PowerShell Automation Script for IIS installation and more.

The below script was designed to install IIS with .Net Core Runtime 2.1.x to be used with NOPCommerce. It also enables WinRM (remote management) and changes network settings on the target machine. This is used with Win Server 2019 core to automate deployments with Ansible into AWS.

#
#    The following script changes the Network settings of the Machine
#    disables the firewall, installs IIS and Core Runtime 
#
#Change PS Execution Policy
Set-ExecutionPolicy Bypass -Scope Process -Force

#Enable TLS for Invoke-Webrequest
$AllProtocols = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'
[System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols

######################### VARIABLES #############################################

$tmpdir="c:\temp\"
$newhostname="WIN-SRV-CORE-IIS"
$ipAdd="172.18.85.184"
$sMask="28"   #Ex. 24 = 255.255.255.0
$dGate="172.18.85.177"
######################### FUNCTIONS #############################################

function machineNMchange 
{
    #Change the machine name and reboot    
    $curhostname=hostname
    #$localuser="\Administrator"
    #$localcred=$curhostname+$localuser

    if ($newhostname -ne $curhostname)
    {
        Rename-Computer -ComputerName $curhostname -NewName $newhostname -Force -PassThru    
        # Add -LocalCredential $localcred to the above line if you want to be prompted for credentials, otherwise run as Admin
        # Add -Restart at the end if you want to automatically restart
    }
}

function installCoreRT 
{
    #Note that this installs CoreRuntime 2.1.8
    $url = "https://download.visualstudio.microsoft.com/download/pr/c2b2968d-022d-4889-afd0-b02010813c94/bd315e931f55eecfdaea258cf3dee48e/dotnet-hosting-2.1.8-win.exe"
    $outFile = "dotnet-hosting-2.1.8-win.exe"

    if (Test-Path -Path $tmpdir -PathType Container)
    { 
        Write-Host "$tmpdir already exists" -ForegroundColor Red
    }
    else
    { 
        New-Item -Path $tmpdir  -ItemType directory 
        Write-Host "$tmpdir created" -ForegroundColor Red
    }
    
    Invoke-Webrequest $url -OutFile "$tmpdir$outFile"    
    Start-Process -FilePath $tmpdir$outfile -ArgumentList "/quiet /norestart"
}

function installIIS 
{
    #Install IIS
    # To list all Windows Features: dism /online /Get-Features
    # Get-WindowsOptionalFeature -Online 
    # LIST All IIS FEATURES: 
    # Get-WindowsOptionalFeature -Online | where FeatureName -like 'IIS-*'
    # Source: https://weblog.west-wind.com/posts/2017/May/25/Automating-IIS-Feature-Installation-with-Powershell
    $arr = "IIS-WebServerRole","IIS-WebServer","IIS-CommonHttpFeatures","IIS-HttpErrors","IIS-HttpRedirect",
            "IIS-ApplicationDevelopment","NetFx4Extended-ASPNET45","IIS-NetFxExtensibility45","IIS-HealthAndDiagnostics",
            "IIS-HttpLogging","IIS-LoggingLibraries","IIS-RequestMonitor","IIS-HttpTracing","IIS-Security","IIS-RequestFiltering",
            "IIS-Performance","IIS-WebServerManagementTools","IIS-IIS6ManagementCompatibility","IIS-Metabase",
            "IIS-BasicAuthentication","IIS-WindowsAuthentication","IIS-StaticContent","IIS-DefaultDocument","IIS-WebSockets",
            "IIS-ApplicationInit","IIS-ISAPIExtensions","IIS-ISAPIFilter","IIS-HttpCompressionStatic","IIS-ASPNET45"#,"IIS-ManagementConsole"
            #Enable the last value for GUI servers only, for Core leave out.

    foreach ( $iis_value in $arr)
    {
        Enable-WindowsOptionalFeature -Online -FeatureName $iis_value
    }
}

function setNet ([string]$ip, [string]$sm, [string]$dg)
{
    #Disable Firewall
    Set-NetFirewallProfile -Name Domain,Public,Private -Enabled False

    #Disable IPv6
    Disable-NetAdapterBinding -Name "Ethernet" -ComponentID ms_tcpip6
    
    #Change IP
    Set-NetIPInterface -InterfaceAlias "Ethernet" -Dhcp Disabled
    Remove-NetIPAddress -InterfaceAlias "Ethernet" -Confirm:$false
    New-NetIPAddress -InterfaceAlias "Ethernet" -IPAddress $ip -PrefixLength $sm  $ip -DefaultGateway $dg
    #Ex. New-NetIPAddress -InterfaceAlias "Ethernet" -IPAddress "172.18.85.184" -PrefixLength "28" -DefaultGateway "172.18.85.177"
    Set-DnsClientServerAddress -InterfaceAlias “Ethernet” -ServerAddresses "172.18.85.177"   

    #Connection-specific DNS Suffix  . : mshome.net
    #Link-local IPv6 Address . . . . . : fe80::29bf:1ecc:e589:3e2c%4
    #IPv4 Address. . . . . . . . . . . : 172.18.85.182
    #Subnet Mask . . . . . . . . . . . : 255.255.255.240
    #Default Gateway . . . . . . . . . : 172.18.85.177

}

########################## MAIN ####################################################
setNet $ipAdd $sMask $dGate
installIIS
installCoreRT
machineNMchange

#Enables Win RM for remote management
winrm quickconfig -force
shutdown /r /t 0
Advertisements

Disabling Automatic Updates on Server 2016

The server 2016 GUI does not provide a means to disable Windows Updates and by default the updates are set automatically download. There is a spot for updates in the GUI but it is a placebo. If you wish you can disable Windows Updates and run them manually at your hearts content, you need to do this via the sconfig text based applet.

Do the following. Start Powershell as admin and run the sconfig command. This is the server configuration text based applet.

Once you have run this applet option 5 is for Windows updates. For productions server the Manual option is probably the best choice.

A pop up will notify you of the changes once selected and from here on in all your updates will have to be downloaded and installed manually.

Virtual Machine Queues and Broadcom NIC Issues

Broadcom network adapters have a very big issue in Windows with Hyper-V. The issue is so big that at one point a year or so ago when I deployed a new Hyper V server with Broadcomm NICs my domain users were unable to use VPN properly due to a crippling network latency. I’m sure Broadcom is aware of this problem and the issue is documented all around the internet. The problem are Virtual Machine Queues, and on Broadcom network adapters they delay traffic to the VM and create latency issues.

There is a quick fix for that though. All you need to so is disable Virtual Machine Queues on your network adapter. It takes 5 min to fix.

To fix it, start up Powershell as an Administrator, then check to see if VMQ is enabled on your adapters, specifically anything by Broadcom.

Run the following command;

Run the Get-netAdapterVMQ

If you see True in the Enabled column, disable VMQ with the following command;

Disable-NetAdapterVmq -Name 'Adapter Name'

See the below example for reference. I even included an error where my name of the adapter wasn’t being caught because there was a space in the name. Use single quotes on the name to avoid this.

Windows PowerShell
Copyright (C) 2014 Microsoft Corporation. All rights reserved.

PS C:\Windows\system32> Get-netAdapterVMQ

Name                           InterfaceDescription              Enabled BaseVmqProcessor MaxProcessors NumberOfReceive
                                                                                                        Queues
----                           --------------------              ------- ---------------- ------------- ---------------
Front End                      Microsoft Network Adapter Mu...#2 True    0:0                            16
Embedded LOM 1 Port 4          Broadcom NetXtreme Gigabit Eth... True    0:0              16            16
Embedded LOM 1 Port 3          Broadcom NetXtreme Gigabit E...#2 True    0:0              16            16
Embedded LOM 1 Port 2          Broadcom NetXtreme Gigabit E...#4 True    0:0              16            16
Embedded LOM 1 Port 1          Broadcom NetXtreme Gigabit E...#3 True    0:0              16            16
Back End(PA)                   Microsoft Network Adapter Mu...#3 False   0:0                            0
Back End(NeoTech)              Microsoft Network Adapter Mult... False   0:0                            0


PS C:\Windows\system32> Disable-NetAdapterVmq -Name Front End
Disable-NetAdapterVmq : A positional parameter cannot be found that accepts argument 'End'.
At line:1 char:1
+ Disable-NetAdapterVmq -Name Front End
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Disable-NetAdapterVmq], ParameterBindingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,Disable-NetAdapterVmq

PS C:\Windows\system32> Disable-NetAdapterVmq -Name 'Front End'
PS C:\Windows\system32> Disable-NetAdapterVmq -Name 'Embedded LOM 1 Port 1'
PS C:\Windows\system32> Disable-NetAdapterVmq -Name 'Embedded LOM 1 Port 2'
PS C:\Windows\system32> Disable-NetAdapterVmq -Name 'Embedded LOM 1 Port 3'
PS C:\Windows\system32> Disable-NetAdapterVmq -Name 'Embedded LOM 1 Port 4'
PS C:\Windows\system32> Get-netAdapterVMQ

Name                           InterfaceDescription              Enabled BaseVmqProcessor MaxProcessors NumberOfReceive
                                                                                                        Queues
----                           --------------------              ------- ---------------- ------------- ---------------
Front End                      Microsoft Network Adapter Mu...#2 False   0:0                            16
Embedded LOM 1 Port 4          Broadcom NetXtreme Gigabit Eth... False   0:0              16            16
Embedded LOM 1 Port 3          Broadcom NetXtreme Gigabit E...#2 False   0:0              16            16
Embedded LOM 1 Port 2          Broadcom NetXtreme Gigabit E...#4 False   0:0              16            16
Embedded LOM 1 Port 1          Broadcom NetXtreme Gigabit E...#3 False   0:0              16            16
Back End(PA)                   Microsoft Network Adapter Mu...#3 False   0:0                            0
Back End(NeoTech)              Microsoft Network Adapter Mult... False   0:0                            0

How to Create a Dell Server Update Utility (SUU) ISO

In this example we are going to walk through the creation of a Dell SUU ISO for 64-bit Windows. The SUU is crucial if you are building out Dell servers as it updates firmware and drivers.

I find the Dell documentation isn’t overly helpful so I’ve put together this quick tutorial on how to create a customized Dell SUU ISO, keep in mind this tutorial creates a Windows based installation ISO.

1. Go and download the latest Dell Repository Manager if you do not have it installed already.
http://en.community.dell.com/techcenter/systems-management/w/wiki/1767.dell-openmanage-repository-manager

2. Once installed find the icon on your Desktop and launch it.
icon

3. Once launched, you should be prompted to update some plugins, go ahead and do so. If you are prompted to update the Dell Online catalog do so as well.

4. Once the application has loaded, go to the menu bar and select Source > View Dell Online Catalog.
view_dell_catalog

5. If you have not updated the Dell Online Catalog, you should now be prompted to update, click Yes.
sync_db

6. Under Dup Format check off Windows 64-bit to narrow down the bundles.filter_catalog

7. Check off your System Bundles based on the models you’d like the ISO to support.

8. Once these are all selected click Create Deployment Tools.deployment_tools

9. A wizard will appear, select Create Server Update Utility (SUU) > SUU to ISO. Select Next.
create_suu

10. Accept the defaults on the Select Plug-ins Select Next. You will be prompted for the SUU export location, select a folder and click OK.
create_suu_2

11. On the Summary and Finish page, review the Selected Bundles and confirm that all the appropriate models have been selected for export. Click Finish if everything looks okay. The job will be added to the Jobs Queue where the progress can be seen.
create_suu_3