Nano Server Management

Where has the time gone? I looked up from my computer and the summer is nearly over! One of the things I’ve been tinkering with as of late with some of my “infrastructure as code” projects is Nano Server. Not only is Nano Server gearing up to be a great Hyper-V host and a cool place to start dabbling in containers, it’s also great server to use when testing deployment scripts because it’s small and deploys quickly. When all I want to do is spin up and tear down to test my templates, I love being able to use a Windows server with a smaller footprint.

With Nano server being “headless”, it only supports remote administration, so this has also lead me to check out all the newish ways we can manage servers remotely. You’ll need to take a few steps so you can remotely manage a Nano server deployed in Azure.

  1. Open NSG on Azure for the Nano Server – If you created a VM from the Azure Portal and accept all the defaults (which include an NSG), that NSG doesn’t open the ports for WinRM by default.  It only opens RDP.  The OS firewall is open to accept WinRM and PowerShell, but the NSG blocks it.  You need to edit the NSG to include TCP ports 5985 (http) and/or 5986 (https) for remote management.
  2.  Add Nano External IP Address as a Trusted Host – Since you’ll be connecting to your VM remotely over the public internet, you’ll need to add that IP address to your trusted host list on your workstation. You can do that via PowerShell or via CMD (just pick one).
    1. winrm set winrm/config/client @{ TrustedHosts="" }
    2. Set-Item WSMan:\localhost\Client\TrustedHosts ""

At this point you should be able to remotely connect to your Nano Server using PowerShell. On your workstation, run (replacing the IP address and username as appropriate):

$ip = ""
 $user = "$ip\sysadmin"
 Enter-PSSession -ComputerName $ip -Credential $user

You’ll be prompted for your password and then you’ll be given a remote PowerShell prompt to your Nano VM. But what if you want MORE than just a PowerShell prompt? What if you want access to event logs? Or some basic performance information? Or dare say, use “Computer Manager”??

You can use Server Manager tools from workstation or you can use the Azure Server Management Tools (and Gateway).

While your remotely connect to the server you want to manage, you may need to make a few other small changes, particularly if your servers aren’t domain joined or are on a different subnet than the machine you are connecting from. I recommend checking out this troubleshooting guide –

If you specify in Microsoft Azure the local administrator account to connect to the managed server, you have to configure this registry key on the managed server:
REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1

If you are connecting from a different subnet:
NETSH advfirewall firewall add rule name=”WinRM5985″ protocol=TCP dir=in localport=5985 action=allow

If you want to use Computer Manager and other common Server Manager tools:
Set-NetFirewallRule -DisplayGroup ‘Remote Event Log Management’ -Enabled True -PassThru |
select DisplayName, Enabled

Happy Remoting!


Happy Bastille Day!

Bastille Day is the name given in English-speaking countries to the French National Day, which is celebrated on July 14th each year. The French National Day commemorates the beginning of the French Revolution with the storming of the Bastille on July 14, 1789.
Now, 227 years later, Systems Administrators everywhere might remember this day as the day support ended for Windows Server 2003 in 2015.  The successor to Windows 2000 Server it included features from Windows XP that were well loved by IT Pros and consumers alike, leading to it’s wide-spread adoption.
Released on April 24, 2003, Windows Server 2003 was very security minded for the time, reducing the attack surface by limiting the number of features installed by default. It also included several compatibility modes to allow older applications to run with more stability and continued to support Window NT 4.0 networking. Improvements were also made to ease the transition from the NT 4.0 directory to Active Directory.
Windows Server 2003 was also the first operating system released by Microsoft after the announcement of its Trustworthy Computing initiative, and as a result, contains a number of changes to security defaults and practices. Some of the cutting edge features of the time included Internet Information Services (IIS) v6.0, the “Manage Your Server” administrative tool to help with server configuration and improvements to Active Directory and Group Policy administration.
Here are some other great milestones and inventions that we saw in 2003:
  • iTunes Music Store also opens in April 2003.
  • FluMist by MedImmune released as an alternative to the flu shot.
  • The Intelligent Oven ( keeps your food refrigerated until the programmed cooking time. Can be remotely controlled via the Internet or by telephone.
  • Because the CD-ROM was the primary storage medium in the early 2000s, the CD-ROM shredder came onto the scene in 2003.
  • Java Logs ( – for those of you who love the open fire but feel bad about burning wood.
If you are still running Windows Server 2003 in your datacenter (a solid year after support has ended), you might want to check out some current training on Microsoft’s latest server offerings. Enjoy!

