Azure Server management tools Manage your servers from anywhere #servermgmt #Azure #SMT   Leave a comment

Server management tools is an Azure service that offers a set of web-based GUI and command line tools to manage Windows Servers. This is especially useful when managing headless servers such as Nano Server and Server Core. These tools also provide rapid access to your on-premises infrastructure in a common dashboard alongside your Azure resources, thereby providing a consistent management experience across your infrastructure. Server management tools supports a set of basic server diagnostic tools.  The Tools are working on Windows Server 2012,Windows Server 2012R2,Windows Server 2016 and Nano Server

Server management tools requires a gateway which can be configured on any server in your environment. The gateway enables communication between the Microsoft Azure portal and your Windows Server machines, whether on-premises in your infrastructure, or hosted in a cloud provider.

A while a go I already created a blog post on this but as there are so many new features a fresh post is in place.

https://robertsmit.wordpress.com/2016/02/12/azure-server-management-tools-offers-a-set-of-web-gui-tools-to-manage-azurestack-servers-rsmt-asmt/

Even now that my wish on the Uservoice is added to the Service Management Tools #SMT the tools are getting better all the time.

How are things working below is a schematic overview.

server management tools

 

A Server management tools gateway is required to enable communication between the Microsoft Azure portal and your Windows Server 2016 machines. A gateway is typically deployed and configured on the same local network as the Windows Server machine(s) you wish to manage. The machine must have an internet connection.

Building the Connection go to Azure and look for Server Management Tools

server management tools

check the Server Management tools and a new right screen will open

server management tools

Just check Create.

imageserver management tools

A common mistake is give the computer name and the gateway the same name. but this will Fail!!

Important Item In the Computer name and the Gateway name can’t be the same name It can but you will not be able to manage this server remotely.

image

provide the NAME/IP/FQDN of the machine you want to connect to ( so not the GATEWAY SERVER )

If this is the first Server management tools connection you are creating, you will also need to choose to create a new Server management tools gateway and give it a name. You will be prompted to complete the gateway configuration after the Server management tools connection is created.

 

Configuring a new Server management tools Gateway

image

When creating the gateway you need to do little configuration on the Gateway server local

server management tools

I choose for automatic updates and you will need to generate a link with the gateway package

 

image

check the generate a package link and use this link to install the gateway

https://pdrsmtrppreviewneu.blob.core.windows.net/ce12af764058e42b8a603d3c2c77f1915/gateway.

image

 

  1. Use the generated link to download the gateway deployment package now, or copy the link URL to download the package later from the machine on which you intend to install the package.

  2. From the machine that you want to designate as the gateway, unzip the package and run GatewayService.MSI.

  3. Once the gateway installation completes, return to the Microsoft Azure portal and reopen your Server management tools connection.

  4. You should now be able to manage your Windows Server 2016 machine if the Microsoft Azure portal can reach it through the gateway.

server management tools

server management toolsserver management tools

now that the Gateway is installed you should see a OK status in the Azure console if not you need to do some extra settings.

After OK status

image

In case the Ok is not showing check your Firewall or past the rule below in the Firewall

NETSH advfirewall firewall add rule name="WinRM 5985" protocol=TCP dir=in localport=5985 action=allow

If you wish to connect using the local Administrator account, you will need to enable this policy on the target machine by running the following command in an administrator session on the target machine:

REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1

And if the WinRM settings are not in place you will need to set the correct winrm settings as well,

winrm set winrm/config/client @{ TrustedHosts="10.255.255.59" }

Change the IP with your own server when you set this on the manage server the trusted host must be the gateway server.

Now that the Service Management Tools Gateway is in place and working the Service Management Tools Connections needs configuration and this is where all the magic happens.

server management tools

when opening the Service Management Tools Connections you will need to set the administrator credentials else you can’t connect and do stuff on your server.

 

image

You can save the Credentials or Fill the in every time you need the Service Management Tools Connections for you server. A new feature is Persist credentials

The ability to save the credentials used to manage the target machines. From the credential entry dialog, you can opt to store credentials securely. The credentials are first encrypted using standard AES 256 encryption and then securely stored within Azure. These credentials can only be decrypted using the certificate which is stored in the Server management tools gateway. When you go to manage an instance, the encrypted credentials are passed down to the Server management tools gateway for decryption, and are then used to process all management requests on the target machine. Even though the credentials are securely stored in Azure, the on-premises certificate provides an additional level of security because only your gateway can decrypt the stored credentials since only your gateway has the certificate used to encrypt them. The certificate used to encrypt the credentials is never passed to Azure and the Azure service will never have access to unencrypted user credentials.

 

image

A brief overview of the server you can customize the view but the more you put in the overview the slower the content is showing in the browser. Unless you need it.

A long list of options and server management tools are there and the list is getting longer, File Explorer,Firewall rules and PowerShell script saving and Certificate manager are all new to the Service Management Tools Connections.

image

 

PowerShell script editor enhancements

The script editor is now equipped with basic file browsing capabilities. You can browse through the files on the target machine and open an existing script. You can create a new script or modify an existing one and save it on the target machine.

Script editor is now also integrated with your Azure Blob storage. You can save your scripts in your blob and make them available across all your servers and to other members of the subscription.

image

image

As the script editor can save the scripts or open the scripts from a blob account so you don’t need to type everything for each server

imageimage

the one thing is missing here is creating a Storage Account. this would be handy if you could create one here.

 

image

On the Storage account you can create a container for you files or if you already have one place the files in this container.

imageimageimage

But when you don’t want to place the files in Azure and leaf them on your server this is also an option.

image image

the File Explorer is a great option to look and use files on the Server and when you look at the storage you will see all the drives and what a great feature it shows even unhealthy drives.

The Certificate manager is also new to the server management tools

It brings the much needed ability to remotely manage certificates on targeted computers. With capabilities such as viewing all or a specific set of certificates, along with relevant event log channels, it helps you to find the root cause of certificate related issues. You can also import, export and delete certificates.

As you can see I  play a lot with the Certificates on the Hyper-V server guess it is time to do some certificate cleaning.

image

 

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Http://nl.linkedin.com/in/robertsmit

Google Me : https://www.google.nl

Bing Me : http://tinyurl.com/j6ny39w

LMGTFY : http://lmgtfy.com/?q=robert+smit+mvp+blog

Posted August 25, 2016 by Robert Smit [MVP] in Azure

Tagged with

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

  • Twitter

  • %d bloggers like this: