Hello,

    I am trying to troubleshoot a slow network access to the outside world.  My Sophos UTM machine sits in a VM on a Windows Server 2012 R2 Server Core Hyper-V host with 3 NICs.  One NIC is for the host administration on the 192.168.1.x LAN switch along with all the other Hyper-V hosts.  The other two NICs are for the guest VMs, one connected to the ISP WAN, and the other connected to the internal network switch.  Prior to installing the VM with Sophos UTM I could use the Server Manager from one of the other servers to manage all the Hyper-V hosts.  After I installed the Sophos UTM software, Server Manager is unable to connect to the Hyper-V host that the VM is on.  I am able to RDP into the host, and have run Enable-NetFirewallRule -DisplayGroup "Windows Remote Management" and Enable-PSRemoting.  Server Manager has refreshed multiple times and shows Manageability as Online-Cannot get event data.  Trying to remote connect into the Hyper-V host with Event Viewer does not work either.  If I delete the VM, everything comes back to working fine, minus the internet connectivity.  This has not only happened to me with Sophos, I had the same issue with Windows Server 2008 and a TMG VM.  I would like to look over the logs to see if the network issues are related to Hyper-V or the har

Not sure if it is the same, but I had an issue with a multihomed host that was also a DNS server. Each NIC was registering with the DNS server, and so clients sometimes got the wrong IP address to the server. Because there was no route for the client to the server, it could not communicate with the server. You could check that.

To stop multihomed server that is also DNS server, need to stop DNS server from listening on all IP addresses:

https://technet.microsoft.com/en-us/library/cc755068.aspx

Also see this article:

https://support.microsoft.com/en-us/kb/2023004

Otherwise, if server is live, other things to check:

* is required service running or open (check Services and open ports)

* is firewall on server or client is blocking access

* is other network problem stopping routes or blocking traffic

• Proposed as answer by Alex LvMicrosoft contingent staff, Moderator 1 hour 17 minutes ago

Not sure if it is the same, but I had an issue with a multihomed host that was also a DNS server. Each NIC was registering with the DNS server, and so clients sometimes got the wrong IP address to the server. Because there was no route for the client to the server, it could not communicate with the server. You could check that.

To stop multihomed server that is also DNS server, need to stop DNS server from listening on all IP addresses:

https://technet.microsoft.com/en-us/library/cc755068.aspx

Also see this article:

https://support.microsoft.com/en-us/kb/2023004

Otherwise, if server is live, other things to check:

* is required service running or open (check Services and open ports)

* is firewall on server or client is blocking access

* is other network problem stopping routes or blocking traffic

• Proposed as answer by Alex LvMicrosoft contingent staff, Moderator Wednesday, July 22, 2015 5:45 AM
• Marked as answer by Alex LvMicrosoft contingent staff, Moderator 5 hours 0 minutes ago

While it is technically multihomed, that is not really the issue.  The Hyper-V hosts run on a separate physical switch than the guest VMs.  Yes DNS server hosts all the guest VMs and physical hosts, but a ping can be made via name resolution.  I have verified that by unhooking the cable as I pinged.  I am continuing to go through all the firewall rules, still a little difficult as I am not seeing anything from blocking it.

So if the VM is installed but shutdown (not deleted), does it still block access to the VH?

The VM guest should be separate from the VH, but seems like it is somehow taking control of the VH NICs and applying firewall control of the VH NICs instead of just the VM NICs. Maybe it is somehow operating at such a low level it is not just blocking the virtual NIC but also the physical NIC.

Maybe you have to tweak the NIC settings? It isn't legacy NIC is it?

Sorry, not sure otherwise!

Well as I am not sure what I did, I can say that Server Manager now sees the data coming from the host.  Might have been a firewall setting that was activated with Hyper-V to isolate it from the VMs.  Not exactly sure, but now I have been going through all the event logs and everything else and still cannot find the bottleneck with the network.  My only thing is that it might be Integration Services causing it, as the Sophos UTM has the Hyper-V Integration Services already in the software package, there is no way to update it.  This seems to be the only error that I am repeatedly getting:

Hyper-V Heartbeat failed to connect to virtual machine 'Sophos UTM' because the version does not match the version expected by Hyper-V (Virtual machine ID B5832F1D-529C-4434-B939-CFB2C07BC9B8). Framework version: Negotiated (0.0) - Expected (3.0); Message version: Negotiated (0.0) - Expected (3.1). To fix this problem, you must upgrade the integration services. To upgrade, connect to the virtual machine and select Insert Integration Services Setup Disk from the Action menu.

Perhaps it has to do with the VH sharing the network adapter with the firewall/UTM VM. Eg the settings talked about here:

http://blogs.technet.com/b/networking/archive/2010/06/04/not-able-to-access-the-hyper-v-host-machine-on-the-network-even-though-virtual-machines-on-that-host-machine-can-communicate-on-the-same-network.aspx

Hi,

Just want to confirm the current situations.

Please feel free to let us know if you need further assistance.

Regards.