Azure Server management tools Manage your servers from anywhere #servermgmt #Azure #SMT

Server management tools is an Azure service that offers a set of web-based GUI and command line tools to manage Windows Servers. This is especially useful when managing headless servers such as Nano Server and Server Core. These tools also provide rapid access to your on-premises infrastructure in a common dashboard alongside your Azure resources, thereby providing a consistent management experience across your infrastructure. Server management tools supports a set of basic server diagnostic tools.  The Tools are working on Windows Server 2012,Windows Server 2012R2,Windows Server 2016 and Nano Server

Server management tools requires a gateway which can be configured on any server in your environment. The gateway enables communication between the Microsoft Azure portal and your Windows Server machines, whether on-premises in your infrastructure, or hosted in a cloud provider.

A while a go I already created a blog post on this but as there are so many new features a fresh post is in place.

Even now that my wish on the Uservoice is added to the Service Management Tools #SMT the tools are getting better all the time.

How are things working below is a schematic overview.

server management tools


A Server management tools gateway is required to enable communication between the Microsoft Azure portal and your Windows Server 2016 machines. A gateway is typically deployed and configured on the same local network as the Windows Server machine(s) you wish to manage. The machine must have an internet connection.

Building the Connection go to Azure and look for Server Management Tools

server management tools

check the Server Management tools and a new right screen will open

server management tools

Just check Create.

imageserver management tools

A common mistake is give the computer name and the gateway the same name. but this will Fail!!

Important Item In the Computer name and the Gateway name can’t be the same name It can but you will not be able to manage this server remotely.


provide the NAME/IP/FQDN of the machine you want to connect to ( so not the GATEWAY SERVER )

If this is the first Server management tools connection you are creating, you will also need to choose to create a new Server management tools gateway and give it a name. You will be prompted to complete the gateway configuration after the Server management tools connection is created.


Configuring a new Server management tools Gateway


When creating the gateway you need to do little configuration on the Gateway server local

server management tools

I choose for automatic updates and you will need to generate a link with the gateway package



check the generate a package link and use this link to install the gateway



  1. Use the generated link to download the gateway deployment package now, or copy the link URL to download the package later from the machine on which you intend to install the package.

  2. From the machine that you want to designate as the gateway, unzip the package and run GatewayService.MSI.

  3. Once the gateway installation completes, return to the Microsoft Azure portal and reopen your Server management tools connection.

  4. You should now be able to manage your Windows Server 2016 machine if the Microsoft Azure portal can reach it through the gateway.

server management tools

server management toolsserver management tools

now that the Gateway is installed you should see a OK status in the Azure console if not you need to do some extra settings.

After OK status


In case the Ok is not showing check your Firewall or past the rule below in the Firewall

NETSH advfirewall firewall add rule name="WinRM 5985" protocol=TCP dir=in localport=5985 action=allow

If you wish to connect using the local Administrator account, you will need to enable this policy on the target machine by running the following command in an administrator session on the target machine:

REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1

And if the WinRM settings are not in place you will need to set the correct winrm settings as well,

winrm set winrm/config/client @{ TrustedHosts="" }

Change the IP with your own server when you set this on the manage server the trusted host must be the gateway server.

Now that the Service Management Tools Gateway is in place and working the Service Management Tools Connections needs configuration and this is where all the magic happens.

server management tools

when opening the Service Management Tools Connections you will need to set the administrator credentials else you can’t connect and do stuff on your server.



You can save the Credentials or Fill the in every time you need the Service Management Tools Connections for you server. A new feature is Persist credentials

The ability to save the credentials used to manage the target machines. From the credential entry dialog, you can opt to store credentials securely. The credentials are first encrypted using standard AES 256 encryption and then securely stored within Azure. These credentials can only be decrypted using the certificate which is stored in the Server management tools gateway. When you go to manage an instance, the encrypted credentials are passed down to the Server management tools gateway for decryption, and are then used to process all management requests on the target machine. Even though the credentials are securely stored in Azure, the on-premises certificate provides an additional level of security because only your gateway can decrypt the stored credentials since only your gateway has the certificate used to encrypt them. The certificate used to encrypt the credentials is never passed to Azure and the Azure service will never have access to unencrypted user credentials.



A brief overview of the server you can customize the view but the more you put in the overview the slower the content is showing in the browser. Unless you need it.

A long list of options and server management tools are there and the list is getting longer, File Explorer,Firewall rules and PowerShell script saving and Certificate manager are all new to the Service Management Tools Connections.



PowerShell script editor enhancements

The script editor is now equipped with basic file browsing capabilities. You can browse through the files on the target machine and open an existing script. You can create a new script or modify an existing one and save it on the target machine.

Script editor is now also integrated with your Azure Blob storage. You can save your scripts in your blob and make them available across all your servers and to other members of the subscription.



As the script editor can save the scripts or open the scripts from a blob account so you don’t need to type everything for each server


the one thing is missing here is creating a Storage Account. this would be handy if you could create one here.



On the Storage account you can create a container for you files or if you already have one place the files in this container.


But when you don’t want to place the files in Azure and leaf them on your server this is also an option.

image image

the File Explorer is a great option to look and use files on the Server and when you look at the storage you will see all the drives and what a great feature it shows even unhealthy drives.

The Certificate manager is also new to the server management tools

It brings the much needed ability to remotely manage certificates on targeted computers. With capabilities such as viewing all or a specific set of certificates, along with relevant event log channels, it helps you to find the root cause of certificate related issues. You can also import, export and delete certificates.

As you can see I  play a lot with the Certificates on the Hyper-V server guess it is time to do some certificate cleaning.




Follow Me on Twitter @ClusterMVP

Follow My blog

Linkedin Profile Http://

Google Me :

Bing Me :


Author: Robert Smit [MVP]

Robert Smit is Senior Technical Evangelist and is a current Microsoft MVP in Clustering as of 2009. Robert has over 20 years experience in IT with experience in the educational, health-care and finance industries. Robert’s past IT experience in the trenches of IT gives him the knowledge and insight that allows him to communicate effectively with IT professionals who are trying to address real concerns around business continuity, disaster recovery and regulatory compliance issues. Robert holds the following certifications: MCT - Microsoft Certified Trainer, MCTS - Windows Server Virtualization, MCSE, MCSA and MCPS. He is an active participant in the Microsoft newsgroup community and is currently focused on Hyper-V, Failover Clustering, SQL Server, Azure and all things related to Cloud Computing and Infrastructure Optimalization. Follow Robert on Twitter @ClusterMVP Or follow his blog Linkedin Profile Http:// Robert is also capable of transferring his knowledge to others which is a rare feature in the field of IT. He makes a point of not only solving issues but also of giving on the job training of his colleagues. A customer says " Robert has been a big influence on our technical staff and I have to come to know him as a brilliant specialist concerning Microsoft Products. He was Capable with his in-depth knowledge of Microsoft products to troubleshoot problems and develop our infrastructure to a higher level. I would certainly hire him again in the future. " Details of the Recommendation: "I have been coordinating with Robert implementing a very complex system. Although he was primarily a Microsoft infrastructure specialist; he was able to understand and debug .Net based complext Windows applications and websites. His input to improve performance of applications proved very helpful for the success of our project

One thought on “Azure Server management tools Manage your servers from anywhere #servermgmt #Azure #SMT”

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: