Deploying and Configuring Windows Nano Server 2016 TP4

Introduction

Hello Everyone! Allen Sudbring here, Platforms PFE in the central region. Today I wanted to share some information I have been working on with my customers concerning Microsoft’s newest version of Window Server, Nano Server. Nano Server is a lightweight, stripped down version of Windows Server optimized for private clouds and datacenters. Nano server is our first version of Windows that has no shell and no user interface. Nano server is 100% remotely managed utilizing PowerShell and Server Manager.

Part 1 – Console

The only option available when logging into console of a virtual machine running Nano Server or connecting a crash cart to a physical Nano Server is this very plain emergency console:

clip_image002[7]

Not terribly flashy is it?

After logging in, you are greeted with some very basic information about your server:

clip_image004[6]

From here you don’t have a lot of options as far as very basic configuration of the server. You can restart and shutdown the server as well as Tab down to Networking and Firewall to change the IP address of the server and enable and disable rules in the built in firewall:

clip_image006[6]

clip_image008[7]

Nano Server supports 64 bit tools, agents, and applications only. It is a very lightweight install and requires far fewer patches and updates than the server core or full version of Windows Server.

 

Part 2 – Image Creation Prerequisites, Features, and Roles

So how do I install this thing? Nano Server is unique as it’s not “installed” like a traditional version of Windows Server. To install and configure a Nano Server, you first have to generate a VHD image that is configured to your specifications from the Windows Server 2016 install media.

Before going any further, I need to put a disclaimer here: The information in this blog post was created using Windows Server 2016 Technical Preview 4, and may change when the product reaches RTM.

There are a couple of prerequisites before you get started generating images for Nano Server:

1. Windows Server 2016 Technical Preview 4 Install Media

2. Windows 10 or Windows Server 2016 Technical Preview workstation to generate Nano Images. (Only required if harvesting domain blob to do offline domain join of image to Active Directory, more on domain join later)

3. Determine if Physical or Virtual Install

4. Configuration Options:

a. Server Name

b. IP address, gateway, and suffix (If not using DHCP)

c. Roles

d. Packages

e. Domain Name (If doing offline domain join in image creation)

The methodology for deploying a Nano server is a little different than deploying a traditional Windows Server. In the past, you deploy the server, configure it, and then install the roles, etc. for what the server would be doing. With Nano server, you do all that in the beginning when you’re building an image for the server and then just boot it. You have to pick the roles and packages you want first, incorporate them, and then generate a VHD of the configured server. Point being, you don’t want to miss a planning session when deploying Nano Server.

As of Technical Preview 4, these are the roles and features supported on Nano Server:

· Compute (Hyper-V clustered and stand-alone)

· File server and storage host for Scale-Out File Server

· DNS (File based only, AD Integrated not available)

· Web Server (IIS with a default set of options. Packages can be added after install to enable more IIS features. More info here: https://technet.microsoft.com/en-us/library/mt627783.aspx

· Containers (Windows and Hyper-V)

Table showing options for image creation:

Role or Feature Option
Hyper-V Role -Compute
Failover Clustering -Clustering
Hyper-V guest drivers for hosting Nano Server as a virtual machine -GuestDrivers
Basic drivers for a variety of network adapters and storage controllers. This is the same set of drivers included in a Server Core installation of Windows Server 2016 Technical Preview. -OEMDrivers
File Server role and other storage components -Storage
Windows Defender Antimalware, including a default signature file -Defender
Reverse forwarders for application compatibility, for example common application frameworks such as Ruby, Node.js, etc. -ReverseForwarders
DNS Server role -Packages Microsoft-NanoServer-DNS-Package
Desired State Configuration (DSC) -Packages Microsoft-NanoServer-DSC-Package
Internet Information Server (IIS) -Packages Microsoft-NanoServer-IIS-Package
Host support for Windows Containers -Containers
System Center Virtual Machine Manager agent -Packages Microsoft-Windows-Server-SCVMM-Package-Packages Microsoft-Windows-Server-SCVMM-Compute-Package
Network Performance Diagnostics Service (NPDS) -Packages Microsoft-NanoServer-NPDS-Package
Data Center Bridging -Packages Microsoft-NanoServer-DCB-Package

This first version is limited in roles in features. Future versions could have more capability.

 

Image Creation

Image creation is done by copying the Nano server install directory to your workstation, along with a PowerShell module and script used to create the images. By default, the images created with this module and script are VHD images. There are a couple of ways of installing a Nano server to physical hardware, one of them is to image a WIM file to a hard drive of the physical machine.

I found a great blog by a Microsoft colleague, Refaat Issa, that details the procedure for creating a WIM as well as had a PowerShell module that he created to accomplish the creation:

· Deploying Nano Server to a Bare-Metal Machine using a WIM and WinPE

From <http://blogs.technet.com/b/nanoserver/archive/2015/12/01/deploying-nano-server-to-a-bare-metal-machine-using-a-wim-and-winpe.aspx>

I will have more information and procedures later in this post on installing to physical hardware.

Download the Windows Server 2016 Technical Preview media:

· Windows Server Technical Preview 4 Evaluations

From <https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-technical-preview>

What I usually do is create a directory on my computer named C:\Nano. I then copy the module and script from the install media to that directory and the module downloaded from Mr. Issa’s blog. I also create a separate directory named C:\WINSRV2016TP4 and copy the contents of the install media to that directory.

clip_image010[9]

clip_image012[6]

Now that you have everything you need, open up a PowerShell Windows as an Administrator or open the PowerShell Integrated Scripting Environment. I like to use the ISE because it allows me to run snippets of scripts and commands as well as open remote PowerShell windows. If you haven’t used it before, I encourage you to try it.

The very first step is to go to the Nano directory where you copied the scripts and modules and import the modules so that you can create the images:

clip_image014[8]

Before you start generating images, you have to figure out what you want in the image as far as roles and features, you then build the command based on those options. For example, if I wanted to generate a Nano Server image that had the Hyper-V role, clustering, a static IP address, OEM Drivers, and join the Active Directory domain, you would use the below process to create the command.

Declare variables and build command:

$mediapath = “C:\WINSRV2016TP4”

$basepath = “C:\Nano”

$targetpath = “C:\Nano\SRV16-DEMO.vhd”

$computername = “SRV16-DEMO”

$domain = “sudbringlab”

$interface = “Ethernet”

$ipv4address = “10.20.1.30”

$ipv4mask = “255.255.255.0”

$ipvgateway = “10.20.1.1”

New-NanoServerImage -MediaPath $mediapath -BasePath $basepath -TargetPath $targetpath -ComputerName $computername -OEMDrivers -Clustering -EnableRemoteManagementPort -DomainName $domain -InterfaceNameOrIndex $interface -Ipv4Address $ipv4address -Ipv4SubnetMask $ipv4mask -Ipv4Gateway $ipvgateway

When the command is executed, it will prompt you for the administrator password for the local administrator account for the image. It then generates the image based on the options in the command:

clip_image016[7]

I declare variables and then chain the variables into the command, it makes it a little easier to reuse commands by just changing the variables. I am also enabling the remote management port on the VHD so that the server can be managed with PowerShell as soon as it boots. This command also harvests a domain blob for my AD domain, sudbringlab.com, and does an offline join of the machine to the domain.

The TechNet Article “Getting started with Nano Server” has more options for the image command as well as other information on Nano server.

· Getting Started with Nano Server

From <https://technet.microsoft.com/en-us/library/mt126167.aspx>

Later on in this post when we get to the installation of the server, I will be expanding on some of the options in this TechNet article and showing their practical use.

