Windows Server 2012 Virtual Desktop Infrastructure (VDI) On a Single Machine Using Hyper-V Server - Guide

How to Set Up a Windows Server 2012 Virtual Desktop Infrastructure (VDI) On a Single Machine Using Hyper-V Server.

This guide is intended to show a complete beginner how to set up a secure server environment that will allow them to host discrete remote desktop sessions for multiple users using just one server computer. This guide is intended for a small business owner that wants to set up this environment for just a few users at first but with the ability to quickly scale up in the number of sessions they can host with just some hardware upgrades.

To be fair, I'm about a week into this and still do not have it fully setup. I've decided to write this article as I go and update it with each progressive step including steps to prevent the errors that I encountered down the road. I will do the job of writing, updating, and ultimately polishing the article in the end I only ask that people be open and willing to help in my setup process. Once I get everything up I will redo the ENTIRE setup from scratch and include many screenshots to really make this an easy to follow and start to finish guide.  I will give all contributors and major contributors credit at the top of the article. Let’s begin.

Although the entire setup will run on one machine you will need a second computer to remotely manage your server. Let's prepare this computer first.

Preparing the Windows 8 Client Computer

The first thing you want to do is install Windows 8 on the computer you will be using to remotely manage the server. Once you have Windows 8 installed make sure to use a Local Account with Administrator rights for the rest of this guide (as opposed to a Microsoft Account using your email address). I will name my account "Admin" and you should too if you want to follow exactly. If you already had Windows 8 installed and are using a Microsoft Account you can change to a local account in PC Settings, otherwise you will have the option to set up a local account when you boot into Windows 8 for the first time.

To switch to a local account type

Go to Settings > Change PC Settings > Switch to Local Account

After that you will need to enable a built in feature of Windows 8 called Hyper-V

To enable Hyper-V feature

Go to Settings > Control Panel > Programs and Features > Turn Windows features on or off > enable Hyper-V

This will enable the Hyper-V Manager in your Start menu that you will use to remotely manage the virtual machines on your server. You will also need Server Manager down the road but for that you will need to install the Microsoft’s Remote Server Administration Tools for Windows 8 at http://www.microsoft.com/en-us/download/details.aspx?id=28972.

Once you install RSAT your Windows 8 client machine is done for now so let's prepare the server.

Preparing the Hyper-V Server Computer

On the server we will be using the free Microsoft Hyper-V Server 2012 which can be downloaded from http://www.microsoft.com/en-us/server-cloud/hyper-v-server/default.aspx. It's a lightweight virtualization server which means it will allow you to create virtual machines on your server that will run as entirely separate machines, conceptually turning your one computer into many. This is needed because the VDI setup requires multiple computers but our goal is to keep everything in one box. Hyper-V Server does not have a GUI like Windows Server so it has to be managed using the command line or remotely from a Windows 8 client. We'll be doing a little of both during the set up process.

The first thing you want to do before even installing Hyper-V Server is enable virtualization on your motherboard. Most motherboards come with this enabled by default but you should always check in case to prevent issues down the road. You need to boot your computer into BIOS. This can be done on most motherboards by pressing Del or F1 when your computer is just booting up (watch for the legend as your computer starts as it can be different from Del or F1). Once you're in BIOS you need to locate and enable the CPU virtualization setting. The BIOS varies with different motherboards so you will need to locate it yourself but since this is a CPU setting your best bet is to look under "CPU Configuration" or something similar.

Save and exit BIOS, now boot to your Hyper-V installation media to install Hyper-V Server 2012. If the setup complains about the way your hard drive is formatted open the command line using Shift + F10 and type in the following commands one at a time to configure your hard drive to the correct format for Hyper-V:

diskpart

list disk

select disk #, where # is the drive from the list that you will be installing to

online disk

attribute disk clear readonly

create partition primary

assign letter=K

format fs=ntfs quick

exit 

After you successfully install Hyper-V Server 2012 you will need to configure remote management for this server.


Configuring Remote Management of Hyper-V Server using a Windows 8 Client

In order to remotely manage your Hyper-V Server from your Windows 8 client computer the first thing you'll need to do is obviously turn it on.

