windows 2008 server manger
TRANSCRIPT
AIDAN FINN 14/01/2008
Windows 2008 Server Manger Using Server Manager To Configure Your Server
Abstract
Using Server Manager to manage your Windows Server 2008 servers.
Windows 2008 Server Manger 2
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
Table of Contents
Table of Contents ................................................................................................................................................................. 2
Introduction ........................................................................................................................................................................... 3
Server Configuration ........................................................................................................................................................... 7
Roles and Features .......................................................................................................................................................... 8
The Rest of Server Manager ....................................................................................................................................... 49
Summary ............................................................................................................................................................................... 60
Windows 2008 Server Manger 3
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
Introduction
Windows Server 2008 brings about many changes for administrators to get used to. One of these is
Server Manager. Server Manager is exactly what it says on the tin: it allows administrators to
configure, monitor and manage their server. We’re going to look at two aspects of Server Manger.
The most important aspect is that of Roles and Features. This allows us to add or remove
functionality on our Windows 2008 servers. I’ll describe how we can manage Roles and Feature
using the MMC console and by using the command line utility SERVERMANAGERCME.EXE. We’ll then
wrap up the document by briefly looking at the tools that are integrated into Server Manger.
One of the first things you notice when you first install Windows Server 2008 is that it is locked
down. In fact, it doesn’t do very much because it has almost no functionality. You configure your
password, login and if you’re like me you’ve skipped past all those annoying windows that
automatically open to get in under the covers to see how this thing ticks. I wanted to add those
components that I’m used to playing with in work and in labs. That’s when I originally noticed that
things were different … very different. Change isn’t necessarily a bad thing. Once you start trying
things out you soon understand what is going on and why Microsoft has designed it the way they
have.
A brief recap on what Microsoft has been doing in previous versions of Windows Server will give us a
clue of what is happening. Firstly, Microsoft has been trying to develop a single tool approach to
managing our servers. They’ve tried to get us to see servers as having specific functions that would
be installed in a modular manner. We were given tools to do this but other than knowing about them
for MCP exams we had little use for them. It was just quicker for us to get into Control Panel and
install what we wanted plus we had 100% control over the process. The other thing that Microsoft
has recently being aiming towards was the locked down initial installation that we had to add
functionality to as and when we required it. Windows Server 2003 edged slowly towards this.
Windows Server 2008 has firmly achieved this.
So our new server is sitting there and it doesn’t do very much. We’ve closed all those pesky windows
that automatically opened when we logged in. We’ve gone into Control Panel to try change things
and noticed that … well … we don’t know how to do it. Well, one of those pesky windows that did
open automatically was Server Manager, a new tool that Microsoft has added to allow us to
add/remove functionality to our server, monitor its performance, health and status and to manage it
and other servers. So if you were patient, go back to the Server Manager window. And if you are like
me, we’ll need to launch it again.
So, enough talk! Let’s get a look at Server Manager. Like I said, it does open automatically when you
log in. This functionality is controlled by the registry value “DoNotOpenServerManagerAtLogon” in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Server Manager.
Value = 0 The window will open automatically. This is the default setting. Value = 1 The window will not open automatically.
Windows 2008 Server Manger 4
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
I’m thinking that people who are constantly logging into servers will want to take note of that setting
and probably want to apply it to every server they manage. Having Server Manager always open
automatically could get a little annoying even if it is a legitimately important tool.
We’ve got a few ways to manually launch Server Manager. Firstly, it is pinned to the Start Menu so it
is always easy to find.
Secondly, it is in Administrative Tools:
Windows 2008 Server Manger 5
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
Thirdly, go into “Programs and Features” in Control Panel where you can click on “Turn Windows
features on or off” to launch Server Manager.
Windows 2008 Server Manger 6
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
Using one of those methods you should have been able to get Server Manager to open.
Command line junkies should not fret at all this talk of GUI’s and windows. Microsoft has hooked you
up. One of their big plans has been to make every thing you can do in the GUI possible from
Windows 2008 Server Manger 7
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
command line. This is important for scripted customizations which are common using off the shelf
server cloning solutions. You’ll also find you can do some of these setup tasks faster using command
line options. We’ll see this as we progress through the document. We can do everything from
command line that we can do with the Server Manager GUI using the SERVERMANAGERCMD.EXE
command. We’ll be looking at the syntax of that command as we go through the functionality of
Server Manager.
Server Configuration
Under Server Summary we can see that we have some general configurations that we can manage.
We have the following under Computer Information
Item Where? Computer Name Change System Properties Workgroup/Domain membership Change System Properties Local Area Connection View Network Connections Remote Desktop Configure Remote Desktop
If you’ve done a manual installation then you are likely to use these settings to customise your
server:
Rename the server;
Add it to a domain of your choosing;
Configure the IP settings and
Enable Remote Desktop for administrators so that you can remotely manage your server.
We can use the settings under Security Information to manage the security configuration of the
server:
Item Where? Windows Firewall Go to Windows Firewall Windows Updates Configure Updates Last Checked for Updates Configure Updates Last Installed Updates Configure Updates IE Enhanced Security Configuration Configure IE ESC
After you’ve configured the naming, membership and IP settings for the server you will likely
configure the security settings, e.g. allow remote access to local services, configure automatic updates
and configure Internet Explorer. In addition, you may also run the Security Configuration Wizard to
apply your security hardening policies on the server.
It is possible that you will need to run each of these security configuration tools on each server in a
small network. But any network with a well designed and implemented Active Directory should
configure these settings automatically using Group Policy once the server is a member of a domain
and located in the correct organisational unit.
Windows 2008 Server Manger 8
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
Roles and Features
As I’ve already mentioned, our new Windows 2008 server doesn’t do very much. We’re likely going
to want to add functionality so that we can use it as a file server, domain controller, web server, etc.
Each of these can be described as a role. Microsoft defines a role as a “primary function”, i.e. some
sort of function that can be used to uniquely identify a server. The complete listing of roles available
for a Windows 2008 server is as follows:
Role Description Active Directory Certificate Server Provide a Certificate Authority for a Public Key
Infrastructure. Active Directory Domain Services To build a domain controller. Active Directory Federation Services To allow single sign-on for inter directory
applications. Active Directory Lightweight Directory Services
To run Active Directory Application Mode.
Active Directory Rights Management Services Provide document level access rights and encryption.
Application Server .NET 3 and Windows Process Activation Service. DHCP Server Dynamic Host Configuration Protocol Server DNS Server Domain Name System Server Fax Server Send and receive faxes File Server Folder sharing, UNIX integration and file
replication. Network Policy and Access Services Control access to the network using policies. Print Services Manage and share printers. Terminal Services Provide server based computing services to full
or thin clients. UDDI Services Universal Description, Discovery and Integration
services. Web Server IIS 7. Windows Deployment Services An image based operating system deployment
service. Windows SharePoint Services WSS3 is the engine for Microsoft’s collaboration
services.
Looking at that list you’re probably thinking “Hey! That’s not all that different to what I used to see in
Control Panel. I thought you said Windows 2008 was stripped down when it’s initially installed”. OK.
Let’s have a look at features. Features are much more granular components of the operating system.
Rather than changing the major function of a server, they add smaller amounts of functionality that
can assist a role. Microsoft has described them as providing “auxiliary or providing functions to
servers”. The complete listing of features is below:
Role Description .NET Framework 3.0 Features Version 3.0 of the API framework used by
developers.
Windows 2008 Server Manger 9
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
BitLocker Drive Encryption Adds the ability to secure drives and their contents by encrypting them.
BITS Server Extensions Optimise available bandwidth during bulk transfer of data to client computers.
Connection Manager Administration Kit Create profiles to automate the creation of connections for VPN’s or ISP’s on client computers.
Desktop Experience Adds some functionality from Windows Vista such as photo management, themes and Media Player.
Failover Clustering Provide active/passive clustering of applications. Group Policy Management The GPMC is used to manage group policy. Internet Printing Client Allows clients to print using printers on the
network or internet using the Internet Printing Protocol.
Internet Storage Name Server Provides a discovery service for available storage that is hosted by iSCSI devices.
LPR Port Monitor Line print Remote Port Monitor allows the server to use printers on servers that use Line Printer Daemon, e.g. UNIX.
Message Queuing A service used by applications to messages or jobs to a collection of application servers.
Multipath I/O MPIO allows support of redundant data paths between the server and storage devices.
Network Load Balancing Allows servers to share client loads for applications and to converge if one server fails.
Peer Name Resolution Protocol Allows applications to register names on the computer so that they can be contacted by other computers.
Quality Windows Audio Video Experience Provides audio and video streaming for IP home networks.
Remote Assistance Allows a remote user to provide interactive assistance to a local user.
Remote Differential Compression A protocol that optimises data transfer by only transferring the differences between two objects.
Remote Server Administration Tools Administration tools for managing server roles and features.
Removable Storage Manager Manage and catalog media and storage/backup devices.
RPC over HTTP Proxy Allows RPC to be encapsulated in HTTP from a client computer and relays the RPC connection to an application server.
Simple TCP/IP Services Provides some backwards compatibility services such as “Quote of the Day”.
SMTP Server Simple Mail Transfer Protocol is a mail transfer service.
SNMP Services Simple Network Management Protocol is used for many server monitoring applications.
Storage Manager for SANS Create and manage volumes on Fibre Channel and iSCSI SAN’s that support Virtual Disk Service.
Windows 2008 Server Manger 10
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
Be sure to check with your vendor before installing or using this.
Subsystem for UNIX-Based Applications Compile and run UNIX-based applications. Telnet Client Connect to remote computers via Telnet. Telnet Server Allow remote computers to connect to this
server via Telnet. TFTP Client Connect to a remote Trivial File Transfer
Protocol server. Windows Internal Database A relational database that is used by other
Windows roles and features. Windows PowerShell The new Windows scripting engine. Windows Process Activation Service Manages application pools and worker processes
in IIS7. Allows you to host non-HTTP sites. Windows Recovery Disc Provides system recovery in the event of a
failure. Windows Server Backup Features Backup/recover your server, applications and
data. Windows System Resource Manager Manage how CPU and memory resources are
allocated to processes. WINS Server Provide NetBIOS name resolution services using
Windows Internet Naming Service. Wireless LAN Service Manages Wi-Fi connections and profiles to
connect the server to a wireless network.
As you can see, you may wish to add certain roles to a server and then add some features to add
additional functionality without changing the actual purpose of the server. This is possible by adding
some of these features.
Adding a Role Using the Server Manager MMC This will probably be the next thing you will do after performing your initial configurations such as
naming and security. That’s where we stop next.
Fire up Server Manager and scroll down to “Roles”.
Windows 2008 Server Manger 11
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
Under the summary we can see that we have 0 of the 17 available roles installed. I want to install a
web server that will have IIS7 and .NET 3.0 functionality. I know from the above listing that this
includes 2 roles. To start installing them I’ll click on <Add Roles>.
Windows 2008 Server Manger 12
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
We get the little splash screen that gives us some warnings about configuring passwords, network
settings and applying security updates. Pay attention to this. Some of the roles you will install will
require a static IP address, e.g. DNS, DHCP, etc.
You can choose not to see this screen again by ticking the “Skip this page by default” tick box. Click
on <Next> to continue.
We are now presented with a full listing of the available roles. Tick those ones that you wish to
select. The first one I selected was “Web Server (IIS)”.
Now we get to see some of the clever engineering that Microsoft has done. Server Manager knows
that if I install the Web Server role then I will require some additional features. Without these
features I cannot have a functioning web server. This is possible because Microsoft has modelled all
the features and roles and how they are related.
Windows 2008 Server Manger 13
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
Clicking on <Cancel> will cancel my selection of the Web Server role. I’ve clicked on <Add Required
Features> to confirm that I want these additional features. The wizard can now go ahead with the
selection of the Web Server role.
The role is now selected. I now proceed with selecting my next role, Application Server.
Role and feature modelling kicks in once again. The displayed features are displayed and I confirm
my approval by clicking on <Add Required Features>.
Windows 2008 Server Manger 14
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
Both of my required roles are now selected. Clicking on <Next> will continue the wizard.
We get an introduction to the Application Server role. Click on <Next> to continue.
Windows 2008 Server Manger 15
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
The “Role Service” screen allows us to install the sub components of a role. We can add additional
services to add functionality to this role. This is the default screen for Application Server. I’ve
decided that I need to add “Web Server (IIS) Support”
I’m now warned that my new selection of a role service requires additional role services, including
those in other roles, to be installed. Only by clicking on <Add Required Role Services” can this new
role selection be allowed.
Windows 2008 Server Manger 16
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
-
Notice how my new role service selection is selected? Also note that an additional role service was
selected to be installed because of this selection and the previous approval. This is role and feature
modelling in action. Basically, it allows us to perform a minimal installation and lets Windows decide
for us what components need to be installed. We just have to start with our high level requirements.
Windows 2008 Server Manger 17
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
I’m now finished selecting role services for the Application Server role and now move onto the Web
Server role.
Windows 2008 Server Manger 18
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
As we can see, there’s a whole lot more involved in web servers! I’m actually going to stick with the
default selections. What’s there meets my requirements and I can see that I’ve got ASP.NET
functionality installed and enabled.
Clicking on <Next> brings me to this summary screen. You should double check everything and then
select <Install> to continue with the installation. You can backtrack through the wizard to alter your
selections by clicking on <Previous>. And you can cancel the installation of your roles by clicking on
<Cancel>.
I clicked on <Next> and the installation started.
Windows 2008 Server Manger 19
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
As we can see, I was a naughty boy and didn’t have my Automatic Updates configured. That gave me
a warning but my selected roles were successfully installed.
Note that now that I have installed additional functionality to the server I should most definitely
make sure that the server has all security updates installed. New functionality on the server means
that the attack surface has been increased with un-patched components. These components may
have published vulnerabilities that require additional patching. Only by forcing an update will you be
sure that your newly modified server is secure.
Windows 2008 Server Manger 20
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
I closed the wizard and then I’m brought back to Server Manager. We can see that we now have 2 of
27 roles installed. And we also see that 3 of 36 features are installed. We now have a functioning
web server with .NET 3.0 functionality with a minimal attack surface to meet my technical and
business requirements.
Adding a Role Using the Server Manager Command OK, we’ve had a look at using the MMC to add a role. Let’s throw a bone to our friends who prefer the
command line interface. Now don’t go skipping to the next part of the document if command line
isn’t your thing! I promise you won’t regret reading and working through this section.
I’m starting off with another new server so we can repeat the above steps of installing a web and
application server. Start off by running Command Prompt or CMD.EXE. Then run
SERVERMANAGERCMD.EXE. This will give you a listing of the syntax for this command. As you will
see, there’s lots that we can do!
We should start off by checking what roles and features are already installed. I know this server has
nothing installed but this is good practice anyway. You can do this by running the
SERVERMANAGERCMD –QUERY command. We can see the results below.
C:\Users\Administrator>ServerManagerCmd.exe -query ..................................................
Windows 2008 Server Manger 21
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
----- Roles ----- [ ] Active Directory Certificate Services [AD-Certificate] [ ] Certification Authority [ADCS-Cert-Authority] [ ] Certification Authority Web Enrollment [ADCS-Web-Enrollment] [ ] Online Responder [ADCS-Online-Cert] [ ] Network Device Enrollment Service [ADCS-Device-Enrollment] [ ] Active Directory Domain Services [ ] Active Directory Domain Controller [ADDS-Domain-Controller] [ ] Identity Management for UNIX [ADDS-Identity-Mgmt] [ ] Server for Network Information Services [ADDS-NIS] [ ] Password Synchronization [ADDS-Password-Sync] [ ] Administration Tools [ADDS-IDMU-Tools] [ ] Active Directory Federation Services [ ] Federation Service [ADFS-Federation] [ ] Federation Service Proxy [ADFS-Proxy] [ ] AD FS Web Agents [ADFS-Web-Agents] [ ] Claims-aware Agent [ADFS-Claims] [ ] Windows Token-based Agent [ADFS-Windows-Token] [ ] Active Directory Lightweight Directory Services [ADLDS] [ ] Active Directory Rights Management Services [ ] Active Directory Rights Management Server [ ] Identity Federation Support [ ] Application Server [Application-Server] [ ] Application Server Foundation [AS-AppServer-Foundation] [ ] Web Server (IIS) Support [AS-Web-Support] [ ] COM+ Network Access [AS-Ent-Services] [ ] TCP Port Sharing [AS-TCP-Port-Sharing] [ ] Windows Process Activation Service Support [AS-WAS-Support] [ ] HTTP Activation [AS-HTTP-Activation] [ ] Message Queuing Activation [AS-MSMQ-Activation] [ ] TCP Activation [AS-TCP-Activation] [ ] Named Pipes Activation [AS-Named-Pipes] [ ] Distributed Transactions [AS-Dist-Transaction] [ ] Incoming Remote Transactions [AS-Incoming-Trans] [ ] Outgoing Remote Transactions [AS-Outgoing-Trans] [ ] WS-Atomic Transactions [AS-WS-Atomic] [ ] DHCP Server [DHCP] [ ] DNS Server [DNS] [ ] Fax Server [Fax] [ ] File Services [ ] File Server [FS-FileServer] [ ] Distributed File System [FS-DFS] [ ] DFS Namespaces [FS-DFS-Namespace] [ ] DFS Replication [FS-DFS-Replication] [ ] File Server Resource Manager [FS-Resource-Manager] [ ] Services for Network File System [FS-NFS-Services] [ ] Windows Search Service [FS-Search-Service] [ ] Windows Server 2003 File Services [FS-Win2003-Services] [ ] File Replication Service [FS-Replication] [ ] Indexing Service [FS-Indexing-Service] [ ] Network Policy and Access Services [NPAS]
Windows 2008 Server Manger 22
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
[ ] Network Policy Server [NPAS-Policy-Server] [ ] Routing and Remote Access Services [NPAS-RRAS-Services] [ ] Remote Access Service [NPAS-RRAS] [ ] Routing [NPAS-Routing] [ ] Health Registration Authority [NPAS-Health] [ ] Host Credential Authorization Protocol [NPAS-Host-Cred] [ ] Print Services [Print-Services] [ ] Print Server [Print-Server] [ ] LPD Service [Print-LPD-Service] [ ] Internet Printing [Print-Internet] [ ] Terminal Services [Terminal-Services] [ ] Terminal Server [TS-Terminal-Server] [ ] TS Licensing [TS-Licensing] [ ] TS Session Broker [TS-Session-Broker] [ ] TS Gateway [TS-Gateway] [ ] TS Web Access [TS-Web-Access] [ ] UDDI Services [ ] UDDI Services Database [ ] UDDI Services Web Application [ ] Web Server (IIS) [Web-Server] [ ] Web Server [Web-WebServer] [ ] Common HTTP Features [Web-Common-Http] [ ] Static Content [Web-Static-Content] [ ] Default Document [Web-Default-Doc] [ ] Directory Browsing [Web-Dir-Browsing] [ ] HTTP Errors [Web-Http-Errors] [ ] HTTP Redirection [Web-Http-Redirect] [ ] Application Development [Web-App-Dev] [ ] ASP.NET [Web-Asp-Net] [ ] .NET Extensibility [Web-Net-Ext] [ ] ASP [Web-ASP] [ ] CGI [Web-CGI] [ ] ISAPI Extensions [Web-ISAPI-Ext] [ ] ISAPI Filters [Web-ISAPI-Filter] [ ] Server Side Includes [Web-Includes] [ ] Health and Diagnostics [Web-Health] [ ] HTTP Logging [Web-Http-Logging] [ ] Logging Tools [Web-Log-Libraries] [ ] Request Monitor [Web-Request-Monitor] [ ] Tracing [Web-Http-Tracing] [ ] Custom Logging [Web-Custom-Logging] [ ] ODBC Logging [Web-ODBC-Logging] [ ] Security [Web-Security] [ ] Basic Authentication [Web-Basic-Auth] [ ] Windows Authentication [Web-Windows-Auth] [ ] Digest Authentication [Web-Digest-Auth] [ ] Client Certificate Mapping Authentication [Web-Client-Auth] [ ] IIS Client Certificate Mapping Authentication [Web-Cert-Auth] [ ] URL Authorization [Web-Url-Auth] [ ] Request Filtering [Web-Filtering] [ ] IP and Domain Restrictions [Web-IP-Security] [ ] Performance [Web-Performance]
Windows 2008 Server Manger 23
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
[ ] Static Content Compression [Web-Stat-Compression] [ ] Dynamic Content Compression [Web-Dyn-Compression] [ ] Management Tools [Web-Mgmt-Tools] [ ] IIS Management Console [Web-Mgmt-Console] [ ] IIS Management Scripts and Tools [Web-Scripting-Tools] [ ] Management Service [Web-Mgmt-Service] [ ] IIS 6 Management Compatibility [Web-Mgmt-Compat] [ ] IIS 6 Metabase Compatibility [Web-Metabase] [ ] IIS 6 WMI Compatibility [Web-WMI] [ ] IIS 6 Scripting Tools [Web-Lgcy-Scripting] [ ] IIS 6 Management Console [Web-Lgcy-Mgmt-Console] [ ] FTP Publishing Service [Web-Ftp-Publishing] [ ] FTP Server [Web-Ftp-Server] [ ] FTP Management Console [Web-Ftp-Mgmt-Console] [ ] Windows Deployment Services [WDS] [ ] Deployment Server [WDS-Deployment] [ ] Transport Server [WDS-Transport] [ ] Windows SharePoint Services [Windows-SharePoint] ----- Features ----- [ ] .NET Framework 3.0 Features [NET-Framework] [ ] .NET Framework 3.0 [NET-Framework-Core] [ ] XPS Viewer [NET-XPS-Viewer] [ ] WCF Activation [NET-Win-CFAC] [ ] HTTP Activation [NET-HTTP-Activation] [ ] Non-HTTP Activation [NET-Non-HTTP-Activ] [ ] BitLocker Drive Encryption [BitLocker] [ ] BITS Server Extensions [BITS] [ ] Connection Manager Administration Kit [CMAK] [ ] Desktop Experience [Desktop-Experience] [ ] Failover Clustering [Failover-Clustering] [ ] Group Policy Management [GPMC] [ ] Internet Printing Client [Internet-Print-Client] [ ] Internet Storage Name Server [ISNS] [ ] LPR Port Monitor [LPR-Port-Monitor] [ ] Message Queuing [MSMQ] [ ] Message Queuing Services [MSMQ-Services] [ ] Message Queuing Server [MSMQ-Server] [ ] Directory Service Integration [MSMQ-Directory] [ ] Message Queuing Triggers [MSMQ-Triggers] [ ] HTTP Support [MSMQ-HTTP-Support] [ ] Multicasting Support [MSMQ-Multicasting] [ ] Routing Service [MSMQ-Routing] [ ] Windows 2000 Client Support [MSMQ-Win2000] [ ] Message Queuing DCOM Proxy [MSMQ-DCOM] [ ] Multipath I/O [Multipath-IO] [ ] Network Load Balancing [NLB] [ ] Peer Name Resolution Protocol [PNRP] [ ] Quality Windows Audio Video Experience [qWave] [ ] Remote Assistance [Remote-Assistance] [ ] Remote Differential Compression [RDC]
Windows 2008 Server Manger 24
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
[ ] Remote Server Administration Tools [RSAT] [ ] Role Administration Tools [RSAT-Role-Tools] [ ] Active Directory Certificate Services Tools [RSAT-ADCS] [ ] Certification Authority Tools [RSAT-ADCS-Mgmt] [ ] Online Responder Tools [RSAT-Online-Responder] [ ] Active Directory Domain Services Tools [RSAT-ADDS] [ ] Active Directory Domain Controller Tools [RSAT-ADDC] [ ] Server for NIS Tools [RSAT-SNIS] [ ] Active Directory Lightweight Directory Services Tools [RSAT-ADLDS] [ ] Active Directory Rights Management Services Tools [RSAT-RMS] [ ] DHCP Server Tools [RSAT-DHCP] [ ] DNS Server Tools [RSAT-DNS-Server] [ ] Fax Server Tools [RSAT-Fax] [ ] File Services Tools [RSAT-File-Services] [ ] Distributed File System Tools [RSAT-DFS-Mgmt-Con] [ ] File Server Resource Manager Tools [RSAT-FSRM-Mgmt] [ ] Services for Network File System Tools [RSAT-NFS-Admin] [ ] Network Policy and Access Services Tools [RSAT-NPAS] [ ] Routing and Remote Access Services Tools [RSAT-RAS] [ ] Health Registration Authority Tools [RSAT-HRA] [ ] Print Services Tools [RSAT-Print-Services] [ ] Terminal Services Tools [RSAT-TS] [ ] Terminal Server Tools [RSAT-TS-RemoteApp] [ ] TS Gateway Tools [RSAT-TS-Gateway] [ ] TS Licensing Tools [RSAT-TS-Licensing] [ ] UDDI Services Tools [RSAT-UDDI] [ ] Web Server (IIS) Tools [RSAT-Web-Server] [ ] Windows Deployment Services Tools [RSAT-WDS] [ ] Feature Administration Tools [RSAT-Feature-Tools] [ ] BitLocker Drive Encryption Tools [RSAT-BitLocker] [ ] BITS Server Extensions Tools [RSAT-Bits-Server] [ ] Failover Clustering Tools [RSAT-Clustering] [ ] Network Load Balancing Tools [RSAT-NLB] [ ] SMTP Server Tools [RSAT-SMTP] [ ] WINS Server Tools [RSAT-WINS] [ ] Removable Storage Manager [Removable-Storage] [ ] RPC over HTTP Proxy [RPC-over-HTTP-Proxy] [ ] Simple TCP/IP Services [Simple-TCPIP] [ ] SMTP Server [SMTP-Server] [ ] SNMP Services [SNMP-Services] [ ] SNMP Service [SNMP-Service] [ ] SNMP WMI Provider [SNMP-WMI-Provider] [ ] Storage Manager for SANs [Storage-Mgr-SANS] [ ] Subsystem for UNIX-based Applications [Subsystem-UNIX-Apps] [ ] Telnet Client [Telnet-Client] [ ] Telnet Server [Telnet-Server] [ ] TFTP Client [TFTP-Client] [ ] Windows Internal Database [Windows-Internal-DB] [ ] Windows PowerShell [PowerShell] [ ] Windows Process Activation Service [WAS] [ ] Process Model [WAS-Process-Model] [ ] .NET Environment [WAS-NET-Environment]
Windows 2008 Server Manger 25
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
[ ] Configuration APIs [WAS-Config-APIs] [ ] Windows Recovery Disc [Recovery-Disc] [ ] Windows Server Backup Features [Backup-Features] [ ] Windows Server Backup [Backup] [ ] Command-line Tools [Backup-Tools] [ ] Windows System Resource Manager [WSRM] [ ] WINS Server [WINS-Server] [ ] Wireless LAN Service [Wireless-Networking] C:\Users\Administrator>
I’m just going to go on a quick tangent here. A lot of administrators have a requirement to document their server configurations to satisfy the needs of things like industrial regulations, security officers or internal auditors or maybe just for best practice documentation. There are a lot of tools out there that can do this, many of which will put a reasonable dent into your annual budget. So we always like to look for economical alternates. Looking at the results we just got from our Server Manager query, we’ve just listed the components of the operating system that have been installed. You can go ahead and document them by piping the results into a text file:
C:\Users\Administrator>ServerManagerCMD –query > C:\Config.txt Or maybe you could run a scheduled task and store these results on a file share?
C:\Users\Administrator>ServerManagerCMD –query > \\ITFileServer\Configs\%computername%.txt
Using this you can quickly dump the configurations of all of your Windows 2008 servers into a single documentation store that can be quickly referenced. Now we will return to our regularly scheduled programming. In the above results we can see that nothing is ticked. This confirms that no roles or features have been installed on this server. I now want to install the Web Server and Application server roles on this server. We’ll use the SERVERMANAGERCMD command again but this time with the –INSTALL parameter. I know that I want to install the Web Server (IIS) and the Application Server roles. The SERVERMANAGERCMD command will not accept roles with spaces in their names. By checking the results of the query command we can see the codes accepted by SERVERMANAGERCMD, e.g. “Web-Server” and “Application-Server”. And remember that I added an additional role service under the Application Server role? It was “Web Server (IIS) Support”. Looking at the query results I can see it’s code it “AS-Web-Support”. I’m going to add that as well to directly replicate what I did using the MMC.
C:\Users\Administrator>ServerManagerCMD -install Application-Server AS-Web-Support Web-Server .. Start Installation... [Installation] Succeeded: [Application Server] Windows Process Activation Service Support. [Installation] Succeeded: [Web Server (IIS)] Management Tools. [Installation] Succeeded: [.NET Framework 3.0 Features] WCF Activation. [Installation] Succeeded: [Web Server (IIS)] Web Server.
Windows 2008 Server Manger 26
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
[Installation] Succeeded: [Web Server (IIS)] Application Development. [Installation] Succeeded: [Web Server (IIS)] Security. [Installation] Succeeded: [Web Server (IIS)] Performance. [Installation] Succeeded: [Web Server (IIS)] Common HTTP Features. [Installation] Succeeded: [Web Server (IIS)] Health and Diagnostics. [Installation] Succeeded: [Windows Process Activation Service] Configuration API s. [Installation] Succeeded: [.NET Framework 3.0 Features] .NET Framework 3.0. [Installation] Succeeded: [Windows Process Activation Service] .NET Environment. [Installation] Succeeded: [Windows Process Activation Service] Process Model. [Installation] Succeeded: [Web Server (IIS)] IIS Management Scripts and Tools. [Installation] Succeeded: [Web Server (IIS)] IIS Management Console. [Installation] Succeeded: [Web Server (IIS)] Static Content Compression. [Installation] Succeeded: [Web Server (IIS)] Digest Authentication. [Installation] Succeeded: [Web Server (IIS)] Dynamic Content Compression. [Installation] Succeeded: [Web Server (IIS)] Default Document. [Installation] Succeeded: [Web Server (IIS)] Static Content. [Installation] Succeeded: [Web Server (IIS)] Directory Browsing. [Installation] Succeeded: [Web Server (IIS)] HTTP Redirection. [Installation] Succeeded: [Web Server (IIS)] HTTP Errors. [Installation] Succeeded: [Web Server (IIS)] Windows Authentication. [Installation] Succeeded: [Web Server (IIS)] Basic Authentication. [Installation] Succeeded: [Web Server (IIS)] Client Certificate Mapping Authentication. [Installation] Succeeded: [Web Server (IIS)] ISAPI Extensions. [Installation] Succeeded: [Web Server (IIS)] Tracing. [Installation] Succeeded: [Web Server (IIS)] HTTP Logging. [Installation] Succeeded: [Web Server (IIS)] ISAPI Filters. [Installation] Succeeded: [Web Server (IIS)] Request Monitor. [Installation] Succeeded: [Web Server (IIS)] Logging Tools. [Installation] Succeeded: [Web Server (IIS)] IP and Domain Restrictions. [Installation] Succeeded: [Web Server (IIS)] URL Authorization. [Installation] Succeeded: [Web Server (IIS)] Request Filtering. [Installation] Succeeded: [Web Server (IIS)] IIS Client Certificate Mapping Authentication. [Installation] Succeeded: [Web Server (IIS)] Management Service. [Installation] Succeeded: [Web Server (IIS)] .NET Extensibility. [Installation] Succeeded: [.NET Framework 3.0 Features] HTTP Activation. [Installation] Succeeded: [Web Server (IIS)] ASP.NET. [Installation] Succeeded: [Application Server] Application Server Foundation. [Installation] Succeeded: [Application Server] HTTP Activation. [Installation] Succeeded: [Application Server] Web Server (IIS) Support. <100/100> Success: Installation succeeded. C:\Users\Administrator>
Running a query now should show us that I’ve successfully installed a server that is identical to the one I set up using the Server Manager MMC, except I did it using 1 command. We can see that the modelling process automatically selected the required components based on the roles and role services that I listed to be installed.
Windows 2008 Server Manger 27
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
C:\Users\Administrator>servermanagercmd -query ...................... ----- Roles ----- [ ] Active Directory Certificate Services [AD-Certificate] [ ] Certification Authority [ADCS-Cert-Authority] [ ] Certification Authority Web Enrollment [ADCS-Web-Enrollment] [ ] Online Responder [ADCS-Online-Cert] [ ] Network Device Enrollment Service [ADCS-Device-Enrollment] [ ] Active Directory Domain Services [ ] Active Directory Domain Controller [ADDS-Domain-Controller] [ ] Identity Management for UNIX [ADDS-Identity-Mgmt] [ ] Server for Network Information Services [ADDS-NIS] [ ] Password Synchronization [ADDS-Password-Sync] [ ] Administration Tools [ADDS-IDMU-Tools] [ ] Active Directory Federation Services [ ] Federation Service [ADFS-Federation] [ ] Federation Service Proxy [ADFS-Proxy] [ ] AD FS Web Agents [ADFS-Web-Agents] [ ] Claims-aware Agent [ADFS-Claims] [ ] Windows Token-based Agent [ADFS-Windows-Token] [ ] Active Directory Lightweight Directory Services [ADLDS] [ ] Active Directory Rights Management Services [ ] Active Directory Rights Management Server [ ] Identity Federation Support [X] Application Server [Application-Server] [X] Application Server Foundation [AS-AppServer-Foundation] [X] Web Server (IIS) Support [AS-Web-Support] [ ] COM+ Network Access [AS-Ent-Services] [ ] TCP Port Sharing [AS-TCP-Port-Sharing] [X] Windows Process Activation Service Support [AS-WAS-Support] [X] HTTP Activation [AS-HTTP-Activation] [ ] Message Queuing Activation [AS-MSMQ-Activation] [ ] TCP Activation [AS-TCP-Activation] [ ] Named Pipes Activation [AS-Named-Pipes] [ ] Distributed Transactions [AS-Dist-Transaction] [ ] Incoming Remote Transactions [AS-Incoming-Trans] [ ] Outgoing Remote Transactions [AS-Outgoing-Trans] [ ] WS-Atomic Transactions [AS-WS-Atomic] [ ] DHCP Server [DHCP] [ ] DNS Server [DNS] [ ] Fax Server [Fax] [ ] File Services [ ] File Server [FS-FileServer] [ ] Distributed File System [FS-DFS] [ ] DFS Namespaces [FS-DFS-Namespace] [ ] DFS Replication [FS-DFS-Replication] [ ] File Server Resource Manager [FS-Resource-Manager] [ ] Services for Network File System [FS-NFS-Services] [ ] Windows Search Service [FS-Search-Service] [ ] Windows Server 2003 File Services [FS-Win2003-Services]
Windows 2008 Server Manger 28
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
[ ] File Replication Service [FS-Replication] [ ] Indexing Service [FS-Indexing-Service] [ ] Network Policy and Access Services [NPAS] [ ] Network Policy Server [NPAS-Policy-Server] [ ] Routing and Remote Access Services [NPAS-RRAS-Services] [ ] Remote Access Service [NPAS-RRAS] [ ] Routing [NPAS-Routing] [ ] Health Registration Authority [NPAS-Health] [ ] Host Credential Authorization Protocol [NPAS-Host-Cred] [ ] Print Services [Print-Services] [ ] Print Server [Print-Server] [ ] LPD Service [Print-LPD-Service] [ ] Internet Printing [Print-Internet] [ ] Terminal Services [Terminal-Services] [ ] Terminal Server [TS-Terminal-Server] [ ] TS Licensing [TS-Licensing] [ ] TS Session Broker [TS-Session-Broker] [ ] TS Gateway [TS-Gateway] [ ] TS Web Access [TS-Web-Access] [ ] UDDI Services [ ] UDDI Services Database [ ] UDDI Services Web Application [X] Web Server (IIS) [Web-Server] [X] Web Server [Web-WebServer] [X] Common HTTP Features [Web-Common-Http] [X] Static Content [Web-Static-Content] [X] Default Document [Web-Default-Doc] [X] Directory Browsing [Web-Dir-Browsing] [X] HTTP Errors [Web-Http-Errors] [X] HTTP Redirection [Web-Http-Redirect] [X] Application Development [Web-App-Dev] [X] ASP.NET [Web-Asp-Net] [X] .NET Extensibility [Web-Net-Ext] [ ] ASP [Web-ASP] [ ] CGI [Web-CGI] [X] ISAPI Extensions [Web-ISAPI-Ext] [X] ISAPI Filters [Web-ISAPI-Filter] [ ] Server Side Includes [Web-Includes] [X] Health and Diagnostics [Web-Health] [X] HTTP Logging [Web-Http-Logging] [X] Logging Tools [Web-Log-Libraries] [X] Request Monitor [Web-Request-Monitor] [X] Tracing [Web-Http-Tracing] [ ] Custom Logging [Web-Custom-Logging] [ ] ODBC Logging [Web-ODBC-Logging] [X] Security [Web-Security] [X] Basic Authentication [Web-Basic-Auth] [X] Windows Authentication [Web-Windows-Auth] [X] Digest Authentication [Web-Digest-Auth] [X] Client Certificate Mapping Authentication [Web-Client-Auth] [X] IIS Client Certificate Mapping Authentication [Web-Cert-Auth] [X] URL Authorization [Web-Url-Auth]
Windows 2008 Server Manger 29
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
[X] Request Filtering [Web-Filtering] [X] IP and Domain Restrictions [Web-IP-Security] [X] Performance [Web-Performance] [X] Static Content Compression [Web-Stat-Compression] [X] Dynamic Content Compression [Web-Dyn-Compression] [X] Management Tools [Web-Mgmt-Tools] [X] IIS Management Console [Web-Mgmt-Console] [X] IIS Management Scripts and Tools [Web-Scripting-Tools] [X] Management Service [Web-Mgmt-Service] [ ] IIS 6 Management Compatibility [Web-Mgmt-Compat] [ ] IIS 6 Metabase Compatibility [Web-Metabase] [ ] IIS 6 WMI Compatibility [Web-WMI] [ ] IIS 6 Scripting Tools [Web-Lgcy-Scripting] [ ] IIS 6 Management Console [Web-Lgcy-Mgmt-Console] [ ] FTP Publishing Service [Web-Ftp-Publishing] [ ] FTP Server [Web-Ftp-Server] [ ] FTP Management Console [Web-Ftp-Mgmt-Console] [ ] Windows Deployment Services [WDS] [ ] Deployment Server [WDS-Deployment] [ ] Transport Server [WDS-Transport] [ ] Windows SharePoint Services [Windows-SharePoint] ----- Features ----- [X] .NET Framework 3.0 Features [NET-Framework] [X] .NET Framework 3.0 [NET-Framework-Core] [ ] XPS Viewer [NET-XPS-Viewer] [X] WCF Activation [NET-Win-CFAC] [X] HTTP Activation [NET-HTTP-Activation] [ ] Non-HTTP Activation [NET-Non-HTTP-Activ] [ ] BitLocker Drive Encryption [BitLocker] [ ] BITS Server Extensions [BITS] [ ] Connection Manager Administration Kit [CMAK] [ ] Desktop Experience [Desktop-Experience] [ ] Failover Clustering [Failover-Clustering] [ ] Group Policy Management [GPMC] [ ] Internet Printing Client [Internet-Print-Client] [ ] Internet Storage Name Server [ISNS] [ ] LPR Port Monitor [LPR-Port-Monitor] [ ] Message Queuing [MSMQ] [ ] Message Queuing Services [MSMQ-Services] [ ] Message Queuing Server [MSMQ-Server] [ ] Directory Service Integration [MSMQ-Directory] [ ] Message Queuing Triggers [MSMQ-Triggers] [ ] HTTP Support [MSMQ-HTTP-Support] [ ] Multicasting Support [MSMQ-Multicasting] [ ] Routing Service [MSMQ-Routing] [ ] Windows 2000 Client Support [MSMQ-Win2000] [ ] Message Queuing DCOM Proxy [MSMQ-DCOM] [ ] Multipath I/O [Multipath-IO] [ ] Network Load Balancing [NLB] [ ] Peer Name Resolution Protocol [PNRP]
Windows 2008 Server Manger 30
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
[ ] Quality Windows Audio Video Experience [qWave] [ ] Remote Assistance [Remote-Assistance] [ ] Remote Differential Compression [RDC] [X] Remote Server Administration Tools [RSAT] [X] Role Administration Tools [RSAT-Role-Tools] [ ] Active Directory Certificate Services Tools [RSAT-ADCS] [ ] Certification Authority Tools [RSAT-ADCS-Mgmt] [ ] Online Responder Tools [RSAT-Online-Responder] [ ] Active Directory Domain Services Tools [RSAT-ADDS] [ ] Active Directory Domain Controller Tools [RSAT-ADDC] [ ] Server for NIS Tools [RSAT-SNIS] [ ] Active Directory Lightweight Directory Services Tools [RSAT-ADLDS] [ ] Active Directory Rights Management Services Tools [RSAT-RMS] [ ] DHCP Server Tools [RSAT-DHCP] [ ] DNS Server Tools [RSAT-DNS-Server] [ ] Fax Server Tools [RSAT-Fax] [ ] File Services Tools [RSAT-File-Services] [ ] Distributed File System Tools [RSAT-DFS-Mgmt-Con] [ ] File Server Resource Manager Tools [RSAT-FSRM-Mgmt] [ ] Services for Network File System Tools [RSAT-NFS-Admin] [ ] Network Policy and Access Services Tools [RSAT-NPAS] [ ] Routing and Remote Access Services Tools [RSAT-RAS] [ ] Health Registration Authority Tools [RSAT-HRA] [ ] Print Services Tools [RSAT-Print-Services] [ ] Terminal Services Tools [RSAT-TS] [ ] Terminal Server Tools [RSAT-TS-RemoteApp] [ ] TS Gateway Tools [RSAT-TS-Gateway] [ ] TS Licensing Tools [RSAT-TS-Licensing] [ ] UDDI Services Tools [RSAT-UDDI] [X] Web Server (IIS) Tools [RSAT-Web-Server] [ ] Windows Deployment Services Tools [RSAT-WDS] [ ] Feature Administration Tools [RSAT-Feature-Tools] [ ] BitLocker Drive Encryption Tools [RSAT-BitLocker] [ ] BITS Server Extensions Tools [RSAT-Bits-Server] [ ] Failover Clustering Tools [RSAT-Clustering] [ ] Network Load Balancing Tools [RSAT-NLB] [ ] SMTP Server Tools [RSAT-SMTP] [ ] WINS Server Tools [RSAT-WINS] [ ] Removable Storage Manager [Removable-Storage] [ ] RPC over HTTP Proxy [RPC-over-HTTP-Proxy] [ ] Simple TCP/IP Services [Simple-TCPIP] [ ] SMTP Server [SMTP-Server] [ ] SNMP Services [SNMP-Services] [ ] SNMP Service [SNMP-Service] [ ] SNMP WMI Provider [SNMP-WMI-Provider] [ ] Storage Manager for SANs [Storage-Mgr-SANS] [ ] Subsystem for UNIX-based Applications [Subsystem-UNIX-Apps] [ ] Telnet Client [Telnet-Client] [ ] Telnet Server [Telnet-Server] [ ] TFTP Client [TFTP-Client] [ ] Windows Internal Database [Windows-Internal-DB] [ ] Windows PowerShell [PowerShell]
Windows 2008 Server Manger 31
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
[X] Windows Process Activation Service [WAS] [X] Process Model [WAS-Process-Model] [X] .NET Environment [WAS-NET-Environment] [X] Configuration APIs [WAS-Config-APIs] [ ] Windows Recovery Disc [Recovery-Disc] [ ] Windows Server Backup Features [Backup-Features] [ ] Windows Server Backup [Backup] [ ] Command-line Tools [Backup-Tools] [ ] Windows System Resource Manager [WSRM] [ ] WINS Server [WINS-Server] [ ] Wireless LAN Service [Wireless-Networking] C:\Users\Administrator>
Adding a Feature Using the Server Manager MMC So we’ve build a web and application server. We’re feeling very happy with ourselves and are getting
ready to put our feet up for the rest of the day … Oh! If only it was ever like that! Now we’ve been
told that our shiny new web server must be added to an existing Network Load Balanced web server
farm. I don’t remember anything in the Web Server (IIS) role installation about Network Load
Balancing. But I do remember there being a feature for Network Load Balancing. It looks like we’ll
have to customise our new server with a feature.
Fire up Server Manager again.
Click on <Add Features>. This will launch a new wizard.
Windows 2008 Server Manger 32
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
All of the available features on the server are listed. Select the feature you wan to install. In this case
I’ve ticked “Network Load Balancing”.
We get a summary of our selection before we go any further. Click on <Install> to start the
installation or <Cancel> to terminate the process.
Windows 2008 Server Manger 33
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
The installation starts. Note that this may actually take a while.
The installation completes after a few moments. You can see that Windows is still reminding me to
activate my automatic updates and gives me a warning because of it.
Windows 2008 Server Manger 34
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
Back in the MMC, the status of the server is updated to reflect the new feature, Network Load
Balancing.
Adding a Feature Using the Server Manager Command Let’s have a look at adding the Network Load Balancing feature via command line. Pay attention
mouse and GUI fans. You’ll love how quick you can do this from the command line. We’ll be using the
SERVERMANAGERCMD command once again. A quick run of the –QUERY parameter shows us that
we need to install “NLB”:
C:\Users\Administrator>ServerManagerCmd.exe -install NLB
..
Start Installation...
[Installation] Succeeded: [Network Load Balancing].
<100/100>
Success: Installation succeeded.
Windows 2008 Server Manger 35
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
How quick and easy was that? Network Load Balancing is now installed and ready to be configured.
Please tell me that you aren’t tempted to try this command line approach now! By now you should
see how you could write a simple script containing the commands to install of your required role and
feature installations. This could be saved and reused whenever you want to build a server of a
specific type. You could then deploy a single simple image to your new hardware and then run the
required role/feature installation script as required to complete the installation before you perform
the server specific customisations, e.g. adding content.
Managing Roles and Features Using Server Manager Server Manager is much more than just a tool for installing and removing features on your servers.
You can actually use it as a tool to monitor the roles and features that you’ve installed. Not only this,
but you can also use it as a tool to access the administrative tools for those roles and features. We’re
going to have a look at this now.
I’ve opened the Server Manager MMC console and I’ve noticed something is wrong.
We can see under Roles Summary that each of my installed roles is reporting a problem. I’m going to
drill down to the cause by clicking on <Go to Roles>.
Windows 2008 Server Manger 36
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
In Roles I can scroll down and see that both the Application Server and the Web Server are each
reporting services as not running. This is causing each of the roles to fail. I now click on <Application
Server> to see what is happening.
Windows 2008 Server Manger 37
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
I can see the cause of my problem under “System Services”. The “World Wide Web Publishing
Service” has a status of “stopped”. This has caused both the Application Server and the Web Server
roles to fail. The solution is pretty easy in this example. I select the failed service and click on
<Start> on the right-hand side of the console.
The service starts up successfully. I’m hoping that this has cleared up my problems so I navigate
back to the top of Server Manager.
Windows 2008 Server Manger 38
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
I can clearly see under “Roles Summary” that both of my roles are now running normally.
This is probably a good time to have a look at how we can diagnose problems with out roles. As
you’ve just seen, we can navigate into each role in Server Manager. You should click on one of you
installed roles now. I’ve navigated into “Application Server”.
Windows 2008 Server Manger 39
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
We can see there is an “Events” section under “Summary”. This presents each of the events that have
occurred on the server in relation to the selected role. This is extremely convenient when
investigating role specific issues and saves you having to search through the endless listing of events
that can exist within Event Viewer.
Windows 2008 Server Manger 40
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
You can double-click on an event entry to get more specific detail related to the event you are
investigating.
Great! So now we can investigate issues and resolve problems using Server Manager. Is there
anything more? Well as it just so happens …
When a role is installed on a server there is also an MMC snap in added to the system to manage it.
Normally we’ve always gone into Administrative Tools to find it. Microsoft really wants us to see
Server Manager as just that … the primary tool for managing a server. If you want to manage a role
then you should be able to access the MMC snap-in from Server Manager. And that’s what Server
Manager allows us to do.
Navigate to a role on your server in Server Manager and expand the node. I’ve selected “Web Server
(IIS)”.
Inside the role, I’ve now got access to the related MMC snap-in and I can use this from within Server
Manager to manage my IIS7 installation. This means that Server Manager truly is a centralised
administrative tool for all roles installed on the server.
Removing a Role/Feature Using the Server Manager MMC Just typical! You’ve added your new network load balancing feature to the server and resolved your
server’s issues when your boss has decided that this new server will be a standalone machine. That’s
OK; we can remove it pretty quickly. This time around, I want you to pay attention to how much
work there is when we remove the feature using the MMC and when we remove it using the
Windows 2008 Server Manger 41
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
command line. I think you may find yourself drifting towards the command line option for future
administration tasks related to server manager roles and features after reading this.
Let’s get Server Manager up and running again. We can see that Network Load Balancing is still
listed as a feature that is installed.
Click on <Remove Features> and a wizard will launch.
Windows 2008 Server Manger 42
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
All of the features are listed. Those that are installed have a tick beside them and those that are not installed are greyed out. Deselect the feature you want to uninstall; in this case Network Load Balancing and then click on <Remove>.
Windows 2008 Server Manger 43
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
We get a summary of the actions to be completed. Click on <Remove> when you are ready to uninstall the displayed features or click on <Cancel> to terminate the process.
Windows 2008 Server Manger 44
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
The process may take a few moments so you may want to take one of those coffee breaks that we “progress bar engineers” are used to.
Windows 2008 Server Manger 45
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
The removal process is completed and we can click on <Close> to return to the Server Manager MMC.
We can now see the feature is removed. That’s how we remove a feature. The process of removing a role is exactly the same. Instead of “Remove Features” you select “Remove Roles”. It’s a process that Microsoft has made very easy for us. They’ve allowed us to concentrate on what we want to install or remove instead of worrying about how to do it.
Removing a Role/Feature Using the Server Manager Command This is pretty easy. Instead of using the –INSTALL parameter we will be using the –REMOVE
parameter with the SERVERMANAGERCMD command. I’m going to uninstall the Network Load
Balancing feature:
C:\Users\Administrator>ServerManagerCmd.exe -remove NLB
.......................
Start Removal...
[Removal] Succeeded: [Network Load Balancing].
Windows 2008 Server Manger 46
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
<100/100>
Success: Removal succeeded.
Some features or roles may require a restart at the end of the uninstall to complete the process. You
can automate this by adding the –RESTART parameter at the end of the command.
ServerManagerCmd.exe -remove Print-LPD-Service –restart
Removing the LPD printing service does require a reboot and you are warned about this if you run a
remove command. Adding the –RESTART parameter causes the server to reboot automatically,
something you will find quite handy if you deploy your uninstall command remotely or run it by
using a scheduled task.
Unattended Installations Using Answer Files I’ve already alluded to the process of an unattended installation. You could simply write a batch file
that includes a series of SERVERMANGERCMD commands. Microsoft has given us an alternative
using XML based answer files. Using an answer file, we can run the SERVERMANAGERCMD
command once and supply it with a listing of roles, role services and features to install.
I’m going to repeat the above scenario where I want to install 2 roles, a role service and a feature to
create a network load balanced web server with .Net support. The XML file I’m going to use is below:
<?xml version="1.0" encoding="utf-8" ?>
<ServerManagerConfiguration Action="Install"
xmlns="http://schemas.microsoft.com/sdm/Windows/ServerManager/Configuration/2007/1"
xmlns:xs="http://www.w3.org/2001/XMLSchema">
<Role Id="Application-Server" />
<RoleService Id="AS-Web-Support" />
<Role Id="Web-Server" />
<Feature Id="NLB" />
</ServerManagerConfiguration>
You can see that each role is listed using “Role ID”, each role service is listing using “RoleService ID”
and each feature is listed using “Feature ID”. I’ve saved this as C:\Media\WebServer.XML.
If you are automating an installation like this then it is likely that you’d like to see what the results
will be before you run the command as some sort of a basic test. SERVERMANAGERCMD allows you
to do this with the –WHATIF parameter:
ServerManagerCmd.exe -inputPath C:\Media\WebServer.XML –whatIf
Windows 2008 Server Manger 47
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
This parses my XML file to check the syntax and simulates the installation without modifying my
server. It then lists the actions that will be performed. I can actually go ahead and run my command
once I’ve got my syntax cleaned up and I’m happy with the actions:
C:\Users\Administrator>ServerManagerCmd.exe -inputPath C:\Media\WebServer.XML
..
Start Installation...
[Installation] Succeeded: [Application Server] Windows Process Activation Servic
e Support.
[Installation] Succeeded: [Web Server (IIS)] Management Tools.
[Installation] Succeeded: [.NET Framework 3.0 Features] WCF Activation.
[Installation] Succeeded: [Web Server (IIS)] Web Server.
[Installation] Succeeded: [Web Server (IIS)] Health and Diagnostics.
[Installation] Succeeded: [Web Server (IIS)] Performance.
[Installation] Succeeded: [Web Server (IIS)] Application Development.
[Installation] Succeeded: [Web Server (IIS)] Security.
[Installation] Succeeded: [Web Server (IIS)] Common HTTP Features.
[Installation] Succeeded: [Windows Process Activation Service] Configuration API
s.
[Installation] Succeeded: [Windows Process Activation Service] Process Model.
[Installation] Succeeded: [Windows Process Activation Service] .NET Environment.
[Installation] Succeeded: [Network Load Balancing].
[Installation] Succeeded: [.NET Framework 3.0 Features] .NET Framework 3.0.
[Installation] Succeeded: [Web Server (IIS)] IIS Management Scripts and Tools.
[Installation] Succeeded: [Web Server (IIS)] IIS Management Console.
[Installation] Succeeded: [Web Server (IIS)] ISAPI Extensions.
Windows 2008 Server Manger 48
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
[Installation] Succeeded: [Web Server (IIS)] HTTP Logging.
[Installation] Succeeded: [Web Server (IIS)] HTTP Redirection.
[Installation] Succeeded: [Web Server (IIS)] Static Content.
[Installation] Succeeded: [Web Server (IIS)] Client Certificate Mapping Authenti
cation.
[Installation] Succeeded: [Web Server (IIS)] Default Document.
[Installation] Succeeded: [Web Server (IIS)] HTTP Errors.
[Installation] Succeeded: [Web Server (IIS)] Directory Browsing.
[Installation] Succeeded: [Web Server (IIS)] ISAPI Filters.
[Installation] Succeeded: [Web Server (IIS)] IIS Client Certificate Mapping Auth
entication.
[Installation] Succeeded: [Web Server (IIS)] Digest Authentication.
[Installation] Succeeded: [Web Server (IIS)] Request Filtering.
[Installation] Succeeded: [Web Server (IIS)] URL Authorization.
[Installation] Succeeded: [Web Server (IIS)] Windows Authentication.
[Installation] Succeeded: [Web Server (IIS)] Request Monitor.
[Installation] Succeeded: [Web Server (IIS)] Logging Tools.
[Installation] Succeeded: [Web Server (IIS)] Basic Authentication.
[Installation] Succeeded: [Web Server (IIS)] Tracing.
[Installation] Succeeded: [Web Server (IIS)] IP and Domain Restrictions.
[Installation] Succeeded: [Web Server (IIS)] Static Content Compression.
[Installation] Succeeded: [Web Server (IIS)] Dynamic Content Compression.
[Installation] Succeeded: [Web Server (IIS)] Management Service.
[Installation] Succeeded: [Web Server (IIS)] .NET Extensibility.
[Installation] Succeeded: [.NET Framework 3.0 Features] HTTP Activation.
[Installation] Succeeded: [Web Server (IIS)] ASP.NET.
Windows 2008 Server Manger 49
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
[Installation] Succeeded: [Application Server] Application Server Foundation.
[Installation] Succeeded: [Application Server] HTTP Activation.
[Installation] Succeeded: [Application Server] Web Server (IIS) Support.
<100/100>
Success: Installation succeeded.
In just one command, I have installed all the components required for my standard web server build.
You have got to love that!
So that’s roles and features in Windows 2008. My advice to you is to try this out with some test
machines. Compare the process using the MMC and the command line. And keep in mind the process
of using an answer file for when you read about unattended installation of Windows Server 2008.
We’re going to leave this subject now and move on to the rest of Server Manager and have a quick
look around.
The Rest of Server Manager I think it’s safe to say the Server Manager is the successor to Computer Management that was present
in Windows Server 2000 and 2003. As such, a number of the tasks that you could do in Computer
Management are also present in Server Manager. Not only this, but there’s some new stuff in there
too. I keep saying this and you’re probably getting tired of it, but Server Manager is intended to be
your all-in-one management tool for the server that you’re working on.
Each of the tools included in Server Manager has been categorised based on the operations that they
are used for.
Diagnostics We’ve already seen how we can diagnose and repair role specific failures in Server Manager. But
sometimes problems are more complex than that and you’ll find that you need to do see the bigger
picture. We can use the tools that are linked in Server Manager under “Diagnostics” to help us
identify the cause of those problems.
The first tool we see in Diagnostics is an old friend: Event Viewer. Event Viewer has had a bit of work
done on it.
Windows 2008 Server Manger 50
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
The root view gives us a very helpful summary of the different types of events that are available in
Event Viewer. How often have you gone into Event Viewer and found that you had to search through
thousands of entries to find Critical or Warning level events. You’ve probably gone and filtered the
view but a large log can take some time to process. Windows 2008 Event viewer makes this easy for
us. Just expand the Event Type under “Summary of Administrative Events” and you’ll get a listing of
your desired level of events.
Another task that you’ve probably done repeatedly is to filter the view based on certain criteria such
as all events of source “HttpEvent” and event type of either “Failure” or “Warning”. Isn’t it pretty
annoying that every time you revisit Event viewer that you have to filter for this query again?
Windows 2008 Event Viewer comes to the rescue with Custom Views. You can define and save your
query using a Custom View. Not only that, but you can export the view and import it onto another
computer! The file format is XML so you can quickly copy and modify the file to create a collection of
Custom Views that you can import onto all of your servers as you deploy them.
Windows Logs gives us access to our now familiar set of logs including System, Security and
Application. Two new entries are to be found in there by default. The first is Setup. This log will
collect events related to the installation and removal of Roles and Features on your server. This will
be useful to identify when, who and how your server configuration was modified. That’s something
that will be useful to enforce compliance and change control. The most interesting addition to Event
Viewer is Forwarded Events. Almost every week I am either asked or see someone on a forum asking
for a solution for basic monitoring of small server networks that won’t cost an annual budget.
Forwarded Events allows a single server to gather log entries from other computers using
subscriptions. These events are then collected onto your server and presented to you in Forwarded
Events. Note that this service requires that both the Windows Remote Management and the
Windows Event Collector services are running.
Windows 2008 Server Manger 51
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
The Applications and Services Logs allows different applications to log their own specific details into
their own dedicated logs that an administrator can access via a single interface. The logs are broken
down into categories to make them easy to navigate. Of relevance to this document, you can find a
log for Server Manger in \Diagnostics\Event Viewer\Applications and Services
Logs\Microsoft\Windows\Server Manager. In here you can find log entries for every task you’ve run
using SERVERMANAGERCMD.EXE.
Subscriptions is where you define on how to collect log entries from target computers to a source
computer. You’ve got a number of options in here including selection targets, defining a query for
events to collect and what credentials to use to make the connection to the remote computers.
Reliability and Performance allows and administrator to monitor how a server is behaving. Instead
of querying log data, the administrator can get access to more tangible statistics such as resource
utilisation and server failure in this collection of tools.
Under Monitoring Tools we have Performance Monitor and Reliability Monitor. Performance
Monitor should be familiar to Windows administrators. It allows you to monitor current
performance metrics and to load a pre-existing data collector set to view historic data. Reliability
monitor is a new tool for analysing how change relates to failures in server reliability via a time chart
and collected events. It’s not uncommon for failures to be directly related to configuration changes.
This tool is Microsoft’s attempt to help us correlate these events.
Data Collector Sets allows us to collect data from the server that is not normally collected in Event
Viewer, i.e. performance and configuration information. It’s broken into two sets: System which is
Windows 2008 Server Manger 52
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
the hard coded set of sets and User Defined which allows an administrator to define a query and
schedule to gather data. You can run these sets to gather data. The resulting data can be either
loaded in Performance Monitor to create a historic chart or in Reports so you can have a text
summary of the Data Collector Set execution.
Device Manager allows administrators of a server to install or remove devices and to manage their
drivers.
Windows 2008 Server Manger 53
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
Configuration The Configuration section of Server Manager allows administrators to manage the configuration of
servers that is unrelated to Roles and Features, i.e. those components that are common to all
Windows 2008 servers.
Task Scheduler does exactly what it says on the tin. You can use it to schedule an operation that you
want to occur once in the future or on a recurring basis. You’ll notice that Microsoft has included a
set of tasks by default, including one to defrag your hard disks every week.
Windows 2008 Server Manger 54
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
Windows Firewall with Advanced Security is where you can configure the Windows Firewall. Notice
that it’s on by default and it’s pretty water tight!
Windows 2008 Server Manger 55
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
You can use the Services MMC to manage the services that are running on the server, including
changing their running status, their start-up type and the credentials they use to execute on the
server.
Windows 2008 Server Manger 56
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
You will WMI Control to manage the WMI configuration of the server that you are working on,
including backup up/restoring the configuration, assigning permissions and changing the default
scripting namespace.
Windows 2008 Server Manger 57
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
Local Users and Groups should be familiar to anyone who has worked with Microsoft operating
systems since Windows 2000. It is where you will manage local users and local groups on standalone
and member servers.
Storage We now wrap up our document on Server Manager by looking quickly at the Storage Section. There
are two aspects to this: Windows Server Backup and Disk Management.
Windows 2008 Server Manger 58
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
Windows Server Backup allows an administrator to back up their server without the need for third
party applications. You’re going to need to install the Windows Server Backup feature in order to be
able to use Windows Server Backup.
Windows 2008 Server Manger 59
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
Windows Server Backup is useful for smaller organisations with smaller budgets, those with
standalone servers or for administrators with an isolated test lab. Backing up our servers is one of
the most important things that we server administrators do and Windows Server Backup provides us
with a reliable tool for doing this, albeit not one that will be ideal for those who require cross
platform support, advanced storage or centralised management.
Windows 2008 Server Manger 60
Copyright Aidan Finn 2008
http://joeelway.spaces.live.com/ [email protected]
Administrators can use Disk Management to provision disks and volumes on the server. One of the
nice little improvements is the summary that tells us vital disk configuration information such as
which volumes are the system, boot, page file and crash dump partitions.
Summary
So that’s Server Manager. I think that it’s quite an impressive upgrade over Computer Management
and that Microsoft has given us a tool that probably does accomplish much of the lofty goal to create
a single point for managing a server. Add in SERVERMANAGERCMD.EXE and administrators have a
rapid, scriptable and easily repeatable way to manage the Role and Feature configurations of their
servers. If you are a server administrator then this is likely going to be the tool you use the most in
your day to day operations. If so, set up a test lab and try out some of the scenarios described in this
document. Then expand on your experiments by adding in the features that you are likely to
encounter in your job. Try to use SERVERMANAGERCMD.EXE and the answer file feature and you’ll
be pleasantly surprised how we command prompt fearing types will actually want to learn a bit more
of the dark side!