 

Part 3: Virtual Server Install

You have this fancy VHD created from the steps in the previous section and you want to test this Nano Server thing out. The easiest and fasted way is to boot it up in a Virtual Machine.

You can boot the Nano server VHD created with the script and module in Hyper-V, both server and the version included with Windows Client. The procedures for configuring Hyper-V to use the VHD is the same.

First thing we need to do is create a VHD with the Hyper-V guest drivers and the options we want for the server. For simplicity, I’m going to generate a VHD with the file server role, DHCP, Domain Join, and the Hyper-V drivers.

Declare Variables and build command:

$mediapath = “C:\WINSRV2016TP4”

$basepath = “C:\Nano”

$targetpath = “C:\Nano\SRV16-FILE.vhd”

$computername = “SRV16-FILE”

$domain = “sudbringlab”

New-NanoServerImage -MediaPath $mediapath -BasePath $basepath -TargetPath $targetpath -ComputerName $computername -Storage -GuestDrivers -EnableRemoteManagementPort -DomainName $domain

Running the command generates a dialog box for a password. For the purposes of this install, I will use a simple password of P@ssword:

clip_image018[7]

When the image is done customizing, it will be located in the C:\Nano directory:

clip_image020[6]

When the process is complete, a log file is generated from the process in the local user profile. This log can be used to troubleshoot errors and issues with creating the Nano Server images. More information on the log file will be in the next part of this post:

clip_image022[5]

Once the process is finished, navigate to the C:\Nano directory and copy the VHD file to your Hyper-V server or workstation with the Client Hyper-V components installed:

clip_image024[4]

To boot the VHD in a VM, you have to create a new VM and then associate the VHD with the VM during creation. Open Hyper-V Manager and choose New->Virtual Machine:

clip_image026[4]

Click Next on the “Before you Begin” screen:

clip_image028[4]

Configure the storage location for the VM and the name and click next:

clip_image030[4]

Choose Gen 1 or Gen 2 VM. Choose Gen 2 if using a VHDX file and click next:

clip_image032[4]

Assign memory to VM and choose whether to use Dynamic Memory and click next:

clip_image033[4]

Configure the virtual network the VM will use and click next:

clip_image035[4]

To connect the Virtual Hard Disk image that was created for Nano Server, choose “Use an existing virtual hard disk” and click Browse:

clip_image037[4]

Navigate to where the Nano VHD is located. I copied VHD to a folder where the VM is going to be created and click “Open”:

clip_image039[4]

Verify the Nano VHD has been selected and hit “Next”:

clip_image041[4]

Click Finish on the Summary Screen:

clip_image043[4]

Ensure the VM was created in Hyper-V Manager:

clip_image045[4]

Right Click on the VM and start the VM:

clip_image047[4]

Congratulations! You’ve booted a Windows Nano Server VHD on Hyper-V:

clip_image049[4]

clip_image051[4]

Stay tuned to the bonus section for some special information concerning booting Nano Server in a virtual machine.

Part 4: Physical Server Install

To install to a physical server, I like to break it into the easy way and the hard way. They both have their drawbacks and advantages. I will refer back to Mr. Issa’s blog again for the ways you can install Nano to a physical server:

1. Dual Boot a Nano Server VHD or VHDX from an existing install of Windows. (I call this the easy way)

2. PXE Boot a bare metal machine and install Nano server from a VHD or VHDX using Windows Deployment Services. (Going to cover this in a future post)

3. PXE Boot a bare metal machine and install Nano Server from a WIM file using Windows Deployment Services. (Future post….)

4. Boot a bare metal machine using WinPE and deploying Nano using a WIM file. (I call this the hard way)

In this section, I want to cover deploying Nano Server without any supporting infrastructure such as Windows Deployment Services or System Center Configuration Manager, so we are only going to cover in this section number one and number four.

Dual Boot a Nano Server VHD or VHDX from an existing install of Windows (AKA “The Easy Way”)

I call this way the easy way, because it requires the least amount of tools to get it up and running and you can try out Nano Server on an existing server that has Windows Server Core or Full installed.

Booting on physical hardware requires device drivers for the hardware in the Nano Server image. The OEM driver package that is available for inclusion of the Nano image to support most hardware for testing. To ensure the right drivers are used for the right hardware, the drivers can be injected into the Nano image as an option in the image generation command. I will be covering the procedures for injecting drivers as well as other optional components and commands in a later part of this post.

I don’t have a ton of physical boxes laying around that I can boot this on to demonstrate and take pictures, so I’m going to simulate the procedures for dual booting a Nano Server VHD on Hyper-V virtual machine with Windows Server 2016 TP4 Core installed.

First thing we are going to do is generate an image. For simplicity sake, I’m going to generate an image that’s in a Workgroup, has DHCP, and the IIS role installed.

We declare our variables:

$mediapath = “C:\WINSRV2016TP4”

$basepath = “C:\Nano”

$targetpath = “C:\Nano\SRV16-NANOIIS.vhd”

$computername = “SRV16-NANOIIS”

Then run this command to generate an image for physical hardware. Use the second command listed for Hyper-V. This is the one I will be using to show the installation. I have put the real command though here for reference:

OEM Drivers (For an actual Physical Server)

New-NanoServerImage -MediaPath $mediapath -BasePath $basepath -TargetPath $targetpath -ComputerName $computername -Packages Microsoft-NanoServer-IIS-Package -OEMDrivers -EnableRemoteManagementPort

Hyper-V Drivers (For a Hyper-V Virtual Machine for demonstration)

New-NanoServerImage -MediaPath $mediapath -BasePath $basepath -TargetPath $targetpath -ComputerName $computername -Packages Microsoft-NanoServer-IIS-Package -GuestDrivers -EnableRemoteManagementPort

Running the command generates a dialog box for a password. For the purposes of this install, I will use a simple password of P@ssword:

clip_image053[4]

When the image is done customizing, it will be located in the C:\Nano directory:

clip_image055[4]

When the customization is completed a log file is generated in your local user profile. If for some reason the image customization errors out, you can view this log to see any errors that prevented the process from running. (One of the most common errors, is attempting to do the offline domain join with a name that is already used in Active Directory. The log will display an error that the machine already exists and instruct you to use the -ReuseDomainNode switch when generating the image):

clip_image057[4]

Enable viewing of hidden items to view the log:

clip_image059[4]

clip_image061[4]

You should now have a VHD the name you declared as the output of the variable in your C:\Nano directory:

clip_image063[4]

For the purposes of this blog, I’m going to simulate the physical install on a Hyper-V Virtual machine. I have pre-installed a Windows Server 2016 TP4 Core VM to show the procedures for dual booting the VHD of Nano Server.

The first step in the process is to connect to the Server Core machine either through Windows Explorer or PowerShell and create a C:\Nano directory to hold the VHD:

clip_image065[4]

Then copy the VHD you created in the previous steps to this directory:

clip_image067[4]

I’ve logged into the console of my Server Core virtual machine and verified the VHD is in the Nano Server directory:

clip_image069[4]

I’m going to start PowerShell by typing “PowerShell” so I can run the commands to mount the VHD file:

Mount-DiskImage -ImagePath C:\Nano\SRV16-NANOIIS.vhd

clip_image071[4]

Determine the drive that it was mounted under. It is usually the next available drive letter such as D: or E:, in the case of this demo it was E: because D: was the CD-ROM. You can know for sure because it will have a Windows Directory when you do a DIR of the directory:

clip_image073[4]

Once you have determined the drive where the VHD is mounted, you run the following command to configured the BCD to dual boot the VHD:

bcdboot E:\Windows

clip_image075[4]

Reboot the machine (VM) by issuing the shutdown command:

shutdown /r /t 0

clip_image077[4]

When the machine reboots, you will see that the boot menu has changed. You know have an entry named “Windows CoreSystem 8.1”. That is the Nano Server boot entry. It will boot automatically into Nano or hit enter to speed along the process:

clip_image079[4]

Once it boots, you will be greeted with the Nano Server recovery console login screen:

clip_image081[4]

Go ahead and login with the local Administrator account we set the password for in the Image creation process:

clip_image083[4]

If all things are well you will see the recovery console screen we talked about at the beginning of this post:

clip_image085[4]

Congratulations! You have just booted Nano server. Now on to the hard way…..

