Storage Spaces > iSCSI

2. Click the link To create an iSCSI virtual disk, start the New iSCSI Virtual Wizard

3. Complete the iSCSI Virtual Disk Wizard with the following
   • Name: “HVData”
   • Disk Size: 98.3 GB (the maximum)
   • iSCSI Target: Create new target named “HVData” and add IP addresses that will be used for the nested Hyper-V servers to be the initiators 192.168.10.1 and 192.168.10.2 for HV1 and HV2

     

     

4. Notice that the target and virtual disk status is Not Connected this will be setup later

   

1. From Server Manager go to File and Storage Services > Volumes > Storage Pools

2. On SAN run create a virtual disk from the free 22 GB in Pool1 with the following PS script:

   # Create a RAID 6 virtual disk by setting resiliency=parity & physical disk redundancy=2
   New-VirtualDisk `
   -StoragePoolFriendlyName "Pool1" `
   -FriendlyName "HVWitness" `
   -Size 2GB `
   -ProvisioningType Fixed `
   -ResiliencySettingName "Parity" `
   -PhysicalDiskRedundancy 2

   

   

3. From Volume > Disks, bring HVData online, initialize, create volume

   

4. Go to the iSCSI tab > click TASKS for iSCSI Virtual Disks > Click New iSCSI Virtual Disk

5. Complete the iSCSI Virtual Wizard and add HVWitness
   • Notice that the existing iSCSI target already exists from the last disk

6. ❗Notice the change of free space on the virtual disk before and after the iSCSI virtual disk has been made - this is expected

   

7. (Optional) On SAN enter Get-PSDrive in PowerShell to see the volumes
   • D:\→ HV Data
   • E:\→ HVWitness

   

8. Shut down the SAN virtual machine

9. Set the memory to 512 MB Static

1. Create a VM named “HV1” with 4GB of RAM using the script from Appendix E

2. Start the virtual machine HV1 and set the administrator password to PaSSw0rd

3. Enter powershell and run the post installation tasks script below: (See Appendix F for future VMs)
   • $IP = 192.168.3.5
   • $SrvName = HV1
   • $SrvOUPath = OU=HYPERV,OU=Servers,DC=cap,DC=int

   #
   # Post-installation tasks
   #
   $IP = Read-Host -Prompt 'Enter IP 192.168.3.x'
   $SrvName = Read-Host -Prompt 'EnterServerNAME'
   $SrvOUPath = Read-Host -Prompt 'AD Path OU=X,OU=Servers,DC=cap,DC=int'
   $MaskBits = 28
   $Gateway = "192.168.3.14"
   $Dns = "192.168.3.1"
   $IPType = "IPv4"
   
   
   # Retrieve the network adapter that you want to configure
   $adapter = Get-NetAdapter | ? {$_.Status -eq "up"}
   # Remove any existing IP, gateway from our ipv4 adapter
   If (($adapter | Get-NetIPConfiguration).IPv4Address.IPAddress) {
    $adapter | Remove-NetIPAddress -AddressFamily $IPType -Confirm:$false
   }
   If (($adapter | Get-NetIPConfiguration).Ipv4DefaultGateway) {
    $adapter | Remove-NetRoute -AddressFamily $IPType -Confirm:$false
   }
    # Configure the IP address and default gateway
   $adapter | New-NetIPAddress `
    -AddressFamily $IPType `
    -IPAddress $IP `
    -PrefixLength $MaskBits `
    -DefaultGateway $Gateway
   # Configure the DNS client server IP addresses
   $adapter | Set-DnsClientServerAddress -ServerAddresses $DNS
   # Rename the Network Adapter
   Rename-NetAdapter -Name "Ethernet" -NewName "LAN"
   
   # Name Computer, add to Domain and OU placement
   $cred = Get-Credential cap\aidan
   Add-Computer -DomainName cap.int -Credential $cred -OUPath $SrvOUPath
   $computer = Get-WmiObject win32_computersystem
   $r = $computer.rename("$SrvName", $cred.GetNetworkCredential().Password, $cred.username)
   
   #Rename the local admin account
   Rename-LocalUser -Name "Administrator" -NewName "_lsysadmin"
   
   # Restart-Computer -Force

   

