host and guests should be on same network, but are not.

Discussions related to using VirtualBox on Windows hosts.
Post Reply
expat1001
Posts: 16
Joined: 12. Mar 2018, 10:50

host and guests should be on same network, but are not.

Post by expat1001 »

This is an odd, if serious problem, sort of circular or "Catch -22" for the boomers out there.
I lost my entire domain in a ransomware attack. I do have copies of all the domain controller VirtualBox folders, which I have copied over to the reformatted host. I added them to the manager using the .vbox files and that went fine.

NOTE: The host, after the new install, is not joined to the domain - because that was a complete reformat/reinstall. I think this must be the cause of the problem.

All the network settings, etc. of the VMs restored. They all start up and communicate, replicate with each other. That's all cool.

The problem is that they are all on a 'limited' network, no internet access, and as DCs, what is worse is no access the network everyone else is on. I think it is because they are domain members obviously, but the host is not. Does that make sense - that it's the problem? And I cannot figure out a way to join the host to the domain because it cannot contact the domain controllers which is necessary to join a domain... BUT If you think I am on the wrong track in identifying the problem - tell me.

Any thoughts on this would be appreciated.
BillG
Volunteer
Posts: 5102
Joined: 19. Sep 2009, 04:44
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows 10,7 and earlier
Location: Sydney, Australia

Re: host and guests should be on same network, but are not.

Post by BillG »

It is simpler if all of the domain members and the DC(s) are in the same network and the same IP subnet, but there is no requirement for the host to be in that subnet. In fact I never put the host in the same network or IP subnet as the domain. If the networking of the domain machines is independent of the host (as I prefer) the domain is complete in itself and can be transferred to a different host with minimal change.

Put all of the vms in an internal virtual network. Give the DC a static IP in its own IP subnet and configure DHCP so the all domain members obtain their network config from this DHCP server and use the DC for DNS. (This is equivalent to setting up a domain of physical machines on a physical switch).

Internet access is a separate problem. You will need to configure a router between your domain network and your physical network. The simplest way to do this is to configure a vm with one interface in each network (i.e. one virtual NIC in the internal domain network and the other bridged to a physical NIC on the host). I use a vm running the pfsense routing appliance.

I always configure the DNS server on the DC to forward to a public DNS service so that it can resolve URLs for itself and its members rather than relying on other resolution methods. If you configure the router as a LAN router you would configure the DHCP server so that the domain members use the DC for DNS and the private LAN of the router as their default gateway. All of this is similar to the setup of a domain of physical machines on a physical LAN. The networking protocols do not know (or care) whether a device is physical or virtual - it is simply an IP address.
Bill
expat1001
Posts: 16
Joined: 12. Mar 2018, 10:50

Re: host and guests should be on same network, but are not.

Post by expat1001 »

I'll work through that. Thank you very much.
scottgus1
Site Moderator
Posts: 20965
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: host and guests should be on same network, but are not.

Post by scottgus1 »

expat1001 wrote:I do have copies of all the domain controller VirtualBox folders, which I have copied over to the reformatted host.
First off, major kudos for having a backup! Very cool! 8)
expat1001 wrote:The host, after the new install, is not joined to the domain.... I think it is because they are domain members obviously, but the host is not
As BillG mentioned, the host does not have to be a member of the domain made by the DC VMs. In fact the host should not be a member of the domain made by the DC VMs. The reason is as you pointed out:
expat1001 wrote:I cannot figure out a way to join the host to the domain because it cannot contact the domain controllers which is necessary to join a domain...
If the DC VM cannot run because the host cannot log in, then the host cannot log in because it cannot communicate with the DC VM, then the host cannot run the DC VM because the host cannot log in, etc...

I ran an SBS VM on a server-class host running Windows 7 Pro. The host ran the VM in a normal login session, started by a batch file that ran from the host's Startup menu. The host was in the network's IP range but was not a member of the domain. The domain controller was Bridged to the host's Ethernet network adapter and had full control of the office network.

The host not being on the domain does not restrict the DC from controlling the physical network.

How was the set of VMs connected to the network in the previous setup?
Post Reply