Archive for the ‘Windows Server’ Category

Services-EC2-Instances-Launch Instance-choose appropriate image





Optionally, add tags


Enable RDP access


Choose whether to create new key pair or use existing one-then launch instance and download it

Connecting to Windows server VM

Actions-Get Windows Password


Browse to downloaded file


Click Decrypt password



Now we have credentials to log in to Windows server

Creating software RAID

Because i added additional 4 disk,i can create RAID 1,for example

Bring disk on-line and initialize it:

Get-Disk | Where-Object IsOffline –Eq $True | Set-Disk –IsOffline $False
Get-Disk | ?{$_.number -ne 0}| Initialize-Disk -PartitionStyle GPT

Create storage pool

New-StoragePool -FriendlyName 'pool' -PhysicalDisks (Get-PhysicalDisk -CanPool $true) -StorageSubSystemFriendlyName (Get-StorageSubSystem).FriendlyName

Create new virtual disk:

New-VirtualDisk -FriendlyName "mydisk"  -StoragePoolFriendlyName "pool" -Size 16GB -ProvisioningType Thin -ResiliencySettingName Mirror

Initilize and format virtual disk:

Initialize-Disk -Number (Get-VirtualDisk -FriendlyName "mydisk" | Get-Disk).Number
New-Partition -DiskNumber (Get-VirtualDisk -FriendlyName "mydisk" | Get-Disk).Number -UseMaximumSize –AssignDriveLetter
Format-Volume -DriveLetter D -FileSystem NTFS -NewFileSystemLabel "DataStore"




In one of my previous posts i installed nano server.Now we’ll deploy Windows container to Nano server.

A container is an isolated place where an application can run without affecting the rest of the system, and without the system affecting the application.Container shares OS kernel so it can be seen as “isolated” part of guest OS.

Windows Containers include two different container types

Windows Server Containers – A Windows Server container shares a kernel with the container host and all containers running on the host.

Hyper-V Containers – expand on the isolation provided by Windows Server Containers by running each container in a Hyper-V virtual machine. In this configuration the kernel of the container host is not shared with other Hyper-V Containers.

Connecting to Nano Server

Set-Item WSMan:\localhost\Client\TrustedHosts -Force
Enter-PSSession -ComputerName -Credential Administrator

Updating Nano Server

#Scan for updates

$ci = New-CimInstance -Namespace root/Microsoft/Windows/WindowsUpdate -ClassName MSFT_WUOperationsSession
$result = $ci | Invoke-CimMethod -MethodName ScanForUpdates -Arguments @{SearchCriteria="IsInstalled=0";OnlineScan=$true}

# Install all updates

$ci = New-CimInstance -Namespace root/Microsoft/Windows/WindowsUpdate -ClassName MSFT_WUOperationsSession
Invoke-CimMethod -InputObject $ci -MethodName ApplyApplicableUpdates


# List Installed Updates

$ci = New-CimInstance -Namespace root/Microsoft/Windows/WindowsUpdate -ClassName MSFT_WUOperationsSession
$result = $ci | Invoke-CimMethod -MethodName ScanForUpdates -Arguments @{SearchCriteria="IsInstalled=1";OnlineScan=$true}

Installing Container

#Install the OneGet PowerShell module,it's container provider

Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
#Use OneGet to install the latest version of Docker.
Install-Package -Name docker -ProviderName DockerMsftProvider


Afrer rebooting start Docker service and install base image

Start-Service docker
docker pull microsoft/nanoserver

Enabling remote access to docker host (Nano Server)

netsh advfirewall firewall add rule name="Docker daemon " dir=in action=allow protocol=TCP localport=2375
Stop-Service docker
dockerd --unregister-service
dockerd -H npipe:// -H --register-service
Start-Service docker

Connecting to Windows container from remote computer

#Download docker client
Invoke-WebRequest "" -OutFile "$env:TEMP\" -UseBasicParsing

#extract it
Expand-Archive -Path "$env:TEMP\" -DestinationPath $env:ProgramFiles

# For quick use, does not require shell to be restarted.
$env:path += ";c:\program files\docker"

# add docker directory to system path
[Environment]::SetEnvironmentVariable("Path", $env:Path + ";C:\Program Files\Docker", [EnvironmentVariableTarget]::Machine)

