Archive for January, 2013

Running into vague errors in Windows Server 2012 Server Core but not in Server with a GUI installations? Here’s one solution

ErrorbuttonThe last couple of months, I ran into a lot of problems on Server Core installations of Windows Server 2012. I used the same installation media as my Server with a GUI installations, but only the Server Core installations were experiencing problems.

Problems I encountered were:

  • Not able to receive an IPv4 address lease from a IPv4 DHCP Server and instead using an APIPA address.
  • Errors when setting the IPv4 address on a Network interface
    (both in sconfig, netsh and with PowerShell)
  • Errors when setting DNS Server addresses on a Network interface
    (both in sconfig, netsh and with PowerShell)
  • Error when allowing remote desktop in sconfig
  • Error when allowing remote firewall management in sconfig
  • Error when allowing the server to be pinged in sconfig
  • “Network location could not be reached” errors
  • “RPC Server unavailable” errors
  • Unable to join an Active Directory domain, while being able to resolve and ping Domain Controllers in the domain, or able to join the domain, but not being able to log on with domain credentials after reboot

I managed to work around some of the errors, but none of my Server Core installations ever made it into full-featured domain members. The problems persisted both in Hyper-V and VMware Workstation-based virtual machines and physical hosts.

Together with my colleague Adnan Hendricks, I troubleshooted the problem and eventually found the Installation Media was at fault. This was the installation media I downloaded from Microsoft TechNet and the Microsoft Volume Licensing Service Center (VLSC) on their first days.

When you download an iso file from Microsoft, you will always be shown a SHA1 checksum for your download. If you find yourself in vague problems (like the ones above) be sure to check the checksum. Download the installation media again, when checksums differ. Instructions and a downloadable program from Microsoft to check the checksums is available through Microsoft KnowledgeBase article 841290.

Tip!

When you download from Microsoft, always compare the checksums after downloading. When you run into problems like the ones above, try to download the installation media again and reinstall the boxes from scratch.

How to disable the Windows Firewall on Server Core installations of Windows Server 2012 and Hyper-V Server 2012

FirewallFrom the first Server Core installations of Windows Server 2008 to my latest installation of Hyper-V Server 2012, I have struggled with the Windows Firewall. It is turned on by default after installation and this is a good thing. However, when you’re testing remotely managing Server Core installations of Windows Server 2012 and Hyper-V Server 2012, the Windows Firewall gets in the way fast.

As it turns out, the Windows Firewall can be turned off quite easily. Two methods exist:

  1. Disable the Windows Firewall from the command line
  2. Disable the Windows Firewall through Group Policy

Disabling from the command line

If you want to disable the Windows Firewall from the command line for a single server, PowerShell is the fastest and most reliable method. The following PowerShell one-liner will disable the Windows Firewall for all Firewall profiles:

Get-NetFirewallProfile | Set-NetFirewallProfile -enabled false

 

Disabling through Group Policy

Group Policy can be used to change settings on thousands of computers at once. To disable the Windows Firewall through Group Policy, follow these instructions:

  • Log on to a Domain Controller, or a management station that has the Group Policy Management Console (GPMC) installed with sufficient permissions to create and link Group Policy objects. (GPOs)
  • Start the Group Policy Management Console (GPMC)
  • Select an appropriate level where you want to apply the Group Policy Object (GPO), for instance the domain-level or an Organizational Unit (OU) and right-click it. Select Create a GPO in this domain, and Link it here… from the context menu. Give it a meaningful name and press OK when done.
  • Now select the newly created Group Policy Object (GPO) and right-click it. Select Edit… from the context menu. This will open the Group Policy Management Editor.
  • Open Computer Configuration, Policies, Windows Settings, Security Settings, Windows Firewall with advanced security. Here, open Windows Firewall with advanced security. In the right-hand pane, click on the hyperlink Windows Firewall Properties.  
  • Here, the tabs represent the Firewall profiles: domain, private and public. You can select the Firewall state for each of these profiles.
  • When done, click OK. Then, close the Group Policy Management Editor.

After the default background refresh has occurred, the firewall will be disabled on all computers in the scope of the Group Policy Object (GPO). If you don’t want to wait that long, you can run gpupdate on the computers you want to, or (when you’re using the Group Policy Management Console on Windows 8 or Windows Server 2012) you can right-click on the level where you applied the Group Policy Object (GPO) and select Group Policy Update… from the context-menu.