The Sysadmins

Tips and tricks from the Sysadmins

Category: Windows Server 2012

Licensing – Upgrade 2008 R2 KMS Host to Support Server 2012 and Windows 8

This post will cover updating an existing Server 2008 R2 KMS host to allow the activation of Server 2012 and Windows 8 clients. The update will carry across your existing activation count and if you currently use your KMS host for Microsoft Office activations, this will go untouched.

Once this update has been applied the KMS host will be able to service the following KMS clients:

  • Windows Server 2012
  • Windows Server 2008 R2
  • Windows Server 2008
  • Windows 8
  • Windows 7
  • Windows Vista

Before running the update, I’d recommend you record the output of your existing configuration by running:

slmgr /dli all > before.txt.

Download the required KB2757817 update package from here: http://support.microsoft.com/kb/2757817

Run the installer and select yes.

Update kms for server 2012

Update KMS to support Windows 8

Update KMS to support Server 2012

Once the installation is complete you must restart the server.

To install and activate your new KMS license key. Use the following command to add the new key:

cscript %windir%\system32\slmgr.vbs /ipk

Then to activate:

cscript %windir%\system32\slmgr.vbs /ato

cscript %windir%\system32\slmgr.vbs /ipk

Now would be a good time to run slmgr /dli all > after.txt and compare with your results from earlier. The text file should state:

Name: Windows Server(R), ServerStandard edition
Description: Windows Operating System – Windows Server(R), VOLUME_KMS_2012_C channel
Partial Product Key: partialkeyhere
License Status: Licensed

If you want some additional confirmation, dig into the key management event log and look for events with the ID of 12290. You’re mainly looking for the license state near the far right, you want to see “1” meaning the client is activated. Here are the various licensing states:

  • 0 – Unlicensed
  • 1 – Licensed (Activated)
  • 2 – OOB grace
  • 3 – OOT grace
  • 4 – NonGenuineGrace
  • 5 – Notifications
  • 6 – Extended Grace
Troubleshooting KMS Event Log

Troubleshooting KMS Event Log

More information about troubleshooting KMS can be found here: http://technet.microsoft.com/en-us/library/ee939272.aspx

Server 2012 – Moving Between GUI, Core and Minimal Server Interface

Last year I looked at installing and configuring Server 2008 R2 Core (here and here). One of the limitations of Server 2008 R2 core, was that once it was installed, that was it. There was no way of adding the GUI at a later date, you were stuck with it- and vice versa, you couldn’t strip the GUI install down to the core version.

Microsoft appreciated this limitation and have added the functionality to Server 2012, not only that but they’ve also added a halfway house known as the Minimal Server Interface… more on that later.

One of the cool new abilities with 2012, is that you can now configure the server as normal with the GUI, and then ‘take it back to the core’ once you have finished! Great for those who were put off by the potential complexity of learning new commands and administration techniques with core-only.

Switch from Server 2012 Core to GUI

If you install Server Core, the binaries to add the GUI aren’t present (resulting in a smaller footprint). This however means you either need to grab it from a local source, or use Windows Update. The binaries can be quite large, so I suggest you grab them from a local source. if you can.

I’m using Hyper-V and have mounted the Server 2012 install media ISO to the guest, which inside Windows is the D drive.

We first need to see which WIM index is required (the SKU/SKU version).

Dism /get-wiminfo /wimfile:D:\sources\install.wim

We’re using the Datacentre edition, so we’ll use index 4.

There are a couple of ways to specify the source, some people mount the wim to a local folder, but this one liner simplifies the process and achieves what we’re after, to get the binaries from the install.wim and install the required features. The server will restart after the installation is complete as we’ve specified -restart.

Install-WindowsFeature Server-Gui-Mgmt-Infra,Server-Gui-Shell -Restart -source:wim:d:\sources\install.wim:4

Server2012-CoretoGui-3

This process should take around 5-10 minutes, after the server has restarted you will be presented with the GUI. If you find the installation process gets stuck on 68%, chances are you haven’t entered the source or index correctly and the binaries are being pulled down from Windows Update. You can always disconnect/disable the NIC at this stage to test.

