Category Archives: powershell

[WS2016]INSTALLING AND CONFIGURING IIS ON WINDOWS SERVER 2016 NANO -PART02

In the previous post, we covered basic implementation of Nano Server along with IIS Package. As the goal of our blog is to configure Website to host vSphere Update Manager repository in the Airgapped zone, we need to start focusing in that direction.

Now we have to start doing some initial work. If you refer to Vmware Installation and configuration guide, you have to add MIME types. For the beginners, we have added MIME types at IIS level and not per website. In the PowerShell script below, I have added MIME Types

Before we begin, let me open a remote session on Nano server

After the remote session is opened, paste following lines in the console which will be a session on Nano Server.

Even though it is not a requirement but the above script is enabling directory browsing at IIS level.

I have to enable it to show site is working.  It is worth noting that you can enable directory browsing per site level.

Probably I have not found a way to enable it per site level. I suggest you try to get some help on it. In production, it is strongly discouraged to enable directory browsing. Another point I would like you to note is to import IIS Administration module. These are the only module loaded in Nano. While doing some online search, you might come across Web Administration module which unfortunately is not available. In the above script Line, 8,9 and 13 are adding the MIME types to the website whereas Line 16,17 and 18 are optional but advisable as they assure you that changes we have made are incorporated. Finally, don’t forget to exit the session. I keep forgetting this step and keep wondering why some cmdlets are not working.

Next section is a bit involved and needs some concentration. To make it simple, I will break my codes into several lines. First, my aim is to get signed certificate from My Internal CA. As you might be aware, you need Certificate Signing Request (CSR) generated. In GUI world CSR creation on IIS is way too simple, but in non-GUI, you will need to know how it can be achieved using the command line. My knowledge on vSphere certificates helped me a lot.

To create CSR, you have to create INF file manually. Below is how it looks.

If you’re planning to use my script, just change the Subject i.e. line 4 to reflect you FQDN name of the site and save with filename. This filename should be taken into account in $inifile. My site is kzare.contoso.com. For testing, you must also create a DNS record.

INF file is CSR request but in RAW format. To truly generate a CSR in the below script,  you just have to type the following command stated in line:09.  Line 1 -7 are the variables I have declared.

Line 9 will create a file kzare_certreq.req. Please ensure you execute this command from c:\kzare which is a working directory.  Since we have a CSR, the most logically next step is to get it signed by CA. Below lines are doing that exactly

syd-dc is my CA host name, and contososyd-dc-ca is my CA name
The first line signs the certificate while the second line imports the certificate in default certificate store which is Personal store on my working server.

Now that certificate has got installed on the working server; we must export this certificate to Nano Server. As a first step, I have to export the certificate in PFX format which must have a password. Without the password, the private key will not get transferred to the file. All the variables I have declared at the start of the script, please to complete script at the end of this post. At the close of this script, we export the certificate along with private key in pfx format

Now that we have shipped the signed certificate along with private key we have a final task of copying it to Nano server

N.B.: Right now don’t read into variables. It will be clear when you read the entire script which I have pasted below.

I have learned that you cannot open an interactive session via a line in a script and start to execute the command via script line. But instead, you must open a session, capture that in a variable and then execute the block of the script against the session. So line 1 is opening the remote session, catching it in $NanoSession and from line 2 – 19 it is the script block I’m executing in the Nano Server

You might be wondering why I’m declaring variable there again (line 4-6)? Well, the reason is, it is an entirely different session, a session which is unaware of the variables.

Line:9 I’m importing the certificate in the personal store of Nano Server.

Line:12 You must import IIS module. Without which all the subsequent commands will crash.

Line:13 I’m creating  a site with default binding on port:80

Line:14 I’m capturing certificate stored in my personal store to retrieve thumbprint.

Line:15 I’m storing the thumbprint in the $thumprint variable

Line:16 I get all information from IIS Manager

Line:17 I’m filtering against the site name and adding SSL certificate

Line:18 Finally, You must commit changes

That is all for the blog post.

PowerShell, Nano do wonders
PowerShell, Nano do wonders

In Summary

  1. IIS Management tool is not available. Therefore you must use PowerShell to create and manage websites in IIS
  2. Nano Server footprint in the enterprise is subject to the availability of a very high skilled PowerShell administrators. Nothing to scare of, PowerShell is very easy to learn, the more you find, the more you start enjoying.
  3. You can create and manage sites on Nano server, but further delving is expected.
  4. I was able to achieve the business requirement of optimize VM footprint and limiting the Server cost. You can add value to the organization by optimizing deployment and management cost

Below is the full script

 

[WS2016]Installing and Configuring IIS on Windows Server 2016 Nano -Part01

I believe the best method to learn any technology is to teach someone or implement it. I prefer to deploy and try out for myself. Having said that I’m open to teaching if required. I have recently started exploring the feasibility of using Windows Server 2016 Nano for the Production environment. There are at least four use cases for Windows Nano one of them is using Windows IIS Server which I will describe here. Given that I know I have IIS role available on Nano I was examining to put this in right learning form. The closest and easiest I could think of Web Server is required for vSphere Update Manager (VUM) when it is configured in Air-Gapped mode.

So let’s get rolling so that we can take a look at it.

Here is the list of things we need to Build an Air Gapped VUM

  1. Web Server in DMZ
  2. Operating System for Web Server
  3. Storage space for Update Repository
  4. Optional but Strongly recommended to have Certificate Authority configured.

 

Installing Nano Server with IIS Package

Nano server can be deployed using two methods. The First method which is very popular is PowerShell and second method know to few is the GUI based. I’ll cover here PowerShell approach while GUI based approach is covered here

So what we need to achieve our goal. [Pre-requisites]
  1. Windows 2016 ISO
  2. Windows 10 or Windows 2016 Machine (Yes can’t do this on Windows 8.1. The dism version which ships with Windows 8.1 is older and cannot be replaced or upgraded using Windows Assessment and Deployment Kit (ADK).
  3. Working directory
I will cover it in two part. In part01 I will cover how to Package, Install and Configure Nano server. In part02 I will cover how to set up IIS server.

 

As a first step, you must import Nano Server PowerShell package. Where is this package? Well, it is in Windows 2016 ISO. Double click ISO. It will automatically mount. Open Powershell ISE (Elevated Prompt) and run following command to import NanoServerImageGenerator Module

Import-Module D:\NanoServer\NanoServerImageGenerator -Verbose
Import-Module D:\NanoServer\NanoServerImageGenerator -Verbose

To confirm whether the NanoServerImageGenerator Module is imported, type the following command. Yes ! Only three commands and 99% of the time you will use only one command.

Get-Command -Module NanoServerImageGenerator
Get-Command -Module NanoServerImageGenerator

Now before you start the process of creating the image, you might need to find the package name. To find package name, you must install package provider.

If the above installation is successful, then you should be able to find the following command

and the output of the command will be exactly as below

Find-NanoServerPackage
Find-NanoServerPackage

Create Nano Server Image

Once our pre-requisites are ready, then we can start building Nano Image. As mentioned above, you need either Windows 10 or Windows Server 2016 to create this image and working directory. I have used Windows Server 2016.

Now let’s begin the process of creating Nano Image. I’ll be building Virtual Image. Assuming you are still in Powershell session, type the following command. Below screen capture is from Powershell and not from PowerShell ISE. I’m not aware how to create multiple lines of codes in Powershell ISE. After pressing Enter on the preceding command, you will be prompted for the Administrator password. Supply the password to begin image building process.

New-NanoServerImage
New-NanoServerImage

I have tabulated the parameter of the command below and provided explanation against each.

Parameters Comments
Edition Standard or Enterprise a decision If you will use Hyper-V
Deployment Type Guest or Host. Guest is for Virtual Machine and Host is for Hyper-V. If you are going to host Hyper-V role on it, then the role is Host
Package The package you wish to deploy. To find out the package available, please refer to screen capture with Title ‘Find-NanoServerPackage’ above. In my case, I have to select IIS Package
IPv4 You will typically deploy Server with Static IP. For IP Address, Subnet Mark, Gateway and DNS Server
EnableRemoteManagementPort Enable Remote Management. This port is a must.
ComputerName Name of the server. This name is the Guest OS name
MediaPath Path to ISO. It is the path of ISO image
TargetPath Path where to create Image i.e. VHDX file which will be our working directory
InterfaceNameorIndex Name of the Network Card. In all cases it is Ethernet.

There are other parameters which I have not used here as it is not required.

Now our image is ready to be deployed, So let’s deploy it. Before you do that copy .vhdx file into Hyper-V working directory.

I’m using Hyper-V manager. Detailed eight steps procedure is captured in the screen capture below.

Deploy Nano Image using Hyper-V manager
Deploy Nano Image using Hyper-V manager

A point to note is in Step:04 you must select Generation:02 as we have selected VHDX extension while creating NanoServer Image.

After you press Finish, Nano VM is created, and it is ready to be powered on. Why not power it on then? Power on the Virtual Machine. VM will be powered on immediately, but it will take few seconds to join to the domain and Install IIS Package. After that few seconds gap, you will be looking at the console of brand new Nano Server

Nano Server is now up and Running
Nano Server is now up and Running

There is no practical need to login to this console as we have already configured IP Address, DNS and domain join. In the below screen I have logged in using contoso.com credentials. This screen is referred as Nano Server Recovery Console. The recovery console screen is to reset Networking configuration.

As we are here, let’s take a look at our available options.

Logged into Nano Server using Domain Account
Logged into Nano Server using Domain Account

I always like to enable Ping on all Windows Server leaving firewall enabled. Click on Inbound firewall rules, press Enter scroll down till you see ICMP IPv4 shown below. Press enter to modify the rule by press F4 which will toggle Enable or Disable. It is the only rule you can change in this console. You might think, hey! Wait I can achieve similar thing from GroupPolicy. But GroupPolicy is not supported on Nano

Though I have shown how to achieve it here, it is not the requirement.

Disable ICMP Ping rule in Windows Nano Server
Disable ICMP Ping rule in Windows Nano Server

Manage Nano Server using Server Manager

Open Server Manager from our working server and follow the steps mentioned or the screen capture for the steps

  1. Click on All Servers
  2. Right click and Add Server
  3. Select Find Now and choose the NanoIIS03 from the list
  4. Move the compute

 

Manage Nano Server using Server Manager
Manage Nano Server using Server Manager

If Firewall ports are opened, the Online status will be immediately visible.

Nano Server Added to Server Manager
Nano Server Added to Server Manager

Before We conclude this post, let me walk you through the basic configuration you might have to do on the nano server.

Set Time Zone on Nano Server

Time Zone must be changed to match to your region. It is critical to check if the time of the server is matching.  If the time difference is more than 5 minutes Domain, Join will fail.

Remote into nano Server using our familiar command

Set Time Zone on Nano Server

Increase the Disk Size on Nano Server
  1. Right click on Nano server, then select settings
  2. Find the Hard Drive and press Edit as shown below
Press Edit to Expand Disk Online
Press Edit to Expand Disk Online

Provide the new size.  Note I have skipped few unimportant screens. In below example, I have increased the size from 4 GB to 10 GB

Enter New Size to Expand Disk

Enter New Size to Expand DiskPress finish which will increase the disk size. This action will increase the disk size but not at the disk level. To the extent the C:\ you need to get disk and partition details in a variable and then use max size method to increase it.

  1. Get Partition command will give details of Partition available on Nano Server. I’m assuming you still have the remote session on nano server.

  1. Select the right partition. In my case, it is Disk 0 and Partition 4. Capture output of this command in variable $Extvol.

  1. Extend partition using Resize-Partition command. Most important variable essential to extend the partition is

Following screen capture is sequence of command executed in PowerShell

Extend the Volume using Powershell

Extend the Volume using Powershell.

In case you wish to avoid PowerShell in extending disk you can easily do so by installing file server role. All you need is to add -storage shown below

In the second post, I will cover how to create IIS site and configure it to host the repository of vSphere Updates.

Nutanix acropolis block services–part03

In this post (Part:03) I’m covering how to configure Nutanix Acropolis Block Services (ABS). Before I start I would like to recap what was covered in Part01 and Part02.

In Part01, I covered the basics of ABS, notably new terminology, and its benefits over the previously introduced iSCSI services. I also took the opportunity to discuss in detail the use cases, especially Oracle database support.

In Part02, I discussed various considerations illustrating design considerations, especially CVM Failure scenario.

“In summary Part01 & Part02 are great to read about, but how do I actually get started fiddling around with this for myself?”

It is the main goal of this “How to post”, it is a long post. I will first configure iSCSI initiator. For iSCSI initiator, I’m using Windows 2012 R2. In case you wish to know Linux part refer official guide from Nutanix. Continue reading Nutanix acropolis block services–part03