@black3dynamite said in Trying to set up Hyper-V Server 2016, ripping my hair out:

@dave247 said in Trying to set up Hyper-V Server 2016, ripping my hair out:

Additional info:

On my Windows 10 system, I've enabled ONLY the Hyper-V Management Tools, and not the Hyper-V Platform.

My domain user account I use on this Windows 10 system is not a local admin, just a regular low priveleged user. However, I have tried running the Hyper-V Manager as admin and put in the credentials of the domain user that I also assigned as my Hyper-V server admin. When I go that route, I get the error:

"<< Failed to connect to server "<Computerame>". Make sure the administrative service
Is running on virtual machines and you are authorized to connect to the server.
The Hyper-V administration tools did not allow access to an expected WMI class on computer "<Computerame>".
This may indicate that the Hyper-V platform is not installed on the computer or that is the version of the Hyper-V platform
Hyper-V platform is not compatible with these management tools"

Have you confirmed that you can connect with a domain admin account? At least with that you can confirm its an permission issue?

Yes I've tried with a DA account but no dice.

@black3dynamite said in Trying to set up Hyper-V Server 2016, ripping my hair out:

@dave247 said in Trying to set up Hyper-V Server 2016, ripping my hair out:

Additional info:

On my Windows 10 system, I've enabled ONLY the Hyper-V Management Tools, and not the Hyper-V Platform.

My domain user account I use on this Windows 10 system is not a local admin, just a regular low priveleged user. However, I have tried running the Hyper-V Manager as admin and put in the credentials of the domain user that I also assigned as my Hyper-V server admin. When I go that route, I get the error:

"<< Failed to connect to server "<Computerame>". Make sure the administrative service
Is running on virtual machines and you are authorized to connect to the server.
The Hyper-V administration tools did not allow access to an expected WMI class on computer "<Computerame>".
This may indicate that the Hyper-V platform is not installed on the computer or that is the version of the Hyper-V platform
Hyper-V platform is not compatible with these management tools"

Have you confirmed that you can connect with a domain admin account? At least with that you can confirm its an permission issue?

Yes I've tried with a DA account but no dice. I can log in directly to the hyper-v server with the da account but not through the hyper-v manager on my Windows 10 system.

Additional info:

On my Windows 10 system, I've enabled ONLY the Hyper-V Management Tools, and not the Hyper-V Platform.

My domain user account I use on this Windows 10 system is not a local admin, just a regular low priveleged user. However, I have tried running the Hyper-V Manager as admin and put in the credentials of the domain user that I also assigned as my Hyper-V server admin. When I go that route, I get the error:

"<< Failed to connect to server "<Computerame>". Make sure the administrative service
Is running on virtual machines and you are authorized to connect to the server.
The Hyper-V administration tools did not allow access to an expected WMI class on computer "<Computerame>".
This may indicate that the Hyper-V platform is not installed on the computer or that is the version of the Hyper-V platform
Hyper-V platform is not compatible with these management tools"

@mike-davis said in Trying to set up Hyper-V Server 2016, ripping my hair out:

Is your Windows 10 workstation joined to the same domain your hyper-V host is? It sounds a lot like it's not. If that's the case, it's a real pain to get them to connect.

Yes, my Windows 10 workstation is joined to the domain, same one that the Hyper-V server is joined to. I haven't gotten back to this yet since it's the holidays but I plan to do a little more in the next day, then I'll report back.

Thanks for the help

I'm trying out Microsoft's Hyper-V 2016 server -- not the OS role, I'm talking about the actual Hypervisor without the "Desktop Experience" GUI. I got that installed and joined to our domain and then added an administrator and then I installed the Hyper-V management tools on my Windows 10 workstation and then I tried to connect to the server as that user. However I can't seem to get connected. It's constant errors.

Right now I'm stuck on "Enable delegation" as I get an error that says "Delegation of credentials to the server could not be enabled. CredSSP authentication is currently disabled.

I keep trying to google things but 90% of the stuff I find seems to be about setting up the Hyper-V role, not the straight Hypervisor. Then anything more explicit than that, such as with the CredSSP stuff, I just find about of stuff regarding PowerShell scripts.

I'm now trying to run Enable-WSManCredSSP commands according to this guide but it's not working...

I've been slowly doing this for hours now and I'm just ripping my hair out at this point. Is there a more straight-forward way to set up and manage Hyper-V without having to do a bunch of obscure steps? I just want to get to where I can install some VMs. See I've gotten used to the user friendliness of WMware where I can just connect to the hosts or vCenter via web browser and go from there.

