I'm hoping someone may be able to help me with this as I've been completely unable to figure out why this setup does not work on a Hyper-V guest running Server 2008 r2. I'm in the process of testing some scenarios and have successfully managed to configure TMG 2010 on a physical system but when creating the same setup on a Hyper-V guest, TMG seems to run into serious network issues...
Some details:
Physical system (Server 2008 r2) running Hyper-V and ADDS - single Domain Controller.
- 3 physical NICs
- 1 NIC setup for use by the Physical Server - no problems with Local or Internet connectivity
- 2 NICs allocated to Hyper-V Virtual Network Manager (External Connection Type, unticked "Allow Management OS to share this adapter) ie. dedicated to Hyper-V
- All three NICs are connected directly into the Switch ports on my Router.
Hyper-V Guest (Server 2008 r2 with all updates completed) running TMG2010 configured as edge firewall with following updates installed: SP1, SP1 update 2, SP2.
So on the Guest I have NICs as follows:
- VNIC1 - Renamed External for easy reference in TMG.
- Static IP address and Default Gateway. DNS servers left blank
- VNIC2 - Renamed Internal
- Static IP address, Default Gateway left blank. DNS server has IP for Hyper-V host as it is running the Domain Controller.
Prior to installing TMG 2010 I was able to fully update windows and join the domain without any problems at all (I have uninstalled TMG several times as well and when its not installed, everything works perfectly)
While TMG is installed and running, I have no connectivity to any computer running on the physical network which I am pretty certain is because the TMG is unable to make connections with the Domain Controller/DNS server.
If I enter an alternate DNS server in the IPv4 settings on the VNIC Internal, then I am able to get connection to websites etc. on the WAN.
NS Lookup correctly identifies the IP address for the domain controller but any DNS queries time out - for some reason the connection is being blocked.
Using the TMG control panel logs and reporting. I can see that DNS queries (UDP 53) are being allowed from the TMG Internal NIC to the IP of the Domain Controller/DNS server so it doesn't seem to be the firewall component that is blocking the traffic.
