Nano Server Management

Where has the time gone? I looked up from my computer and the summer is nearly over! One of the things I’ve been tinkering with as of late with some of my “infrastructure as code” projects is Nano Server. Not only is Nano Server gearing up to be a great Hyper-V host and a cool place to start dabbling in containers, it’s also great server to use when testing deployment scripts because it’s small and deploys quickly. When all I want to do is spin up and tear down to test my templates, I love being able to use a Windows server with a smaller footprint.

With Nano server being “headless”, it only supports remote administration, so this has also lead me to check out all the newish ways we can manage servers remotely. You’ll need to take a few steps so you can remotely manage a Nano server deployed in Azure.

  1. Open NSG on Azure for the Nano Server – If you created a VM from the Azure Portal and accept all the defaults (which include an NSG), that NSG doesn’t open the ports for WinRM by default.  It only opens RDP.  The OS firewall is open to accept WinRM and PowerShell, but the NSG blocks it.  You need to edit the NSG to include TCP ports 5985 (http) and/or 5986 (https) for remote management.
  2.  Add Nano External IP Address as a Trusted Host – Since you’ll be connecting to your VM remotely over the public internet, you’ll need to add that IP address to your trusted host list on your workstation. You can do that via PowerShell or via CMD (just pick one).
    1. winrm set winrm/config/client @{ TrustedHosts="13.88.11.166" }
    2. Set-Item WSMan:\localhost\Client\TrustedHosts "13.88.11.166"

At this point you should be able to remotely connect to your Nano Server using PowerShell. On your workstation, run (replacing the IP address and username as appropriate):

$ip = "13.88.11.166"
 $user = "$ip\sysadmin"
 Enter-PSSession -ComputerName $ip -Credential $user

You’ll be prompted for your password and then you’ll be given a remote PowerShell prompt to your Nano VM. But what if you want MORE than just a PowerShell prompt? What if you want access to event logs? Or some basic performance information? Or dare say, use “Computer Manager”??

You can use Server Manager tools from workstation or you can use the Azure Server Management Tools (and Gateway).

While your remotely connect to the server you want to manage, you may need to make a few other small changes, particularly if your servers aren’t domain joined or are on a different subnet than the machine you are connecting from. I recommend checking out this troubleshooting guide – https://blogs.technet.microsoft.com/servermanagement/2016/07/20/troubleshooting-problems-with-server-management-tools/

If you specify in Microsoft Azure the local administrator account to connect to the managed server, you have to configure this registry key on the managed server:
REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1

If you are connecting from a different subnet:
NETSH advfirewall firewall add rule name=”WinRM5985″ protocol=TCP dir=in localport=5985 action=allow

If you want to use Computer Manager and other common Server Manager tools:
Set-NetFirewallRule -DisplayGroup ‘Remote Event Log Management’ -Enabled True -PassThru |
select DisplayName, Enabled

Happy Remoting!

Advertisements

Happy Bastille Day!

Bastille Day is the name given in English-speaking countries to the French National Day, which is celebrated on July 14th each year. The French National Day commemorates the beginning of the French Revolution with the storming of the Bastille on July 14, 1789.
Now, 227 years later, Systems Administrators everywhere might remember this day as the day support ended for Windows Server 2003 in 2015.  The successor to Windows 2000 Server it included features from Windows XP that were well loved by IT Pros and consumers alike, leading to it’s wide-spread adoption.
Released on April 24, 2003, Windows Server 2003 was very security minded for the time, reducing the attack surface by limiting the number of features installed by default. It also included several compatibility modes to allow older applications to run with more stability and continued to support Window NT 4.0 networking. Improvements were also made to ease the transition from the NT 4.0 directory to Active Directory.
Windows Server 2003 was also the first operating system released by Microsoft after the announcement of its Trustworthy Computing initiative, and as a result, contains a number of changes to security defaults and practices. Some of the cutting edge features of the time included Internet Information Services (IIS) v6.0, the “Manage Your Server” administrative tool to help with server configuration and improvements to Active Directory and Group Policy administration.
Here are some other great milestones and inventions that we saw in 2003:
  • iTunes Music Store also opens in April 2003.
  • FluMist by MedImmune released as an alternative to the flu shot.
  • The Intelligent Oven (www.tmio.com) keeps your food refrigerated until the programmed cooking time. Can be remotely controlled via the Internet or by telephone.
  • Because the CD-ROM was the primary storage medium in the early 2000s, the CD-ROM shredder came onto the scene in 2003.
  • Java Logs (http://www.pinemountainbrands.com/products/pine-mountain-java-log-4-hour-firelogs) – for those of you who love the open fire but feel bad about burning wood.
If you are still running Windows Server 2003 in your datacenter (a solid year after support has ended), you might want to check out some current training on Microsoft’s latest server offerings. Enjoy!

Wednesday Distractions with Videos

It’s Wednesday. Because it’s mid-week, it’s really easy to get distracted. So don’t blame me if any of the videos suck you in. 🙂

Enjoy!

Server 2016 TP3, Containers and Azure – All Together

Sometimes I think I’ll never get caught up. Every day, there are new, interesting announcements from the technology companies we use every day, plus we have to juggle the tasks, fires and projects we have at work.  It’s really hard to keep up.  I’ll bet you are feeling that way right now.
This week, it’s possible for you to check a few new things off your list – ALL AT ONCE!  (And it’s already Friday!)
  1. Try out Azure
  2. Check out Server 2016
  3. Learn about Containers

 Ready?

First make sure you have an Azure subscription or trial.  If your company has an enterprise agreement with Microsoft, you might have credits to use in Azure and not even know it.  So check there first.  If not – go to http://aka.ms/NewAzureTrial to sign up for $200 you can use for the next 30 days.
Once you’ve got access to Azure, you’ll find we have two web portals for accessing it.  The “classic” or current portal at http://manage.windowsazure.com and the preview portal at http://portal.azure.com. Depending on what you need to do, the feature set varies between portals.  But for this, it doesn’t matter.
Whichever portal you pick, you’ve opened the door to the easiest way to test out new versions of Windows Server.  No hunting around for free hardware, no downloading ISO images and practically no wait. Just take advantage of your own personal datacenter in the “cloud”. 
  
Next, look for the Server 2016 versions – there are two of them. One is the Full GUI version, listed as Windows Server 2016 Technical Preview 3.  (In the new portal, the Full GUI version can be found in the Marketplace.)  The other one is listed as “Windows Server Container Preview”.
If poking around with the new full version is your goal, spin that up and get started.  RDP to it and you are good to go.  If you need a walk-thru on how to set up a VM on either portal, you can find it here : https://azure.microsoft.com/en-us/documentation/articles/virtual-machines-windows-tutorial/
If your company develops software and is thinking about micro-services and “containers” are new buzzword in the office, you’ll want to spin up the Container Preview.  And even if your company doesn’t fit that description and you just want to see what this container/Docker thing is all about, spin up the Container Preview too.
Once that machine is up and running, you’ll log into to find yourself at a command prompt window and nothing else.  Containers are supported only on the Windows Core (and eventually Nano) versions. To get you started, take some time to review this documentation (http://aka.ms/windowscontainers) and dust of your command line skills.
Viola!  Now go check off that list. 🙂
Note: With the preview, there is A LOT of work to be done still, so don’t be surprised when things aren’t super polished and feature-rich yet.  And seriously, don’t try to use any of this for production.  This is just the tip of the iceberg to come.

Summer Reads!

Ah, summertime…. Vacations, relaxing on the patio, fruit salads, sparkly drinks and learning. Right? I spent some time by the beach and the pool recently and then came back to a pile of interesting things I wanted to read or try out.

There are also two new video blogs available on Channel 9 that will keep adding new content you might want to check out.