 

Boot a bare metal machine using WinPE and deploying Nano using a WIM file (AKA: “The Hard Way”)

When I say “Hard Way” it’s really not that hard, just requires more stuff to do. In reality it isn’t that bad as long as you have the tools you need. The first thing to do is to acquire WinPE. You can use an existing version of WinPE you might already have or go download the Windows Assessment and Deployment Kit or ADK for short:

· Download the Windows ADK

From <https://msdn.microsoft.com/en-us/windows/hardware/dn913721.aspx>

Create an ISO image or USB key with Windows PE:

· WinPE: Create a Boot CD, DVD, ISO, or VHD

From <https://msdn.microsoft.com/en-us/library/windows/hardware/dn938385(v=vs.85).aspx>

A normal VHD isn’t going to cut it for this exercise, we need a WIM file. For that we are going to use the PowerShell module that we copied over to our C:\Nano directory from Mr. Issa’s blog.

Options are still the same as the module used for the VHD. We need to change the output to a .wim file and use the New-NanoServerWim command instead of New-NanoServerImage.

Declare our variables:

$mediapath = “C:\WINSRV2016TP4”

$basepath = “C:\Nano”

$targetpath = “C:\Nano\SRV16-HVWIM.wim”

$computername = “SRV16-HVWIM”

$domain = “sudbringlab”

This time I’m going to do an offline join of the image and set it up for DHCP. I’ve included the Hyper-V role here and clustering in the command. I’ve included both commands here for reference. I will be using the command with the Hyper-V guest drivers for the purposes of this demonstration:

OEM Drivers (For an actual Physical Server)

New-NanoServerWim -MediaPath $mediapath -BasePath $basepath -TargetPath $targetpath -ComputerName $computername -Compute -Clustering -OEMDrivers -DomainName $domain -EnableRemoteManagementPort

Hyper-V Drivers (For a Hyper-V Virtual Machine for demonstration)

New-NanoServerWim -MediaPath $mediapath -BasePath $basepath -TargetPath $targetpath -ComputerName $computername -Compute -Clustering -GuestDrivers -DomainName $domain -EnableRemoteManagementPort

Enter a password for the Administrator account, again I will use P@ssword:

clip_image087[4]

When finished, this module also has a log file that can be used to troubleshoot image creation issues:

clip_image089[4]

I’ve pre-created a VM with a blank hard drive and the WinPE amd64 ISO mounted to the DVD Drive. For a physical server in practice you can attach an external hard drive or USB key containing the WIM you created in the previous steps, or copy the WIM to the WinPE ISO. For the purposes of this demonstration, I have copied the WIM file to a blank VHD that I previously created and will mount on the Hyper-V Virtual Machine:

clip_image091[4]

The disk when mounted became the C: drive because we haven’t prepared the blank drive yet:

clip_image093[4]

Diskpart is now required to prepare the drive to apply the WIM File. Again, I would like to thank Mr. Issa for documenting the Diskpart commands in his blog.

UEFI/GPT

Diskpart.exe

Select disk 0

Clean

Convert GPT

Create partition efi size=100

Format fs=fat32 label=”System Reserved” quick

Assign letter=s

Create partition msr size=128

Create partition primary

Format fs=ntfs label=”NanoServer” quick

Assign letter=n

List volume

Exit

BIOS/MBR

Diskpart.exe

Select disk 0

Clean

Create partition primary size=300

Format fs=ntfs label=”System Reserved” quick

Assign letter=s

active

Create partition primary

Format fs=ntfs label=”NanoServer” quick

Assign letter=n

List volume

Exit

When finished the drive layout should look like this:

clip_image095[4]

Drive N: will be the drive that we apply the WIM file to with DISM. We will then run BCDBOOT to modify the BCD and boot into Nano Server.

Change to the drive letter or directory where the Nano Server WIM file is located, in my case C:

cd C:\

Apply the image to the N: Drive using Dism:

Dism.exe /apply-image /imagefile:C:\SRV16-HVWIM.wim /index:1 /applydir:n:\

clip_image097[4]

Execute BCDBOOT to copy the boot files and edit the BCD to boot the drive we just applied the WIM file to:

Bcdboot.exe n:\Windows /s s:

clip_image099[4]

Remove the WinPE ISO/Disk from the drive and reboot the server.

Reboot the server using:

wpeutil.exe reboot

Congratulations! You have now booted a machine after applying a WIM image of Nano Server to a hard drive:

clip_image101[4]

clip_image103[4]

 

Part 5 – Domain Join and other fun stuff

Domain Join

In the image creation sections, we looked at the commands used to generate the Nano server images. In those commands, when I gave an example of one that joined a domain, I included the command in the creation process:

New-NanoServerImage -MediaPath $mediapath -BasePath $basepath -TargetPath $targetpath -ComputerName $computername -Storage -GuestDrivers -EnableRemoteManagementPort -DomainName $domain

But Allen, what if I already have a Nano server up and running and I want to join it to a domain? What are my options then?

I’m glad you asked that. The way we accomplish this is with a utility called DJOIN.EXE. Djoin allows you to join a computer to an Active Directory Domain offline. It provisions a computer account in the domain and requests an offline join when the computer restarts.

We will be using djoin in all the procedures listed below for joining the Nano Server to the Active Directory Domain. I encourage you to read more about djoin as it can be used in a variety of ways in your environment:

· Djoin

From <https://technet.microsoft.com/en-us/library/ff793312.aspx>

· Offline Domain Join (Djoin.exe) Step-by-Step Guide

From <https://technet.microsoft.com/en-us/library/offline-domain-join-djoin-step-by-step(v=ws.10).aspx>

There are a couple of different ways to join a Nano Server to Active Directory. One of them uses a remote connection with PowerShell and copying a harvested domain blob to the computer and executing djoin. The other uses an Unattend.xml file, djoin, and dism to accomplish the join.

The PowerShell method will allow you to accomplish it online on the server with a reboot to finish. This is the method that would most commonly used with a Physical install of Nano Server.

The unattend.xml method requires using dism to apply the offline servicing settings to facilitate the domain join. This method would commonly be used with the Virtual Server install of Nano Server.

 

PowerShell Method (AKA: I built this Nano server and forgot to join it to the domain when I made the image)

So you imaged a physical server, but you forgot to do the domain join when you created the WIM file. Fear not, instead of creating another WIM and reimaging, I’m going to show you how to do a domain join using djoin and PowerShell.

First, you have to be able to copy a file to the Nano server and connect with a remote PowerShell session. Since this machine isn’t part of a domain yet, you have to do a little extra configuration on your local machine for the session.

If you have just built this server or haven’t modified any of the firewall rules, then file and print sharing more than likely is not enabled, so you won’t be able to copy anything to the server until we change that. You could login to the emergency console and enable every rule by hand, but that would be ridiculous when we can enable all the rules we need with one command once we remotely connect with PowerShell.

