How To Deploy Nano Server Windows Server 2016 Step-By-Step Plus Great Tips on Managing Nano Server
Nano Server is a new and super small footprint of Windows Server 2016. You do not deploy by using the setup like you do with other versions of the OS. Nano Server is deployed via PowerShell. The files and scripts needed for deployment are on the Windows server 2016 ISO image. There are several different options for running Nano Server. Do you want to run as a host or on a VM? Do you want to use a custom image or a basic deployment? This article will cover these and more, giving you the information you need to get started playing with Nano Server 2016. There is no GUI and there is no RDP to a Nano Server. Remote management is however enabled by default. You simply need the IP address and credentials.
Follow the steps to get started quickly with a basic deployment of Nano Server using DHCP to obtain an IP address. The sections that come after go into more detail about further customizing the image for your specific needs, as well as remotely managing Nano Server. You can run a Nano Server VHD either in a virtual machine or boot to it on a physical computer; the steps are slightly different.
Nano Server is ideal for a number of scenarios including:
- As a “compute” host for Hyper-V virtual machines, either in clusters or not
- As a storage host for Scale-Out File Server.
- As a DNS server
- As a web server running Internet Information Services (IIS)
- As a host for applications that are developed using cloud application patterns and run in a container or virtual machine guest operating system
——————————————–
Nano Server in a virtual machine
Follow these steps to create a Nano Server VHD that will run in a virtual machine.
To quickly deploy Nano Server in a virtual machine
Copy NanoServerImageGenerator.psm1 and Convert-WindowsImage.ps1 from the \NanoServer folder in the Windows Server Technical Preview ISO to a folder on your hard drive.
Start Windows PowerShell as an administrator, change directory to the folder where you’ve placed these scripts and then import the NanoServerImageGenerator script with Import-Module NanoServerImageGenerator.psm1 -Verbose
Create a VHD that sets a computer name and includes the Hyper-V guest drivers by running the following command which will prompt you for an administrator password for the new VHD:
New-NanoServerImage -MediaPath <path to root of media> -BasePath .\Base -TargetPath .\NanoServerVM\NanoServerVM.vhd -ComputerName <computer name> -GuestDrivers where
<path to root of media> is the path that you provide to the root of the contents of the Technical Preview ISO. For example if you have copied the contents of the ISO to d:\TP4ISO you would use that path.
-BasePath specifies a folder that will be created to copy the Nano Server WIM and packages to.
-TargetPath specifies the full path, including the filename and extension, where the resulting VHD or VHDX will be created.
Computer_name is the computer name you provide for the Nano Server virtual machine you are creating.
Example: New-NanoServerImage -MediaPath f:\ -BasePath .\Base -TargetPath .\Nano1\Nano.vhd -ComputerName Nano1 –GuestDrivers
This example creates a VHD from an ISO mounted as f:\. When creating the VHD it will use a folder called Base in the same directory where you ran New-NanoServerImage; it will place the VHD (called Nano.vhd) in a folder called Nano1 in the folder from where the command is run. The computer name will be Nano1 and will have virtual machine drivers installed for running Hyper-V.If you want a Generation 1 virtual machine, generate a VHD image by specifying a .vhd extension for -TargetPath. For a Generation 2 virtual machine, generate a VHDX image by specifying a .vhdx extension for -TargetPath.
Note
New-NanoServerImage is supported on Windows 8.1, Windows 10, Windows Server 2012 R2, and Windows Server 2016 Threshold Preview.
In Hyper-V Manager, create a new virtual machine and use the VHD created in Step 3.
Boot the virtual machine and in Hyper-V Manager connect to the virtual machine.
Log on to the Recovery Console (see the “Nano Server Recovery Console” section in this guide), using the administrator and password you supplied while running the script in Step 3.
Obtain the IP address of the Nano Server virtual machine and use Windows PowerShell remoting or other remote management tool to connect to and remotely manage the virtual machine.
——————————————–
Nano Server on a physical computer
You can also create a Nano Server VHD that will run Server Core on a physical computer, using the pre-installed device drivers. If your hardware requires a driver that is not already provided in order to boot or connect to a network, follow the steps in the “Adding Additional Drivers” section of this guide.
