virtualbox.org

Here is the setup.

One Windows 2008 R2 DC with two interfaces installed, one pointing to vbox host-only for internal networking and the other on NAT for internet access.
Same thing on another 2008 R2 member server.So far so good.

Trying to install Exchange 2010 and got this DNS error:
Setup cannot verify that the 'Host' (A) record for this computer exists within the DNS database on server 192.168.1.254

It is strange because this record is being searched on my physical router as if it was the authoritative DNS for the domain - this is the DC (at least theoretically ).
I disabled the 'NAT interface' on the exchange server and all went fine.

Domain subnet is on the 10.10.10.x range.

I am still trying to figure out how this happened.Any ideas are welcome.

You should not multihome a DC. It causes all sorts of odd problems. Use a separate vm for your router. The DC should only have one IP address. (Nothing to do with VirtualBox).

Hello Bill.

Well if the problem was coming from the DC being multihomed, how did the DNS error disappeared when I disabled the vbox NAT interface on the member server? I mean if there were name resolving problems, that should go on as I didnt change a thing on the DC.

Anyway problem was solved but if anything else comes to your mind please feel free to add it.

Thanks.

PS - Having already two 2008R2 servers (just the needed roles installed), one being exchange 2010, brings my machine to its limits (CPU often spikes to 100%).I wish I could afford another VM for routing but that would render my whole virtual platform unusable.

The reason the error disappeared was because the main DNS server it was looking at was your home router. The interface with a gateway is searched first and because that has the DNS 192.168.1.254, it is asked if it knows the DC or not. Since you run on NAT and Host-Only, it naturally doesn't. A home router doesn't act as a true DNS server either, it just forwards all requests to the ISP, so your PCs never gets listed in it.
A crash course Networking would help you I guess.

But as shown, this isn't really a VB problem, it's just a bad setting. And in order to get some decent performance out of the system without the Host going to a crawl as well, it would help if you get a quad core system so each VM and the Host can have it's own core.

So the member server was asking the physical router where the DC is? Isnt that strange for a member server who communicates just fine with its DC?
With my little knowledge all computers in a domain ask their DC (because it is the primary DNS server and authoritative for the domain) for naming resolution.

How disabling the vbox NAT interface made things proceed just fine? That is the part I am not catching.You say "the interface with a gateway is searched first".What rule defines that, is it a windows thing or a vbox thing?

Yes I may need a crash course in networking but I also need to understand how can I set up things and work on vbox too, cause I like the platform.
If it is a bad setting please point me to the good one (at least theoretically), so that I have an idea to try things.

My PC isn't that bad, but these kind of virtual servers take your hardware to the limits.FYI it is an i750 quad-core with 4GB ram and a RAID 0 array.But exchange 2010 needs a lot!

Thanks for stopping by.

You can communicate with the DC by name because of NetBIOS. If you don't have a DNS server, all Windows systems can communicate with each other by name through that. But when you try to make the server a member server or at least point to the main DC during the Exchange installation, it will use DNS records. This is for compatibility with other OSes that don't talk NetBIOS (like Linux).

Understanding networking is a vital skill when dealing with it. That's also why you need a drivings license when you get a car .

Running a separate vm as a router will use very little memory and will not increase the load on your cpu. The DC will just have a little less to do.

Active Directory relies heavily on DNS and how you handle DNS has a big effect on how it all works. But this is not the place to discuss it.

Ok this is what I am trying as an experiment.

Current Setup:
Domain Controller (DC) with two interfaces a vbox host only set on a 10.10.10.x/24 subnet and a vbox NAT for internet access purposes.
Member Server with Exchange 2010,with two interfaces a vbox host only set on the 10.10.10.x/24 subnet and a disabled vbox NAT for internet access purposes.
*All enable /disable are done through windows - on vbox interfaces are always active.

First disabled the NETBios over TCP/IP in all interfaces (internal and vbox NAT), in all machines (both DC and Exchange Server).Restarted machines even though is not necessary.

