A New Template for Joomla!


Testing SBS in Hyper-V - Isolating DHCP while Allowing Full Internet Connectivity

You may wish to set up a test environment in Hyper-V for playing around with SBS 2008. You probably want it to have Internet access so that you can test things like WSUS. But supposing you already have an SBS server in production then you'd be worried about having two DHCP servers on the same LAN.

The thing with DHCP is that it works by using broadcast packets that are sent out to all devices on the same "physical" subnet. Essentially, to isolate two DHCP servers from one another, there must be a router in between. So we turn the Hyper-V host into a router.

This process fills the following requirements:

  • Allows the Hyper-V guest to access the internet
  • Allows the guest to access other machines on the physical LAN
  • Allows other machines on the LAN to access the guest machine
  • Allows the guest machine to be exposed and accessed from the Internet (after setting up port forwarding on the "default gateway" router)
  • The guest is on a different subnet than the LAN machines, therefore broadcast packets (eg. DHCP) are isolated
  • Additional subnets can be created as required (testing branch office scenarios, etc)

For the purposes of this example, assume the following:
Hardware router (default gateway) is
The Hyper-V Host is

Create a Virtual Network

We will be using "Internal Virtual Networks" in Hyper-V. With this configuration the guest can see other guests on the same virtual network, and can also see the host.

First, create the virtual network on the Hyper-V host:

  1. Add an Internall Only Virtual Network in the Hyper-V Virtual Network Manager - I called mine "Internal"
  2. Go to the Network and Sharing Center and then Change Adapter Settings
  3. If you sort by Details, you'll see a network device with a Device Name of "Internal"
  4. Open it's properties, and set the IPv4 address to with a subnet of (you don't need to set gateway or DNS on this interface)

Enable IP Routing

You don't actually have to use RRAS to enable routing between internal interfaces. Instead, set IPEnableRouter to "1" in regedit:


Add a Static Router on your Default Gateway (Router)

Finally, and critically (ie. don't skip this step like I did initially, and expect it to work!) you'll need to add a static route on the "default gateway" router for the physical LAN - usually an ADSL modem or other edge device.

In my case it was a Netgear ADSL router, so I browse to and configure a static route to mask through

Configure the Guest's Network Adapter

Now you can configure a virtual machine's network adapter to use this "Internal" network, give it a static IP address of eg., with a default gateway of

This should be all that is required!

Additional Subnets

You can add as many of these "Internal Only" networks as you want. They will all be able to talk to each other (if they know the IP address) and they will all have access to the Internet. You can even forward ports from the Internet to any of these "Internal Only" networks... But since they are on different subnets they will not interfere with each other when it comes to broadcasts (eg. DHCP).

I currently have SBS 2003 in my production LAN, and two virtual networks comprising of SBS 2003 and SBS 2008 on Hyper-V, and they do not clash.

More Reading

APPENDIX A: Using RRAS Instead

Instead of using the IPEnableRouter registry setting, you could use RRAS. The following 6 steps show you how to install RRAS to provide the routing.

Steps to install Routing and Remote Access:

  1. Server Manager > Add Role
  2. Select "Network Policy and Access Service", click Next
  3. Select "Remote Access Service" and "Routing", click Next
  4. Select "Custom Configuration", click Next
  5. Select "LAN Routing Only", click Next
  6. Start the service when prompted