First steps with Nano Server TP5

    In the Technical Preview 5 release of Windows erver 2016 Microsoft offers besides the normal ISO image, a VHD image with a basic installation of Nano Server. This means that if you just want to test this new OS out you can download the VHD, assign it to a VM and start it up.

    In this post I want to show you the basic tasks to set up a Nano Server VM and getting ready to joi a domain. I will be covering the following:

  • Set local admin password
  • Configure network settings
  • Configure firewall
  • Prepare the machine for a domain join
  • Join a domain

    First thing to do is actually download the VHD file from Microsoft. The download link and what is new can be found in this post. For a quick test I recommend to get directly the VHD file because the ISO contains a WIM file meant to be customized before used. I have placed my VHD iage in the HDD folder that I set default for Hyper-V and renamed it to NANOTEST.VHD because NANOTEST will be the name of the VM I will use.

    Since we have a VHD on our hands and not a VHDX we cannot use a Generation 2 virtual machine without converting the hard disk. Let’s make this test as fast as possible and just use a Gen 1 VM instead. My machine will be named NANOTEST and for the HDD I will select the downloaded VHD file.

Nano Server VM config

Nano Server VM config

    With the settings made we can start the virtual machine and play around with nano server. Now let’s go through the checklist of configurations.

    Set local admin password

    The first screen you get after booting is the logon screen. Since this is a new computer just press F11 to set a password for Administrator.

First nano server logon screen

First nano server logon screen

    Enter a password you preffer and press tab to go down and re-enter that password. Press ENTER to save the changes. You will be directed to the Nano Server Recovery Console. If you log off and want to log in again just enter Administrator for the username and the password you just set; since this is a local user no domain is needed.

Change administrator password on Nano Server

Change administrator password on Nano Server

    Welcome to Nano Server. This is how the OS looks like when connecting to it directly using a monitor and a keyboard (no mouse required or accepted). Use the up and down keys to navigate the menu and Enter to select something.

The nano server recovery console

The nano server recovery console

    Configure network settings

    Let’s set the basic network settings: IP, subnet mask and default gateway if needed. Go into the networking menu to do this. You will see a list of adapters (name and MAC address); choose the one you need configured by navigating to it and pressing Enter. You will get a screen with the current network configuration. If there is a DHCP server on the network the work is done, just note the IP address and go the the next step. If no DHCP server is present, you will see something like this:

Nano Server network configuration

Nano Server network configuration

    Press F11 to enter the IPv4 settings page. Since DHCP is enabled, use F4 to toggle it. Now enter the required info and press ENTER to save. You will need to press ENTER a second time to accept the settings.

Set IP settings

Set IP settings

    Use ESC to go back to the primary menu screen.

    Configure firewall

    There are 2 rules to enable in the firewall: the ICMP rule so PING will work and the SMB rule so file sharing will work.

    For file sharing navigate to File and Printer Sharing (SMB-In) and press ENTER.

Enable file sharing in nano server

Enable file sharing in nano server

    On the rule configuration page just press F4 to activate it.

Firewall rule settings

Firewall rule settings

    Do the same for the File and Printer Sharing (Echo Request – ICMPv4-In).

ICMP rule

ICMP rule

    Now we can test if PING works against this IP address from another server or computer on the network.

Test ping on newly configured address

Test ping on newly configured address

    Good. We are on our way. Since Nano Server does not have a UI or a command line interface we will use Powershell Remoting to make configurations to it. Since we will use the IP to connect to it before joining the domain, one step needs to be taken in order for this to work. The machine from which we are connecting needs to trust this IP for WSMan connections. Run this command in Powershell to set the trusted IP:


Set-Item WSMan:\localhost\Client\TrustedHosts -Value 192.168.1.6

Set the nano server IP as trusted

Set the nano server IP as trusted

    Prepare the machine for a domain join

   First thing to do is make a connection to the machine with Powershell Remoting. For credentials just use 192.168.1.6\administrator with the previously configured password.


Enter-PSSession -ComputerName 192.168.1.6 -Credential (Get-Credential 192.168.1.6\administrator)

Powershell remoting into nano server

Powershell remoting into nano server

    Before joining the domain it would be nice to change the server’s name as the default one is not that easy to remember as seen from the picture below. For changing the name a restart is required:


Rename-Computer NANOTEST

Restart-Computer

Rename computer

Rename computer

    The second thing to do is set at least one DNS server from the domain we wamt to join. I have 2 DNS servers in my test infrastructure: 192.168.1.1 and 192.168.1.2 so I will set both. The settings will be made on the NIC configured previously. Let’s get a list of all network adapters and get the Index of the one we will configure.


Get-NetAdapter

Get NIC list

Get NIC list

    The Index we are after in this case is 2. Let’s set the 2 DNS addresses.


Set-DnsClientServerAddress -InterfaceIndex 2 -ServerAddresses 192.168.1.1,192.168.1.2

Get-DnsClientServerAddress -InterfaceIndex 2

View DNS addresses

View DNS addresses

    The machine can be joined to the domain. Unfortunately there is no Add-Computer command to make this easy for us. The way to have nano server join a domain is using djoin.exe to first provision a computer account in Active Directory and then configure the machine to link to it. This is called an offline domain join.

    Join a domain

    The offline domain join has 2 steps:

  • Run djoin.exe on a domain computer with an account that can create computer objects to provision the account for the new machine
  • Run djoin.exe on the computer that is joined to the domain to give it the provisioned account information

    The command to create the computer account and save the provision data to a file is:


djoin.exe /provision /domain lab.test /machine NANOTEST /savefile C:\nt.txt

Provision a computer account

Provision a computer account

    The nt.txt file has to be copied on the nano server computer so it can read the information when joining the domain. Since we enabled the file sharing earlier we can access C$ to copy it. When asked for credentials just enter nanotest\administrator as the username. Copy the file to the C driver.

Copy provisioning file to nano server machine

Copy provisioning file to nano server machine

    Connect back to the nano server computer to run the second djoin command. Now is the part when we tell it to read the file and at the next restart request to join our domain. After the djoin command just restart the computer.


djoin /requestodj /loadfile C:\nt.txt /windowspath C:\Windows /localos

Restart-Computer

Run djoin on nano server

Run djoin on nano server

    After the restart, which takes about 3 or 4 seconds, you can now remote to the machine with domain credentials.

    This was a quick look at how to configure some basic things in nano server.

2 Comments

  1. Paramesh Palanisamy

    Hi. I installed nano server 2016 in my virtual box. I can not see any network adapters in networking menu. So that, I could not find IP address to access nano server remotely. Please help me.

    Reply
    1. admin (Post author)

      What hypervisor are you using? I only tried this in Hyper-V on Windows 10 and Windows Server 2016.

      Reply

Leave a Comment

Your email address will not be published. Required fields are marked *