7/16/2019 MSL TMG1 SetupGuide
http://slidepdf.com/reader/full/msl-tmg1-setupguide 1/25
MSL-TMG1 Gateway Virtual Machine
Microsoft® Hyper-V® Classroom SetupGuide
Contents
Forefront Threat Management Gateway VM 1 Introducing Microsoft Hyper-V 1 Setup Overview 2 Classroom Requirements 2
Hardware 3 Software 3
Classroom Configuration 3 Instructor Computer Checklist 5 Instructor Computer Setup 6
1. Add the Hyper-V Server Role 7 2. Create Private and External Virtual Networks 7 3. Install MSL-TMG1 virtual machine 7 4. Create a Setup Share 9 5. Copy the Virtual Machine Files to the Student Computer 9 6. Run the VM-Pre-Import script 10 7. Import the MSL-TMG1 Virtual Machine on the
Instructor Computer 10 8. Configure the MSL-TMG1 Virtual Machine on the
Instructor Computer 10 Enable the Web Access Rule 10
Apply All Windows Updates 11 Ensure Malware Definitions Are Updated 11
9. Configure and Verify Internet Connectivity for Internal Virtual Machines 11 Verify That the TMG-VM Has Internet Connectivity 12
7/16/2019 MSL TMG1 SetupGuide
http://slidepdf.com/reader/full/msl-tmg1-setupguide 2/25
Verifying Internet Connectivity from the Virtual Machines 12 Optional Procedure If an Internet Proxy Server Is Usedon the Network 15 Optional Procedure If DNS Resolution Is Restrictedto Certain DNS Servers on Your Network 15
Student Computer Checklist 17 Student Computer Setup 18
1. Install the Hyper-V Server Role 18 2. Install the Base Image / Virtual Machine Files 18
Appendix A 19 Appendix B 20
Supporting Virtual Server and Virtual PC Labs onHyper-V Classroom Computers 20
7/16/2019 MSL TMG1 SetupGuide
http://slidepdf.com/reader/full/msl-tmg1-setupguide 3/25
Information in this document, including URL and other Internet Web site
references, is subject to change without notice. Unless otherwise noted, the
example companies, organizations, products, domain names, e-mail addresses,
logos, people, places, and events depicted herein are fictitious, and no
association with any real company, organization, product, domain name, e-mail
address, logo, person, place or event is intended or should be inferred.
Complying with all applicable copyright laws is the responsibility of the user.
Without limiting the rights under copyright, no part of this document may be
reproduced, stored in or introduced into a retrieval system, or transmitted in any
form or by any means (electronic, mechanical, photocopying, recording, or
otherwise), or for any purpose, without the express written permission of
Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other
intellectual property rights covering subject matter in this document. Except as
expressly provided in any written license agreement from Microsoft, the
furnishing of this document does not give you any license to these patents,
trademarks, copyrights, or other intellectual property.
The names of manufacturers, products, or URLs are provided for informational
purposes only and Microsoft makes no representations and warranties, either
expressed, implied, or statutory, regarding these manufacturers or the use of the
products with any Microsoft technologies. The inclusion of a manufacturer or
product does not imply endorsement of Microsoft of the manufacturer or product.
Links may be provided to third party sites. Such sites are not under the control of
Microsoft and Microsoft is not responsible for the contents of any linked site or
any link contained in a linked site, or any changes or updates to such sites.
Microsoft is not responsible for webcasting or any other form of transmission
received from any linked site. Microsoft is providing these links to you only as a
convenience, and the inclusion of any link does not imply endorsement of
Microsoft of the site or the products contained therein.
© 2011 Microsoft Corporation. All rights reserved.
Microsoft and the trademarks listed at http://www.microsoft.com/about/legal/en
/us/IntellectualProperty/Trademarks/EN-US.aspx are trademarks of the Microsoft
group of companies. All other trademarks are property of their respective owners.
Version 1.2
7/16/2019 MSL TMG1 SetupGuide
http://slidepdf.com/reader/full/msl-tmg1-setupguide 4/25
7/16/2019 MSL TMG1 SetupGuide
http://slidepdf.com/reader/full/msl-tmg1-setupguide 5/25
MSL-TMG1 Gateway Virtual Machine 1
Forefront Threat Management Gateway VM
Several Microsoft Learning requires Internet connectivity for some or all of the labs. To
provide a more secure connection to the Internet, Microsoft Learning has created a VM
that is running Forefront Threat Management Gateway (TMG VM). You will need todownload and install the TMG VM on each host computer as part of classroom setup.
