Building a Virtual Lab

Throughout this blog I’ll be explaining how to build a Virtual Lab. The technologies ill be using to bring it all together and how to maintain the environment once it has been built.

The technologies may change over a period of time, but there will be new content to go along with those.

Presently I have two Servers Physical servers

Server 1

HP Proliant Micro server


Intel G1610T CPU

Server 2

Is custom built



I have already installed XenServer 7 onto these devices, and assigned static IP addresses. For this Blog ill be assuming you are currently at this point also.



Creating our starting Storage Repository

If you’re like me, you don’t have any shared storage so we need to utilise Windows File sharing in order to get our Virtual environment started.

So firstly, you will need to create a folder on your Desktop, or Laptop where you can store a Windows Server ISO.

You can get the Windows Server 2012 R2 Evaluation ISO from here:


I’ll assume you have an MS account and have downloaded this already. I’ll Also assume, you have access to XenCenter with your XenServer hosts already added. If you need help with either, please let me know.

Right click your ISO Folder and select Properties, change the view to Sharing.


Select Share. Then Share


XenServer will not be able to communicate with your Desktop or Laptop using the Hostname so make sure you have the IP address of you Desktop or Laptop before moving to the next step.

Secondly, In XenCenter, right click your host and select New SR (Storage Repository), Select Windows File Sharing (SMB/CIFS)


Give it a name:


Now put the path to your shared ISO folder as below:


And add the local user account for your desktop/laptop. If this is domain joined make sure you add the domain prefix before the username i.e. WIN\Administrator.

The SR should now show as a storage repository on your Host:


Creating our First VM

So, we have the ISO and we have the Storage repository. So now we are going to create out first VM

Right click a XenServer Host that you have attached the SR to, and Select New VM

Select the template we want to use:


Give the server a name:


Select the installation media:


Place the VM on this server:


Select Next on CPU and Memory as we will adjust this depending on the server role at a later stage, next on GPU also.

Select your active NIC:


Select Finish.

This will then run through the Windows Server 2012 R2 installation.

Once XenServer has created the VM and it appears in the XenCenter console, select the server and change the view to Console.

Running through the VM build selections:



We want to install the Standard Evaluation Server with GUI.


Accept the Licensing Terms and Conditions:


We want to select Custom: Install Windows Only

Select the server Drive, this will become your servers C drive.


Let it run through the installation of Windows


Provide an Administrator account, this is the local administrator.


Eject the ISO from the DVD Drive, so the VM doesn’t try to boot into windows installer again:


And now we have a full functioning first server. This will be used to create our Template Server on the next Blog post.

Converting our VM into a Template

The VM we have just created will act as our server template that we will build our entire environment on. So we first need to run through some basic settings.

Firstly, I like to disable IPV6 then can be done in two ways

Log into the server as the local administrator, right click the Network adapter and select Open Network and Sharing Center.


Select Change Adapter Settings

Right click your NIC and select Properties


This step will need to be completed for each NIC.

Deselect IPV6 and click ok.

The second way to do this, is via the registry. Open powershell and run regedit.

Browse to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ services\ TCPIP6\Parameters

Create a new REG_DWORD (32bit) name is “DisableComponants” and the Value is “FFFFFFFF

It should now look like this:


Once you restart the VM IPV6 will now be disabled.

Next thing we do is enable RDP Access, I’ll assume you know how to do this.

Now we will disable Windows updates and Windows Firewall

Right click the start menu, Control Panel, System Security.

Select Windows Firewall – Currently it is Enabled. For XenApp Lab we really don’t need a firewall to be present in our environment. I may bring in a new post around enabling this via SCCM or GPO. But for now, we will leave it as disabled.

In the left hand pane select – Turn Windows Firewall off and deselect the options for Private and Public network settings.


Select back to Windows Security in the Explore bar, and select Windows updates. This should be disabled but double check that it is currently disabled:


Now we want to install our Hyper-visor Tools, this will allow us full management of the VM from our Hyper-visor. Improved performance and better, monitoring capabilities.

From the Hyper-visor console select the Guest-tools.iso from the drop down, With XenServer these are populated automatically and no manual user intervention is required to make this available.


From the VM click run the Attached device


Let it installconfigxentool

Once it is installed the installer will request a reboot:


From here we want to generalise our server and convert it to a template.

Open powershell, and change the target to the c:\windows\system32\sysprep folder.

Run .\Sysprep which should prompt the following application box:


System Clean up Action is OOBE, we want to Generalize and want the VM to shut down so we can create the template. Once those have been selected click ok.