Connect to docker container hosted on Nano Server (,this command will create container from microsoft/nanoserver image with name nano and container hostname nano

docker -H tcp:// run -it --name nano --hostname nano microsoft/nanoserver cmd


The goal of Storage Spaces is to create highly available storage solution that has all the advantages of SAN (power and flexibility),but is significantly cheaper.Storage spaces “virtualizes” storage (which consist of HDD and SSD.A storage pool is a container that is used to group physical disks (mixing SSD and HDD).It provides the ability to store more frequently accessed data on SSD media,with both types of media used as block based storage for the same virtual disk: the best of both types of storage

In this lab i used machine VMWare workstation VM with 4 HDD and 2 SSD disks (each with 10 GB)

To simulate SSD disk in VMWare,we need to edit virtual machine’s vmx file

scsix:y.virtualSSD=1,where x:y is scsi disk number


Check VM configuration:

Get-PhysicalDisk -CanPool $true | sort size |ft deviceid,friendlyname,canpool,size,mediatype -AutoSize


As we can see,non-SSD disks are specified as “unspecified”,we need to set its media type as HDD,in order to avoid errors

Get-PhysicalDisk | where MediaType -EQ unspecified | where Size -LT 60GB | Set-PhysicalDisk -MediaType HDD

i used filter to exclude system disk (60 GB) because that disk won’t be member of storage pool

Get-PhysicalDisk | sort size |ft deviceid,friendlyname,canpool,size,mediatype -AutoSize


Create storage pool

New-StoragePool -StorageSubSystemUniqueId $pool.UniqueId -FriendlyName mypool -PhysicalDisks (Get-PhysicalDisk -CanPool $true)


Get-StoragePool mypool | Get-PhysicalDisk | ft FriendlyName,MediaType,Size


Configuring Tiers

As we mentioned before,we need to create storage tiers to group SSD and HDD media types

Get-StoragePool mypool | New-StorageTier –FriendlyName HDDTier –MediaType HDD
Get-StoragePool mypool | New-StorageTier -FriendlyName SSDTier -MediaType SSD

Get Pool capacity

Get-StoragePool mypool | fl Size,AllocatedSize


Storage Spaces reserves 256 MB for each disk (6×256=1,5 GB)

Get Tier capacity

HDD tier (mirror):

Get-StorageTierSupportedSize hddtier -ResiliencySettingName mirror | ft -AutoSize


If we want to use tier in “mirror” mode,maximum space is 8 GB (10+10)/2

SSD tier 

Get-StorageTierSupportedSize ssdtier -ResiliencySettingName mirror | ft -AutoSize


Maximum free space is 16 GB

Configuring resilency settings

Storage Spaces offers increased performance by striping data across multiple disks,these disks are named NumberOfColumns.NumberOfDataCopiesDefault parameter specifies on how many disks data will be stripped across

Get-StoragePool mypool | Set-ResiliencySetting -Name mirror -NumberOfDataCopiesDefault 2

 Creating mirrored spaces with tiering

$ssd=Get-StorageTier -FriendlyName ssdtier
$hdd=Get-StorageTier -FriendlyName hddtier
Get-StoragePool mypool | New-VirtualDisk -FriendlyName space1 -ResiliencySettingName mirror -StorageTiers $ssd,$hdd -StorageTierSizes 16gb,8gb -WriteCacheSize 1gb
Get-VirtualDisk | ft -AutoSize


Creating Partition and Volume

Get-VirtualDisk Space1 | Get-Disk | Set-Disk -IsReadOnly 0
Get-VirtualDisk Space1 | Get-Disk | Set-Disk -IsOffline 0
Get-VirtualDisk Space1 | Get-Disk | Initialize-Disk -PartitionStyle GPT
Get-VirtualDisk Space1 | Get-Disk | New-Partition -DriveLetter "F" -UseMaximumSize
Initialize-Volume -DriveLetter “F” -FileSystem NTFS -Confirm:$false


