Server Core

  • Setting the Time Zone in Windows Server 2008 R2

    There is now a command line utility, tzutil.exe, that can be used to view the current time zone setting as well as to configure the time zone. 

    For those of you using PowerShell that want to script setting the time zone on Server Core, a PowerShell script is now available to do that. It is posted at: http://blogs.technet.com/deploymentguys/archive/2009/06/07/setting-the-time-zone-using-windows-powershell.aspx

    Posted Monday, June 08, 2009 8:39 AM by amason | 2 Comments

  • Server Core, application development and FxCop

    Server Core is a new Windows installation option introduced in Windows Server 2008.

    The original Windows Server 2008 Server Core did not include .NET -- and that limited the things you could use it for.  In Windows Server 2008 R2, Server Core includes .Net 2.0 and .Net v3.5 (neither are installed by default), which opens a new set of possibilities only available in full Server installs until now.  Server Core can now run a wide variety of managed applications, including hosting  ASP.NET, WCF, WF, Windows Services and Console Applications.

    An important part of the original Server Core vision is to keep the installation small and focused, minimizing servicing, install time, size, etc. When we added .NET to Server Core, we maintained that vision, putting in only the parts most likely to be needed.  For instance, we've left out the graphics interface (WPF and Windows Forms), design time assemblies, and some tools etc.   We've also included only the 64 bit version of the Framework and tools by default.

    When writing .NET applications for Server Core, you can use most – but not all – of the functionality in .NET 2.0 or 3.5 (depending on which you have installed).  If, on your development machine, you use some functionality that is not present in the Server Core version of .NET, your program will probably start to run – but then give hard to diagnose errors when it hits the functionality that is not included.

    Those errors can be hard to diagnose, particularly since the code will run fine on a developer machine, with full .NET.  To make it easier to check for these kinds of errors, FxCop can come to the rescue, especially if you use VS 2005 or VS 2008.  FxCop is a standalone application that can be downloaded from http://www.microsoft.com/downloads and is used to analyze managed code assemblies.  It reports issues concerning violations of the Microsoft framework design guidelines for writing robust and easily maintainable code using .NET.  For Server Core, we’ve provided a set of FxCop rules that you can use to validate your applications before you deploy them.  For example, imagine that you have a Windows Service application that uses the System.Media namespace to emit a particular sound when an event happens:  on a full server, with full .NET, this works just fine;  on Server Core, it will fail.  In this case, by loading the Server Core FxCop rules and scanning your code, you will find all the dangerous places where your application may break.  We highly recommend using these rules before deploying your application to a Server Core box. 

    Like every other rule, this one can be loaded into FXCOP by using the “Project” menu and selecting “Add Rules…” option.  To check if the action succeeded, you can see it in the rules tab.  Once loaded, these rules will scan all the assemblies in your FxCop project, looking for illegal usage of non-supported Framework type.

    If you wish to download the FxCop Server Core validation rule, it can be found in this post.  Also, be advised that these rules were only tested against FXCOP version 1.36.

    For a complete list of supported namespaces, please, refer to Server Core’s documentation.

    References:

    The Server Core step by step guide is at:

    ·         Read online: http://technet.microsoft.com/en-us/library/cc753802.aspx

    ·         Download as a Word doc: http://www.microsoft.com/downloads/details.aspx?familyid=B16F4DC4-A3D3-4DC7-AA51-A1C6728B217A&displaylang=en

    The namespace list is at: http://blogs.technet.com/server_core/archive/2008/11/25/net-2-0-and-server-core-in-windows-server-2008-r2.aspx and once the WS08 R2 SDK is published it will be include there as well.

