Tag Archives: server manager

Windows Admin Center – Rich Server Management Experience!

In last ignite (2017) Microsoft Released technical preview of “Project Honolulu” which aimed to provide light weight but powerful server management experience for windows users. I already covered it with detail blog post http://www.rebeladmin.com/2017/10/project-honolulu-better-windows-server-management-experience/ . Now the waiting is over and it is generally available as Windows Admin Center

As Windows Users we use many different MMC to manage roles/features.  We also use those to troubleshoot issues. If it is remote computers most of the time we keep RDP or use other methods to dial in. With Windows Admin Center now we can access all these consoles in one web based interface in secure, easy, well integrated way. It can connect other remote computers as well. 

Windows Admin Center features can list down as following,

Easy to Deploy –  It is easy to deploy. Can install in windows 10 or Windows 2016 server and start to manage device with in few minutes. 

Manage from Internal networks or external networks – This solution is web based. It can be access from internal network and same can publish to external networks with minimum configuration changes. 

Better Access Control – Windows Admin Center supports role based access control and gateway authentication option included local groups, Windows Active Directory and Azure Active Directory. 

Support for hyper-converged clusters – Windows Admin Center well capable of managing hyper-converged clusters including, 

Single console to manage compute, storage and networking

Create and Manage storage space direct features

Monitoring and Alerting 

Extensibility – Microsoft will offer SDK which will allow 3rd party vendors to develop solutions and allow to integrate with windows admin center to manage their solutions. 

How it Works?
 
Windows Admin Center have two components.
 
Web Server – It is the UI for Windows Admin Center and users can access it via HTTPS requests. It also can publish to remote networks to allow users to connect via web browser.
Gateway – Gateway is to manage connected servers via Remote PowerShell and WMI over WinRM. 
 
wac1
 
Image Source – https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/media/architecture.png 
 
Which Systems Will Support?
 
WAC will come default with upcoming windows server 2019. At the moment it can install on windows 10 in desktop mode which connect to the WAC gateway from the same computer where it is installed. It can also install on windows server 2016 in gateway mode which allows to Connect to WAC gateway from a client browser on a remote machine. 
WAC can manage any systems from windows server 2012. 
 
What about System Center and OMS? 
 
This is not replacement for high end infrastructure management solution such as SCCM and OMS. WAC will add additional management experience, if you already have those solution in place. 
 
Azure Integration? 
 
Yes, WAC supports Azure Integration. Azure AD can use for WAC gateway authentication. By providing gateway access to Azure VNet, WAC can manage Azure VM. WAC can also manage Azure Site Recovery activities. 
 
Let’s see how we can get it running,
In my demo I am going to install WAC in windows server 2016. 
 
To install WAC,
 
1) Log in to the server as Administrator
2) Download WAC installation from http://aka.ms/WindowsAdminCenter
3) Double click on the .msi file to begin the installation.
4) In initial window accept the license terms and click Next
 
wac2
 
5) Then it asks how you like to update it, select the default and click Next to proceed. 
 
wac3
 
6) In next window select option to allow installed to modify trusted host settings. In same window we also can select to create desktop shortcut if needed. 
 
wac4
 
7) In next window we can define the port and certificate for the management site. The default port is 443. In demo I am going to use self-sign cert. 
 
wac5
 
8) Once installation completes, we can launch WAC using desktop icon or https://serverip (replace server ip with the IP address of the server or hostname)
 
Note – WAC not supported on IE. So, you need to use Edge or another browser to access it. 
 
wac6
 
9) By default, it shows the server it is installed under “Server Manager”. In order to add another server, click on Windows Admin Center drop down, and select Server Manager
 
wac7
 
10) Then click on Add
 
wac8
 
11) Then type the FQDN for the server that you like to add. It should be able to resolve from the server. then click on Submit
 
wac9
 
12) We also can add Windows 10 computers to WAC. To do that click on Windows Admin Center drop down and select Computer Management
 
 
wac10
 
 
13) Then click on Add
 
wac11
 
14) Then type the FQDN for the PC that you like to add. It should be able to resolve from the server. then click on Submit
 
wac12
 
Note – Windows 10 do not have Powershell or WinRM remoting by default. To enable it you must run Enable-PSRemoting from PowerShell windows running as admin.
 
wac13
 
wac14
 
15) Once servers/pc are added you can connect to it by just clicking on the server/pc from the list. 
 
wac15
 
16) For remote devices, it will ask as who you like to login. Provide the relevant admin login details and click on Continue
 
wac16
 
17) Then it loads the related info for the server/pc
 
wac17
 
Now we have basic setup of WAC. In next posts we are going to look in to different features of WAC. This marks the end of the blog post and hope it was useful. If you have any questions feel free to contact me on rebeladm@live.com also follow me on twitter @rebeladm to get updates about new blog posts.

