Rackmount Home Server & VM Lab Build - AVS Forum
Forum Jump: 
 6Likes
Reply
 
Thread Tools
post #1 of 33 Old 07-15-2014, 04:22 PM - Thread Starter
Senior Member
 
kesawi's Avatar
 
Join Date: Jun 2006
Location: Brisbane, Australia
Posts: 329
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 28 Post(s)
Liked: 23
Rackmount Home Server & VM Lab Build

Thought I'd share my recent home server build. My aim was to migrate storage, download services (torrent, sabnzbd, sickbeard, etc), TV Server, Plex and other server duties from my current HTPC to my newly installed rack in the storeroom under my house. I also wanted eventually to setup a VM lab, Windows 2012 R2 server, and transfer the router function form my exiting wifi router to a VM on the server.



Due to an unpublished change in the specifications for the rack, it ended up being only 540mm deep instead of 600mm deep as I had anticipated, restricting my options in terms of hardware it could accommodate.

My priority was to expand my storage as my HTPC was nearing its capacity. I was after a minimum of 4 HDD bays to accommodate my future storage requirements. I considered building an all-in-one custom PC based on Server 2012 running FlexRAID in a VM, however upon further investigation I discovered it isn’t recommended to run FlexRAID in a VM, particularly if you don’t really know what you’re doing when it comes to virtualisation (ie me). I didn’t really like the other software storage solutions that were available for Server 2012 and didn’t want to invest in a RAID controller. I decided to separate the storage and server roles into separate machines.

Storage
For the storage I considered a custom build PC based on FlexRAID. Due to the short depth restrictions of my rack I was rather limited to a maximum case depth of 390mm. This left either a Norco RPC-230, RPC-231 or RPC-430 case as the three rackmount options available. I also investigated some SFF tower and desktop cases. When I priced up the build, the cost was getting pretty close to a pre-built NAS. Also the height of some of the cases started to become an issue as they took up too much of my rack space. Using a NAS offered less hassle in avoiding a troubleshooting a custom build and learning FlexRAID. In addition it also offered front mount hot-swap drive bays, which would have been absent on the other available case options. I therefore decided to go with a NAS. Unfortunately the shortest depth rackmount NAS I could find was still 430mm deep and couldn’t be accommodated by my rack.

After some research I settled on a Synology DS414, however at the last minute I changed my mind and bought a Synology DS1513+. The Synology DS1513+ appealed to me for a number of reasons. First, the DS1513+ has four LAN ports compared to two on the DS414. This means that I can keep one LAN port as a management LAN and run a dedicated VLAN with Jumbo Packets enabled the three other ports over iSCSI MPIO back to my server, whereas on the DS414 I would only have one port for my iSCSI VLAN. Secondly, I was only initially purchasing 3 x 3TB HDDs to run in RAID 5, with the intention to add more drives later as my storage needs increase. With a 4-bay NAS I could only add a single 3TB drive, if I wanted to increase storage beyond that I would need to start swapping out the 3TB drives for larger drives. With a 5-bay NAS (and using Synology Hybrid RAID) I can add 2 larger capacity drives and gain the full capacity of these drives without swapping out any of the existing drives. My logic was that by the time I was looking to increase storage capacity, the cost of 4TB or 5TB drives will have dropped to where 3TB drives are at the moment and therefore I would be buying the larger capacity and want to use it.

For the hard drives I settled on the Hitachi HGST 3.5” NAS 3TB 0S03662 drives. They were only $10/drive more than the WD RED 3TB drives, are faster and have a good reputation for reliability. Downside is they consume a little more power than the WD Reds and are a little noisier.

Server

I intended to run the NAS as an interim measure for a while until I was ready for a server, but found it had a couple of limitations. Setting up users, groups and file sharing was a little bit more painful than I was used to on my HTPC, and the share couldn’t be indexed by windows (I like the ability to search for things relatively quickly). Also, the SynoCommunity package repository was down for an unknown time and I couldn’t get the add-on packages I needed. I therefore decided to bring forward my server build

I required a short depth case less than 390mm deep to fit in my rack. It also had to be able to accommodate an mATX board as I needed to install my existing TV tuner card and a multi-port LAN adapter. I looked at a 1RU HP Proliant DL320eGEN8v2 server which uMart had on special for $499. However, only the 4xsFF HDD version was available and I wanted to relocate some existing 3.5” drives into the server. I also wasn’t sure whether I could put two PCIe cards on the riser.

I couldn’t find a pre-built server under 390mm deep so settled on a custom build a 2RU server.
Case: Norco RPC-230 – This case is a 2RU high x 387mm deep rackmount case. It was the only one of three rack mount cases under 390mm deep that I could find available in Australia. The Norco RPC-430 is a 4RU case and would have occupied more of the rack. While having 6x3.5” + 2x 5.25” bays compared to 4x3.5” and 1x5.25” on the RPC-230, my primary storage was in the NAS so I didn’t need this extra capacity. The RPC-231 is almost identical to the RPC-230 except that it has and 2x3.5” and 2x5.25” bays. As I wasn’t installing a DVD drive in the server I preferred having more internal 3.5” drive bays.

The RPC-230 is a nice solid rack mount case which has been able to accommodate the 2 x SSDs and 1 x 3.5” drive I’ve put in it. It can easily accommodate 2 x 3.5” drives in the two bays above the mother board tray, although they just clear the stock intel CPU cooler (good cable management is critical to avoid contact with the fan) . A third drive can be placed in the other middle bay, but in my case it slightly clashes with the USB3 header feeding my front USB3 port. I could get around this purchasing a low profile internal USB3 adapter cable. The fourth bay in front of the PSU can accommodate a 3.5” drive but the cables will be squashed up against the cables from the PSU.

The individual drive trays are held by two screws and are quite easy to release. They only have holes for 3.5” drives, and then only for the bottom ones and not for the side mounts. There are no anti-vibration mounts, but the case has been solid enough that this hasn’t been an issue so far. I initially mounted my SSDs using just one of the bottom screw holes which was sufficient to hold it. I found that the drive screws supplied with my case were a slightly different thread to my SSDs. I’ve ended up changing over to a SSD adaptor bracket which can accommodate 2xSSDs in one 3.5” bay. The bracket doesn’t have any bottom screw holes and therefore is sitting loose in the drive tray, This is secure enough for me given that the drive doesn’t spin and the server won’t be getting moved around.

In order to install the motherboard or change out the case fans (which you will want to do), the whole hard drive shelf has to be removed. This also involves removing the rack mount ears so that the screws for the shelf can be accessed. The two 80mm case fans are very noisy and only have molex connectors so can’t be connected to the motherboard fan headers without an adapter. I ended up replacing them two Noctua NF-R8 redux-1800 PWM fans which are much better.

The coating to the outside of the case does chip and scratch easily, and you need to be careful with tightening the screws as they are quite soft. The screws are also quite small as well, so you need to be careful not to lose them. The case doesn’t come with a manual so you need to figure out how to take everything apart and where all of the screws go on your own. It’s pretty straight forward though.

One thing to be aware of is that the case can only accommodate a PSU which has a front-to-back airflow path (ie air is draw from the front of the PSU and exhausted out the back). The vast majority of all PSUs now have a perpendicular airflow path (ie air is draw in from the top or bottom of the PSU and exhausted out of the back). The case has no air intake for the PSU on the bottom or top, as most server cases are designed for front to back airflow. This severely limits PSU choice.

Rackmount rails are available for the case but at 20 and 26 inches in length, they are too long for my rack, and kind of defeat the purpose of a short depth case. It also only has USB2 ports on the front of the case and no USB3 ports.

Motherboard: Intel Server Board S1200V3RPL – I required a mATX board to accommodate my TV tuner card and a multi-port LAN card. As the server was going to be located in a store room under my house I wanted something with remote management and KVM capabilities. I didn’t fancy having to carry a monitor and keyboard downstairs and work in the cold if I had to access the BIOS or boot options. I also wanted an onboard Intel NIC. This led me away from consumer boards to a server board. The S1200V3RPL was the cheapest socket 1150 mATX server board I could find and still has plenty of features. It has 4 x PCIe slots, 6xSATA3 ports, 2x 1GB LAN ports, 1 x USB 3 header, 1 x USB2 header, an internal USB2 Type A port which allows you to plug in a USB key or other device, 2 x external USB2 ports and 2 x external USB3 ports. It supports remote management and KVM through the onboard LAN, however I added the AXXRMM4 Remote Management Module which uses its own dedicated LAN port. The motherboard can accommodate up to 32GB of RAM. The BIOS has several fan speed control options, and controls the CPU and system fan headers to keep fan noise to a minimum.

CPU: Intel Xeon® Processor E3-1240 v3 – As I was intending to run a VM lab, I wanted a CPU with virtualisation and hyper-threading support. I went for a Xenon over a Core i7 CPU, as the Xenon was cheaper. I chose the E-1240 V3 over the E1230 V3 as it was only $30 more.

RAM: 2x Kingston 8GB PC3-12800 1600MHz ECC DDR3L RAM - 11-11-11 - Intel Validated ValueRAM – I was pretty much restricted to this RAM for compatibility with the motherboard if I wanted to use ECC RAM.

PSU: Zippy 400W PS-5400HG2 – I was pretty much limited to this PSU as I required a front-to-back airflow path (ie air is draw from the front of the PSU and exhausted out the back) as the case had no PSU intake on the bottom. The only other PSU with this airflow configuration I could find in Australia was the Antec 350W Basiq ATX, however it didn’t have an 8-pin CPU motherboard power plug. The Zippy is a quiet and efficient CPU, and from what information I could find online, appears to be a reliable brand. Unfortunately it isn’t modular so the spare cables take up quite a bit of room and do restrict the airflow at the intake slightly. It comes with 5x SATA plugs, 6 x molex plugs and 2 x GPU plugs.

LAN Card: Intel Ethernet Server Adapter I350-T4 – This is a great quad port 1GB LAN adapter. I wanted to run 2 teamed LAN ports for client access to the server, 2 LAN ports for iSCSI VLAN, and 1 WAN port from my cable modem. It was easily accommodated into case and comes with a low-profile adapter.

Drive Bay: Themaltake Max 5 Duo SATA HDD Rack – One thing missing from the Norco case was a front USB3 port so that I could easily connect an external drive to the front of the server. I also wanted a hot-swap drive bay so that I could plug in a 3.5” or 2.5” drive into the server without needing to open the chassis. The Max 5 Duo combines both the drive bay and USB3 ports. I haven’t tested it so far, but it fits very nicely into the case. The red release tabs on the drive bay doors do stand out though and may not fit with you colour scheme.

Case Fans: 2x Noctua NF-R8 redux-1800 PWM fans – The original case fans supplied with the Norco RPC-230 chassis were extremely loud and could not be connected to motherboard fan headers. I decided to replace them with the Noctuas. I considered the NF-R8 PWM fans but went with the redux version as they were cheaper and I didn’t need the any of the adaptors or accessories. In addition the redux fans are dark grey and blend in with the front of the case compared to the traditional Noctua beige and brown. The difference in noise is night and day, and the sever is now almost silent. The fans have allowed me to utilise the fan control options in the motherboard BIOS.

SSD: 2 x OCZ Vertex 3 120GB SSDs – I had two of these in my main gaming rig in RAID0 and recently upgraded it to a single Samsung EVO 840. I’ve now repurposed the Vertex 3s to the server. I’m currently running them in RAID1 and use them for the host OS and guest VMs.

HDD: Samsung 500GB – I had this drive left over from an external drive and have installed it as a scratch drive and backup drive for the VMs.

HDD: WD Caviar Green 2TB WD20EZRX – I currently have this drive in my HTPC and will repurpose it into the server for use as a backup drive.
The Build
I wimped out on the build and had it done through TechBuy where I purchased the parts. While I have built many PCs in the past I was concerned that with the case being so tight everything might not fit together. There was no information on the maximum card length supported by the case. I was also concerned whether there would be enough room behind the PSU to accommodate the spare cables and the Thermaltake Max 5 Duo. I figured it was less risk if I let TechBuy build it so if there was a problem then they could simply cancel the order or make changes prior to dispatch. If I built it myself and found an issue during the build then I risked being stuck with parts I couldn’t use but had already purchased. Their build price was quite cheap at $55 so it was a no brainer.

The service from TechBuy was great, from the initial enquiries through to the after-sales support. The rep I dealt with helped to confirm that the components should be compatible prior to ordering, and did his best to price match. While not matching pricing from other sources he was able to offer discounts of between $5-$10 off most items. The build was shipped within 7 days of placing an order, despite some parts having to be obtained from their distributors, and was received overnight. The server was double boxed and well packed. The overall build quality and cable management was very neat and of a high standard. A small folder was included in the shipment containing all of the spares, manuals and driver discs. The build team omitted a couple of case screws and the spare full-height bracket for the LAN card, however they were posted straight away at no cost, and without question when I contacted them.

The Setup

I’ve been gradually installing and configuring the host and guest operating systems over the past few weeks. I have the three drives in the NAS configured in Synology Hybrid RAID giving me 6TB of storage. I’ve created a single drive group and then a single storage volume over the drives. I’m using file based LUNs for the iSCSI Targets with thin-provisioning enabled. I have a main storage LUN, a backup LUN, a WSUS store LUN and a Hyper-V LUN. I’m using one of the LAN ports as a management port, and the remaining three are on my iSCSI VLAN.

On the server I’m using Windows Server 2012 R2 as the main hyper-v host. I considered running just the core version but find the GUI easier to use during setup and configuration. I’ll probably convert it to core once everything is setup and maintenance is minimised. I have each of the LUNs on the NAS mounted by the host OS and directed to the relevant VM guest. I’ve teamed one LAN port from each of the onboard and I350-T4 NICs to be the main connection for the server. I have another three LAN ports connected to my iSCSI VLAN and have configure MPIO. The last LAN port I’m leaving spare for my firewall WAN port.

My VMs are:
  • VM1 – Windows Server 2012 R2 – This is my active directory server. It also runs the DNS, DHCP and WINS servers
  • VM2 – Windows Server 2012 R2 – This is my main file server and shares the storage LUN from my NAS. It also runs my AD CS server. I intend to add the WSUS and Server Essentials roles to this VM, for backup to the NAS. I also intend to add a RADIUS server for use with my WiFi for WPA2 Enterprise Authentication.
I’m finding that having the AD, DNS and DHCP server within a VM causes issues for me when I restart the host server. The network location awareness service on the host OS doesn’t detect the domain when the server boots and configures the teamed NIC as a public LAN. I’ve been able to change it to a Private LAN, but it still causes issues.

I’m planning to set up several other VMs:
  • VM3 – Windows Server 2012R2 – I want to put my Argus TV server on a separate VM so that if there is a problem I can restart the VM without impacting other services.
  • VM4 – CentOS 7 – This will be my download VM for torrents, sabnzbd, sickbeard, etc. I’m also planning on installing Plex on this VM as well.
  • VM5 – Sophos UTM Firewall Home Edition – This will be my router.

I do have some pictures of the sever and rack with everything installed, and will upload them when I have an opportunity to grab them off my camera.

Thanks for reading this far.


Last edited by kesawi; 07-21-2014 at 04:19 PM. Reason: Broken link
kesawi is online now  
Sponsored Links
Advertisement
 
post #2 of 33 Old 07-20-2014, 07:49 PM - Thread Starter
Senior Member
 
kesawi's Avatar
 
Join Date: Jun 2006
Location: Brisbane, Australia
Posts: 329
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 28 Post(s)
Liked: 23
Assembled server shown below without the hard drives. The only issue I have with it is the big bundle of spare cables from the PSU restricting airflow, although there is nothing I can do about it as I have nowhere else to stash the cables. Despite the cramped space, everything looks quite neat.



Server and NAS installed into my rack. My only remaining gripe with the Norco case is the brightness of the LEDs. If the case was exposed in a home theatre room, then the LEDs would need to be covered.

kesawi is online now  
post #3 of 33 Old 07-21-2014, 10:01 AM
AVS Special Member
 
politby's Avatar
 
Join Date: Nov 2006
Location: N59.45817 E18.39345
Posts: 1,416
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 21 Post(s)
Liked: 65
Nice project, thank you for posting!

I am personally really interested in the Sophos firewall. I have been considering running pfsense in a virtual machine but this sounds really interesting. Please keep us updated.
politby is offline  
post #4 of 33 Old 07-21-2014, 10:13 AM
AVS Special Member
 
Noah's Avatar
 
Join Date: Jul 2000
Location: St. Paul, MN
Posts: 1,452
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 3 Post(s)
Liked: 13
Nice setup. I would've either replaced the rack to accommodate a case with more drive bays or gone with the Norco 430 instead of buying a separate NAS. SnapRAID is the answer in my setup.
Noah is offline  
post #5 of 33 Old 07-21-2014, 04:52 PM - Thread Starter
Senior Member
 
kesawi's Avatar
 
Join Date: Jun 2006
Location: Brisbane, Australia
Posts: 329
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 28 Post(s)
Liked: 23
Quote:
Originally Posted by politby View Post
Nice project, thank you for posting!

I am personally really interested in the Sophos firewall. I have been considering running pfsense in a virtual machine but this sounds really interesting. Please keep us updated.
Thanks for your comment. I'm probably 2-3 weeks away from getting Sophos up and running. It's been very slow progress for me as I've been learning and troubleshooting as I've setup all of the VMs and progressively installed each of the features and roles. I've only just recently switch over my main storage from my HTPC to the NAS once I'd sorted out nearly all of the bugs (although I still have a few minor ones left). My priority is to transfer all of the remaining roles from my HTPC to the Server before playing around with Sophos.

I’m finding Group Policy very useful for rolling out changes across all users and computers rather than having to go and individually configure four users on four PCs each time I want to make a change. I also like having my own private CA which automatically distributes the root certificate to all domain PCs, and using custom security certificates for all of my internal management pages.

I've just installed CentOS and am trying to relearn Linux after a 15 year absence. I discovered that the CentOS 7 minimal install doesn’t contain all of the components needed to install Webmin. I also haven’t been able to successfully use Samba to connect to the share on my file server VM, but that’s tonight’s project.

Quote:
Originally Posted by Noah View Post
Nice setup. I would've either replaced the rack to accommodate a case with more drive bays or gone with the Norco 430 instead of buying a separate NAS. SnapRAID is the answer in my setup.
Thanks for your comment. I didn’t discover the reduced depth of the rack until it was already on the wall and the contractors had run the cabling. I did investigate changing the rack, but thought in the end I could make it work. I also seriously considered the Norco 430, but as I said above, went with the NAS as I preferred having a prebuilt package. A Norco 430 with SnapRAID would have simplified a few things in comparison to my setup.

kesawi is online now  
post #6 of 33 Old 07-22-2014, 02:11 PM
AVS Special Member
 
EricN's Avatar
 
Join Date: May 2002
Posts: 1,228
Mentioned: 2 Post(s)
Tagged: 0 Thread(s)
Quoted: 57 Post(s)
Liked: 198
Quote:
Originally Posted by kesawi View Post
I’m finding that having the AD, DNS and DHCP server within a VM causes issues for me when I restart the host server. The network location awareness service on the host OS doesn’t detect the domain when the server boots and configures the teamed NIC as a public LAN. I’ve been able to change it to a Private LAN, but it still causes issues.
Put a physical DC on your shopping list. http://www.newegg.com/Product/Produc...82E16816321038
...or remove the Hyper-V host from the domain.

I kept running into chicken-and-egg problems of virtual dcs running on domain-joined vm hosts. It's finicky enough in normal operation, and it's a real pain in the ass if anything goes wrong.
EricN is offline  
post #7 of 33 Old 07-22-2014, 04:09 PM - Thread Starter
Senior Member
 
kesawi's Avatar
 
Join Date: Jun 2006
Location: Brisbane, Australia
Posts: 329
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 28 Post(s)
Liked: 23
Quote:
Originally Posted by EricN View Post
Put a physical DC on your shopping list. http://www.newegg.com/Product/Produc...82E16816321038
...or remove the Hyper-V host from the domain.

I kept running into chicken-and-egg problems of virtual dcs running on domain-joined vm hosts. It's finicky enough in normal operation, and it's a real pain in the ass if anything goes wrong.
I am considering buying a Celeron NUC to run the DC, but am also trying to avoid spending more. At the moment I have a script set to run 2 minutes after booting with restarts the NIC and network location awareness service.

kesawi is online now  
post #8 of 33 Old 08-05-2014, 07:25 PM - Thread Starter
Senior Member
 
kesawi's Avatar
 
Join Date: Jun 2006
Location: Brisbane, Australia
Posts: 329
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 28 Post(s)
Liked: 23
Managed to get my Argus TV VM up and running. I had to install the Recorder component on the host Server 2012 OS as Argus needs direct access to the physical hardware, and installed the scheduler along with MySQL on VM2. It's maybe a fraction slower to start playing live TV and switching channels compared to the previous single-seat arrangement on my HTPC. Took a little bit of stuffing around to find the BDA drivers for Server 2012, but worked first time and had no issue installing the tuner card drivers. I was able to successfully import and export my previous recordings and schedules from my HTPC into the new server. UNC streaming works fine, but RTSP streaming doesn't work at all. Have installed a RAM disk on my host for the timeshift buffer, which doesn't thrash my hard disk as much.

I've given up on running a CentOS VM under Hyper-V for my Plex Server and download applications. Plex was crashing quite a lot, I had difficulty getting my SAMBA shares accessible, and the Hyper-V integration services were always producing errors. I don't have the time or patience to learn Linux and troubleshoot it. I've changed this over to a Server 2012 VM and now Plex is running quite fast and stable. Have managed to get Plex running as a service so I don't need to leave a user logged in. I just need to do the same for SickRage, sabnzbd, etc., and have them running on my NAS for now.

Have reformatted my HTPC and upgraded it to Windows 8.1. Now that it's only doing the job of media playback, it's so much more stable and snappier than before. Have had to resize my screen due to the overscan on the TV and discovered that the Metro Apps don't like this, and will only work in the stanard screen sizes. No real loss as I don't use any of them.

Next step is to get WSUS up and running.

kesawi is online now  
post #9 of 33 Old 08-07-2014, 02:43 PM
AVS Special Member
 
EricN's Avatar
 
Join Date: May 2002
Posts: 1,228
Mentioned: 2 Post(s)
Tagged: 0 Thread(s)
Quoted: 57 Post(s)
Liked: 198
Quote:
Originally Posted by kesawi View Post
Next step is to get WSUS up and running.
For a single rack, I find WSUS to be more trouble than it's worth. Unless you want to hold back specific updates or are handling, say, 25+ machines, just let WUA do its thing. If bandwidth/usage cost is the concern, a Squid cache will be less hassle a WSUS server.
kesawi likes this.
EricN is offline  
post #10 of 33 Old 08-07-2014, 03:40 PM - Thread Starter
Senior Member
 
kesawi's Avatar
 
Join Date: Jun 2006
Location: Brisbane, Australia
Posts: 329
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 28 Post(s)
Liked: 23
Quote:
Originally Posted by EricN View Post
For a single rack, I find WSUS to be more trouble than it's worth. Unless you want to hold back specific updates or are handling, say, 25+ machines, just let WUA do its thing. If bandwidth/usage cost is the concern, a Squid cache will be less hassle a WSUS server.
I've installed it more to have a play around with it and see what it does. It is quite clunky and laking what I would consider to be quite a few obvious features and settings. Primarily I want to reduce download usage and have updates on hand when doing new installs (I know there are other options for this). May get rid of it and revert to a squid cache as you suggest once I get Sophos up and running.

kesawi is online now  
post #11 of 33 Old 08-07-2014, 06:02 PM
AVS Special Member
 
video321's Avatar
 
Join Date: Jun 2002
Location: NJ
Posts: 1,582
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 8 Post(s)
Liked: 14
Quote:
Originally Posted by kesawi View Post
I’m finding that having the AD, DNS and DHCP server within a VM causes issues for me when I restart the host server. The network location awareness service on the host OS doesn’t detect the domain when the server boots and configures the teamed NIC as a public LAN. I’ve been able to change it to a Private LAN, but it still causes issues.
Lucky for you I just started coming back into these forums yesterday as I have your fix
I'm also using host-based VMs and ran into this issue so it will definitely work.

http://technet.microsoft.com/en-us/l.../jj966256.aspx
video321 is offline  
post #12 of 33 Old 08-07-2014, 06:17 PM - Thread Starter
Senior Member
 
kesawi's Avatar
 
Join Date: Jun 2006
Location: Brisbane, Australia
Posts: 329
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 28 Post(s)
Liked: 23
Quote:
Originally Posted by video321 View Post
Lucky for you I just started coming back into these forums yesterday as I have your fix
I'm also using host-based VMs and ran into this issue so it will definitely work.

http://technet.microsoft.com/en-us/l.../jj966256.aspx
Thanks for the tip. I've already implemented that particular policy so the interface type of the internal NIC is set to private, however I really need the type to be set to domain which you can't do under the NLM policies. Currently when I reboot my host server I need to manually disable the internal NIC, restart the Network Location Awareness Service, enable the internal NIC. I tried setting up the following script to execute around 2 minutes after boot but I kept getting an error message about service dependencies when trying to shutdown the NLA and NLM services. The services console shows no dependent services.

Code:
netsh interface set interface name="Local Area Connection" admin=disabled
net stop "Network List Service"
net stop "Network Location Awareness"
net start "Network Location Awareness"
net start "Network List Service"
netsh interface set interface name="Local Area Connection" admin=enabled
I setup my Synology NAS as a slave DNS server to my AD DNS, but that hasn't resolved the issue.I though about trying to configure SAMBA on the NAS to work as a Server 2012 AD controller, but I'm not sure how to do it, or if it's possible.

kesawi is online now  
post #13 of 33 Old 08-08-2014, 04:39 AM
AVS Special Member
 
video321's Avatar
 
Join Date: Jun 2002
Location: NJ
Posts: 1,582
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 8 Post(s)
Liked: 14
Hmm.....

Have you tried to create a script which simply disables then enables the NIC instead of messing with NLA?
Or, a script that will change the NIC to DHCP then back to static?

I'm sure you could get around this annoying issue without needing more hardware.
video321 is offline  
post #14 of 33 Old 08-08-2014, 11:03 AM
AVS Special Member
 
EricN's Avatar
 
Join Date: May 2002
Posts: 1,228
Mentioned: 2 Post(s)
Tagged: 0 Thread(s)
Quoted: 57 Post(s)
Liked: 198
Quote:
Originally Posted by kesawi View Post
I setup my Synology NAS as a slave DNS server to my AD DNS, but that hasn't resolved the issue.I though about trying to configure SAMBA on the NAS to work as a Server 2012 AD controller, but I'm not sure how to do it, or if it's possible.
I tried that too, but I gave up pretty early since I had an unused 1U Atom that could solve the problem without SAMBA. I'm interested if you get it to work. I have an unsubstantiated hunch that SAMBA hasn't kept up with the 2008-2012 changes and I'm curious what the reality is.
Dark_Slayer likes this.
EricN is offline  
post #15 of 33 Old 08-08-2014, 07:42 PM - Thread Starter
Senior Member
 
kesawi's Avatar
 
Join Date: Jun 2006
Location: Brisbane, Australia
Posts: 329
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 28 Post(s)
Liked: 23
Quote:
Originally Posted by video321 View Post
Have you tried to create a script which simply disables then enables the NIC instead of messing with NLA?
Or, a script that will change the NIC to DHCP then back to static?
That was the first thing I tried. Unfortunately I've found that NLA needs to be reset to detect the change. I'd like to find a solution which avoids resetting the NIC as I fear that it will interrupt a critical data transfer and cause data corruption. A potential solution could be to setup some scripts which disable the NIC on shutdown, then enable it 2 minutes after boot, once the AD VM has had time to boot. I need to do some research and work out how to do this.

Quote:
Originally Posted by EricN View Post
I tried that too, but I gave up pretty early since I had an unused 1U Atom that could solve the problem without SAMBA. I'm interested if you get it to work. I have an unsubstantiated hunch that SAMBA hasn't kept up with the 2008-2012 changes and I'm curious what the reality is.
I think SAMBA 4 is compatible with AD 2008, but not sure whether it works with AD 2012 and any potential issues. I'm not sure what version is on Synology DSM5.

kesawi is online now  
post #16 of 33 Old 08-09-2014, 01:35 AM
AVS Special Member
 
ajhieb's Avatar
 
Join Date: Jul 2009
Posts: 1,487
Mentioned: 7 Post(s)
Tagged: 0 Thread(s)
Quoted: 363 Post(s)
Liked: 406
Quote:
Originally Posted by kesawi View Post
That was the first thing I tried. Unfortunately I've found that NLA needs to be reset to detect the change. I'd like to find a solution which avoids resetting the NIC as I fear that it will interrupt a critical data transfer and cause data corruption. A potential solution could be to setup some scripts which disable the NIC on shutdown, then enable it 2 minutes after boot, once the AD VM has had time to boot. I need to do some research and work out how to do this.


I think SAMBA 4 is compatible with AD 2008, but not sure whether it works with AD 2012 and any potential issues. I'm not sure what version is on Synology DSM5.
It's been several years since I've fooled around in the IT world, so I'm a little bit out of my element, but having said that...

Any possibility you could change the Network Location Service to "Automatic (Delayed Start)" My understanding is the system waits 2 minutes (can be changed via registry key) after all of the "Automatic" services have started, which sounds like exactly what you're needing. I'm not sure of the behavior of the dependent services so you might have to modify them as well, but just thought I'd throw that out as a possibility.

RAID protection is only for failed drives. That's it. It's no replacement for a proper backup.
ajhieb is offline  
post #17 of 33 Old 08-09-2014, 03:39 AM - Thread Starter
Senior Member
 
kesawi's Avatar
 
Join Date: Jun 2006
Location: Brisbane, Australia
Posts: 329
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 28 Post(s)
Liked: 23
Quote:
Originally Posted by ajhieb View Post
Any possibility you could change the Network Location Service to "Automatic (Delayed Start)" My understanding is the system waits 2 minutes (can be changed via registry key) after all of the "Automatic" services have started, which sounds like exactly what you're needing. I'm not sure of the behavior of the dependent services so you might have to modify them as well, but just thought I'd throw that out as a possibility.
Thanks for the suggestion. I did try that previously without any success. It didn't seem to correct the problem with the NIC type being set to domain, and delaying the start of the NLA service caused the windows start up process to pause until it became active.

kesawi is online now  
post #18 of 33 Old 08-09-2014, 04:38 AM
AVS Special Member
 
Dark_Slayer's Avatar
 
Join Date: May 2012
Posts: 2,587
Mentioned: 5 Post(s)
Tagged: 0 Thread(s)
Quoted: 203 Post(s)
Liked: 309
Quote:
Originally Posted by kesawi View Post
I thought about trying to configure SAMBA on the NAS to work as a Server 2012 AD controller, but I'm not sure how to do it, or if it's possible.
Can you use CIFS instead?

Quote:
Originally Posted by kesawi View Post
I've given up on running a CentOS VM under Hyper-V for my Plex Server and download applications. Plex was crashing quite a lot, I had difficulty getting my SAMBA shares accessible, and the Hyper-V integration services were always producing errors. I don't have the time or patience to learn Linux and troubleshoot it. I've changed this over to a Server 2012 VM and now Plex is running quite fast and stable. Have managed to get Plex running as a service so I don't need to leave a user logged in. I just need to do the same for SickRage, sabnzbd, etc., and have them running on my NAS for now
Sorry in advance, I know you didn't ask and what I'm about to say won't give you any help, but . . .

Couple of thoughts on this as I will eventually embark on this myself

-For my first server build I went with WHS, then Ubuntu, then W7 which eventually upgraded to 8 and now 8.1 -- whilst playing around in ubuntu server for about a week, I never could get file transfers going at appropriate speeds. This was using individually defined disks non-pooled, non-raid copying an mkv from the server to a w7 desktop's ssd over gig lan, but at the time I didn't know enough to troubleshoot the protocol (which honestly if I were sitting down to do it this instant I wouldn't know where to start)

All that being said, I'd use a landing partition or entire rdm for sickrage, couch potato, and headphones (probably running alongside plex server) to reorganize from the mapped disk to whichever vm your array is on

I've done this before in vmware player (the only vm tools I've used aside from oracle) but I've wondered where the data really goes whenever you tell a VM to take a file from a virtual disk and copy it across a windows workgroup through a virtual nic to a separate virtual disk in the same chassis with the virtual nic shared ? ? ?
Dark_Slayer is offline  
post #19 of 33 Old 08-10-2014, 05:55 AM
AVS Special Member
 
kapone's Avatar
 
Join Date: Jan 2003
Posts: 4,429
Mentioned: 7 Post(s)
Tagged: 0 Thread(s)
Quoted: 83 Post(s)
Liked: 126
Well, you have a couple of potential trouble spots. You're using a Server 2012 "host" and then enabling the Hyper-V role to run your other VMs, I suppose?

Try running Hyper-V bare metal, and then running your VMs over that. A virtualized Server 2012 DC on Hyper-V has none of the issues you're mentioning, as far as I can remember. I was running Hyper-V as well for a while, but settled on ESXi a while ago.

What you're running is similar to what I'm running, except on ESXi. My DC is a Server 2012 R2 as well, and so is my router/firewall (pfSense), both of which are virtualized on the same host. ESXi is set to:

- automatically start the pfSense VM first,
- wait 60s (which is enough for the pfSense VM to be fully operational),
- fire up the Server 2012 DC VM, which boots and does it's thing, without any weird issues with NLA
- wait 60s
- Fire up every other VM that I have set to auto start.

Never had any issue with NLA, with this configuration, and don't have to do any manual intervention.
kapone is offline  
post #20 of 33 Old 08-10-2014, 06:50 PM - Thread Starter
Senior Member
 
kesawi's Avatar
 
Join Date: Jun 2006
Location: Brisbane, Australia
Posts: 329
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 28 Post(s)
Liked: 23
Quote:
Originally Posted by Dark_Slayer View Post
Can you use CIFS instead?
As I'm not real familiar with linux could you elaborate on how CIFS may help? My understanding is that the issues with NLA not detecting the network as a domain is due to it not being able to contact the domain server when the NIC becomes active. Whether I'm using CIFS or SMB shouldn't impact this?

Quote:
Originally Posted by Dark_Slayer View Post
All that being said, I'd use a landing partition or entire rdm for sickrage, couch potato, and headphones (probably running alongside plex server) to reorganize from the mapped disk to whichever vm your array is on
Could you elaborate on what a landing partition and rdm are? I have sickrage, sabnzbd, transmission and couch potato all running smoothly on my NAS at the moment. The download locally to the local volume, then transfer files to the share on my file server VM which is connected back to the NAS via iSCSI. Not the most efficient, but it doesn't involve much traffic so I'm not worried about it. Plex sits on a separate Server 2012 R2 VM and runs along quite nicely.

Quote:
Originally Posted by kapone View Post
Well, you have a couple of potential trouble spots. You're using a Server 2012 "host" and then enabling the Hyper-V role to run your other VMs, I suppose?
Correct

Quote:
Originally Posted by kapone View Post
Try running Hyper-V bare metal, and then running your VMs over that. A virtualized Server 2012 DC on Hyper-V has none of the issues you're mentioning, as far as I can remember. I was running Hyper-V as well for a while, but settled on ESXi a while ago.
I don’t really want to lose the host GUI if I can avoid it, as while I can do most things through the server management console from my laptop, there are times when I need to remote desktop into the host and prefer the GUI. My understanding is there should be little difference between hyper-v bare metal and Server 2012. I’ve seen a number of articles where it’s explained that adding the hyper-v role turns the machine into a bare-metal hyper-v with the host OS running as the first and prioritise Hyper-V guest.

I think the source of my problem could be the way I installed the ADDC VM as it is actually the second ADDC VM I’ve installed. When I was messing around with my initial install, I completely cocked up a few things and decided to wipe everything and start from scratch. I didn’t however reinstall the host OS, so while I did remove it from the domain and rejoin it, it may still have some legacy references to the original ADDC VM. I don’t remember having the same issues.

kesawi is online now  
post #21 of 33 Old 08-10-2014, 11:49 PM
AVS Special Member
 
politby's Avatar
 
Join Date: Nov 2006
Location: N59.45817 E18.39345
Posts: 1,416
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 21 Post(s)
Liked: 65
Quote:
Originally Posted by kesawi View Post
Thanks for your comment. I'm probably 2-3 weeks away from getting Sophos up and running.
I have my Sophos UTM up and running now and I can report it works great as a virtual machine (I am using VMware though). I am running it in bridged transparent mode because I did not want to replace my Microtik router.

I found out that running it in bridge mode requires the NICs to be running in promiscuous mode otherwise it will just block everything. Promiscuous mode is disabled by default in ESXi. Took me three days of tinkering and forum posting to figure this out.
I guess you're planning to run it on the edge though so this probably won't apply to you.
politby is offline  
post #22 of 33 Old 08-11-2014, 03:18 AM
AVS Special Member
 
Dark_Slayer's Avatar
 
Join Date: May 2012
Posts: 2,587
Mentioned: 5 Post(s)
Tagged: 0 Thread(s)
Quoted: 203 Post(s)
Liked: 309
Quote:
Originally Posted by kesawi View Post
As I'm not real familiar with linux could you elaborate on how CIFS may help? My understanding is that the issues with NLA not detecting the network as a domain is due to it not being able to contact the domain server when the NIC becomes active. Whether I'm using CIFS or SMB shouldn't impact this?
Sorry, I have zero knowledge of setting up an AD

When I quoted your post in the subject, I thought your problem was whether or not it was possible to install samba on your synology. I threw cifs as an idea thinking it may be already installed on the synology (while not doing any legwork to actually check) - it's the way I connect my rmbp to my 8.1 server (connect to server -> cifs://UNCName/SharedFolder/etc)


Quote:
Originally Posted by kesawi View Post
Could you elaborate on what a landing partition and rdm are? I have sickrage, sabnzbd, transmission and couch potato all running smoothly on my NAS at the moment. The download locally to the local volume, then transfer files to the share on my file server VM which is connected back to the NAS via iSCSI. Not the most efficient, but it doesn't involve much traffic so I'm not worried about it. Plex sits on a separate Server 2012 R2 VM and runs along quite nicely.
Yep, that doesn't translate well to your environment, and I don't know enough about hyperv or xen (or anything really ) to translate the small amount of things I know the terms for from esxi(vmware). RDM is raw device mapping, but I don't know if that is common to all hypervisor speak or brand specific. In any case, having tried to run a vpn'd virtual ubuntu desktop auto booting sab, utor, sick, couch, and headphones in several different ways . . . I arrived at giving them a separate disk. I referred to either using a separate partition or full disk mapped into whichever vm you are planning to eventually use for d/ls. I tried allocating enough space for the entire VM or just letting the VM take very small space and put the temp d/l directory somewhere on my flexraid array -- both options had setbacks. Allocating all space (temp d/l directory, system drive, swap, etc) to a drive gave me poor speeds, but could have worked if it was an SSD (which I didn't have an extra available for that sole purpose). I got full speed just by switching the temp-dl directories out of the VM's system drive space and onto my flexraid array, but that was problematic with validates after a couple weeks (and not recommended by Brahim). In the end I have all my temp storage d/l directories pointed to my dvr drive (I hardly ever record anything, but I haven't noticed live tv interrupting my dl speed). That drive does no other duties, which is essentially the recommendation I was trying to provide. Sick-couch-phones do all the renaming/moving back to the flexraid array
Dark_Slayer is offline  
post #23 of 33 Old 08-11-2014, 03:34 PM - Thread Starter
Senior Member
 
kesawi's Avatar
 
Join Date: Jun 2006
Location: Brisbane, Australia
Posts: 329
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 28 Post(s)
Liked: 23
Quote:
Originally Posted by politby View Post
I have my Sophos UTM up and running now and I can report it works great as a virtual machine (I am using VMware though). I am running it in bridged transparent mode because I did not want to replace my Microtik router.

I found out that running it in bridge mode requires the NICs to be running in promiscuous mode otherwise it will just block everything. Promiscuous mode is disabled by default in ESXi. Took me three days of tinkering and forum posting to figure this out.
I guess you're planning to run it on the edge though so this probably won't apply to you.
After doing a bit of research I'm considering shifting to pfsense. From what I can find, Sophos UTM doesn't allow uPNP for the firewall and has issues connecting through a VPN server. The issue with pfsense is that I'll need to find a FreeBSD8.3 distro somewhere and then compile my own kernel to get Integration Services support for Hyper-V.


Last edited by kesawi; 08-19-2014 at 09:55 PM.
kesawi is online now  
post #24 of 33 Old 08-19-2014, 12:55 AM
Newbie
 
Join Date: Aug 2014
Posts: 5
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 2 Post(s)
Liked: 0
Nice work! It’s been a long time since I’ve dabbled in something like this. The last time I had a look was when my office purchased a custom rack mount server from Silicon Mechanics. So glad they had an efficient team that helped us in configuring the server. uPNP is a bad idea. Try the free Sophos home edition. http://nakedsecurity.sophos.com/2013...nto-doorstops/
waltermoss123 is offline  
post #25 of 33 Old 08-19-2014, 05:10 PM - Thread Starter
Senior Member
 
kesawi's Avatar
 
Join Date: Jun 2006
Location: Brisbane, Australia
Posts: 329
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 28 Post(s)
Liked: 23
Quote:
Originally Posted by waltermoss123 View Post
uPNP is a bad idea. Try the free Sophos home edition. http://nakedsecurity.sophos.com/2013...nto-doorstops/
While uPNP isn't the best it does take the hassle out of manually configuring port forwards. Yes malware can start punching and opening up holes in your firewall from the inside with an infected PC via uPNP, however, if you have malware on your PC it can setup persistent connections anyway without uPNP that would allow an attacker access to your internal network.

The link you've posted doesn't describe an inherent flaw in uPNP just a flaw in the implementation of uPNP on a number of devices. Proper configuration and coding of the firewall stops uPNP listening on the WAN and prevents that type of external attack. Most firewalls have been patched to remove that vulnerability.

Sophos UTM home, from what I've read, doesn't allow me to configure it to use a VPN service.

kesawi is online now  
post #26 of 33 Old 08-19-2014, 08:06 PM
AVS Special Member
 
Puwaha's Avatar
 
Join Date: Jan 2003
Posts: 1,124
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 1 Post(s)
Liked: 34
Quote:
Originally Posted by kesawi View Post
I've given up on running a CentOS VM under Hyper-V for my Plex Server and download applications. Plex was crashing quite a lot, I had difficulty getting my SAMBA shares accessible, and the Hyper-V integration services were always producing errors. I don't have the time or patience to learn Linux and troubleshoot it.
If you want nearly flawless OS support, switch to VMware ESXi.
sumavguy and Dark_Slayer like this.
Puwaha is offline  
post #27 of 33 Old 08-19-2014, 08:11 PM
AVS Special Member
 
Puwaha's Avatar
 
Join Date: Jan 2003
Posts: 1,124
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 1 Post(s)
Liked: 34
Quote:
Originally Posted by kesawi View Post
After doing a bit of research I'm considering shifting to pfsense. From what I can find, Sophos UTM doesn't allow uPNP for the firewall and has issues connecting through a VPN server. The issue with pfsense is that I'll need to find a FreeBSD8.3 distro somehwere and then compile my own kernel to get Integration Services suppoer for Hyper-V.
Take a look at IPFire. I've been running it flawlessly for years as a VM.

UTM is a little overboard for home use. A home router should be set and forget... unless you just like playing with the tech.
kesawi likes this.
Puwaha is offline  
post #28 of 33 Old 08-19-2014, 10:14 PM - Thread Starter
Senior Member
 
kesawi's Avatar
 
Join Date: Jun 2006
Location: Brisbane, Australia
Posts: 329
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 28 Post(s)
Liked: 23
Quote:
Originally Posted by Puwaha View Post
If you want nearly flawless OS support, switch to VMware ESXi.
My first preference was to use ESXi 5.5 for my hypervisor but I decided against it as vCentre is not free and my understanding is VC is required to manage vSphere. I also have plenty of Windows experience so I figured Hyper-V would be more intuitive for me. A lot of the trouble I was experiencing with CentOS and Ubuntu (excluding the Hyper-V issues) was probably due to my inexperience with Linux.

Quote:
Originally Posted by Puwaha View Post
Take a look at IPFire. I've been running it flawlessly for years as a VM.

UTM is a little overboard for home use. A home router should be set and forget... unless you just like playing with the tech.
IPFire looks interesting thanks for pointing it out. I don't mind playing around with tech but, I've spent the last two months tinkering with the server and reinstalling windows on all my PCs that I need to get back to doing something fun like playing games.

kesawi is online now  
post #29 of 33 Old 08-19-2014, 11:05 PM
AVS Special Member
 
politby's Avatar
 
Join Date: Nov 2006
Location: N59.45817 E18.39345
Posts: 1,416
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 21 Post(s)
Liked: 65
You don't need vCenter if you just want to manage VMs running in ESXi. You just need the free vSphere Client.
politby is offline  
post #30 of 33 Old 08-20-2014, 06:08 PM - Thread Starter
Senior Member
 
kesawi's Avatar
 
Join Date: Jun 2006
Location: Brisbane, Australia
Posts: 329
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 28 Post(s)
Liked: 23
Quote:
Originally Posted by politby View Post
You don't need vCenter if you just want to manage VMs running in ESXi. You just need the free vSphere Client.
Good to know. Think I'll stick with Hyper-V for now though as I pretty much have everything working almost the way I want it and don't really want to upset things.

kesawi is online now  
Reply Home Theater Computers

User Tag List

Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off