To quickly deploy Nano Server on a physical computer
Copy NanoServerImageGenerator.psm1 and Convert-WindowsImage.ps1 from the \NanoServer folder in the Windows Server Technical Preview ISO to a folder on your hard drive
Start Windows PowerShell as an administrator, change directory to the folder where you’ve placed these scripts and then import the NanoServerImageGenerator script with Import-Module NanoServerImageGenerator.psm1 -Verbose.
Create a VHD that sets a computer name and includes the OEM drivers and Hyper-V by running the following command which will prompt you for an administrator password for the new VHD:
New-NanoServerImage -MediaPath <path to root of media> -BasePath .\Base -TargetPath .\NanoServerPhysical\NanoServer.vhd -ComputerName <computer name> -OEMDrivers -Compute where
<path to root of media> is the path to the root of the contents of the Technical Preview ISO. For example if you have copied the contents of the ISO to d:\TP4ISO you would use that path.
BasePath is a folder that will be created to copy the Nano Server WIM and packages to. (This parameter is optional.)
TargetPath is a folder that will be created where the resulting VHD will be created.
Computer_name is the computer name for the Nano Server virtual machine you are creating.
Example: New-NanoServerImage -MediaPath F:\ -BasePath .\Base -TargetPath .\Nano1\NanoServer.vhd -ComputerName Nano-srv1 -OEMDrivers –Compute -Clustering
This example creates a VHD from an ISO mounted as f:\. When creating the VHD it will use a folder called Base in the same directory where you ran New-NanoServerImage; it will place the VHD in a folder called Nano1 in the folder from where the command is run. The computer name will be Nano-srv1 and will have OEM drivers installed for most common hardware and has the Hyper-V role and the clustering feature enabled. If the server uses UEFI to boot, change NanoServer.vhd to NanoServer.vhdx.
Log in as an administrator on the physical server where you want to run the Nano Server VHD.
Copy the VHD that this script creates to the physical computer and configure it to boot from this new VHD. To do that, follow these steps:
Mount the generated VHD. In this example, it’s mounded under D:\.
Run bcdboot d:\windows.
Unmount the VHD.
Boot the physical computer into the Nano Server VHD.
Log on to the Recovery Console (see the “Nano Server Recovery Console” section in this guide), using the administrator and password you supplied while running the script in Step 3.
Obtain the IP address of the Nano Server computer and use Windows PowerShell remoting or other remote management tool to connect to and remotely manage the virtual machine.
——————————————–
Custom Deployment Images
For Windows Server 2016 Technical Preview, Nano Server is distributed on the physical media, where you will find a NanoServer folder; this contains a .wim image and a subfolder called Packages. It is these package files that you use to add server roles and features to the VHD image, which you then boot to.
This table shows the roles and features that are available in this release of Nano Server, along with the Windows PowerShell options that will install the packages for them. Some packages are installed directly with their own Windows PowerShell options (such as -Compute); others you install as extensions to the -Packages option, which you can combine in a comma-separated list.
Role or feature |
Option |
||
---|---|---|---|
Hyper-V role |
-Compute |
||
Failover Clustering |
-Clustering |
||
Hyper-V guest drivers for hosting Nano Server as a virtual machine |
-GuestDrivers |
||
Basic drivers for a variety of network adapters and storage controllers. This is the same set of drivers included in a Server Core installation of Windows Server 2016 Technical Preview. |
-OEMDrivers |
||
File Server role and other storage components |
-Storage |
||
Windows Defender Antimalware, including a default signature file |
-Defender |
||
Reverse forwarders for application compatibility, for example common application frameworks such as Ruby, Node.js, etc. |
-ReverseForwarders |
||
DNS Server role |
-Packages Microsoft-NanoServer-DNS-Package |
||
Desired State Configuration (DSC) |
-Packages Microsoft-NanoServer-DSC-Package |
||
Internet Information Server (IIS) |
-Packages Microsoft-NanoServer-IIS-Package
|
||
Host support for Windows Containers |
-Containers |
||
System Center Virtual Machine Manager agent |
|
||
Network Performance Diagnostics Service (NPDS) |
-Packages Microsoft-NanoServer-NPDS-Package |
||
Data Center Bridging |
-Packages Microsoft-NanoServer-DCB-Package |
Note
When you install packages with these options, a corresponding language pack is also installed based on the configured locale of the administrator account. If, for example, your locale is set to France (fr_fr) but you are configuring a Swedish image (sv_se), you will receive an error stating that the fr_fr packages are not present. To set the cmdlet to use a different language, use the -Language parameter (for example, -Language sv_se). You can find the available language packs and their locale abbreviations in the installation media in subfolders named for the locale of the image.