Once that Sysprep has completed he VM will shutdown. From here we want to go back to the Hypervisor and select our device, right click and Convert to Template.


This will now create a template on the XenServer Console, it will look like this:


If like me you don’t have shared storage, you can export this template as an .xva file and store it on your Desktop/laptop, then on the other XenServer Hosts you can import the file in as a template.

You can see the process in the XenConsole Event Logs:


And that is it, our template has been created ready for use.

Building our First Server – the DC

Now we are going to build our first Server. This will be our Domain controller.
Remember the amount of time it took to build the first one? Now we have our Template it will take a fraction of the time. So first we need to go to our Hyper-visor console, and right click our Template. Select New VM Wizard:



Ensure the “Template” is our template.



Give it a name:


Assign some Resources, I’ve found 4GB of RAM and 2CPUs ensure smooth performance. But if you are going to use this for anything else then adjust for that.



Select an Active NIC, this can be adjusted later if required:


Once that has finished you should get to the Windows Settings configuration. Select the options that apply to yourself:


Accept terms and conditions

Give your local admin account a password, I’d make sure it is secure.


Once you get to the CTRL + ATL + DEL screen, Login to the machine.

First thing we want to do is assign a static IP address


Change the Name of our VM:


When prompted Restart the machine

Verify IP in XenConsole:



Once the server has rebooted, and has picked up the assign Static IP, go to Server Manager and select Manage, Add Roles and Features.


Next on before we being page, then Role-based or feature-based installation:


Select the Server in question


Now we want to Add Server Role.

We want to add:

Active Directory Domain Services



Select Next, Ensure .NET Framework 4.5 is select and GPO, leave the defaults.


Run through adding configuration of those roles and Features for our Domain controller.



Once it has completed please reboot the machine:

Creating our Domain, and configuring DHCP and DNS

Once our server has rebooted with the roles and features added, we need to then configure them.

Firstly open Server Manger, select the Warning sign, and then “Promote this Server to a domain controller”


We will be running through creating our Domain and Domain controller.

Select “Add a new Forest”

Then give our Domain a root name.


Type in a DSRM Password. Directory Service Restore Mode is a safe boot mode for Domain Controllers.  This allows an administrator to repair or recover to repair an Active Directory DB.


Skip over the DNS option.

NetBIOS name for our domain, I shortened Windows.Local to just WIN.


The config will run through a list of pre reqs.


Select next, then the configuration will run through the installation, once it has installed the server will reboot.

Now we have a Domain Controller and a Domain.

Make sure you log into the server as your domain admin, the account you created the domain with, will be elevated to domain administrators. So, log in with our Domain suffix


Your local admin password.

Next Let’s set up our DHCP.

Select Server Manager and then Complete DHCP configuration



Make sure the administrator is in the DHCP Admin and DHCP Users groups. You can do this from Active Directory for Users and Computers.



The configuration will then run through authorising the DC and finish setting up the role.


Now we need to create a new scope.

Go back to the Server Manager and select DHCP


Expand our authorised server:


Right Click > new scope. Give it a Name


If you wanted to go down the road of segmenting your Network into different Scopes go ahead, I’m just going to create a standard one for now.


Add in your IP address range


Select Next, then we need to add in any Exclusions we have.

The DC will automatically be within this Exclusion scope, but we are going to add our Default gateway and XenServer Hosts also. If there is anything else on your network like shared file storage devices, wifi extenders, sky boxes, etc. Add them in here, I’m going to leave this like that, the devices on my network don’t require static IPs. So, everything else I want DHCP to assign the IP address to.


Next on lease time

We want to configure the Scope potions now:

Ensure your default gateway is correct


DNS Server is correct


Skip WINS Server, as it is not required.





Yes, lets activate the scope now.


Then finish

DHCP should now be registered and handing out IP address on your network. Further configuration may be required here as your router usually is set to hand out IP addresses, this feature can usually be disabled.




The only thing we need to do right now is to make sure the DNS Reverse lookup zone is created. So open DNS, Expand the DC. Right click Reverse Lookup Zone, select New Zone



Select the Zone type as Primary


Select All DNS Servers running on Domain controllers in this Domain


Select IPv4 Reverse Look up Zone


Put in your network ID, as it says this is the portion of the IP Address that belongs to this zone. As we have one primary of then that is what we put, obviously if you were using then 10.1.0 wold go there.


We won’t be using this feature but select Allow Only Secure dynamic updates.


Let is configure and complete.


Now we should have our DC within the reverse lookup Zone.