Now I'm not crying about this because it's hard -- I enjoy learning challenges.. but right now I'm just drained and need some guidance. Otherwise I was considering installing some other free Hypervisor in hopes that it's easier to setup.

@rojoloco said in Where/who should I be buying Microsoft Server licensing from?:

@dave247 said in Where/who should I be buying Microsoft Server licensing from?:

One thing that's always fun is when I get a quote from my VAR and a quote form CDW and the price is different.. then it's like pitting against each other to fight for the sale..

Throw them all into the ring and let them fight it out for your business by lowballing each other. Then you'll see how much margin they have on these licenses (which is plenty). Since it is MS licenses, take the lowest price and run.

Thanks for all your input guys. This has really helped me.

@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

And you do not have to use a CNAME. An A record is just fine too. For excample, notmydc can be an A record pointing to the same IP as DC1. Or it can be a CNAME pointing to the DNS name of DC1.

Got it.

Either way, when DC1 goes to shit

hahaha

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

How I'd handle it....

Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.

To go after a proximate fix...

1. Set up the new DC. Do NOT use the old IP or hostname.
2. Get it all working with the old machines in place.
3. Create a CNAME to point the old name to the new server's A record. Remove the old machine.
4. If you must, change the new IP to the old IP.

Ok, let's scratch everything I mentioned. If I were to do this the best practice way, would I simply:

1. Set up the new 3rd domain controller new name (DC3) and IP address
2. Pass the roles from DC1 to DC3
3. Finally, go through and point all "primary DNS" entries on Exchange and EVERYTHING else to the new DC3

If I perform the above steps, I am assuming no systems will have issues authenticating since they will all be reaching out to one of the three DCs, right? Therefore, I can gradually point systems to the new DC as needed.

Otherwise, please help me understand what I should do. I am going to spend my day tomorrow researching this stuff so I'm better educated on what I'm doing and can come up with an action plan.

Thank you

Systems should never be pointed to a DC. They shoudl be pointed to an alias for their service.

I don't quite understand this. In the TCP/IPv4 DNS settings, it only accepts an IP address, which are the DNS servers/domain controllers.

What @scottalanmiller is talking about is inside your applications and programs, they should always use a name value instead of an IP address.

Unless it is really crappy software, it should be able to do that.

You are correct in your devices, you use IP/DNS manually if DHCP is not an option, but that should be extremely rare.

Edit: And Scott replied while I was. (teach me to be on the phone while responding).

oooh ok yes, I got that. I do use a name (not ip) for those. I'll still have to update them to say DC3 instead of DC1.. unless if I can just start using CNAMEs..

You can always use a CNAME. The app can't tell what is an A record or a CNAME record.

And I've just re-learned about this... so essentially I could have a CNAME called "DCGOUP" which would point to DC1, DC2, DC3, etc, and the app would just work?

@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

How I'd handle it....

Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.

To go after a proximate fix...

1. Set up the new DC. Do NOT use the old IP or hostname.
2. Get it all working with the old machines in place.
3. Create a CNAME to point the old name to the new server's A record. Remove the old machine.
4. If you must, change the new IP to the old IP.

Ok, let's scratch everything I mentioned. If I were to do this the best practice way, would I simply:

1. Set up the new 3rd domain controller new name (DC3) and IP address
2. Pass the roles from DC1 to DC3
3. Finally, go through and point all "primary DNS" entries on Exchange and EVERYTHING else to the new DC3

If I perform the above steps, I am assuming no systems will have issues authenticating since they will all be reaching out to one of the three DCs, right? Therefore, I can gradually point systems to the new DC as needed.

Otherwise, please help me understand what I should do. I am going to spend my day tomorrow researching this stuff so I'm better educated on what I'm doing and can come up with an action plan.

Thank you

Systems should never be pointed to a DC. They shoudl be pointed to an alias for their service.

I don't quite understand this. In the TCP/IPv4 DNS settings, it only accepts an IP address, which are the DNS servers/domain controllers.

What @scottalanmiller is talking about is inside your applications and programs, they should always use a name value instead of an IP address.

Unless it is really crappy software, it should be able to do that.

You are correct in your devices, you use IP/DNS manually if DHCP is not an option, but that should be extremely rare.

Edit: And Scott replied while I was. (teach me to be on the phone while responding).

oooh ok yes, I got that. I do use a name (not ip) for those. I'll still have to update them to say DC3 instead of DC1.. unless if I can just start using CNAMEs..

One thing that's always fun is when I get a quote from my VAR and a quote form CDW and the price is different.. then it's like pitting against each other to fight for the sale..

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

How I'd handle it....

Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.

To go after a proximate fix...

1. Set up the new DC. Do NOT use the old IP or hostname.
2. Get it all working with the old machines in place.
3. Create a CNAME to point the old name to the new server's A record. Remove the old machine.
4. If you must, change the new IP to the old IP.

Ok, let's scratch everything I mentioned. If I were to do this the best practice way, would I simply:

1. Set up the new 3rd domain controller new name (DC3) and IP address
2. Pass the roles from DC1 to DC3
3. Finally, go through and point all "primary DNS" entries on Exchange and EVERYTHING else to the new DC3

If I perform the above steps, I am assuming no systems will have issues authenticating since they will all be reaching out to one of the three DCs, right? Therefore, I can gradually point systems to the new DC as needed.

Otherwise, please help me understand what I should do. I am going to spend my day tomorrow researching this stuff so I'm better educated on what I'm doing and can come up with an action plan.

Thank you

Systems should never be pointed to a DC. They shoudl be pointed to an alias for their service.

I don't quite understand this. In the TCP/IPv4 DNS settings, it only accepts an IP address, which are the DNS servers/domain controllers.

@dashrender said in Where/who should I be buying Microsoft Server licensing from?:

@mike-davis said in Where/who should I be buying Microsoft Server licensing from?:

@dave247 said in Where/who should I be buying Microsoft Server licensing from?:

I'm looking at CDW now. Searched "Windows server 2016" and I get all kinds of results, from $1,312 to $31.99, each one having similar details... What the heck..

This is where a good account rep helps. BTW, on most sites, an account rep can get you better pricing than the web pricing.

I'm not sure how I feel about this - I asked my account rep to get me the iLo license i needed for a server - after 3 different purchases I still didn't have the correct license I needed.
The same can happen with any licensing. This is why I suggested finding exactly what you want before approaching any company for pricing. Sadly, this is extremely difficult at times.

Yeah, and that's where I struggle: trying to figure out exactly what I need, in terms of licensing. I mean, I know what we need as far as products go, but I want to make 100% sure we are compliant with our licenses. My VAR used to help me with this as he's been doing it for a long time.

@jaredbusch said in Where/who should I be buying Microsoft Server licensing from?:

I tend to use only one or two VARs. It is too much work to maintian relationships with many.

My preferred for now is CCB. Softmart used to be good, but Connection bought them.

But my clients all buy in small amounts very sporadically.

I have a personal dislike for CDW, so I never chose them.

Yeah I'm not too impressed with CDW.. I may hit up my old VAR after all. Thanks for your help

@scottalanmiller said in Where/who should I be buying Microsoft Server licensing from?:

@dave247 said in Where/who should I be buying Microsoft Server licensing from?:

@scottalanmiller said in Where/who should I be buying Microsoft Server licensing from?:

@dashrender said in Where/who should I be buying Microsoft Server licensing from?:

The people already listed are VARs - his old VAR, Dell, CDW.

CDW is only marginally a VAR and only when engaged in very specific ways. Go to their site and buy CALs, no VAR interaction needed.

I'm looking at CDW now. Searched "Windows server 2016" and I get all kinds of results, from $1,312 to $31.99, each one having similar details... What the heck..

Probably a "pack". Got links?

Just what I searched, https://www.cdw.com/shop/search/result.aspx?key=windows server 2016 &ctlgfilter=&searchscope=all&sr=1

I have no idea what I'd pick.. This would be for a virtual install (of course) and I have about 70 users..

@scottalanmiller said in Where/who should I be buying Microsoft Server licensing from?:

@dashrender said in Where/who should I be buying Microsoft Server licensing from?:

The people already listed are VARs - his old VAR, Dell, CDW.

CDW is only marginally a VAR and only when engaged in very specific ways. Go to their site and buy CALs, no VAR interaction needed.

I'm looking at CDW now. Searched "Windows server 2016" and I get all kinds of results, from $1,312 to $31.99, each one having similar details... What the heck..

@dashrender said in Where/who should I be buying Microsoft Server licensing from?:

@dave247 said in Where/who should I be buying Microsoft Server licensing from?:

I have been educating myself on how server licensing works, etc, and one of the things I realized is that I'm not exactly clear on who I should be going through to purchase Microsoft licenses from, mainly Windows server.

Previously, we had been going through my company's Dell VAR, who also has his own IT Services LLC. He's sold our company pretty much all it's Dell equipment (servers, switches, SAN, Sonicwall, etc) and thanks to Scott Allen Miller's input and articles, I've realized how we're guilty of "getting advice from the salesman". Please, let's not go into it though.

I've since cut ties with the VAR and am trying to do things better. But now, I'm not exactly sure where I should be going to purchase Windows Server licensing. My boss had suggested CDW but I am assuming that is yet another trap.

Can I get some guidance on the proper channels I should be using for this?

There's nothing wrong with buying from CDW or your last VAR - the part that was done wrong as asking them for advice.
Either will sell you what you ask for.

ok, well I wasn't sure if I should be wary of entities that sell licensing at a higher price than others.

And yes, I've already been slapped on the hand for asking for advice. I was totally new to the IT world at the time, so cut me some slack

I have been educating myself on how server licensing works, etc, and one of the things I realized is that I'm not exactly clear on who I should be going through to purchase Microsoft licenses from, mainly Windows server.

Previously, we had been going through my company's Dell VAR, who also has his own IT Services LLC. He's sold our company pretty much all it's Dell equipment (servers, switches, SAN, Sonicwall, etc) and thanks to Scott Allen Miller's input and articles, I've realized how we're guilty of "getting advice from the salesman". Please, let's not go into it though.

I've since cut ties with the VAR and am trying to do things better. But now, I'm not exactly sure where I should be going to purchase Windows Server licensing. My boss had suggested CDW but I am assuming that is yet another trap.

Can I get some guidance on the proper channels I should be using for this?

@tim_g said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

How I'd handle it....

Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.

To go after a proximate fix...

1. Set up the new DC. Do NOT use the old IP or hostname.
2. Get it all working with the old machines in place.
3. Create a CNAME to point the old name to the new server's A record. Remove the old machine.
4. If you must, change the new IP to the old IP.

Ok, let's scratch everything I mentioned. If I were to do this the best practice way, would I simply:

1. Set up the new 3rd domain controller new name (DC3) and IP address
2. Pass the roles from DC1 to DC3
3. Finally, go through and point all "primary DNS" entries on Exchange and EVERYTHING else to the new DC3

If I perform the above steps, I am assuming no systems will have issues authenticating since they will all be reaching out to one of the three DCs, right? Therefore, I can gradually point systems to the new DC as needed.

Otherwise, please help me understand what I should do. I am going to spend my day tomorrow researching this stuff so I'm better educated on what I'm doing and can come up with an action plan.

Thank you

The above is the correct way to handle it. You can export your DHCP and import it on the new DC. The same goes for the print server settings, they can be exported and imported. DNS self replicates.

It is also why you never use static IP addressing in a Windows AD network, IMO. I mean I never use it on any type of network, but in the AD world, this makes shit a pain in the ass.

Everything, except the DC and router get DHCP reservations. When Exchange was on site, I would give that a static IP also, just because Microsoft.

This means you only need to modify your DHCP scope to hand out the new info and you are done once everything renews.

One thing to note, is that the Hypervisor that is hosting your DHCP server, should also be static, as well as iDRAC on that server!! Especially if you don't have console access to the hardware.

So to recap myself and Jared:

Static the following:

1. Router
2. DC
3. DHCP Hypervisor
4. DHCP Hypervisor's iDRAC

Yes, all my ESXi hosts and their iDRAC's are static.

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

How I'd handle it....

Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.

To go after a proximate fix...

1. Set up the new DC. Do NOT use the old IP or hostname.
2. Get it all working with the old machines in place.
3. Create a CNAME to point the old name to the new server's A record. Remove the old machine.
4. If you must, change the new IP to the old IP.

Ok, let's scratch everything I mentioned. If I were to do this the best practice way, would I simply:

1. Set up the new 3rd domain controller new name (DC3) and IP address
2. Pass the roles from DC1 to DC3
3. Finally, go through and point all "primary DNS" entries on Exchange and EVERYTHING else to the new DC3

If I perform the above steps, I am assuming no systems will have issues authenticating since they will all be reaching out to one of the three DCs, right? Therefore, I can gradually point systems to the new DC as needed.

Otherwise, please help me understand what I should do. I am going to spend my day tomorrow researching this stuff so I'm better educated on what I'm doing and can come up with an action plan.

Thank you

Systems should never be pointed to a DC. They shoudl be pointed to an alias for their service.

What? Can you elaborate?

@dashrender said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

This means you only need to modify your DHCP scope to hand out the new info and you are done once everything renews.

To expedite your endpoints getting the new information, change the DHCP renewal time to something like 8 hours or even less, depending on your needs. Beats waiting the normal 8 days ( really the half life - 4 days).

Sounds like another good idea. I currently have it set to 3 days, but I'll change that to every 24 hours as JB mentioned.