Project “Honolulu” for better windows server management experience

If you worked with windows server 2003 or earlier before, I am sure you know how painful it was to install roles and manage those. We had to go through “Add or Remove Windows Components” and many “MMC”. Also, it was recommended to run “Security Configuration Wizard” before install roles as security settings not come default with role installation. To address these difficulties Microsoft introduced “Server Manager” with windows server 2008. It replaced many of wizards’ server 2003 had. It made roles and feature management easy. It was further developed and was available with every server operating system released after windows server 2008. 

Project “Honolulu” from Microsoft is to bring server management in to next level. It is simple but powerful web based interface which can install on windows 10 or windows server 2016. It can use to configure and troubleshoot servers locally or remotely. 

Why it is good? 

1. Simplified one web console for server management – Instead of using multiple MMC to manage resources, Honolulu gives simple web based interface to do it. It also allows to go from simple role install to advanced troubleshooting using same console.  

2. Better interconnection – With Honolulu we can connect windows server 2016, windows server 2012 R2, windows server 2012, Hyper-V 2016/2012R2/2012 in to one console. It also allows to manage failover cluster, hyper-converged environments from same console. Microsoft also working with partners to refine their SDK and extension model.

3. No Agents or No additional configurations – To connect servers to console it is not required agents or any other additional configuration. Only requirement is to have connectivity between gateway server and member servers. 

4. Familiar tools packaged together – web based console allow you to access familiar tools from one place. For an example, you can access Server management, registry editor, firewall tools via console. Before we had to use different methods to open those MMC. This also make it easy to adopt without additional trainings. 

5. Flexible for integration – the design itself welcoming third parties to create modules and integrate it with Honolulu so those applications or services also can manage via same console. 

6. Can use to manage resources via internet – Honolulu web console (web server components) can publish to remote networks and allow engineers to manage servers without using traditional management methods such as VPN, RDP etc. 

Will it replace other management tools? 

At the moment System center and Operation Management Suite (OMS) provides advanced infrastructure management capabilities. Project Honolulu will be complementary to those existing tools but it is not mean to replace in any mean.

Is it got anything to do with Azure? 

No, it is not. It can use with in azure VMs too. Console doesn’t need internet access even to operate. 

When it will release? 

At the moment, it is in technical preview stage. It will be released in year 2018. However, this will not prevent you from testing and providing feedback to improve it further. 

Is it supporting all operating systems?

It can only install on windows server 2016 or windows 10. 

Version

Install Honolulu

Managed node

Managed HCI cluster

Windows Server 2016

Yes

Yes

Future

Windows Server version 1709

Yes

Yes

Yes, under insider program

Windows 10

Yes

N/A

N/A

Windows Server 2012 R2

No

Yes

N/A

Windows Server 2012

No

Yes

N/A

However, if you need to manage windows server 2012 R2 and 2012 you need to install Windows Management Framework (WMF) version 5.0 or higher first as required PowerShell features not available in earlier versions.  

Architecture 
 
Honolulu has two components.
 
Gateway – Gateway is to manage connected servers via Remote PowerShell and WMI over WinRM. 
Web Server – It is the UI for Honolulu and users can access it via HTTPS requests. It also can publish to remote networks to allow users to connect via web browser. 
 
Feedback is important 
 
The project is still in early stage. We all can contribute to make it perfect. Feel free to submit your feedback via https://aka.ms/HonoluluFeedback 
 
Let’s take a look!
 
Now it’s time to install and play with it. In my demo environment, I have two windows servers 2016 under domain therebeladmin.com. I am going install it on one server and get both servers connected to the console. 
 
