Windows Server 2012 – Configure server for remote management

WinRM

Windows remote management is enabled by default in Windows Server 2012, if it is disabled for some reason it can be re-enable from the command line using Configure-SMRemoting.exe [-Enable | -Disable]. 

RemoteServerManagement2012

WinRM runs as a service within the Windows operating system and listens on TCP 5985 or 5986; the latter is used for SSL.

Use WinRM get winrm/config to get the current configuration.

To use WinRM to run commands on another server run winrs /r:[server name] [command].

WinRS

You can also right click the server in Server Manager and select the tool you which to run remotely.

WinRM_ManageAs_RemotePoSH

If you are running in a workgroup environment then first of all add the computer you want to manage to the trustedhosts of your client.

WinRM_ManageAs_Workgroup

Configure UAC override on the server you want to manage.

WinRM_ManageAs_Workgroup2

Then add the server to Server Manager and right click Manage As…

WinRM_ManageAs

Enter the builtin administrator username and password of the server you want to manage.

As previously discussed Server Manager can be used to group servers by role or a custom grouping, from the group you can view the events, services, roles and features, BPA info and performance information. See here.

MMC tools and DCOM

To remotely manage systems using MMC tools you must enable the following firewall rules using wf.msc or Enable-NetFirewallRule:

COM+ Network Access (DCOM-In)

The remote event log management group rules.

FirewallRulesRemoteServerManagement2

The Windows firewall remote management group rules.

FirewallRulesRemoteServerManagement3

The remote service management group rules.

FirewallRulesRemoteServerManagement1

this is because the MMC tools still use WMI over COM for network communication. Whereas Server Manager will use WMI over WinRM.

Configure down-level server management

Windows Server 2012 R2 can manage down-level operating systems when they have the Windows Management Framework 4.0 and Microsoft .NET framework 4.5 installed.

Windows Server 2012 can manage down-level operating systems when they have the Windows Management Framework 3.0 and Microsoft .NET framework 4.0.

In order for performance data to be collected from Server 2008 SP2 or R2 the hotfix detailed in KB2682011 must be installed.

Once the above has been completed enable remote management.

Server 2008 R2

RemoteServerManagement2008R2

NOTE: Server Manager is backward compatible i.e. Windows Server 2012 can manage down-level clients and other Windows Server 2012 servers but cannot manage Windows Server 2012 R2 servers.

Remember to access MMC tools you will need to open firewall ports too.

You will more than likely see errors related to WinRM not being able to register the SPN for the WinRM service, this is because the network service users does not have validated write to service principal name permission within Active Directory. To fix this use AdsiEdit.

WSMANADWrites

Configure Server Core

Server Core is configured using the sconfig.cmd server configuration tool. If you need to enable remote management of MMC tools you will need to configure the Windows firewall using Enable-NetFirewallRule.

Group Policy configuration of WinRM and Windows Firewall

Group policies can be configured to enable WinRM on all IP addresses or a range of IP addresses. The Windows firewall can be configured via Group policy to open the DCOM ports for MMC tool management.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s