Let’s start by acquiring the IP address of our Nano Server. If the image you used did not have a static IP and you don’t know the IP address, you can connect to the emergency console, login with the local administrator account, and acquire the IP address:

clip_image105[4]

In the console, you can see our Nano Server IP address is 10.20.1.105:

clip_image107[4]

Open a PowerShell or the PowerShell ISE and execute the following commands:

Set-Item WSMan:\localhost\Client\TrustedHosts “<IP address of Nano Server>”

$ip = “<ip address of Nano Server>”

Enter-PSSession -ComputerName $ip -Credential $ip\Administrator

Click yes to add to your Trusted Hosts list:

clip_image109[4]

Enter the local Administrator account password:

clip_image111[4]

Verify the remote session is open by viewing the IP address to the left of the command prompt, this indicates a remote session is now open:

clip_image113[4]

Enter the following command into the session window to enable the firewall rules for File and Print Sharing:

netsh advfirewall firewall set rule group=”File and Printer Sharing” new enable=yes

clip_image115[4]

Leave the PowerShell session open and attempt to browse the file system on the Nano Server (You may be prompted for Administrator account and password). Go ahead and create a Temp directory on the volume. We will need it in a minute to copy the domain blob to:

clip_image117[4]

This next part has to be done on a Windows Server 2016 or Windows 10 machine. This won’t work on anything lower. We are going to harvest a data blob and request an offline join of the server. The blob will be saved in the current working directory. Open a command prompt as Administrator and execute the following command:

djoin.exe /provision /domain <domain-name> /machine <machine-name> /savefile .\odjblob

clip_image119[4]

Locate the blob file that was created and copy it to the file window into the Temp directory you created on the Nano Server. I created mine in C:\Temp:

clip_image121[4]

Copied over to the C:\Temp on the Nano Server:

clip_image123[4]

Return to the remote PowerShell windows that you have open to the Nano server and execute the following command:

djoin /requestodj /loadfile c:\Temp\odjblob /windowspath c:\windows /localos

clip_image125[4]

Execute a reboot command with a 5 second timer and disconnect the PowerShell Session:

shutdown /r /t 5

Exit-PSSession

clip_image127[4]

Connect to the console of the Nano server and verify it’s joined the domain by logging in with a Domain Admin account (No users in Local Administrators Group) and verifying the membership in the emergency console:

clip_image129[4]

clip_image131[4]

Congratulations! You’ve now joined a Nano Server to an Active Directory Domain using a remote PowerShell session.

 

Unattend.xml Method (AKA: I built this Nano server and forgot to join it to the domain when I made the VHD Image)

This is a sample Unattend.xml file I’m going to be using for this section. You would want to use this method if you already have a VHD of Nano Server that hasn’t been provisioned to join the domain or you have deployed a Nano Server VHD to Hyper-V in a Workgroup and now want to join it to your Active Directory Domain:

image

Make sure the C:\Nano directory referenced in the XML file and nanoserver.wim are available.

The first step is to harvest the data blob and request and offline provisioning of the server from a Windows 10 or Windows Server 2016 machine. The blob is saved to the directory the command is run from in the command prompt. Mine was saved in C:\Temp:

djoin.exe /provision /domain <domain-name> /machine <machine-name> /savefile .\odjblob

clip_image133[4]

Open Notepad with a new file and copy and paste the sample Unattend.xml from above into window:

clip_image135[4]

Find the section labeled “AccountData” and remove all the characters between the section:

clip_image137[4]

Open the blob created in the previous step in Notepad and copy the contents to the clipboard. Be sure to delete the trailing space on the end of the contents pasted:

clip_image139[4]

Paste the contents from the blob into the “AccountData” section and save the file to your C:\Temp directory with a name of unattend.xml:

clip_image140[4]

Copy the Nano Server VHD you wish to join to the domain to a directory on your computer. I have copied mine to C:\Temp:

clip_image142[4]

Create a directory in C:\Nano named Mount:

clip_image144[4]

Open a command prompt as administrator and run the following command to mount the VHD in the directory we created. Ran this command from the directory so that relative paths would be used in the command:

dism /Mount-Image /ImageFile:C:\Temp\Insertyournamehere.vhd /Index:1 /MountDir:C:\Nano\Mount

clip_image146[4]

Verify the image is mounted in the directory you created in the C:\Nano directory:

clip_image148[4]

Execute the following command to apply the unattend.xml file to the mounted image:

dism /image:C:\Nano\Mount /Apply-Unattend:C:\Temp\unattend.xml

clip_image150[4]

Next we want to execute the following command to dismount the image and commit the changes:

dism /Unmount-Image /MountDir:C:\Nano\Mount /Commit

clip_image152[4]

Redeploy the VHD and boot into the console. Login and verify domain membership:

clip_image154[4]

clip_image156[4]

Yay!! We have successfully joined an offline Nano Server VHD to an Active Directory Domain.

 

Other Fun Stuff

Static IP (AKA: I built this server, configured it for a domain, why can’t I login?)

I briefly mentioned Static IP earlier in this post when generating a Nano Server Image. I wanted to go a little more in depth on that and also show you how to add the DNS servers to the primary network interface card after the server boots.

Below is the sample command from the previous section.

Declare variables and build command:

$mediapath = “C:\WINSRV2016TP4”

$basepath = “C:\Nano”

$targetpath = “C:\Nano\SRV16-DEMO.vhd”

$computername = “SRV16-DEMO”

$domain = “sudbringlab”

$interface = “Ethernet”

$ipv4address = “10.20.1.30”

$ipv4mask = “255.255.255.0”

$ipvgateway = “10.20.1.1”

New-NanoServerImage -MediaPath $mediapath -BasePath $basepath -TargetPath $targetpath -ComputerName $computername -OEMDrivers -Clustering -EnableRemoteManagementPort -DomainName $domain -InterfaceNameOrIndex $interface -Ipv4Address $ipv4address -Ipv4SubnetMask $ipv4mask -Ipv4Gateway $ipvgateway

Once your image is built, connect with a remote PowerShell window and execute the following command:

Get-Netadapter

clip_image158[4]

From the output of the Get-Netadapter command, determine the index number of the network interface you wish to add the DNS Servers to. In my case it’s 3. Execute the following command to add the DNS Servers:

Set-DNSClientServerAddress –interfaceIndex 3 –ServerAddresses (“x.x.x.x”,”x.x.x.x”)

clip_image160[4]

Reboot your server so it registers with DNS and login!

 

Editing an existing Nano Server image (AKA: I built this image and deployed it and then I forgot insert feature or role here🙂

Pretty simple if you have the VHD of the Nano Server image. The modules mentioned in the first part of this post ALSO have an edit function. You can use it to join the machine to the domain.

Wait a minute, join a machine to the domain? Couldn’t I have just edited the VHD with this instead of that long complicated unattend.xml method up above? You are correct sir, you could have. I had to show you the hard way first before the easy way.

Execute the following command from a Windows 10 or Windows Server 2016 machine to join a machine to the domain by editing the VHD:

Declare variables and build command:

$basepath = “C:\Nano”

$targetpath = “C:\Nano\SRV16-FILE3.vhd”

$computername = “SRV16-FILE3”

$domain = “sudbringlab”

Edit-NanoServerImage -BasePath $basepath -TargetPath $targetpath -ComputerName $computername -DomainName $domain

Allen, I ran this command and I got a weird error. I’m pretty sure it didn’t do the domain part, what do I do?

Best place to start is the log:

clip_image162[4]

And we have our answer. Looks like there already a machine in the domain with that computer account:

clip_image164[4]

If you are sure the old machine is no longer in service and you want to use that name, then you would modify the command to reuse the existing name with the optional switch -ReuseDomainNode.

