Jul 192019
 
King Creek Ridge Summit

Sunday (July 14th, 2019) we had the opportunity to hike King Creek Ridge. I’d considering this hike a moderate hike, very steep, and can be completed in a short amount of time. Taking the traditional route to the summit, it took us around just under an hour. This hike is located in Kananaskis Country, and there is no cell reception anywhere on the trail.

There are other trails (and alternate trails) along this path. I do not recommend taking these or attempting these. Please read below to find out why.

AllTrails Link: https://www.alltrails.com/trail/canada/alberta/king-creek-trail

King Creek Ridge Summit View
King Creek Ridge Summit View

King Creek Ridge is a steep ascent to an altitude of around 2,400m (7,874ft), so it’ll require some cardio. I completed this hike with my friend Elisha, and her step-dad Tim!

Stephen Wagner and Elisha posing on King Creek Ridge
Stephen Wagner and Elisha on King Creek Ridge
King Creek Ridge Valley View
King Creek Ridge Valley

On this hike, we met a nice group of other hikers who mentioned that they read in a book (that was 15 years old), about a loop on this trail. Once at the summit, they planned to go down the Mount Hood route to complete the loop. Using the map I had downloaded to my mobile, I actually had a copy of the Mount Hood route, so we figured we’d attempt it as well.

Mount Hood Route Detour

IMPORTANT: DO NOT ATTEMPT THE MOUNT HOOD ROUTE! IT IS AN OLD ROUTE AND THERE IS NO VISIBLE TRAIL. IT’S FULL OF DENSE BUSH, LIMITED VISIBILITY, AND HAS WILDLIFE (BEARS).

Once we had our time at the summit and relaxed (we flew up there pretty quick), we decided to try and locate the path down to the valley to complete the Mount Hood route. We located a small channel that was very steep and full of loose rocks (extremely dangerous). After navigating down, we noticed that an avalanche or weather related incident had damaged the path and it was simply a cliff. We proceeded to find a different way to go down in to the valley after doing a big of climbing down.

King Creek Ridge to Mount Hood Route
King Creek Ridge to Mount Hood Route

After the dangerous part, we found a steep path down (shown above) that we used to get in to the valley. Unfortunately this was short lived. Once getting in to the valley, we approached bush that was ~5 ft high, and numerous places to be ambushed by bears. We had to use boulders to throw in to the bushes ahead to make sure there were no bears further up (also using regular bursts of the air horn).

Finally once we made it to the creek, we realized using the GPS that the Mount Hood Route was extremely old and grown over. There was no visible trail for Mount Hood Route. We continued along the creek (walking in/over it) for some time until it became so difficult and dangerous that we decided we had to turn around and go back.

Back to King Creek Ridge from Mount Hood Route
Back to King Creek Ridge from Mount Hood Route

The hike/climb back up to the summit of the King Creek Ridge hike was grueling. It was one of the steepest hikes I’ve done, and finished with sections that we actually had to climb (using our hands) to get back to the King Creek Ridge summit.

Back on to King Creek Ridge

So the detour, while extremely dangerous and unnerving, actually made the hike as long as we had originally wanted it, and as fun as we had hoped, so it turned out pretty good (after we realized we weren’t going to be stuck in the valley all night, lol).

We finally descended down the way we had originally came up, and all in all the day turned out to be amazing! The hiking trail actually was extremely busy later on in the afternoon by the time we went down.

King Creek Ridge Hike Pictures

Below are pictures from the hike, please click to enter the attachment page, and then click again to enlarge. The below are low quality thumbnails, when you click on the image it will open the high-resolution image.

Stay safe, be bear aware, and always verify trails exist before you head out on to them!

Jul 122019
 

Last week (July 3rd, 2019), I hiked and climbed Mount Lawrence Grassi with my friend Elisha. It was a very aggressive hike, ascending very quickly to an altitude of 2,685 meters (8,809 feet).

It took us around 7 hours and 45 minutes, with a total moving time of 4 hours and 43 minutes. We completed a total elevation gain of 1,177m. My cardio has been horrible this year as I’ve been focusing on strength training so I slowed us down a little bit.

Picture gallery is below of the hike.

I’d only recommend this hike only for advanced hikers as the last 100 feet can be extremely dangerous (risk of slipping, sliding off cliff on both sides). Cell phone reception (for emergencies) is available for most of the hike.

