Tagged: Windows Server

Windows Server 2012 – Install and configure servers

Install Servers

Plan for server installation

Windows Server 2012 installation requirements can be found here; in summary Windows Server 2012 requires 64 bit architecture, digitally signed kernel-mode drivers, 32GB disk space (note: pagefile, hibernation file etc takes space too).

Considerations for the installation:

  • Remove any unnecessary serial devices i.e. UPS
  • Mass storage device drivers maybe required
  • Windows firewall is enabled by default

Plan for server roles

Design, deployment and management guidance for Windows Server 2012 roles can be found here.

Active Directory Certificate Services – new functionality incl. PowerShell and integration with Server Manager.

Active Directory Domain Services – support for virtualisation incl. cloning of domain controllers, streamlined deployment with prerequisite checks, simplified management incl. claims-based authorisation and under-the-hood improvements to RID, deferred index creation, AD recycle bin GUI etc.

Active Directory Federation Services – PowerShell and Server Manager integration.

Active Directory Lightweight Directory Services – No change from Server 2008.

Active Directory Rights Management Services – Changes to SQL server requirements (no longer need local administrative credentials on the SQL server; sysadmin privilege is now suffice) and integration with Server Manager.

Application Server – No change from Server 2008.

Failover Clustering – In Windows Server 2012 – improved scalability; now scales to 64 nodes and 8000 virtual machines, new management interface using Server Manager, enhancements to cluster shared volumes, support for scale-out file servers, cluster aware updating, virtual machine application monitoring and management, improved validation tests, active directory integration and quorum configuration.

In Windows Server 2012 R2 – support for guest clusters, virtual machine drain i.e. live migration virtual machines on shutdown of the Hyper-V host, virtual network health detection, improved CSV placement policies, resiliency, diagnostics and interoperability. Less dependency on ADDS, improvements to quorum incl. dynamic witness.

File and Storage Services – work folders, SMB improvements incl. SMB direct, storage spaces incl. tiered storage, distributed RAID?

In Windows Server 2012 R2 SMB sessions are now tracked per file share rather than per server allowing for redirection with the best access to the volume.

Group Policy – remote group policy update, sign-in optimisation i.e. slow link processing, new starter group policies, new PowerShell cmdlets, increased max size of registry.pol, group policy client idling (improves client computer performance).

In Windows Server 2012 R2 group policy has added support for IPv6 around printers, item-level targeting and VPN connections, group policies cached locally which are good for latent connections.

Hyper-V – loads of new features, client Hyper-V, dynamic memory, virtual machine replicas, improvements to import of virtual machines, live migration without shared storage, improved Hyper-V administrative delegation, pass-thru networking and storage adapters, virtual machine storage on file servers using SMB 3.0 and virtual NUMA.

In Windows Server 2012 R2 Hyper-V has shared virtual hard disks to complement guest failover clustering. Virtual hard disk resizing on the fly, storage QoS; set minimum and maximum IOPs per virtual machine. Live migration improvements such as compressing memory before migrating and rDMA support where applicable. New virtual hardware for Windows Server 2012 and Windows 8 and later. Clustering can detect network and storage issues and restart the virtual machine elsewhere.

Hyper-V replica now has 24 hour recovery points and now supports more than one replica.

Networking – New 802.1x protocol EAP-TTLS (Tunneled Transport Layer Security) which supports non-Microsoft RADIUS. improvements to BranchCache, Data Center Bridging support for converged network adapters, DNSSEC improvements, DHCP failover, NIC teaming, QoS and improvements to IPsec IKEv2,

Windows Server 2012 R2 support virtual receive-side scaling to utilise multiple virtual CPU cores.

Print and Document Services – Branch Office direct printing, new driver support etc.

Remote Desktop Services – improvements to sounds and video playback, virtualised GPU support (requires a SLAT processor and GPU driver which supports DX11).

Security and Protection – Dynamic access control provides central access policies to grant or deny access to files and folders across all Windows Server 2012 computers. DNSSEC, improved IPsec, security policies and policy management, Bitlocker improvements, Group Managed Service Accounts, AppLocker improvements etc.