4. When complete enterRestart-Computer -Force

5. Login to the SAN virtual machine as cap\aidan

9. Complete the following post-install tasks in powershell (see Appendix G for future reference)
   • whoami: verify server is a domain member and that the admin aidan@cap.int is logged in
   • tracert google.ca: verify internet connectivity and DNS
   • ping LinDHCP: test DNS to a domain server
   • ipconfig: verify IPv4 address, subnet, default gateway
   • Get-LocalUser: verify the local admin account has been renamed to _lsysadmin
   • Get-NetAdapter: verify the network adapter has been renamed

     

     

10. Complete the following post-install tasks in sconfig (see Appendix G for future reference)
    • 11 Windows Activation, verify Windows is activated and has the 180 day trial
    • 6 Download and Install updates

11. Complete the following post-install tasks from Server Manager (see Appendix G for future reference)
    • Open DNS Manager and view the host A record
    • Open ADUC and verify the computer object is in the correct OU

      

12. Complete the following post-install tasks from Thinkpad (see Appendix G for future reference)
    • Add the HV1 VM to Server Manager and manage as cap\aidan
    • ⏲ Checkpoint (if needed, but try to keep to a minimum)

10. Repeat all steps to make the 2nd server HV2

1. On Thinkpad’s Hyper-V manager, open the settings for HV1

2. Under Hardware > Processor > Set to 2 Virtual Processors

3. Under Hardware > Network Adapter LAN > Advanced Features > Check Enable MAC address spoofing

   

4. Add Network Adapter’s to the iSCSI, HB, and LM switches

5. Start HV1 and enter sconfig > 8 view network settings & view the MAC addresses of each adapter in Hyper-V Manager

   

6. From sconfig set the network adapters with the following:

   Index# - Network	IP Address	Subnet
   1 - LAN	192.168.3.5	255.255.255.240
   2 - iSCSI	192.168.10.1	255.255.255.248
   3 - HB	192.168.20.1	255.255.255.248
   4 - LM	192.168.30.1	255.255.255.252

   

7. From PowerShell rename the network adapters

   ❗ Match the Ethernet to the MAC address each time before running!

   Get-NetAdapter | Sort-Object -Property "InterfaceDescription"
   
   Rename-NetAdapter -Name "Ethernet" -NewName "iSCSI"
   Rename-NetAdapter -Name "Ethernet 2" -NewName "HB"
   Rename-NetAdapter -Name "Ethernet 3" -NewName "LM"
   #View
   Get-NetAdapter | Sort-Object -Property "InterfaceDescription"

8. Restart the server to apply the renaming changes with Restart-Computer -Force

9. Verify that the proper IP address is assigned to the network adapter (compare to MAC address) and that the net adapter is renamed with ipconfig /all, Hyper-V Manager, and/or with the following code:

   #View
   Get-NetAdapter | Sort-Object -Property "ifIndex" -Descending |Format-Table -Property "ifIndex", "Name", "MacAddress" 
   Get-NetIPAddress -AddressFamily IPv4 | Sort-Object -Property "ifIndex" -Descending | Format-Table -Property "ifIndex", "IPAddress", "PrefixLength"
   Get-NetIPConfiguration | Sort-Object -Property "InterfaceIndex" -Descending |  Format-Table -Property "InterfaceIndex", "InterfaceAlias", "IPv4Address"

   

   

10. Enable jumbo frames on the network adapter connected to iSCSI with the following:

    # View settings before
    Get-NetAdapterAdvancedProperty -Name "iSCSI"
    # Enable jumbo frames and set size
    Set-NetAdapterAdvancedProperty -Name "iSCSI" -RegistryKeyword "*JumboPacket" -Registryvalue 9014
    # View changes
    Get-NetAdapterAdvancedProperty -Name "iSCSI"
    
    # Test sending jumbo frames (after the VM's have been made and also have jumbo frames enabled)
    ping 192.168.10.3 -f -l 8500

11. From HV1 send a ping with jumbo frames to SAN ping 192.168.10.3 -f -l 8500
    • ❗ No DNS settings are set for this network requiring IP addresses
    • -f Specifies that echo Request messages are sent with the Do not Fragment flag in the IP header set to 1 (available on IPv4 only). The echo Request message can't be fragmented by routers in the path to the destination. This parameter is useful for troubleshooting path Maximum Transmission Unit (PMTU) problems.
    • /l <size> Specifies the length, in bytes, of the Data field in the echo Request messages. The default is 32. The maximum size is 65,527.

