Windows Server 2012 / 2012 R2 - Manage multiple Core servers remotely with WinRM

Page 1 / 2

In our previous tutorial, we explained how to manage a Windows Server 2012 remote GUI server from a Windows Server 2012 server.

For those who don't know, it's also possible to install Windows Server 2012 without GUI (in Core mode).
In this case, you will have to configure the remote server with the command line and not with the usual consoles.

This tutorial is therefore an adaptation of the first tutorial, but using only the tools available in the Core version of Windows Server 2012.

  1. Configuration used
  2. Enable remote management of your Core server
  3. Add the Core server in the Server Manager
  4. Configure the Core Server for remote access through the Computer Management console
  5. Configure the server and client for remote disk management
    1. Core server configuration
    2. Client configuration
  6. Remote desktop activation on your Core server
  7. Add roles on your Core server

1. Configuration used

In this tutorial, we will use 3 servers :

  • 1 Active Directory server named "AD" and having this IP address : 10.0.0.101
  • 1 Core server named "IW-SERVER" and having this IP address : 10.0.0.102
  • 1 WS 2012 server named "WS2012-CLIENT" from which we will manage the Core server and having this IP address: 10.0.0.103

Note that to make it easier to manage your server remotely, it's recommended that you join your servers to your Active Directory domain.
This is what we will do in this tutorial.

If you need help to join your Core Server to an Active Directory, refer to the step "Join your Core server to a domain" in our tutorial : Windows Server 2012 - Install, configure, and use Windows Server 2012 in Core mode

Note : an upcoming tutorial will be published soon for the remote management of a server present in a workgroup (not linked to an Active Directory).

2. Enable remote management of your Core server

To enable remote management of your Core server, launch the "sconfig" tool from the command prompt on the screen.

Then, choose :

  • option 4 : Configure Remote Management
  • option 1 : Enable Remote Management

Now, your Core server is manageable remotely.
Or at least, a minimum.

3. Add the Core Server in the Server Manager

Log in with a domain account on a server of your network linked to the Active Directory and open the server manager.
Then, click : Add other servers to manage.

In the "Active Directory" tab, you will see your domain as a location.

  • click on "Find Now"
  • select your Core server from the list (in our case : IW-SERVER)
  • click on the arrow in the middle of the window to move this server in the right column
  • click OK

In the "All Servers" section of the Server Manager, you will find your local server and your Core server.
If your Core server is well configured, you should see :

  • its name : IW-SERVER
  • its IP address : 10.0.0.102
  • its state : Online

4. Configure the Core Server for remote access through the Computer Management console

Although Windows Server 2012 can connect to your remote server remotely (with WinRM enabled in the background), you will still not be able to access all the features available in the Server Manager.
Indeed, if you right-click "Computer Management" on your Core server from the server manager, you will receive this warning :

Plain Text

The computer [remote-server-name].[domain-name] cannot be managed

Windows Server will also tell you about two types of rules to allow in the firewall :

  • COM+ Network Access (DCOM-In)
  • All rules in the Remote Event Log Management group

Although the "COM+ Network Access (DCOM-In)" rule is present on GUI installations, you will see that this is NOT the case for Core versions of Windows Server 2012.

On your Core server, use these commands to export the firewall rule list to a text file.

Batch

CHCP 1252
netsh advfirewall firewall show rule name=all >> c:\fw_rules_list.txt
CHCP 850

Note: the "CHCP 1252" and "CHCP 850" commands respectively allow you to export the result in the encoding used by default by the Windows notepad, then to reset the normal encoding (OEM 850) used by default by the Windows command prompt.

Open the Notepage program by running the "notepad.exe" file from the command prompt, and open the previously created file : c:\fw_rules_list.txt

As you can see, the contents of the file is displayed correctly and the accents are well recognized by the notepad.
If you are looking for the "COM+ Network Access (DCOM-In)" rule in this file, you will not find it.

After several searches on the Internet, we found that it was necessary to activate the rules of the "Windows Management Infrastructure (WMI)" group for the Core version of Windows Server 2012.

Activate the necessary rules thanks to these 2 commands:

Batch

netsh advfirewall firewall set rule group="Infrastructure de gestion Windows (WMI)" new enable=yes

Plain Text

Updated 4 rule(s).
Ok.

Batch

netsh advfirewall firewall set rule group="Gestion à distance des journaux des événements" new enable=yes

Plain Text

Updated 3 rule(s).
Ok.

Now, you will have access to the "Computer Management" console for your Core server.

At the moment, you will be able to access almost all the features of this console.

Note that access to the Device Manager will not work because, as noted on the Microsoft site, it's no longer accessible remotely from Windows Server 2008 R2.

Disk Management will not work at this time, because it requires additional server-side and client-side configuration.