Creating Your Own Personal Hydration Solution – Part 2: First VM – Windows Router

Part 0 Introduction
Part 1 Setting Up
Part 2 First VM – Windows Router
Part 3 Domain Controller
Part 4 Configuration  Manager Infrastructure

RTR01

Routing between subnets and access to the Internet (required for Windows Activation) is handled by RTR01, a Windows server running Routing and Remote Access (RRAS).  This should be the first virtual machine to be built and configured as machines on the other subnets will need this server in place for them to successfully build.

This virtual machine will have 5 network adapters, one on each network.  The build will create a basic Windows server.  To configure the server you will need to run some PowerShell as well as manually configuring RRAS.

Preparing the Deployment Share

Importing the Operating System

You have a choice here.  You can build the server with either Windows Server 2012 R2 or 2016 TP4The steps required are nearly identical and I will call out any differences.  The preference is yours.


Do not attempt to build RTR01 using Server 2016.  The RRAS console does not work and you are instructed to use PowerShell to configure RRAS.  I’m sure it is possible to set up the needed RRAS configuration on Server 2016 but that is beyond the scope of this series.

For the sake of simplicity all virtual machines will be built using Server 2012 R2.  After completing this series I’ll revisit trying to build using Server 2016.

It’s a learning opportunity.  🙂


In the Introduction to this project download links were provided for the requirements.  For this you will only need to have completed Part 1 – Setting Up and have downloaded the operating system that you wish to use.

Requirements

You will need the following software for this.

Import the operating system of your choice (Windows Server 2012 R2 or 2016 TP4) using your preferred method, either through the GUI or by using PowerShell.  Also feel free to use a naming convention for the folders that you prefer.

In my example I’ve imported both Server 2012 R2 as well as 2016 TP4.  I’ve also renamed them using names that I find “friendlier”.

Screen Shot 2015-12-27 at 12.29.55 AM.png


Extra Touches

We are going to use some tricks that I’ve picked up along the way to make things a little more flexible.

CustomSettings.ini

Some may think this is common knowledge but I’ll go over it anyway.  Again, the intent of all of this is for a learning experience.  We are going to use the CustomSettings.ini (CS.ini) file to automate the MDT build wizard.

This is the default CS.ini file that is generated when you create the MDT deployment share.

Screen Shot 2015-12-27 at 8.03.09 PM.png

We’re going to make a number of edits to leverage this file to automate many of the wizard selection.

The first change we’re going to make will automatically select the task sequence for this virtual machine.  I’ve highlighted the portion that I’ve changed.

Screen Shot 2015-12-27 at 8.13.03 PM.png

First, under the [Settings]:

[Settings]
Priority=MacAddress,Default

The Priority line will instruct MDT to process the CS.ini settings in order:

  1. Find a code block that matches the machine’s MacAddress and if found process those rules
  2. Next process the rules in the [Default] code block

We are going to create the virtual machine later and we will set a static MacAddress of “00:15:5D:20:15:AA”.  When MDT process the CS.ini file it will find the code block that matches that MacAddress and will process those rules before moving to the [Default] block.

In the MacAddress block we 4 rules:

[00:15:5D:20:15:AA]
; DEMO-RTR01
TaskSequenceID=RTR01
SkipFinalSummary=YES
FinishAction=SHUTDOWN
SkipTaskSequence=YES

TaskSequenceID=RTR01
This instructs MDT to select and use the task sequence with the ID “RTR01”, which we will create shortly.

SkipFinalSummary=YES
At the completion of the build if it is successful the final summary screen will not be displayed.  If there is an error in the build though the build failure will be shown.

FinishAction=SHUTDOWN
Upon completion of a build, if it was successful then MDT will shut down the machine.  If there was an error then then MDT will display the failure screen and wait for it to be cleared before shutting down the machine.

SkipTaskSequence=YES
Since the CS.ini defines what task sequence to select and use, this rule instructs MDT to bypass the task sequence selection screen.

Now the [Default] code block:

[Default]
OSInstall=Y
SkipAdminPassword=YES
SkipProductKey=YES
SkipComputerBackup=YES
_SMSTSORGNAME=%TaskSequenceID% will soon be in service…
OrgName=Demo
TimeZoneName=Eastern Standard Time
UserDataLocation=NONE
DoCapture=NO
ApplyGPOPack=NO
AdminPassword=P@ssw0rd
SkipApplications=YES
SkipBitLocker=YES
SkipCapture=YES
SkipComputerName=YES
SkipDomainMembership=YES
SkipFinalSummary=YES
SkipLocaleSelection=YES
SkipSummary=YES
SkipTaskSequence=NO
SkipTimeZone=YES
SkipUserData=YES
SkipRoles=YES

There are a number of rules that are there to bypass the MDT wizard screens, all of the “Skip…=YES” entries.