Enable remote management on Hyper-V Server

In the blue SConfig.exe console it will say if Remote Management is enabled. If it's not simply enable it using the corresponding legend.

The next thing you should do is configure a static IP address on the server computer. Since there is no GUI this has to be done using command line in the black cmd.exe console.

Configure a static IP address on Hyper-V Server

First get the InterfaceIndex number of your IPv4 network adapter. In cmd.exe type:

PowerShell

Get-NetIPInterface

Take note of the “ifIndex” number (ex, 13) that corresponds to your IPv4 Ethernet adapter. Then type:

New-NetIPAddress –IPAddress 192.168.1.3 –InterfaceIndex 13 –DefaultGateway 192.168.1.1 –AddressFamily IPv4 –PrefixLength 24

You can confirm if the configuration was set correctly by typing

Get-NetIPConfiguration

While you’re still in PowerShell, let’s give the server a name. I’ll call mine HyperVServerPC. Type the following commands following the last ones to set the name of your server.

Rename your Hyper-V Server computer

Rename-Computer HyperVServerPC

Restart-Computer

Exit

Next up you will need to add a firewall exception on the Hyper-V Server for the static IP address of your Windows 8 client (192.168.1.2) using the command line. Once the computer restarts, type the following command into the black cmd.exe console:

Add a firewall exception on Hyper-V Server

netsh.exe advfirewall firewall add rule name="Trusted Traffic" dir=in protocol=Any action=allow remoteip=192.168.1.2

Now’s also a good time to execute some commands that will later allow you to remotely manage your server’s firewall using the Microsoft Management Console (MMC). Just to clarify, you can achieve complete remote control of your server using the following three pieces of software on your Windows 8 client: Hyper-V Manager for virtual machine management, Server Manager for general server roles and features management, and Microsoft Management Console for things like your server’s firewall settings.

Enable remote management of your server’s firewall

netsh advfirewall set currentprofile settings remotemanagement enable

netsh advfirewall firewall set rule group=”Windows Firewall Remote Management” new enable=yes

Now go to your Windows 8 client and open cmd.exe from the start menu, then run it as administrator and execute the following command:

cmdkey /add:HyperVServerPC /user:Admin /pass:password

Next you will need to add your server to the TrustedHost list on your Windows 8 client. Continue in the same command prompt and execute the following commands:

PowerShell

Set-Item wsman:\localhost\Client\TrustedHosts –Value HyperVServerPC –Concatenate

Select yes when prompted

Now go into the black cmd.exe console on the server and execute the following commands:

PowerShell 
New-ItemProperty -Name LocalAccountTokenFilterPolicy -path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -propertyType DWord -value 1

Configuration with hvremote script

A large part of the configuration can be done automatically by executing a C-script called hvremote.wsf on both machines. This script can be downloaded from the following link http://archive.msdn.microsoft.com/HVRemote.

To set up Remote Management using Workgroups we will first execute the C-script on the server. Download the hvremote.wsf file and put it on a USB flash drive. Plug the USB into the server computer and go to the black cmd.exe console. First you'll need to know what drive letter it's assigned to. In the command prompt type:

Diskpart
list volume

Now try to recognize your flash drive from the amount of storage you know it has and remember its corresponding drive letter (for example E: ). Type to exit:

exit

Now type the drive letter you took note of in the last part to navigate to that drive:

E:

You will see by the "E:\>" that you are now inside your flash drive and can execute the script (if you saved it at the root). You need to execute two commands. One to create a user and the other to add that user to a special Administrator group in Hyper-V Server. You must create a user with the same name and password as the local account you created on the Windows 8 client:

net user /add Admin password

cscript hvremote.wsf /mode:server /add:Admin

You'll need to restart the server after this step. (Note you only need to restart the first time you execute that script on the server. If you add additional users you don’t need to restart.)

Your server is now set up but you need to do something similar on your Windows 8 client. Bring the USB over to that computer and open cmd.exe as Administrator (Important). Execute the following commands:

cscript hvremote.wsf /mode:client /anondcom:grant

Now the last step is to just test if everything is configured correctly. This is a matter of running a command on each computer again. Since we're already on the client we'll start with that. Execute this second command following the last one:

cscript hvremote.wsf /mode:client /show /target:192.168.1.3

If the test passes move on to test the server. On the server navigate to the correct directory on the flash drive using the black cmd.exe console and type:

cscript hvremote.wsf /mode:server /show /target:192.168.1.2

Now the last thing you’ll need to do to have full remote management capabilities over your server is to edit your “hosts” file, so go back to your Windows 8 client and navigate to it. It is located in C:\Windows\System32\Drivers\etc.

Double click the host file > Open with Notepad > Add the following line at the bottom (without the #)

192.168.1.3  HyperVServerPC

Save the file and close it. Now:

Right click on the hosts file > Properties > Security tab > Edit > Add > type your username Admin > OK

Select the user you just added and check on the Modify box under Allow

At this point you should be able to remotely configure your server’s firewall settings from the Microsoft Management Console.

Start > type MMC > Right-click Open as Administrator > File > Add/Remove snap-in > In the left pane select Windows Firewall with Advanced Security > Add to the right pane > OK

Open the Windows Firewall with Advanced Security snap-in from the left pane of MMC > Enable the three entries in the list of Inbound Rules with the name “Remote Event Log Management”

And now you should be able to add your server to Server Manager on your Windows 8 client for management:

Start > Open Server Manager > Manage > Add a Server > DNS tab > type HyperVServerPC > Double-click your server > OK

You should also be able to connect to your server through Hyper-V Manager:

Start > Open Hyper-V Manager > Right click Hyper-V Manager node > Connect to Server > Another computer > type the name of your server HyperVServerPC.

Preparing for Virtualization

Once you successfully connect to your server through Hyper-V Manager you should see a node in the manager for your Hyper-V Server HyperVServerPC. You can now remotely create virtual machines on your server. We will need to create 4 virtual machines for the Virtual Desktop Infrastructure. They will correspond to the Domain Controller, the Remote Connection Broker, the Remote Virtualization Host, and the Remote Web Access Server.

However, the first thing you want to do is create a virtual switch which allows your virtual machines to use your computer's network adapter.

Create a virtual switch

Right click the HyperVServerPC node > Virtual Switch Manager > Create Virtual Switch (External) > name it HV Virtual Switch and leave the rest of the settings at default > OK

Creating the Domain Controller in a Virtual Machine

Ok now we’re ready to create our first virtual machine for the domain controller. The other 3 machines in the VDI will need to be joined to the domain you create in this part. But first you’ll need to purchase a domain name from an internet registrar. I purchased my domain from www.GoDaddy.com and let’s assume the name is mydomain.com. You can use a domain you already purchased before because we will actually be configuring the domain controller for a subdomain called developer.mydomain.com. This means you can use mydomain.com as you did before for queries to your website.

To configure a domain controller you will first need to create a virtual machine on your Hyper-V Server and install Windows Server 2012 on it. In Hyper-V Manager:

Creating a Virtual Machine in Hyper-V Manager

Right click HyperVServerPC > New > Virtual Machine

Name it VDIServerDC > Next > 1024 MB > Use Dynamic Memory > Select HV Virtual Switch > Size: 32 GB > Next > Install an operating system from a boot CD/DVD-ROM > Locate your Windows Server 2012 installation media > Finish

Install Windows Server 2012

After the virtual machine is created you can start it up and install Windows Server 2012

Right click the virtual machine > Start

Right click the virtual machine > Connect

Follow the installation wizard to install Windows Server 2012

Configure a static IP address on the Domain Controller

Once you have Windows Server 2012 running on the VM the first thing you want to do is configure a static IP address for your domain controller, this can be done through the GUI.

Configure a static IP address using the Windows GUI

Go to Control Panel > Network and Sharing > Change adapter settings

Right click on your Ethernet adapter > Properties

Select Internet Protocol Version 4 (TCP/IPv4) in the list > Properties

In this case we will make the static IP 192.168.1.4, the Subnet mask to 255.255.255.0, the Default gateway to 192.168.1.1, and the DNS Server to ???????????????.

