Thursday, July 12, 2018

Installation Windows Admin Center (WAC) on Server Core

Windows Admin Center (WAC) is supported to install into Windows Server 2016 Server Core environment. To install into server core environment, we do the following steps.

1. Log in as administrator.
2. Perform PowerShell into the Command Prompt.
3. Perform Start-BitsTransfer -Source http://aka.ms/WACDownload -Destination C:\WAC.msi to download Windows Admin Center (WAC) to C Drive.


4. Perform exit to back to Command Prompt.
5. Perform msiexec /i C:\WAC.msi /qn /L*v log.txt SME_PORT=443 SSL_CERTIFICATE-OPTION=generate to install Windows Admin Center (WAC) with assigning port 443 for HTTPS connection of the server and generate self-sign certificate for WAC.


6. Perform notepad log.txt to check the log file to make sure installation completed successfully.


This posting is provided “AS IS” with no warranties, and confers no rights!

Wednesday, July 11, 2018

Install Windows Admin Center (WAC) on Windows Server 2016 GUI

Windows Admin Center (WAC) is a new product released by Microsoft for servers and client management. WAC is a browser-based app. It supports to manage Windows Server 2012 or later and Windows 10 PC in the current GA version.

Prerequisites
1. WMF 5.1 
To manage Windows Server 2016 prior, the server OS is required to install WMF Version 5.1 or higher. For installing WMF 5.1, please visit the following web site. 


2. Enable PowerShell remote on managed servers 
WAC uses PowerShell connection to manage remote servers. Make sure PowerShell Remote connection is enabled. If not, perform Enable-PSremoting –Force on servers

3. Certificate
The connection of Windows Admin Center (WAC) is HTTPS. Administrators are required to prepare a valid web server certificate for WAC 

Install Windows Admin Center
Installing WAC is really simple. Administrators download the MSI file from "Hello, Windows Admin Center!" Web site.

1. Log in as administrator. 
2. Double-click the installation MSI file. 
3. On License Agreement window, check I accept the terms in the License Agreement, and then click Next.


4. On Microsoft Update setting window, select Use Microsoft Update when I check for updates (recommended), and then click Next. 


5. On Trusted hosts settings window, leave default option, and then click Next. 


6. On web access settings window, use 443 port for access and select Generate a self-signed SSL certificate. This certificate will expire in 60 days option for my lab environment. 


Remark: In production environment, Use an SSL certificate installed on this computer should be selected. The certificate thumbprint is required to enter for installation.

7. Click Install to install Windows Admin Center (WAC). 
8. When installation completed, click Finish. 


This posting is provided “AS IS” with no warranties, and confers no rights!

Friday, May 18, 2018

New-NetNat Invalid property "InternalIPInterfqaceAddressPrefix"

In Windows Server 2016 and Windows 10, it is easy for us to create NAT network for virtual machines without additional virtual machine to be a router. However, when you create a NAT network in Hyper-V environment. You may have the below problem.



To solve this problem, we can do the following steps.
1. Launch PowerShell as administrator.
2. Perform Suspend-Service winmgmt to pause the Windows Management Instrumentation service.



3. Perform Rename-Item -Path C:\Windows\System32\wbem\repository\ -NewName repository_OLD to rename repository folder.



4. Perform Resume-Service winmgmt to resume the Windows Management Instrumentation service.



Now, you can perform New-NAT to create the NAT network for virtual machine.

Remark: After resume winmgmt service, you may also need to restart Hyper-V Virtual Machine Managment service.

For creating NAT network on Hyper-V, please check the following link for your reference.
Set up a NAT network


This posting is provided “AS IS” with no warranties, and confers no rights!

Tuesday, April 11, 2017

Certlm.msc on Windows Server 2012 / Windows 8 or later

Started from Windows Server 2012 / Windows 8 or later, there is a new msc, Certlm.msc, were added to the Windows. Certlm.msc can directly open a computer certificate store. As previous, we needed to use Microsoft Management Console to add the computer certificate store to the console. So, It's easy for administrator to check the computer certificate via GUI.


This posting is provided “AS IS” with no warranties, and confers no rights!

Failed to Run Task Sequence for Windows Deployment

When I use PXE to deploy Windows 10, I got the following error message.

Symptom
The task sequence cannot be run because the program for CHQ00001 cannot be located on a distribution point. For more information, contact your system administrator or helpdesk operator.

Click Finish to restart the computer.


Cause
There is no site system servers under Boundary Group.

Resolution
1. Navigate to the Administration > Boundary Groups.


2. Make sure the site system servers were added into the boundary group.


This posting is provided “AS IS” with no warranties, and confers no rights!

Saturday, December 17, 2016

Fail to register another vault for a Hyper-V server

Scenario
The previous Site Recovery vault was deleted form the Azure and the Hyper-V was uninstalled the Azure Site Recovery Provider. When you register a Hyper-V server with an Azure Site Recovery vault, you get the following error message.

The server is already registered in vault. Either select the registration key associated with this vault, or unregister the server from and then register it with a different vault. Learn more on how to unregister the server from the previous vault: http://aka.ms/unregisterservers.


Cause
The previous Azure Site Recovery Vault is still remained in the registry of the Hyper-V Server

Solution
1. Cancel the installation.
2. Launch Registry Editor and navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Azure Site Recovery.
3. Delete the Azure Site Recovery key.


4. Uninstall and reinstall the provider and agent setup.


Reference:

This posting is provided “AS IS” with no warranties, and confers no rights!

Thursday, November 10, 2016

Fixing NIC teaming which was created by onboard NICs after replace a motherboard

Symptom
After replacing a motherboard with same model,  when you check the current NIC teaming configuration on Server Manager. The NIC teaming is "Fault" status.



When you click properties, you got the "stopping working" windows.


Cause
The virtual NICs of blade server were changed. The NIC teaming doesn't know you changed the hardware.

Before

After




Resolution
1. Launch PowerShell to remove the current NIC teaming.


2. Update the VMSwitch to point to this new NIC teaming by performing Set-VMSwitch.

This posting is provided “AS IS” with no warranties, and confers no rights!

Change the PowerShell prompt

The PowerShell prompt can be modified by function prompt.


For example, perform Function prompt {'PS terrytlslau.tls1.cc'} to change the PowerShell as the following.


To restore to original, we can perform Function prompt {'PS ' + $pwd + '>'}



This posting is provided “AS IS” with no warranties, and confers no rights!

SYSTEM account and Invoke-Command in a schedule task

Can we perform Invoke-Command in a PowerShell script performed by SYSTEM account of the "Task Scheduler"?

Yes, please add your computer accounts as local administrator group of the destination computer.

Source computer: OPSDC02
Target computer: OPSWS01

1. Add the OPSDC02 computer account into the local administrator group of OPSWS01 as the following.


2. Now, the SYSTEM account can run the PowerShell script that with Invoke-Command -ComputerName on the destination computer, OPSWS01. 



This posting is provided “AS IS” with no warranties, and confers no rights!

Monday, October 31, 2016

Check and update tcp dynamic port range

To check the TCP dynamic port range of Windows, we can perform netsh int ipv4 show dynamicportrange tcp to show how many ports for dynamic ports.


Why do we need to care about the TCP dynamic port range?
If the dynamic network ports are exhausted, it will not be able to establish any outbound network connection.

How do we check the dynamic port exhaustion?
We can perform netstat -ano -p tcp to check the port exhaustion by which process.


To check the port range, we can perform netsh int ipv4 set dynamicport tcp start=10000 num=55535 to update the dynamic port range. The Windows take the updated dynamic port range immediately and It is required to reboot.


To change to default, we can perform netsh int ipv4 set dynamicport tcp start=49152 num=16384 to update it.


Ref:


This posting is provided “AS IS” with no warranties, and confers no rights!