There are a few rules I want to point out though.

_SMSTSORGNAME=%TaskSequenceID% will soon be in service…
This changes the message displayed in the MDT progress window.  It will display in this case, the task sequence ID (RTR01 in this example) and the message “will soon be in service…”

Step4b

Feel free to alter this if you like.

TimeZoneName=Eastern Standard Time
This specifies the time zone that MDT will set each machine to use.  Be sure to set this to your time zone.

SkipUserData=YES & UserDataLocation=NONE
These two are set to avoid a yellow warning at the end of the build indicating “No User State to Restore”.

This is my complete CS.ini for this installment.

[Settings]
Priority=MacAddress,Default

[00:15:5D:20:15:AA]
; DEMO-RTR01
TaskSequenceID=RTR01
SkipFinalSummary=YES
FinishAction=SHUTDOWN
SkipTaskSequence=YES

[Default]
OSInstall=Y
SkipAdminPassword=YES
SkipProductKey=YES
SkipComputerBackup=YES
_SMSTSORGNAME=%TaskSequenceID% will soon be in service…
OrgName=Demo
TimeZoneName=Eastern Standard Time
UserDataLocation=NONE
DoCapture=NO
ApplyGPOPack=NO
AdminPassword=P@ssw0rd
SkipApplications=YES
SkipBitLocker=YES
SkipCapture=YES
SkipComputerName=YES
SkipDomainMembership=YES
SkipFinalSummary=YES
SkipLocaleSelection=YES
SkipSummary=YES
SkipTaskSequence=NO
SkipTimeZone=YES
SkipUserData=YES
SkipRoles=YES

Task Sequence Custom Settings INI

You can have multiple CS.ini files that can be called and processed by multiple Gather actions in a task sequence.  (This is a trick I picked up from Johan Arwidmark.)

In the Control folder of your deployment share create a file named “CustomSettings_RTR01.ini”.  Copy the following into the file and save it.  When we set up the task sequence we’ll be using a Gather action to process this CS.ini.

[Settings]
Priority=MacAddress,Default
Properties=HydrationOSDComputerName

[Default]
; Windows Source
WindowsSource=%DEPLOYROOT%\Operating Systems\Srvr2012 R2-Eval\sources\sxs

[00:15:5D:20:15:AA]
; DEMO-RTR01
HydrationOSDComputerName=RTR01
JoinWorkgroup=WORKGROUP

The Priority rule is the same that we have in the main CS.ini.

Properties=HydrationOSDComputerName
Here we are initializing a new MDT variable called “HydrationOSComputerName”.  We will populate this with the name we will use for the computer.

In the [Default] section we have just one rule:

WindowsSource=%DEPLOYROOT%\Operating Systems\Srvr2012 R2-Eval\sources\sxs
There is an issue in MDT when you use an “Install Role or Feature” action.  Windows is unable to find the source files to add the role or feature and will fail.  This rule specifies where the binaries can be found to install that role or feature.

The portion in red will need to be changed to match the folder in which you added the operating system that you’re going to use for this build.  So, if you are going to build this machine using Server 2016 use that folder name.  If you are going to use Server 2012 R2 then use that folder name.

Lastly in the MacAddress section we have 2 rules:

HydrationOSDComputerName=RTR01
Here we set the name that we are going to use for this machine to our custom MDT variable.  There will be a step in the task sequence that will transfer this over to the native variable that MDT will use for naming the computer.

In later posts we will be using this to allow us to build a number of Configuration Manager Distribution Points with a single task sequence.

JoinWorkgroup=WORKGROUP
This tells MDT to join this computer to a workgroup called “Workgroup”.  Our router is not going to be domain joined machine since it will be built before the domain controller, so that is why it is placed into a workgroup.

Configuration Scripts

There will be 2 configuration scripts that will be used to 1) set the IP addresses for the various network adapters on this virtual machine and 2) install and configure Routing and Remote Access Server (RRAS) to act as an Internet gateway for the other network segments.

