Category Archives: scripted

[WS2016]INSTALLING AND CONFIGURING IIS ON WINDOWS SERVER 2016 NANO -PART02

In the previous post, we covered basic implementation of Nano Server along with IIS Package. As the goal of our blog is to configure Website to host vSphere Update Manager repository in the Airgapped zone, we need to start focusing in that direction.

Now we have to start doing some initial work. If you refer to Vmware Installation and configuration guide, you have to add MIME types. For the beginners, we have added MIME types at IIS level and not per website. In the PowerShell script below, I have added MIME Types

Before we begin, let me open a remote session on Nano server

After the remote session is opened, paste following lines in the console which will be a session on Nano Server.

Even though it is not a requirement but the above script is enabling directory browsing at IIS level.

I have to enable it to show site is working.  It is worth noting that you can enable directory browsing per site level.

Probably I have not found a way to enable it per site level. I suggest you try to get some help on it. In production, it is strongly discouraged to enable directory browsing. Another point I would like you to note is to import IIS Administration module. These are the only module loaded in Nano. While doing some online search, you might come across Web Administration module which unfortunately is not available. In the above script Line, 8,9 and 13 are adding the MIME types to the website whereas Line 16,17 and 18 are optional but advisable as they assure you that changes we have made are incorporated. Finally, don’t forget to exit the session. I keep forgetting this step and keep wondering why some cmdlets are not working.

Next section is a bit involved and needs some concentration. To make it simple, I will break my codes into several lines. First, my aim is to get signed certificate from My Internal CA. As you might be aware, you need Certificate Signing Request (CSR) generated. In GUI world CSR creation on IIS is way too simple, but in non-GUI, you will need to know how it can be achieved using the command line. My knowledge on vSphere certificates helped me a lot.

To create CSR, you have to create INF file manually. Below is how it looks.

If you’re planning to use my script, just change the Subject i.e. line 4 to reflect you FQDN name of the site and save with filename. This filename should be taken into account in $inifile. My site is kzare.contoso.com. For testing, you must also create a DNS record.

INF file is CSR request but in RAW format. To truly generate a CSR in the below script,  you just have to type the following command stated in line:09.  Line 1 -7 are the variables I have declared.

Line 9 will create a file kzare_certreq.req. Please ensure you execute this command from c:\kzare which is a working directory.  Since we have a CSR, the most logically next step is to get it signed by CA. Below lines are doing that exactly

syd-dc is my CA host name, and contososyd-dc-ca is my CA name
The first line signs the certificate while the second line imports the certificate in default certificate store which is Personal store on my working server.

Now that certificate has got installed on the working server; we must export this certificate to Nano Server. As a first step, I have to export the certificate in PFX format which must have a password. Without the password, the private key will not get transferred to the file. All the variables I have declared at the start of the script, please to complete script at the end of this post. At the close of this script, we export the certificate along with private key in pfx format

Now that we have shipped the signed certificate along with private key we have a final task of copying it to Nano server

N.B.: Right now don’t read into variables. It will be clear when you read the entire script which I have pasted below.

I have learned that you cannot open an interactive session via a line in a script and start to execute the command via script line. But instead, you must open a session, capture that in a variable and then execute the block of the script against the session. So line 1 is opening the remote session, catching it in $NanoSession and from line 2 – 19 it is the script block I’m executing in the Nano Server

You might be wondering why I’m declaring variable there again (line 4-6)? Well, the reason is, it is an entirely different session, a session which is unaware of the variables.

Line:9 I’m importing the certificate in the personal store of Nano Server.

Line:12 You must import IIS module. Without which all the subsequent commands will crash.

Line:13 I’m creating  a site with default binding on port:80

Line:14 I’m capturing certificate stored in my personal store to retrieve thumbprint.

Line:15 I’m storing the thumbprint in the $thumprint variable

Line:16 I get all information from IIS Manager

Line:17 I’m filtering against the site name and adding SSL certificate

Line:18 Finally, You must commit changes

That is all for the blog post.

PowerShell, Nano do wonders
PowerShell, Nano do wonders

In Summary

  1. IIS Management tool is not available. Therefore you must use PowerShell to create and manage websites in IIS
  2. Nano Server footprint in the enterprise is subject to the availability of a very high skilled PowerShell administrators. Nothing to scare of, PowerShell is very easy to learn, the more you find, the more you start enjoying.
  3. You can create and manage sites on Nano server, but further delving is expected.
  4. I was able to achieve the business requirement of optimize VM footprint and limiting the Server cost. You can add value to the organization by optimizing deployment and management cost

Below is the full script

 

performing scripted installation of esxi by pxe booting the installer

 

Of course internet community is full of blogs on how to do ESXi4.1 scripted installation. Based on those materials I’m here to show how to integrate both ESXi4.1 and ESXi5.0 under same PXE server. Trust me very simple (No Big Deal), nothing too much different. All you need to know what is changed I ESXi5.0.

PRE-REQUISITE

  1. WebServer – I prefer IIS
  2. TFTP Server – I Prefer SolarWinds
  3. PXE I prefer pxelinux.0
  4. DHCP Server – I Prefer Microsoft DHCP

A. WebServer Configurations:

1.Install IIS webserver using next next Smile.

2.Configure MIME Type as shown below

image

3. Create folders ESXi and ESXi5 under C:Inetpubwwwroot

image

4. Extract ESXi 5.0 ISO here as shown here  and 4.1U1 as shown below

image

B. TFTP Server Configuration

Download free TFTP server from SolarWinds

Installation is pretty straight forward. SolarWinds all products are very simple to install and configure. I love their syslog server and had blog about it in the past here

Once installed, there is no configuration needed, just ensure you PXE directory defined as per your requirement C:PXE (where all files for PXE booting will reside)

image

Under PXEboot folder create folder structure shown below

image

Download pxelinux.0 from http://ping.windowsdream.com/dl/pxelinux.0 and copy it in C:PXEboot directory as shown below also copy menu.c32. This file helps us boot the server, no modification is needed in this file. Just copy it there.

image

Open pxelinux.cfg folder and create a file without extension as default, as shown below

image

Open default file in wordpad(not notepad) and copy below text into it.Changes highlighted in yellow below

DEFAULT menu.c32
MENU TITLE ESXi Installation
NOHALT 1
PROMPT 0
TIMEOUT 80
LABEL install
  MENU LABEL ESXi5 ^Installer
  KERNEL ESXi5/mboot.c32
  APPEND -c ESXi5/boot.cfg

label ESXi4.1U1 Installer
menu label ^ESXi4.1U1 Installer
kernel ESXi/mboot.c32
append ESXi/vmkboot.gz ks=
http://192.168.73.168/ESXi/ks.cfg — ESXi/vmkernel.gz — ESXi/sys.vgz — ESXi/cim.vgz — ESXi/ienviron.vgz — ESXi/install.vgz

 

LABEL hddboot
  LOCALBOOT 0x80
  MENU LABEL ^Boot from local disk

Copy following 8 files in to C:PXEbootESXi shown below. These files are copied from C:InetpubwwwrootESXi, these files are needed only for ESXi4.1U1 installation and should be copied in ESXi folder only

Only for ESXi4.1

Similar copy all files from C:InetpubwwwrootESXi5 to C:PXEbootESXi5 as shown below.

Only for ESXi5.0

Only for ESXi5.0 you have to edit boot.cfg file in C:PXEbootESXi5 and that also only one line you need to modify (just to capture screen capture I have opened this file in notepad)

boot.cfg to edit only for ESXi5.0

C. DHCP Server – Configuration

Define the scope in DHCP as per your requirements

Add following two options to DHCP server and done

image

All done and now time to test Thumbs up

image

Install ESXi5.0 from a CD or DVD Using a Script

In the previous post we saw how to interactively install ESXi, here I will show you how to install using script. Only difference between this method and interactive method is you do not need provide any inputs. Just one simple line pointing to ks.cfg file and all done.

What you need? i.e. pre-requisites

  1. IIS or any Webserver
  2. ISO image to burn it on CD/DVD (assuming you do not have ILO)

Configuration of IIS Server

  1. Install IIS using standard next next method. Nothing special there.
  2. Extract ESXi5.0 ISO image using ISO Buster
  3. Below is what it might look after extracting the imageimage
  4. Create a folder by name e.g. ESXi5 under C:Inetpubwwwroot as shown below and copy the above files or entire content of the CD image
  5. Create a answer file with name ks.cfg as shown below

#
# Sample scripted installation file
#
# Accept the VMware End User License Agreement
vmaccepteula
# Set the root password for the DCUI and Tech Support Mode
rootpw mypassword
# Install on the first local disk available on machine
install –firstdisk –overwritevmfs
# Set the network to DHCP on the first network adapater
network –bootproto=dhcp –device=vmnic0

# Reboot the OS but do not eject CD.

reboot –-noeject

  1. Copy the ks.cfg file into C:InetpubwwwrootESXi5
  2. Start the server, ensure it boots from the CD as shown below and press enterimage
  3. When you see below screen press SHIFT + Oimage

  4. You get below screen, remove run runweasel by press backspaceimage

  5. Type the webserver address as shown belowimage
  6. Press Enter and watch the stuff.