Install and configure ADDS on Windows Server 2022 Core in Azure (Part 2)

A question I often get is ‘why should I use Windows Server Core edition’? This is difficult to manage and I do not like a server without a graphical interface.

The first thing I always tell you is, you DON’T HAVE to do anything, but my advice is to do it. Especially for a number of crucial server roles.

Some advantages of Windows Server Core edition at a glance:

· It’s faster (less services running, no overhead, no graphical user interface)

· More secure

· It’s modern

· Less disk space required

· Smaller footprint

· Smaller attack surface

· Faster deployment

Difference in installed services:

On Windows Server 2022 with a graphical user interface, there are 210 installed services. On the Windows Server Core edition, there are just 127 installed services. That’s a big difference of 83 services.

image

image

Defference in running services:

On Windows Server 2022 with a graphical user interface, there are 73 running services. On Windows Server Core edition, there are just 66 running services. That’s a difference of 7 servies.

image

image

Used diskspace on the C drive

On Windows Server 2022 with a graphical user interface, the installation of the operating system uses around the 13 GB of space.

image

The Windows Server Core edition, just uses arount the 9 GB of space for the operating system.

image

Performance (CPU and memory)

In performance, there is a little difference on ‘normal’ usage of the server. The memory usage on Server Core edition is around the 1,6 GB and 2,1 on the graphical version. The CPU load is also a little less as you can see.

image

image

Summary:

The choice of whether or not to deploy Windows Server Core within the infrastructure depends on a number of things. First of all, the workload or application must be suitable to run on Server Core. This is certainly not the case for all applications or server roles.

Especially for crucial server roles, such as domain controllers, it is advisable to use Server Core. It offers a number of advantages, which contributes to a more stable and secure environment.

And with Remote Server Administration Tools (RSAT), Microsoft Management Console (MMC), Windows Admin Center or Arc, a Windows Server with core edition is easy to manage.

Enable Azure Hybrid Benefit with Azure Resource Manager (ARM)

In Azure, you have the option to bring in your own licenses (Azure Hybrid Benefit). If you deploy a virtual machine using Azure Resource Manager (ARM) templates, this option is not enabled by default. Certainly for test environments, demos, but in many cases also production environments, you want to enable this option.

By adding the line below to your ARM template, the Azure Hybrid Benefit is enabled.

2021-10-19_21h12_41

2021-10-19_21h04_48

Remove DVD drive on Azure virtual machine

When you deploy a new virtual machine, for example Windows Server 2016/2019 or 2022, you’ll get the C: drive with the operating system, the D: drive for the TEMP storage (most of the VM types) and a DVD drive.

The DVD drive is not needed in some situations, for example on domain controllers. This type of servers you want to harden the security as much as possible. So, for domain controllers we’re deploying in our customer environments, we want to disable the DVD drive.

We run the following command when deploying new domain controllers in Azure.

## Disable DVD drive
Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\cdrom -Name Start -Value 4 -Type DWord

After this step, reboot the server and your DVD drive is gone!

2021-09-23_16h37_49

2021-09-23_16h38_20

2021-09-23_16h51_07

Error: ‘User failed validation to purchase resources’ when deploying a virtual machine

Today I’ve deployed a new virtual machine within Azure using the Windows Server 2022 Azure Edition Preview Marketplace image. After running my Powershell script, I received an error:
’User failed validation to purchase resources. Error message: ‘You have not accepted the legal terms on this subscription: …..’

image

So, let’s take a look at the legal terms, also using Powershell. I’ve used a couple of variables.

$azureVmPublisherName = "MicrosoftWindowsServer"
$azureVmOffer = "microsoftserveroperatingsystems-previews"
$azureVmSkus = "windows-server-2022-azure-edition-preview"
$Version = "latest"


Get-AzMarketplaceTerms -Publisher $azureVmPublisherName -Product $azureVmOffer -Name $azureVmSkus

image

As you can see, the legal terms are not accepted yet!! With a small Powershell command, we can accept the legal terms.

Get-AzMarketplaceTerms -Publisher $azureVmPublisherName -Product $azureVmOffer -Name $azureVmSkus | Set-AzMarketplaceTerms -Accept

image

Now you’re good to go!!

PowerCLI: An Aspiring Automator’s Guide

Getting into scripting can be daunting. It’s easier to just use existing scripts found online, but if you choose this route you’ll quickly run into limitations. If you take the time to learn how to create your scripts, trust me, you’ll never look back!

clip_image002

Automating vSphere is particularly useful for countless applications and the best way is through PowerCLI – a version of PowerShell developed specifically for VMware. Learn how to develop your own PowerCLI scripts with this free 100+ page eBook from Altaro, PowerCLI: The Aspiring Automator’s Guide.

Written by VMware vExpert Xavier Avrillier, this eBook presents a use-case approach to learning how to automate tasks in vSphere environments using PowerCLI. We start by covering the basics of installation, set up, and an overview of PowerCLI terms. From there we move into scripting logic and script building with step-by-step instructions of truly useful custom scripts, including how to retrieve data on vSphere objects; display VM performance metrics; how to build HTML reports and schedule them; the basics on building functions; and more!

Stop looking at scripts online in envy because you wish you could build your own scripts.

Get started on your path to automation greatness – Download the eBook now!

Enable Azure Accelerated Networking

Azure Accelerated Networking is a new option for Azure Infrastructure as a Service (IaaS) Virtual Machine (VM) on the NIC level providing several benefits by enabling single root I/O virtualization (SR-IOV) to a VM, greatly improving its networking performance. This high-performance path bypasses the host from the datapath, reducing latency, jitter, and CPU utilization, for use with the most demanding network workloads on supported VM types. You would typically use this feature with heavy workloads that need to send or receive data at high speed with reliable streaming and lower CPU utilization. It will enable speeds of up to 25Gbps per Virtual Machine. Best of all, it’s free!

accelerated-networking

How to Enable Accelerated Networking:

You can enable this feature during initial creation of the VM, on the networking tab, you will see “Enable Accelerated Networking”. If you are unable to enable, then it is not compatible on your chosen Azure VM size. If you need to enable this feature after VM creation you will require to do so through powershell as it is not yet supported in the portal. You can do this simply with the below commands after deallocating the Virtual Machine.


Login-AzureRmAccount
$nic = Get-AzureRmNetworkInterface -ResourceGroupName “YourResourceGroupName” -Name “YourNicName”
$nic.EnableAcceleratedNetworking = $true
$nic | Set-AzureRmNetworkInterface

Then proceed to start the Virtual Machine and Accelerated Networking will be enabled.

Altaro Dojo forums

Altaro has kicked off the Altaro Dojo forums. The forum brings fellow IT pros together, connect the community and enable members to learn and share their knowledge with one another.

Some info on how people can use the forum can be found here.

Please register on the forum and share your knowledge with other IP pros! Let’s make some community!

I want to become a ‘Ninja’. Let’s go!!!