…

Here's the part where I ask for your help. I have several posts on different websites outlining the current issues I'm struggling with in setting up a domain controller. I've had some of my other questions deleted, down-voted, and I was even told that I'm in way over my head. However, I've gotten this far and I always finish what I started so please keep the negativity to a minimum. If you are not here to help, feel free to read or move on. Otherwise please help me resolve my issues here or on other sites where I posted and I will update the guide here. If you want credit for your answer on a different site simply let me know what answer was yours and I will add the credit at the top of this guide.

If you will help please help with simple, straight-forward steps that are in line with the no-experience-necessary philosophy of this guide. And of course, if anything is incorrect or missing in the guide up to this point please let me know and I will correct it so there is less issues down the road

Current Issues

1. General Access Denied 0x08007005 when I try to create a virtual disk on the Hyper-V Server

http://social.technet.microsoft.com/Forums/en-US/winserverhyperv/thread/910e5945-5980-4319-975d-d9235d636ad5/#14489d3b-5452-4746-bfce-a1f2463709fe

Although I originally though this issue is due to my hard drive encryption, I no longer think that’s the case because I managed to create a VM using Hyper-V Manager on my Windows 8 client that also uses an encrypted hard drive. I now believe this has something to do with my UEFI motherboard.

2. Resolving my subdomain developer.mydomain.com to my server.

http://serverfault.com/questions/443281/configuring-a-domain-controller-for-an-internal-domain-in-windows-server-2012

In that question I attempt to do the configuration manually. But if you follow the comments you’ll see I had problems with the wizard as well.

I don’t know if the warning “The delegation for this DNS server cannot be created because the authoritative parent zone cannot be found or does not run Windows DNS Server" applies to my situation but I’m not able to get very far if I ignore it (not that I’m attributing not getting far to ignoring this warning).

3. When I say in the guide that you should be able to connect to Hyper-V Manager, MMC, and Server Manager at some point.. the truth is, YOU SHOULD BE ABLE TO. However, even after following all the steps for some reason I can ONLY connect in Hyper-V Manager.

MMC gives me this error:

and Server Manager gives me this error:

Preparing the Virtual Desktop Infrastructure Virtual Machines

After you have successfully set up your domain controller, the next few steps will be preparatory for the final VDI configuration. The rest of the configuration will span across 3 servers (that will of course correspond to 3 virtual machines on your Hyper-V Server). Go ahead and follow the exact same steps to create 3 more virtual machines on your Hyper-V Server each with 1024 MB RAM and 32 GB HD. Name them as follows: VDIServerCB, VDIServerVH, and VDIServerWA (corresponding to the Connection Broker, Virtualization Host, and Web Access servers)

>> Somebody please comment on hardware considerations for the initial setup and beyond.

After you have created those 3 virtual machines, go ahead and Start + Connect to each VM to initialize the installation processes and install Windows Server 2012 on each VM. Once you have done that you must join all 3 virtual machines to the domain you created earlier developer.mydomain.com:
 

Join computers to a domain

Start > Right click My Computer > Properties > Under Computer name, domain, and workgroup settings, click Change Settings

In Computer Name tab > Click Change > Select Domain > Enter the NetBIOS name DEVELOPER, of your domain developer.mydomain.com > Click OK > Enter the credentials of the account you created on the domain controller machine earlier.
 

Repeat these steps for each of 3 virtual machines you created.


Next you must configure a static IP address for each virtual machine. Once again you have a GUI to work with so you’ve done this before, simply follow the same steps from “Configure a static IP address on the Windows 8 Client” but using the following settings for each machine:

VDIServerCB  

IP Address: 192.168.1.5   Subnet mask: 255.255.255.0   Default gateway: 192.168.1.1 

DNS Servers: ???

VDIServerVH  

IP Address: 192.168.1.6   Subnet mask: 255.255.255.0   Default gateway: 192.168.1.1 

DNS Servers: ???

VDIServerWA  

IP Address: 192.168.1.7   Subnet mask: 255.255.255.0   Default gateway: 192.168.1.1 

DNS Servers: ???