For demonstration purposes these scripts will be copied to the desktop of the virtual machine and will be run manually post-build.  This is done for learning exposure.  You can set these to run within the task sequence if you prefer once you’re familiar with what they are doing.

In the Scripts folder of your deployment share, create two PowerShell scripts called “RTR_Step01-ConfigureNICs.ps1” and “RTR_Step02-ConfigureRRAS.ps1”.  (These scripts can also be downloaded at the end of this post.)

RTR_Step01-ConfigureNICs.ps1

$AllNICs = get-netadapter
FOREACH ($NIC in $AllNICs)
{
Write-Host $NIC.Name
Write-Host $NIC.ifIndex
Write-Host $NIC.MacAddress
Write-Host ' '
$MAC = $NIC.MacAddress

SWITCH ($MAC)
{
'00-15-5D-20-15-AA' {
Write-Host 'External NIC'
Rename-NetAdapter -Name $Nic.Name -NewName 'External'
}
'00-15-5D-20-15-A1' {
Write-Host 'LAN1 NIC'
Rename-NetAdapter -Name $Nic.Name -NewName 'LAN1'
New-NetIPAddress -IPAddress '192.168.11.1' -PrefixLength 24 -InterfaceAlias 'LAN1'
}
'00-15-5D-20-15-A2' {
Write-Host 'LAN2 NIC'
Rename-NetAdapter -Name $Nic.Name -NewName 'LAN2'
New-NetIPAddress -IPAddress '192.168.12.1' -PrefixLength 24 -InterfaceAlias 'LAN2'
}
'00-15-5D-20-15-A3' {
Write-Host 'LAN3 NIC'
Rename-NetAdapter -Name $Nic.Name -NewName 'LAN3'
New-NetIPAddress -IPAddress '192.168.13.1' -PrefixLength 24 -InterfaceAlias 'LAN3'
}
'00-15-5D-20-15-A4' {
Write-Host 'LAN4 NIC'
Rename-NetAdapter -Name $Nic.Name -NewName 'LAN4'
New-NetIPAddress -IPAddress '192.168.14.1' -PrefixLength 24 -InterfaceAlias 'LAN4'
}
}
}

This first script will enumerate the network adapters and based on the MacAddress will rename them and assign the proper IP address.  The MacAddresses will be detailed below when we create the virtual machine.

This second script I “stole with pride” from Johan Arwidmark’s posting “Install a Virtual Router based on Windows Server 2012 R2 using PowerShell” ( http://deploymentresearch.com/Research/Post/387/Install-a-Virtual-Router-based-on-Windows-Server-2012-R2-using-PowerShell ) and expanded it to handle all of my network segments.  This script will install RRAS and configure it using NETSH commands to provide Internet access for the other network segments.

RTR_Step02-ConfigureRRAS.ps1


# =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
# Windows Server Router configuration
# Install Routing and Remote Access role

Install-WindowsFeature Routing -IncludeManagementTools

# Conigure Routing
Install-RemoteAccess -VpnType Vpn

$ExternalInterface = 'External'
$InternalInterface1 = 'LAN1'
$InternalInterface2 = 'LAN2'
$InternalInterface3 = 'LAN3'
$InternalInterface4 = 'LAN4'

cmd.exe /c 'netsh routing ip nat install'
cmd.exe /c 'netsh routing ip nat add interface $ExternalInterface'
cmd.exe /c 'netsh routing ip nat set interface $ExternalInterface mode=full'
cmd.exe /c 'netsh routing ip nat add interface $InternalInterface1'
cmd.exe /c 'netsh routing ip nat add interface $InternalInterface2'
cmd.exe /c 'netsh routing ip nat add interface $InternalInterface3'
cmd.exe /c 'netsh routing ip nat add interface $InternalInterface4'

# =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

BGInfo

I like to use BGInfo on my virtual machines.  It is not necessary, I just find it convenient.  I’ll show were to add actions to the task sequence for installing and staging BGInfo to run on the machine.  I’ll also include my custom BGInfo configuration for download.  Again, this is entirely optional.  My installation script was taken from Johan’s hydration kits (here), that and my custom BGI file can be downloaded at the end of this post.

If you want to include BGInfo you will need to download my Zip file at the end of this post for the scripts and custom BGI file as well as BGInfo from here.

The Zip file will have a folder called Install-BGInfo.  This is the source to add as an application to the MDT deployment share.

  1. Copy the BGInfo executable to the Sources folder inside Install-BGInfo
  2. Create an application and use this command line: cscript.exe Install-BGInfo.wsf

You will also find a PowerShell script named Unblock-BGInfo.ps1.  Copy this to the Scripts folder of your deployment share.


Creating the Task Sequence

The task sequence is where things are going to come together.  I appreciate your patience so far.

First, create a basic server task sequence in the MDT console.

  • On the General Settings page be sure to set the Task Sequence ID to “RTR01”

Screen Shot 2015-12-27 at 9.17.17 PM.png

  • Select “Standard Server Task Sequence” as the template
  • You do not need to specify a product key or an admin password, otherwise accept the defaults and make changes to suit your preferences

 

After creating the basic task sequence, open the properties and edit the task sequence.

We are going to make the changes to the default task sequence that have * * * appended to the name.

TS_1

 

In the Initialization group we will be adding 2 actions.

First, after the original Gather local only action add a new Gather action.
Name: * * * Gather Task Sequence Specific Settings
Rules file: CustomSettings_%TaskSequenceID%.ini

This will instruct MDT to look for a file named (in this example) CustomSettings_RTR01.ini and process it.  We created this file earlier in the “Task Sequence Custom Settings INI” section.

Second, after this custom Gather action add a Set Task Sequence Variable action.
Name: * * * Set New Computer Name
Task Sequence Variable: OSDComputerName
Value: %HydrationOSDComputerName%

In our custom INI file we initialized the HydrationOSDComputerName variable and set it to “RTR01”.  This action passes that value to the native OSDComputerName variable that MDT will use to name this machine.

Now, at the very end of the task sequence add a new group.

* * * Staging  for Configuration
In this group we are going to add 4 new actions (6 if you want to include BGInfo).

  1. Set Phase
    1. Type: Set Task Sequence Variable
      1. Task Sequence Variable: PHASE
      2. Value: STATERESTORE
  2. Copy Scripts
    1. Type: Run Command Line
      1. Command line:
        1. cscript.exe “%SCRIPTROOT%\LTICopyScripts.wsf”
  3. Install – BGInfo
    1. Type: Install Application
    2. Install a single application: Install – BGInfo
  4. Unblock the BGInfo.lnk
    1. Type: Run PowerShell Script
      1. PowerShell Script:
        1. %ScriptRoot%\Unblock-BGInfo.ps1
  5. Rearm Activation
    1. Type: Run Command Line
      1. Command line:
        1. cscript C:\Windows\System32\Slmgr.vbs /rearm
      2. Start in: C:\Windows\System32
  6. Restart computer
    1. Type: Restart computer
  7. Copy Config Scripts
    1. Type: Run Command Line
      1. Command line:
        1. cmd /c copy “%ScriptRoot%\RTR_Step*.ps1” “%USERPROFILE%\Desktop\”

Creating the Virtual Machine

You are going to want to create a virtual machine with these specifications:

Specifications
Virtual Machine Name DEMO-RTR01
Memory 1024MB
Hard Disk 100GB
Network (s) LAN0
LAN1
LAN2
LAN3
LAN4
MAC Addresses 00:15:5D:20:15:AA (LAN0)
00:15:5D:20:15:A1 (LAN1)
00:15:5D:20:15:A2 (LAN2)
00:15:5D:20:15:A3 (LAN3)
00:15:5D:20:15:A4 (LAN4)

 


Building the Virtual Machine

Once you have created the virtual machine point the virtual CD/DVD drive to the boot ISO from your MDT deployment share and boot from it.

You will first see the standard welcome screen.
Build_1

Once you click “Run the Deployment Wizard….” you will then see the custom menu from our LocationServer.xml created in the Setup post.

Build_2

For this build select “External (DHCP)” from the pull-down list.  After clicking Next you will be prompted for your credentials.

Build_3

Provide those, click OK and the rest of the wizard is automated.

Build_4

Once the build has completed if successful the virtual machine should power off automatically.

Build_5

You are now ready to perform the post-build configuration.


Post-Build Configuration of the Virtual Machine

Manual Configuration Actions

Q. Why are there post-build manual steps?
A. Primarily for a learning opportunity.  The process to configure RRAS is actually much simpler than I had thought it would be and I’ve never spent the time to work out a way to automated it.  So, if you decide to script the process please let me know.

Once the build has completed and the virtual machine has powered down (indicating a successful build) power the VM back up.

This VM is not a member of any domain so you will be using the local Administrator account to log in.