Next we want to update the Default Domain Policy and disable the Windows Firewall:

Open the Group Policy Management Console, Select the Default Domain Policy:


Right click and select Edit. Browse to Computer Management, Policies, Windows Settings, Security settings, Windows Firewall and Advanced Security. 


Right Click and Edit the setting. Then turn the firewall state for each profile off:







We should now have set up our Domain, with a Domain Controller. Configured DHCP and DNS ready to progress the implementation of our environment.


AD Structure and Security Groups

The small stuff!

I was going to leave this bit out, or go over it briefly but we may as well cover it in its entirety. While creating our Lab we could have gone down the route of using one administrator account to install everything, or Bind LDAP Policies, or use as our SQL Service account, the list goes on. For someone who is new to this, I’d image that is what they would do, I mean I did do it also. As we are a little bit wiser and know a bit better, we can go down the route of replicating how a Customers Environment may look and feel, although I still see administrator accounts used as service accounts in live environments to this day!

RDP to our DC, open up Active Directory Users and Computers.

We want to create our own Organisation Unit (OU) and possibly some additional OUs to split up the environment and keep things looking nice a clean. This is how i have designed mine:


So we have a location for our Security groups, and application groups. Our infrastructure servers, either production like  our DC, or a maintenance Server, Our PVS Maintenance image. Then we have Service accounts, standard user accounts and lastly administrator accounts. So when trying to find something, or if someone else is trying to find something they are able to without breaking a sweat 🙂

So start with a standard domain user:


An Administrator user:


Here is a small collection of Security Groups you will need. We will add more later but for now lets get these created. Use your own naming convention if you wish:


Add our new Administrator user to the groups also add him to the Domain Administrators group and these:


Lastly we want to create out Service Accounts. I’ve gone for 3 for now, we will add more as and when we need them:


Add the generic groups to those users for PVS and SQL. We will be using the adsvc account to bind our LDAP policy to our domain on the netscaler. But that is much later down the road.

This is pretty much it, let me know if you have any questions regarding the information in this post.


Creating our File Server

The next server we are going to be building is our File server. This will provide shared storage for our Environment. From Shared drives, to home profiles, and much more.


So, run through the same build from template process we did when creating our Domain Controller instead obviously call the server something else.


Assign the required resources to the VM.


At this point we want to make sure our VM has the required drives. This can be done after it is built, but I’m going to do it now.

I’ve created 2 50GB drives and a 100GB drive.


Share drive – 50GB

Home drive – 50GB

ISO drive – 100GB

Run through the sysprep build settings with your desired configurations.

Next we want to Rename the VM.

Reboot when prompted.

Now we want to join the machine to the domain: Use the full domain name. You can use the NetBIOS Domain name if required.


Often I get an error saying there are no DCs available, or cannot be contacted:


This is because the VM has a router assigned the IP address and the VM is using the router/default gateway for DNS, and obviously, the Router doesn’t have our named server records. So, if you didn’t disable DHCP on your router we will need to manually point the VM to the DC.

You need to set your VM NIC to the DNS server.


Now try to join the VM to the Domain. It should now join


Reboot again when prompted.


We need to assign an IP to the File server now, this can be done prior to joining the domain, so we need to set up DHCP and DNS records for this server. So, if you go to the Network tab on Xenconsole:


Copy the MAC address of the vNIC

Go to your domain controller, open DHCP, expand the domain, IPv4, and our Scope, right click on Reservations and New.


Open up DNS Manager, Expand the DC, Forward Lookup Zones, Domain Name, Right click and add New Host (A or AAAA record). Add the server host name and IP address, ensure PTR record is selected.


Reboot again

The vNIC in XenConsole should show our IP address we assigned.


Now we have our VM with a static IP assigned in DHCP, you can check DHCP to ensure it has been assigned. Go to the DHCP console and check Addresses Leased – Should show as active.


So now we want to format the drives we added earlier:

Right click the start menu, and select Disk Management.



The VM should show there are 3 disks that require initializing. Select OK.


Select each disk and right click “New Simple Volume”


Select Next

Confirm the amount you want to create from the available storage.


Select which Drive letter you wish it to have:


Give a name:


Next and completed, the drive should then turn Blue in the Disk management console, after a quick format.

Complete the same for the next two drives

If you are not able to remember which drives are what, you can look back at the XenConsole under Storage and it will tell you what position the drives fall.


They should now appear in Disk Management as below:


New ISO Shared Drive

Creating our primary ISO Share drive.