In this article we’ll install Ubuntu Server 16.04.01 as Hyper-V VM with 2 CPU’s,1 GB of RAM and 20 GB HDD (Note machine is Generation 1,with Gen 2 it didn’t work for me)

new-vm -Name 'ubuntu' -MemoryStartupBytes 512MB -NewVHDPath 'c:\ubuntu\ubuntu.vhd' -SwitchName 'new virtual switch' -NewVHDSizeBytes 20GB -Generation 1 -MaximumBytes 2GB
set-vm -VMName 'ubuntu' -ProcessorCount 2
Get-VM -Name 'ubuntu' | Add-VMDvdDrive
Set-VMDvdDrive -VMName 'ubuntu' -Path 'C:\Users\dragan\Downloads\ubuntu-16.04.1-server-amd64.iso'





Enabling SSH access on Ubuntu

I don’t know for you,but it’s very uncomfortable to work from Hyper-V console,that’s why i prefer SSH access

apt-get install openssh-server -y
service sshd restart

Allow ssh traffic to your Ubuntu server (

ufw allow proto tcp from to port 22

Download and install Putty.You should be able now to make connection to Ubuntu Server via port 22



Installing integration services

Hyper-V Integration Services allow a virtual machine to communicate with the Hyper-V host .(Think of it as equivalent of VMWare tools).These services enables,for example,guest file copy, while others are important to the virtual machine’s ability to function correctly, such as time synchronization.

apt-get install --install-recommends linux-tools-virtual-lts-xenial linux-cloud-tools-virtual-lts-xenial linux-virtual-lts-xenial

Reboot the Ubuntu Server

If we want to copy files to VM we need to enable Guest Service interface (disabled by default)

On Hyper-V host check current status:

Get-VMIntegrationService -VMName 'ubuntu'



Enable-VMIntegrationService -VMname 'ubuntu' -Name 'guest service interface'

Copying file from Hyper-V host to Ubuntu VM:

echo 'This file is about to be copied to ubuntu server'>c:\file.txt
Copy-VMFile -name 'ubuntu' -SourcePath 'C:\file.txt' -DestinationPath '/root/' -FileSource Host



NIC Teaming, also known as load balancing and failover (LBFO), allows multiple network adapters on a computer to be placed into a team for the following purposes:

  • Bandwidth aggregation
  • Traffic failover to prevent connectivity loss in the event of a network component failure

In this example we’ll create virtual switch,add this switch to VM and enable NIC teaming for new switch:

On Hyper-V console click Virtual Switch Manager


Create Virtual switch


Choose Switch type

External:Gives virtual machines access to a physical network to communicate with servers and clients on an external network,also it communicates connections between Hyper-V VM’s on the same Hyper-V server

Internal:Allows communication between virtual machines on the same Hyper-V server, and between the virtual machines and the management host operating system.

Private:Only allows communication between virtual machines on the same Hyper-V server.

And click create Virtual Switch


Choose adapter,click apply and ok


Now when we added Neywork adapter to Hyper-V switch,let’s add it to VM

Right-Click VM-Settings


Add Hardware-Network Adapter-Add


Specify Virtual Switch-Apply-Ok


Select adapter-Advanced-Enable this network adapater to be part of team



Creating new Switch:

New-VMSwitch -Name External -NetAdapterName 'ethernet'

Adding New Network adapter to VM:

get-vm -VMName dc | Add-VMNetworkAdapter -SwitchName 'external'

Enabling NIC teaming for VM:

Set-VMNetworkAdapter -VMName dc -AllowTeaming on

In this blog we’ll create VPN server wich will be leveraging IPsec Tunnel Mode with Internet Key Exchange version 2 (IKEv2).With the functionality provided by the IKEv2 Mobility and Multihoming protocol (MOBIKE), this tunneling protocol offers inherent advantages in scenarios where the client moves from one IP network to another (for example, from WLAN to WWAN).For example, this permits a user with an active IKEv2 VPN tunnel to disconnect a laptop from a wired connection, walk down the hall to a conference room, connect to a wireless network, and have the IKEv2 VPN tunnel automatically reconnected with no noticeable interruption to the user.



Installing Certificates to VPN server and VPN client 

Creating certificate templates

In Certification Authority (CA),from CA console,right click Certificate Templates-Manage

1 (1)



Right-Click IPSec template-Duplicate template



On Request Handling tab click Allow private key to be exported



Click Extension tab-Application Policies-Edit




Remove IP Security IKE intermediate




then click Add and choose Server Authentication




Click Key Usage-Edit



Ensure that Digital signature is selected. If it is, click Cancel. If it is not, select it, and then click OK.