Tip
To convert the WIM image to a VHD
Copy NanoServerImageGenerator.psm1 and Convert-WindowsImage.ps1 from the \NanoServer folder in the Windows Server Technical Preview ISO to your hard drive.
Start an elevated Windows PowerShell console, change directory to the folder where you placed these scripts, and then import the NanoServerImageGenerator script with Import-Module NanoServerImageGenerator.psm1 -Verbose.
This example creates a GPT-based VHDX image with a given computer name and including Hyper-V guest drivers, starting with Nano Server installation media on a network share. In an elevated Windows PowerShell prompt, start with this cmdlet:
Import-Module <Server media location>\NanoServer\NanoServerImageGenerator.psm1; New-NanoServerImage -MediaPath \\Path\To\Media\en_us -BasePath .\Base -TargetPath .\FirstStepsNano.vhdx -ComputerName FirstStepsNano -GuestDrivers
The cmdlet will accomplish all of these tasks:
Prompt you for the Administrator password
Copy installation media from \\Path\To\Media\en_us into .\Base
Convert the WIM image to a VHD. (The file extension of the target path argument determines whether it creates an MBR-based VHD for Generation 1 virtual machines versus a GPT-based VHDX for Generation 2 virtual machines.)
Copy the resulting VHD into .\FirstStepsNano.vhdx
Set the Administrator password for the image as specified
Set the computer name of the image to FirstStepsNano
Install the Hyper-V guest drivers
All of this results in an image of .\FirstStepsNano.vhdx.
The cmdlet generates a log as it runs and will let you know where this log is located once it is finished. The WIM-to-VHD conversion accomplished by the companion script generates its own log in %TEMP%\Convert-WindowsImage\<GUID> (where <GUID> is a unique identifier per conversion session).
As long as you use the same base path, you can omit the media path parameter every time you run this cmdlet, since it will use cached files from the base path. If you don’t specify a base path, the cmdlet will generate a default one in the TEMP folder. If you want to use different source media, but the same base path, you should specify the media path parameter, however.
——————————————–
More tips on Nano Server
Joining Domains
New-NanoServerImage offers two methods of joining a domain; both rely on offline domain provisioning, but one harvests a blob to accomplish the join. In this example, the cmdlet harvests a domain blob for the Contoso domain from the local computer (which of course must be part of the Contoso domain), then it performs offline provisioning of the image using the blob:
New-NanoServerImage -MediaPath \\Path\To\Media\en_us -BasePath .\Base -TargetPath .\JoinDomHarvest.vhdx -ComputerName JoinDomHarvest -DomainName Contoso
When this cmdlet completes, you should find a computer named “JoinDomHarvest” in the Active Directory computer list.
You can also use this cmdlet on a computer that is not joined to a domain. To do this, harvest a blob from any computer that is joined to the domain, and then provide the blob to the cmdlet yourself. Note that when you harvest such a blob from another computer, the blob already includes that computer’s name–so if you try to add the -ComputerName parameter, an error will result.
You can harvest the blob with this command:
djoin /Provision /Domain Contoso /Machine JoiningDomainsNoHarvest /SaveFile JoiningDomainsNoHarvest.djoin
Run New-NanoServerImage using the harvested blob:
New-NanoServerImage -MediaPath \\Path\To\Media\en_us -BasePath .\Base -TargetPath .\JoinDomNoHrvest.vhd -DomainBlobPath .\Path\To\Domain\Blob\JoinDomNoHrvestContoso.djoin
In the event that you already have a node in the domain with the same computer name as your future Nano Server, you could reuse the computer name by adding the -ReuseDomainNode parameter.