1. Log in to the server as administrator 
3. Double click on .exe to install. In initial window accept the license terms and click Next to continue. 
4. In next window click on tick box to select “Allow project “Honolulu” to modify this machine’s trusted host’s settings”. In same window can select “create a desktop shortcut to launch project “Honolulu”” option to create desktop shortcut. 
 
hon1
 
5. In next window, we can define a port for management site. For demo purpose, we can use self-sign certificate to allow HTTPS requests. once selections are made, click Install to proceed. 
 
hon2
 
6. Once installation is completed, double click on shortcut to launch the console.
 
Note : Console is recommended to use on Edge or Chrome browser. If you using IE, it will give error saying to use it on recommended browser. 
 
7. In initial window, it will launch a tour to explain project Honolulu. You can either follow it or skip. 
8. In home page, it lists the servers added to console. By default, it has the server it is installed on. 
 
hon3
 
9. To add new server to the list, click on Add button.
 
hon4
 
10. Then it shows the list of connections types available. In demo, I am going to add single server so I am going to choose “Add Server Connection” 
 
hon5
 
11. In next window, it asks the name of the server. please provide server name and click on Submit
 
hon6
 
You need administrator account to add server to console. In my demo, I am using domain admin account to install and configure Honolulu. If you are in workgroup environment, it will give option to define admin account user name and credentials. 
 
hon7
 
We also can import multiple servers using .txt file. 
 
hon8
 
Once its added, it will show up on home page. 
 
hon9
 
12. In order to manage server, click on the server name in homepage. Then it will bring up the server overview page. 
 
hon10
 
In this page, it gives real-time information about server performance. It also provides data about server resources. not only that it also gives options to restart or shutdown server, access settings and edit computer name. 
 
hon11
 
13. Using Device tab, we can view the details about the server hardware resources. 
 
hon12
 
14. Certificate tab allows to view all the certificates in server. more importantly it shows certificates for local machine and current user in same window. If its traditional method we have to open this using MMC. 
 
hon13
 
15. Events tab shows all the events generated in server. 
 
hon14
 
16. Files tab works similar to file explorer. You can create folders, rename folders and upload files to folders using it. unfortunately, you can’t change permissions of the folders at the moment. 
 
hon15
 
17. Firewall Tab is one of my favorites. Now it is easy to see what each rule does. It also allows to modify rules if needed.  
 
hon16
 
hon17
 
18. Registry tab is also very useful. Using same console now we can add or modify registry entries. 
 
hon18
 
19. Roles and Features tab allow you to install/remove roles and features.
 
hon19
 
hon20
 
20. Services tab work similar to traditional services mmc. It can use to status of services, start services, stop services or change startup mode. 
 
hon21
 
21. Storage tab helps to manage allocated storage to server. 
 
hon22
 
In this blog post, I tried to go through each option but I like to encourage you to go and check its capabilities in details. It is easy to implement yet powerful. This marks the end of the blog post and hope it was useful. If you have any questions feel free to contact me on rebeladm@live.com also follow me on twitter @rebeladm to get updates about new blog posts.

Active Directory Federation Services (AD FS) – Part 2

This is the part 2 of the series of articles which explains about the AD FS and configuration. If you still not read the part 1 you can find it here.

Active Directory Federation Services (AD FS) – Part 1

In this post let’s look in to the configuration of the AD FS.

Active Directory Federation Services (AD FS) Installation

DNS Record

Before start on the installation process, it is important to create appropriate DNS record for AD FS name. This need to be setup on the appropriate DNS service provider which company uses. In here I did setup A record for adfs.contoso.com and point it to the server where AD FS will install.

adfsi1

 

Please note AD FS will not have concept of internal and external URLs. This given URL should be resolve from internal and external access to the same server.

SSL Certificate

AD FS required valid SSL in place as all the communication will happen via only secure connection. So prior to the installation in the server which will hold AD FS, you need to deploy valid SSL to match with the URL created on above step.

In here for the demonstration, I have created SSL for adfs.contoso.com and deploy it on the server as following.

adfsi2

Installation Steps

To begin the installation log in to the selected server (This must be added to the domain) as domain admin or enterprise admin.

