Connect Windows Admin Center to Azure

In this post we will be going through connecting Windows Admin Center to Azure to allow management of Azure VM’s. To install WAC see previous post.

The Azure integration allows the management of Azure and on-prem servers from a single console.

First step is to register WAC with Azure, Open the WAC admin console and go to settings tab. AZ1

Go to the Azure in the  gateway settingsAZ2Copy the code and click on the enter code hyperlink and enter the codeAZ3AZ4

Sign-in using an admin account on the Azure tenant. AZ5AZ6

Now go back to WAC and click connect to finish the registration AZ7

Once WAC is registered it require admin application permission to be granted to the application registration in Azure AZ8

Now that the registration is completed we can now add Azure VM’s to WAC go to add and select Azure VMAZ9

Select the subscription (if there are multiple subscription in your tenant),  resource group  and VM that will be added. AZ10

Once the Azure VM is added, to allow management there will need to be management ports opened to allow a connection between WAC and the Azure VM. If you are using a site to site VPN you can just allow the ports over the VPN connection.

I have a public IP associated with my VM and I will be modifying my network security group to allow the ports from my public IP.

I wont be going through configuring an NSG as this was covered in a previous post. AZ15

On the VM itself you need to enable winrm and allow port 5985 through the windows firewall if enabled. This can be done by running the two command below from an admin PowerShell session.

winrm quickconfig
Set-NetFirewallRule -Name WINRM-HTTP-In-TCP-PUBLIC -RemoteAddress Any

Once the NSG is configured we should then be able to connect to the VM. AZ12

Below shows the overview of the VMAZ14We can also now connect to the VM using integrated RDP console in WACAZ13

WAC also allows us to manage services, scheduled tasks, backups, check event logs and other admin task, along with connecting using remote PowerShell directly from WAC.AZ16

 

 

Windows Admin Centre 1910

I have previously looked at Window Admin centre (WAC) tech preview and wanted to configure the latest full release, to see what changes have been made and do a proof of concept to see if this will be useful if it is deployed to our production environment.

PowerShell version 5.1 is required on servers that will be added to WAC and will need Window Management Framework (WMF) 5.1 installed, some will require additional steps also. See list below for required pre-req before they can be managed in WAC.

https://www.microsoft.com/en-us/download/details.aspx?id=54616

Windows Admin Centre uses SMB for some file copying tasks, such as when importing a certificate on a remote servers.

Once all pre-req are confirmed, we can go ahead and download Windows Admin centre.

https://www.microsoft.com/en-us/evalcenter/evaluate-windows-admin-centerhttps://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/overview#download-now

Once the MSI is downloaded run and following the installation Admin1Accept the terms.Admin2Admin3

I used the default settings but you can enable WinRM over https if you have certificates that have server authentication set. If you want to look at configuring WinRM over https see following link: https://support.microsoft.com/en-us/help/2019527/how-to-configure-winrm-for-httpsAdmin4

I will use default port 443 and generate a self signed cert, if you have a certificate authority you can generate a cert that can be used for gateway. Admin5Admin6Admin7

Once the install is completed you can access the Windows Admin Centre URL using https://servername.

Admin8To add a server click Add. Admin9Admin10Click search active directory and put in the server name. Admin11

Once the server is added it will show in the admin console. To connect click on the server and connect. Admin12When connecting to servers, to allow single sign on there is an additional command that need’s to be run. If this is not done you will see the below warning when connecting.

Admin13

I updated the command to run on all servers in AD, as I didn’t want to have to run on each individually.

$Servers = Get-ADComputer -Filter “OperatingSystem -like ‘Windows Server*'”
$WAC = “LAB-WAC”
Foreach ($Server in $Servers){
Set-ADComputer -Identity $Server -PrincipalsAllowedToDelegateToAccount (Get-ADComputer $WAC)
}

Admin16The above command adds the admin server to the below attribute. Admin14Once this has been done when you click connect it should now use SSO. Admin15

We can now manage the servers from a central console without having to logon individually to each server. In the next post we will go through the different options and settings in Windows Admin Centre.