Installation of Windows 2008 AD with NAT translation in Oracle VirtualBox environment

The post from WSS.pl (in Polish) about AD with NAT translation installation inspired me to write an article about it.
In the post mentioned above, author has a problem with 2003 AD instalation in Oracle Virtualbox environment. Because I don’t have an access to Windows 2003 Server installation CD, I will use Windows 2008 R2 Trial. For the purpose of that article there is no so much difference between those version.

Assumptions:

  • Host OS: Windows 7 x64
  • Virtual environment:  Oracle VirtualBox x64
  • Guest OS: 2 x Windows 2008 R2 Professional for server and “desktop” virtual machines. Note: Windows 2008 R2 is released for x64 platform.

Goal: Build a computer network with two machines:

  • vServer: server with ADS (Active Directory Services) and DNS and RRAS roles installed. From now on called as a vServer.
  • vPC: desktop joined to domain with Internet access. From now on called as a vPC.

Implementation: I assume that the VirtualBox installation process is so straightforward that I don’t need to describe it step by step.

1. Virtual machines configuration. We are going to make two virtual machines (VM): vServer and vPC in VirtualBox program. Processor and memory settings could be different for your situation, because they are depend from your PC configuration. Most important thing here is the configuration of network cards of each of those VMs. This is the part where more problems are coming from. Here are my settings: vServer:

Figure 1: vServer WAN Card

vServer LAN Card

Figure 2: vServer LAN Card

As you can see from above screen shots, vServer is using first network card to gain access to Internet trough NAT translation from VirtualBox. Second card is to connect to our virtual network and second PC. vPC:

vPc LAN Card

Figure 3: vPC LAN Card

There is nothing special here. vPC is using only one network card and it is set as a Internal Network. Very important here is to select the same name of internal network as was set in vServer.

2. OS installation. Next step is to install OS on our VMs. As I mention before. I will use Windows 2008 R2 Trail version for that. Installation process is very straightforward so I skip describing it entirely.

3. VM configuration. After installing OS on our VMs, good manner is to give meaningful names and setup IP addressing. vServer:vServer has two network cards. I always have a habit to change theirs names to identify them easier in the future. Let’s call them WAN for the first one with Internet access and LAN for the second one with access to our virtual network. The WAN card is set to acquire IP address from NAT from VirtualBox. Do not change these settings. Only thing I have change is unchecked the box next to the “Register this connection’s addresses in DNS”:

vServer WAN Advance IP settings

Figure 4: vServer WAN Advance IP settings

For LAN card we assign IP from a local network addressing chosen by us. I choose a 192.168.100.0/24 network.

vServer LAN IP settings

Figure 5: vServer LAN IP settings

Note that DNS IP address is pointing vServer itself. vPC: For the cPC LAN card we have to assign IP address from the same local network as vServer LAN card. Let set IP to 192.168.100.10.

vPc LAN IP settings

Figure 6: vP LAN IP settings

Note that DNS IP address is pointing to our vServer and default gateway also has the same IP. It will allow vPC to access Internet network when we install RRAS role in vServer later on. Let’s check is everything working fine by pinging our vServer from vPC:

Ping from vPc to vServer

Figure 7: Ping from vPc to vServer

Seems to be fine. Sometimes we will get no response and we need to check firewall setting. In my scenario I had to enable File and Printer Sharing firewall exclusion on both VMs.

File And Printer SharingFigure 8: File and Printer Sharing exception in firewall

Now is time to promote our vServer to a domain controller. Remember to install DNS service during promotion. Domain name I choose for this scenario is virtualbox.local but you can name it whatever you want. During AD promotion I get a warning that one of my network cart has an IP assign by a DHCP server and changing this to static IP is highly recommended to have a reliable DNS service.

DHCP warning during ADS installation

Figure 9: DHCP warning during ADS installation

We don’t need to be worry about this because the card which has IP assign by DHCP is our WAN card which we choose not to register in DNS (Figure 4). Now we can add second VM to domain and let check is everything working fine: a)      ADS, DNS:

vServer Domain Name

Figure 10: vServer Domain Name

DNSFigure 11: DNS

b)      b. vPC name:

vPc Domain NameFigure 12: vPC Domain Name

Let’s check communication between our virtual machines:

Ping vServer from vPcFigure 13: Ping vServer from vPc

Ping vPC from vServerFigure 14: Ping vPC from vServer

As you can see everything is working as it should be. ADS was installed with DNS service, vPC is joined to domain and both machines can “talk” to each other.

4. The next step is to allow vPC access to Internet network. Before I do that, let check is access to Internet really an issue by sending ping to google.com for example:

Server pinging Google.comFigure 15: Server pinging Google.com

Client pinging Google.comFigure 16: Client pinging Google.com

We can access Internet network from server without a problem. This is possible because our first network card WAN setup to NAT option in VirtualBox. For vPC is not so easy, but we can answer the two question. First is we don’t have an access to Internet, but second, we know that DNS service installed on vServer is working fine translating google.com to its IP address. Let’s install RRAS servis onto our vServer. In windows 2008 is hidden behind Network Policy and Access Services role group. Installation process is very simple. After finished installation we can start it from Administrative Tools in Start menu:

RRASFigure 17: RRAS

By the defauld RRAS is not running after installation process. Tu start it we need to configurit by right clicking on our server name and choosing Configure and Enable Routing and Remote Access:

RRAS Configure and Enable

Figure 18: RRAS Configure and Enable

During the installation process we have several option to choose from:

RRAS OptionsFigure 19: RRAS Options

For our scenario is enough to chose only NAT option. In the next step we have to choose network interface which has an access to Internet network. That is our WAN network card:

RRAS Internet Interface ChoiceFigure 20: RRAS Internet Interface Choice

After several Next button clicks we have RRAS up and running:

Installed RRAS with NAT optionFigure 21: Installed RRAS with NAT option

Let’s check what is going on with our network. After RRAS installation nothing actually changed in vServer. Server sending and receiving ping to and from vPC and google.com. So it is exactly the same as it was before we installed RRAS. But if we check our vPC, it now can ping not only vServer, but also google.com:

Working Ping from vPC to google.comFigure 22: Working Ping from vPC to google.com

And google.com website from vPC:

Google.com from vPCFigure 23: Google.com from vPC

Works!

Summary. Installation process of couple VMs in Oracle VirtualBox is not so complicated. AD installation and RRAS configuration is limited only to couple wizards. More important is to configure vServer network cards right and when we made it, rest is just a piece of cake.