Wednesday Distractions with Videos

It’s Wednesday. Because it’s mid-week, it’s really easy to get distracted. So don’t blame me if any of the videos suck you in. 🙂


Server 2016 TP3, Containers and Azure – All Together

Sometimes I think I’ll never get caught up. Every day, there are new, interesting announcements from the technology companies we use every day, plus we have to juggle the tasks, fires and projects we have at work.  It’s really hard to keep up.  I’ll bet you are feeling that way right now.
This week, it’s possible for you to check a few new things off your list – ALL AT ONCE!  (And it’s already Friday!)
  1. Try out Azure
  2. Check out Server 2016
  3. Learn about Containers


First make sure you have an Azure subscription or trial.  If your company has an enterprise agreement with Microsoft, you might have credits to use in Azure and not even know it.  So check there first.  If not – go to to sign up for $200 you can use for the next 30 days.
Once you’ve got access to Azure, you’ll find we have two web portals for accessing it.  The “classic” or current portal at and the preview portal at Depending on what you need to do, the feature set varies between portals.  But for this, it doesn’t matter.
Whichever portal you pick, you’ve opened the door to the easiest way to test out new versions of Windows Server.  No hunting around for free hardware, no downloading ISO images and practically no wait. Just take advantage of your own personal datacenter in the “cloud”. 
Next, look for the Server 2016 versions – there are two of them. One is the Full GUI version, listed as Windows Server 2016 Technical Preview 3.  (In the new portal, the Full GUI version can be found in the Marketplace.)  The other one is listed as “Windows Server Container Preview”.
If poking around with the new full version is your goal, spin that up and get started.  RDP to it and you are good to go.  If you need a walk-thru on how to set up a VM on either portal, you can find it here :
If your company develops software and is thinking about micro-services and “containers” are new buzzword in the office, you’ll want to spin up the Container Preview.  And even if your company doesn’t fit that description and you just want to see what this container/Docker thing is all about, spin up the Container Preview too.
Once that machine is up and running, you’ll log into to find yourself at a command prompt window and nothing else.  Containers are supported only on the Windows Core (and eventually Nano) versions. To get you started, take some time to review this documentation ( and dust of your command line skills.
Viola!  Now go check off that list. 🙂
Note: With the preview, there is A LOT of work to be done still, so don’t be surprised when things aren’t super polished and feature-rich yet.  And seriously, don’t try to use any of this for production.  This is just the tip of the iceberg to come.

Summer Reads!

Ah, summertime…. Vacations, relaxing on the patio, fruit salads, sparkly drinks and learning. Right? I spent some time by the beach and the pool recently and then came back to a pile of interesting things I wanted to read or try out.

There are also two new video blogs available on Channel 9 that will keep adding new content you might want to check out.

Goodbye Windows Server 2003!

Time flies and today marks end of support for Windows Server 2003.  In case, you missed some of the available information to help you migrate onto a more modern copy of Windows Server, here are some links!

Listen to @RicksterCDN’s letter to Windows Server – The End of a Affair… 

On-Demand Events

Microsoft Virtual Academy – Modernizing Your Data Center JumpStart is Coming!

Worried about Windows Server 2003 end of support?

Fear no more. You can get ahead of the game with a look at modernization and data center transformation options in Windows Server 2012 R2 and Microsoft Azure. Want to decide what works best in your environment? Check out “Modernizing Your Data Center,” on October 28, and learn from the experts exactly what you need to update your data center to match your workloads.
Join me and Matt Hester for a look at administration tools, storage improvements, Hyper-V, and best practices for virtualizing domain controllers, plus how to simplify day-to-day server management with PowerShell and Desired State Configuration. Explore Microsoft Azure and how to make hybrid cloud a reality. And review the four major steps for planning a migration project. 
Take this opportunity to get your modernization questions answered!
Course Outline
·       Windows Server 2012 R2 and Automation
·       Azure Infrastructure as a Service
·       Migration Processes, Roles, and Tools

Modernizing Your Data Center Jump Start

Date:  October 28, 2014
Time: 9am‒2pm PDT
Where: Live, online virtual classroom
Cost: Free!