The TMG VM is configured as a secure gateway for Internet access. The TMG VM is
configured with two virtual networks, External Network and Private Network. The
Private Network is the network that all lab VMs are connected to. The External Network
is attached to the network adapter on the host computer, which provides access to the
network that the host machine is attached to, and ultimately access to the Internet. Each
computer in the lab VMs will be configured with the TMG VM as the default gateway.
The TMG VM will be configured with a web access rule that will enable the VMs on the
Private Network to access the Internet. To ensure that the environment is secure, this rule
is disabled by default, and must be enabled as part of classroom setup.
Introducing Microsoft Hyper-V
Important Note: This setup requires Windows Server 2008 R2 SP1 Hyper-V. Tofacilitate importing virtual machines in to your Hyper-V server, you must run the VM-Pre-Import scripts which will create symbolic links to the Base/Middle-Tier images inthe C:\Program Files\Microsoft Learning\MSL-GW\MSL-TMG1\Virtual HardDisks\ folder.
This learning product is developed using Microsoft® Hyper-V® running on Windows
Server® 2008 R2 SP1. Hyper-V is a virtualization technology that allows a single
computer to act as a host for one or more virtual machines. The virtual machines use a set
of virtual devices that might or might not map to the physical hardware of the host
computer.
The software that is installed onto the virtual machine is unmodified, full-version, retail
software that operates exactly as it does when it is installed onto physical hardware.
The following definitions will help you with the remainder of this document:
• Hyper-V: Hyper-V is a server application that enables users to run a broad range of
operating systems simultaneously on a single physical server. Hyper-V is included
with some versions of Windows Server 2008 R2 SP1 and other versions of Windows
Server.
• Host Computer: The physical computer onto which an operating system and the
Hyper-V server role have been installed.
7/16/2019 MSL TMG1 SetupGuide
http://slidepdf.com/reader/full/msl-tmg1-setupguide 6/25
2 MSL-TMG1 Gateway Virtual Machine
• Host Operating System: The operating system that is running on the physical
computer. Windows Server 2008 R2 SP1 is the supported operating system for this
learning product
• Virtual Machine: The computer that is running inside Hyper-V. In this document,
“Hyper-V” refers to the application running on the host, while “virtual machine”
refers to the guest operating system and any software that is running inside the
Hyper-V application.
• Guest Operating System: The operating system that is running inside the virtual
machine.
Note: To access the Windows Security dialog box for a guest operating system,press CTRL+ALT+END. Pressing CTRL+ALT+DELETE while working with a virtualmachine will display the Windows Security dialog box for the host operatingsystem. To close the dialog box, press ESC. Other than this difference, software ona virtual machine behaves as it would behave on a physical computer.
The setup instructions that you will follow as part of this classroom setup guide configure
Hyper-V and the Virtual Machines that run on the host. Changing any of the
configuration settings may render the labs for this learning product unusable.
Note: Some legacy courseware from Microsoft Learning requires Virtual Server or Virtual PC. If your classroom computers require running Virtual Server or VirtualPC as well as Hyper-V, please see Supporting Virtual Server and Virtual PC labson Hyper-V Classroom Computers in Appendix B.
Setup OverviewThe host computers must be set up with a 64 bit version of Windows Server 2008 R2
SP1and must be running on 64 bit hardware. For more information on the supported
hardware for Hyper-V, please see the follow web site: http://www.microsoft.com/hyper-v.
The setup procedures below assume that the host computers can communicate with each
other for setup purposes. You should note the administrator’s user name and password for
the host computers and provide this information to the instructor.
Classroom Requirements
This learning product requires a classroom with a minimum of one computer for the
instructor and one for each student. Refer to the specific course setup guide for classroom
requirements for the course. Before class begins, use the following information and
instructions to install and configure the MSL-TMG1 VM.
7/16/2019 MSL TMG1 SetupGuide
http://slidepdf.com/reader/full/msl-tmg1-setupguide 7/25
MSL-TMG1 Gateway Virtual Machine 3
HardwareThe classroom computers require the following hardware and software configuration.
Hardware Level 6
•
Intel Virtualization Technology (Intel VT) or AMD Virtualization (AMD-V) processor
• Dual 120 GB hard disks 7200 RM SATA or better*
• 4 GB RAM expandable to 8GB or higher
• DVD drive
• Network adapter
• Super VGA (SVGA) 17-inch monitor
• Microsoft Mouse or compatible pointing device
• Sound card with amplified speakers
*Striped
In addition, the instructor computer must be connected to a projection display device that
supports SVGA 1024 x 768 pixels, 16 bit colors.
SoftwarePlease note that, unless otherwise indicated, this software is not included in the Trainer
Materials disc. This learning product was developed and tested on supported Microsoft
software, which is required for the classroom computers.
Classroom ConfigurationWhen the MSL-TMG1 VM is included in the classroom setup, the MSL-TMG1 VM
provides a secure gateway for the other virtual machines running on the host machine to
the Internet. The other virtual machines must use the MSL-TMG1 VM as their default
gateway so that they can connect to the MSL-TMG1 VM for Internet connectivity.
After completing the classroom setup for the MSL-TMG1 VM, return to the course
specific classroom setup guide.
7/16/2019 MSL TMG1 SetupGuide
http://slidepdf.com/reader/full/msl-tmg1-setupguide 8/25
4 MSL-TMG1 Gateway Virtual Machine
The following diagram illustrates the virtual machine configuration if the MSL-TMG1
VM is deployed.
Estimated Time to Set up the Classroom: 60 Minutes
7/16/2019 MSL TMG1 SetupGuide
http://slidepdf.com/reader/full/msl-tmg1-setupguide 9/25
MSL-TMG1 Gateway Virtual Machine 5
Instructor Computer Checklist
1. Add the Hyper-V Server Role
2. Create Private and External Virtual Networks
3. Install MSL-TMG1 virtual machine
4. Create a Setup Share
5. Copy the Virtual Machine Files to the Student Computer
6. Run the VM-Pre-Import script
7. Import the MSL-TMG1 Virtual Machine on the Instructor Computer
8. Configure the MSL-TMG1 Virtual Machine on the Instructor Computer
9. Configure and Verify Internet Connectivity for Internal Virtual Machines
7/16/2019 MSL TMG1 SetupGuide
http://slidepdf.com/reader/full/msl-tmg1-setupguide 10/25
6 MSL-TMG1 Gateway Virtual Machine
Instructor Computer Setup
Use the instructions in the following section to set up the classroom manually. Before
starting the installation of the instructor computer, Windows Server 2008 R2 SP1 must be
installed on the computer.
Important: The operating systems installed on the virtual machines in this learningproduct have not been activated. Rearm has been run at the end of development,and the OS in the virtual machine will be in a grace state.
This grace state lasts for 30 days for the client and 60 days for the server. If youkeep these virtual machines running longer than this, you will either have to runrearm or activate the virtual machines using your own keys.
If the operating system has not retained this state, you may have time to run theclass before activation is required. Otherwise you can rearm the operating systemby running slmgr –rearm at the Administrative command prompt. If no additionalrearms are available, then the virtual machine will go in to “notification mode” but
will still provide full functionality. You will just have to close the initial messagesabout activation.
You may be prompted to restart the computer when the VM is started for the firsttime. This is because of the hardware differences on the Host computer. You can
just click Restart Later to close the message.
7/16/2019 MSL TMG1 SetupGuide
http://slidepdf.com/reader/full/msl-tmg1-setupguide 11/25
MSL-TMG1 Gateway Virtual Machine 7
1. Add the Hyper-V Server RoleIn this task, you will add the Hyper-V server role on the Windows Server 2008 R2 SP1
host computer.
Important: If the Hyper-V role is already added, you can skip this procedure.
1. On the host computer, click Start, point to Administrative Tools, and click Server
Manager.
2. In the Server Manager console, click Roles. In the details pane, click Add Roles.
3. On the Before You Begin page, click Next.
4. On the Select Server Roles page, select the Hyper-V check box and click Next.
5. On the Hyper-V page, click Next.
6. On the Create Virtual Networks page, select the Local Area Connection check
box, and click Next.
7. On the Confirm Installation Selections page, click Install. When prompted to
restart the computer, click Restart now.
8. After the server restarts, logon using administrator credentials. When the installation
finishes, click Close.
2. Create Private and External Virtual NetworksThis section lists the networks created for this learning product. If you already have
Private and External virtual networks created, this procedure can be skipped.
