Share via

Windows Server 2012 Essentials Build document

  • Article

Windows Server 2012 Essentials Build document

<in progress - placeholder>

Pre install planning

 

Router is assumed to have DHCP enabled

The assumption for Windows Server 2012 Essentials (hereinafter called WSE12) is that it will be the first domain controller in the network.  Note this does not mean it has to be the only DC, just that like the products it inherited it's legacy from, that it has to hold the FSMO roles.  The assumption is that the external router will perform the role of DHCP and provide WSE12 with a dynamic IP address.  Whilst you can install the role later after the server is installed and assign the server a static IP, it is assumed that DHCP will be enabled and running on the router as you build the WSE12 server.    Please review the router setup document here.

When installing the DHCP role, ensure that the other DHCP servers are turned OFF before you install the role.

A proper How-To is here: Official SBS Blog: Running DHCP Server on SBS 2011 Essentials With a Static IP.

Migration

Unlike prior versions you no longer need an answer file and can enter migration mode via the GUI.

Installation using an Answer File

Unlike SBS 2011 Essentials, Essetials 2012 installation uses the same code base as standard server 2012. This means for an unattend installation of the Server OS, you need to use standard unattend methods as discussed here: http://technet.microsoft.com/en-us/library/ff699026.aspx

The Essentials features are still configurable with an answer file, and that remains using the CFG.ini file.

More resources:
http://blogs.technet.com/b/sbs/archive/2012/08/13/windows-server-2012-essentials-deployment.aspx

Updates during install

When presented with the option to decide whether you would like to accept the default settings for Windows Updates, the only updates that will install during the build process are ones identified as impacting the setup of the system.   Please keep in mind that if you select No, then you will need to go into Windows Update (Start, Windows Update) and enable it after the server build process has finished. 

After you patch the server, you can reclaim disk space taken up by the patches by issuing the following command from an Administrative Command Prompt
dism /online /cleanup-image /spsuperseded
This tip came from here.

 

After Installation has Completed

Allowing Admin users to open multiple remote sessions on Windows Server 2012

You may set this via group policy, for example, in the server's local policy using gpedit.msc:
 
Computer Configuration\ Administrative Templates\ Windows Components\ Remote Desktop Services\ Remote Desktop Session Host\ Connections\
 
Restrict Remote Desktop Services users to a single Remote Desktop Services session     Disabled
 
Or you could edit the server's registry:
 
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server

(This helpful info from here)
        
       

Configuration of Volumes

The installation process will need a minimum of a 160 gig volume but will use the entire drive.  If you want to relocate shares and storage, use the move wizards in order to do so.

As a suggestion, you may wish to shrink that last volume and divide the space into two volumes, one for data storage and the other for client backup files. Doing so will give you the flexibility to not backup the volume containing the client backup files.

Group policy

PreConfigured Group Policies can be enabled via the Dashboard. These will only apply to Windows 7 & 8 computers that are domain joined.

On the Dashboard - the devices tab - under Device Tasks click Implement Group Policy, which will setup policies for Folder Redirection and Security Settings for Windows Update, Windows Defender and firewall. 

Adding Partner branding to the server

Follow the OEM instructions here:  Add Branding to the Dashboard, Remote Web Access, and Launchpad:
http://technet.microsoft.com/en-us/library/jj200109.aspx

 

Removing default shares

Tip from http://www.mswhs.com/2012/09/remove-default-shares-in-ws2012-essentials/?utm_source=twitterfeed&utm_medium=twitter&utm_campaign=Feed%3A+MSWHS+%28MS+Windows+Home+Server%29 

  1. In Explorer, stop sharing the folder.
  2. Remove the registry entry with "Name=Recorded Tv" in HKLM\Software\Microsoft\Windows server\Storage Service\Folders.
  3. Stop the service "Windows Server Storage Service" and then re-start it.
  4. It’s up to you if you want to remove the folder or not in Explorer.

 

Planning for Email

Essentials can support an on premises Exchange server on a member server, hosted Exchange or an email deployment with Office 365.  You can even look into using a third party mail solution such as Kerio. 

For an on premises Exchange server - follow Robert Pearman's Exchange script that will automatically install the Exchange server and allow it to be configured.  Consider it a wizard without a GUI.  Full details here:  This works for sure with Server 2008 r2 and Exchange 2010 - On Prem Exchange Windows Server 2012 Essentials: The Script! « Title (Required): http://titlerequired.com/2012/10/23/on-prem-exchange-windows-server-2012-essentials-the-script/

Adding network printers

To add network printers follow Robert Pearman's post on how to add printers:  http://titlerequired.com/2012/10/24/windows-server-2012-essentials-add-a-network-printer/

Interested in Direct Access?

You want to follow Robert Pearman's post on this topic:  http://titlerequired.com/2012/10/15/enable-directaccess-on-windows-server-2012-essentials/

Manually adding a user to the console

If you added users via ADUC or migrated to Essentials and now the user isn't in the console - follow this:

To manually import user names into the Dashboard

On the Destination Server, open a Command Prompt window as an

administrator. For more information, see To open a Command Prompt window as an Administrator

<http://technet.microsoft.com/en-us/library/e92dd169-a5e9-444a-ab1f-df65f82bd975#BKMK_OpenACommandPromptAsAdmin>.

