ServerCore.Net

Tip! Get-DisplayResolution and Set-DisplayResolution also work on Full installations of Windows Server 2012

A quick look at the Windows PowerShell support for Windows Server 2012 page on TechNet reveals two PowerShell Cmdlet gems for Server Core installations:

• Get-DisplayResolution
• Set-DisplayResolution

These two PowerShell Cmdlets fill a huge gap many Server Core administrators faced in the Windows Server 2008 and Windows Server 2008 R2 timeframes. With these two cmdlets, it’s easy to change the display resolution (or screen resolution) on Server Core installations.

Although the page on TechNet suggests otherwise, these two PowerShell Cmdlets are not just limited to Server Core installations of Windows Server 2012: They also work on Full Installations of Windows Server 2012.

This presents an interesting opportunity, because one of Windows Server 2012’s system requirements is a 1024 x 768 display. Yet, with Set-DisplayResolution I can configure a 800×600 display resolution. Despite what you might expext, when configured with a 800×600, Windows Server 2012 will still display the Start Screen…

I use Set-DisplayResolution a lot for demos. One of my laptops has a 1366×768 display and virtual machines running within Hyper-V, aren’t able to show their entire screen. Changing the display resolution with Set-DisplayResolution on my virtualized Windows Server 2012 installations, makes their screens sit neatly above the Task Bar.

Thanks, Microsoft!

I posted a series on 4SysOps

I would like to point those looking at Server Core in Windows Server 2012, to 4SysOps.

I’ve posted a series there:

• Windows Server 2012 Server Core – Part 1: Benefits
• Windows Server 2012 Server Core – Part 2: Fire and forget
• Windows Server 2012 Server Core – Part 3: Installation
• Windows Server 2012 Server Core – Part 4: Upgrade
• Windows Server 2012 Server Core – Part 5: Tools
• Windows Server 2012 Server Core – Part 6: Configuration
• Server Core remote management – Part 1
• Server Core remote management – Part 2

Enjoy! 🙂

Tip! Use the Windows Server 2012 Server Core Evaluation

Although installing a Server Core installation takes significantly less time than installing a Server with a GUI, there is an even faster way to get started with Server Core, especially when the Product Key screen during installation or the download speed at your location are slowing you down.

Microsoft has made a pre-configured virtual hard disk (VHD) available, that enables you to evaluate Microsoft Windows Server 2012, Standard Edition in Server Core trim.

The two downloads, making up the evaluation, are 2GB in size together, which is even less than the download size of the Windows Server 2012 DVD…

After you’ve downloaded (, converted) and imported the virtual hard disk, you will need to create/assign a virtual network interface card (NIC) to the newly created virtual machines that has Internet access. This is a requirement to active the OS. You will have 10 days to activate this image, after which you will have 180 days of unlimited use. Once activated, you are no longer required to be connected to the Internet.

Download Windows Server 2012 Standard x64 Core EVAL

Happy evaluating!

Running into vague errors in Windows Server 2012 Server Core but not in Server with a GUI installations? Here’s one solution

The last couple of months, I ran into a lot of problems on Server Core installations of Windows Server 2012. I used the same installation media as my Server with a GUI installations, but only the Server Core installations were experiencing problems.

Problems I encountered were:

• Not able to receive an IPv4 address lease from a IPv4 DHCP Server and instead using an APIPA address.
• Errors when setting the IPv4 address on a Network interface
  (both in sconfig, netsh and with PowerShell)
• Errors when setting DNS Server addresses on a Network interface
  (both in sconfig, netsh and with PowerShell)
• Error when allowing remote desktop in sconfig
• Error when allowing remote firewall management in sconfig
• Error when allowing the server to be pinged in sconfig
• “Network location could not be reached” errors
• “RPC Server unavailable” errors
• Unable to join an Active Directory domain, while being able to resolve and ping Domain Controllers in the domain, or able to join the domain, but not being able to log on with domain credentials after reboot

I managed to work around some of the errors, but none of my Server Core installations ever made it into full-featured domain members. The problems persisted both in Hyper-V and VMware Workstation-based virtual machines and physical hosts.

Together with my colleague Adnan Hendricks, I troubleshooted the problem and eventually found the Installation Media was at fault. This was the installation media I downloaded from Microsoft TechNet and the Microsoft Volume Licensing Service Center (VLSC) on their first days.

When you download an iso file from Microsoft, you will always be shown a SHA1 checksum for your download. If you find yourself in vague problems (like the ones above) be sure to check the checksum. Download the installation media again, when checksums differ. Instructions and a downloadable program from Microsoft to check the checksums is available through Microsoft KnowledgeBase article 841290.

Tip!

When you download from Microsoft, always compare the checksums after downloading. When you run into problems like the ones above, try to download the installation media again and reinstall the boxes from scratch.

How to disable the Windows Firewall on Server Core installations of Windows Server 2012 and Hyper-V Server 2012

From the first Server Core installations of Windows Server 2008 to my latest installation of Hyper-V Server 2012, I have struggled with the Windows Firewall. It is turned on by default after installation and this is a good thing. However, when you’re testing remotely managing Server Core installations of Windows Server 2012 and Hyper-V Server 2012, the Windows Firewall gets in the way fast.

As it turns out, the Windows Firewall can be turned off quite easily. Two methods exist:

1. Disable the Windows Firewall from the command line
2. Disable the Windows Firewall through Group Policy

Disabling from the command line

If you want to disable the Windows Firewall from the command line for a single server, PowerShell is the fastest and most reliable method. The following PowerShell one-liner will disable the Windows Firewall for all Firewall profiles:

Get-NetFirewallProfile | Set-NetFirewallProfile -enabled false

Disabling through Group Policy

Group Policy can be used to change settings on thousands of computers at once. To disable the Windows Firewall through Group Policy, follow these instructions:

• Log on to a Domain Controller, or a management station that has the Group Policy Management Console (GPMC) installed with sufficient permissions to create and link Group Policy objects. (GPOs)
• Start the Group Policy Management Console (GPMC)
• Select an appropriate level where you want to apply the Group Policy Object (GPO), for instance the domain-level or an Organizational Unit (OU) and right-click it. Select Create a GPO in this domain, and Link it here… from the context menu. Give it a meaningful name and press OK when done.
• Now select the newly created Group Policy Object (GPO) and right-click it. Select Edit… from the context menu. This will open the Group Policy Management Editor.
• Open Computer Configuration, Policies, Windows Settings, Security Settings, Windows Firewall with advanced security. Here, open Windows Firewall with advanced security. In the right-hand pane, click on the hyperlink Windows Firewall Properties.  
• Here, the tabs represent the Firewall profiles: domain, private and public. You can select the Firewall state for each of these profiles.
• When done, click OK. Then, close the Group Policy Management Editor.

After the default background refresh has occurred, the firewall will be disabled on all computers in the scope of the Group Policy Object (GPO). If you don’t want to wait that long, you can run gpupdate on the computers you want to, or (when you’re using the Group Policy Management Console on Windows 8 or Windows Server 2012) you can right-click on the level where you applied the Group Policy Object (GPO) and select Group Policy Update… from the context-menu.

Upgrading a Windows Server 2008 R2-based Server Core Domain Controller or DNS Server to Windows Server 2012 hangs on blank screen

Server Core installations of Windows Server offer increased performance and higher availability, compared to their Full Installation and Minimal Shell couterparts. Once you get hooked on the idea of Server Core and have a couple of Server Core installations of Windows Server 2008 R2 running, you might even get the idea you can simply in-place upgrade them to Windows Server 2012.

In an ideal world you can, but unfortunately, due to a known issue, you cannot upgrade a domain controller that runs a Server Core installation of Windows Server 2008 R2 to a Server Core installation of Windows Server 2012. The issue is described in Microsoft Knowledgebase article 2734222.

The upgrade will hang on a solid black screen late in the upgrade process. Rebooting such DCs exposes an option in boot.ini file to roll back to the previous operating system version. An additional reboot triggers the automatic rollback to the previous operating system version.

Until a solution is available, it is recommended that you install a new domain controller running a Server Core installation of Windows Server 2012 instead of in-place upgrading an existing domain controller that runs a Server Core installation of Windows Server 2008 R2. Another option is to demote the Server Core installation and remove the DNS Server role. Then, you can successfully in-place upgrade the server, re-apply the DNS Server Role and promote the server again, but really… is that less work?

When a solution comes available, you’ll be the first to know.

KnowledgeBase: Errors connecting to Windows Server 2008 R2 or Windows Server 2012 Device Manager remotely

Last week, Microsoft has released a KnowledgeBase article titled Errors connecting to Windows Server 2008 R2 or Windows Server 2012 Device Manager remotely.

