Hi Stan, thanks for replying
Yes, my PDC and windows 7 VM are both showing exactly the same time, and I can do a reverse lookup from the PDC to the installed VCSA VM as you suggested
I didn't realise the VCSA install was so large - my total datastore size is 600Gb so I've used half of that already. eek
Do you think i should do away with an isolated network, and use a 192.x.x.x address from my home router instead? I'm loathe to do this really though as the whole object of my lab was to have it running in isolation.
I've deleted the vm and am trying to install VCSA again, but have noticed, which I didn't before, that I get a warning (see attached) saying FQDN of system name is not resolvable to IP? (my lab domain is called cool.local)
I am installing the VCSA via my laptop (with a 192.x.x.x address) just as I did the VServer client.
Is the VCSA install failing because my esxi host is using a 192.168.x.x ip address from the router (it is installed on a bare metal server) whereas my appliance is being installed in the isolated 10.0.x.x range do you think?
If that's the case though how can I install it in my isolated network? I've tried mounting it as the CD and running from my PDC, but I get the reverse problem in that it cant see my ESXI host itself to start the install (as its on a 192.168.x.x range)
vcsa install.png 77.5 K
I have a similar setup although not completely isolated.
Is your AD/DNS server on the isolated VLAN (10.0.0.x) or on the 192.x.x.x of your router? It can't be isolated and will still need an appropriate Gateway even if it is not going to use it. A DNS server on .1 is not a good idea because that is normally reserved for gateway (or .254).
You need to have created a DNS entry in your DNS server for your VCSA server and you need to be able to forward and reserve resolve the IP address to the DNS server.
What i personally did with my Draytek Router was configure a route between the two VLANs on the router so 1 port connects to a switch with all my home stuff on it and the other port connects to my homelab network via another switch. All my AD and DNS are in the homelab network.
My AD/DNS server is indeed on the isolated VLAN
If i create a new server purely for DHCP/DNS and place that on .6 instead would that help do you think? I would then have just AD on .1 and use that ip as my gateway..
I did put a DNS entry in my DNS server for my VCSA server but I'm unsure how i'd be able to forward and reversve resolve the IP address to the DNS server.when the VCSA hasn't been created yet?
I have a very locked down router from my ISP so I doubt I'd be able to configure a route between the two VLANs on the router as you did. I also don't have any switches, just a server, a laptop and my router.
Is there a reason for the environment to be isolated?
Have you configured a Gateway address on the Windows AD Server? If so what is it?
Is the AD Server a Virtual Machine on the ESXi Server? Is the WIndows 7 Desktop a Virtual Machine on the ESXi host or is it the Laptop connected to the switch?
Personally given the limited equipment you have I would put everything into the 192.168.x.x address space, changed the ISP router's DHCP scope to exclude (lets say) 50 addresses, then statically assign those 50 addresses to anything you need in your home lab and then use the ISP Router as the gateway. Just because they in the same address space doesn't mean you will have any issues.
Also did you try to connect to https://10.0.0.101:5480/ because if name resolution isn't working you should still be able to get it via IP.
However if your machine is on the 192.168.x.x network not sure how your going to route to and off of that network.
The reason for the environment to be isolated is that I wanted to setup a DHCP server in my lab. I was unsure of the complications of having my router acting as a DHCP server as well in that circumstance.
I hadn't configured an address as the gateway on my PDC because I thought I'd have no need to if the lab were isolated. Is that a wrong assumption to make?
The AD Server is indeed a Virtual Machine on the ESXi Server, as is the WIndows 7 Desktop . My admin laptop is connected directly to the router, as is my physical esxi server (Dell T310)
Are there any security implications with having all my lab and home equipment using 192.168..x.x addresses at all?
I didn't try and connect to https://10.0.0.101:5480/ (I should have thought of that really thinking about it)
Thankyou for your time with this, much appreciated.
Obviously it's not ideal, but I know lots of people that do it because they don't have a switch.
I assume the ISP router/modem also contains some rudimentary firewall so you're protected from the outside world.
The biggest benefit of having it on the 192.168.x.x network like your laptop would be the ability to connect the VMs to the internet to get updates for AV and Windows, keeping them as up to date as possible. (albeit this could be not required on an isolated network)
From a DHCP perspective, most ISP routers will allow you to choose the address range so you could have your ISP router dish out DHCP for 192.168.1.5 -> 192.168.1.100 for your home devices (if you have more than 95 devices then you really need better wifi or a serious amount of switches).
Then have your physical ESXi Host(s) on 192.168.1.101 - 192.168.1.110 (with some space for expansion of the homelab/storage etc), Leave 192.168.1.111 - 192.168.1.150 for statically assigned VMs (i.e. put your AD Server on 192.168.1.111). Then get your AD/DHCP/DNS server to dish out a scope of 192.168.1.x /24 then exclude the first 150 addresses to automatically assign 151-254 for anything you want to build/destroy like the Windows Desktop.
You're right Gateway isn't always required, the issue would be how do you get your admin laptop in the 192.168.1.x network to and from the 10.0.0.x network.
Assuming you can ping from your Admin Laptop to the address space on the 10.0.0.x network in maybe just a case of adding static host entries on your admin laptop, so vcenter.lab.local 10.0.0.101 for example becuase DNS wouldn't be working in the 192.168.1.x network as the AD server doesn't know about it.
Sadly in my instance the below are the only settings my IPS's router lets me change
Check to enable or uncheck to disable DHCP 192.168.0. to 254So it looks like i'm pretty stuck for having a few ip ranges for devices as you suggest unfortunately as the .254 end ip is burned in.I can reserve addresses in DHCP reservation so at least that aspect might work going forward.I had no idea setting up a home lab could be so complicated The reasoning for my lab is to practice SCCM software distribution and I've not installed that server yet. lolCheers,James
So turn my recommendation on its head and use 200 -254 for home kit and everything else for homelab
Today I recreated my lab from scratch using my router as the DNS server and using a solely 192.168.x.x ip range.
I used the DHCP option in my routers settings to reserve an ip address for the ESXi host of 192.168.0.1. I then installed the VSphere VCenter Server Appliance successfully using the DHCP option rather than static, and using it's ip address rather than FQDN. I then reserved the VCSA's ip address also inside my router's DHCP settings.(192.168.0.4)
This unfortunately has given the VCSA vm a name of 'localhost.localdom in it's DNS setting in ESXI, , which isnt ideal but it's working.
I will next create a PDC but just install AD, not DHCP/DNS. I'll then let my router continue to act as a DHCP server and a hosts file to act as DNS, as creating a DHCP/DNS server in my lab will complicate things for my skill set I think.
I hope the above wont cause issues for my SCCM deployments later on......
It is very likely that the router IP address is 192.168.0.1 so that shouldnt be used for the esxi host.
All you had to do for the DHCP on your router was enter 192.168.0.200 to 254 on the screen previously shown and then 192.168.0.1->192.168.0.199 would be available for the home lab.
Create your ESXi host with a static IP address (dont need to reserve it in DHCP) of 192.168.0.2, build your VCSA on the host and give it an IP address of 192.168.0.10, once that's configured build your AD Server and give it 192.168.1.11. Create a DHCP scope on your AD Server and set the scope to 192.168.1.0/24 and then excluded the 192.168.0.200->192.168.0.254 on windows DHCP.
Then point your servers/workstations to 192.168.0.11 to get DHCP (if thats what you want to do).
You can have two DHCP scopes on the same network as long as the scopes dont overlap (i.e. by excluding part of the range on the Windows DHCP Server).
Many thanks for explaining this. I will change the ESXi ip to 192.168.02 as you suggest, and will delete the VCSA vm and recreate it this evening.
One question though, if I choose a static address on the install screens i'll need to add a valid fqdn name which i dont have - (only cool.local which i will create after creating a PDC later on)
Would you choose the DHCP option to install instead?
Sorry for all the questions,
In my view, the install order should be as follows:
- Configure ISP ROuter to do DHCP on 192.168.200-254 (you may need to reboot any device that is getting dhcp from the router if the IP address isn't in that range or give it a static IP)
- Install & Configure ESXi with static 192.168.0.2 address - lets call it esxi01.cool.local
- Create a Windows VM let's call it ad01 with a IP= 192.168.0.10 / SUBNET = 255.255.255.0 GW = 192.168.0.1
- Promote/Install Feature so that ad01 to be AD DC & Create DNS (probably AD integrated would be easiest), create an AD called cool.local
- Confirm Primary Reverse Lookup zone is in DNS for 192.168.0.x (this can be one through powershell using
Add-DnsServerPrimaryZone -NetworkID "192.168.0.0/24" -ReplicationScope "Forest" -PassThru
- Create DNS A (and DNS PTR) Record for the VCSA (so vcenter.cool.local or whatever you're using for the AD)
Add-DnsServerResourceRecordA -Name "esxi01" -ZoneName "cool.local" -IPv4Address "192.168.0.2" -CreatePtr
Add-DnsServerResourceRecordA -Name "vcsa01" -ZoneName "cool.local" -IPv4Address "192.168.0.10" -CreatePtr
- Deploy and Configure vCenter VCSA using the FQDN
- (if required/desired) Add the DHCP Role to the Windows AD Server and configure the DHCP Scope.
- Add Host entries for vcsa01, esxi01 and ad01 onto your admin laptop to point to vcenter.cool.local so that you can browse to it via name in the web browser (otherwise it will be ip lookup only).
The host file can be found in C:\Windows\System32\Drivers\etc and the format is ip address <tab space> fqdn, so esxi01 <tab space> 192.168.0.2 <enter> etc etc
Note: I have only tested the above powershell on Windows 2012 and Windows 2016 but it should work.
Hope that Helps
Wow, thankyou very much for this guide, I will follow this in the morning from scratch and will let you know how it goes