1. On the host machine, click Start, point to Administrative Tools, and click Hyper-V.
2. In the Hyper-V Manager console, click Virtual Network Manager.
3. In the center pane, click Private, and click Add.
4. In the Name field, type Private Network , click OK .
5. Repeat the above steps to create an External network named External Network .
3. Install MSL-TMG1 virtual machineThe MSL-TMG1 VM can be downloaded from the MCT Download Center in the
Base Virtual Hard Disks – Mid-Tiers (ENGLISH) folder. The TMG VM requiresBase11A-WS08R2SP1.VHD which is also available on the DLC in the Base Virtual
Hard Disks (ENGLISH) folder.
7/16/2019 MSL TMG1 SetupGuide
http://slidepdf.com/reader/full/msl-tmg1-setupguide 12/25
8 MSL-TMG1 Gateway Virtual Machine
Extract the Base Images:
Note: If Base11A-WS08R2SP1.VHD is already installed on the host computer, thisprocedure can be skipped.
1. From the source files location, double-click Base11A-WS08R2SP1.part01.exe.
2. In the Official Microsoft Learning Products End-User License Agreement window,
click Accept to indicate that you accept the terms in the license agreement.
3. In the WinRAR self-extracting archive window, in the Destination folder text box,
ensure that C:\Program Files\Microsoft Learning\Base is listed, and then click
Install. Please wait while the base virtual hard disk file is extracted. This might take
a few minutes.
Extract the MSL TMG1 Virtual Machines: (if required for disk space, you can extract
the VM to a different drive as long as the Base and the Middle-Tier images are located in
the default path)
1. From the source files location, double-click MSL-TMG1.part01.exe.
2. In the Official Microsoft Learning Products End-User License Agreement window,
click Accept to indicate that you accept the terms in the license agreement.
3. In the WinRAR self-extracting archive window, in the Destination folder text box,
ensure that C:\Program Files\Microsoft Learning\ is listed, and then click Install.
Please wait while the virtual machine is extracted. This might take a few minutes.
Note: After completing the extraction of all of the files, you should have thefollowing files installed:
File In Folder
Base11A-WS08R2SP1.vhd C:\Program Files\Microsoft Learning\Base
MT11-MSL-TMG1.vhd C:\Program Files\Microsoft Learning\Base\Drives
MT11-MSL-TMG1-Diff.vhdC:\Program Files\Microsoft Learning
\MSL-GW\MSL-TMG1\Virtual Disks
VM-Pre-Import-MSL-TMG1-.bat C:\Program Files\Microsoft Learning
\MSL-GW\MSL-TMG1
Config.xml C:\Program Files\Microsoft Learning
\MSL-GW\MSL-TMG1
069072AD-F5E1-4394-B38A-
80EDA4A0DF99.exp
C:\Program Files\Microsoft Learning
\MSL-GW\MSL-TMG1\Virtual Machines
7/16/2019 MSL TMG1 SetupGuide
http://slidepdf.com/reader/full/msl-tmg1-setupguide 13/25
MSL-TMG1 Gateway Virtual Machine 9
4. Create a Setup ShareIn this task, you will share virtual machine files for copying to student computers.
1. Share the C:\Program Files\Microsoft Learning\Base folder using a share name of
Base_Drives.
2. Share the C:\Program Files\Microsoft Learning\MSL-GW folder using a share name
of MSL-GW.
Note: For information on how to set up a share in Windows Server 2008 R2 SP1,see the topic “Share a Resource” in Windows Help and Support.
5. Copy the Virtual Machine Files to the StudentComputer
Note: you must perform the file copy prior to importing the virtual machines. Onceyou import the virtual machines, you will not be able to import them again.
1. From the student computer, copy Base11A-WS08R2SP1.VHD from the Base_Drives
share on the instructor computer to C:\Program Files\Microsoft Learning\Base.
2. From the student computer, copy MT11-MSL-TMG1.VHD from the Drives folder
in the Base_Drives share on the instructor computer to C:\Program Files\Microsoft
Learning\Base\Drives.
3. Copy all of the files from the MSL-GW share on the instructor computer to
C:\Program Files\Microsoft Learning\MSL-GW.
Note: Ensure that all files are copied.
1. C:\Program Files\Microsoft Learning\MSL-GW and all included folders and files
2. C:\Program Files\Microsoft Learning\Base\Base11A-WS08R2SP1.VHD
3. C:\Program Files\Microsoft Learning\Base\Drives\MT11-MSL-TMG1.VHD
4. Ensure that you have copied the files using a permission retaining softwaresuch as RoboCopy or XCopy.
5. Check that all permissions have been retained, by looking at the directoriesabove and making sure they are not Read Only.
7/16/2019 MSL TMG1 SetupGuide
http://slidepdf.com/reader/full/msl-tmg1-setupguide 14/25
10 MSL-TMG1 Gateway Virtual Machine
6. Run the VM-Pre-Import scriptIn this task, you will run the VM-Pre-Import-MSL-TMG1.bat file. This script will create
links in the import folder to the Mid-Tier images necessary for importing each VM.
1. Double-click C:\Program Files\Microsoft Learning\MSL-GW\MSL-TMG1\VM-Pre-
Import-MSL-TMG1.bat (root of the virtual machine import folder).
2. Verify the links are created in the appropriate C:\Program Files\Microsoft
Learning\MSL-GW\MSL-TMG1\Virtual Hard Disks\ folders.
7. Import the MSL-TMG1 Virtual Machine on theInstructor Computer
1. On the Instructor computer, on the host machine, click Start, point to
Administrative Tools, and click Hyper-V Manager.
2. In the Actions pane, click Import Virtual Machine.
3. In the Import Virtual Machine dialog box, click Browse. Browse to C:\Program
Files\Microsoft Learning\MSL-GW\MSL-TMG1, and then click Select Folder.
4. Click Import.
8. Configure the MSL-TMG1 Virtual Machine on theInstructor Computer
Enable the Web Access Rule
Note: Enabling the Web Access rule on the TMG VM will allow VMs on the PrivateNetwork to access the Internet.
1. Log on to the MSL-TMG1 VM as Administrator, password Pa$$word.
2. Click Start, All Programs, Microsoft Forefront TMG, click Forefront TMG
Management.
3. In the left panel, expand Forefront TMG (MSL-TMG1) and then click Firewall
Policy.
4. Right-click the Allow Web Access for All Users rule, and click Enable.
5. Click Apply twice, and then click OK .
Note: In order to complete the next two tasks, the virtual machine must beconnected to the Internet. You may need to use the steps listed in the followingsection “Configure and Verify Internet Connectivity for Internal Virtual Machines” toconnect the virtual machine to the Internet.
7/16/2019 MSL TMG1 SetupGuide
http://slidepdf.com/reader/full/msl-tmg1-setupguide 15/25
MSL-TMG1 Gateway Virtual Machine 11
Apply All Windows Updates
Note: You should apply all available updates from Windows Update to ensure thatthe virtual machine is as secure as possible. If you cannot connect to WindowsUpdate after enabling the web access rule, see the next section for suggestions on
how to enable Internet access on the TMG server.
1. Click Start, All Programs, click Windows Update.
2. Click Check for Updates.
3. If any available updates are listed, click Install Updates. Wait for the updates to
install. If required, restart the computer.
Ensure Malware Definitions Are Updated
Note: TMG is configured to check for updates every 15 minutes. Follow thisprocedure to ensure that the latest updates have been downloaded on MSL-TMG1.
1. Log on to the MSL-TMG1 VM as Administrator, with the password of Pa$$w0rd.
2. Click Start, All Programs, Microsoft Forefront TMG, click Forefront TMG
Management
3. Click Update Center.
4. In the middle pane, right-click Malware Inspection and, click Check for and
Install New Definitions. Click OK .
5. In the middle pane, right-click Network Inspection System and, click Check forand Install New Definitions. Click OK .
6. Verify that the Last Update Status column for both options is listed as Up to date.
9. Configure and Verify Internet Connectivity for Internal Virtual Machines
Before configuring Internet connectivity for the virtual machines, you need to understand
the network configuration and Internet access requirements for the training center.
Organizations can have many different configurations, and you may need to use one or
more of the following procedures to ensure that the TMG server and the other virtual
machines on the host machine have Internet connectivity.
7/16/2019 MSL TMG1 SetupGuide
http://slidepdf.com/reader/full/msl-tmg1-setupguide 16/25
12 MSL-TMG1 Gateway Virtual Machine
Verify That the TMG-VM Has Internet Connectivity
Note: By default, the MSL-TMG1 virtual machine is configured to use DHCP toobtain an IP address configuration for the network adapter that is connected to theexternal network. If the training center is using DHCP to assign IP address
configurations that enable Internet connectivity, the MSL-TMG1 VM should haveInternet connectivity. Use the following steps to verify and, if required, configureInternet connectivity.
