The Poor Tech’s Hyper-V Lab Setup
A lot of lab tutorials assume you have access to powerful systems with 32 or 64GB of RAM, RAID arrays, dual CPU server systems and so on. This one’s different. I’m taking a couple relatively modern workstations with 16GB or less RAM each and creating a Windows Active Directory domain environment. The cool thing here is with an extra switch we can add multiple physical systems into our virtual lab.
from https://smudj.wordpress.com/2019/03/18/the-poor-techs-hyper-v-lab-setup/
Hardware used:
Workstation 1 (W1): Windows 10 Pro (1809) with Hyper-V , i5-4570, 16GB RAM, 500GB SSD, dual NICs ( one onboard NIC, one SB3 1Gb NIC)
*workstation 1 requires 2 network cards.
Workstation 2 (W2): Windows 10 Pro (1809) with Hyper-V, i7-870, 12GB RAM, 256GB SSD, onboard NIC
optional: Ethernet switch (not used in your existing network environment), additional Windows 10 Pro, Windows Server, Hyper-V Server workstations
ISO media needed:
IPFire or comparable router/Linux distro https://www.ipfire.org
Windows Server Evaluation: https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2019?filetype=ISO
At the time of writing Windows Server 2012–2019 are currently available. This lab will use Windows Server 2016.
Optional ISOs
Windows 10 64 bit Enterprise Evaluation (https://www.microsoft.com/en-us/evalcenter/evaluate-windows-10-enterprise) This is needed if additional clients are set up in Hyper-V on W1 or W2
Download these ISOs and place then in an easily accessible location for later use.
Hardware Setup
Connect both NICs in W1.
NIC1 will be connected to your regular network environment
NIC2 will be connected to W2 directly, or to the optional switch
Assign a static IP to NIC2
IP Address: 172.16.1.100
Subnet mask: 255.255.255.0
Assign static DNS to NIC2
Primary: 172.16.1.201 Hint: this will be the IP of our Windows domain controller
Connect NIC in W2 to switch**, if not directly connected to W1. **Most modern NICs no longer need a crossover cable to directly connect. If you’re having issues with a connection, a switch should resolve this, or a cross-over cable.
Virtual router Setup for Internal lab environment
Create virtual switches on W1
Start Hyper-V Manager
Click Virtual Switch Manager
Select External, and click Create Virtual Switch
Under Name, enter External Access, and assign the NIC connected in step 1 above to your regular network environment, and click OK.
Click select External, Create Virtual Switch again. Under Name, enter Internal Lab, select the second NIC and click OK.
Click OK to exit the Virtual Switch Manager.
Set IP Address for second NIC.
Go to Control Panel, Network and Sharing Center and click Change Adapter Settings
Right-click on vEthernet (Internal Lab) and select Properties.
Select Internet Protocol Version 4 (TCP/IPv4), then click Properties.
Enter the following IP information:
IP Address: 172.16.1.100 <– this is the address of W1 in the internal lab network
Subnnet mask: 255.255.255.0
Default gateway: 172.16.1.1 <– this is the address of the virtual router we will set up next
Click Ok. Click Close.
Create the virtual router VM
Return to the Hyper-V Manager and click New –> Virtual Machine.
Click Next to begin the wizard, enter the info in the fields and click Next when finished.
Name: Lab Router
Generation: Generation 1
Startup memory: 512MB, uncheck Use Dynamic Memory
Connection: Select External Access
Virtual Hard Disk: accept defaults and click Finish
Select Lab Router from Virtual Machines and click Settings.
Select Network Adapter and click Add
Select Internal Lab from Virtual Switch and click Apply
Select DVD Drive, then select Image file.
Click Browse and go to the location where the IPFire ISO is stored. Double-click the ISO. Click OK.
Start the Lab Router VM.
Click Start, then Connect.
Install IPFire.
Press Enter to begin the installation. Note: Window title will appear before instructions for this section.
Language selection: Press Enter to accept English
IPFire: Press Enter to Start installation
License Agreement: Press tab to move to license acceptance box, then press the spacebar to accept. Press tab and Enter to complete.
Disk Setup: Press Enter to accept and Delete all data
Filesystem Selection: Press tab and Enter to accept the default.
Congratulations: Press Enter to reboot
Configure IPFire Pre-config info.
While IPFire is rebooting, we need to determine which NIC’s MAC address is the External Lab’s.
In the Hyper-V Manager with Lab Router selected, click Settings.
Click on plus (+) next to Network Adapter External Access, then click Advanced Features to view the adapters MAC.
Leave this window open, or make note of the MAC as we will need it soon.
Configure IPFire
Keyboard Mapping: Press Enter to select the default mapping.
Timezone: Choose the correct timezone and press enter. Hint: pressing a letter will jump to that section. US Pacific (press P and arrow to PST8PDT) can be found this way quickly.
Hostname: Press Enter twice to accept the default, ipfire.
Domain name: Press Enter twice to accept the default.
Root password: Enter a memorable password, tab to the verification field, and tab again to OK. Press Enter. Hint: no characters will appear when entering the password.
Admin password: Enter a memorable password, tab to the verification field, and tab again to OK. Press Enter. Hint: no characters will appear when entering the password. Extra hint: for our lab, this can be the same password as the root account for simplicity.
Network configuration: network configuration type: GREEN + RED should already be selected.
Arrow key down to select Drivers and card assignments, press Enter
Assigned cards: GREEN: Press Enter to select. Hint: the GREEN network is our Internal Lab network.
Choose the card that does NOT have the MAC from step 6.3. Use the arrow key to highlight and press Enter
Assigned cards: use the arrow keys to highlight RED, and press Enter
Press Enter to select the remaining card.
Assigned cards: press tab to move and highlight Done. Press Enter
Arrow key down to select Address settings and press Enter
Address settings: GREEN. Press Enter to reconfigure
Warning: press Enter. Hint: we are not connected remotely, so this does not apply
Interface GREEN: IP Address: 172.16.1.1 Network mask: 255.255.255.0 Press tab to move between fields, press Enter when complete
Address settings: RED: Press Enter to reconfigure.
Down arrow key to select DHCP, press spacebar to select. Tab to OK and press Enter. Hint: our external network will use the existing network DHCP server
Address settings: Press tab to move to Done, press Enter.
Arrow key down to Done and press Enter. Hint: we do not need to set the DNS and Gateway settings, the DHCP option selected above in 9-2 will autopopulate this for the RED network.
DHCP server configuration: We will use the DHCP and DNS services on our Windows Server VM that we will set up later.
Tab to OK and press Enter to leave the IPFire DHCP server unconfigured.
Setup is complete: Press Enter. IPFire will reboot.
IPFire/Lab Router VM should remain running.
Close the Lab Router settings window, if needed.
Windows Server (Domain Controller) for Internal Lab environment
Create Windows Server VM
Return to the Hyper-V Manager and click New –> Virtual Machine.
Click Next to begin the wizard, enter the info in the fields and click Next when finished.
Name: Windows Server 1
Generation: Generation 1
Startup memory: 4096MB, uncheck Use Dynamic Memory
Connection: Select Internal Lab
Virtual Hard Disk: accept defaults and click Finish
Select Windows Server 1 from Virtual Machines and click Settings.
Select DVD Drive, then select Image file.
Click Browse and go to the location where the IPFire ISO is stored. Double-click the ISO. Click OK.
Install Windows Server 2016
Start Windows Server 1
Click Start, and then Connect.
Install Windows Server 2016
Click Next to begin the installation
Click Install now
Select Windows Server 2016 Datacenter Evaluation (Desktop Experience) and click Next.
Click I accept the license terms, then click Next
Click Custom: Install Windows only
Click Next, to accept the default installation location
Customize settings: enter a memorable Administrator password, reenter, and click Finish
Configure Windows Server 1 (WS1)
Press control+alt+end to log into WS1, or use the menu options: Action–>Control+Alt+Del
Go to the Control Panel, change View by to Small Icons
Click Network and Sharing Center
Click Change Adapter Settings
Right-click Ethernet and click Properties
Select Internet Protocol Version 4 and click Properties
Click Use the following IP address:
IP Address: 172.16.1.201
Subnet mask: 255.255.255.0
Default gateway: 172.16.1.1
Click Use the following DNS server addresses
Preferred DNS server: 172.16.1.201 Hint: We will setup AD, DNS, and DHCP on this server
Click OK, then click Close
Networks: when prompted, click Yes to allow your PC to be discoverable.
In Control Panel, go to System. Under Computer name, click Change Settings.
Click Change, enter WS1, as the computer name. Click OK. Click OK at the prompt
Click Close
Click Restart Now
Setup WS1 as a domain controller with DHCP
Start the Add Roles and Feature Wizard
Add the following roles:
Active Directory Domain Services
DHCP Services
DNS Services
Follow the wizard’s steps. All the defaults can be used for our lab purposes.
Promote: Add a new forest.
Enter the domain name, Hyper-LAB.net, and follow the wizard. Hint: you will get a warning about DNS, this will be resolved later.
More details for setting up an DC in Windows 2016 can be found here: https://blogs.technet.microsoft.com/canitpro/2017/02/22/step-by-step-setting-up-active-directory-in-windows-server-2016/
Configure DNS and DHCP
Log into your new domain controller.
DNS. We need to add a forwarder for our DNS settings.