Stephen Wagner Posing on Mount Lawrence Grassi while Hiking
Stephen Wagner on Mount Lawrence Grassi

We’ve had issues with weather this year, but fortunately for us we chose the perfect day. It was a bit chilly at the top, but it turned out perfectly! The views from the summit were amazing!

View from Summit at Mount Lawrence Grassi

Other than the sketchy 100ft at the top, the only other issue we had was a bear encounter on the way back to the vehicle. Once we got back to the bottom of the mountain, starting our 2km walk to the vehicle, we crossed paths with a black bear. We immediately prepped our bear counter-measures (we always carry bear mace, bear bangers, air horn, etc), however two chirps of the air horn caused it to retreat in to the forest.

AllTrails Link: https://www.alltrails.com/trail/canada/alberta/mount-lawrence-grassi

Mount Lawrence Grassi Hike Pictures

Below are pictures from the hike, please click to enlarge. The below are low quality thumbnails, when you click on the image it will open the high-resolution image.

The best photos are at the end of the album when we reached the summit!

Stay safe and be bear aware!

Jul 062019
 
Ubiquiti UniFi US-48 Switch, UniFi nanoHD Wireless AP, 2 x UF-RJ45-10G SFP+ Modules

Recently I had the pleasure of ordering, installing, and configuring some new Ubiquiti UniFi network products, including a switch, wireless access points, and more! Today, I will review the Ubiquiti UniFi line of products for you!

My company Digitally Accurate Inc. is an Ubiquiti reseller, and we have Ubiquiti product in inventory and stock in our Vancouver and Toronto warehouses. Contact us if you’re looking at purchasing any Ubiquiti gear in Canada!

There are plenty of pictures below! 🙂

The back story

For some time I’ve been wanting to replace a bunch of aging networking equipment at my company. This includes switches and wireless access points, and I wanted to consolidate the number of pieces of networking equipment I used. No more daisy chaining switches!

  • Wireless
    • First off, up to date I have been re-purposing consumer grade wireless routers as access points. While this has worked by disabling the router functions, DHCP, and DNS, it’s still not ideal. I wanted a true managed wireless solution. I always wanted proper coverage and no dropped connections.
  • Switching
    • Secondly, I’ve also been using a number of cheap daisy chained 8-port network switches. The amount of cables I use is absolutely crazy, the power-bar space for the transformers is crazy, and this is just crazy dumb! I wanted a true business/enterprise class manageable network switch that could handle all the cabling requirements my business has with all it’s servers, SANs, NASs, and other equipment.
  • Multiple Networks
    • Third, I’ve been using the multiple switches to maintain 4 different isolated networks across my virtualization stack. It would be ideal to implement VLANs on VLAN capable hardware, to consolidate, and ease management of the environment.
  • 10Gb Requirement
    • Fourth, I do require some 10Gb capabilities. While my servers are using multiple SFP+ DAC cables to direct-connect to the SAN, I still have numerous unused 10GBASET NICs and ports on my servers that I’d like to use. It would be fantastic if I could use this as a backhaul to a switch.

The Goal

Ultimately I wanted a business/enterprise class networking solution, that could handle all my wireless and networking needs, in an easy to manage way, and in an affordable way that wouldn’t break the bank.

After researching a number of vendors, weighing the pros/cons, I found the answer: Ubiquiti UniFi

Ubiquiti UniFi

Ubiquiti UniFi US-48 Switch, UniFi nanoHD Wireless AP, 2 x UF-RJ45-10G SFP+ Modules
Ubiquiti UniFi Hardware

Ubiquiti UniFi is a portfolio of enterprise grade products including wireless technologies, network switching, cloud management capabilities, and other hardware technology.

UniFi offers the latest technologies at affordable prices. They also allow you to integrate with the cloud, or keep everything separate and centrally managed on your own hardware and software.

The UniFi products support a number of enterprise technologies you’d normally find in enterprise gear, such as central management, VLANs, multi-SSID wireless, Guest WiFi access, Captive Portal, and way more!

They also have a beautiful switch line up consisting of numerous different port options, PoE options, and uplink options (SFP, SFP+, etc).

The Solution

So, after making the decision to switch to Ubiquiti UniFi, I spec’ed out the hardware I wanted to purchase. See below for the items I ordered:

  • 1 x Ubiquiti UniFi Switch 48 (Part# US-48)
  • 1 x Ubiquiti UniFi nanoHD (Part#: UAP-nanoHD)
  • 2 x Ubiquiti 10GBASE-T SFP+ CopperModule (Part#: UF-RJ45-10G)

I ordered the equipment from my Vancouver warehouse (as mentioned before, my company has stock in Vancouver/Toronto), and waited!