1. Log on to the MSL-TMG1 VM as Administrator, password Pa$$w0rd.
2. Open Internet Explorer and attempt to connect to www.bing.com. If the connection
succeeds, you can continue with verifying Internet connectivity on the other virtual
servers.
3. If you cannot connect to the Internet, you may need to assign a static IP address
configuration for the MSL-TMG1 VM. This will be the case if the training center
requires static IP addresses for all computers that require Internet connectivity.Request a static IP address for each TMG-VM that you are deploying and configure
the virtual machine using the following steps:
a. Open Server Manager on MSL-TMG1.
b. Click View Network Connections.
c. Right-click the Public network connection and click Properties.
d. Click Internet Protocol Version 4 (TCP/IPv4), and click Properties.
e. Configure the appropriate IP address, Subnet mask , Default gateway, and
Preferred DNS server.
f. Click OK , and then click Close.
g. Test Internet connectivity again using step 2 above.
4. If you cannot connect to the Internet, and the training center does not require static IP
addresses, but does use a proxy server for Internet access, you may need to configure
a Web Chaining rule. See the “Optional Procedure if an Internet Proxy Server is used
on the network” section below.
Verifying Internet Connectivity from the Virtual Machines
If the MSL-TMG1 VM has Internet connectivity, the next step is to verify that the virtualmachines have Internet connectivity. To do this, use the following procedure:
1. Log on to the virtual machine using appropriate credentials.
2. Open Internet Explorer and attempt to connect to www.bing.com. If the connection
succeeds, repeat this step on all other virtual machines that require Internet access.
7/16/2019 MSL TMG1 SetupGuide
http://slidepdf.com/reader/full/msl-tmg1-setupguide 17/25
MSL-TMG1 Gateway Virtual Machine 13
3. If you cannot connect to the Internet, you may need to reconfigure the network
configuration for the MSL-TMG1 VM or the other virtual machines. The MSL-
TMG1 VM is configured to use the IP address 10.10.0.1 with a subnet mask of
255.255.0.0 on the Private network. The internal virtual machines must be configured
to use the IP address assigned to the Private network on the TMG-VM as their default
gateway. If this is not the case, you have two options:
a. Change the IP address on the Private network on the MSL-TMG1 VM to match
the default gateway assigned to the other virtual machines. If you choose this
option, change the IP address on the Private network (for example, you can
choose an IP address such as 192.168.0.1 network with a subnet mask of
255.255.255.0). Then, open the Forefront TMG management console on MSL-
TMG1, click Networking, double-click Internal, and on the Addresses tab,
remove the existing IP network range, and then click Add Adapter, select
Private, and click OK twice. Click Apply twice and click OK .
b. Change the IP address configuration for the internal virtual machines to use IPaddresses on the 10.10.0.0 network (subnet mask 255.255.0.0) and to use
10.10.0.1 as the default gateway. If you choose this option, you will need to
reconfigure all virtual machines. You may also need to configure additional IP
address settings. For example, if you change the IP address of a domain
controller or DNS server virtual machine, you will need to change all of the other
virtual machines to use that domain controller or DNS server for DNS.
4. If you have cloned the host machines to complete the classroom setup, the MAC
address assigned to the external network adapter on the TMG server many be the
same on all host machines. To address this, you will need to reconfigure the MAC
address on the TMG virtual machine on each host machine. To do this, complete thefollowing steps. Note that the MSL-TMG1 server must be shut down while you
complete this task.
a. In the Hyper-V console, open the Settings dialog box for the MSL-TMG1 virtual
machine.
b. Click the Legacy Network Adapter that is connected to the External Network.
c. Under MAC address, click Static. For each host machine, modify the last box of
the MAC address so that the Virtual Machine on each host machine has a unique
value. See the following screenshot:
7/16/2019 MSL TMG1 SetupGuide
http://slidepdf.com/reader/full/msl-tmg1-setupguide 18/25
14 MSL-TMG1 Gateway Virtual Machine
5. If you cannot connect to the Internet from the virtual machines, but the IP address
configuration is correct, the problem may be related to DNS name resolution.
a. To verify that the issue is related to DNS name resolution, open a command
prompt and type nslookup www.bing.com. If you receive and error proceed with
one of the next two steps.
b. If one of the virtual machines is configured as a DNS server, see the Optional
procedure if DNS resolution is restricted to certain DNS servers on your
network section below.
c. If none of the virtual machines are configured as a DNS server, then you will
need to configure the virtual machine to use a DNS server that can perform
Internet name resolution. Request the IP address of a DNS server at the training
center that can perform Internet name resolution, and assign that IP address as the
DNS server for the virtual machine.
