In the Technical Preview 5 release of Windows erver 2016 Microsoft offers besides the normal ISO image, a VHD image with a basic installation of Nano Server. This means that if you just want to test this new OS out you can download the VHD, assign it to a VM and start it up.
In this post I want to show you the basic tasks to set up a Nano Server VM and getting ready to joi a domain. I will be covering the following:
- Set local admin password
- Configure network settings
- Configure firewall
- Prepare the machine for a domain join
- Join a domain
First thing to do is actually download the VHD file from Microsoft. The download link and what is new can be found in this post. For a quick test I recommend to get directly the VHD file because the ISO contains a WIM file meant to be customized before used. I have placed my VHD iage in the HDD folder that I set default for Hyper-V and renamed it to NANOTEST.VHD because NANOTEST will be the name of the VM I will use.
Since we have a VHD on our hands and not a VHDX we cannot use a Generation 2 virtual machine without converting the hard disk. Let’s make this test as fast as possible and just use a Gen 1 VM instead. My machine will be named NANOTEST and for the HDD I will select the downloaded VHD file.
With the settings made we can start the virtual machine and play around with nano server. Now let’s go through the checklist of configurations.
Set local admin password
The first screen you get after booting is the logon screen. Since this is a new computer just press F11 to set a password for Administrator.
Enter a password you preffer and press tab to go down and re-enter that password. Press ENTER to save the changes. You will be directed to the Nano Server Recovery Console. If you log off and want to log in again just enter Administrator for the username and the password you just set; since this is a local user no domain is needed.
Welcome to Nano Server. This is how the OS looks like when connecting to it directly using a monitor and a keyboard (no mouse required or accepted). Use the up and down keys to navigate the menu and Enter to select something.
Configure network settings
Let’s set the basic network settings: IP, subnet mask and default gateway if needed. Go into the networking menu to do this. You will see a list of adapters (name and MAC address); choose the one you need configured by navigating to it and pressing Enter. You will get a screen with the current network configuration. If there is a DHCP server on the network the work is done, just note the IP address and go the the next step. If no DHCP server is present, you will see something like this:
Press F11 to enter the IPv4 settings page. Since DHCP is enabled, use F4 to toggle it. Now enter the required info and press ENTER to save. You will need to press ENTER a second time to accept the settings.
Use ESC to go back to the primary menu screen.
There are 2 rules to enable in the firewall: the ICMP rule so PING will work and the SMB rule so file sharing will work.
For file sharing navigate to File and Printer Sharing (SMB-In) and press ENTER.
On the rule configuration page just press F4 to activate it.
Do the same for the File and Printer Sharing (Echo Request – ICMPv4-In).
Now we can test if PING works against this IP address from another server or computer on the network.
Good. We are on our way. Since Nano Server does not have a UI or a command line interface we will use Powershell Remoting to make configurations to it. Since we will use the IP to connect to it before joining the domain, one step needs to be taken in order for this to work. The machine from which we are connecting needs to trust this IP for WSMan connections. Run this command in Powershell to set the trusted IP:
Set-Item WSMan:\localhost\Client\TrustedHosts -Value 192.168.1.6
Prepare the machine for a domain join
First thing to do is make a connection to the machine with Powershell Remoting. For credentials just use 192.168.1.6\administrator with the previously configured password.
Enter-PSSession -ComputerName 192.168.1.6 -Credential (Get-Credential 192.168.1.6\administrator)
Before joining the domain it would be nice to change the server’s name as the default one is not that easy to remember as seen from the picture below. For changing the name a restart is required:
Rename-Computer NANOTEST Restart-Computer
The second thing to do is set at least one DNS server from the domain we wamt to join. I have 2 DNS servers in my test infrastructure: 192.168.1.1 and 192.168.1.2 so I will set both. The settings will be made on the NIC configured previously. Let’s get a list of all network adapters and get the Index of the one we will configure.
The Index we are after in this case is 2. Let’s set the 2 DNS addresses.
Set-DnsClientServerAddress -InterfaceIndex 2 -ServerAddresses 192.168.1.1,192.168.1.2 Get-DnsClientServerAddress -InterfaceIndex 2
The machine can be joined to the domain. Unfortunately there is no Add-Computer command to make this easy for us. The way to have nano server join a domain is using djoin.exe to first provision a computer account in Active Directory and then configure the machine to link to it. This is called an offline domain join.
Join a domain
The offline domain join has 2 steps:
- Run djoin.exe on a domain computer with an account that can create computer objects to provision the account for the new machine
- Run djoin.exe on the computer that is joined to the domain to give it the provisioned account information
The command to create the computer account and save the provision data to a file is:
djoin.exe /provision /domain lab.test /machine NANOTEST /savefile C:\nt.txt
The nt.txt file has to be copied on the nano server computer so it can read the information when joining the domain. Since we enabled the file sharing earlier we can access C$ to copy it. When asked for credentials just enter nanotest\administrator as the username. Copy the file to the C driver.
Connect back to the nano server computer to run the second djoin command. Now is the part when we tell it to read the file and at the next restart request to join our domain. After the djoin command just restart the computer.
djoin /requestodj /loadfile C:\nt.txt /windowspath C:\Windows /localos Restart-Computer
After the restart, which takes about 3 or 4 seconds, you can now remote to the machine with domain credentials.
This was a quick look at how to configure some basic things in nano server.