In this article, Microsoft tells us the reason why we can’t connect remotely to:

• Windows Server 2012 Device Manager from a Windows 8-based computer
• Windows Server 2012 Device Manager from a Windows 7-based computer
• Windows Server 2008 R2 Device Manager from a Windows 8-based computer
• Windows 8 Device Manager from a Windows 7-based computer

The reason behind this, is the fact that Remote access to the Plug and Play (PNP) RPC interface has been removed in Windows 8 and Windows Server 2012.

As a resolution, Microsoft suggests to login to the computer locally to utilize Device Manager.

While this sounds like some sort of workaround for Full Installations, on Server Core installations of Windows Server 2012, this won’t be possible, since devmgmt.msc is not a recognized command.

The work-around for Server Core installations is to install the Windows Server Management Infrastructure role. Use the following command line to perform this action:

Install-WindowsFeature Server-Gui-Mgmt-Infra –Restart

Related KnowledgeBase articles

2781106 Errors connecting to Windows Server 2008 R2 or Windows Server 2012 Device Manager remotely

KnowledgeBase: Unable to convert to Server with a GUI from Server Core on an upgraded Windows Server 2012 machine

Microsoft has released KnowledgeBase article 2775484, that describes a situation, where you’re unable to convert an upgraded Windows Server 2012 Full Installation to Server Core and back.

The situation

You upgrade a full installation of Windows Server 2008 x64 or Windows Server 2008 R2 to Windows Server 2012 and choose the option “Server with a GUI”.

After the upgrade you convert the Server with a GUI installation to Server Core.
In this scenario, if you try to convert back to Server with a GUI, the operation may fail and rollback to Server Core.

The cause

This problem occurs, because of three registry entires from Windows Server 2008 or Windows Server 2008 R2 being retained during the upgrade:

These three registry entries exist in

HKLMSOFTWAREMicrosoftWindowsCurrentVersionWINEVTPublishers

And are named:

• {bc2eeeec-b77a-4a52-b6a4-dffb1b1370cb}
• {57e0b31d-de8c-4181-bcd1-f70e880b49fc}
• {8c9dd1ad-e6e5-4b07-b455-684a9d879900}

The resolution

To be able to convert the Windows Server 2012 installation, these registry keys need to be removed.

You can perform these actions with RegEdit.ex, but, alternatively, you can start NotePad, paste the following three commands, save the file as a .bat file and then run it from an elevated command prompt:

reg delete HKLMSOFTWAREMicrosoftWindowsCurrentVersionWINEVTPublishers{bc2eeeec-b77a-4a52-b6a4-dffb1b1370cb}

reg delete HKLMSOFTWAREMicrosoftWindowsCurrentVersionWINEVTPublishers{57e0b31d-de8c-4181-bcd1-f70e880b49fc}

reg delete HKLMSOFTWAREMicrosoftWindowsCurrentVersionWINEVTPublishers{8c9dd1ad-e6e5-4b07-b455-684a9d879900}

After you restart the machine you will be able to convert the machine to a “Server with a GUI”.

Switching between the four GUI layers in Windows Server 2012 with PowerShell one-liners

Half a year ago, I’ve shown you how to switch the Graphical User Interface (GUI) in Windows Server 2012. This information allowed you to convert a Full Installation to a Server Core installation or the Minimal Shell (“MinShell”), then known as ‘Features on Demand’.

In the release of Windows Server 2012, Microsoft has made it super easy to switch the GUI with PowerShell. This was achieved by making the Server Features that compose the Graphical User Interface (GUI) interdependent, effectively layering them like a cake.

The four layers of GUI

The four layers that now have been created compose the following GUI modes:

• Server Core
  In Server Core, basically, none of the GUI Server Features have been enabled / all of the GUI Server Features have been disabled.
    
• Minimal Shell (“MinShell”)
  In the Minimal Shell, previously known as ‘Features on Demand’, the ‘Graphical Management Tools and Infrastructure’ feature has been enabled. This feature has no dependencies on the other GUI Features.
    
• Full Installation
  In a Full Installation, both the ‘Graphical Management Tools and Infrastructure’ and ‘Server Graphical Shell’ feature has been enabled. The latter feature has a dependency on the first feature; If you install the ‘Server Graphical Shell’ feature when in Server Core, the ‘Graphical Management Tools and Infrastructure’ will automatically be added.
    
• Full Installation with Desktop Experience
  If you enable the ‘Desktop Experience’ feature when in a Full Installation, you add the Windows RunTime, the Windows Store and thus the ability to buy, download and run Apps in the Start Screen. Note, however, that there is no automatic dependency resolution for the Desktop Experience feature. This feature can only be enabled when already in a Full Installation.

Switching

Now that we have knowledge of the layers, we can convert Full installations of Windows Server 2012 and MinShell installations of Windows Server 2012 to Server Core with just one line of PowerShell:

Uninstall-WindowsFeature Server-Gui-Mgmt-Infra -Restart

To convert a Full installation of Windows Server 2012 to MinShell, run the following PowerShell command:

Uninstall-WindowsFeature Server-Gui-Shell –Restart

To go from Server Core to MinShell, all you need to do is install the Graphical Management Tools and Infrastructure:

Install-WindowsFeature Server-Gui-Mgmt-Infra -Restart

To go from a Server Core installation of Windows Server 2012 or a MinShell installation of Windows Server 2012 to a Full Installation, simply add the Server Graphical Shell with the following command:

Install-WindowsFeature Server-Gui-Shell –Restart

Concluding

Switching between Full Installations, MinShell Installations and Server Core Installations on Windows Server 2012 is simple when you know how.

Use these simple one-liners to switch to your hearts content.

Further reading

Windows Server 2012 Installation Options

What would you choose? Flexibility vs. Disk Space

With Windows Server 2012, Microsoft has changed its Server Core strategy. In short, Microsoft now focuses on the flexibility to switch the Graphical User Interface (GUI) from a full installation to a minimal shell and even further down to server core, instead of reducing the disk space needed to run the Operating System. (the ‘disk foot print’)

Is this bad?

Many systems administrators will tout the advantages of a small disk foot print in the following ways:

1. Faster to implement
   With less data on a (virtual) disk, the Operating System can be deployed faster initially. When deploying over the network, less data needs to be transmitted, resulting in a faster deployment and also less strain on the network.
     
2. Less hardware needed
   If you need less disk space, you can use cheaper disks in your systems. When deploying virtual servers, less expensive SAN storage is needed.
     
3. More secure
   Less data on a disk results in a significantly smaller attack surface. If there’s less code in use, then less errors in code can be leveraged.

However, these three arguments are moot points.

First of all, I’ve rarely seen an admin sitting idly by a server watching it install its Operating System. If he/she is not documenting what he/she just did or already preparing next steps in the deployment process, he/she is probably checking out social media or solving another incident.

Second, disk hardware is not expensive anymore. The difference between a Server Core installation and a Full installation in Windows Server 2008 R2 is 7GB. You cannot buy physical disks in this size range. Also, on SAN storage, disk deduplication significantly decreases the factual disk foot print on the SAN itself.

The third point is a bit harder to debate, although the ‘in use’ part is the actual part of the sentence that makes the difference. While Server Core installations in Windows Server 2012 have a bigger disk foot print, a smaller percentage of that code is actually in use when you compare it to Windows Server 2008 R2-based Server Core installations. As I’ve explained in my blogpost Permanent Link to Updating Server Core and switching GUIs, a Server Core installation differs from a full installation by the amount of GUI-related features hardlinked to in the Side by Side store in the C:WindowsWinSxS folder, which in turn is linked to the C:WindowsServicingPackages folder.

Graphical

The diagrams below illustrate the differences in disk foot print between Server Core and Full installations of Windows Server 2008 R2 and Windows Server 2012:

The real impact

Apart from the flexibility Microsoft is giving us to switch between the full Graphical User Interface and more minimal user interfaces, there is some real impact with Microsofts new Server Core strategy. One of the most prominent areas of impact is virtual migrations, whether they are Storage vMotions, Storage Migrations (with System Center Virtual Machine Manager), Live Storage Migrations or Shared Nothing Live Migrations: Migrating the storage for a virtual machine running Server Core will take longer, since there is more disk data to transfer.

The alternative

An alternative way Microsoft could have shaped its new Server Core strategy would be with a ‘net-install’. We see these kinds of installs regularly with Linux flavors, where the base installer is run from a setup/live disk and every add-on component is downloaded from (distributed) repositories on the web. Given the recent certificate collision attacks on the Windows Update functionality, I think it’s a good thing Microsoft decided not to pursue this idea. It will be hard to guarantee the integrity of system files when you need to get these from the web.

What do you think?

Do you think Microsoft did the right thing to hand us the flexibility of switching GUIs in the way they did it, would you go for the alternative or would you fix Server Core in a whole other way?