December 23, 2009, 4:49 pm
Server Core seems to be the perfect candidate for installing KMS. Key Management Service mediates your Volume Licensing with Microsoft Activation Services and acts as the man-in-the-middle for the activation for all your KMS clients that comprise of Vista, Windows 7, Windows Server 2008 and R2. With Windows 7 and Windows Server 2008 R2, what you have in KMS is Volume Activation 2.0. In contrast with KMS, what you have is MAK that stands for multiple activation key. MAK is targeted for clients that stay off the network whereas KMS is designed for your internal clients. Following I have a simple overview design of how it works.
My Windows Server 2008 R2 Server Core has a very small footprint, it is a single processor/20gb hd/512mb ram machine. The first thing you need is the KMS Host key from your Microsoft Volume Licensing site or from your TAM.
The command to register the machine as the KMS host is slmgr /ipk <your key>
Once it is registered, you need to activate the host itself. Run slmgr -ato
You can check the status and brief description of the KMS host by running slmgr –dli
The verbose information is provided via slmgr –dlv
Once KMS is setup, it will register its SRV record in DNS. You can verify from your workstation if it has done so via,
nslookup -type=srv _vlmcs._tcp
From then on clients will automatically be reverted to your KMS host for activation but as hinted in the drawing above, starting with Windows 7 and 08 R2, the minimum threshold (activation attempts/requests) that are needed to fully activate the KMS host is 25 Vista/Windows 7 clients or 5 Server 2008 (R2). This number can comprise of virtual and physical loads, previously this was limited to physical systems only. The slmgr -dlv will show you the total requests received.
Note that the KMS is desgined to let you better manage your internal activation for compliance reason. Micrsoft does not go receive any internal information from between the KMS host and KMS client. KMS has you abide your EA Volume Licenseing, check the VL Product Groups shown in the diagram that are pertinent for your environment. I find the group B to be most commonly required.
Important note : Installing/configuring the KMS does not open up the pertinent firewall port (default port 1688). From running “slmgr -dli” you will notice that it says that the KMS is listening on port 1688 but the rule is not enabled so you may do so like this.
netsh advfirewall>FIREWALL add rule name=”KMS” dir=in action=allow protocol=tcp
localport=1688
Ok.
For more information see this link.
April 19, 2009, 3:36 pm
Ever since Microsoft joined VMware in handing out their introductory type-1 hypervisor solutions (without management software) out for FREE, there is a fair share of confusion in IT community regarding the standalone Hyper-V. Hyper-V is a standalone product that will run on a bare-metal box and will need to be managed via Windows Server 2008 Hyper-V Management (feature). Hyper-V is built on Windows Server 2008 Server Core and Windows Admins will find it easy to adjust to managing it. Especially those who have had experience with Server Core.
I wrote a few posts earlier on managing Server Core, regarding the initial configuration, opening the needed ports thru firewall, network configuration etc. You will find that there is another layer of managment window on top of that CLI window you are used to seeing in Server Core. That window is there for you to manage the Hyper-V.
As you log in to Hyper-V both windows the CLI and Hyper-V Configuration pop up, with first one in the background. On Hyper-V configuration window, there is 16 options (sub-menu) that are pretty self explanatory and allow you to setup initial configurations such as adding the server to domain, configuring NIC, enabling RDP, and remote management (WinRM) and so forth.
Remember that with the substantial feedback from IT pros, this new version of Server Core (that Hyper-V is built upon) now has the limited .NET layer added which will make the server management easier but as expected it adds to its size to its previous versions. This is of course only part of recently released Hyper-V R2.
Here are some screenshots of Hyper-V R2.