    

12. Open the firewall so the server allows ICMP pings

    #Allow Ping
    netsh advfirewall firewall add rule name="ICMP Ping Allow" protocol="icmpv4:8,any" dir=in action=allow
    
    #Block ping (for referenc)
    netsh advfirewall firewall add rule name="ICMP Ping Block" protocol="icmpv4:8,any" dir=in action=block

13. Shutdown the HV1 VM

14. Enable nested virtualization for the virtual machine by running the following from PowerShell on the host Thinkpad:

    #Run from Thinkpad Host while the guest VM is off
    Get-VMProcessor -VMName HV1 | fl
    Set-VMProcessor -VMName HV1 -ExposeVirtualizationExtensions $true 

    

15. Repeat steps 1-14 for HV2

    Index# - Network	IP Address	Subnet
    1 - LAN	192.168.3.6	255.255.255.240
    2 - iSCSI	192.168.10.2	255.255.255.248
    3 - HB	192.168.20.2	255.255.255.248
    4 - LM	192.168.30.2	255.255.255.252

1. From HV1 enteriscsicpl to open the iSCSI Initiator

2. In the iSCSI Initiator Properties popup, click the Discovery tab
   1. Click Discover Portal and enter in SAN’s IP 192.168.10.3 and click Advanced...
   2. Set Local adapter: to Microsoft iSCSI Initiator
   3. Set Initiator IP: 192.168.10.1 the IP of HV1
   4. Click OK at the bottom of the window

3. Click on the Targets tab > click Connect
   • If the connection fails, restart the Storage Server (SAN) or restart the iSCSI Target Service.

   

4. Go to Volumes > Disks > and expand HV1

5. Right click iSCSI disk > bring online, initialize, and create a volume with NTFS named “HVData”

   

   

4. Enable File Sharing by running the following command on HV1’s PowerShell:
   • Set-NetFirewallRule -DisplayGroup "File And Printer Sharing" -Enabled True -Profile Any

5. Make the directories VMs\VHDX on the iSCSI virtual disk from file explorer \\192.168.3.5\d$ or PowerShell mkdir VMs\VHDX

   

8. Repeat steps 1-3 & 6 on HV2 for the iSCSI initiator. The drive does not need to be formatted again and note that only 1 VM can be connected at a time

1. ‼ Login to account cap\aidan on Thinkpad and complete the rest of the project from here. Multiple issues are caused from working from the thinkpad\aidan account in future steps

2. ⏲ Checkpoint DC1 and name it “Before Nested HV”

3. From Server Manager right-click HV1 > select Add Roles and Features

4. Complete the Add Roles and Features Wizard and install the role Hyper-V with the following:
   • Server Roles: Select Hyper-V
   • Features: ❗ Select Failover Clustering or install separately after
   • Virtual Switches: Leave all unchecked as switches will be made manually later
   • Migration: Leave unchecked
   • Default Stores: Default VHDX file location = D:\VMs\VHDX , VM configuration files = D:\VMs
   • Confirmation: Check Restart the destination server automatically if required

   

5. Verify the role installation by running the following PS command on HV1
   • Get-WindowsFeature Hyper*

   

6. From Hyper-V Manager on Thinkpad, right click Hyper-V Manager > Connect to Server > Browse and select HV1

   

7. Click HV1 in Hyper-V Manager > Virtual Switch Manager

8. Create a new virtual network switch named “LANext” and connect it to External network: Microsoft Hyper-V Network Adapter

   

   

1. From Server Manager install the feature Failover Clustering to HV1 & HV2

   

2. In Server Manager go to the Tools drop down and select Failover Cluster Manager

3. Right-click Failover Cluster Manager > Select Validate Configuration

4. Complete the Validate a Configuration Wizard with the following:
   • Select Servers: HV1.cap.int and HV2.cap.int
   • Testing Options: Select Run all tests
   • Summary: View results and any errors. Check Create the cluster now using the validated nodes

   

   

5. Complete the Create Cluster Wizard with the following:
   • Access Point for Administering the Cluster: Name = HV-Cluser, Address = 192.168.3.7
   • Confirmation: Uncheck Add all eligible storage to the cluster

