Archive for the ‘server 2012’ Tag

Installing WSUS on Windows Server 2012 Server Core   Leave a comment

Installing the WSUS Windows Feature
This only covers a default installation using the locally installed Windows Internal Database. For a more comprehensive walkthrough, have a read of this article by Boe Prox.

  1. Open an elevated Powershell session on the server
  2. Run: Install-WindowsFeature -Name UpdateServices -IncludeManagementTools
  3. Run: wsusutil postinstall CONTENT_DIR=D:\Wsus

The Wsusutil.exe utility can be found by default under “C:\Program Files\Update Services\Tools”.

The CONTENT_DIR directive is optional, but given how large the update repository can become, it’s fairly common to dedicate a separate drive to it. The command itself – amongst other things, creates the database within the WID.

If the host you’re installing WSUS on to also happens to be a virtual guest – or even if it’s physical, this still isn’t a bad idea, you might want to specify an upper memory limit for the WID – much as you would for SQL Server itself. You can do this by:

Optional: Configuring WID (SQL Server 2012 base) memory usage

  1. Download and install the SQL 2012 native client from here. See installation notes below.
  2. Download and install the SQL command line tools also from here. See installation notes below.
  3. Open an elevated command prompt
  4. Change directory to “C:\Program Files\Microsoft SQL Server\110\Tools\Binn”
  5. Run: sqlcmd -S \\.\pipe\MICROSOFT##WID\tsql\query -E
  6. Run each of the following at the interactive prompt:
    sp_configure ’show advanced options’, 1
    reconfigure
    go
    sp_configure ‘max server memory’, 256
    reconfigure
    go
    exit

The figure of 256 indicates 256MB. You can tune that upwards or downwards as you see fit. Just keep in mind that the W3WP.exe processes will end up consuming a fair bit of memory as well, and you don’t want the two fighting each other for physical memory to only end up seeing one lose and subsequently thrashing the page file.

With the SQL components downloaded in steps 1 and 2 above, you can install them on Server 2012 Server Core with the following commands:

  • sqlncli.msi /qb IACCEPTSQLNCLILICENSETERMS=YES
  • SqlCmdLnUtils.msi /qb

Cheers,
Lain

Advertisements

Enabling the IIS Management Service on Server Core 2012   Leave a comment

Install the IIS Management Service (assuming IIS is already installed)

  • Open an elevated Powershell session
  • Run: Install-WindowsFeature -Name Web-Mgmt-Service
  • Run: sc config WMSVC start=auto
  • Run Regedit.exe and navigate to HKLM\Software\Microsoft\WebManagement\Server
  • Change the binary value of EnableRemoteManagement from 0 to 1
  • Run: Start-Service WMSVC

Optional: Enrol a certificate from an internal AD CA

  • Open an elevated Powershell session
  • Launch Notepad
  • Add the following lines to the new file:
    [NewRequest]
    Subject=”cn=yourServer.yourDomain.com”
    Exportable=TRUE
    [RequestAttributes]
    CertificateTemplate=”WebServer”
  • Save the file as something ending in .inf, for example iis.inf
  • Run: certreq -new d:\temp\iis.inf d:\temp\request.txt
  • Run: certreq -submit d:\temp\request.txt d:\temp\iiscert.cer
  • Run: certreq -accept d:\temp\iiscert.cer

Optional: Changing the listener certificate

  • Open an elevated PowerShell session
  • Run: Get-ChildItem -Path “cert:\localmachine\my”
  • Copy the thumbprint for the certificate you enrolled above
  • Run the following
    netsh
    http
    del sslcer ipport=0.0.0.0:8172
    For the next command, replace yourCert with the thumbprint copied from step 3:
    add sslcert ipport=0.0.0.0:8172 certhash=yourCert appid={00000000-0000-0000-0000-000000000000} certstorename=MY verifyrevocationwithcachedclientcertonly=disable usagecheck=enable dsmapperusage=disable clientcertnegotiation=disable
  • Run: show sslcer, just to just to check the binding was successfully applied with the nominated settings (even if the output from the above command was successful)

Assuming you completed the optional steps, you can now bind to the IIS Management Service without receiving the certificate trust warning.

If you elected to skip the optional procedures, you will still be able to connect, you’ll just have to put up with the warnings.

Cheers,
Lain