Tag: Windows Server 2016

Wait, Installing Windows Servers CALs on an Azure VM isn’t your last step….

· 5 Comments ·

Recently I was presented with a problem, where the client needed to increase the number of terminal services (RDP sessions) from the default 2, to 5. The server was a virtual machine (VM) that was being hosted on Azure, and it was a Windows Server 2016 VM. So, simple solution, right? Just install the Terminal Services (Remote Desktop Service) roles, purchase and install the 5 CALs, and walk away.

Well, after I installed Terminal Services, and configured the Remote Desktop roles, installed and activated the 5 CALs, User3 was still unable to login without kicking User1 or User2 off the machine.

Turns out, the end-users were given the RDP file from the Azure portal, which was fine, however when that specific file was downloaded and used by the end-users, it contained the administrative switch set to true. With this property enabled, User3 would never be able to login without kicking one of the other users off. So, what to do?

 

Opening the RDP file, and modifying the administrative switch from 1 to 0, was the trick! Gave the users the updated RDP file, and all good. Users3, 4 and 5 were now able to log on to the server.

If you’re curious, below is an example of the RDP file contents, (Open it within Notepad). When you download the RDP file from the Azure portal, it will contain the following info, public IP of the server, prompt for credentials, administrative…. You will need to change the administrative switch from 1 to 0, and save the file. Of course, you still need to install the Terminal Services, purchase the CALs, and install, etc. etc.

 

full address:s:512.802.768.266:3389
prompt for credentials:i:1
administrative session:i:1

 

FYI, Group Policy has nothing to do with this, so that was eventually removed as a part of the solution. (https://support.microsoft.com/en-us/help/2833839/guidelines-for-installing-the-remote-desktop-session-host-role-service)

System Center Virtual Machine Manager (SCVMM) 2016 – Error 2912 – Unknown error (0x80041008)

· 1 Comment ·

Problem: Cannot to deploy a logical switch (vSwitch) to a Windows Server 2016 node.

Environment: 2x10GB Network Cards – IBM Flex Chassis (not that matters…)

Error:

An internal error has occurred trying to contact the ‘hypervserver01.domain.com’ server: : .

WinRM: URL: [http://hypervserver01.domain.com:5985], Verb: [INVOKE], Method: [GetFinalResult], Resource: [http://schemas.microsoft.com/wbem/wsman/1/wmi/root/scvmm/AsyncTask?ID=1001]

Unknown error (0x80041008)

Recommended Action
Check that WS-Management service is installed and running on server ‘hypervserver01.domain.com’. For more information use the command “winrm helpmsg hresult”. If ‘hypervserver01.domain.com’ is a host/library/update server or a PXE server role then ensure that VMM agent is installed and running. Refer to http://support.microsoft.com/kb/2742275 for more details.

Solution: In my case, I tried the following. Ultimately, it came down to my last case (enabling the physical network card).

  • Disable Windows Firewalls on both SCVMM and the Hyper-V 2016 server
  • Change the default WinRM port to 5985
winrm set winrm/config/Listener?Address=*+Transport=HTTP '@{Port="5985"}'

  • Enable the secondary physical port

How to Enable Nested Virtualization on Hyper-V Windows Server 2016

· 6 Comments ·

I figured this post may be useful if you’re like me and testing out Azure Stack. If you are unaware of Azure Stack, in short, it allows organizations to have Azure (Cloud) on their own environment/datacenter. Here is a LINK for more information on Azure Stack. Azure Stack is currently in phase TP2 (Technical Preview 2) and this is the version I will be deploying and testing.

Anyways..

Before getting started with Azure Stack, your physical Windows Server 2016 box must have Nested Virtualization enabled.

First things first, the VM will need to have:

  • Dynamic Memory disabled and provide a minimum of 96GB of memory

3

  • VM will need to have at least 1 vCPU. I gave it 16 as per system/hardware recommendations.

4

  • MAC address spoofing must be enabled.

5

  • Lastly, Virtualization Extensions need to enabled/set to TRUE.

With the following PowerShell code, we can get the value, and then change the value from. By default this value is disabled.

Get-VMProcessor -VMName VMName | FL *
Set-VMProcessor -VMName VMName -ExposeVirtualizationExtensions $true

1

Re-run the first command to confirm the change.

2

Now we are ready to move forward with the Azure Stack install!

System Center Operations Manager (SCOM) 2016 – Requirements for Windows Server 2016 via PowerShell

· 2 Comments ·

The following PowerShell code is to install all the necessary IIS components for System Center Operations Manager (SCOM) 2016 Web Console on Windows Server 2016.

Import-Module ServerManager
Add-WindowsFeature Web-Server, Web-WebServer, Web-Common-Http, Web-Default-Doc, Web-Dir-Browsing, Web-Http-Errors, Web-Static-Content, Web-Health, Web-Http-Logging, Web-Log-Libraries, Web-Request-Monitor, Web-Performance, Web-Stat-Compression, Web-Security, Web-Filtering, Web-Windows-Auth, Web-App-Dev, Web-Net-Ext45, Web-Asp-Net45, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Mgmt-Tools, Web-Mgmt-Console, Web-Mgmt-Compat, Web-Metabase, NET-Framework-45-Features, NET-Framework-45-Core, NET-Framework-45-ASPNET, NET-WCF-Services45, NET-WCF-HTTP-Activation45, NET-WCF-TCP-PortSharing45, WAS, WAS-Process-Model, WAS-Config-APIs, web-asp-net -restart

You can also find this in Microsoft’s TechNet Gallery, HERE.

Installing SQL 2016 for System Center Operations Manager (SCOM) 2016 – Step-by-Step

· 9 Comments ·

The following is a guide on how to install SQL 2016 for your System Center Operations Manager (SCOM) 2016 environment. I will be installing SQL 2016 on a brand-new server with Windows Server 2016 installed.

To begin, I am going to set the following accounts as a Local Administrator on the server. Also, I am going to be creating two SQL instances, one for the Operations database, and the other for the Data Warehouse. Since this is for my personal lab, I am not dedicated storage/drives for the databases.

 

Domain\Account Description
domain\SCOM_AA SCOM Action Account
domain\SCOM_DA SCOM Data Access/SDK Account
domain\SCOM_SQL_READ SCOM SQL Reader
domain\SCOM_SQL_WRITE SCOM SQL Writer
domain\SQL_SA SQL Service Account

1

Next, let’s run the setup wizard as the SQL_SA account to make life easier down the road…

2

First thing I noticed, between SQL 2012/2014 and SQL 2016, a few changes/features have been removed/added. One that stands out is, the SQL Server Management Studio (SSMS) console is no longer here. Hmm.. I guess we can always connect to the databases from a console on another server/PC.

3

As mentioned, I am dedicated an instance for the Operations DB, and one for the Date Warehouse DB.

4

Setting the  SQL Server Agent to Automatic, and specifying the service accounts for the two services.

5

Keeping the database engine collation as default, “SQL_Latin1_General_CP1_CI_AS“.

6

Here, I am adding all the SCOM/SQL service accounts and SQL service accounts as SQL server administrators.

7

Nice! This is new for SQL 2016 — being able to create TempDB‘s. Since my VM has 8 vCPU’s, looks like SQL 2016 picked up on that, and has decided to create a one-to-one relationship. Great, let’s get started within the installation…

8

Perfect! No errors. Keep in mind, we will need to repeat these steps to create the Data Warehouse instance.

15

16

Great! Now we can go ahead with the SCOM 2016 installation! See HERE, for that post.

If you need to install the SQL Server Management Studio (SSMS), continue reading…

(more…)

Monitoring Windows Server 2016 Nano Server with SCOM 2016

· 2 Comments ·

The following post is intended to demonstrate how to monitor your Windows Server 2016 — Nano Server, via System Center Operations Manager (SCOM) 2016.

Also, a quick note, the SCOM team released the Windows Server 2016 Operating System Management Pack today, see HERE for the download/MP. One of the many updates to this MP (version 10.0.8.0) is the added compatibility of the Nano agent! So without further ado, let’s try installing the SCOM 2016 agent on a Nano server!

mp

To begin, I have an out-of-the-box Windows 2016 (No UI) VM. I gave it 1GB of memory, and 2 vCPU’s.

7

Once the VM is online, first things first, we need to add this machine to our domain, unless you want to go the DMZ/Certificates route…. For simplicity, I am adding the Nano server to my domain, same domain as the SCOM Management Server(s) — The Nano Server and SCOM Management Server MUST be on the same domain. Same network space, etc. etc.

Assuming the above is completed, let’s begin with assigning a static IP address to the server. However, before we do this, we need to get the name of the Network Adapter(s).

Network Adapter Information

Get-NetAdapter
Get-NetIPConfiguration

These cmdlets will give us the network adapter name and current settings. As you can see below, the domain controller/DHCP has already given our server a dynamic IP (10.10.10.50). We want to change this….

1

Assign Static IP

New-NetIPAddress -InterfaceIndex 2 -IPAddress 10.10.10.37 -PrefixLength 24 -DefaultGateway 10.10.10.1

2

By default, the -PrefixLength 24, will assign the subnet mask of 255.255.255.0.

Next, since this is Active Directory, we want to assign the DNS Server(s) to our Network Adapter.

Assign DNS Server(s)

Set-DnsClientServerAddress -InterfaceIndex 2 -ServerAddresses 10.10.10.30, 10.10.10.31

3

If you only have one DNS/DC server, then remove the second entry.

Now that we have communication with the domain controllers, now we can add our machine to the domain.

First, let’s change the server name from its random default, to something we like. I am going to go with “NANO01“.

Change Server Name

Rename-Computer -NewName "NANO01" -Restart

4

Next, we can now add the server to the domain.

Add Server to Domain

Add-Computer -DomainName "RaviLocal.com" -Restart

5

To quickly verify our server has been added to AD, we can take a looking at the AD Users and Computers UI:

5b

Great, there it is! Now we can go ahead and deploy our Microsoft Monitoring Agent (MMA)/SCOM Agent.

Deploy SCOM 2016 Agent

Since I am taking the lazy approach, I will be deploying the agent via SCOM console. If you want to make use of PowerShell, see Microsoft’s TechNet article HERE.

6

 

Great, MMA deployed as expected! Quickly verify it is now communicating with SCOM:

8

All good!

 

Happy SCOM’ing 2016!

Step-by-Step – Installing System Center Operations Manager (SCOM) 2016 on Windows Server 2016 with SQL 2016

· 58 Comments ·

This post I will be installing System Center Operations Manager 2016 (SCOM) RTM, Build Number 7.2.11719.0.

Here is some of the background information. As this post will concentrate on the installation of SCOM 2016, I am going to omit the setup and configuration of the Domain Controller, Windows Server 2016 for both SCOM Management Server and SQL Server (Please note, I am using SQL Server 2016, both servers on Windows 2016).

If you need help setting up SQL 2016 for SCOM 2016, please visit HERE.

Environment:  Virtual; ESX 6.0 Hypervisor

SCOM Management Server:

  • Windows Server 2016
  • 4 vCPU (2.00GHz)
  • 12 GB memory
  • 100GB Diskspace
  • 1GB vNIC

SQL Server:

  • Windows Server 2016
  • SQL Server 2016
  • 4 vCPU (2.00GHz)
  • 24 GB memory
  • 300GB Diskspace
  • 1GB vNIC

Service Accounts and Local Administrator:

Domain\Account Description Local Admin on…
domain\SCOM_AA SCOM Action Account SCOM & SQL
domain\SCOM_DA SCOM Data Access/SDK Account SCOM & SQL
domain\SCOM_SQL_READ SCOM SQL Reader SQL
domain\SCOM_SQL_WRITE SCOM SQL Writer SQL
domain\SCOM_Admins SCOM Administrators Group SCOM
domain\SQL_SA SQL Service Account SQL
domain\SQL_SSRS SQL Service Reporting Services Account SCOM

 

Now, if you’re lazy like me, or are tired of doing this setup for environments, I have scripted the automation of these accounts. You can find that link here, Microsoft TechNet Gallery.

Let’s Begin:

2

3

For completeness, let’s install all the features of SCOM 2016. (I am hosting a default SQL 2016 instance on the SCOM Management Server for SSRS)

4

5

Well, that’s not new… Errors. Since this is a clean, vanilla Windows 2016 server, we will need to install all the necessary Web Console components, along with Report Viewer Controls (probably SQL CLR Types too..).

  • For the Report Viewer Prerequisites, go HERE.

Note, oddly I was unable to install with CLR SQL 2016, Reports Viewer still complained and required CLR SQL 2014.

  • Here is the PowerShell command I ran to install the necessary IIS features/roles:
Import-Module ServerManager
Add-WindowsFeature Web-Server, Web-WebServer, Web-Common-Http, Web-Default-Doc, Web-Dir-Browsing, Web-Http-Errors, Web-Static-Content, Web-Health, Web-Http-Logging, Web-Log-Libraries, Web-Request-Monitor, Web-Performance, Web-Stat-Compression, Web-Security, Web-Filtering, Web-Windows-Auth, Web-App-Dev, Web-Net-Ext45, Web-Asp-Net45, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Mgmt-Tools, Web-Mgmt-Console, Web-Mgmt-Compat, Web-Metabase, NET-Framework-45-Features, NET-Framework-45-Core, NET-Framework-45-ASPNET, NET-WCF-Services45, NET-WCF-HTTP-Activation45, NET-WCF-TCP-PortSharing45, WAS, WAS-Process-Model, WAS-Config-APIs -restart

 

Once the server is back online, you will need to register ASP.Net.

6

You will need to apply the following using Command Prompt (as Administrator)).

  1. cd %WINDIR%\Microsoft.NET\Framework64\v4.0.30319\
  2. aspnet_regiis.exe -r
  3. IISRESET
  4. Reboot your server…

Once the server is back online, let’s try that Prerequisites check again….

7

Great! Now all of Prerequisites have been met!

8

Provide a meaningful Management Group Name (there’s no going back after this…)

9

SQL Server will be where your SCOM SQL instance(s) were installed. For me, I have built two instances on my SQL2016 server (SCOM_OPSMGR & SCOM_DW).

10

11

12

13

14

15

16

17

I recommend always keeping this off, and manually updating your SCOM infrastructure.

18

One quick review. Looks good. Hit Install, and get some fresh air!

19

A few minutes later….

20

Sweet! All good. I hope this helps. If you have any questions or issues, please drop me a line.

Please note, it is STRONGLY ADVISED to install the Update Rollup 1 once you have deployed SCOM 2016. For that walk-through, please visit the following post, HERE.

Happy 2016 SCOM’ing!

(more…)

What’s new with Hyper-V 2016? (PowerShell Direct)

· Leave a comment ·

In Windows Server 2016, Hyper-V 2016, Microsoft has created PowerShell Direct. PowerShell Direct allows us Hyper-V administrators to communicate with a VM from the Hyper-V host regardless of the network configuration, firewall settings, security policies,  and/or remote management settings. Provided the VM meets the basic criteria (see below), we can communicate with the VM with simple PowerShell! (Sweet)

*Yes, you could always log in to the VM as well…….<lame>*

PowerShell Direct Requirements:

In order to make use of PowerShell Direct, the following conditions need to be met:

  1. Hypervisor must be either Windows 10, or Windows Server 2016
  2. Virtual Machine must be either Windows 10, or Windows Server 2016
  3. Must have valid user credentials for the VM
  4. The VM must reside on the same Hypervisor
  5. The admin logged into the Hypervisor must be a Hyper-V administrator

Example:

In my example, my Hypervisor is Windows 10, and my guest VM is also a Windows 10 machine. (Sorry too lazy to get my server up =) )

Here are some cmdlets you will need to know:

  • Get-VM will provide a list of all the VMs on your Hyper-V host
    • Get-VM
  • This will establish the connection between you (the host) and the guest VM:
    • Enter-PSSession -VMName <VMName>
  • If you want to run a block of code, rather than single line:
    • Invoke-Command -VMName <VMName> -ScriptBlock { commands }

PowerShell

I got that error as I shutdown the VM too quickly…

As you can see, there was no Network Adapter on my VM. Also in the screenshot above, no information was provided when I queried an IPCONFIG.

VM vNIC Settings

Also, I was able to shutdown the VM from my host. 🙂

shutdown VM shutdown VM(2)

 

I hope you’re excited as I am! Cheers!

For more information on Hyper-V 2016 and/or PowerShell Direct, see HERE.

What’s new with Hyper-V 2016? (Shielded VMs)

· Leave a comment ·

Not too long ago, I was fortunate enough to attend the MMS 2016 (Midwest Management Summit). During one of the presentations, I learned some pretty neat things about Windows Server 2016 especially around Hyper-V. One cool feature, “Shielded Virtual Machines“.

What shielded VMs ensures that Hyper-V administrators do not have the ability to alter and/or view the VM settings/data/contents, unless specified. This is great for environments, ie. Banks/Financial Institutions, Governments, Education, etc. environments to ensure their data is protected, even from the ones that administer their environments.

There are a few catches:

  • VM must be a Gen-2 (Generation 2)
  • VM must be Windows Server 2012 or higher, or
  • VM must be Windows 8 or higher

When creating the VM, the shielded VM has a virtual TPM (Trusted Platform Module) assigned and BitLocker encryption is applied to only allow designated owners to access the VM. The shielded VM will not run unless the Hyper-V host is on the Host Guardian Server. All of the VMs data and state information is encrypted, and cannot be accessed.

For more information on Shielded VMs, please visit Microsoft’s post HERE.