Test Lab Guide: Windows Server 2012 R2 Base Configuration
Test Lab Guide: Windows Server 2012 R2 Base Configuration
Test Lab Guide: Windows Server 2012 R2 Base Configuration
Abstract
This Microsoft Test Lab Guide (TLG) provides you with step-by-step
instructions to create the Windows Base Configuration test lab, using
computers running Windows 8.1 or Windows Server 2012 R2. With the
resulting test lab environment, you can build test labs based on other
Windows Server 2012 R2-based TLGs from Microsoft, TLG extensions in the
TechNet Wiki, or a test lab of your own design that can include Microsoft or
non-Microsoft products. For a test lab based on physical computers, you can
image the drives for future test labs. For a test lab based on virtual machines,
you can create snapshots of the base configuration virtual machines. This
enables you to easily return to the base configuration test lab, where most of
the routine infrastructure and networking services have already been
configured, so that you can focus on building a test lab for the product,
technology, or solution of interest.
Copyright Information
This document is provided for informational purposes only and Microsoft
makes no warranties, either express or implied, in this document. Information
in this document, including URL and other Internet Web site references, is
subject to change without notice. The entire risk of the use or the results from
the use of this document remains with the user. Unless otherwise noted, the
example companies, organizations, products, domain names, e-mail
addresses, logos, people, places, and events depicted herein are fictitious,
and no association with any real company, organization, product, domain
name, e-mail address, logo, person, place, or event is intended or should be
inferred. Complying with all applicable copyright laws is the responsibility of
the user. Without limiting the rights under copyright, no part of this document
may be reproduced, stored in or introduced into a retrieval system, or
transmitted in any form or by any means (electronic, mechanical,
photocopying, recording, or otherwise), or for any purpose, without the
express written permission of Microsoft Corporation.
Contents
Introduction...................................................................................................... 5
In this guide................................................................................................... 5
Test lab overview........................................................................................... 6
Hardware and software requirements...........................................................8
User account control...................................................................................8
Steps for Configuring the Corpnet Subnet........................................................9
Step 1: Configure DC1................................................................................... 9
Install the operating system on DC1...........................................................9
Configure TCP/IP properties on DC1..........................................................10
Configure DC1 as a domain controller and DNS server.............................12
Install and configure DHCP on DC1...........................................................13
Create a user account in Active Directory on DC1....................................15
Step 2: Configure APP1................................................................................16
Install the operating system on APP1.......................................................16
Configure TCP/IP properties on APP1.........................................................16
Join APP1 to the CORP domain..................................................................18
Install the Web Server (IIS) role on APP1...................................................19
Create a shared folder on APP1................................................................19
Step 3: Configure CLIENT1...........................................................................20
Install the operating system on CLIENT1..................................................21
Join CLIENT1 to the CORP domain.............................................................21
Test access to resources from the Corpnet subnet...................................22
Steps for Configuring the Internet Subnet......................................................23
Step 1: Configure EDGE1.............................................................................23
Install the operating system on EDGE1.....................................................23
Configure TCP/IP properties on EDGE1......................................................24
Join EDGE1 to the CORP domain...............................................................26
Step 2: Configure INET1.............................................................................. 27
Install the operating system on INET1......................................................27
Configure TCP/IP properties on INET1.......................................................27
Rename the computer to INET1................................................................29
Install the DNS Server and Web Server (IIS) server roles on INET1...........30
Configure the NCSI web site on INET1......................................................34
Test access to Internet resources from the Internet subnet......................34
Snapshot the Configuration............................................................................35
Additional Resources...................................................................................... 36
Appendix........................................................................................................ 36
Set UAC behavior of the elevation prompt for administrators.....................36
Introduction
Test Lab Guides (TLGs) allow you to get hands-on experience with new products and
technologies using a pre-defined and tested methodology that results in a working
configuration. When you use a TLG to create a test lab, instructions tell you what
servers to create, how to configure the operating systems and platform services,
and how to install and configure any additional products or technologies. A TLG
experience enables you to see all of the components and the configuration steps on
both the front-end and back-end that go into a single- or multi-product or
technology solution.
A challenge in creating useful TLGs is to enable their reusability and extensibility.
Because creating a test lab can represent a significant investment of time and
resources, your ability to reuse and extend the work required to create test labs is
important. An ideal test lab environment would enable you to create a basic lab
configuration, save that configuration, and then build out multiple test labs in the
future by starting with that basic configuration.
The purpose of this TLG is to enable you to create the Windows Server 2012 R2
Base Configuration test lab, upon which you can build a test lab based on other
Windows Server 2012 R2 -based TLGs from Microsoft, TLG extensions in the TechNet
Wiki, or a test lab of your own design that can include Microsoft or non-Microsoft
products.
Depending on how you deploy your test lab environment, you can image the drives
for the Windows Server 2012 R2 Base Configuration test lab if you are using
physical computers or you can create snapshots of the Base Configuration test lab
virtual machines. This enables you to easily return to baseline configuration where
most of the routine client, server, and networking services have already been
configured so that you can focus on building out a test lab for the products or
technologies of interest. For this reason, make sure that you perform a disk image
on each computer if youre using physical computers, or perform virtual machine
snapshots if you are using virtual machines after completing all the steps in this
TLG.
The Windows Server 2012 R2 Base Configuration TLG is just the beginning of the
test lab experience. Other Windows Server 2012 R2-based TLGs or TLG extensions
in the TechNet Wiki focus on Microsoft products or platform technologies, but all of
them use this Windows Server 2012 R2 Base Configuration TLG as a starting point.
In this guide
This document contains instructions for setting up the Windows Server 2012 R2
Base Configuration test lab by deploying four server computers running Windows
Server 2012 R2 and one client computer running Windows 8.1. The resulting
configuration simulates a private intranet and the Internet.
Important
The following instructions are for configuring the Windows Server 2012 R2
Base Configuration test lab. Individual computers are needed to separate the
services provided on the network and to clearly show the desired
functionality. This configuration is neither designed to reflect best practices
nor does it reflect a desired or recommended configuration for a production
network. The configuration, including IP addresses and all other configuration
parameters, is designed only to work on a separate test lab network.
Note:
Click Copy.
From the virtual machine menu bar, click Clipboard, and then
click Type clipboard text.
One computer running Windows Server 2012 R2 named DC1 that is configured as an
intranet domain controller, Domain Name System (DNS) server, and Dynamic Host
Configuration Protocol (DHCP) server.
One intranet member server running Windows Server 2012 R2 named APP1 that is
configured as a general application and web server.
One member client computer running Windows 8.1 named CLIENT1 that will switch
between Internet and intranet subnets.
One intranet member server running Windows Server 2012 R2 named EDGE1 that is
configured as an Internet edge server.
One standalone server running Windows Server 2012 R2 named INET1 that is configured
11
The Windows Server 2012 R2 Base Configuration test lab consists of two subnets
that simulate the following:
Computers on each subnet connect using a physical hub, switch, or virtual switch.
See the following figure for the configuration of the Windows Server 2012 R2 Base
Configuration test lab.
13
This document describes how to build out the Windows Server 2012 R2 Base
Configuration test lab in two sections:
Steps for configuring the Corpnet subnet (DC1, APP1, and CLIENT1)
There are some TLGs that require only the Corpnet subnet. However, it is strongly
recommended that you build out both subnets if you ever plan to test technologies,
products, or solutions that include access to Corpnet servers and services from the
Internet. The Windows Server 2012 R2 Base Configuration test lab environment
consisting of both subnets can be saved and reused for other TLGs. By building out
both the Corpnet and Internet subnets, you will have a reusable snapshot of the
entire Windows Server 2012 R2 Base Configuration test lab that can be used for
many TLGs, which has the starting Windows Server 2012 R2 Base Configuration test
lab in a unified and consistent state.