     

   

6. View HV-Cluster.cap.int

   

7. In Failover Cluster Manager navigate to HV-Cluster.cap.int > Storage > Disks

8. Click Add Disk and add both Cluster Disk 1 and 2 (HVdata and Quorum)

   

9. Rename the disks from Cluster Disk # to “HV-Data” and “HV-Witness”

   

10. Right click the disk HV-Data > Select Add to Cluster Shared Volumes
    • Cluster Shared Volumes (CSV) enable multiple nodes in a Windows Server failover cluster to simultaneously have read-write access to the same LUN (disk) that is provisioned as an NTFS volume

      

    

    

    

    

11. Right click HV-Cluster.cap.int > More Actions > Click Configure Cluster Quorum Settings....

12. Complete the Configure Cluster Quorum Wizard with the following:
    • Select Quorum Configuration Option: Click Select the quorum witness
    • Select Quorum Witness: Click Configure a disk witness
    • Configure Storage Witness: Click HV-Witness

      

      

13. In Failover Cluster Manager > Networks > Rename the networks from Cluster Network # to the proper network name

    

14. (Optional) Click through all the HV-Cluster.cap.int options

    

15. (Optional) Run ipconfig on HV1 and HV2

    

16. (Optional) View Server Manager > click Refresh > and notice that HV-Cluster is added automatically

    

1. Test failover clustering by pausing HV1 on Thinkpad’s Server Manager > verify the cluster remains > then resume HV1

2. Test failover clustering by pausing HV2 on Thinkpad’s Server Manager > verify the cluster remains > then resume HV2

   

3. Go to Hyper-V Manager on Thinkpad > Click HV2 > Hyper-V Settings

4. Change the default locations from D:\ to the ClusterStorage on C:\
   • Virtual Hard Disks: C:\ClusterStorage\volume1\vms\vhdx\
   • Virtual Machines: C:\ClusterStorage\volume1\vms\

   

5. Copy over the ParentServer2019-Core.vhdx file from Thinkpad to \\192.168.3.5\c$\ClusterStorage\Volume1\VMs\VHDX (or to \\192.168.3.6 as both have access)

   

6. Go to Roles > Click Virtual Machines... > New Hard Disk... > create a differencing vhdx named ‘File1’

   

7. In Roles > Virtual Machines... > Click New Virtual Machine... > Create a VM named “File1” with 1024 MB Static Memory that is connected to the child differencing disk and the LAN external switch

   

8. Notice that when the VM is created, the High Availability Wizard automatically appears and runs

   

   

9. Within Failover Cluster Manager > Roles > right-click File1 > Connect and start

10. Set FILE1’s property preferred owners to be both HV virtual machines

    

11. Test live migration by going clicking Move > Live Migration > Select Node.... > Select the other HV VM
    • When complete notice that the Owner Node changes to the other HV virtual machine

      

    

12. Create another VM named ‘FILE2’ on the HV# that is not in use > verify that a separate role is created and that the VM’s boot and run while on different nested Hypervisors

    

1. ⏲ Checkpoint DC1 and name it “Before FS and cluster”

2. On FILE1 and FILE2 run the post install tasks from Appendix F
   • ❗ for spaces and line breaks the script has ^M this is ok and it will run as expected

   

3. Complete the verification checks as per Appendix G

4. On FILE1 and FILE2 install the role File Server and feature Failover Clustering

   

5. In Failover Cluster Manager navigate to Roles > Under the Actions panel click Virtual Machines... > Select New Hard Disk..

6. Complete the Virtual Hard Disk Wizard with the following to create a VHD Set:
   • Format: VHDSet
   • Type: Dynamically Expanding
   • Name: “FSdata.vhds”
   • Location: The cluster storage volume
   • Size: 15 GB
   • ❗ If a Fixed disk is created instead it may take up to 20 minutes to create - choose dynamic

7. Create a 2nd VHDS named “FSwitness” that is 3GB in size

8. In File Explorer view the new VHDS file and notice that there are 2 files per set
   • Virtual machines connect to the .VHDS file and data is stored in the .AVHDX file
   • .vhds is a configuration file that contains metadata, and is used for maintaining simultaneous access to the disk from multiple cluster nodes.
   • .avhdx (“automatic .vhdx”) is an actual virtual disk where the data resides. It can be fixed or dynamic.