June 8, 2008, 7:40 pm
Sounds like a no-brainer, but there is catch. I installed DHCP role on my Server Core that I had previously set up as Read-only Domain Controller, using this command.
start /w ocsetup DHCPServerCore
And then I went ahead and set the service configuration to “auto” with this command,
sc config dhcpserver start= auto (note the space between the equal sign and auto)
And then finally when I tried to start the DHCP service with the following command, it failed with these errors.
net start dhcpserver
A system error has occured
System error 50 has occured
The request is not supported
So the catch was, that since RODC can’t write back to the AD to create the needed DHCP security groups i.e DHCP Administrators and DHCP Users, the service would fail.
After creating those domain local security groups on another Windows Server 2008 RWDC, the service does run successfully and you can manage the DHCP Server (that is running on Server Core) from another server using RSAT.
June 6, 2008, 1:19 pm
Yes there is. Inevitable as it was, we the System Admins like to accomplish easy tasks from the tip of our fingers, and do things in a graphical click-ing environment. You might have heard of this utility, which came out few months back called ‘Server Core Configurator’ by Guy Teverovsky. I had been reading about the bugs and fixes at Guy’s site and hadn’t given a try. I have now downloaded a copy thats has been fixed up and fine tuned per the request of other readers and users who tried out this utility. I installed it on my Server Core copy and I haven’t been disappointed, it lets you do a lot of common tasks such as adding the machine to the domain, running DCPROMO on it, changing NIC settings, changing display and time zone etc. which would otherwise require you know the command line or registry edit.
While this utility will come in very handy (until Microsoft perhaps comes out of their own), remember its Microsoft’s attempt to offer a small footprint OS of Core features with the likes of Linux based DHCP, and DNS system such Infoblox, and they have tried to persuade the System Admins to learn the powerful capabilities of Cscripts, WMI and Netsh. This does take us the other way a little bit. But I sure am happy to see an option that allows to me do all those initial configuration tasks GUI-ily.
You be the judge and give it a try, download it from here,
http://blogs.microsoft.co.il/files/folders/guyt/entry68860.aspx
P.S You can only launch the application from the folder where it was installed, i.e change the directory to the C:\Program Files\Server Core Configurator where it installs by default.
May 2, 2008, 1:23 pm
Its pretty simple to turn the automatic updates in Server Core by using scregedit to modify the registry, simply type in this command :
cscript c:\Windows\system32\scregedit.wsf /au 4
After that, you do have to stop and start the Windows Update service
net stop wuauserv
net start wuauserv
The swtich /au 4 sets the time for checking the updates at 3am. It also sets the server to reboot if the updates require it to. You can disable automatic updates by using /au 1 switch or /v to view the current settings. To force an immediate check for updates, run the following command:
wuauclt /detectnow
May 2, 2008, 1:01 pm
You can use Windows Remote Shell (WinRS) in Vista and Windows Server 2008 to remotely manage and administer Server Core. The WinRS client passes the commands to a WinRS listener on Server Core, which passes the commands to a prompt, captures the output and returns it to the WinRS client. To do this, you have to enable Windows Remote Managment (WinRM) on Server Core, you will run the following command :
winrm quickconfig
You can then run for example this command to see the license status on the Server Core remotely from Vista or the full installation on Windows Server 2008
winrs -r:NameofServerCore "cscript c:\Windows\System32\slmgr.vbs -dli"
Note that you can also use tools such as Windows Management Instrumentation command line (WMIC) and PowerShell thru WMI calls to manager Server Core. At this time Server Core does not support PowerShell directly since it relies on .NET Framework which is not there in Windows Server without Windows
May 2, 2008, 9:47 am
So In Windows Server 2008, there are roles such as AD Domain Services, DHCP, DNS, the roles services pertaining to roles such as AD Certificate Services, DFS, and finally there are optional features such as .NET Framework Services, Network Load Balancine (NLB), etc. With the exception of the Active Directory Domain Services role, you install server roles and features by using the ocsetup command. The syntax for ocsetup is the same for roles and features. The command is case sensitive, and you need to know the correct capitalization for a server role or feature, you can get that by running oclist command.
For instance, the following command installs Windows Server Backup, which is a feature
start /w ocsetup WindowsServerBackup
Using the /w switch indicates when ocsetup has finished installing the new role of feature. It also stops user from initiating another command while it’s running.
You can also find out what is already installed by running following oclist syntax
oclist | find "installed"
April 19, 2008, 8:43 pm
The Windows Server 2008 Server Core installation does support Read Only Domain Controllers (RODC). This support makes Server Core ideal for brance office scenarios. To make a Server Core part of your domain as RODC, you use the unattended answer file with the following text with your settings and passwords
[DCInstall]
InstallDNS=Yes
ConfirmGC=Yes
RebootOnCompletion=Yes
ReplicaDomainDNSName=2008.lab
ReplicaOrNewDomain=readonlyreplica
ReplicationSourceDC=dc3.2008.lab
SafeModeAdminPassword=
SiteName=Default-First-Site-name
UserDomain=2008.lab
UserName=admin08
Password=
CreateDNSDelegation=No
You can place the text file on the root of your C drive on the server core and run the following command
dcpromo /unattend:unattend.txt where unattend.txt is the text file you created above
Later on we will discuss other embedded command line structures and built-in programs such as OCSETUP which will allow you to add roles and features to your server core. Keep in mind that making the domain controller is the only setup you must not use OCSETUP for, and you must utilize DCPROMO for it, otherwise your server may not function properly.
After running the above process, you will notice that from a Windows Server 2008 full installation, using ADUC we can readily confirm that our DC is RODC.
April 14, 2008, 8:34 pm
In order to add your Server Core to a domain you must assign an IP and DNS server to the current IP Configuration and you do that using NETSH tool, otherwise using the answer file your setup will fail complaining about its inability to contact the source DC.
Netsh.exe is a tool an administrator can use to configure and monitor Windows-based computers at a command prompt. With the Netsh.exe tool, you can direct the context commands you enter to the appropriate helper, and the helper then carries out the command. A helper is a Dynamic Link Library (.dll) file that extends the functionality of the Netsh.exe tool by providing configuration, monitoring, and support for one or more services, utilities, or protocols. The helper may also be used to extend other helpers.
You will first check the index assigned to your NIC by running this at command line,
netsh interface ipv4 show interfaces
You can then using this syntax to assign your server an IP address. Note that my NIC index ID is 2.
netsh interface ipv4 set address name="2" source=static address=192.168.100.202 mask=255.255.255.0 gateway=192.168.100.1
And then you can use the following NETSH command to add your primary DNS server, in my case also the source DC.
netsh interface ipv4 add dnsserver name="2" address=192.168.100.201 index=1
Run Ipconfig /all to verify your configuration.
In a future post, I will show you how to setup Server Core to be a Read-Only Domain Controller in a Windows Server 2008 domain.
More on NETSH can be found on http://support.microsoft.com/kb/242468
April 13, 2008, 9:58 pm
So in Server Core the built-in Windows firewall comes on by default. You can choose to disable it completely to get all the networking components working by using this NETSH command,
netsh firewall set opmode disable
You can use the enable switch to turn it back on. However, completely disabling it may be a bad idea, and you should choose the following commands to specifically open up gates for certian ports and applications. For example to open up port 3389 for RDP use,
netsh firewall set portopening TCP 3389 "AnyNameHereSuchasRDP"
or
netsh firewall set allowedprogram FullPathToExecutable name=AnyNameHere
Note that above commands should be entered in one line, and are overlapped due to the page format in this post.
For more information on advanced firewall functionalty, please go here.
April 13, 2008, 8:34 pm
Even though the Server Core option of Windows Server 2008 does not have shell, you can still RDP (Terminal Services) into it by using RDC from a Windows Client. To do that, you have to first enable the RDP on Server Core by using the following cscript command.
Cscript \windows\system32\scregedit.wsf /ar 0
In order to use TS from a pre-vista OS you have to turn off the on by default high security by using the following command
Cscript \windows\system32\scregedit.wsf /cs 0
While terminal serviced into the Server Core, you can logoff.exe command line to terminate your session.
April 13, 2008, 3:11 pm
Once again, with no GUI your Windows Server 2008 Server Core can easily be renamed using Windows Management Instrumentation Command-line (WMIC), and here is how,
wmic computersystem where name="%computername%" rename name="new-name"
As result, you will get ‘Method execution successful’ message. However if your machine is domain-joined, you can use NETDOM to accomplish the same task. Here is the query.
Netdom renamecomputer %computername% /NewName:new-name /UserD:domain-username /PasswordD:*
April 13, 2008, 2:19 pm
As we know there is no GUI in Windows Server 2008 Server Core option, here is how you can activate your copy. Following was done on an eval. copy, and here is the cscript command to run.
Cscript C:\Windows\System32\slmgr.vbs -ato
You can run -xpr switch to tell how much time you have left, mine shows permanently activated. So these are out-of-box scripts that aid in Licensing Management.
Read my previous post on how to install VM additions in your lab environment (based on VS 2005 R2) to tinker with the Server Core.
April 12, 2008, 8:13 pm
In a full version of Windows Server 2008 there is Initial Configuration Tasks that allows you to configure various things after a fresh install. However since Server Core is GUI-less or more like Shell-less and not entirely GUI-less, the various initial configuration tasks are to be done from the command-line or thru the few built-in cpls.
In next few posts, I will be showing you the basic configuration of out-of-box Server Core. Lets start with changing the Administrator’s password which does not happen during the installation. You may use the good-old net command to do that,
net user administrator *
or change it by pressing CTRL+ALT+DEL and click Change Password.
You may also need to set the date, time and time zone, and there is a left-behind GUI cpl available for it.
control timedate.cpl
Above cpl will launch the normal Date and Time control panel for you to change the settings. The only other cpl included in Server Core is intl.cpl which allows you to change the keyboard layouts
March 18, 2008, 8:00 pm
Installing VMAdditions on Windows Server 2008 Core can be tricky. In my virtual lab I have Virtual Server 2005 R2 SP1, I recently decided to test drive the much hyped Server Core from the Windows Server 2008 lineup. For those of you who don’t know what Server Core is and what it will cater to;
Server Core is a minimal server installation option for computers running on the Windows Server 2008 operating system. Server Core provides a low-maintenance server environment with limited functionality. Server Core is an installation option that is capable of five well-known server roles: File Server, DHCP Server, DNS Server, Media Services, and Active Directory. Server Core is not a development platform for new server applications. Although Server Core is not an application platform, it does support the development of management tools, utilities, and agents.
Server Core management tools, utilities, and agents fall into two categories: those that manage a server remotely, and those that run locally to manage the server or return data to a centralized management tool. Remote management tools should not require any changes to support Server Core, as long as the tool uses one of the remote protocols supported in Server Core, such as RPC. Local management agents and utilities may require changes to run properly on Server Core. There is no Windows shell and very limited GUI functionality (the Server Core interface is a command prompt).
The installation of Server Core was pretty straightforward, and GUI based but when it finished I was left with command prompt where the rest of the configuration and setup would be run from. Like in any other Micrsoft VMs, VMAdditions are must as you don’t have a smooth control of your keyboard and mouse, and video is pretty bad.
I started out by mounting the VMadditions ISO from the web interface of VS2005. (Note that this ISO has been updated with the SP1 of VS2005 R2 and provides better results now). But since the Core does not auto-launch the CDs nor does it understand what ISO images are, it failed to kick-off the installation.
The trick was to change the directory to D:\ and by going to Windows\Setup folder and running the Setup.exe file manually, that immediately started the installation and successfully installed the latest Virtual Machine Additions version 13.813 .
Server Core does provide us the ability to run a DC like infrastructure server on a low end machine with the littler foot print on other network resources.
Time to learn the CScripts, WMIC, Netsh etc. to better manage it however !