Injecting drivers
Nano Server offers a package that includes a set of basic drivers for a variety of network adapters and storage controllers; it’s possible that drivers for your network adapters might not be included. You can use this syntax to have New-NanoServerImage search the directory for available drivers and inject them into the Nano Server image:
New-NanoServerImage -MediaPath \\Path\To\Media\en_us -BasePath .\Base -TargetPath .\InjectingDrivers.vhdx -DriversPath .\Extra\Drivers
Note
In the folder where you keep your drivers, both the SYS files and corresponding INF files must be present. Also, Nano Server only supports signed, 64-bit drivers.
Connecting with WinRM
To be able to connect to a Nano Server computer using Windows Remote Management (WinRM) (from another computer that is not on the same subnet), open port 5985 for inbound TCP traffic on the Nano Server image. Use this cmdlet:
New-NanoServerImage -MediaPath \\Path\To\Media\en_us -BasePath .\Base -TargetPath .\ConnectingOverWinRM.vhd -EnableRemoteManagementPort
Setting static IP addresses
To configure a Nano Server image to use static IP addresses, first find the name or index of the interface you want to modify by using Get-NetAdapter, netsh, or the Nano Server Recovery Console. Use the -Ipv6Address, -Ipv4Address, -Ipv4SubnetMask, or -Ipv4Gateway extensions to specify the configuration, as in this example:
New-NanoServerImage -MediaPath \\Path\To\Media\en_us -BasePath .\Base -TargetPath .\StaticIpv4.vhd -InterfaceNameOrIndex Ethernet -Ipv4Address 192.168.1.2 -Ipv4SubnetMask 255.255.255.0 -Ipv4Gateway 192.168.1.1
Custom image size
You can configure the Nano Server image to be a dynamically expanding VHD or VHDX with the -MaxSize extension, as in this example:
New-NanoServerImage -MediaPath \\Path\To\Media\en_us -BasePath .\Base -TargetPath .\BigBoss.vhd -MaxSize 100GB
Embedding custom data
To embed your own script or binaries in the Nano Server image, use the -MergePath extension:
New-NanoServerImage -MediaPath \\Path\To\Media\en_us -BasePath .\Base -TargetPath .\BigBoss.vhd -MergePath .\tools
Preparing for Azure
If you want to run Nano Server in Azure, the Hyper-V guest drivers are required, along with opening the remote management port. Both of these features are provided in one step by the -ForAzure extension:
New-NanoServerImage -MediaPath \\Path\To\Media\en_us -BasePath .\Base -TargetPath .\NanoServerOnAzure.vhdx -ForAzure
\To\Media\en_us -BasePath .\Base -TargetPath .\NanoServerOnAzure.vhdx -ForAzure
Joining Nano Server to a domain
To add Nano Server to a domain online
Harvest a data blob from a computer in the domain that is already running Windows Threshold Server using this command:
djoin.exe /provision /domain <domain-name> /machine <machine-name> /savefile .\odjblob
This saves the data blob in a file called “odjblob”.
Copy the “odjblob” file to the Nano Server computer with these commands:
net use z: \\<ip address of Nano Server>\c$
Note
If the net use command fails, you probably need to adjust Windows Firewall rules. To do this, first open an elevated command prompt, start Windows PowerShell and then connect to the Nano Server computer with Windows PowerShell Remoting with these commands:
Set-Item WSMan:\localhost\Client\TrustedHosts “<IP address of Nano Server>”
$ip = “<ip address of Nano Server>”
Enter-PSSession -ComputerName $ip -Credential $ip\Administrator
When prompted, provide the Administrator password, then run this command to set the firewall rule:
netsh advfirewall firewall set rule group=”File and Printer Sharing” new enable=yes
Exit Windows PowerShell with Exit-PSSession, and then retry the net use command. If successful, continue copying the “odjblob” file contents to the Nano Server.
md z:\Temp
copy odjblob z:\Temp
Open an elevated command prompt, start Windows PowerShell and then connect to the Nano Server computer with Windows PowerShell remoting with these commands:
Set-Item WSMan:\localhost\Client\TrustedHosts “<IP address of Nano Server>”
$ip = “<ip address of Nano Server>”
Enter-PSSession -ComputerName $ip -Credential $ip\Administrator
When prompted, provide the Administrator password, then run this command to join the domain:
djoin /requestodj /loadfile c:\Temp\odjblob /windowspath c:\windows /localos
Restart the Nano Server computer, and then exist the Windows PowerShell session:
shutdown /r /t 5
Exit-PSSession
After you have joined Nano Server to a domain, add the domain user account to the Administrators group on the Nano Server.
Alternate method to join a domain in one step
First, harvest the data blob from another computer running Windows Threshold Server that is already in your domain using this command:
djoin.exe /provision /domain <domain-name> /machine <machine-name> /savefile .\odjblob
Open the file “odjblob” (perhaps in Notepad), copy its contents, and then paste the contents into the <AccountData> section of the Unattend.xml file below.
Put this Unattend.xml file into the C:\NanoServer folder, and then use the following commands to mount the VHD and apply the settings in the offlineServicing section:
dism\dism /Mount-Image /ImageFile:.\NanoServer.vhd /Index:1 /MountDir:.\mountdir
dism\dism /image:.\mountdir /Apply-Unattend:.\unattend.xml
Create a “Panther” folder (used by Windows systems for storing files during setup; see Windows 7, Windows Server 2008 R2, and Windows Vista setup log file locations if you’re curious), copy the Unattend.xml file to it, and then unmount the VHD with these commands:
md .\mountdir\windows\panther
copy .\unattend.xml .\mountdir\windows\panther
dism\dism /Unmount-Image /MountDir:.\mountdir /Commit
The first time you boot Nano Server from this VHD, the other settings will be applied.
After you have joined Nano Server to a domain, add the domain user account to the Administrators group on the Nano Server.
Using the Nano Server Recovery Console
Starting with Windows Server 2016 Technical Preview, Nano Server includes an Recovery Console that ensures you can access your Nano Server even if a network mis-configuration interferes with connecting to the Nano Server. You can use the Recovery Console to fix the network and then use your usual remote management tools.
When you boot Nano Server in either a virtual machine or on a physical computer that has a monitor and keyboard attached, you’ll see a full-screen, text-mode logon prompt. Log into this prompt with an administrator account to see the computer name and IP address of the Nano Server. You can use these commands to navigate in this console:
Use arrow keys to scroll
Use TAB to move to any text that starts with > ; then press ENTER to select.
To go back one screen or page, press ESC. If you’re on the home page, pressing ESC will log you off.
Some screens have additional capabilities displayed on the last line of the screen. For example, if you explore a network adapter, F4 will disable the network adapter.
In Windows Server 2016 Technical Preview, the Recovery Console allows you to view and configure network adapters and TCP/IP settings, as well as firewall rules.
Managing Nano Server remotely
Nano Server is 100% managed remotely. There is no local logon capability at all, nor does it support Terminal Services. However, you have a wide variety of options for managing Nano Server remotely, including Windows PowerShell, Windows Management Instrumentation (WMI), Windows Remote Management, and Emergency Management Services (EMS).
To use any remote management tool, you will probably need to know the IP address of the Nano Server. Some ways to find out the IP address include:
Use the Nano Recovery Console (see the Using the Nano Server Recovery Console section of this topic for details).
Connect a serial cable to the computer and use EMS.
Using the computer name you assigned to the Nano Server while configuring it, you can get the IP address with ping. For example, ping NanoServer-PC /4.
Using Windows PowerShell remoting
To manage Nano Server with Windows PowerShell remoting, you need to add the IP address of the Nano Server to your management computer’s list of trusted hosts, add the account you are using to the Nano Server’s administrators, and enable CredSSP if you plan to use that feature.
To add the Nano Server to the list of trusted hosts, run this command at an elevated Windows PowerShell prompt:
Set-Item WSMan:\localhost\Client\TrustedHosts “<IP address of Nano Server>”
To start the remote Windows PowerShell session, start an elevated local Windows PowerShell session, and then run these commands:
$ip = “<IP address of Nano Server>”
$user = “$ip\Administrator”
Enter-PSSession -ComputerName $ip -Credential $user
You can now run Windows PowerShell commands on the Nano Server as normal.
Note
Not all Windows PowerShell commands are available in this release of Nano Server. To see which are available, run Get-Command -CommandType Cmdlet
Stop the remote session with the command Exit-PSSession
Using Windows PowerShell CIM sessions over WinRM
You can use CIM sessions and instances in Windows PowerShell to run WMI commands over Windows Remote Management (WinRM).