Four computers that meet the minimum hardware requirements for Windows Server
2012 R2. One of these computers (EDGE1) has two network adapters installed.
One computer that meets the minimum hardware requirements for Windows 8.1.
If you wish to deploy the Base Configuration test lab in a virtualized environment, your
virtualization solution must support Windows Server 2012 R2 64-bit virtual machines.
The server hardware must support the amount of RAM required to run the virtual
operating systems included in the Base Configuration test lab and any other virtual
machines that may be required by additional TLGs.
Important
Run Windows Update on all computers or virtual machines either during the installation
or immediately after installing the operating systems. After running Windows Update,
you can isolate your physical or virtual test lab from your production network.
Alternatively, see the Appendix of this guide for instructions about how to set the
UAC behavior of the elevation prompt for administrators.
Note
You must be logged on as a member of the Domain Admins group or a
member of the local Administrators group on each computer to complete the
tasks described in this guide.
The following sections provide details about how to perform these steps.
A domain controller for the corp.contoso.com Active Directory Domain Services (AD DS)
domain
Configure TCP/IP
Install DHCP
17
Note
The link may not immediately appear. Wait for the network interfaces to be
enumerated.
2. In Network Connections, right-click Ethernet, and then click Properties. Note
that the "Ethernet" interface name may be different on your computer.
3. Click Internet Protocol Version 4 (TCP/IPv4), and then click Properties.
4. Select Use the following IP address. In IP address, type 10.0.0.1. In Subnet
mask, type 255.255.255.0. Select Use the following DNS server addresses.
In Preferred DNS server, type 127.0.0.1.
5. Click OK and then close the Ethernet Properties dialog.
6. Close the Network Connections window.
7. From the Tools menu in Server Manager, click Windows PowerShell.
8. To configure the firewall to allow ICMPv4 ping packets, type the following
commands and press ENTER after each command.
New-NetFirewallRule DisplayName Allow ICMPv4-In Protocol ICMPv4
New-NetFirewallRule DisplayName Allow ICMPv4-Out Protocol ICMPv4
19
Direction Outbound
9. Close the Windows PowerShell window.
10. In Server Manager, click Local Server in the console tree. Click the link next to
Computer name in the Properties tile.
11. On the Computer Name tab of the System Properties dialog, click Change.
12. In Computer name, type DC1, click OK twice, and then click Close. When you are
prompted to restart the computer, click Restart Now.
13. After restarting, login using the local Administrator account.
21
deployment in the forest, you can safely ignore all warnings regarding DNS
delegation. Click Install to start the domain controller promotion. Allow the
installation to complete.
13. Allow the domain controller to restart. After the server restarts, logon using
the CORP\Administrator credentials.
Commit.
8. On the Summary page, click Close.
9. In the Add Roles and Features Wizard, click Close.
10. From the Tools menu in Server Manager, click DHCP.
11. In the DHCP console tree, expand dc1.corp.contoso.com, and click IPv4.
Right-click IPv4, and click New Scope.
12. Click Next in the New Scope Wizard.
13. Type Corpnet for scope name, and then click Next.
14. Next to Start IP Address, type 10.0.0.100, next to End IP Address, type
10.0.0.200, and next to Subnet Mask, type 255.255.255.0.
15. Click Next eight times to accept all scope option default settings, and then
click Finish.
16. Close the DHCP Manager console.
Administrative Center.
2. In the console tree, click the arrow to expand corp (local), and then doubleclick Users. This adds Users as a recent navigation link in the console tree.
3. In the Tasks pane, click New, and then click User.
4. In the Create User dialog, type User1 next to Full name and type User1 next
to User SamAccountName logon: corp\ (both required fields indicated by
the red asterisk icon).
5. In Password, type the password that you want to use for this account, and in
Confirm password, type the password again.