Server2012-CoretoGui-2

Switch from Server 2012 GUI to Core

There are two easy methods for removing the GUI and getting back to Core.

With Powershell:

remove-WindowsFeature Server-Gui-Shell,Server-Gui-Mgmt-Infra -restart

Server2012-GuitoCore-1

With Server Manager:

  • Select Remove Roles or Features
  • Untick the Graphical Management Tools and Infrastructure and the Server Graphical Shell from the features page
  • Reboot the Server with shutdown /r /t /0 or winkey+i -> Power -> Restart

Server2012-GuitoCore-2

Switch from Server 2012 GUI to Minimal Server interface

In Windows Server 2012, you can remove the Server Graphical Shell, resulting in the Minimal Server Interface. This is similar to a Server with a GUI installation, but Internet Explorer 10, Windows Explorer, the desktop, and the Start screen are not installed. Microsoft Management Console (MMC), Server Manager, and a subset of the Control Panel are still present.

With Powershell:

remove-WindowsFeature Server-Gui-Shell -restart

Server2012-Guitominimal

With Server Manager:

  • Select Remove Roles or Features
  • Untick Server Graphical Shell from the features page
  • Reboot the Server with shutdown /r /t /0 or winkey+i -> Power -> Restart

Switch from Server 2012 Core to Minimal Server Interface

With Powershell:

Install-WindowsFeature Server-Gui-Mgmt-Infra -restart -source:wim:d:\sources\install.wim:4

Server2012-Coretominimal

Server 2012 – Active Directory Fine Grained Passwords Revisited

Fine grained password policies (FGPP) were introduced back in Server 2008, and the process for creating them, whilst not massively difficult wasn’t particularly intuitive. Microsoft have improved this a lot with Server 2012, custom password policies are now easier to create, assign and monitor.

How to Create a Password Setting

Open Active Directory Administrative Center, expand System, find the password settings container, select new and password settings.

2012-FineGrained-1

These settings should all be familiar to you, if you’ve ever set a domain password policy before with group policy. If not, please refer to this Technet page for more detail about each of the settings.

In this example I’ve disabled the account lockout policy, and added the Sales security group.

2012-FineGrained-2

To add users or groups, select add and find the object in Active Directory.

2012-FineGrained-6

View members of a password setting, or check if a user has a password setting applied

There are two easy ways to find which users or groups are assigned to a custom password setting, or if a user is a member of a password setting.

To find what users/groups are members of a custom password setting, simply find the policy in the password settings container and double click. View the “Directly applies to” box, to view the members (See the 2nd screenshot above for an example).

2012-FineGrained-3

To see if I particular user has a custom policy against it, simply right click the user within the Active Directory Administrative Center and select view resultant password settings. If there is a password setting against the user, it will open the policy to expose the current settings.

2012-FineGrained-4

If a user does not have a custom password policy, it will show you a message stating “User does not have resultant fine grained password settings. Please check the user’s domain password settings.”

2012-FineGrained-5

Much easier, I’m sure you’ll agree.

Server 2012 PPTP VPN With 1 NIC

The process for setting up a PPTP VPN in Server 2012 with 1 network card is very similar to that of Server 2008 R2. Please be aware that PPTP is vulnerable to dictionary attack and should be considered unencrypted. There is a great post explaining why here.

Server Side (Server 2012)

  • Head to Server Manager, click on Manager, Add Roles and Features
  • Role-based or feature-based installation
  • Make sure the server you want to install the RRAS role is selected
  • Select Remote Access
  • View items and click add features
  • Next as you do not need to add any features
  • Tick DirectAccess and VPN (RAS)
  • This shows the Role services which are requested and then added
  • When the feature installation is complete click close
  • Select Remote Access in Service manager
  • Right click the Server with the Remote Access role install and choose Remote Access Management
  • Select Run the Getting Started Wizard
  • Select Deploy VPN Only, the familiar RRAS console will appear
  • Right click the server and choose configure and enable routing and remote access
  • If you select “Remote Access” give the following error “Less than two network interfaces were detected on this machine. For standard VPN server configuration at least two network interfaces need to be installed
  • Select Custom Configuration to get around this, then select VPN Access, follow it through to the end
  • Right click Routing and remote access and select properties
  • Browse to the IPv4 tab and assign a static pool of IPs for the remote clients
  • Now load up ADUC (Active Directory Users and Computers) and double click the user you wish to give access
  • Select the Dial-in tab and set the Network Access permission to Allow Access

Switch to 720 for a better experience.