1)    Load the Server Manager > Add roles and features

adfsi3

2)    Then it will load “Add roles and features wizard” and click next to continue

adfsi4

3)    In next window select “Role-based or feature-based installation” and click next to continue

adfsi5

4)    Then leave the default selection in next window and click next

adfsi6

5)    In server role selection select “Active Directory Federation Services” and click next

adfsi7

6)    In features selection window, leave the default selection and click next to continue

adfsi8

7)    Then in next window it gives description about the AD FS and click next to continue

adfsi9

8)    In next window, click on install to begin the installation.

adfsi10

9)    Once installation completed, click on option “configure the federation services on this server” to start the configuration process

adfsi11

10)    Then it will open up the AD FS configuration wizard. Select the “create the first federation server in a federation server farm” and click next

adfsi12

11)    In next window leave the default and click next

adfsi13

12)    In next window select the SSL certificate which will use for the AD FS and provide the name space as well. ( Note – in demo I used self-signed SSL so it is not match with the A record I created )

adfsi14

13)    If required you can use GMSA as an ADFS service account. In this window, can select the service account and click next to continue.

adfsi15

14)    In next window, if need we can save the configuration database on separate SQL server in network. For demo I will just use the default option.

adfsi16

15)    In next window it will give brief review about the option selected and click next to continue

adfsi17

16)    Then it will proceed with pre-requites check, once it completed click on configure to proceed.

adfsi18

17)    Once process completed, click on close to exit from the wizard.

This completes the AD FS role installation and configuration. In next post I will explain how to install the proxy services. If you have any questions about the post, feel free to contact me on rebeladm@live.com

 

Active Directory Database Optimization

Like any other database active directory database also get fragmented as its write and retrieve data from the database. It will also grow on size without clearing unused hard drive space. Well in small organization you will not feel much different but when it comes to large infrastructures it’s become issue. It needs to have regular optimization of active directory database to have better performances.

How we can do it?

In windows OS we uses the defragment tool to optimize the computer hard drive. There is similar procedure we can use to defrag active directory database.

There are two type of defragmentation use with active directory database. 

Online Defragmentation

With windows serer 2000 Microsoft introduced this method. It is runs in certain intervals (default is every 12 hours) automatically to defrag active directory database. It is part of active directory garbage collection process. It will optimize the data storage and reclaims the space for new active directory objects. But this will not reduce the size of the active directory database. The important thing is it not required to bring any service offline to do this.

Offline Defragmentation

As the name says to do this process we need stop the active directory service. To do this system will create compact version of the existing active directory database in different location. Once process is created the new defragmented database it will copy the compact version in to the original location.  Stats says it can shrink database in to 1/6th of its original size after offline fragmentation.

To do this we uses command line utility called “ntdsutil”. This is the same tool we can use to check for the active directory errors.

Tips

1)    Before do offline defragmentation you need to plan the impact properly. Since Ad service will go down you need to measure how it will affect company operations. The time it will take depends on the size of the AD database and the how bad it fragmented.
2)    It is always best to take system state backup prior to the process.

Let’s see how we can do this.

1)    First you need to log in to the primary domain controller as Domain admin or Enterprise Admin.
2)    Go to Server Manager > Tools > Services

opt1

3)    In Services.mmc right click on “Active Directory Domain Services” and click “Stop”

opt2

4)    Then it will ask if it’s okay to stop the associated services. Click yes to continue.

opt3

5)    Once services stops, right click on Start button and click “Command Prompt (Admin)

opt4

6)    Type “ntdsutil” and enter

opt5

7)    In prompt type “activate instance NTDS” and press enter

opt6

8)    Then type “files” and press enter

opt7

9)    At the file maintenance we need specify the location where NTDS compact database will save. For demo I created folder C:\CompactDB and will use it. So need to type “compact to C:\CompactDB” and press enter
10)    Then it will perform the defragment. The time it will take depends on the size of the database.

opt8

11)    When process completes type “q” and “quit” to exit from the utility.

To complete the process as screen says copy the defragmented database from C:\CompactDB\ntds.dit to C:\Windows\NTDS\ntds.dit

Also we need to remove the log files as it says. After that we have successfully defrag the AD database.

Now go to Services.mmc right click on “Active Directory Domain Services” and click “Start”.

If you have any question regarding the article feel free to contact me on rebeladm@live.com