6. Under Password options, select Other password options, and select
Password never expires.
7. Scroll down to access the Member of section of the Create User dialog, and
click Add. Type Domain Admins; Enterprise Admins, and then click OK.
8. Click OK to close the Create User dialog.
9. Exit the Active Directory Administrative Center.
10. Sign out of DC1 as the Administrator user (right-click the Start icon, point to
Shut down or sign out, and then click Sign out).
11. Sign in using the User1 account.
29
Configure TCP/IP.
31
35
37
Local account. If CLIENT1 does not have Internet access during setup, you
will be prompted to Create a local account.
5. When you are prompted for a user name, type User1. Type a strong password
twice, and type a password hint. Click Finish.
6. Connect CLIENT1 to a network that has Internet access and run Windows
Update to install the latest updates for Windows 8.1.
7. Connect CLIENT1 to the Corpnet subnet. When prompted to automatically
connect to devices on this network, click Yes.
Enter each cmdlet on a single line, even though they may appear word-wrapped across several lines here
because of formatting constraints. Note that you must supply domain credentials after entering the AddComputer command below.
Add-Computer -DomainName corp.contoso.com
Restart-Computer
Configure TCP/IP.
EDGE1 must have two network adapters installed. Connect one adapter to the
Corpnet physical or virtual switch, and connect the second adapter to the Internet
physical or virtual switch.
Install the operating system on EDGE1
First, install Windows Server 2012 R2 as a standalone server.
To install the operating system on EDGE1
1. Start the installation of Windows Server 2012 R2.
2. Follow the instructions to complete the installation, specifying a strong
password for the local Administrator account. Log on using the local
Administrator account.
3. Connect EDGE1 to a network that has Internet access and run Windows
Update to install the latest updates for Windows Server 2012 R2.
4. Connect one network adapter to the Corpnet subnet and the other to the
Internet subnet.
type 10.0.0.1.
8. Click Advanced, and then the DNS tab.
9. In DNS suffix for this connection, type corp.contoso.com, and then click OK
three times to close the network properties dialog.
10. In the Network Connections window, right-click the network connection that is
connected to the Internet subnet, and then click Rename.
11. Type Internet, and then press ENTER.
12. Right-click Internet, and then click Properties.
13. Click Internet Protocol Version 4 (TCP/IPv4), and then click Properties.
14. Select Use the following IP address. In IP address, type 131.107.0.2. In
Subnet mask, type 255.255.255.0.
15. Select Use the following DNS server addresses. In Preferred DNS server,
type 131.107.0.1.
16. Click Advanced. On the IP Settings tab, click Add under IP Addresses. In the
TCP/IP Address section, type 131.107.0.3 in IP address, type 255.255.255.0
in Subnet mask, and then click Add.
17. Click the DNS tab.
18. In DNS suffix for this connection, type isp.example.com, and then click OK
three times to close the network properties dialog.
19. Close the Network Connections window.
20. From the Tools menu in Server Manager, click Windows PowerShell.
21. To configure the firewall to allow ICMPv4 ping packets, type the following
commands and press ENTER after each command.
New-NetFirewallRule DisplayName Allow ICMPv4-In Protocol ICMPv4
New-NetFirewallRule DisplayName Allow ICMPv4-Out Protocol ICMPv4
Direction Outbound
22. To check name resolution and network communication between EDGE1 and DC1,
type ping dc1.corp.contoso.com in the command prompt window and press
ENTER.
23. Verify that there are four responses from 10.0.0.1.
24. Close the Windows PowerShell window.
47
7. When you are prompted that you must restart the computer, click OK.
8. On the System Properties dialog box, click Close.
9. When you are prompted to restart the computer, click Restart Now.
10. After the computer restarts, click the Switch User arrow icon, then click
Other User and log on to the CORP domain with the User1 account.
Configure TCP/IP
Install DHCP
password for the local Administrator account. Log on using the local
Administrator account.
3. Connect INET1 to a network that has Internet access and run Windows Update
to install the latest updates for Windows Server 2012 R2.
4. Connect INET1 to the Internet subnet.
53
Install the DNS Server and Web Server (IIS) server roles on INET1
Next, install role services for INET1, which will act as an Internet web and DNS
server for computers that are connected to the Internet subnet.
Do this step using Windows PowerShell
To install the IIS and DNS server roles
1. On the Server Manager Dashboard screen, under Configure this local
server, click Add roles and features.
2. Click Next three times to get to the server role selection screen.
3. On the Select Server Roles page, select DNS Server and click Add
Features when prompted.
4. Select Web Server (IIS), click Add Features when prompted, and then click
Next.
5. Click Next four times to accept the default DNS server and web server
settings, and then click Install.
6. Verify that the installations were successful, and then click Close.
17.In the console tree, right-click Forward Lookup Zones, click New Zone,
and then click Next.
18.On the Zone Type page, click Next.
19.On the Zone Name page, type msftncsi.com, and then click Next.
59
20.Click Next twice to accept defaults for zone file and dynamic update, and
then click Finish.
21.In the console tree, right click msftncsi.com, and then click New Host (A
or AAAA).
22.In Name, type www. In IP address, type 131.107.0.1.
23.
23.
24.
3. In the Select Server Roles dialog, select DHCP Server, click Add Features
when prompted, and then click Next.
4. In the Select features dialog, click Next.
5. Click Next on the Introduction screen, and then click Install.
6. Allow the installation to complete, and then in the Installation progress window,
click the link for Complete DHCP configuration.
7. In the DHCP Post-Install configuration wizard, click Commit, and then click
Close.
8. In the Installation progress window, click Close.
9. From the Tools menu in Server Manager, click DHCP.
10. In the DHCP console tree, expand INET1. Right-click IPv4, and click New
Scope.
11. Click Next in the New Scope Wizard.
12. Type Internet for scope name, and then click Next.
13. Next to Start IP Address, type 131.107.0.100, next to End IP Address, type
131.107.0.150, and next to Subnet Mask, type 255.255.255.0.
14. Click Next four times to accept default settings for exclusions, delay and lease
duration.
15. On the Router (Default Gateway) dialog, type 131.107.0.1. Click Add, and
then click Next.
16. On the Domain Name and DNS Servers page, next to Parent domain, type
isp.example.com. Under IP address, type 131.107.0.1. Click Add, and then
click Next.
17. On the WINS Servers page, click Next.
18. On the Activate Scope page, click Next, and then click Finish.
19. Close the DHCP Manager console.
65
1. On all physical computers or virtual machines in the test lab, close all windows
and then perform a graceful shutdown.
2. If your lab is based on virtual machines, save a snapshot of each virtual machine
and name the snapshots Windows Server 2012 R2 Base Configuration. If
your lab uses physical computers, create disk images to save the Base
Configuration.
Additional Resources
We strongly encourage you to develop and publish your own TLG content for
Windows Server 2012 R2, either in the TechNet Wiki (example: Test Lab Guide:
Demonstrate Remote Access VPNs) or in your own publishing forum (example: Test
Lab Guide (Part 1) - Demonstrate TMG PPTP, L2TP/IPsec and SSTP Remote Access
VPN Server). If you want to publish your TLG content in the TechNet wiki, see the
How to contribute series of TLG blog posts for information about the types of
content you can create and for links to templates, guidance, and examples.
For a list of additional Microsoft TLGs, see Test Lab Guides in the TechNet Wiki.
Appendix
This appendix describes how to change the default User Account Control (UAC)
behavior.
2. In the console tree, open Local Policies, and then click Security Options.
3. In the contents pane, double-click User Account Control: Behavior of the
elevation prompt for administrators in Admin Approval Mode.
4. Select Elevate without prompting in the list, and then click OK.
6. Close the Local Security Policy window.
71