So now we have our File server, with a nice big chunk of space. First think you want to do it RDP to the server, or Console to it. Browse to the ISO drive locally, and create a new folder. I’ve called mine ISOs, yup original.

Once you have created the folder, right click it and go to Properties. Change the view to Sharing.

Select Share….

Add in “Everyone” with Read/write permissions


Press share

You should have “Your folder is shared”

Now select Advanced Sharing and select Caching

Ensure you select “No files or programs from the share drive are available offline”


Now go into Security, Add in Domain Administrators, or if you want a File share administrator group add that. Give it Full Control. Select Everyone, deselect Full control.


Ok that.

Now select Advanced.

Select Everyone, Edit.

Change Applies to “This folder Only”.


Ok that. You change the owner of the folder to domain admins, or your own File Server Administrator group

To finish off, go to Server manager > File and Storage Services > Shares > Right click the share and go to Properties. Select settings and ensure Enable Access-based -enumeration is selected.access-based

You now have a new ISO repository. From your laptop/desktop where the ISOs were before, browse to your new repository using the IP address, i take the laptop or desktop aren’t domain joined. So in Explorer browse to \\ISOs. It may require authentication so use your domain administrator. Then copy all the ISOs you have into the new repository.

From XenConsole we need to then add the new repository and forget the old one.

You know how to add a repository, so follow the same process, except using the domain administrator for credentials. To forget a Repository you need to Right click the old Temp ISO store, Select Detach. Once it shows as detached, you can right click and Forget. This will remove it from our Console. If you do not get the detach when right clicking, it means one of the media files is being held open on one of the VMs, just browse each VM and remove anything that is in the DVD drives for them.


Building our SQL server and SCCM SQL Instance

So now we are going to create and SQL server, this will also be our SCCM server further down the road.

So, follow the same process we used to create the File server and create an SQL server.

Add two additional drives for SQL DBs and SCCM packages, and MS Updates.

So, when you have done all that, let’s get installing SQL.

Firstly, if you do not have SQL Server 2012 you can get it from here:

Eval version

SP 2

Once installed and placed into your ISO folder and you have attached the new ISO folder to your XenConsole you can then place the SQL ISO into the DVD Drive.


Run the setup file

Select Installation

New SQL Server Stand-alone installation or add features to an Existing installation

We are going to get our SQL server ready for SCCM at the same time.

Setting up Support Rules:


Select Evaluation:


Accept licensing terms.

Select any Product updates:


Let the Install Setup complete:


You can ignore the Firewall warning:


Under Setup Roles, select SQL Server Feature Installation:


Select the required Instance Features:


Allow Installation Rules to complete its check:


Give the instance a name, or leave as default:


This will set our Citrix Instance as the default DB Instance, if you don’t want it to be default, selected Named Instance and change it to something more personal.

We want to point our DB to the additional Drive we created earlier. So select Instance Root Directory, and select the folder structure you created on your additional drive. Or choose the local folder location if you wish. I have placed the SQL DB Directory into the E drive where i wanted to store them.

Disk space check:


Change the standard SQL service accounts for the service account we created earlier, and change the startup service type to automatic for SQL Server Agent.


Add some security accounts, these should be the SQL-Admin group we created earlier, your current admin account and the service account.


Check the Data directories screen to ensure they are going to where you want them to go…


Do the same for analysis Services Configuration:


for Reporting Services Configuration we will do an install only:


Ignore the error reporting. unless you want it.

Let it run through the install:


It should now be completed:


Our SQL Instance is now installed.

SCCM Instance

If you are going to be running through an SCCM install with me then we are going to install another SQL Instance. If not, then please skip to the next blog post.

So from the installer menu, we are going to select New SQL stand-alone installation.


Ensure Perform a new installation of SQL Server 2012 is selected.


Select Evaluation for Product Key, and Accept the Licensing Terms.

Select Server Feature installation, add the same roles as we did before:


Move onto the Instance Configuration Page.

Change the name to WINSCCM, or whatever you want it to be called.

Change the DB directory to the already made folder structure we created on our additional attached drive.


Ensure Disk Space requirement is completed


Again change the service accounts to one we created earlier. Change Startup process to Automatic for SQL Server Agent.


Now select the TAB for Collation.

Change the Database Engine Collation to SQL_Latin1_General_CP1_CI_AS


OK that, and select Next. Add in your current user, and the SQL service account and Administrator groups. Select Next again.

Do the same for Analysis Service Configuration.

Under reporting services Configuration, just select Install.

Either opt in or out of error reporting.

Progress to install the new Instance. The second instance should now complete.