Friday, October 20, 2017

[How-to] Install your own HoL-like Control Center Server in VMware Workstation

If you have used VMware's Hands-on Labs much you'll notice there is usually recurring system - the Control Center VM - this VM usually serves a number of purposes such as:

  • An RDP Jumpbox into the lab
  • Active Directory Services
  • DNS/DHCP/NTP Services
  • vCenter Tools Access
  • AD Certificate Services


If you are looking to create your own vHoL in VMware Workstation you'll need this control center to run a number of prerequisite services to tie it all together (stuff like making sure DNS is functioning before you try and deploy the vCSA or vRA Appliance).

Before we get started

This post is based off VMware Workstation 14 Pro and Windows Server Standard 2016 - but the concepts should be pretty similar across other versions (including a Lab ESXi host).

This guide assumes basic understanding of Windows Server OS, networking services, and the like, and as usual these instructions are provided as-is, no support or warranty is provided or implied. Consider thyself warned.

What do I need?

To begin you will need the following:
  1. VMware Workstation (ver. 14+ for 2016 support) fully installed.
    This should also work with Fusion (ver. 10+) for you MacOS fans.
  2. Windows Server Standard 2016 iso (Other Editions will work as well) - I assume you have access to this, if not you can try https://imagine.microsoft.com/ assuming you (or your kids) have a valid .edu address.
  3. Enough Resources - Windows Server 2016 will require:
    • 1 CPU / 1 Core
    • 1gb of RAM (2gb recommended)
    • Up to 40gb Disk - 2016 recommends 60, but it's easier to expand so I start with 40gb (a fresh install as documented here takes up ~16gb of disk running and ~14gb when powered off assuming 2gb of RAM)
  4. Licenses to make this all work (Windows seems quite functional without working licenses - but some functionality like patching may be impacted once your grace period expires).

Installing Windows Server 2016 in VMware Workstation

1. From the VMware Workstation toolbar, click File > New Virtual machine (or CTRL-N).


2. Click Custom (advanced), then click Next.
3. Select the hardware compatibility for the virtual machine (latest for your Workstation should be fine, if you plan on migrating this into an ESX host at some point you could select the ESXi 6.5 compatibility option), then click Next.
4. Click Installer disk Image file (iso), and browse and open the Windows Server 2016 iso file you downloaded - you will notice that Workstation 14 should detect 2016 and use Easy Install,  click Next.
5. For Easy Install to configure you should plug in your product key, your Full name, and your Password twice then check Log on automatically if you want to make life easier (this is a Lab anyways, you can always disable auto login at a later time in the machine settings). Click Next.
6. Name your VM, confirm it's location, Click Next.
7. Workstation 14 supports Secure Boot - so why the heck not, click Next.
8. Depending on your expected services you may need to add more CPU here, but to get started 1/1 should be good enough, click Next.
9. Again this depends on the services, but 1gb is minimum for 2016, I stayed with the 2gb recommended because I will be adding a number of key services to the system, click Next.
10. Network choice is up to you, but as I use this box as a Jump Box I use NAT here, but host-only should be good, though I wouldn't use bridged unless you plan on having everything you build on bridged as it will disconnect your VM from the lab unless you multi-home, click Next.
11. Well it seems you are stuck with one option here, so LSI Logic SAS is the way to go, click Next.
12. Pick your Disk Type, any will do, I choose NVMe to match the drive in host and because I wanted to test performance of the new NVMe option in Workstation 14, click Next.
13. Select Create a new virtual disk, click Next.
14. Default is 60 GB for 2016, but as it's easier to expand than reduce I went ahead and picked 40 GB as a limit just in case the system went log crazy and tried to fill up the drive, click Next.
15. Confirm the name of the vmdk file, click Next.
16. Confirm everything looks good, you can also Customize Hardware to adjust any settings, when satisfied click Finish leaving Power on this virtual machine after creation checked.
17. Windows should install automagiclly using the Easy Install Feature, simply wait it out.
18. Once complete Windows should login for you (or be waiting at a login screen). Login and run Windows Update to patch before this thing sits on the network too long, when complete you can move to services configuration.

Note: you may be prompted shortly after first login to reboot after VMware Tools completes it's work, go ahead and let that happen before running any patches.

A few items I'd customize - based on personal preference:
  • rename the machine to controlcenter
  • If running Bridged or NAT - add a host-only network vNIC, configure your settings accordingly
  • Configure the system for Static IP - I personally use the .10 IP in the host-only network to match HoLs, soon enough it will be your DNS server as well so go ahead and set this IP as your Primary DNS.
  • Setup Desktop/Performance preferences to match your style.
  • Turn on Remote Desktop, just in case you are getting sick of the VMware Workstation Console.




For Services I recommend at the very basic: DNS and Active Directory - while these can be installed together I separated them below just in case you are using another DNS or AD available to you.

Setting Up DNS Server

1. Go into Add Roles and Features Wizard from the Server Manager, click Next until you reach the  the Server Roles screen, check DNS Server, when the pop-up appears accept the defaults and click Add Features, Click Next until the confirmation. 
2. On the final screen click Install, then wait until complete and click Close.
3. Once complete Open the DNS Manager (dnsmgmt.msc). If you are using NAT it's probably a good idea to setup your VMware Workstation install as your DNS Forwarder:

  1. Right click the server name and left click Properties.
  2. Go to the Forwarders tab
    • click Edit
    • add 192.168.190.2
      (note: this is the default out of the box NAT vNetwork DNS for Workstation 14 Pro that points back to your host - if you changed the settings then you will need to update this accordingly). It will likely not resolve, but if you click Edit again it will show with a green check mark and OK for validated.
  3. Click OK.

4. Create Reverse Lookup Zones for both host-only (192.168.230.x) and NAT (192.168.190.x) - repeat these steps for both zones - Note: you will need to confirm within your Workstation Install that these subnets are correct:
  • Right Click Reverse Lookup Zones, click New Zone...
  •  Click Next on the intro screen.
  •  Select Primary zone, click Next.
  •  Select IPv4 Reverse Lookup Zone, click Next.
  •  Fill in the the first 3 octets of the Network ID (192.168.190 for NAT OOB, 192.168.230 for host-only OOB), click Next.
  •  Leave the default zone file name, click Next.
  •  Select Allow both nonsecure and secure dynamic updates, click Next.
  •  Click Finish on the confirmation page.
5. Create Forward Lookup Zone for your new Active Directory:
  • Right Click Forward Lookup Zonesclick New Zone...
  •  Click Next on the intro screen.
  •  Select Primary zone, click Next.
  • Set your Zone name to match your new AD Domain - I'd recommend keeping it something internal only such as .local or .lab - mine is lab.local.
  • Leave the default zone file name, click Next.
  •  Select Allow both nonsecure and secure dynamic updates, click Next.
  •  Click Finish on the confirmation page.
6. Create a new static A Record for your server, right click lab.local (or whatever Forward Zone you created in Step #5) - left click New Host (a or AAAA)...
  • Name: controlcenter
  • IP: 192.168.230.10 (or whatever you set yours to)
  • Click Add Host.
 
7. Make sure that you point your Network Card to this server's IP for DNS services (if you haven't already) - this will be important for the next step that requires you to setup your AD DNS and the wizard probes your DNS server for your Forward Lookup Zone.

Setting Up Active Directory

1. Change the local Administrator Password to something super secret and "windows strong" - by default the Easy Setup wizard sets this to blank, as this account will become your new Domain Admin account it needs at least 3 of the following or the DC promotion script will fail:

  • Lower Case character (A-Z)
  • Upper Case character (a-z)
  • Number (0-9)
  • Special Character (~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/)
  • Any Unicode non-letter/number character (¯\_(ツ)_/¯)

2. Go into Add Roles and Features Wizard from the Server Manager, click Next until you reach the  the Server Roles screen, check Active Directory Services, when the pop-up appears accept the defaults and click Add Features, Click Next until the confirmation.
3. On the final screen click Install, then wait until complete and click Close.
4. You will have a Post-deployment Configuration task waiting for you in Server Manager, click the flag then click the link Promote this server to a domain controller.
5. The Active Directory Services Configuration Wizard begins, select Add a new forest, set your new Root domain name to match the name you decided back in the DNS instructions, in my case it's lab.local, click Next.
6. The functional levels can remain Windows Server 2016 (unless you have a reason to change them), set your DSRM password twice, click Next.
7. If you did everything as documented in this article the DNS settings should look like this (if they don't go back and check that you set your server's NIC to point to itself for DNS and review the Forward Zone Setup in the DNS section), you can set the credentials to either your current account or the local administrator account using the Change... button, click Next.
8. The NetBIOS name should default to the first name in your domain set above (LAB in my case), you can keep the default or change it to whatever you want like NachoTaco, it's your lab, click Next.
9. The default paths for Database, Log files, and SYSVOL should be fine, but again it's your lab change how you want and click Next.
10. The end is near! Review your options and click Next.
11. If you followed the instructions you should be presented with a nice green check mark and All prerequisite checks passed successfully, click Install.
Note: the super scary looking Windows NT 4.0 security warning can be ignored - this is a lab of course, but if security of your isolated lab bothers you go ahead and follow the link and fix then Rerun the prerequisites check.
As noted on this screen the server will reboot automatically when this process is complete.

You should now have a fully functional AD and DNS Server jump box, you can add additional services like Certificate Services or DHCP if you desire, the choice is yours.

No comments:

Post a Comment