Declare variables and build command:

$basepath = “C:\Nano”

$targetpath = “C:\Nano\SRV16-FILE3.vhd”

$computername = “SRV16-FILE3”

$domain = “sudbringlab”

Edit-NanoServerImage -BasePath $basepath -TargetPath $targetpath -ComputerName $computername -DomainName $domain -ReuseDomainNode

Same procedure to add a role or feature. Example below is clustering being added to a Nano Server image that was configured for storage:

Declare variables and build command:

$mediapath = “C:\WINSRV2016TP4”

$basepath = “C:\Nano”

$targetpath = “C:\Nano\SRV16-FILE3.vhd”

Edit-NanoServerImage -BasePath $basepath -TargetPath $targetpath -ComputerName $computername -Clustering

You can also add any role or feature that is supported in the New-NanoServerImage command and put multiple options in the command.

 

Including tools and scripts in image

There is an option on the New and Edit-NanoServerImage commands to include a directory of data in the image. Most use case of this would be embedding a tools directory or scripts directory that can be utilized on the server after boot up.

Below is sample command of a file server with a tools directory being added to the image:

Declare variables and build command:

$mediapath = “C:\WINSRV2016TP4”

$basepath = “C:\Nano”

$targetpath = “C:\Nano\SRV16-FILE3.vhd”

$computername = “SRV16-FILE3”

$mergepath = “C:\Nano\Tools”

New-NanoServerImage -MediaPath $mediapath -BasePath $basepath -TargetPath $targetpath -ComputerName $computername -Storage -GuestDrivers -EnableRemoteManagementPort -MergePath $mergepath

Custom Image (VHD) Size (AKA: I took the default and ran my VHD out of space)

The default VHD size of all of the commands so far in this post is 4GB. It’s the size of the VHD if you don’t specify the size of the image in the command. To set a size other than 4GB add the following option to the New-NanoServerImage command:

Declare variables and build command:

$mediapath = “C:\WINSRV2016TP4”

$basepath = “C:\Nano”

$targetpath = “C:\Nano\SRV16-FILE3.vhd”

$computername = “SRV16-FILE3”

$mergepath = “C:\Nano\Tools”

New-NanoServerImage -MediaPath $mediapath -BasePath $basepath -TargetPath $targetpath -ComputerName $computername -Storage -GuestDrivers -EnableRemoteManagementPort -MergePath $mergepath -MaxSize 100GB

This command will make the image we created above for the tools 100GB in size and dynamically expanding.

 

Injecting Drivers (AKA: These OEM drivers you keep speaking of aren’t cutting it for my hardware)

Instead of showing you how to incorporate a folder of HP or Dell drivers, I’m going to show you how to inject the VMWare tools for vSphere 6 into a VHD.

Why you showing VMWare stuff on a Microsoft blog you might ask? Valid question. Microsoft over the past couple of years has embraced other platforms such as IOS, Android and Linux, we just announced SQL on Linux. The world is a different place and I know that all of my customers don’t use Hyper-V. I want to help the customer, regardless of the platform.

Customers using VMWare shouldn’t be shut out of using this wonderful product. Of course once you inject the VMWare drivers into the image, it’s still a VHD and you have to convert it to a VMDK file or use some other means to create a VMWare VM of Nano Server. Stay tuned for the Bonus section where things really get whacky.

On to injecting drivers…..

The first step is to acquire the drivers you wish to use. These are usually found on the vendor’s website of your physical hardware. In my case I’m doing the demonstration using the VMWare tools.

I acquired the Windows ISO from the public VMWare site:

https://packages.vmware.com/tools/esx/latest/windows/x64/index.html

Process is still the same for hardware drivers. You expand the drivers to a folder and the incorporate that folder into the image creation. VMWare drivers are contained within in a windows ISO and have to be extracted.

Extract the contents of the ISO to a folder on your hard drive either by mounting it or opening it. I put mine in C:\Nano\VMWare\Temp:

clip_image166[4]

Open a command prompt and navigate to the directory where you extracted the ISO file and run the following command:

setup64.exe /a /p

clip_image168[4]

Click next on the welcome screen:

clip_image170[4]

Enter the location where you want the files extracted and click install. I put mine in C:\Nano:

NOTE: The installer will place the final files in the \VMWare\VMWare Tools directory off of the path you place in this box

clip_image172[4]

Click Finish when completed:

clip_image174[4]

Open Windows Explorer and go to the directory where the tools where extracted:

clip_image176[4]

Click on the VMWare folder and copy the Drivers folder somewhere you can reference in the image process. I put mine in the root of my VMWare folder in C:\Nano:

clip_image178[4]

Using what we learned in earlier parts of this post, I’m going to build a Nano Server Image that is a container host and is clustered. It is also going to be joined to the domain and be DHCP. I am going to add the drivers folder we created above and the OEMDrivers. The VMWare drivers are for NIC, Storage, etc. The OEM drivers will have the E1000 and other drivers needed for default VMWare hardware.

Declare variables and build command:

$mediapath = “C:\WINSRV2016TP4”

$basepath = “C:\Nano”

$targetpath = “C:\Nano\SRV16-VMWCON.vhd”

$computername = “SRV16-VMWCON”

$domain = “sudbringlab”

$driverspath = “C:\Nano\VMWare\Drivers”

New-NanoServerImage -MediaPath $mediapath -BasePath $basepath -TargetPath $targetpath -ComputerName $computername -DomainName $domain -Clustering -Containers -OEMDrivers -DriversPath $driverspath -EnableRemoteManagementPort

Once the process is complete you have a VHD with the OEM Drivers and the VMWare drivers that you can now do magic with and make it work with VMWare.

Or stay tuned for the bonus stuff and I will show you how!

 

Part 5: Management

So you have these fancy Nano Servers up and running, how do you manage them?

For the most part, the tools you use today to manage Windows Server will work with Nano Server:

· Event Viewer

· Remote Registry

· Hyper-V Manager

· Cluster Manager

· WMI

· PowerShell

· Server Manager

You notice how RDP isn’t in that list. There is no RDP because there is no GUI. Nano Server is 100% remotely managed.

You have seen how to work with Nano Server and a PowerShell remote console earlier in this post, the other tools listed above work the same as they do today with Windows Server. I’m not going to waste our time going over those tools, because I want to show off the new Server Management Tools in Azure. These new tools allow you to manage servers in the cloud as well as on-premises in the same console.

The Server Management tools connect back to your On-Premises servers through a gateway server you install in the environment. The current preview version supports management of Windows Server 2016 Technical preview installations running in Azure or On-Premises. The tools are hosted in the Azure Cloud and accessed through your subscription like other Azure Resources.

A couple of requirements to get started:

1. A Window Server 2012 R2 (with WMF 5.0) or Windows Server 2016 TP4 installation either physical or virtual machine. It must have an internet connection.

2. Azure Subscription (30 Day Trial available here: https://azure.microsoft.com/en-us/pricing/free-trial/)

3. A Windows Server 2016 TP4 Full, Core, or Nano server to manage.

Login to your Azure subscription and search for “Server Management”. Click on the tools option:

clip_image180[4]

Click on Add:

clip_image182[4]

Fill in the FQDN of the server you want to manage: (Enter IP address if managing a workgroup server. More information on that in a minute)

clip_image184[4]

Select an existing Resource Group or create a new one:

clip_image186[4]

Type a name for the Server Management Tools Gateway and click create:

clip_image188[4]

When the gateway is provisioned, the configuration blade for the managed server will open:

clip_image190[4]

That blue notification bar states that the gateway is not detected. That’s because we haven’t installed the software piece on-premises yet. Close the blade that has the server you added and search for Server Management again. This time click on the Gateway option:

clip_image192[4]

The gateway we just created should be listed. Click on it and the configuration blade will open:

clip_image194[4]

Configuration blade:

clip_image196[4]

In the settings blade, click on Setup:

clip_image198[4]

In the Gateway configuration blade, click on “Generate Package Link” and then click on the icon to copy the URL to the clipboard:

clip_image200[4]

Paste the URL into your web browser and download the package to the on-premises server that will serve as the gateway server.

The download will be a zip file with a MSI and a json file. Extract the files into a directory on the gateway server:

clip_image202[4]

On the gateway server, double click on the MSI for the gateway server that was extracted to the server. This MSI will also work on Server Core and can be executed from the command line.

Accept the license terms and click Install:

clip_image204[4]

Click finish when the install completes:

clip_image206[4]

Go back to your Azure subscription and go to the server object you created earlier. I pinned mine to the dashboard, otherwise you can do a search for Server Management and find it:

clip_image208[4]

Click the “Manage As” button and enter your admin credentials. The server I’m using is joined to my domain, so I’m using those credentials. For workgroup servers use the SERVERNAME\administrator and the local password to connect:

clip_image210[4]

Click OK once you entered the credentials:

clip_image212[4]

It takes a few seconds to connect. Once it does, the blade should start showing information pulled from the on-premises server:

clip_image214[4]

Once connected you have access to the options on the right blade to manage the server as well as Restart and Shutdown.


Options available for Management:

Audit Logs

clip_image216[4]

Properties

clip_image218[4]

Computer Identification (Change name, join domain, etc)

clip_image220[4]

Local Administrators

clip_image222[4]

IP addresses

clip_image224[4]

Device Manager (See installed devices as well as any errors)

clip_image226[4]

 

Event Viewer

clip_image228[4]

clip_image229[4]

 

PowerShell

clip_image231[4]

Script editor with a Run button

clip_image233[4]

Processes

clip_image235[4]

Registry Editor

clip_image237[4]

Roles and Features (Show installed Roles and Features)

clip_image239[4]

Services (Start, Stop, Pause and Resume Services)

clip_image241[4]

Managing Workgroup machines in Server Management Tools (AKA Hey, I’m not part of a domain, how am I managed?)

In order to manage machines not part of a domain, WinRM will need to have the IP address of the machine you wish to manage added to the configuration on the gateway computer.

Note: Server Management Tools can be used to manage both Nano and full versions of Windows Server. SMT is not required to manage a Nano Server.

Login to the gateway server and open a command prompt as administrator and enter the following command:

winrm set winrm/config/client @{ TrustedHosts=”<<IP address>>” }

clip_image243[4]

To use the local administrator account on the Nano server, connect with a remote PowerShell session to the Nano Server being managed (See earlier in post) and run the following command:

REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1

clip_image245[4]

Finally, if the Nano Server being managed is on a different subnet than the gateway, use the remote session in the previous step or create a new one and run the following command:

NETSH advfirewall firewall add rule name=”WinRM 5985″ protocol=TCP dir=in localport=5985 action=allow

clip_image247[4]

Add the server to the console in Azure. Do not use the name though, use the IP address:

clip_image249[4]

When logging in, use the local administrator password:

clip_image251[4]

clip_image253[4]

I hope that this taste of Server Management tools in the Azure portal prompts you to go get a trial or login to a subscription and try them out. It’s a very early preview so the screens and options could change over time.

On to the Bonus Stuff!!!!!

 

Part 6: Bonus stuff (AKA The prize in the cereal box)

Create a custom Nano Server VHD and upload to Azure

There are Nano Server images in the marketplace on Azure that you can try out right now in your subscription, but what is the fun in that? We are going to create a Nano Server image that is customized to our liking and upload it to Azure and create a Virtual Machine in the cloud using Azure Resource Manager and PowerShell.

For the purposes of this demonstration, I’m going to generate a Nano Server VHD that is DHCP and in a workgroup, with IIS and the Guest Drivers installed:

Declare variables and build the command:

$mediapath = “C:\WINSRV2016TP4”

$basepath = “C:\Nano”

$targetpath = “C:\Nano\SUDLAB-IISN01.vhd”

$computername = “SUDLAB-IISN01”

New-NanoServerImage -MediaPath $mediapath -BasePath $basepath -TargetPath $targetpath -ComputerName $computername -Packages Microsoft-NanoServer-IIS-Package -GuestDrivers -EnableRemoteManagementPort

To get the VHD up to Azure, there are a couple of prerequisites that you need before you get started:

1. Azure Subscription (Trial or Existing)

2. Azure PowerShell Module (https://azure.microsoft.com/en-us/documentation/articles/powershell-install-configure/)

3. Azure Storage Account (New or Existing)

Login to subscription and create a storage account or use an existing one (If using existing, skip down past this section).

There are two ways to accomplish this, the portal way and the PowerShell way. There are also two different methods of deploying resources to Azure, the classic way and the resource manager way. Microsoft recommends all new deployments be done with resource manager.

 

Storage Account Creation

Portal

I’m going to show the portal way first.

Click on Browse and type “Storage Account”. Click on the first one, not classic:

clip_image255[4]

Click Add:

clip_image257[4]

Name the account, choose the type (I choose the cheapest possible) and place it in an existing resource group or create a new one. I’m going to reuse the one created for the Server Management Tools earlier. Click create:

clip_image259[4]

Remember the name of the storage account for the upload section.

 

PowerShell

Open a PowerShell session. The Azure PowerShell cmdlets will already be loaded if the Azure PowerShell module is installed.

Login to your Azure subscription with the following command:

Login-AzureRmAccount

clip_image261[4]

Fill in login information:

clip_image263[4]

Use the following command to get a list of the Azure Subscriptions that are assigned to your account. (You may only have one subscription, but I always check to make sure I’m on the right one by listing all the subscriptions I have):

Get-AzureRmSubscription

clip_image265[4]

I need to connect to the Free Trial subscription. I have my ID’s blurred out here, but I would then copy the one I want to connect to and use the following command to connect to that subscription:

Select-AzureRmSubscription -SubscriptionId “xxxx-xxxx-xxxx-xxxx”

clip_image267[4]

The storage account that will be used to hold the uploaded VHD needs to be a member of a Resource Group. You can list the Resource Groups in your subscription by running the following command:

Get-AzureRmResourceGroup

clip_image269[4]

I have one already that is left over from earlier in this post for the Server Management Tools. I’m going to create a new one for the VHD.

Use the following command to create a new Resource Group for the Storage Account:

New-AzureRmResourceGroup -Name YourResourceGroup -Location “REGION”

clip_image271[4]

Use the following command to create the storage account in the Resource Group:

New-AzureRmStorageAccount -ResourceGroupName YourResourceGroup -Name YourStorageAccountName -Location “Central US” -Type “Standard_LRS”

clip_image273[4]

 

Upload VHD to Storage Account

There are a few ways to upload the Nano Server VHD we created:

· Microsoft Azure Storage Explorer

From <http://storageexplorer.com/>

· Transfer data with the AzCopy Command-Line Utility

From <https://azure.microsoft.com/en-us/documentation/articles/storage-use-azcopy/>

· Azure PowerShell

I encourage you to check out Azure Storage Explorer and AzCopy. For the purposes of this post though, I’m going to use PowerShell.

If you have been following along, you should already have a session open from when we created the storage account. If not, and you are using a previous storage account or one that was created in the portal, go to the beginning of this section and log in to your subscription in Azure PowerShell.

Use the following command to upload the VHD to the storage account created in previous steps:

Add-AzureRmVhd -ResourceGroupName YourResourceGroup -Destination “<StorageAccountURL>/<BlobContainer>/<TargetVHDName>.vhd” -LocalFilePath <LocalPathOfVHDFile>

· Replace YourResourceGroup with the Resource Group created in the previous steps.