1.Testing connectivity from the member server to the DC:

C:\Users\Administrator.TESTNET>ping 10.10.10.1

Pinging 10.10.10.1 with 32 bytes of data:
Reply from 10.10.10.1: bytes=32 time<1ms TTL=128
Reply from 10.10.10.1: bytes=32 time<1ms TTL=128
Reply from 10.10.10.1: bytes=32 time<1ms TTL=128
Reply from 10.10.10.1: bytes=32 time<1ms TTL=128

Ping statistics for 10.10.10.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

2.Running the nslookup:

C:\Users\Administrator.TESTNET>nslookup
Default Server: UnKnown
Address: 10.10.10.1

> testnet.gr
Server: UnKnown
Address: 10.10.10.1

Name: testnet.gr
Addresses: 10.10.10.1
10.0.2.15

A DNS service is advertised on the 10.0.2.15

3.Back to the DC and ipconfig:

C:\Users\Administrator.TESTNET>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : PDC-2008R2x64
Primary Dns Suffix . . . . . . . : testnet.gr
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : testnet.gr
lan

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Desktop Adapter #2
Physical Address. . . . . . . . . : 08-00-27-67-75-EE
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::70f9:e49f:f8db:3143%14(Preferred)
IPv4 Address. . . . . . . . . . . : 10.10.10.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 0.0.0.0
DHCPv6 IAID . . . . . . . . . . . : 319291431
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-A6-62-69-08-00-27-D5-CD-A3

DNS Servers . . . . . . . . . . . : 10.10.10.1
NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : lan
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Desktop Adapter
Physical Address. . . . . . . . . : 08-00-27-D5-CD-A3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::91ed:4a201613%11(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.2.15(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, November 07, 2010 11:48:13 AM
Lease Expires . . . . . . . . . . : Monday, November 08, 2010 11:48:12 AM
Default Gateway . . . . . . . . . : 10.0.2.2
DHCP Server . . . . . . . . . . . : 10.0.2.2
DHCPv6 IAID . . . . . . . . . . . : 235405351
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-A6-62-69-08-00-27-D5-CD-A3

DNS Servers . . . . . . . . . . . : ::1
192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Disabled

Quite interestingly the NAT interface seems to act as a DNS server and points to the physical gateway too, as for naming resolution.That would explain the messing up with my exchange installation when I had the NAT interface on, taking into consideration that as you said the interface with a gateway is searched first.

Now I need to think of a solution that provides internet acess to the exchange server as the NAT interface isnt the appropriate in my case.What do you think would be the correct networking setup on vbox for my scenario?

BillG - This is how my computer runs with only the two machines and a Firefox instance speaking to you http://img2.imageshack.us/img2/1599/tmvb.png.I just think I will have a lot of disk caching as I will exceed my physical memory.But I may give it a try since I find it interesting for educational purposes.

Thanks again for your time and comments.

Remove the NAT interfaces on the DC and member server. Create a third VM and give it, 128 MB of RAM. It can be 64 but it will be a bit slower and use the swap space more. In this VM you will run a Linux gateway server like Smoothwall or something. The IP configuration will be as follows:
DC:
Adapter 1 (Internal)

Address: 10.10.10.1
Netmask: 255.255.255.0
Gateway: 10.10.10.254
DNS:     127.0.0.1

Member:
Adapter 1 (Internal)

Address: 10.10.10.2
Netmask: 255.255.255.0
Gateway: 10.10.10.254
DNS:     10.10.10.1

Gateway:
Adapter 1 (Internal)

Address: 10.10.10.254
Netmask: 255.255.255.0
Gateway: none
DNS:     10.10.10.1

Adapter 2 (NAT)

DHCP enabled

If you happen to run out of RAM, get an additional module. It's cheap these days. Or slim down on the memory for other applications and disable services that aren't needed.

That thingy (Smoothwall) is a piece of art - took me a while to understand the GREEN-RED but now all is good.
I admit, I am tempted to dig into it and explore all those nice extras.

So what we did is, created a private subnet for our domain, put into it a firewall machine which we fooled, as if it was connected to a physical router (vbox NAT interface) and everyone is happy.Am I right?

Sasq - thanks for the food for thought I really appreciate it.
BillG - thanks belong to you too, for pointing to the right direction, right from the beginning.

I am going to do some more testing, like installing exchange2010 on the member from scratch to verify all work as expected.