Anyone using Windows Admin Center to manage Windows servers? Currently running on a Server 2019 VM.
I’m just getting started with it, I have been using a little 4 core computer with RSAT and hoping to replace it with a Linux OS to have a little overhead back. WAC seems like it should do everything I need until it gets to the point where I need to RDP into a server, but common tasks seem doable.
Any pitfalls I should lookout for? Going to be all Server 2022 when I’m done, and maybe a bunch of Win10 workstations if it seems like it will save me time or footsteps for some common things.
I’m having consistent connection issues between member servers on the same subnet as the WAC server, but desktops seem to work pretty well. I’m on day 2 of trying to see if this is valuable. My goal is to get rid of the little computer I have running Win10 and RSAT, convert that to a light weight Linux and get the same things done. Still going to need to RDP once in a while until more extensions get created. I haven’t put my DC on this yet, kind of scared of messing it up right now, I have about 3 more weeks until I can move it to a VM and be a little more relaxed. Some of the stuff I did a month ago didn’t work out correctly and kind of bit me a little bit. Undid that stuff and just trying to get through the rest of the semester.
There are a lot of missing extensions and things like DHCP and DNS are still in “preview” status.
If you own Dell or HP servers their are extensions made to get into the BMC on the hardware, not finding anything for Supermicro IPMI yet.
WAC has promise, but I’m not sure it is all the way there yet. I think more work can get done through Server Manager right now (or other tools). I think WAC is meant for little places like my system that can’t justify things like Endpoint Manager (or SCCM).
Looks like I’m trying to get IPMI in an unsupported way, that and all my servers are VMs so they don’t have a direct connection to the IPMI in the servers.
Since IPMI is just a web host, I’ll have to look into something like Dashy on Linux to make a button for each server (hardware). Trying to stream line my system, because it is a mess!
Maintaining a state of cleanliness is important for sure. I can’t tell you how many environments I go into that admins don’t clean up after themselves with systems, accounts, etc. Aside from the recurring hard costs for things like cloud hosting, think about the run and maintain keeping old systems updated, etc. Many times that doesn’t even happen and then you have vulnerabilities sitting all over the place. Could easily be avoid by keeping things cleaned up.
Work got hit by a virus many years ago… It was one that was patched about 3 months before we were hit. They had a policy of vetting every patch before it was put in place, but no one was actually telling the system to push those patches out.
My system is so vanilla that I just let Microsoft install them every month, I don’t have the time to go through and check every patch before I send it out. If a workstation quits, I’ll rebuild it. The servers are on manual install, but generally I just let the security patches go each month.
That said, I need to go through my GPO and remove settings that no longer apply, I have a lot of junk leftover from XP. Hoping to get things cleaned up this summer after the last server move and changing my IP scheme, need to image all the workstations again to clean out some junk so it is a good time to move things over. Supposed to get new network switches too, if all the parts finally arrive, been waiting over a year for power supplies.
I just use WDS since everything I use is Windows. Our college has SCCM and Intune, but those are a domain based tool and since I’m not a part of that domain, I can’t use them. To make the images I just build a computer and sysprep, I’ve had bad luck with the other “proper” tools that Microsoft gives us. And doing it the “proper” way yields a roll out of over an hour to build and deploy to each computer, I can have an entire classroom done before it finishes half the room. I have a lot of post image hands on installs that need to happen so not a big deal.
I did just find that IPMI might still be an option through WAC. There is an extension for Advantech IPMI which calls a local install of their IPMI tools. Going to investigate this deeper, but need to move back to my production system, the lab is old iDrac and iLO which is definitely present in the extensions. The Advantech modules use the same ASpeed BMC chip that my Supermicro servers use, so this might be a slick option to get to the IPMI on my servers. See attached (click for larger).
Right now still playing with WAC to see if I can make it do what I need for daily/weekly needs. I really don’t get the time to check on things like I know I should. Kind of break/fix for most things. That’s what happens when your title is “wearer of many hats”, never have the time to do what you know is the right way. I need to evolve and set up a bunch of monitoring and alerts, I really only get time to deep dive every 5 to 10 years on this stuff, always playing catchup on the technologies.
Coming back with more experience… This is not ready to replace RSAT. The following do not have enough functions:
DHCP - no options or scheme, no failover settings, not much beyond basic range and reservations
DNS - almost ready
AD - close but not really everything, might work for day to day needs
Server Manager - not working even though the extension is installed, that might have given me what I need
Time Server - might be an easier way of configuring w32tm
Roles and Features - slimmed down and seems to work well, fewer clicks to get the stuff done. Need to add something that requires configuration and see what happens.
Power shell - opens a power shell in a browser, useful if you do a lot of stuff through PS commands
Also note that I’m running this against local servers, there seems to be a big focus for this tool to be Azure management, things probably work better with an Azure domain.
For install, something I didn’t see in the guides, the server requires a reboot after install. if not the extensions from the repo may not populate to be installed.
I’m going to keep this installed and running, and hope that updates come swiftly, but I don’t think I’m going to use it a lot yet. At least it is still free.
My servers seem to stop allowing connections, even though Win-RM service is running (delayed start). I restart the service on each server, and WAC connects fine. RDP through WAC works which can help getting work done on the extensions that just aren’t ready yet (above post). The Win-RM service seems to be tied up with the Citrix management agent and drivers, before it will restart it gives a warning, need to look into that more.
On my Win10 workstations I had to tweak some GPO to not only enable Remote management (WinRM), but to change the service from manual to delayed start and start it. But it doesn’t end there, I’m not able to use the RDP tool in WAC to connect, keeps saying bad password. I can pull up the normal RDP client and get into those workstations fine, already set a GPO to make this happen, but there must be one setting that needs to be enabled or something like that. Also not seeing the Updates section on desktop which is one of the things I really want to monitor to make sure my desktops are really installing the updates.
Trying to love it, but these constant issues are killing me.
Kind of a running log going… Building a new VM for a second DC (because I thought the first 2nd DC was broken), WAC will not connect after installing the following roles/features:
DNS, DHCP, Volume Management tools, Client for NFS
Twist of irony, these were installed through WAC. So maybe my first 2nd DC isn’t broken after all, something broke the way WAC interfaces with the server after installing those roles. Pinning the blame on DNS or Volume management tools (KMS host). Not also that on this latest attempt, none of these roles have been configured, so they should not be a factor.
I’ll have to chase this down when I have more time to fix it.
[edit] I just tried a different admin account, and these servers now connect. I’ll have to keep track of this change and see which different groups there might be between these two accounts, they should have had the same permissions.