2 days later, the equipment arrived…

Ubiquiti UniFi US-48 Switch, UniFi nanoHD Wireless AP, 2 x UF-RJ45-10G SFP+ Modules
Ubiquiti UniFi Shipment

I was very impressed with the packaging! Even opening the products, you were actually “presented” with the products. Very nicely done Ubiquiti!

Ubiquiti UniFi Switch 48

UniFi Switch 48 Part# US-48
Ubiquiti UniFi Switch 48

The UniFi Switch 48, provides 48 x 1Gb standard ports, along with 2 x 10Gb SFP+ ports, and 2 x 1Gb SFP ports.

You can order this switch with multiple PoE options, however I ordered the non-PoE version.

Left view of UniFi Switch 48 Part# US-48
Ubiquiti UniFi Switch 48 Left Side

The switch has 70Gbps of non-blocking throughput, and 140Gbps of switching capacity.

The switch does have fans, however I haven’t heard them come on except for the initial power-up test.

Right view of UniFi Switch 48 Part# US-48
Left view of Ubiquiti UniFi Switch 48

The SFP+ modules do run hot (hot to the touch), however after doing research I found out this is completely normal. There is a number of SFP+ and SFP module options that you can populate the ports with on the switch.

Ubiquiti UniFi nanoHD

UniFi nanoHD Wireless Access Point Part# UAP-nanoHD
Ubiquiti UniFi nanoHD Wireless Access Point

The UniFi nanoHD wireless access point is a compact (smaller than the other UniFi APs) 802.11ac Wave2 device with MU-MIMO technology.

The unit is powered via PoE and is designed for roof mounting, although works great on a wall, or sitting on a desk.

Ubiquiti UniFi nanoHD Wireless Access Point unboxing
Ubiquiti UniFi nanoHD unboxing

The single quantity SKUs (like the one I ordered) include a PoE injector as seen above, however the multi-quantity SKUs do not. You can either use the PoE injector, or power it via your switch if your switch supports PoE.

The unit also ships with a roof mounting bracket and a getting started flyer.

On the 5Ghz band, the unit has a maximum throughput of 1733Mbps (1.73Gbps), and the 2.4Ghz band has a maximum throughput of 300Mbps.

The nanoHD supports a maximum of 8 seperate SSIDs per radio.

Ubiquiti 10GBASE-T SFP+ CopperModule

10GBASE-T CopperModule UF-RJ45-10G
10GBASE-T CopperModule UF-RJ45-10G

The 10GBASE-T SFP+ CopperModule allows you to connect RJ45 10Gb copper ethernet to the SFP+ port on a switch. This allows you to connect devices or other switches that support 10Gb links over RJ45 ethernet.

Ubiquiti has a number of other SFP+ and SFP modules that you can use to populate your ports depending on your requirements.

UniFi Controller

The UniFi controller is the software (or hardware) that controls and centrally manages all the UniFi products. In my specific environment, I deployed a virtual machine running Ubuntu Linux, installed the apt repo’s for the UniFi Controller, installed the UniFi controller, and then configured it.

You can also purchase a UniFi Cloud key, which is a hardware device that runs the UniFi controller software. This removes the need to deploy a computer, VM, or additional hardware to install the controller on.

Inside of the UniFi controller, you create your wireless networks, network profiles, network switch port profiles, and other configuration, so that it can be easily provisioned to hardware as you add it and expand your network.

My Configuration, Notes, and Observations

Ubiquiti UniFi Switch 48 (US-48) in use
Ubiquiti UniFi Switch 48

For my configuration on the UniFi controller, I configured 9 VLANs, 4 SSID wireless networks, and numerous switch profiles for aggregation (via LACP).

UniFi Controller Login Screen
UniFi Controller Login

When bringing the switch online, the profiles were provisioned and I could attach the profiles to individual network ports, or groups of ports. I could also override these profiles and manually set aggregation, VLAN IDs, trunking, etc if need be.

UniFi Controller Switch Information Screen
UniFi Controller Switch Information

Since I’m using VLANs and want to configure multiple SSIDs, I need to have the wireless access points connected to a VLAN trunk, so that each network is available to be broadcast by the nanoHD APs. Since I configured the VLAN and network profiles earlier, this was instantly deployed automatically as I powered them on. If you had a simple network and didn’t use VLANs, none of this would be necessary and you’d be up and running in minutes.

UniFi Controller Wireless Access Point Information Screen
UniFi Controller Wireless Access Point Information

Inserting the 10GBASE-T CopperModule in to the SFP+ ports on the switch, they were instantly detected. Connecting my 2 HPe DL360p Servers using Cat6, I was able to establish a 10Gb link with both servers instantly. The connection has been rock solid since for over 7 days. These connections are used as a VLAN trunks to my VMware vSphere instance. I also have a secondary connection from each server at 1Gb as failover (standby).

UniFi Controller Dashboard Main Screen
UniFi Controller Dashboard

Enabling Jumbo frames was easy, and Ubiquiti UniFi fully supports it. While I couldn’t find out the exact MTU, I do know it’s around 9000. I’m assuming they allotted slightly more to account for the extra bytes due to VLAN tagging.

Overall Review

Overall, I’m extremely happy and impressed with the product. I’d definitely recommend this to clients, as well as friends and family.

The features and functionality make this product perfect for any business. And with the price point and ease of management, this equipment would be suitable for home and power users as well!

Not only did I get up and running in no time with an extremely complicated configuration, but it’s been rock solid now for over 7 days. If you had a simple configuration, you could have the equipment deployed in minutes.

UniFi Controller Device List Screen
UniFi Controller Device List

What I liked the most:

  • Wireless Speed
  • Easy Switch Port Configuration
  • Easy Wireless/SSID Deployment and Configuration
  • Ease of Management (really easy yet extremely powerful)
  • Monitoring and Statistics inside of UniFi Controller
  • E-Mail notifications of rogue APs and other alerts
  • Visibly beautiful hardware
  • PoE injectors are included with single quantity AP SKUs
  • Product lineup available
  • Smartphone app for Android/iOS (Configure, Monitor, Deploy)
  • Reliable 10Gb on the CopperModule SFP+ 10GBASE-T Modules

Getting back to basics, the equipment has filled all the requirements I originally had and than some, I’m extremely happy!

And I almost forgot to mention, the wireless is FAST! Absolutely no complaints. I’ve posted a speed test below, please note I’ve achieved way faster accessing content internally, however this was limited by my internet connection at the time.

SpeedTest Results on Ubiquiti
SpeedTest

I’m actually looking forward to purchasing some more equipment, my shopping list includes:

  • More nanoHD APs for coverage
  • Possibly a couple UniFi HD In-Wall units for testing
  • 2 x UniFi Switch 16 XG for SAN connectivity
  • 4 x UniFi Switch 8 (150W) for remote cable drops and PoE

Hope this review helps if you’re considering Ubiquiti! And remember, I’m a re-seller so I can offer some very attractive pricing on this equipment!

Manufacturer Product Links

Jun 122019
 
VMware vSphere Mobile Watchlist Logo

It’s finally here! VMware has released the alpha (test) of the vSphere Mobile Client for Android Devices. This will allow you to manage your vSphere instance via your Android mobile device.

Some of you may remember the vSphere Mobile Watchlist app for android. It was great because it allowed you to manage your vSphere environment (and I still use it), but one day it was abruptly removed from the Google Play store and no longer available. However, those that had it installed could keep using it.

This new version of the vSphere Mobile Client is only available for Android as of the time of this post.

vSphere Mobile Client Fling

The VMware fling is here: https://labs.vmware.com/flings/vsphere-mobile-client

While there is a tarball download, you’ll actually want to forget that and follow the instructions for a proper install. The tarball is only needed if you want to deploy the notification service.

Installing the vSphere Mobile Client for Android

First, you need to join the alpha testers group here: https://groups.google.com/forum/#!forum/vsphere-mobile-client/join

Second, you need to opt-in to the Google Play Test app here: https://play.google.com/apps/testing/com.vmware.vsphere.cloudsmith

Then simply follow the instruction after the opt-in and download it for your device.

Using the vSphere Mobile Client for Android

The app is a slick but simple one. Since it’s alpha, functionality is limited, but gives you the ability shutdown, restart, view performance and do a couple other things.

Bugs and Annoyances

Shortly after using the app, I noticed that I couldn’t log in subsequent tries due to an “incorrect user name or password”. I know I was typing it right, so I’m assuming this is a bug. To resolve this, you have to delete the app cache, then you will be able to log in properly.

Unfortunately the app also doesn’t allow you to save your password, like the previous watchlist app.

Screenshots

See below for some screenshots:

Conclusion

All in all, it’s pretty exciting that VMware is finally working on an official mobile app. I still use watchlist almost daily, so I see tremendous value in this!

Leave a comment below and let me know what you think of the new app!

May 222019
 
Microsoft Windows Logo

You may find yourself in a situation where an MMC snap-in errors out, and doesn’t allow you to reconfigure, fix, or use it. It becomes unusable.

In my case, this occurred on a system where I was trying to use the WSUS (Windows Server Update Services) snap-in, and it was configured for an old server that didn’t exist anymore.

When opening the WSUS MMC snap-in, it would report an error, give me the option to unload (which didn’t work), and do nothing else. There was no way to use or reconfigure it.

The Fix

To resolve this, you need to clear your local configuration for the snap-in. Your user profile contains all MMC snap-in information and configuration in the following directory

C:\Users\USERNAME\AppData\Roaming\Microsoft\MMC

When browsing, here’s what it looks like on my system:

Picture of MMC user cache in appdata
User MMC config/cache folder

In my case, deleting the “wsus” file, reset the MMC snap-in, and allowed me to use it again and configure it for a new server.

Let me know if this helped you!

May 212019
 
Microsoft Windows Logo

You can now download the Windows 10 May 2019 – 1903 update!

You can use the Microsoft “Update Assistant” available at
https://www.microsoft.com/en-ca/software-download/windows10. Or you can use the Windows 10 Media Creation tool to make an ISO or upgrade an installation (available at the same link).

Windows 10 1903 is also available on VLSC.

Remember, if you need to install the Windows 10 RSAT tools, check out
https://www.stephenwagner.com/2018/10/05/windows-10-1809-october-update-rsat/ as this link has the instructions to install them on the May 2019 1903 update.

Successful installations

In case you’re worried about bugs, I’ve listed some of the machines I’ve successfully upgraded below:

  • Lenovo X1 Carbon, 1809 to 1903 – No issues
  • Windows 10 VM on VMware ESXi 6.5 (VDI with GRID sVGA) – No issues
May 182019
 
VMware Horizon View Mobile Client Android Windows 10 VDI Desktop

Since I’ve installed and configured my Nvidia GRID K1, I’ve been wanting to do a graphics quality demo video. I finally had some time to put a demo together.

I wanted to highlight what type of graphics can be achieved in a VDI environment. Even using an old Nvidia GRID K1 card, we can still achieve amazing graphical performance in a virtual desktop environment.

This demo outlines 3D accelerated graphics provided by vGPU.

Demo Video

Please see below for the video:

Information

Demo Specifications

  • VMware Horizon View 7.8
  • NVidia GRID K1
  • GRID vGPU Profile: GRID K180q
  • HPe ML310e Gen8 V2
  • ESXi 6.5 U2
  • Virtual Desktop: Windows 10 Enterprise
  • Game: Steam – Counter-Strike Global Offensive (CS:GO)

Please Note

  • Resolution of the Virtual Desktop is set to 1024×768
  • Blast Extreme is the protocol used
  • Graphics on game are set to max
  • Motion is smooth in person, screen recorder caused some jitter
  • This video was then edited on that VM using CyberLink PowerDirector
  • vGPU is being used on the VM
May 172019
 
Right side of MSA 2040

You may encounter a situation where you’re unable to connect to the management interface or NIC on your HPe MSA array. When this condition occurs, you are not able to ping the NIC, and the SMU (web interface) will not load.

When you visibly look at the array, the AMBER warning light may or may not be flashing.

If you have a dual controller setup, and connect to the SMU on the other controller, you may see numerous log entries where the management NIC port status changes repeatedly from up to down.

What’s happening

I’ve witnessed this issue occur on 2 separate HPe MSA 2040 storage arrays (both with dual controllers).

When you physically look at the management NICs on the controller in question, you’ll notice that the port status LED indicator turns on, and turns off repeatedly. The link status keeps changing from up to down (as reflected in the logs).

The Fix

Restarting the unit will have no effect. Changing the network cable will have no effect.

To resolve this issue, you must play with the network cable and re-seat it a few times (possibly half-way if possible a couple times as sketchy as that sounds).

If you can get the link status up, and disconnect/reconnect the cable before the light turns off, the connection will stay up. It will continue to function and survive restarts until sometime in the future when you disconnect it and reconnect it.

Replacing the controller may also fix it, however in the first instance I observed this, the replacement controller exhibited the same behavior months later in the future.

May 162019
 

There may be a situation where you wish to completely reinstall WSUS from scratch. This can occur for a number of reasons, but most commonly is due to database corruption, or performance issues due to a WSUS database that hasn’t been maintained properly with the normal maintenance.

Commonly, when regular maintenance hasn’t occurred on a WSUS database, when an admin finally performs it, it can take days and weeks to re-index the database, clean up the database, and run the cleanup wizards.

Also, due to timeouts on IIS, the cleanup wizard may fail which could ultimately cause database corruption.

Administrators often want or choose to blast away their WSUS install, and completely start from scratch. I’ve done this numerous times in my own environment as well as numerous customer environments.

In this guide, we are going to assume that you’re running WSUS on a Windows Server that is dedicated to WSUS and is using the WID (Windows Internal Database) which is essentially a built-in version of SQL Express.

PLEASE NOTE: If you are using Microsoft SQL, these instructions will not apply to you and will require modification. Only use these instructions if the above applies to you.

What’s involved

WSUS (Windows Server Update Services) relies on numerous Windows roles and features to function. As part of the instructions we’ll need to completely clear out:

  • WSUS Role, Configuration, and Folders/Files
  • IIS Role, Configuration, and Folders/Files
  • WID Feature, Configuration, and Database Files

Since we are completely removing IIS (Role, Configuration, and Folders/Files), only proceed if the server is dedicated to WSUS. If you are using IIS for anything else, this will completely clear the configuration and files.

Let’s get to it!

Instructions

  1. Open “Server Manager” either on the host, or remotely and connect to the host you’d like to reinstall on.
  2. Open “Remove Roles and Features” wizard.
  3. Click “Next”, and select the Server, and click “Next” again.
  4. On the “Remove server roles” screen, under “Roles”, we want to de-select the following: “Web Server (IIS)” and “Windows Server Update Services” as shown below. Selecting WSUS and IIS Roles to be Removed
  5. Click “Next”
  6. On the “Remove features” screen, under “Features”, we want to de-select the following: “Windows Internal Database” and “Windows Process Activation Service” as shown below. Selecting WID and WPAS Features for Removal
  7. Click “Next” and follow the wizard to completion and remove the roles and features.
  8. Restart the Server.
  9. Open an administrative command prompt on the server, and run the command “powershell” or open powershell directly.
  10. Run the following command in powershell to remove any bits and pieces:
    Remove-WindowsFeature -Name UpdateServices,UpdateServices-DB,UpdateServices-RSAT,UpdateServices-API
  11. Restart the Server.
  12. We now must delete the WSUS folders and files. Delete the following folders:
    C:\WSUS
    C:\Program Files\Update Services

    Note: You may have stored the WSUS content directory somewhere else, please delete this as well.
  13. We now must delete the IIS folders and files (and configuration, including the WsusPool application pool, bindings, etc.). Delete the following folders:
    C:\inetpub
    C:\Windows\System32\inetsrv

    Note: You may have issues deleting the “inetsrv” directory. If this occurs, simply rename it to “inetsrv.bad”.
  14. We now must delete the WID (Windows Internal Database) folders and files (including the WSUS SQL Express database). Delete the following folder:
    C:\Windows\WID
  15. While we removed the IIS folders and files, we deleted a needed system file. Run the following command to restore the file:
    sfc /scannow
  16. Restart the Server.

WSUS, IIS, and WID have at this point been completely removed. We will now proceed to install, apply a memory fix, and configure WSUS.

For instructions on installing WSUS on Server Core, please click here: https://www.stephenwagner.com/2019/05/15/guide-using-installing-wsus-windows-server-core-2019/

  1. Open “powershell” (by typing powershell) and Install the WSUS Role with the following command:
    Install-WindowsFeature UpdateServices -Restart
  2. Run the post installation task command to configure WSUS:
    "C:\Program Files\Update Services\Tools\wsusutil.exe" postinstall CONTENT_DIR=C:\WSUS
  3. AT THIS POINT DO NOT CONTINUE CONFIGURING WSUS AS YOU MUST APPLY A MEMORY FIX TO IIS.
  4. Apply the “Private Memory Limit (KB)” fix as provided here: https://www.stephenwagner.com/2019/05/14/wsus-iis-memory-issue-error-connection-error/
  5. Restart the Server.
  6. Open the WSUS MMC on the server or remotely from a workstation on the network and connect it to the WSUS instance on your Server Core install.
  7. Run through the wizard as you would normally and perform an synchronization.
  8. WSUS has been re-installed.

And that’s it. You’ve completely reinstalled WSUS from scratch on your Windows Server.

May 152019
 

Windows Server Core (on Windows Server 2019) is a great way to reduce the performance and security footprint of your servers. The operating system itself is minimalist and provides no GUI accept for a command prompt, and some basic windows and tools.

All administration on Server Core must be performed via the command prompt, powershell, or remote administration tools (such as Server Manager, or the new Windows Admin Center.

Server Core provides a fantastic foundation for Windows Server Roles (roles that are integrated in the operating system), and can be installed with ease, managed remotely, and managed easily. It’s also nice too because you can allocate less CPU and RAM to virtual machines running Windows Server Core.

Getting started may be a bit tricky as you might need to learn and verse yourself with some commands, powershell, and remote management kung-fu, but overtime it’s easy!

Why WSUS?

I think I can speak for most admins out there when I say that a WSUS deployment typically consists of a single VM, with the WSUS, IIS, and WID roles installed.

WSUS is usually CPU and RAM intensive (when doing synchronizations), requires disk space, and doesn’t do much else. Because of the spikes, we usually keep this VM separate and don’t mix it with other LoBs or roles, with the exception of perhaps a file server.

Whether or not your VM runs WSUS alone, or also as a file server, since both of these roles are “Windows Roles and Features”, they are perfect to deploy on a Windows Server Core install.

There should be little administrative requirement on the WSUS server, other than re-indexing scripts, and cleanup scripts which can easily be ran from the command prompt, and the occasional Windows Update that will be installed.

Because you don’t require any 3rd party software, management consoles, or GUI related elements, it’s perfect for Server Core. By skipping on the GUI and applications, you’ll be able to allocate that memory, for WSUS/IIS itself.

How to Install and Configure WSUS on Windows Server Core

  1. Install Windows Server 2019 – Server Core
  2. Configure Network, Join to Domain, Update, etc.
  3. Open “powershell” (by typing powershell) and Install the WSUS Role with the following command:
    Install-WindowsFeature UpdateServices -Restart
  4. Run the post installation task command to configure WSUS:
    "C:\Program Files\Update Services\Tools\wsusutil.exe" postinstall CONTENT_DIR=C:\WSUS
  5. AT THIS POINT DO NOT CONTINUE CONFIGURING WSUS AS YOU MUST APPLY A MEMORY FIX TO IIS.
  6. Enable Remote IIS Management to manage and modify IIS config (to apply the memory fix below), as provided here: https://www.stephenwagner.com/2019/05/14/manage-remotely-iis-on-windows-server-2019-server-core/
  7. Apply “Private Memory Limit (KB)” fix as provided here: https://www.stephenwagner.com/2019/05/14/wsus-iis-memory-issue-error-connection-error/
  8. Install the “Windows Server Update Services” mmc applet which is included in the Windows 10 RSAT tools. Instructions to install the RSAT are provided here: https://www.stephenwagner.com/2018/10/05/windows-10-1809-october-update-rsat/
  9. Open the WSUS MMC on a server or workstation on the network and connect it to the WSUS instance on your Server Core install.
  10. Run through the wizard as you would normally and perform an synchronization.
  11. Modify your GPO to point your servers and workstations towards your WSUS server.
  12. Enable Windows Update “Features on Demand” and “Turn Windows features on or off” via GPO as provided here:
    https://www.stephenwagner.com/2018/10/08/enable-windows-update-features-on-demand-and-turn-windows-features-on-or-off-in-wsus-environments/
  13. Install the “sqlcmd” command so you can regularly run the WSUS re-index script, as provided here: https://www.stephenwagner.com/2019/05/14/run-wsus-cleanup-index-script-windows-server-core-without-sql-management-studio/

You’re done!

Don’t forget to regularly re-index your WSUS database and perform the routine maintenance!

Tips n Tricks

  • Need to view, modify, cut/paste, or delete files and folders? Open up notepad from the command prompt to get a simple GUI where you can do this.
  • CTRL + SHIFT + ESC will open a Task Manager to monitor the Server Core install
  • You can use “Server Manager” remotely to manage the Server Core install after you’ve enabled it inside of “sconfig”.