Start the CIM session by running these commands in a Windows PowerShell prompt:
$ip = “<IP address of the Nano Server>”
$ip\Administrator
$cim = New-CimSession –Credential $user –ComputerName $ip
With the session established, you can run various WMI commands, for example:
Get-CimInstance –CimSession $cim –ClassName Win32_ComputerSystem | Format-List *
Get-CimInstance -CimSession $Cim -Query “SELECT * from Win32_Process WHERE name LIKE ‘p%'”
Windows Remote Management
You can run programs remotely on the Nano Server with Windows Remote Management (WinRM). To use WinRM, first configure the service and set the code page with these commands at an elevated command prompt:
winrm quickconfig
winrm set winrm/config/client @{TrustedHosts=”*”}
chcp 65001
Now you can run commands remotely on the Nano Server. For example:
winrs –r:<IP address of Nano Server> -u:Administrator -p:<Nano Server administrator password> ipconfig
For more information about Windows Remote Management, see <LINKS>.
Using Hyper-V on Nano Server
Hyper-V works the same on Nano Server as it does on Windows Server in Server Core mode, with two exceptions:
You must perform all management remotely and the management computer must be running the same build of Windows Server as the Nano Server. Older versions of Hyper-V Manager or Hyper-V Windows PowerShell cmdlets will not work.
RemoteFX is not available.
In this release, these features of Hyper-V have been verified:
Enabling Hyper-V
Creation of Generation 1 and Generation 2 virtual machines
Creation of virtual switches
Starting virtual machines and running Windows guest operating systems
Note
Hyper-V Replica is not supported in this release.
If you want to perform a live migration of virtual machines, create a virtual machine on an SMB share, or connect resources on an existing SMB share to an existing virtual machine, it is vital that you configure authentication correctly. You have two options for doing this:
Constrained delegation
Constrained delegation works exactly the same as in previous releases. Refer to these articles for more information:
CredSSP
First, refer to the “Using Windows PowerShell remoting” section of this topic to enable and test CredSSP. Then, on the management computer, you can use Hyper-V Manager and select the option to “connect as another user.” Hyper-V Manager will use CredSSP. You should do this even if you are using your current account.
Windows PowerShell cmdlets for Hyper-V can use CimSession or Credential parameters, either of which work with CredSSP.
Using Failover Clustering on Nano Server
Failover clustering works the same on Nano Server as it does on Windows Server in Server Core mode, but keep these caveats in mind:
Clusters must be managed remotely with Failover Cluster Manager or Windows PowerShell.
All Nano Server cluster nodes must be joined to the same domain, similar to cluster nodes in Windows Server.
The domain account must have Administrator privileges on all Nano Server nodes, as with cluster nodes in Windows Server.
All commands must be run in an elevated command prompt.
Note
Additionally, certain features are not supported in this release:
You cannot run failover clustering cmdlets on a local Nano Server through Windows PowerShell.
Clustering roles other than Hyper-V and File Server.
You’ll find these Windows PowerShell cmdlets useful in managing Failover clusters:
You can create a new cluster with New-Cluster -Name <clustername> -Node <comma-separated cluster node list>
Once you’ve established a new cluster, you should run Set-StorageSetting -NewDiskPolicy OfflineShared on all nodes.
Add an additional node to the cluster with Add-ClusterNode -Name <comma-separated cluster node list> -Cluster <clustername>
Remove a node from the cluster with Remove-ClusterNode -Name <comma-separated cluster node list> -Cluster <clustername>
Create a Scale-Out File Server with Add-ClusterScaleoutFileServerRole -name <sofsname> -cluster <clustername>
You can find additional cmdlets for failover clustering at Microsoft.FailoverClusters.PowerShell.
Using DNS Server on Nano Server
To provide Nano Server with the DNS Server role, add the Microsoft-NanoServer-DNS-Package to the image (see the “Creating a custom Nano Server image” section of this topic. Once the Nano Server is running, connect to it and run this command from and elevated Windows PowerShell console to enable the feature:
Enable-WindowsOptionalFeature -Online -FeatureName DNS-Server-Full-Role
Using IIS on Nano Server
For steps to use the Internet Information Services (IIS) role, see IIS on Nano Server.
Source: Getting Started with Nano Server Please see the post for even more great information https://technet.microsoft.com/en-us/library/mt126167.aspx