   

9. From PowerShell on HV1 (or HV2) run the following command to attach the VHD Set to the FILE machines :
   • Add-VMHardDiskDrive -VMName FILE2 -Path "C:\ClusterStorage\Volume1\VMs\VHDX\FSdata.vhds" -SupportPersistentReservations

     

10. Repeat so both HV1 and HV2 has FSdata.vhds & FSwitness.vhds

    

11. From Server Manager navigate to File and Storage Spaces > Volumes > Disks

12. Bring FSdata.vhds & FSwitness.vhds online, initialize, and create volumes with the file system NTFS

    

    

13. On HV1 view the available network adapters in sconfig or PowerShell Get-NetAdapter

14. View which adapter (by IP or adapter name) is connected to the HB network & the corresponding interface description number Hyper-V Network Adapter#

15. In the Hyper-V Manager for HV1 > Virtual Switch Manager... > Create a new virtual network switch:
    • Switch Type: External
    • ❗ Select the Microsoft Hyper-V Network Adapter # that corresponds to the HB network
    • Name: HBext

    

16. Repeat on HV2 to create another external switch

17. On Hyper-V Manager for Thinkpad > Open the settings for HV1

18. Expand the HB Network Adapter > Advanced Features > Check Enable MAC address spoofing

    

19. Repeat on HV2 to enable MAC spoofing on the HB adapter

20. On FILE1 & FILE2 from sconfig or PowerShell set the following:

    IPv4 FILE1	192.168.20.3
    IPv4 FILE1	192.168.20.4
    Subnet	255.255.255.248
    NetAdapter Name	HBext

21. Verify connectivity on the HB network 192.168.20.0 /29 by sending pings from FILE1 to FILE2 and vice versa

    

1. From Failover Cluster Manager validate the configuration for FILE1 and FILE2 by running all tests

   

2. Complete the Create Cluster Wizard with the following:
   • Cluster Name: “FS-Cluster”
   • IP Address: 192.168.3.10
   • Add all eligible storage to the cluster: Uncheck

     

3. View results - notice that there are 2 clusters connected in the manager HV-Cluster and FS-Cluster

   

4. From Storage > Disks > Add both VHDS to the cluster & rename

   

5. Configure the cluster quorum and add the disk FS-Witness to be the disk witness resource

   

6. Rename the networks in FS-Cluster to “LAN” and “HB”

   

1. ❗ Without this step, the File Server role will install but will be offline and have errors because FS will not be created because the Cluster Name Object (CNO) FileServerCluster does not have permission to create computer objects.

   

2. From Server Manager > Right-click DC1 > Open Active Directory Users and Computers (ADUC)

3. On the View menu taskbar check Advanced Features so it is selected

4. Right-click the FS OU where the FS-Cluster CNO (Cluster Name Object) is located > select Properties

5. On the Security tab, select Advanced > Add

   

6. In the Permission Entry window click Select a principal > Object Types > Select Computers

   

7. Add the object FS-Cluster

8. In the Permission Entry dialog box set the following:
   • Type: Allow
   • Applies to: This object and all descendant objects
   • Permissions: Select Create Computer objects

   

   

1. In Failover Cluster Manager navigate to > FS-Cluster.cap.int > Roles > Click Configure Role...

2. Create the role File Server with the following:
   • Client Access Point: Name = “FS” & IP= 192.168.3.11
   • Storage Disk: FS-Data

   

3. View results

   

   

1. Click on the File Server object FS in the cluster roles > Click Add File Share to open the New Share Wizard

   

2. Complete the first 4 steps in the wizard as follows:
   • Select Profile: SMB Share - Quick
   • Share location: Click Type a custom path and create and select the directory “Company_Data”
   • Share Name: Add the $ after the share name so the remote path shows as \\fs\Company_Data$
   • Configure share settings: Select all four options

   

3. On the Permissions step click Customize Permissions.. > Disable inheritance > click Convert inherited permissions into explicit permissions on this object

   

4. Select entry for Principal Users (FILE1\Users) with Access = Special > click Remove

5. Select entry for Principal Users (FILE1\Users) with Access = Read & Execute > Change the setting ‘Applies to’ to This folder only

   

6. Confirm the settings in the wizard > click Create

   

7. From Thinkpad’s file explorer navigate to the share \\fs\Company_Data$

8. Pause the owner VM to test the file share failover clustering, verify the share can still be accessed

   

   

9. Set the memory on FILE1 and FILE2 to 512 MB

1. Open Active Directory Users and Computers and go to the OU Security_Groups

2. From ADUC or PS, in the OU IT_Groups create the following Global Groups & add the domain user as a member follows:

   Security Group Name	Group Scope	Domain Member
   IT_Managers_G	Global	Bob Lo
   IT_ServiceDesk_G	Global	Dan Wu

   

   #Create Security Group
   Get-Command -Module ActiveDirectory
   New-ADGroup "IT_Managers_G" `
   -Path "OU=IT_Groups,OU=Security_Groups,DC=cap,dc=int" `
   -GroupCategory Security `
   -GroupScope Global `
   -PassThru –Verbose
   
   #Add Member to Group - Phil.Gibbins
   Add-ADGroupMember -Identity "IT_Managers_G" -Members bob.lo
   
   #View group members to verify Phil was added, can also refresh in AD
   Get-ADGroupMember -Identity "IT_Managers_G"

3. From ADUC or PS, in the OU FIN_Groups create the following Global Groups & add the domain user as a member follows:

   Security Group Name	Group Scope	Domain Member
   FIN_Accountants_G	Global	Amy Li
   FIN_Controllers_G	Global	Sam Hu

4. In the OU IT_Groups create the following Domain Local Groups & add global group as a member follows:

   Security Group Name	Group Scope	Member
   IT_Management_RW_DL	Domain Local	IT_Managers_G
   IT_ServiceDesk_RW_DL	Domain Local	IT_ServiceDesk_G

   

5. In the OU FIN_Groups create the following Domain Local Groups & add the global group as a member follows:

   Security Group Name	Group Scope	Member
   FIN_Accounting_RW_DL	Domain Local	FIN_Accountants_G
   FIN_Accounting_RE_DL	Domain Local	FIN_Accountants_G
   FIN_Controllers_RW_DL	Domain Local	FIN_Controllers_G

   

6. On Thinkpad open the file explorer and access the share \\FS\Company_Data$

7. Create 4 directories in the share - “IT_ServiceDesk”, “IT_Management”, “FIN_Accounting”, and “FIN_Controllers”

   

8. Right-click the IT_Management directory > select Properties

9. Open the tab Security > Click Edit to change permissions > add the group IT_Management_RW_DL

   

10. Give the domain local group Read/Write permissions by checking Modify
    • Groups with RW → Modify Permission
    • Groups with RE → Read & Execute Permission

    

11. In ADUC add FIN_Controllers_G as a member of FIN_Accounting_RW_DL to give the controllers Read/Write access of the directory FIN_Accounting as well

    

12. Test the NTFS permission by logging into users amy.li (accountant) and sam.hu (finance controller) and open the share \\fs\company_data$

    

1. From Server Manager > Tools > Group Policy Management

2. In ‘Group Policy Objects’ > Right click New > Name the GPO “Mapped Drives”

   

3. Right-Click the GPO Mapped Drives > Edit

4. In Group Policy Management Editor expand User Configuration > Preferences > Windows Settings > click Drive Maps

5. From Drive Maps, right-click New > Mapped Drive

   

6. Create a new drive with the following properties:
   • Action: Create
   • Location: \\FS\Company_Data$
   • Reconnect: Check
   • Label as: “Department Directories”
   • Drive Letter: Use “S” for ‘Shared Drive’
   • Hide/Show this drive: Select Show this drive

   

7. Apply the Mapped Drives GPO to the OU Domain_Users

   

8. Test the drive mapping by logging as a domain user such as amy.li on Thinkpad> Open PowerShell and run gpupdate /force > logout

9. Login as amy.li and wait for the GPO to be applied (the logon process will take ~3 minutes) and view the mapped drive and view the applied GPO with gpresult /r

   

1. From Failover Cluster Manager for FS-Cluster.cap.int > Roles > Select FS > Click Add File Share

2. Complete the first 4 steps in the New Share Wizard to with the following:
   • Profile: SMB Share Quick
   • Location: D:\HomeDir
   • Share Name: HomeDir$ (remote path will be \\fs\HomeDir$

3. On the step Permissions on the wizard set the following
   • Disable inheritance > convert to objects
   • Remove the principal Users with access = special
   • Edit the principal Users > set the permission Applies to This folder only and check the advanced permission Create folders /append data

   

4. Open Group Policy Management and create a GPO named “Folder Redirection” in the folder Group Policy Objects

   

5. Right-click the GPO > and click Edit

6. From the editor navigate to User Configuration > Policies> Windows Settings > Folder Redirection

7. Right click the folder Desktop > select Properties and set the following:
   • Right click Desktop > Properties and edit as follows:
     • Setting: Basic – Redirect everyone’s folder to the same location
     • Target Folder Location: Create a folder for each user under the root path
     • Root Path: \\FS\\HomeDir$
     • ❗ Should this GPO ever be deleted/removed, set the Target Folder Location to Redirect to the local userprofile location

   

8. Repeat on the Documents Folder

9. Apply the GPO to the OU Domain_Users

10. Test the drive mapping by logging as a domain user such as amy.li on Thinkpad> Open PowerShell and run gpupdate /force > logout

11. Login as amy.li and wait for the GPO to be applied (the logon process will take ~3 minutes) and the Desktop and Document folder properties and view the applied GPO with gpresult /r

    

    

1. ⏲❗ Checkpoint DC1 and name it “Before DC2”

2. In Failover Cluster Manager for HV-Cluster create a new child differencing disk to ParentServer2019-core.vhdx parent

3. Create a new VM named “DC2” with 1024 MB

4. Complete all post install tasks and run script Appendix F with the following:
   • $IP: 192.168.3.2
   • $SrvName: DC2
   • $SrvOUPath: OU=Servers,DC=cap,DC=int

5. Verify all post-install tasks are complete and working as per Appendix G

6. In ADUC manually move DC2 into the Domain Controllers OU

7. Create a 2nd vhdx named “DC2db” that is 10 GB and dynamically expanding

8. Attach DC2db.vhdx to the virtual machine DC2

9. Add DC2 to Server Manager

10. From Server Manager, bring the disk online, initialize, and create a volume

11. From PowerShell on DC2 create the directories “NTDS” and “SYSVOL” on the secondary D:\ volume

    

1. From DC2’s PowerShell install ADDS then verify with the following:
   • Install-windowsfeature -name AD-Domain-Services -IncludeManagementTools
   • Get-Command -Module ADDSDeployment

   

2. Enter the following script to promote to domain controller

   #
   # Windows PowerShell script for AD DS Deployment
   #
   
   Import-Module ADDSDeployment
   Install-ADDSDomainController `
   -NoGlobalCatalog:$false `
   -CreateDnsDelegation:$false `
   -Credential (Get-Credential) `
   -CriticalReplicationOnly:$false `
   -DatabasePath "D:\NTDS" `
   -DomainName "cap.int" `
   -InstallDns:$true `
   -LogPath "D:\NTDS" `
   -NoRebootOnCompletion:$false `
   -SiteName "Default-First-Site-Name" `
   -SysvolPath "D:\SYSVOL" `
   -Force:$true

   

3. From Server Manager, open Active Directory Sites an Services to view the replication

   

4. Set DC2’s memory to 512 MB

1. On the host Thinkpad and open PowerShell as an administrator and run the following:

   #
   # Create a VM with Windows Server 2019 (Core) with 2GB Static Memory on a Differencing Disk
   # Connect to the LAN switch
   # Disable automatic checkpoints & enable VM Guest Services
   #
   $VMName = Read-Host -Prompt 'Input the VM name'
   $parentpath = "V:\VMs\VHDX\ParentServer2019-Core.vhdx"
   $VHDPath = "V:\VMs\VHDX\" + $VMName + ".vhdx"
   
   # Create VM with a differencing disk, update settings ,and start vm
   New-VHD -ParentPath $parentpath -Path $VHDPath -Differencing
   New-VM -Name $VMName -MemoryStartupBytes 2GB -VHDPath $VHDPath -Generation 2 -SwitchName LAN
   Set-VM $VMName -AutomaticCheckpointsEnabled $false
   Set-VMMemory $VMName -DynamicMemoryEnabled $false
   Enable-VMIntegrationService -VMName $VMName -Name "Guest Service Interface"
   Start-VM -Name $VMName
   VMConnect.exe

2. From the new VM console, enter in the default admin password as Pa$$w0rd

1. Complete the post installation tasks from the new VM with PowerShell with the following script:

   ❗ This script is set up for Proj.int 192.168.3.0/ 28

   #
   # Post-installation tasks
   #
   $IP = Read-Host -Prompt 'Enter IP 192.168.3.x'
   $SrvName = Read-Host -Prompt 'EnterServerNAME'
   $SrvOUPath = Read-Host -Prompt 'AD Path OU=X,OU=Servers,DC=cap,DC=int'
   $MaskBits = 28
   $Gateway = "192.168.3.14"
   $Dns = "192.168.3.1"
   $IPType = "IPv4"
   
   
   # Retrieve the network adapter that you want to configure
   $adapter = Get-NetAdapter | ? {$_.Status -eq "up"}
   # Remove any existing IP, gateway from our ipv4 adapter
   If (($adapter | Get-NetIPConfiguration).IPv4Address.IPAddress) {
    $adapter | Remove-NetIPAddress -AddressFamily $IPType -Confirm:$false
   }
   If (($adapter | Get-NetIPConfiguration).Ipv4DefaultGateway) {
    $adapter | Remove-NetRoute -AddressFamily $IPType -Confirm:$false
   }
    # Configure the IP address and default gateway
   $adapter | New-NetIPAddress `
    -AddressFamily $IPType `
    -IPAddress $IP `
    -PrefixLength $MaskBits `
    -DefaultGateway $Gateway
   # Configure the DNS client server IP addresses
   $adapter | Set-DnsClientServerAddress -ServerAddresses $DNS
   # Rename the Network Adapter
   Rename-NetAdapter -Name "Ethernet" -NewName "LAN"
   
   # Name Computer, add to Domain and OU placement
   $cred = Get-Credential cap\aidan
   Add-Computer -DomainName cap.int -Credential $cred -OUPath $SrvOUPath
   $computer = Get-WmiObject win32_computersystem
   $r = $computer.rename("$SrvName", $cred.GetNetworkCredential().Password, $cred.username)
   
   #Rename the local admin account
   Rename-LocalUser -Name "Administrator" -NewName "_lsysadmin"
   
   # Restart-Computer -Force

1. Login to the virtal machine using the domain admin account cap\aidan

2. Complete the following in PowerShell
   • whoami: verify server is a domain member and that the admin aidan@cap.int is logged in
   • ipconfig: verify IPv4 address, subnet, default gateway
   • tracert google.ca: verify internet connectivity and DNS
   • ping LinDHCP: test DNS to a domain server
   • Get-LocalUser: verify the local admin account has been renamed to _lsysadmin
   • Get-NetAdapter: verify the network adapter has been renamed

3. From sconfig (Server Configuration) complete the following options:
   • 11 Windows Activation, verify Windows is activated and has the 180 day trial
   • 6 Download and Install updates

4. From Server Manager view the new entry in DNS Manager and ADUC

5. Add the new VM to Server Manager

6. ⏲ Checkpoint (optional)

pfSense - NAT & Firewall

• https://docs.netgate.com/pfsense/en/latest/interfaces/groups.html

Linux CentOS 8 DHCP

• https://linuxhint.com/dhcp_server_centos8/

• https://computingforgeeks.com/install-and-configure-dhcp-server-on-centos-rhel-linux/

Nested Hyper-V Failover Cluster, Jumbo Frames, Cluster Shared Volume

• https://docs.microsoft.com/en-us/windows-server/failover-clustering/failover-cluster-csvs

• https://www.itwithsathish.com/2021/04/29/configure-jumbo-frames-using-powershell-in-hyper-v-server/

• https://www.altaro.com/hyper-v/failover-cluster-manager/

• https://www.youtube.com/watch?v=LttvxrWPopM

• https://www.youtube.com/watch?v=QfGnLHPbpwk

VHD Set

• https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/manage/create-vhdset-file

• https://www.starwindsoftware.com/resource-library/vhd-set-feature-in-microsoft-windows-server-2016/

• https://www.vembu.com/blog/create-hyper-v-guest-clusters-with-shared-vhdx-and-vhd-sets/

• https://petri.com/deploying-vhd-sets-windows-server-2016-hyper-v/