Using ICS with Hyper-V to work around Realtek NIC problems

Whilst setting up v4 of Microsoft’s  (CIE) environment, we encountered numerous problems whilst using Hyper-V with a Realtek network card. After creating an external virtual network within Hyper-V and selecting the Realtek network adapter, all outbound connectivity ceased. This was not the case with another physical network adapter that we were using (which happened to be an Intel card).

In the end, my colleague  mentioned that could we use Internet Connection Sharing (ICS) as a workaround, noting that this would not be appropriate for production environments and is more commonly used for things like  Depending on how robust ICS proves to be, we will either leave it in place on this CIE host or implement another physical NIC at a later date that supports Hyper-V (removing the requirement to use ICS). I have only previously used the ICS option when attempting to use a  and hadn’t thought of it as a workaround for Hyper-V / NIC compatibility problems.

The Hyper-V host server in this case matched or exceeded the recommended specification provided by Microsoft for a CIE v4 environment:

  • A Core i7-3820 at 3.60 Ghz
  • 64 GB RAM
  • 2 physical network adapters, one Intel (which worked with Hyper-V) and one Realtek (did not work with Hyper-V)
  • Windows Server 2008 R2 SP1 Standard – this is important to note as things are different in Windows Server 2012.
One important point is that this post is only really relevant to people that are attempting to configure a Hyper-V host machine with two physical network adapters in cases where one network card is not playing ball with Hyper-V (both network cards should function properly in all other respects). Otherwise, it’s probably easier to follow the guidance contained within the CIE v4 technical guide and configure two external virtual networks.

CIE network config with Hyper-V and ICS

Although the CIE v4 network configuration is defined at a high level within the CIE technical guide, it doesn’t discuss aspects such as DHCP and DNS configuration which are often required when troubleshooting. Additionally, you might be reading this from a non-CIE perspective so I’ll list out the key details:

  • As mentioned previously, there are two physical network adapters in the Hyper-V host. The Intel adapter will be used to create an external virtual network for CIE clients to connect to, and the Realtek adapter will be used for external Internet connectivity (i.e. not assigned within Hyper-V).
  • “CIE Private Virtual Network” is an external virtual network as it needs to use a physical network adapter (the Intel NIC) to connect to CIE clients such as Windows Phones, laptops and tablets. The name unfortunately gives the false impression that this is a VM-only network with no NIC in the parent partition. The “Allow management operating system to share this network adapter” box is checked (meaning that a virtual NIC is exposed in the host OS) but should not be required.
  • If you have two NICs that are compatible with Hyper-V, “External Network” would in fact be an external virtual network that utilises a physical NIC to connect to the Internet. However, in this specific scenario it is an internal virtual network (meaning it is still exposed in the host OS but does not use a physical NIC). You’ll find out why shortly.
  • Internet Connection Sharing (ICS) is enabled on the Realtek NIC and shared with “External Network”. This means that VMs connected to this virtual network can obtain IP addresses in the 192.168.137.x range via DHCP (this is a black box configured by ICS). As it turns out, only the TMG server is connected to this network.
  • All VMs (with the exception of the TMG server, see below) have one virtual network adapter assigned which is connected to “CIE Private Virtual Network”.
  • The TMG server (CIE server name: CIE-SRV-00) acts as a forward proxy for all other VMs and provides outbound Internet connectivity. It therefore has two NICs assigned – the “CIE Private Virtual Network” and “External Network”. The virtual NIC within the TMG guest OS is configured to obtain an address via DHCP (meaning that it will get a 192.168.137.x address via ICS).
  • The domain controller (CIE server name: CIE-SRV-01) runs a DHCP server (address pool 10.20.10.200 to 10.20.10.250) and DNS server for the contoso.com domain. This will dish out IP addresses to clients that are connected to the “CIE Private Virtual Network” as well as the corresponding virtual NIC that is exposed in the host OS.

The result of this configuration is that guests are able to use the TMG server as a forward proxy to the Internet and CIE clients are able to connect to the appropriate services via the Intel NIC (that works with Hyper-V). Usage of ICS works around the requirement to have two physical NICs configured as external virtual networks.