6. The cloud-based SQL Azure Database service is only available through TCP port
1433. If you are able to connect to Internet Web sites from the virtual machines, but
cannot connect to SQL Azure, then ensure that the CPLS firewall allows outgoingTCP communication on TCP port 1433. The Firewall rule on the TMG server allows
outbound connectivity for all ports.
7/16/2019 MSL TMG1 SetupGuide
http://slidepdf.com/reader/full/msl-tmg1-setupguide 19/25
MSL-TMG1 Gateway Virtual Machine 15
Optional Procedure If an Internet Proxy Server Is Used on the
Network
Note: you will need to obtain the name of the proxy server used on your network.
Configure upstream proxy server in TMG
1. Log on to the MSL-TMG1 VM as Administrator, with the password of Pa$$word.
2. Click Start, All Programs, Microsoft Forefront TMG, click Forefront TMG
Management
3. In the left panel, expand Forefront TMG (MSL-TMG1) and then click Networking.
4. On the Web Chaining tab, click the Default rule, then in the right pane, click Edit
Selected Rule.
5. On the Action tab select Redirecting them to a specified upstream server 6. Next to Upstream proxy server, click Settings.
7. In the Specify Upstream Server Configuration box type:
a. Server: {name of server} example: proxy.contoso.com .
b. Port: 80
c. SSL Port: 443
8. Select Automatically poll upstream server for the configuration.
9. Ensure the Server URL is http://{name of server }:80/array.dll.
10. On the Bridging tab, in the Redirect SSL Requests as box, select SSL request, and
then click OK .
11. Click Apply, click Apply, and then click OK .
Optional Procedure If DNS Resolution Is Restricted to Certain
DNS Servers on Your Network
Note: You will need to obtain the IP address of an appropriate DNS server on your
network that can be configured as a forwarder.
Configure DNS forwarder on VM running DNS on Private Network side of MSL-
TMG1 VM
1. On your host computer open a command prompt and type ipconfig /all.
2. Copy down one of the DNS server IP addresses.
7/16/2019 MSL TMG1 SetupGuide
http://slidepdf.com/reader/full/msl-tmg1-setupguide 20/25
16 MSL-TMG1 Gateway Virtual Machine
3. On the VM running DNS in the lab environment (e.g. MIA-DC1), click Start,
Administrative Tools, DNS.
4. Click the server name, and then double-click Forwarders.
5. On the Forwarders tab, click Edit.
6. Type the IP address of an available DNS server from step 2 above.
7. Click OK twice and then close DNS Manager.
Note: After completing the classroom setup for the MSL-TMG1 VM, return to the coursespecific classroom setup guide and complete the setup for the course.
7/16/2019 MSL TMG1 SetupGuide
http://slidepdf.com/reader/full/msl-tmg1-setupguide 21/25
MSL-TMG1 Gateway Virtual Machine 17
Student Computer Checklist
1. Install the Hyper-V Server Role
2. Install the Base Image/ Virtual Machine Files
7/16/2019 MSL TMG1 SetupGuide
http://slidepdf.com/reader/full/msl-tmg1-setupguide 22/25
18 MSL-TMG1 Gateway Virtual Machine
Student Computer Setup
Use the instructions in the following section to set up the classroom manually. Before
starting the installation of the student computer, a supported operating system must be
installed on the computer. You can check the supported systems list at:
http://go.microsoft.com/fwlink/?LinkId=94481
Caution: These instructions assume network connectivity between the instructor computer and the student computers. If you do not have connectivity, MicrosoftLearning recommends copying the activated virtual machines to the studentcomputers by means of a manually created DVD or universal serial bus (USB)drive.
1. Install the Hyper-V Server Role
Note: If Hyper-V is already installed, you can skip this procedure.
For detailed instructions see the instructor computer setup.