Client Side (Windows 8)

  • Tap the Winkey and type VPN, press the down arrow and enter, select Set up a virtual private network (VPN) connection
  • Type the IP of the server hosting the PPTP VPN server (or more likely the public address forwarding to the PPTP Server) and give the connection a name
  • Click on the network icon in the tray, right click the PPTP connection and choose view connection properties
  • Head to the Security tab and select PPTP (Windows will work this out if you don’t, so it’s not really that necessary
  • Go to Networking, IPv4, Properties, Advanced and unselect Use default gateway on remote computer
  • Click the network icon in the tray, select the PPTP VPN connection and collect
  • Type your credentials
  • In the video I typed ncpa.cpl to get quick access to the connection details, note I was allocated one of the IPs from the pool we configured on the PPTP server
  • You should be good to go!

Switch to 720 for a better experience.

Networking

  • Enable forwarding for TCP Port 1723 (PPTP) to your Windows 2012 Server
  • The firewall must support GRE

Server 2012 – Add Additional Domain Controller to a 2008 R2 Domain

When you try and run DCPromo from the explorer shell on Windows Server 2012, you will receive the following message “The Active Directory Domain Services Installation Wizard is relocated in Server Manager. For more information, see http://go.microsoft.com/fwlink/?LinkId=220921.”

Dudewheresmydcpromo

No DCPromo, what now?! DCPromo is deprecated in Windows Server 2012, so adding an additional Domain Controller is slightly different than in earlier versions. The new process is still straight forward, and the wizard will even extend the schema (to version 56) for you- meaning it’s a one-stop process. Adding a Windows Server 2012 Domain Controller requires a Windows Server 2003 forest functional level or higher on your existing forest.

Promoting a Server 2012 to a Domain Controller

1. Open Server Manager, select Local Server on the left hand side then choose Manager -> Add roles and Features.

Server2012-DC1

2. Next.

Server2012-DC2

3. Next.

Server2012-DC3

4. Select the server you wish to promote.

Server2012-DC4
Continue reading

Server 2012 RTM Trial Released – Azure 90 day Trial and Free Ebook

The trial version of Server 2012 RTM is now available from Microsoft. The TechNet Evaluation Center is a little confusing as it states “Download Windows Server 2012 Release Candidate (RC)” at the top of the page. However, comparing file names to the RC confirms that this is the RTM.

RC – 8400.0.WINMAIN_WIN8RC.120518-1423_X64FRE_SERVER_EN-US-HRC_SSS_X64FRE_EN-US_DV5
RTM – 9200.16384.WIN8_RTM.120725-1247_X64FRE_SERVER_EVAL_EN-US-HRM_SSS_X64FREE_EN-US_DV5

Download the Server 2012 RTM Trial here.

Microsoft are giving away a free ebook introducing Server 2012 which is worth a grab.

CBT Nuggets have released their First Look Series to Youtube for free too: http://www.youtube.com/playlist?list=PL282955A708FD70C0&feature=view_all

Azure

Microsoft Azure are providing a 90 day trial including a Server 2012 RTM virtual machine.

Signing up is quick if you already have a Microsoft account, but you will need to enter your credit card details. This made me a little on edge first but their policy seems pretty sound stating:

To protect you from accidentally incurring charges for usage beyond the included offer amount, we have introduced the Spending Limit feature. All new customers that sign up for the 90-day trial offer or one of our member offers (e.g., MSDN offer) will now, by default, have a Spending Limit of $0.00.

When your usage exhausts the monthly amounts included in your offer, we will disable your service for the remainder of that billing month, which includes removing any hosted services that you may have deployed. The data in your storage accounts and databases will be accessible in a read-only manner.

If you’re not quite ready for Windows Server 2012 you can deploy any of the below instead.

Once signed up and signed in creating a virtual machine takes minutes.

Happy learning!