From Administrative Tools (or Server Manager–>Tools), open DNS
Right-click on your server and click Properties.
Click the Forwarders tab
Click Edit, and add your external DNS servers like 4.2.2.1, 4.2.2.2, 8.8.8.8, and 8.8.4.4.
Click OK, when completed. Click OK, to close Properties.
Close the DNS Manager
DHCP
Double-click DHCP from Administrative Tools or Server Manager–>Tools
Expand IPv4 and right-click, click New Scope from the menu.
Enter a Name: Hyper-Lab client scope, click Next
Start IP address: 172.16.1.50
End IP address: 172.16.1.99
Length: 24 or Subnet mask: 255.255.255.0
Click Next
The remaining settings can be default for now.
When asked to configure scope options, select “Yes” and click Next.
Router/Default gateway will be the IP we used to configure the GREEN NIC, enter: 172.16.1.1. Click Add. Click Next.
Domain name and DNS should be pre-configured. You should see the server’s IP in IP address box, 172.16.1.201. Click Next.
WINS does not need to be configured at this time. Click Next.
When prompted to activate scope, select “Yes” and click Next.
Click Finish to complete the wizard.
Right-click on the server’s name under DHCP, and click Authorize from the menu. Right-click the server name and click Refresh and IPv4 should have a green circle with a white check mark
WS1 configuration is complete. You should be able to ping an IP address, ex: 4.2.2.2 as well as a DNS name: ex: http://www.google.com
Workstation 2 setup and configuration
After the successful configuration of WS1, a network prompt on W2 should appear
Verify DHCP is configured for W1, if no prompt
Networks: when prompted, click Yes to allow your PC to be discoverable
Ping will not work until we disable the firewall, or turn on file and print sharing for the Private network.
Set a static IP for W2:
IP Address: 172.16.1.101
Subnet mask: 172.16.1.1
DNS: 172.16.1.201
Configure an External Virtual Switch
Create virtual switches on W1
Start Hyper-V Manager
Click Virtual Switch Manager
Select External, and click Create Virtual Switch
Under Name, enter Internal Lab, and assign the NIC and click OK.
If the network is set to public, we need to change it to private
Open an elevated Powershell
Set Internal Lab to private: Set-NetConnectionProfile -InterfaceAlias “vEthernet (Internal Lab)” -NetworkCategory Private Hint: If the Default Switch is set to Public, we need to change that one also
Set Default Switch to private: Set-NetConnectionProfile -InterfaceAlias “vEthernet (Default Switch)” -NetworkCategory Private
Enable firewall rules and delegation: Enable-WSManCredSSP -Role server
Set up Remote Desktop for W2
Go to Control Panel, click Category, then Small icons
Click System
Click Remote Settings, select Allow remote connections to this computer, uncheck Allow connections only from computers running with NLA
Click OK
Configure W1 to access W2’s Hyper-V Manager (optional, we can manage W2 via RDP or directly from W2)
Complete details found here: https://timothygruber.com/hyper-v-2/remotely-managing-hyper-v-server-in-a-workgroup-or-non-domain/
When you try to connect with Hyper-V Manager you’ll receive an error from Hyper-V Manager that it’s either not running or you are not authorized.
Start an elevated PowerShell prompt on W1
You may need to set the Internal Lab network to private, then we need to add W2 to the hosts file and run winrm quickconfig:
Set Internal Lab to private: Set-NetConnectionProfile -InterfaceAlias “vEthernet (Internal Lab)” -NetworkCategory Private
Add W2 to the hosts file: Add-Content -Path C:\Windows\System32\drivers\etc\hosts -Value “`n172.16.1.101`tW2” Hint: the ` is not a single quote, but a grave, the grave/tilde key is left of the 1 key
Run quickconfig: winrm quickconfig Enter “y” to make the changes.
Enable delegation: Enable-WSManCredSSP -Role client -DelegateComputer “W2”
Enable Local Group Policy
Run gpedit
Go to Computer Configuration–>Administrative Templates–>System–>Credentials Delegation->Allow delegating fresh credentials with NTLM-only server authentication
Select Enabled. Click Show, enter wsman/W2. Click OK twice.
Connect to W2
In Hyper-V Manager, click Connect to Server
Select Another Computer, enter W2.
Select Connect as another user, enter W2\hyperlab1 and the password you set for this account on W2
Copy the Windows 10 ISO to W2 for setting up a new VM
Your basic lab is now setup. You can manage both Hyper-V systems from W1
You can add more Hyper-V “servers” to your network with a switch for the Internal Lab network between W1, W2, and the other servers, follow the steps for W2 with each new Hyper-V server.
Keep in mind that you can just use low-end workstations for clients in this scenario also. They just need to be added to the Internal Lab network’s switch.
