This is an odd, if serious problem, sort of circular or "Catch -22" for the boomers out there.
I lost my entire domain in a ransomware attack. I do have copies of all the domain controller VirtualBox folders, which I have copied over to the reformatted host. I added them to the manager using the .vbox files and that went fine.
NOTE: The host, after the new install, is not joined to the domain - because that was a complete reformat/reinstall. I think this must be the cause of the problem.
All the network settings, etc. of the VMs restored. They all start up and communicate, replicate with each other. That's all cool.
The problem is that they are all on a 'limited' network, no internet access, and as DCs, what is worse is no access the network everyone else is on. I think it is because they are domain members obviously, but the host is not. Does that make sense - that it's the problem? And I cannot figure out a way to join the host to the domain because it cannot contact the domain controllers which is necessary to join a domain... BUT If you think I am on the wrong track in identifying the problem - tell me.
Any thoughts on this would be appreciated.
host and guests should be on same network, but are not.
-
- Volunteer
- Posts: 5105
- Joined: 19. Sep 2009, 04:44
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Windows 10,7 and earlier
- Location: Sydney, Australia
Re: host and guests should be on same network, but are not.
It is simpler if all of the domain members and the DC(s) are in the same network and the same IP subnet, but there is no requirement for the host to be in that subnet. In fact I never put the host in the same network or IP subnet as the domain. If the networking of the domain machines is independent of the host (as I prefer) the domain is complete in itself and can be transferred to a different host with minimal change.
Put all of the vms in an internal virtual network. Give the DC a static IP in its own IP subnet and configure DHCP so the all domain members obtain their network config from this DHCP server and use the DC for DNS. (This is equivalent to setting up a domain of physical machines on a physical switch).
Internet access is a separate problem. You will need to configure a router between your domain network and your physical network. The simplest way to do this is to configure a vm with one interface in each network (i.e. one virtual NIC in the internal domain network and the other bridged to a physical NIC on the host). I use a vm running the pfsense routing appliance.
I always configure the DNS server on the DC to forward to a public DNS service so that it can resolve URLs for itself and its members rather than relying on other resolution methods. If you configure the router as a LAN router you would configure the DHCP server so that the domain members use the DC for DNS and the private LAN of the router as their default gateway. All of this is similar to the setup of a domain of physical machines on a physical LAN. The networking protocols do not know (or care) whether a device is physical or virtual - it is simply an IP address.
Put all of the vms in an internal virtual network. Give the DC a static IP in its own IP subnet and configure DHCP so the all domain members obtain their network config from this DHCP server and use the DC for DNS. (This is equivalent to setting up a domain of physical machines on a physical switch).
Internet access is a separate problem. You will need to configure a router between your domain network and your physical network. The simplest way to do this is to configure a vm with one interface in each network (i.e. one virtual NIC in the internal domain network and the other bridged to a physical NIC on the host). I use a vm running the pfsense routing appliance.
I always configure the DNS server on the DC to forward to a public DNS service so that it can resolve URLs for itself and its members rather than relying on other resolution methods. If you configure the router as a LAN router you would configure the DHCP server so that the domain members use the DC for DNS and the private LAN of the router as their default gateway. All of this is similar to the setup of a domain of physical machines on a physical LAN. The networking protocols do not know (or care) whether a device is physical or virtual - it is simply an IP address.
Bill
Re: host and guests should be on same network, but are not.
I'll work through that. Thank you very much.
-
- Site Moderator
- Posts: 20945
- Joined: 30. Dec 2009, 20:14
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Windows, Linux
Re: host and guests should be on same network, but are not.
First off, major kudos for having a backup! Very cool!expat1001 wrote:I do have copies of all the domain controller VirtualBox folders, which I have copied over to the reformatted host.
As BillG mentioned, the host does not have to be a member of the domain made by the DC VMs. In fact the host should not be a member of the domain made by the DC VMs. The reason is as you pointed out:expat1001 wrote:The host, after the new install, is not joined to the domain.... I think it is because they are domain members obviously, but the host is not
If the DC VM cannot run because the host cannot log in, then the host cannot log in because it cannot communicate with the DC VM, then the host cannot run the DC VM because the host cannot log in, etc...expat1001 wrote:I cannot figure out a way to join the host to the domain because it cannot contact the domain controllers which is necessary to join a domain...
I ran an SBS VM on a server-class host running Windows 7 Pro. The host ran the VM in a normal login session, started by a batch file that ran from the host's Startup menu. The host was in the network's IP range but was not a member of the domain. The domain controller was Bridged to the host's Ethernet network adapter and had full control of the office network.
The host not being on the domain does not restrict the DC from controlling the physical network.
How was the set of VMs connected to the network in the previous setup?