 Type *cd “\Program Files\Windows Server\Bin”*, and press ENTER.

 Type *WssPowerShell.exe*, and then press ENTER.

 Type *Import-WssUser –SamAccountName <username>*, and then press ENTER.

 Repeat the previous step for each user name that you want to import into the Dashboard.

Joining a computer without domain joining

 So, you have a work laptop, or a nicely running non-domain based home network.  But alas, you have no home server options anymore...  You are left with the option of installing a Windows Server 2012 Essentials machine (which whilst expensive, really is a great home server option).    The problem is, you don't want the machines in your home in a domain, you want them to remain totally independent for many a reason.
Here is a nugget of information that you will love then.    When you run the Connect computer wizard (http://nameofserver/connect) you can avoid the domain join bit by simply running this command in an elevated command prompt beforehand:
reg add "HKLM\SOFTWARE\Microsoft\Windows Server\ClientDeployment" /v SkipDomainJoin /t REG_DWORD /d 1
....then, run the wizard and you will get all the good backup and home features without the domain join.

 (taken from see link

 If you still want to use RWA with this non domain workstation

  1. When prompted for the RD Gateway Credentials

 - Use a Standard User defined on the WSE server. That user must be given permission to access the client machine-- done by double-clicking the user and selecting the Computer Access tab. Give it a few seconds to populate as it can be as slow as molasses.

 - Use the format domain\username. The domain is the domain name created when the WSE server was first built. For example: [wse domain name]\wse standard username]
 
2.  If that works, it prompts with the Windows Security dialog from the client computer.

 - Click on "Use another account" and once again use the domain\username format. But this time the domain should be the name of the client computer. The user should be a user of the client machine that has been given remote access. For example: [client machine name]\client username]

Having issued joining a computer using connect?

See this wiki post.

DFSR Error in Health Reports

If you see the following error in Health Reports...

DFSR Event ID: 2147485861

The DFS Replication service stopped replication on volume C:.  This occurs when a DFSR JET database is not shut down cleanly and Auto Recovery is disabled. To resolve this issue, back up the files in the affected replicated folders, and then use the ResumeReplication WMI method to resume replication.

Additional Information:

Volume: C:

GUID: 4C7D4FA6-61AF-11E2-93ED-806E6F6E6963

Steps to prevent the error...

  1. Change the registry key:StopReplicationOnAutoRecovery value to 1

Open Command Prompt | Regedit

Go to key: HKLM\System\CurrentControlSet\Services\DFSR\Parameters\StopReplicationOnAutoRecovery

Make sure StopReplicationOnAutoRecovery key is set to: 1

  1. From an elevated command prompt, type the following command:

wmic /namespace:\root\microsoftdfs path dfsrVolumeConfig where volumeGuid="4C7D4FA6-61AF-11E2-93ED-806E6F6E6963" call ResumeReplication

(all on one line)

  1. After successfully running the WMIC command:

Open Command Prompt | Regedit

Go to key: HKLM\System\CurrentControlSet\Services\DFSR\Parameters\StopReplicationOnAutoRecovery

Change StopReplicationOnAutoRecovery from 1 to 0 
 
Quit Regedit

For more information, see http://support.microsoft.com/kb/2663685.

Importing Existing SSL Certificate

The Windows 2012 Essentials Dashboard has a built in wizard for importing an existing SSL certificate. These instructions were written based on exporting and importing a GoDaddy SSL certificate from a source server (SBS 2008) to the destination server (Windows 2012 Essentials).

Export existing SSL Certificate

  1. From the source SBS server, we want to export the contents of the existing SSL certificate to a .PFX file. To do this, perform steps 1-12 in this blog post from Boon Tee
  2. In creating the .PFX file, you must create and enter a password to associate with this .PFX file.
  3. Transfer this .PFX file to a designated folder on the destination server.

Remaining steps are performed from the destination (W2012E) server

If your existing SSL certificate is from GoDaddy, execute the following two steps, otherwise you may continue with step 6.
4. Download the latest Intermediate certificate (gd_iis_intermediate.p7b) from this GoDaddy page and store it in the same designated folder as in step 2.
5. Install the intermediate certificate following steps 1-19 from this GoDaddy support page

Importing SSL Certificate
6. The W2012E dashboard includes a domain name wizard that will import an existing SSL certificate.
7. From the dashboard, click: Settings > Anywhere Access > Configure > Import new trusted SSL cert > I want to use an existing SSL cert.
8. Browse and locate the .PFX file you brought over from step 2, and then enter the associated password, then click Finish
9. You will then be prompted to run a Repair. From the Dashboard click: Settings > Repair > Remote Web Access
10. You may get some error messages. I chose to skip those errors.
(More detail is needed on what errors may appear and how to address them)

You may then test to see if SSL certificate works properly when connecting to Remote Web Access (https://rmeote.YourDomain.com/remote)

Find My Server Wizard tool

Windows Server Solutions Find My Server Wizard
http://www.microsoft.com/en-us/download/details.aspx?id=23621

If you type http://<ServerName>/Connect in the address bar of your web browser (where <ServerName> is the name of your server) and the server is not found, this tool may help to find the server.