VMware Communities
DanlOfRI
Contributor
Contributor
‎05-06-2015 06:40 AM

Workstation 10 Group policy not working in virutal network

I am trying to create a virtual network where I can test deploying software that we create using Active Directory and SCCM. 

For virtual machines I have the following:

1. Windows 2008 R2 with DC installed

2. Windows 7x64 Enterprise

3. Windows 2012 SP1

4. Windows 7x86 Professional

5. Windows 8.1 x86 Pro

6. Windows 8.1 x64 Pro

Network configuration is set to NAT on all systems.

I am able to create a forest successfully and add the other machines to the domain. I can physically copy files from and to all other machines.

However, if I create a group policy, the group policy is never activated on the computers on the domain, even a simple registry change.

I have tried using gpupdate on the clients and it seems to go through, but no policy is transferred.

I am trying to work my way through the documentation for a custom network option, just to see if that helps. See:

Custom Networking Configurations

Is there something that needs to be done differently to setup a virtual network like this? It is possible that something went wrong with creating the forest and configuring the domain but one of our IT team told me that the configuration should work.

Note that all of the machines require Internet connection in order for the installation to work. Some files are downloaded dynamically for install.

Tags (2)
0 Kudos
2 Replies
continuum
Immortal
Immortal
‎05-06-2015 09:09 AM

Hi
What HostOS do you use ? Do you use your host to create the group policies ? Is your host part of the domain ?

To get a clean environment for your troubleshooting I would keep the host itself completely outside your test-network.
Here is an example:
I assume your host uses an IP like 192.168.1.3 for the automatic bridged vmnet0

The VMs get configured like this:

1. Windows 2008 R2 with DC installed
ethernet0 - vmnet7 (custom) 192.168.200.1

ethernet1 - vmnet0 (custom) 192.168.1.77

2. Windows 7x64 Enterprise
ethernet0 - vmnet7 (custom) 192.168.200.100

3. Windows 2012 SP1
ethernet0 - vmnet7 (custom) 192.168.200.101

4. Windows 7x86 Professional
ethernet0 - vmnet7 (custom) 192.168.200.102

5. Windows 8.1 x86 Pro
ethernet0 - vmnet7 (custom) 192.168.200.103

6. Windows 8.1 x64 Pro
ethernet0 - vmnet7 (custom) 192.168.200.104

Configure VM 1 - the DC -to offer NAT and DNS and DHCP services for the network 192.168.200.0/24
Configure the other VMs to use 192.168.200.1 as DNS-server and Gateway

Keep your host completely outside of the network 192.168.200.

Once that is configured you can be sure that you get predictable conditions - no desktop firewall or Antivirus of the host will have any effects inside the test-network.
Also with this setup you can be sure that the VMware NAT service can be ruled out as possible cause of the "strange results" you see.

If you use latest versions of Worksatation I would also highly recommend to NOT read any of the virtual network documentation and to use a texteditor to edit the settings of your VMs.

Use your common sense instead - thats the only way to get a coherent picture of the options you have with the virtual networks.
Start with this simple assumptions:

a vmnet is a cheap 20 dollar network hub
this virtual hubs can be connected to the hostsystem in one of three ways:
- connected to a physical network card of the host - the VMware-documentation calls this "bridged"
- connected to a virtual network card of the host - the VMware-documentation calls this "hostonly" or "NAT"
- not connected to the host - the VMware-documentation does not speak about this - I call this "guestonly"

to really get the results you want you must configure your VMs manually with a texteditor.

Always configure the ethernet parameters using this 4 lines

ethernet0.connectionType = "custom"

ethernet0.present = "TRUE"

ethernet0.virtualDev = "e1000" or "e1000e" or "vmxnet3"

ethernet0.vnet = "VMnet9"

All oither parameters will be added on first start of your VMs.

The act of setting the VMnet* number actually creates a "cable" from a guests nic to a viurtual hub.

ethernet0.vnet = "VMnet9" connects the first nic of  the VM with the virtual hub number 9

ethernet1.vnet = "VMnet0" connects thesecond nic of  the VM with the virtual hub number 0

The green lines contain everything you need to know to understand this topic quickly.
The documentation and the GUI are missguiding, inconsistent and will rather result in confusion.

Ulli


________________________________________________
Do you need support with a VMFS recovery problem ? - send a message via skype "sanbarrow"
I do not support Workstation 16 at this time ...

0 Kudos
DanlOfRI
Contributor
Contributor
‎05-06-2015 10:33 AM

Thank you for the reply.

The host OS is Windows 7 Professional x64. Yes it is part of a domain but I do not include this OS as part of my test network. As you stated I am trying to keep things isolated with the exception of requiring Internet connection. This is why I had selected NAT in my first attempt at this.

Yes, my IP address for the virtual network card is offered up as you indicated 192.168.###.1.

Before I install the DC role, I set the address of the Windows 2008 R2 system the number above, set my subnet to 255.255.255.0 and set my gateway.

After configuring with dcpromo I test my Internet connection and create my snapshot.

I am glad that I am not the only one that finds the documentation a bit confusing.

I am going to start over again and try the manual configuration you suggested. Thank you for the info.

0 Kudos