    Posted Wednesday, May 27, 2009 7:17 PM by Lfsantos | 0 Comments

    Attachment(s): W2K8ServerCore.zip

  • New Server Core Step by Step Guide

    A new version of the Server Core step by step guide has been posted to TechNet, which includes the new Windows Server 2008 R2 commands (DISM.exe, new roles/features, etc):

    Read online: http://technet.microsoft.com/en-us/library/cc753802.aspx

    Download as a Word doc: http://www.microsoft.com/downloads/details.aspx?familyid=B16F4DC4-A3D3-4DC7-AA51-A1C6728B217A&displaylang=en

    I’ll blog more about the new commands and features in the coming months, with some new tips and tricks.

    In addition to the new step by step guide for Server Core, there are also two job aids now available. These have some commonly used commands on a single sheet of paper that can be folded up and carried with you. A version for Windows Server 2008 and a version that includes some of the new Windows Server 2008 R2 commands are available at:

    http://go.microsoft.com/fwlink/?LinkId=151984

    Posted Monday, May 18, 2009 3:44 PM by amason | 1 Comments

  • WoW64 Support on Server Core in Windows Server 2008 R2

    Those of you that installed the beta build may have noticed that we made WoW64 an optional feature in Server Core for R2. In the beta it was not installed by default, which caused its share of headaches due to many installers still being 32bit or using 32bit custom actions. Based on all the feedback we received from the beta, in the RC build WoW64 is now installed by default so 32bit tools and installers will work out of the box. WoW64 is still optional, so can be uninstalled if desired.

    The following server roles and features have WoW64 packages so if you need 32bit support when using any of these you will need to install the server role or feature and then the WoW64 package:

    Server Role / Feature

    WoW64 Package Name

    .Net 2.0

    NetFx2-ServerCore-WOW64

    .Net 3

    NetFx3-ServerCore-WOW64

    Clustering

    FailoverCluster-Core-WOW64

    Input Method Editor

    ServerCore-EA-IME-WOW64

    PowerShell

    MicrosoftWindowsPowerShell-WOW64

    Print Server

    Printing-ServerCore-Role-WOW64

    Subsystem for UNIX-based Applications

    SUACore-WOW64

     

    Posted Tuesday, May 05, 2009 10:47 AM by amason | 1 Comments

  • Server Core Development Training Opportunity

    Microsoft Technology Platform Adoption labs is offering a training session April 21-23 on Server Core development for Windows Server 2008 R2. This will be offered via a “Virtual Lab” so you can attend from your office, there is no need to travel. However, as with other events and programs associated with pre-release products, an event or corporate non-disclosure agreement is required.

    If you are interested in finding out more, there is more information posted at: http://blogs.msdn.com/philpenn/archive/2009/03/30/microsoft-platform-technology-adoption-labs-go-virtual.aspx as well as a link (towards the bottom) to a contact form to request more information on attending.

    Posted Thursday, April 02, 2009 9:49 AM by amason | 9 Comments

  • User Account Control (UAC) and Server Core

    A slight detour from the Windows Server 2008 R2 posts this time around to cover a topic that has been coming up recently: UAC on Server Core.

    UAC is not available in Server Core, since it is a command line only interface, doesn’t have IE, or support for user applications. In addition, to use UAC with the command prompt you need to have the Explorer Shell so that you can click Start, right click on Command Prompt, and select run as administrator, which obviously isn’t possible on Server Core.

    If the registry entry that controls UAC is modified on a Server Core installation, it will make doing anything at the command prompt very difficult. Running most anything will result in access denied or other related errors, depending on how UAC aware what you are trying to run is. A quick way to determine if UAC is what is causing the error is to run regedit. If UAC is enable you will receive an error dialog that says “The specified service does not exist as an installed service.” and clicking Ok will return “Access is denied.” on the command line.

     

    To resolve this you can:

     

    ·         If you are using Group Policy to configure your servers and put a server running the Server Core installation into an OU that enables UAC, move the server to another OU that doesn’t enforce UAC and let Group Policy change the setting.

    ·         If UAC was manually configured, disable UAC by remotely modifying the registry

    ·         Logon using the built-in administrator to perform your admin task or disable UAC.

    To disable UAC on Server Core you can use reg.exe or regedit.exe to set the EnableLUA value under the following Registry path to 0 and reboot:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

    More on Windows Server 2008 R2 next time.

    Posted Monday, January 19, 2009 8:21 AM by amason | 1 Comments

  • .NET 3.0 and 3.5 in Windows Server 2008 R2 Server Core

    Much like .NET 2.0 in Server Core, .NET 3.0 and 3.5 are also subsets of functionality. Included are:

    ·         Windows Communication Framework (WCF)

    ·         Windows Workflow Framework (WF)

    ·         LINQ

    The only functionality not included is the Windows Presentation Framework (WPF).

    .NET 3.0 and 3.5 functionality is installed with a single package:

    ·         Start /w ocsetup NetFx3-ServerCore

    If 32bit support is needed you first need to install WoW64 and then .NET 2.0 WoW64 support, the following assume the above command has already been run:

    ·         Start /w ocsetup ServerCore-WOW64

    ·         Start /w ocsetup NetFx3-ServerCore-WOW64

     

    Posted Friday, December 19, 2008 3:51 PM by amason | 3 Comments

  • .NET 2.0 and Server Core in Windows Server 2008 R2

    This time I’ll cover what I meant last time by a subset of .NET 2.0, with future posts covering the other additions in more detail. Not everything required for full .NET 2.0 support is included in Server Core. Instead of increasing the Server Core footprint to add functionality that isn’t “core” to Server Core (couldn’t resist), we added the portions of .NET 2.0 that align with what is already in Server Core. Therefore, the following namespaces are not available as part of .NET 2.0 on Server Core:

    ·         Microsoft.Aspnet.Snapin

    ·         Microsoft.Ink

    ·         Microsoft.ManagementConsole.*

    ·         Microsoft.StylusInput.*

    ·         Microsoft.VisualBasic.Compatibility.VB6

    ·         Microsoft.Windows.Themes

    ·         Microsoft.WindowsCE.Forms

    ·         Microsoft.WindowsMobile.DirectX.*

    ·         System.ComponentModel.Design.*

    ·         System.Data.Design

    ·         System.Deployment.Application

    ·         System.Diagnostics.Design

    ·         System.Media

    ·         System.Messaging.*

    ·         System.Speech.*

    ·         System.Web.UI.Design.* (design time support in this namespace is unavailable, runtime support for expression builders is supported)

    ·         System.Windows.*

    ·         UIAutomationClientsideProviders

    As you can see from the list, these require functionality not available in Server Core, e.g. DirectX, UI/MMC, Multimedia, Tablet support, etc.

    To install .NET 2.0 on Server Core you can run:

    ·         Start /w ocsetup  NetFx2-ServerCore

    If 32bit support is needed you first need to install WoW64 and then .NET 2.0 WoW64 support, the following assume the above command has already been run:

    ·         Start /w ocsetup ServerCore-WOW64

    ·         Start /w ocsetup NetFx2-ServerCore-WOW64

    Posted Tuesday, November 25, 2008 3:27 PM by amason | 8 Comments

  • Server Core changes in Windows Server 2008 R2

    Now that a build of Windows Server 2008 R2 has been released, I can start talking about what we have been working on. In a Windows Server 2008 R2 Server Core installation we have:

    ·         Active Directory Certificate Services is now an available Server Role.

    ·         WoW64 support for 32bit applications is now an optional feature in Server Core and is not installed by default. This enables you to further reduce the footprint of Server Core if you remove it from the image. I’m interested in hearing feedback on our decision to not install this by default – is this a good idea, or will you always need to install this because you have 32bit code you need to run?

    ·         Added the following as optional features:

    •  Subset of .NET Framework 2.0
    • Subset of .NET Framework 3.0 and 3.5 – WCF, WF, and LINQ
    • Windows PowerShell
    • ASP.NET and additional IIS support – the only IIS feature not available in Server Core is the management GUI. However the management GUI can now be used to remotely manage IIS on Server Core once the web management service is enabled and configured on Server Core.
    • FSRM

    The important thing to note about all of the above is that they are all optional so if you won’t be using them you don’t need to install, manage, and maintain them.

    In later posts I’ll get into more details on how to install these, what I mean by subsets of .NET, as well as other topics.

    Andrew

    Posted Thursday, November 13, 2008 1:10 PM by amason | 22 Comments

  • Reducing the Server Core disk footprint

    In the Server Core installation option, there is a way to remove the server roles and optional features from the disk, to free up more space. In addition to reducing disk usage, this could be used to ensure an administrator doesn’t add a role or feature to a server that is supposed to perform a fixed function.

    Warning: This is a one way operation, once you remove a role or feature there is NO way to bring it back. If you realize later that you need the role or feature the only option is to reinstall.

    To do this:

    1.       Run: pkgmgr /up:<package to remove>

    2.       Reboot – you can remove multiple packages before rebooting.

    3.       Wait about 30 minutes for the disk cleanup to occur.

    You will then see the disk space used by the role or feature is freed up, oclist will no longer show the role or feature as being available, and trying to install it using ocsetup will result in an error. Once again, read the warning above – there is no way to put the role or feature back, it is permanently gone from the system.

    The role and feature packages available for removal are:

    ·         Microsoft-Hyper-V-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-BLB-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-DFSN-ServerCore~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-DFSR-ServerEdition-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-DhcpServerCore-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-DirectoryServices-ADAM-SrvFnd-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-DirectoryServices-DomainController-SrvFnd-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-DNS-Server-Core-Role-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-FailoverCluster-Core-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-FileReplication-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-IIS-WebServer-Core-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-Internet-Naming-Service-SC-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-MultipathIo-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-NetworkLoadBalancingHeadlessServer-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-NFS-ServerFoundation-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-Printing-ServerCore-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-QWAVE-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-RemovableStorageManagementCore-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-SecureStartup-OC-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-SNMP-SC-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-SUA-Core-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-Telnet-Client-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    If you are running on an x86 box, change the amd64 above to x86.

    In addition to the roles and features listed in oclist, it is also possible to remove IME support as well as the supporting fonts by removing the following packages:

    ·         Microsoft-Windows-ServerCore-EA-IME-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-ServerCore-EA-Fonts-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    Removing these will reduce the on disk footprint by ~200MB.

     

    Andrew

    p.s. - don't forget about the warning above

    Posted Wednesday, April 16, 2008 9:42 AM by amason | 9 Comments

  • Ramblings on Server Core

    I did a TechNet Edge interview on Server Core a couple of weeks ago. If you want to hear my ramblings, you can check it out at: http://edge.technet.com/Media/567/

    Andrew

    Posted Monday, February 25, 2008 1:21 PM by amason | 0 Comments

  • New Server Core Tips

    A couple of quick tips this time around.

    If you want to determine if you are running on Server Core from a script, you can do this via WMI. The command line way is:

    wmic path win32_operatingsystem get OperatingSystemSKU /value

    The value can then be converted to hex and mapped to the list at: http://msdn2.microsoft.com/en-us/library/ms724358.aspx

     

    Here is a tip I received from the HP Windows Server Academy team. If you don’t want to include all of the many IIS options in the output of Oclist, run:

    Oclist | find “Installed” | find /v “IIS”

     

    Posted Tuesday, January 29, 2008 4:46 PM by amason | 1 Comments

  • Configuring the Firewall for Remote Management of a Workgroup Server Core installation

    To follow up my last post, this one will go into more details on option 3 in that post.

     

    As mentioned you can simply enable the Remote Administration firewall rules to allow pretty much any MMC to connect (a few require additional configuration as discussed below). However, there may be situations where you only want to allow certain MMCs to connect for remote administration. Not every MMC snap-in has a firewall group, here are those that do:

     

    MMC Snap-in

    Rule Group

    Event Viewer

    Remote Event Log Management

    Services

    Remote Service Management

    Shared Folders

    File and Printer Sharing

    Task Scheduler

    Remote Scheduled Tasks Management

    Reliability and Performance

    “Performance Logs and Alerts” and “File and Printer Sharing”

    Disk Management

    Remote Volume Management

    Windows Firewall with Advanced Security

    Windows Firewall Remote Management

     

    On the Server Core box you can enable these by running:

    Netsh advfirewall firewall set rule group=“<rule group>” new enable=yes

    Where <rule group> is the name in the above table.

     

    You can remotely enable these using the Windows Firewall with Advanced Security MMC snap-in, after you have locally on the Server Core box enabled the rule group to allow it to connect.

     

    MMC Snap-ins without a Rule Group

    Not every MMC snap-in has a rule group to allow it access through the firewall, however many of them use the same ports for management as those that do. Therefore, you will find that enabling the rules for Event Viewer, Services, or Shared Folders will allow most other MMC snap-ins to connect. Of course, you can also simply enable the remote administration rule group (see my last post).

     

    MMC Snap-ins that Require Addition Configuration

    In addition to allowing the MMC snap-ins through the firewall, the following MMC snap-ins require additional configuration:

    • Device Manager

    To allow Device Manager to connect, you must first enable the “Allow remote access to the PnP interface” policy

    1.    On a Windows Vista or full Server installation, start the Group Policy Object MMC snap-in

    2.    Connect to the Server Core installation

    3.    Navigate to Computer Configuration\Administrative Templates\Device Installation

    4.    Enable “Allow remote access to the PnP interface”

    5.    Restart the Server Core installation

     

     

    • Disk Management

    You must first start the Virtual Disk Service (VDS) on the Server Core installation

     

    • IPSec Mgmt

    On the Server Core installation you must first enable remote management of IPSec. This can be done using the scregedit.wsf script:

    Cscript \windows\system32\scregedit.wsf /im 1

     

    Posted Monday, January 14, 2008 3:14 PM by amason | 3 Comments

  • Configuring the Firewall on Server Core for Remote Management

    Just like on a full server installation, the firewall is on by default in a Server Core installation and most inbound traffic is blocked at the end of setup. There are then three scenarios for remote management via MMC: 

    1. Server Roles – when a server role is installed, the appropriate ports are opened to allow the role to function as well as to allow remote management, so no additional configuration is required. Using the Remote Server Administration Tools (RSAT) feature on a full server installation, you can install just the MMC snap-ins for a role and use them to remotely manage the role on Server Core.
    2. Domain joined – Once domain joined, the firewall profile is changed to the domain profile which allows remote management. Again, no additional configuration is required.
    3. Workgroup server – This is the scenario in which you may need to make firewall configuration changes to allow remote management. If you just want all remote management to work you can use:

    Netsh advfirewall firewall set rule group=“remote administration” new enable=yes
     
    However, it is possible to be more granular and only allow certain MMC snap-ins to remotely manage the box. I’ll talk more about that in my next post.

     

    Note that the other methods of remote management are either enabled out of the box, such as WMI, or when enabled the firewall is configured to allow them, such as Terminal Server remote administration mode.

    Posted Wednesday, January 02, 2008 4:41 PM by amason | 5 Comments

  • Server Core at ITForum

    Hi,

     For those that are attending ITForum next week, there will be a couple of Server Core sessions:

    • SRV304 - Deploying and Remotely Administering Server Core
    • SRV316 - Configuring and Managing Windows Server 2008 Server Core

    304 focuses on remote management via MMC and PowerShell, including firewall configuration to allow these. While 316 focuses on managing from the command line.

    There will also be a Q&A session: SRV07- Q&A: Server Core

    In addition, there will be a Server Core booth in the Ask the Experts area, where you'll be able to frequently find me. Stop by to say hi and ask me lots of questions!

    Andrew

    Posted Thursday, November 08, 2007 11:16 AM by amason | 1 Comments
More Posts Next page »

This Blog

Syndication

Tags

No tags have been created or used yet.

© 2009 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
 Microsoft
Page view tracker