Category Archives: Windows 2016

[WS2016]INSTALLING AND CONFIGURING IIS ON WINDOWS SERVER 2016 NANO -PART02

In the previous post, we covered basic implementation of Nano Server along with IIS Package. As the goal of our blog is to configure Website to host vSphere Update Manager repository in the Airgapped zone, we need to start focusing in that direction.

Now we have to start doing some initial work. If you refer to Vmware Installation and configuration guide, you have to add MIME types. For the beginners, we have added MIME types at IIS level and not per website. In the PowerShell script below, I have added MIME Types

Before we begin, let me open a remote session on Nano server

After the remote session is opened, paste following lines in the console which will be a session on Nano Server.

Even though it is not a requirement but the above script is enabling directory browsing at IIS level.

I have to enable it to show site is working.  It is worth noting that you can enable directory browsing per site level.

Probably I have not found a way to enable it per site level. I suggest you try to get some help on it. In production, it is strongly discouraged to enable directory browsing. Another point I would like you to note is to import IIS Administration module. These are the only module loaded in Nano. While doing some online search, you might come across Web Administration module which unfortunately is not available. In the above script Line, 8,9 and 13 are adding the MIME types to the website whereas Line 16,17 and 18 are optional but advisable as they assure you that changes we have made are incorporated. Finally, don’t forget to exit the session. I keep forgetting this step and keep wondering why some cmdlets are not working.

Next section is a bit involved and needs some concentration. To make it simple, I will break my codes into several lines. First, my aim is to get signed certificate from My Internal CA. As you might be aware, you need Certificate Signing Request (CSR) generated. In GUI world CSR creation on IIS is way too simple, but in non-GUI, you will need to know how it can be achieved using the command line. My knowledge on vSphere certificates helped me a lot.

To create CSR, you have to create INF file manually. Below is how it looks.

If you’re planning to use my script, just change the Subject i.e. line 4 to reflect you FQDN name of the site and save with filename. This filename should be taken into account in $inifile. My site is kzare.contoso.com. For testing, you must also create a DNS record.

INF file is CSR request but in RAW format. To truly generate a CSR in the below script,  you just have to type the following command stated in line:09.  Line 1 -7 are the variables I have declared.

Line 9 will create a file kzare_certreq.req. Please ensure you execute this command from c:\kzare which is a working directory.  Since we have a CSR, the most logically next step is to get it signed by CA. Below lines are doing that exactly

syd-dc is my CA host name, and contososyd-dc-ca is my CA name
The first line signs the certificate while the second line imports the certificate in default certificate store which is Personal store on my working server.

Now that certificate has got installed on the working server; we must export this certificate to Nano Server. As a first step, I have to export the certificate in PFX format which must have a password. Without the password, the private key will not get transferred to the file. All the variables I have declared at the start of the script, please to complete script at the end of this post. At the close of this script, we export the certificate along with private key in pfx format

Now that we have shipped the signed certificate along with private key we have a final task of copying it to Nano server

N.B.: Right now don’t read into variables. It will be clear when you read the entire script which I have pasted below.

I have learned that you cannot open an interactive session via a line in a script and start to execute the command via script line. But instead, you must open a session, capture that in a variable and then execute the block of the script against the session. So line 1 is opening the remote session, catching it in $NanoSession and from line 2 – 19 it is the script block I’m executing in the Nano Server

You might be wondering why I’m declaring variable there again (line 4-6)? Well, the reason is, it is an entirely different session, a session which is unaware of the variables.

Line:9 I’m importing the certificate in the personal store of Nano Server.

Line:12 You must import IIS module. Without which all the subsequent commands will crash.

Line:13 I’m creating  a site with default binding on port:80

Line:14 I’m capturing certificate stored in my personal store to retrieve thumbprint.

Line:15 I’m storing the thumbprint in the $thumprint variable

Line:16 I get all information from IIS Manager

Line:17 I’m filtering against the site name and adding SSL certificate

Line:18 Finally, You must commit changes

That is all for the blog post.

PowerShell, Nano do wonders
PowerShell, Nano do wonders

In Summary

  1. IIS Management tool is not available. Therefore you must use PowerShell to create and manage websites in IIS
  2. Nano Server footprint in the enterprise is subject to the availability of a very high skilled PowerShell administrators. Nothing to scare of, PowerShell is very easy to learn, the more you find, the more you start enjoying.
  3. You can create and manage sites on Nano server, but further delving is expected.
  4. I was able to achieve the business requirement of optimize VM footprint and limiting the Server cost. You can add value to the organization by optimizing deployment and management cost

Below is the full script

 

[Nutanix] Install Windows 2016 on AHV using prism portal

 

I’m onboarding myself on two major technologies this year. 1) Windows 2016 and 2) Nutanix. You might have observed in the previous post I have already installed and configured ABS. So that Journey has already started. I initially hesitated but finally bought a 1 TB of SSD for T20 Dell server. By far it is not a requirement, but since AOS 5.0 is released and tons of feature it has brought it I felt, worth the AED.

As the release of AOS 5.0 has coincided With Windows 2016 released. I thought it is worth covering Windows 2016 Step-by-Step post. As a first step, you need a Windows 2016 image. Click here to download the ISO.

To upload image in AHV, login to prism portal https://clusteripaddress

Continue reading [Nutanix] Install Windows 2016 on AHV using prism portal