RTR01_LogonScreen

[The password is “P@ssw0rd”.]

Log into the VM.  As you can see in the BGInfo display (if you included it) that the network adapters on the 4 isolated networks have IPIPA addresses (169.254.x.x/16).

RTR01_BGInfo_APIPA

On the Desktop you will also find 2 PowerShell scripts.

RTR01_ConfigScripts

Open an Administrative PowerShell prompt and run each of these scripts in order.

RTR_Step01-ConfigureNICs

This is the first script you will run.  This script will configure the network adapters in the server.  It will assign the IP addresses and rename the adapters in Windows so that they are easily identifiable.

It will look for specific MAC addresses to handle this, so it is imperative that you assigned the MAC addresses correctly.

RTR01_Running Script1

Network Adapter MAC Address IP Address
LAN0 00:15:5D:20:15:AA DHCP
LAN1 00:15:5D:20:15:A1 192.168.11.1
LAN2 00:15:5D:20:15:A2 192.168.12.1
LAN3 00:15:5D:20:15:A3 192.168.13.1
LAN4 00:15:5D:20:15:A4 192.168.14.1

 

RTR_Step02-ConfigureRRAS

Once the first script has completed the network adapters will be configured.  You can then run the second script.  This second script installs RRAS and configures the Internet routing protocol within RRAS.

RTR01_RunningScript1a

RTR01_RunningScript2b

RTR01_RunningScript2c

Once this script has completed RRAS is set up to provide NATed access to the Internet.

LAN Routing

Now that Internet access for the entire lab has been configured the next step will be to configure LAN routing for the lab.  This will be done manually using the RRAS interface.  (It’s a learning experience.)  From Server Manager, click on Tools and select Routing and Remote Access.

RTR01_LANRouting_ServerMgr

Expand the IPv4 node of the RRAS console.  RTR01_LANRouting_Step1
Right-click on the General node and select New Routing Protocol  RTR01_LANRouting_Step2
In the New Routing Protocol list choose RIP Version 2 for Internet Protocol  RTR01_LANRouting_Step3
You will now have a node labelled “RIP” in the console.  Right-click on that RIP node and select New Interface

 

 RTR01_LANRouting_Step4
Select each of the 4 “LAN#” segments

 

Important!

Do NOT select the “External” interface.

 RTR01_LANRouting_Step5
As you select each LAN# interface, accept the default RIP properties.  RTR01_LANRouting_Step6
Repeat this for each of the 4 LAN# interfaces.  RTR01_LANRouting_Step7

 

RTR01 is now capable of routing traffic between each of the 4 isolated networks.

DHCP Relay Agent

The final step is to add a DHCP Relay Agent (also known as an “IP Helper”).  This will allow any virtual machines you create on these networks to obtain an IP address from the DHCP server (on DC01).

Right-click on the General node and select New Routing Protocol  RTR01_DHCPRelay_Step1
Select the DHCP Relay Agent protocol.  RTR01_DHCPRelay_Step2
You will now have a node labelled “DHCP Relay Agent” in the console.  Right-click on that node and select New Interface

 

 RTR01_DHCPRelay_Step3
In the New Interface dialog you will only select LAN2, LAN3 and LAN4.

 

Important!

Do NOT select LAN1, External or Internal.

 RTR01_DHCPRelay_Step4
Accept the default properties for each interface.  RTR01_DHCPRelay_Step5
Repeat these steps for LAN3 and LAN4.  RTR01_DHCPRelay_Step6

What the DHCP Relay Agent will do is to take any DHCP requests from LAN2, LAN3 and LAN4 and forward them to the DHCP server.  Since our DHCP server is going to be on LAN1 we do not need to add that to the interfaces of the Relay Agent.

The final step is to specify the IP address of the DHCP server.  This will be DC01, which will be created next.

Right-click on the DHCP Relay Agent node and select Properties  RTR01_DHCPRelay_Step7
On the properties page you will enter the IP address of the DHCP server (DC01).

 

Enter the IP address 192.168.11.2 and click Add

 RTR01_DHCPRelay_Step8

 

The configuration of RTR01 is now complete.  You can now move on to building the second virtual machine, DC01.

You can download a Zip file with my sample files and scripts here.

Advertisements

Posted on December 30, 2015, in Hyper-V, MDT 2013, MDT Lab Builder, PowerShell, Task Sequences, Training, Virtual Router, Windows Server and tagged , , , , , . Bookmark the permalink. 1 Comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: