Share via

Hyper-V Guest VM communication issue

Subhankar Biswas 0 Reputation points
2026-06-03T18:02:47.4633333+00:00

I have a Hyper-V host in Azure VM and created 2 guest VMs. But those 2 guest VMs are unable to connect to Domain Controller. I have created Internal V-Switch and configured NAT. Despite all this, unable to connect my Domain Controller.

Windows for business | Windows Client for IT Pros | Storage high availability | Virtualization and Hyper-V
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Chen Tran 10,560 Reputation points Independent Advisor
    2026-06-03T18:57:06.45+00:00

    Hello Subhankar,

    Thank you for posting question on Microsoft Windows Forum!

    Based on the issue description. Well! The potential reasons for your guest VMs not being able to reach the Domain Controller because the Internal V-Switch with NAT in Hyper-V on an Azure VM does not provide proper routing to the external Azure VNet where the DC resides. Since internal V-Switch only allows communication between the host and its guests. It does not connect to the Azure VNet. NAT configuration in Hyper-V is limited and does not integrate with Azure’s virtual networking stack. Guest VMs cannot resolve or route traffic to the Domain Controller in the Azure VNet. Hence, your guest VMs are probably isolated and cannot join the domain.

    The suggestion here is to try replacing your Internal V-Switch + NAT with an External V-Switch bound to the Azure VM’s NIC. This will put your guest VMs directly on the Azure VNet, allowing them to reach the Domain Controller.

    Another point worth mentioning here is that if your DC is simply another virtual machine running on the exact same Internal Switch, the traffic does not actually use NAT to talk guest-to-guest. It stays entirely within the virtual switch.

    You can consult the following articles for more information regarding your concerns.

    Hope the above information is helpful! If it is. Free feel to hit "Accepted" for benefitting others in community having the same query too.

    Was this answer helpful?

    0 comments

  2. AI answer

    2026-06-03T18:03:17.1566667+00:00

    Check connectivity step by step from the guest VMs to the domain controller, focusing on NIC configuration, Hyper-V virtual switch, NAT, and firewalls.

    1. Verify guest VM NIC and IP configuration
      • Ensure each guest VM is connected to the correct Hyper-V virtual switch (the internal vSwitch used for NAT).
      • On each guest VM, confirm:
        • IP address, subnet mask, and default gateway are correctly set for the internal network.
        • DNS server is set to the domain controller’s IP address (or a DNS that can resolve the DC).
    2. Confirm NAT configuration on the Azure-host Hyper-V
      • NAT must correctly translate traffic from the internal Hyper-V network to the Azure VM’s external interface.
      • If using the Hyper-V NAT pattern described in the Hyper-V NAT networking guidance, ensure:
        • The internal vSwitch is of type Internal.
        • The NAT network is bound to the internal vSwitch and has the correct address prefix.
        • The Azure VM’s firewall and any NSG/UDR allow traffic from the NAT subnet to the domain controller.
      • For reference, NAT networking in Hyper-V uses an internal switch and provides outbound access by mapping internal IPs to the host’s IP and ports. If NAT is misconfigured, the guest VMs won’t reach external resources like a domain controller.
    3. Check Azure-side connectivity (NSG, UDR, firewall)
      • Treat the Hyper-V host as any other Azure VM trying to reach another VM (the domain controller):
        • Verify the NIC of the Hyper-V host and the subnet have NSG rules that allow required domain traffic (LDAP, Kerberos, SMB, RPC, etc.) between the host and the DC.
        • Ensure no User-Defined Route (UDR) is redirecting traffic to an unexpected next hop that might drop or filter traffic.
          • In the Azure portal, for each involved VM (Hyper-V host and DC):
            1. Go to the VM’s Networking.
            2. Open the NIC’s Effective security rules and Effective routes.
            3. Confirm there is no deny rule or unexpected route blocking traffic.
      • Use Network Watcher IP Flow Verify to confirm whether NSG rules allow or deny traffic from the Hyper-V host to the domain controller on required ports.
    4. Check VM firewalls (host and DC)
      • On the Hyper-V host Azure VM:
        • Ensure Windows Firewall allows traffic from the internal vSwitch subnet to the DC.
      • On the domain controller:
        • Temporarily disable the firewall to test; if connectivity starts working, re-enable and add specific allow rules.
    5. Validate that the DC is listening on required ports
      • On the domain controller VM, run netstat -ano to confirm it is listening on domain-related ports (LDAP, Kerberos, SMB, RPC).
      • If the DC isn’t listening, fix the DC services before further network troubleshooting.
    6. Test connectivity from inside the guest VMs
      • From each guest VM:
        • Use Test-NetConnection (Windows) or telnet/nc (Linux) to test connectivity to the DC on key ports (e.g., 389, 445, 88).
        • If tests fail, work backward:
          • Test from Hyper-V host to DC.
          • If host-to-DC works but guest-to-host doesn’t, the issue is in the internal vSwitch/NAT or host firewall.
    7. Consider Hyper-V virtual switch and VLAN settings
      • If VLAN tagging is used on the Hyper-V virtual switch, ensure VLAN IDs are correctly configured on the management OS and guest NICs using Set-VMNetworkAdapterVlan.
      • Misconfigured VLANs can prevent the guest VMs from reaching the DC even if NAT and routing are correct.

    By following these steps, the path from guest VM → internal vSwitch → NAT on Hyper-V host → Azure network → domain controller can be systematically validated and corrected.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.