In the security tab-click Object Types-Computers-Add Domain Computers



Make sure Read,Enroll and Auto-Enroll is selected



In General tab give template a name



Now,right click Certification Template-New-Certificate Template to issue




Choose new template




Enrolling certificate on VPN server

On VPN server:start-run-mmc-Add/remove snap-in



Click Certificates-Add-Computer Account




Right click Personal-All tasks-Request New Certificate




Check certificate templates-Properties



Click Subject tab-Subject Name-Common name (from drop-down menu)-FQDN for VPN server-Add

Alternative Name-choose DNS-set FQDN for VPN server-ADD



New certificate should be created




This certificate should be exported and then imported to client machine


Exporting certificate

Right-click certificate-All tasks-Export




Export private key




Set password and specify file in which certificate should be saved.

Copy file to client computer


Importing file on client machine

This certificate should be imported to Trusted Root Certification Authority on client.

Start-run-mmc-add Certificate snap-in-local computer

Right click Trusted Root Certification Authorities-All task-import




Browse to copied file and enter password


Installing Roles


On Server install Network Policy Server and Remote Access roles



Open Routing and Remote Access console-right click server icon-Configure and Enable Routing and Remote Access




Remote access (dial-up or VPN)




Check VPN




Select internet facing interface




Define VPN address pool






We are not using RADIUS,intead we’ll use NPS




Right click Remote Access Logging-Launch NPS



Click Network Access Policies



Right click Connections to Microsoft Routing and Remote Access Server-Properties


Check Grant access


Click Constraints-Select Microsoft:Secured password (EAP-MSCHAP v2)



If it’s not selected add it




Enable user VPN access

In ADUS right click user-Dial-in-Allow access




Client setting

In hosts file add entry for VPN server (name must be equal to one specified in SSL certificate)


Creating VPN client connection





Use my insternet connection (VPN)




I’ll set up an internet connection later



In Internet address type VPN server name



Specify username/password



In Security tab,for Type of VPN select IKEv2-Data encryption-Require encryption-Authentication:Microsoft:Secured password (EAP-MSCHAP v2)



We can see that IKEv2 is used,client got address from our VPN pool (







Nano Server is a remotely administered server operating system optimized for private clouds and datacenters,it  has no local logon capability.In this post we create basic nano server image,without going deep in configuration,in this one we’ll configure DNS server in Nano server

Import nano server CMD-lets

From Windows Server 2016 installation disk browse to NanoServer\NanoServerImageGenerator,

Set-ExecutionPolicy RemoteSigned
Import-Module .\NanoServerImageGenerator.psm1

Create Nano Image (with DNS packages) 

New-NanoServerImage -MediaPath d:\ -BasePath C:\nano\ -TargetPath C:\nano\nano_dns.vhdx -Package microsoft-nanoserver-dns-package -InterfaceNameOrIndex ethernet -Ipv4Address -Ipv4SubnetMask -Ipv4Gateway -DeploymentType guest -E
nableRemoteManagementPort -Ipv4Dns -Edition Datacenter -MaxSize 10GB -ComputerName nano_dns -AdministratorPassword (ConvertTo-SecureString "Pass
word01" -AsPlainText -Force)

All available packages are available in Windows Server 2016 installation DVD,Nanoserver\Packages folder


Create Hyper-V VM and start it

New-VM -Name 'nano-dns' -MemoryStartupBytes 1gb -VHDPath 'C:\nano\nano_dns.vhdx' -Generation 2 -switchname 'new virtual switch'

start-vm nano-dns

Establish connection to Nano Server and Extract the DNS Role

set-item wsman:\localhost\client\trustedhosts ""
Enter-PSSession -ComputerName -Credential administrator
Enable-WindowsOptionalFeature -Online -FeatureName dns-server-full-role
Import-Module DnsServer

Creating Forward lookup zone and A record

Add-DnsServerPrimaryZone -ZoneName -ZoneFile
Add-DnsServerResourceRecordA -Name www -ZoneName -IPv4Address

From client computer (where Preferred DNS server is set as Nano Server),test DNS resolution: