|
In my last article,
An Introduction to Windows Server 2008 Server Core,
I gave a basic introduction to Windows Server 2008 Server Core and walked you
through the process of getting the server up and running.
This included installation, restarting and shutting down, setting the the
computer's name and workgroup, and configuring TCP/IP.
This article will pick up right where the last one left off.
This time around we'll cover the following:
- Installing a Server Role - So your new server can actually do something useful.
- How to Install Updates and Patches - To keep things up to date and running smoothly.
- Enabling Remote Administration - Because driving to the office in the middle of the night is a real drag.
Installing a Server Role
A server isn't really much good unless you can use it to do some work. That's where
server roles come in. Currently a Windows Server 2008 server running as a Server Core installation
can support the following roles:
- Active Directory Domain Services (AD DS)
- Active Directory Lightweight Directory Services (AD LDS)
- DHCP Server
- DNS Server
- File Services
- Hyper-V
- Print Services
- Streaming Media Services
- Web Server (IIS)
Since 15 Seconds is mainly focused on Web related technology and the recent
rumblings from the PDC
and other sources
(Server Core Blog and
MSDN)
seem to indicate that Windows Server 2008 R2 Server Core installations will include some
.NET Framework functionality (yippee!), I'll be installing the Web Server (IIS) role as my example.
In order to install a role, you'll normally use ocsetup.exe which is the file name of
the "Windows Optional Component Setup" program. To get the minimal
version of IIS up and running you'll need three components: IIS-WebServerRole,
WAS-WindowsActivationService, and WAS-ProcessModel. To install those components
you need to issue this series of three commands:
start /w ocsetup IIS-WebServerRole
start /w ocsetup WAS-WindowsActivationService
start /w ocsetup WAS-ProcessModel
The "start /w " at the beginning of each of those commands is optional and
simply waits for the process to finish before returning to the command prompt.
If you don't include it and run the commands one after another you might get an error
message telling you that the previous installation is still in progress.
Note: You can also use "Windows Package Manager" (pkgmgr.exe)
to install the IIS components. I've used both and haven't noticed any real difference
except that with Package Manager you can easily install multiple packages at once. With most
roles this isn't much of a factor, but with IIS it does come in handy since there are so many
options that you may want to install a number of them. The pkgmgr syntax to accomplish the
same thing we just did above using ocsetup would be:
start /w pkgmgr /iu:IIS-WebServerRole;WAS-WindowsActivationService;WAS-ProcessModel
Once you've completed the above steps and assuming you didn't get any errors you
should now be able to remotely retrieve the default IIS 7 welcome page from your Windows Server Core
IIS Web server.
As I mentioned, IIS has a lot of optional features. In fact, it's the most highly componentized
of all the server roles. Instead of simply installing everything, I prefer to start with a
minimal install and add features as I need them. The problem then becomes how to determine
the exact name of the update I want to install... especially since they're all case sensitive!
Luckily there's an easy solution -- the oclist.exe command.
Oclist will display a list of all the server roles and components available on a given
server as well as indicating whether or not they are currently installed. It's output looks like this:
Notice how most of the items in the tree are labeled as "Not Installed" while the
few that I installed above, like IIS-WebServerRole, are labeled as "Installed".
So far the Web server is up and running and ready to server static content.
If you require additional features, simply use oclist.exe to find the names that
correspond to features in question and install them using either ocsetup.exe or pkgmgr.exe
in the same manner we used to install the basic IIS services.
How to Install Updates and Patches
Now that our server has some components installed and is actually going to be doing some work,
it's important we keep it up to date with the latest updates and patches. You'll have a lot
fewer patches to install then you would on a full blown Windows Server installation, but that
doesn't mean you can ignore them altogether.
There are two main methods of updating your server: manually and via automatic updates.
Of the two, automatic updates is easier to implement and you can basically set it and
forget it so I'll cover that method first.
Automatic Updates
Like most everything in Server Core, there's no dialog box to modify the settings for Automatic Updates.
Luckily Microsoft was nice enough to include a little script to help you manage them.
There are basically three options:
Enable automatic updates:
cscript scregedit.wsf /AU 4
Disable automatic updates:
cscript scregedit.wsf /AU 1
Verify the current setting:
cscript scregedit.wsf /AU /v
Finding and Installing Updates Manually
Okay... so if you're reading this I'm assuming you don't want to use Automatic Updates.
Not to worry... installing updates manually isn't really all that difficult. The hardest
part is actually finding the updates. To help with that, I've got a great link for you that
most people have never even heard about. It's the
Microsoft Update Catalog
and it provides more updates then you probably ever knew existed.
I'll assume you'll be able to keep up to date and find the updates you want to install.
Once you find and download them, the next step is to get them onto your Server Core machine.
If you haven't installed the File Services role, the easiest way is to access them over
the network using your Server Core machine as the client. To make things easy, just map
a drive letter to wherever you've stored the files on your network. Something like this should do the trick:
NET USE U: \\server_name\share_name
Then all you need to do is use wusa.exe which is the "Windows Update Standalone Installer".
Assuming you used the command above to map your installation source folder to drive letter U:,
the syntax will look something like this:
wusa U:\<UPDATE_NAME>.msu /quiet
If you want to check which updates and hotfixes have been installed on a Server Core machine,
SystemInfo.exe will list them all, along with lots of other useful information.
Enabling Remote Administration
So far, I've been doing all my work at the actual server itself, but
just like a normal Windows Server installation, a Server Core installation
also supports remote administration. You just need to enable it and configure
a few things first.
Remote Desktop
The simplest method of remotely administering a Server Core instance is to simply enable
Remote Desktop (aka. Terminal Services) on the server and then connect via a Remote
Desktop client which can be found on most XP or Vista machines. In order to configure
your Server Core machine to accept remote connections simply execute the following command:
cscript scregedit.wsf /AR 0
This will allow you to connect from machines running Windows Vista and Windows Server 2008.
If you need to connect from computers running an earlier version of Windows (like XP), you'll also
need to execute the following command to relax Remote Desktop security a little.
cscript scregedit.wsf /CS 0
While Remote Desktop is great, it doesn't get you access to the point and click interface
most of us are used to using to administer our Windows Servers. While it does take a little work,
with a little tweaking you can connect to your Server Core machine using MMC and all the snap-ins
that use it.
Remote MMC Connections
The first step in getting remote MMC connections to work is to configure the firewall to allow
MMC connections. You can create specific rules limiting connections to only certain snap-ins, but
to simply allow them all, you use this command:
netsh advfirewall firewall set rule group="Remote Administration" new enable=yes
Next you need to establish credentials on the client computer with which to connect to the server.
If your login and password matches you'll probably be able to connect without a problem. Otherwise,
you'll need to look into using the cmdkey.exe program. You run it on the the client computer and
specify a valid username and password for the server. The syntax is as follows:
cmdkey /add:ServerCoreWeb /user:<username> /pass:<password>
Unfortunately, I believe this will only work on Windows Vista and Windows Server 2008,
so managing Windows Server 2008 from an XP machine seems like it need to be done via Remote Desktop.
Once you've got the firewall and permissions issues handled, remote administration is relatively simple.
I'll use Computer Management for illustration. Simply open the MMC for Computer Management.
Then right click where it says "Local" and select "Connect to another computer...".
In the dialog box type the name or IP address of your Server Core machine and click "OK".
Notice how the snap-in is now managing the Server Core machine (named "ServerCoreWeb")
instead of the local computer.
Conclusion
In this article we covered installing a server role, installing patches and updates, and enabling
remote administration of your new Windows 2008 Server Core instance. Looking back, it
seems odd that each of those tasks could be accomplished in at least two ways. Especially
when you consider that this is the "trimmed-down" version of the OS. I guess it just
goes to show that there almost always is more then one way to get something done.
|