2. Install the Base Image / Virtual Machine Files
Note: Ensure that all extracted courseware virtual machine files were copied fromthe Instructor computer during the Instructor Computer setup. The followingdirectories and short cuts will be needed to ensure that the student has allnecessary files for the MSL-TMG1 VM.
1. C:\Program Files\Microsoft Learning\MSL-GW and all included foldersand files
2. C:\Program Files\Microsoft Learning\Base\Base11A-WS08R2SP1.VHD
3. C:\Program Files\Microsoft Learning\Base\Drives\MT11-MSL-TMG1.VHD
1. Check that all permissions have been retained, by looking at the directories above
and making sure they are not Read Only.
2. Run the VM-Pre-Import script. For detailed instructions see the instructor computer
setup.
3. Add the virtual machines to the Hyper-V management console. For detailed
instructions see the instructor computer setup.
7/16/2019 MSL TMG1 SetupGuide
http://slidepdf.com/reader/full/msl-tmg1-setupguide 23/25
MSL-TMG1 Gateway Virtual Machine 19
Appendix A
The virtual machines were developed using the English (United States) layout shown
below.
If your physical keyboard doesn’t match the above layout, you may need to refer to the
above layout for the character positions used to logon. For future logons and usage
throughout the labs, you may want to install your keyboard layout in the virtual machine.
7/16/2019 MSL TMG1 SetupGuide
http://slidepdf.com/reader/full/msl-tmg1-setupguide 24/25
20 MSL-TMG1 Gateway Virtual Machine
Appendix B
Supporting Virtual Server and Virtual PC Labs on Hyper-V
Classroom Computers
Microsoft Learning has created courseware with virtual labs that have required differentvirtualization technologies to be running on classroom computers. Legacy courseware
from Microsoft Learning requires Virtual Server or Virtual PC, while current courseware
requires Hyper-V. It is relatively easy to run courses on Virtual Server and Virtual PC on
the same classroom computers. However, switching between legacy courses and courses
that require Hyper-V requires significant classroom configuration changes and often
involves re-imaging the classroom computers. The following procedure is offered as an
option to help facilitate delivery of legacy and current Microsoft Learning courseware on
the same classroom computers.
If you require Hyper-V based courses as well as Virtual Server and Virtual PC courses on
the same classroom computers, follow this optional procedure to set up a dual bootconfiguration. Virtual Server and Virtual PC can run on a computer that is running
Hyper-V, however, the virtual machines will run very slowly. The procedure below
creates a second boot entry that starts Windows Server with the hypervisor turned off.
Running Virtual Server and Virtual PC VMs with the hypervisor turned off will improve
the performance of the virtual machines.
Configure classroom computer to support Hyper-V, Virtual Server
and Virtual PC based labs
1. Install Windows Server 2008 R2 SP1.
2. Install Hyper-V Role.
3. Update Hyper-V role if necessary (http://support.microsoft.com/kb/950050).
4. Create a boot entry with the hypervisor turned off.
The following procedure provided courtesy of Ben Armstrong
http://blogs.msdn.com/virtual_pc_guy/archive/2008/04/14/creating-a-no-hypervisor-
boot-entry.aspx
a. Open an administrative command prompt.
b. To view current boot configuration type:
bcdedit.exe
c. To create a copy of the current active boot entry and provide an appropriate name
type:
bcdedit.exe /copy {current} /d "Windows Server 2008 R2 SP1 - no
hypervisor"
7/16/2019 MSL TMG1 SetupGuide
http://slidepdf.com/reader/full/msl-tmg1-setupguide 25/25
MSL-TMG1 Gateway Virtual Machine 21
d. To see the new boot entry type:
bcdedit.exe
Note: hypervisorlaunchtype set to Auto
e. To turn off the hypervisor in the new boot entry type:
bcdedit.exe /set {nnn} hypervisorlaunchtype Off
Note: replace {nnn} with identifier from new boot entry
5. Reboot computer and select the Windows Server 2008 R2 SP1 – no hypervisor boot
entry.
6. Install Virtual PC 2007 SP1.
7. Install Virtual Server 2005 R2 SP1.
Note: Virtual Server requires IIS components to be installed and will prompt toinstall the components if not detected.
You are now ready to install Hyper-V as well as Virtual Server and Virtual PC based
courses on your classroom computer. To switch between Hyper-V and Virtual
Server/Virtual PC based courses, reboot the classroom computer and select the
appropriate boot entry.