Events for Your September Calendar

Do not ask me what happened to August. I have no idea. But as September will be quickly upon us, you might need something to do.
The Transform the Datacenter MVP Roadshow might very well be coming your way.  Some awesome MVP will be talking about what you might be missing from Server 2012 R2 and what you need to think about when it comes to migrating from older versions of Windows that are in your datacenter.
San Francisco
Tuesday, September 2
Doug Spindler
Monday, September 22
Adnan Cartwright, Telmo Sampaio, Max Trinidad (coordination w/Kevin Weilbacher)
Monday, September 22
Trevor Sullivan, Annur Sumar, Brian Desmond
Tuesday, September 23
Brian Desmond (Coordination with Zubair Alexander)
Wednesday, September 24
Jason Helmick, Rory Monaghan, David Lundell, Tom Ziegmann
Thursday, September 25
Greg Shields
Friday, September 26
Anil Desai
Saturday, September 27, 2014
Andy Syrewicze
Saturday, September 20, 2014
Kevin Royalty
Also, IT Roadmap is coming to San Jose on September 17.  I’ve attended this event two or three times over the years and it’s usually pretty interesting.  If you qualify, it’s free.
IT Roadmap San Jose
Wednesday, September 17
San Jose Convention Center
7:30 am – 4:30 pm

Get out there and stay busy!

Modernizing Your Infrastructure – The Series Starts This Week!

For the next 6 weeks, IT Pro Tech Evangelists will be posting something daily around modernizing your infrastructure with hybrid cloud.  Each week will bring a TechNet Radio episode and four blog posts. You can find a complete list of the whole series as it’s posted at

Matt Hester and Keith Mayer kick it off with Part 1 where they discuss the importance of planning for your organization’s move to Windows Server 2012 R2 and Microsoft Azure.
  • [1:18] Why should I start planning now? 
  • [2:41] Why Migrate to Windows Server 2012 R2?
  • [5:45]  Why consider Azure as part of your migration strategy?
  • [12:38]  What tools are available to help in the migration process?
  • [17:40DEMO MAP and the Azure IaaS Cost Estimator
Also, stay tuned for later in the week when I’ll have post around some common workloads and scenarios you might consider for the cloud.

  • Tue: Assessing your current IT infrastructure with the MAP tool by Dan Stolts
  • Wed: Conducting a VM readiness assessment by Kevin Remde
  •  Thu: Estimating costs for migrating VM workloads to Azure by Dan Stolts
  •  Fri: Common Application Workloads and Scenarios for Azure by Me!

Windows Server 2012 R2 Brings Improvements to DNS and DHCP Management

DNS and DHCP – they are like two sides to same coin.  At the core, DNS maps human friendly names to IP addresses so we can find resources on the Internet easily, the other hands out IP addresses and other configuration information to computers so they can be accessible on the network.
Both have been around since what seems like the beginning of time, but both have some new improvements with Windows Server 2012 R2.

First, there have been some improvements for DNSSEC support. In Server 2012, the Key Master role only existed for AD-integrated zone, but now that has been extended to support file-backed multi-master zones as well.

Also, the key management service (key generation, storage, retirement) has been isolated to only the key master of a zone.  All other primary DNS servers for zone can continue signing a zone by accessing the keys managed by the master.

Next, let’s bring on the PowerShell improvements.  While DNS on Windows Server 2012 already has a substantial list of statistics available using the Get-DnsServerStatistics, new Zone related statistics have been added for zone query stats, zone transfer stats and zone update stats.

There are also some brand new cmdlets for controlling DNSSEC, to support some of the improvements, like managing Trust Anchors. You can find the complete list of the cmdlets on TechNet, at

For the DHCP Server, new PowerShell cmdlets have been added for managing superscopes and multicast scopes, as well as improvements in some of the existing commands for changing failover relationships and interacting with DNS. There are over a dozen new additions, but some of the cmdlets include:

  • Add-DhcpServerv4MulticastScope
  • Add-DhcpServerSecurityGroup
  • Get-DhcpServerv4MulticastScopeStatistics
  • Get-DhcpServerv4SuperscopeStatistics

But it’s not all about PowerShell improvements. There are two DHCP improvements that enhance client DNS registrations. 

The first one extends DHCP polices to configure conditions based on the FQDN of the clients. Or clients can be registered using a different DNS suffix than the one configured on the client.
The second enhancement enables you to configure the DHCP server to register only A records for clients with the DNS server.  This can avoid failed attempts to register PTR records when a reverse lookup zone isn’t configured. PTR record registration can be disabled for all clients of a DHCP server, or by specific subnet or attribute.

Overall these new features can give you better granular control of devices on the network, including workgroup and guest devices. 

Looking for more information about what’s new with Windows Server 2012 R2?  Check out the full list of blog posts in this series, Why Windows Server 2012 R2?.  Also, don’t forget to take a moment to download the Server 2012 R2 bits so you can try it all out for yourself.