Volume Activation – Is now a server role which automates the issuance and management of Microsoft software licenses. KMS, VAMT and MAK proxies are still available.

Web Server – Web server instances, SSL certificates stores, Server Name Indication (SSL host headers), application initialisation and dynamic IP restrictions.

Windows Deployment Services – can deploy vim, vhd and vhdx images; vhdx can be applied to volumes in a similar way to wim files. Support for ARM architecture too.

Windows Server Backup – ability to select individual virtual machines for backup and restore, support for large volumes e.g. greater than 2TB and 4 Kilobyte sectors.

Windows Server Essentials Experience – essentials experience can be installed in Windows Server 2012 Standard and Datacenter, it enables you to manage the server through a simplified dashboard, integrate with Office 365, Exchange Online, Windows Intune etc. Very much the same functionality as Small Business Server.

Windows Server Update Services – PowerShell improvements, improved security and client / server software separation.

Windows System Resource Manager – deprecated in favour of functionality provided by Hyper-V.

Plan for server upgrade

upgrade guidelines:

  • In-place upgrades from 32bit to 64 bit are not supported, nor are upgrades from one language to another and from one build type to another.
  • You cannot upgrade from a release candidate.
  • You cannot upgrade from core to full GUI and vice versa but you can configure Windows Server 2012 to utilise the full GUI or core mode after the upgrade.
  • You cannot upgrade to a lesser version i.e. Server 200x Datacenter to Server 2012 Standard.

Server Core Overview

Server core is now not an irreversible choice you can freely switch between a Gui, Minshell and core mode using PowerShell and DISM.

Install Server Core

Server core is the default choice when you install Windows Server 2012. The installation process is pretty streamlined with minimal questions asked.

Configure Features On Demand

Features on demand allows you to remove binaries from the installation which are not required e.g. if you have a web server which is a member of a domain you can safely remove the Active Directory binaries.

The best practice is to copy the WinSxs folder to a network share and assign the builtin group domain computers read share permissions.

WinSxsShare

If you need to install a role or feature where the binaries are no longer available on the local computer you can use the source share or Windows Update e.g. where Get-WindowsFeature returns an install state of Removed basically means the binaries no longer exist on the computer. The default locations used by Install-WindowsFeature are the location specified within the Gui wizard, the value of the group policy object ‘Specify settings for optional component installation and component repair’ and Windows Update. To override the above specify the source parameter.

InstallWindowsFeatureminus1

InstallWindowsFeature1

InstallWindowsFeature2

InstallWindowsFeature3

Migrate Roles from Previous Versions of Windows Server

Server role upgrade guidelines:

  • Active Directory upgrade: see here. In summary forest functional level must be Windows Server 2003, compatible clients are Windows XP and later, verify application compatibility, a number of master roles should be accessible during the promotion of a Windows Server 2012 domain controller.
  • Active Directory Federation Services: in general guidelines suggest export AD FS configuration, perform in-place upgrade of the operating system, recreate AD FS configuration and restore AD FS service settings.
  • Active Directory Rights Management Services: In-place upgrades supported but will require the AD RMS upgrade wizard to be run to ensure consistency. NOTE: If AD RMS was installed with the Windows Internal Database (WID) then first of all the WID instance should be migrated to SQL Server. See here.
  • File and Storage services: if DFS was installed prior to the upgrade then DFS will need reinstalling.
  • Hyper-V: shutdown virtual machines and remove any existing snapshots prior to the upgrade.
  • Printer server: migrate using the Printer Migration Wizard.
  • Remote Access: the functionality provided by RRAS is now integrated into Remote Access Server (Direct Access). This role can be migrated to Windows Server 2012 by following this guide.
  • Remote Desktop Services: No migration path but you could utilise existing Server 2008 R2 session host servers by routing users through the Windows Server 2012 RD Web Access server.
  • Volume Activation Services: AD schema must be at Windows Server 2012 level to store activation objects.
  • Web Server: no change in functionality, web applications which work in IIS 7 will work in IIS 8.

Install, Use and Remove Windows Server Migration Tools

The Windows Server Migration Tools are installed on the destination server using Install-WindowsFeature Migration. To configure them browse to the migration tools directory c:\windows\system32\ServerMigrationTools\ then run smigdeploy.exe with the following parameters ‘smigdeploy.exe /package /architecture [amd64|x86] /os [WS03|WS08|WS08R2] /path [deployment folder e.g. c:\smigdeploy]’

Next copy the deployment folder to the source computer and run smigdeploy.exe to get access to the migration cmdlets Import- and Export-SmigServerSetting, Get-SmigServerFeature and Send and Receive-SmigServerData.

Once this part is complete go <a href=”http://technet.microsoft.com/en-us/windowsserver/jj554790.aspx”>here</a&gt; to view the role migration guides.

Once the migration is complete you can remove the migration tools from Windows Server 2012 using Uninstall-WindowsFeature Migration and from Windows Server 2008 R2 and earlier using smigdeploy.exe /unregister.

Configure Servers

Configure Server Core

Common core configuration tasks are:

  • Setting an administrative password: you’re prompted to set a password after the installation is finished. To change a password use Ctrl + Alt + Del.
  • Setting an IP address: you can use sconfig.cmd or PowerShell.
    • PowerShell: Get-NetIPInterface and note the number within the IfIndex column.
    • GetNetIPInterface
    • PowerShell: New-NetIPAddress -InterfaceIndex # -IPaddress xxx.xxx.xxx.xxx -PrefixLength ## -DefaultGateway xxx.xxx.xxx.xxx
    • NewNetIPAddress
    • PowerShell: Set-DNSClientServerAddress -InterfaceIndex # -ServerAddresses xxx.xxx.xxx.xxx,xxx.xxx.xxx.xxx.
    • SetDNSClientServerAddress
  • Adding the computer to the domain: run add-computer and follow the prompts or provide the information to the cmdlet.
    • AddComputer
  • To rename a computer use the rename-computer cmdlet, to get the existing computer name use hostname.
  • To activate the computer use slmgr.vbs -ato; you may need to provide a product key using -ipk.
  • To configure the Windows Firewall use Set-NetFirewallProfile, New-NetFirewallRule, Set-NewFirewallRule…more here.
  • To enable PowerShell remoting use Enable-PSRemoting

Add and Remove Server Roles and Features

Use Install-WindowsFeature and Uninstall-WindowsFeature. These commands have optional parameters such as:

  • IncludeAllSubFeature (all applicable sub features) – Install cmdlet only
  • IncludeManagementTools
  • ComputerName (if the computer is remote)
  • ConfigurationFilePath (used to specify roles and features to be installed and any configuration parameters required) – Install cmdlet only
  • LogPath (if you want the cmdlet results)
  • Remove (removes the binaries from the computer) – Uninstall cmdlet only

Convert Server Core to / from Full “Server with Gui”

The installation of server core can be converted to minshell or full GUI by running dism /mount-wim /wimfile:d:\sources\install.wim /index:4 /mountdir:c:\DVD /ReadOnly

MountDVD

MountDVD1

Note: my DVD drive letter is D:\ and I created a directory on C:\ called DVD. The index number of the installation can be found by using the PowerShell cmdlet Get-WindowsImage -ImagePath d:\sources\install.wim

GetWindowsImage

To install the full Gui run Install-WindowsFeature Server-Gui-Mgmt-Infra, Server-Gui-Shell -Restart -Source c:\DVD\Windows\WinSxs

If you just want the minshell leave out Server-Gui-Shell.

InstallGui

The -Source parameter is needed if you have installed the core mode.

InstallGui1

InstallGui2

on restart you’ll see ‘Configuring Windows Features’

InstallGui3

The full GUI can be converted to core or minshell using the PowerShell cmdlet Uninstall-WindowsFeature e.g

To get to the minshell:

Uninstall-WindowsFeature Server-Gui-Shell -Restart

MinShell

To get to the core mode:

Uninstall-WindowsFeature Server-Gui-Mgmt-Infra -Restart

Core

Configure Services

The Get-Service cmdlet can be used to get the status of all services; you could pipe this output to Start-Service or Stop-Service depending on the value of the status property.

The Get-Process cmdlet can be used to return all running processes.

Advertisements