Troubleshooting Network Isolation
[This documentation is for preview only, and is subject to change in later releases. Blank topics are included as placeholders.]
This topic describes some common problems you might encounter when you work with network-isolated environments and offers some suggestions for solving them.
When you start an environment, the network isolation status becomes Failed or stays Partially ready
Pause and start the environment. If that does not work, shut down and start the environment. Shutting down and restarting the environment will fix most transient errors.
Verify that the agent is installed by opening Windows Services tool in each virtual machine and looking for Visual Studio Team Lab Management Agent Service. Network isolation requires that the Team Lab Management 2010 agent is installed in each virtual machine in the environment.
Shut down the environment, increase the memory allocated to each of the virtual machines, and then start the environment.
If the agent is installed but its status is not Started, then the Team Lab Management agent might not have started in the allocated three-minute duration. This usually occurs when the virtual machine is running several applications or services at start and it has insufficient resources, such as memory or CPU, to be able to start all the services in a timely manner. It is recommended that the total committed memory is not more than 1.5 times the physical memory within the virtual machine. Use the Performance tab under Windows Task Manager to understand the commit peak and limit of your virtual machines.
If the error message says Network agent failed to assign an IP address for a network adapter, this usually means that the network stack for that adapter did not start up properly. Connect to the virtual machine, launch device management, and check the status of network devices. If something is failed, then disable and then enable the device.
You created an environment with domain controller virtual machine. Using the Environment Viewer, you can connect to all the virtual machines except the domain controller virtual machine.
The domain controller virtual machine in a network isolated environment does not have external connectivity. Communication to this virtual machine is possible only from other virtual machines within the environment. However, you usually can get a remote connection to the domain controller virtual machine because the remote connection is routed through the host on which the virtual machine is hosted. This form of connection does not work when the following conditions are true:
You are not the owner of the environment
- or-
You have opened the Environment Viewer on a client machine that has an older operating system, an older client operating system, or an older server operating system. Older operating systems include Windows XP SP2. Older client operating systems include Windows Server 2003.
In these cases, the Environment Viewer uses an RDP-based connection instead of a host-based connection. Without external connectivity, you cannot connect to the domain controller virtual machine. To resolve this issue, try one of the following suggestions:
Log in as the owner of the environment from a machine that is running Windows Vista or Windows 7 clients.
Connect to one of the other virtual machines in the environment. From that other machine, open an RDP connection to the domain controller virtual machine.
You cannot access external network resources from a virtual machine inside a network isolated environment.
For example, you cannot access a network file share on a machine that is outside the environment. To resolve this issue, try one of the following suggestions:
Verify that the network isolation status of the environment is Ready.
Verify that the target network resource is up and accessible by using it from another computer that is not in a network isolated environment.
Use fully qualified domain names when you refer to external computers. Simple NetBIOS names are insufficient.
If your company network uses IP Sec, disable IP Sec on the target computer. To do this, contact your network administrator. IP Sec prevents communication from machines joined to a workgroup or untrusted domain to machines joined to one of your company domains.
You cannot access a virtual machine inside a network isolated environment from an outside computer.
For example, you cannot access a network file share on a machine inside the environment from your desktop. To resolve this issue, try one of the following suggestions:
Verify that the network isolation status of the environment is Ready.
Use the fully qualified external alias name of the virtual machine. Do not use its computer name.
To find the external alias name, use Environment Viewer to connect to the environment, select the virtual machine, and then click System Information.
If the client on which you are accessing the virtual machine is in a different DNS zone than the virtual machine, it might take several minutes for the registration of the alias to propagate through the DNS infrastructure. Wait until the environment is started before you connect. There might also be negative caching of DNS entries at your client or on any of the intermediate machines that are used in DNS resolution. To clear the DNS cache on your client, run the command ipconfig /flushdns as an administrator in a command window.
An attempt to open a Web page hosted on one virtual machine from another using a Web browser fails when you use an internal computer name, although both machines are within the same network isolated environment.
To resolve this issue, try one of the following suggestions:
Verify that the network isolation status of the environment is Ready.
Using a Web proxy causes these failures because the internal names are not known to the proxy server that is outside the environment. To resolve this problem, disable the proxy settings in the Web browser. To do this in Internet Explorer:
On the Tools menu, click Internet Options, click Connections, and then click LAN Settings.
Clear Automatically detect settings.
If you have to enable proxy settings for reaching external sites, enable the proxy setting and update the proxy exception list with hostnames or IP addresses. To do this in Internet Explorer:
On the Tools menu, click Internet Options, click Connections, and then click LAN Settings.
Select Use Proxy Server and then click Advanced.
Add the internal computer name of the Web server virtual machine or its internal IP address to the exception list.
You have followed the instructions to create an environment that includes a domain controller virtual machine. However, you are unable to join the member virtual machines to the local domain.
To resolve this issue, try one of the following suggestions:
Wait for the status to become Ready.
You are trying to join the member machines to the domain when the network isolation status of the environment is still not Ready. As a result, the internal network of the environment is not completely formed. This could prevent communication between the domain controller virtual machine and the domain member virtual machines.
Recreate the domain controller virtual machine from scratch following the instructions and then import it into team project.
You or your administrator might have prepared the domain controller virtual machine and the member virtual machines from the same source. This results in the same system identifier (SID) being used in both the machines. You cannot join a member machine to a domain controller if they have the same SID.
Refer to the Active Directory documentation to verify that all the necessary ports are open.
The firewall settings on domain controller virtual machine might not allow members to join.
When you start a network isolated environment that includes a domain controller virtual machine, some of the services or components of your application do not start correctly.
When an environment is started, all the virtual machines in that environment start simultaneously. It is possible that your domain member virtual machines might start before the domain controller virtual machine. If your application requires the presence of an Active Directory on the network, then there might be failures in your application. To resolve this issue, try one of the following suggestions:
Verify that the network isolation status of the environment is Ready.
Restart the application VMs.
Allocate sufficient resources to the domain controller virtual machine, including memory, CPU, and so on.
When your application is behaving correctly, take a snapshot of the environment. Whenever you clone and start the environment, restore to this snapshot.
You have installed Microsoft SharePoint server within a network isolated environment. However, you cannot access the SharePoint site from outside the environment even when you use the external alias name of the virtual machine in the URL.
Applications such as SharePoint use the URL that you are trying to access to determine access rights and mappings. Therefore, when you form the URL by using the external alias name, you will not be able to open the desired Web pages even though the alias name resolves to the correct virtual machine. To fix this, set alternate access mapping in SharePoint server for external name by following these steps:
Log in to the virtual machine that is running SharePoint server.
Click Start, click All Programs, click Administrative Tools, and then click SharePoint Central Administration.
Click the Operations tab on left pane.
Under Global Configuration, select Alternate Access Mappings.
Click Edit Public URLs.
In the Alternate Access Mapping Collection drop-down list, click Change Alternate Access Mapping Collection.
Click Default Web site. Use this format: https://<hostname>.
On the Internet tab, type the external name. Use this format: https://<external –alias-name>.