· The Storage Account URL is https://YourStorageAccountName.blob.core.windows.net

o Replace YourStorageAccountName with the name of the storage account created in previous steps.

· The BlobContainer section is the name of the container within the storage account that will contain the VHD. Up to this point we have an empty storage account. When this command is run, the container in the command will automatically be created.

· Finally fill in the target VHD name of the uploaded VHD and the local path to the Nano Server VHD we created earlier in this post. For ease of administration I make the Target VHD name the same as the local one.

clip_image275[4]

This can take some time to upload depending on upload speed:

clip_image277[4]

Here is a great reason for using the PowerShell ISE if you aren’t already. A status bar!!:

clip_image279[4]

When the upload completes, a confirmation of the location and upload success will be displayed:

clip_image281[4]

Create a Virtual Machine from the uploaded VHD

Use the existing session from the previous section or return there to login to the subscription where you want to create the VM.

Network Configuration

The first step to create VM is to establish the network configuration for the virtual machine. This section can be skipped if you’re using a Resource Group that already has an established VNET. For the purposes of this post and since my trial sub doesn’t have a network created, I’m going to walk through the commands to create the configuration.

Declare the Variables for the commands:

$pipName = “iisn-pip”

$rgName = “RG-Trial”

$location = “Central US”

$subnet1Name = “RG-Trial-VNET”

$vnetSubnetAddressPrefix = “10.60.1.0/24”

$vnetName = “Subnet-1”

$vnetAddressPrefix = “10.60.0.0/16”

$nicname = “iisn-nic”

To create a VM from an image using Resource Manager, the image has to be in the same storage account as where the image is located. I will be using the same storage account and resource group that I created in the previous sections.

Input network settings appropriate for your environment for the Subnet Prefix and VNET Prefix.

To create the network configuration, enter the following commands:

### This command creates the public IP address for the VM ###

$pip = New-AzureRmPublicIpAddress -Name $pipName -ResourceGroupName $rgName -Location $location -AllocationMethod Dynamic

clip_image283[4]

### This command creates the subnet configuration for the VNET ###

$subnetconfig = New-AzureRmVirtualNetworkSubnetConfig -Name $subnet1Name -AddressPrefix $vnetSubnetAddressPrefix

clip_image285[4]

### This command configures the VNET for the VM ###

$vnet = New-AzureRmVirtualNetwork -Name $vnetName -ResourceGroupName $rgName -Location $location -AddressPrefix $vnetAddressPrefix -Subnet $subnetconfig

clip_image287[4]

### This command configures the NIC for the VM ###

$nic = New-AzureRmNetworkInterface -Name $nicname -ResourceGroupName $rgName -Location $location -SubnetId $vnet.Subnets[0].Id -PublicIpAddressId $pip.Id

clip_image289[4]

 

Create Virtual Machine

The final process is to create the VM from the image we uploaded in the earlier section.

Declare the variables for the commands:

$storageAccName = “stortrial”

$vmName = “sudlab-iisn01”

$computerName = “sudlab-iisn01”

$osDiskName = “os-disk”

$urlOfUploadedImageVhd = “https://stortrial.blob.core.windows.net/vhd/sudlab-iisn01.vhd”

The storage account name is where the image and the VM will be created. The VM name and Computer name can be the same and finally name the OS Disk.

Retrieve the URL of the uploaded Nano Server VHD and place in a variable.

As part of this creation process, we also need to store the local administrator account name and password in a variable. To do this we execute the following command:

$cred = Get-Credential

Enter the Administrator account and password that you want for the VM in the pop up box:

clip_image291[4]

### This command puts the Resource Group and storage account into a variable for the configuration ###

$storageAcc = Get-AzureRmStorageAccount -ResourceGroupName $rgName -Name $storageAccName

clip_image293[4]

### This command places the VM configuration into a variable for the configuration ###

$vmConfig = New-AzureRmVMConfig -VMName $vmName -VMSize “Basic_A0”

clip_image295[4]

### This command places part of the configuration into a temporary variable ###

$vm = Set-AzureRmVMOperatingSystem -VM $vmConfig -Windows -ComputerName $computerName -Credential $cred -ProvisionVMAgent -EnableAutoUpdate

clip_image297[4]

### This command takes information from the previous variable, and builds upon the configuration into the same variable for the network interface of the VM ###

$vm = Add-AzureRmVMNetworkInterface -VM $vm -Id $nic.Id

clip_image299[4]

### This command builds the URI for the VHD for the VM ###

$osDiskUri = ‘{0}vhds/{1}{2}.vhd’ -f $storageAcc.PrimaryEndpoints.Blob.ToString(), $vmName.ToLower(), $osDiskName

clip_image301[4]

### This command builds the final variable to create the VM using all the previous commands and variables ###

$vm = Set-AzureRmVMOSDisk -VM $vm -Name $osDiskName -VhdUri $osDiskUri -CreateOption fromImage -SourceImageUri $urlOfUploadedImageVhd -Windows

clip_image303[4]

### Put it all together to create the VM ###

New-AzureRmVM -ResourceGroupName $rgName -Location $location -VM $vm

NOTE: This can take some time and won’t provide any feedback until the process is completed. If you are anxious, you can login to the portal and verify the VM is creating.

clip_image305[4]

NOTE: You might receive a time out error on the creation and it will say failed in the console.

This is because it’s a Nano server and the customization process can’t run when the image is deployed. The fix is to shut down the VM and then restart it.

You can navigate to the VM in the console and make sure it’s booted by seeing the Emergency Console screen:

clip_image307[4]

The server is booted, but we can’t connect to it and configure the services. For that we have to open the ports and create a Network Security Group for the VM.

Click on Browse in the Portal and search for Network Security. Click on Network Security Groups:

clip_image309[4]

Click On Add:

clip_image311[4]

Name the new NSG and connect it to the same resource group that the Nano Server VM is a member of and click create:

clip_image313[4]

Once the deployment is created, click Refresh and verify the group was created:

clip_image315[4]

Click on the NSG created, in my case NSG-Trial:

clip_image317[4]

Click on Inbound Security Rules and click the default rules button to view the default rules. These rules cannot be deleted:

clip_image319[4]

A Nano server can only be managed with PowerShell, so we need to open the inbound port for PowerShell by adding it to the NSG Inbound Rules. To do this click on Add:

clip_image321[4]

Name the rule and give it a priority higher than the other rules in the list. For the source port range, leave the default of *. For the destination port, put in the PowerShell port in of 5985. Click OK when finished:

clip_image323[4]

Since this is an IIS server, we need to allow Port 80 in to IIS on the server. To do that, click Add again and fill out the information for the rule and click OK:

clip_image325[4]

Verify the rules are created and in the list, then click on Outbound Security Rules:

clip_image327[4]

Click on Default rules to populate the default access rules into the list and view their settings. The default rules cannot be deleted and can only be viewed by toggling the Default Rules button:

clip_image329[4]

Click on Network Interfaces after confirming the Default Outbound Rules, and then click Associate:

clip_image331[4]

Select the Network Interface for the Nano Server VM:

clip_image333[4]

Verify it is associated in the Network Interface blade:

clip_image335[4]

The ports are now open. To test, obtain the external IP for the VM:

clip_image337[4]

Open a command prompt on the machine you will be connecting from as Administrator and add the IP to your trusted IP list for WINRM:

winrm set winrm/config/client @{TrustedHosts=”40.122.167.58″}

clip_image339[4]

Open PowerShell and create a new session to the Nano Server:

clip_image341[4]

New-PSSession -ComputerName 40.122.167.58 -Credential administrator

Enter-PSSession -Id 3

clip_image343[4]

Get-Process

clip_image345[4]

Final step, is to open a web browser and put in the IP:

clip_image347[4]

Congratulations! You have now successfully uploaded a Nano Server Custom Image to Azure with IIS and published it to the internet.

 

Deploy Nano Server on VMWare vSphere 6.0

Now we are going to get really crazy on this blog. I’m going to show you how to deploy a Nano Server on vSphere 6.0. I know that not every customer uses Hyper-V and that a large amount of our customers use VMWare. There are a couple of way to accomplish this.

· The first way is to use a third party tool to convert a generated Nano Server VHD to a VMDK. That VMDK can then be uploaded to a data store and a VM created in the vSphere console.

· The second way is booting an empty VM with a blank VMDK with WinPE and laying a Nano Server WIM file on to the VM.

Convert the VHD to a VMDK (AKA: The “Easy Way” Part 2)

Refer back to previous sections of this post on how to create a VHD with drivers and the OEM drivers installed. I’m going to use the VHD I created previously in the driver injection section. That VHD will have both the OEM drivers and the VMWare drivers already installed in the image.

First thing to do is to acquire the software to convert the VHD. I used a free tool from StarWind called the StarWind V2V image converter. The software can be downloaded from here:

https://www.starwindsoftware.com/converter

Download the software and install it to a location of your choice.

Run the software, click next.

clip_image349[4]

Choose the VHD you wish to convert by browsing for the VHD of the Nano Server. When finished adding the VHD, click Next:

clip_image351[4]

Choose “VMWare ESX Server Image” for the output format and click next:

clip_image353[4]

Click Next on the following screen without changing any of the options:

clip_image355[4]

Choose the destination for the converted VMDK and click Next:

clip_image357[4]

Status screen of Conversion:

clip_image359[4]

Click Finish when completed:

clip_image361[4]

The process creates two VMDK files. One is the VM and another is a pointer file. You must upload both to the data store for the VM to work properly:

clip_image363[4]

clip_image365[4]

Create a VM from the uploaded file. Nano Server on vSphere! Yay!

clip_image367[4]

clip_image369[4]

 

Image a blank VM with WinPE and a Nano Server WIM Image (AKA: The “Hard Way” Part 2)

This process is very similar to the process we used in an earlier part of this post to image a physical server. As with that process there are a couple of requirements to proceed:

· A WIM generated from the Windows Server 2016 TP4 media with the PowerShell Module from Refaat Issa’s blog

Deploying Nano Server to a Bare-Metal Machine using a WIM and WinPE

From <http://blogs.technet.com/b/nanoserver/archive/2015/12/01/deploying-nano-server-to-a-bare-metal-machine-using-a-wim-and-winpe.aspx>

· The Windows Automated Deployment Kit (Has WinPE in it)

Download the Windows ADK

From <https://msdn.microsoft.com/en-us/windows/hardware/dn913721.aspx>

Create an ISO image or USB key with Windows PE:

· WinPE: Create a Boot CD, DVD, ISO, or VHD

From <https://msdn.microsoft.com/en-us/library/windows/hardware/dn938385(v=vs.85).aspx>

· VMWare Tools

https://packages.vmware.com/tools/esx/latest/windows/x64/index.html

I’m going to generate a WIM image that uses DHCP, has IIS installed, is in a workgroup and has the OEM drivers and the VMWare drivers injected into the image. I have already extracted the drivers to a folder using the process in the Injecting Drivers section of this post.

Declare the variables and build the command:

$mediapath = “C:\WINSRV2016TP4”

$basepath = “C:\Nano”

$targetpath = “C:\Nano\SRV16-VMWIIS.wim”

$computername = “SRV16-VMWIIS”

$domain = “sudbringlab”

$driverspath = “C:\Nano\VMware\Drivers”

New-NanoServerWim -MediaPath $mediapath -BasePath $basepath -TargetPath $targetpath -ComputerName $computername -Packages Microsoft-NanoServer-IIS-Package -OEMDrivers -DriversPath $driverspath -EnableRemoteManagementPort

The next step is to create a blank VM in VMWare and mount the WinPE ISO you created as the boot device on the VM. Also, you will want another VMDK connected with the WIM copied to it so you have something to image from or copy the WIM to the WinPE ISO. I’m going to use a VMDK I have already created and have the WIM copied to.

Power the VM on and boot form the WinPE ISO:

clip_image371[4]

Once booted into WinPE, the C: drive should be the hard drive that is mounted to the VM that has the WIM file. If you copied the WIM to the WinPE iso, then disregard:

clip_image373[4]

Diskpart is now required to prepare the drive to apply the WIM File.

Diskpart.exe

Select disk 0

Clean

create partition primary size=300

format fs=ntfs label=”System Reserved” quick

assign letter=s

active

Create partition primary

Format FS=NTFS label=”NanoServer” quick

Assign letter=”n”

List volume

Exit

When finished the drive layout should look like this:

clip_image375[4]

Drive N: will be the drive that we apply the WIM file to with DISM. We will then run BCDBOOT to modify the BCD and boot into Nano Server.

Change to the drive letter or directory where the Nano Server WIM file is located, in my case C:

cd C:\

Apply the image to the N: Drive using Dism:

Dism.exe /apply-image /imagefile:C:\SRV16-VMWIIS.wim /index:1 /applydir:n:\

clip_image377[4]

Execute BCDBOOT to copy the boot files and edit the BCD to boot the drive we just applied the WIM file to:

Bcdboot.exe n:\Windows /s s:

clip_image379[4]

Dismount the ISO and the Tools hard drive if used and reboot the VM.

Congratulations!

clip_image381[4]

Login to the console and retrieve the IP address:

clip_image383[4]

Open a web browser and type in IP and verify IIS is running:

clip_image385[4]

Yay!!! IIS running on Nano Server on vSphere 6.0!!!

 

Summary

In the above sections we have looked at the console of the Nano Server as well as creating Nano Server images for Virtual Machines and Physical Servers. We also threw in some VMWare information and we looked at the Management process for Nano Server. I am very excited for the future of Windows and Windows Server. I encourage you to give Nano Server a try and to look into the new Server Management tools in Azure.

References

· Getting Started with Nano Server

From <https://technet.microsoft.com/en-us/library/mt126167.aspx>

· Windows Server Technical Preview 4 Evaluations

From <https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-technical-preview>

· Download the Windows ADK

From <https://msdn.microsoft.com/en-us/windows/hardware/dn913721.aspx>

· WinPE: Create a Boot CD, DVD, ISO, or VHD

From <https://msdn.microsoft.com/en-us/library/windows/hardware/dn938385(v=vs.85).aspx>

· Upload a Windows VM image to Microsoft Azure for Resource Manager deployments

From <https://azure.microsoft.com/en-us/documentation/articles/virtual-machines-upload-image-windows-resource-manager/>

· Deploying Nano Server to a Bare-Metal Machine using a WIM and WinPE

From <http://blogs.technet.com/b/nanoserver/archive/2015/12/01/deploying-nano-server-to-a-bare-metal-machine-using-a-wim-and-winpe.aspx>

· Windows Nano Server: Virtualization with VMware vSphere

From <http://social.technet.microsoft.com/wiki/contents/articles/32731.windows-nano-server-virtualization-with-vmware-vsphere.aspx>

· Offline Domain Join (Djoin.exe) Step-by-Step Guide

From <https://technet.microsoft.com/en-us/library/offline-domain-join-djoin-step-by-step(v=ws.10).aspx>

· Microsoft Azure Storage Explorer

From <http://storageexplorer.com/>

· Transfer data with the AzCopy Command-Line Utility

From <https://azure.microsoft.com/en-us/documentation/articles/storage-use-azcopy/>