Manage IIS on Server Core remotely

I’ve started to mange server core installations more and more. I recently required to manage on that was utilize IIS. While I’m fairly used to IIS manager, I wasn’t exactly quite sure how remote management worked.

At first I thought it was a part of RSAT, nope, but fret not it is a feature of Windows, just not enabled by default.

As I expected there to be a bunch of configuration BS required figured I’d google how to do it instead of googling errors. 😀 I found this really nice right tot the point YouTube video. Luckily this made my life easy.

So on the Core server:

#Install the required service
Install-WindowsFeature -Name Web-Mgmt-Service

#enable IIS remote management
reg add HKLM\SOFTWARE\Microsoft\WebManagement\Server /v EnableRemoteManagement /t REG_DWORD /d 1

#Enable service at boot
Set-Service WMSVC -StartupType Automatic

#Enable Service
Start-Service WMSVC

On the Client Machine (Windows 7-10)

#Enable IIS management tools
Programs and Features -> Turn Windows Features on or off -> IIS -> (check off all items under Web Management Tools, you may not need them all but to be safe doesn’t hurt to add them)

#Open IIS Manager
Either through Server Manager -> manage -> IIS
Or Under the Star menu -> Admin Tools -> IIS Manager

*NOTE* Don’t bother adding the IIS manager Snap-in to an existing MMC session, I found it’s missing the top menu bar.

*NOTE 2* You also need to install IIS Manager for Remote Administration 1.2 (Cause you know this isn’t bundled with RSAT, cause… reasons)
Else you’ll be missing the connect to server option under the file menu.

*UPDATE* Grab it from here (good drive share) as MS for some reason has removed the source link in place of a 404.

*NOTE 3* You have to prepend the admin user name with the domain name, else the connection will failed stating unauthorized.

Thanks SSmith!

RSAT MMC CA “Install CA Certificate” Bug

I plan on releasing a 3 part series blog post on configuring a new CA infrastructure, in an existing one where an Enterprise root CA has already been configured. In my series I decided to utilize core servers, these provide an additional layer of issues as managing them is a little more difficult as it usual requires more cmd based knowledge or better yet PowerShell whenever there are such options available. Turns outs in this case even more so then ever.

I won’t go over too much details here, as I’ll save that for my series. Basically one step requires me to import the signed certificate into the Sub Enterprise CA, being core I have to use the RSAT MMC CA snap-in (funny enough even if you have desktop experience it’s the same tool and snap-in used).

What I discovered is when I’d use the RSAT tool on and remote client system loading my actual CA server when loading the nap-in, it would never actually load the input wizard.

I’d right click my CA, select the option to install a CA certificate:

Then it simply act as if it’s reloading the snap-in…

Then nothing… So I asked about it on Technet. Lucky for me Mark Cooper the Master PKI guy came to my rescue.

The solution: On the Sub CA

certutil -installcert <your certificate file name here>

Get your Free ESXi here!

Get ’em while they’re hot. Fresh from the bunnums of the internet!

Now I love my ESXi, and I recently converted my old gaming rig into a hypervisor with non other than my favorite beast ESXi! I first played with 6.5, and don’t get me wrong the fact it was a direct login to the host right from a fresh install is such a thing of beauty. With a plugin available for a smoother console experience from the web driven one. While the HTML5 based web interface is very slick, the console isn’t exactly 100% real time. With the plugins it’s a nice way around that, however the host management tasks are all locked down to the hosts HTML 5 web interface. So long goes any chance of using the old phat (.Net based) client. I have to say thats sad cause I LOVE the phat client, it is by far the smoothest of all management interfaces, in my experience.

Anyway, logging into my personal host… I see this

This of course doesn’t surprise me. However believe it or not you can continue to run ESXi completely free. It’s generally enough for most peoples needs, there however some limitations.

  • No support
  • Free ESXi cannot be added to a vCenter Server
  • 2 physical CPUs
  • Unlimited cores per CPU
  • Unlimited physical Memory
  • max. 8 vCPU per VM

I won’t go over the details too much but the basics steps are as follows:

  1. Sign up to
  2. Goto the vSphere Download Center 6.5 or 5.5.
  3. Register, Download your ISO and grab your Key.

Free ESXi 6.5 – How to Download and get License Keys


USB 3.0 Support on Windows 7 Guest VM

In Short, it’s not supported. If you’re running Workstation 9 or above, there’s this trick.

Now this guy goes into the real nitty gritty, and I love that! I however was working with ESXi 5.5 u3b. Now VMware did the same thing with the ESXi hypervisor and introduced USB 3.0 support via the xHCI controller. However the exact same limitation apply.

1) Drivers of USB 3.0 Host Controller are not provided by VMware Tools.

2) VMware USB 3.0 Host Controller will work only if your Virtual Machine OS has Native USB 3.o Support. Examples of such OS are – Windows 8, Windows Server 2012 and Linux Kernel 2.6.31 and above.

He goes on to say he’s screwed, but I’ve found the older EHCI +UHCI controller works for USB 1.1 and 2 devices I haven’t fully tested all case scenarios however. .For a Windows Server 2016 VM, on a HP Gen9 server with ESXi 5.5. My findings were as follows:

  1. Installed xHCI usb controller, via VM settings.
  2. Guest OS picked up hardware change and installed driver without issue.
  3. Plugged in USB 2.0 device, showed up in Host, as USB device became available to add to VM via VM settings, so added device.
  4. Guest OS didn’t see the USB device connected.
  5. Removed device via VM settings, then disconnected from host.
  6. Connected USB 3.0 Stick into host, added to VM via VM settings.
  7. Device was seen on Guest VM, and performance was equal to that of the sticks specs. (18~20 MB/s write, 100+MB/s Read)

I wasn’t sure why the USB 2.0 Device didn’t show up, so I simply removed the xHCI USB controller, and instead installed the EHCI +UHCI. Re-Connected the USB 2.0 devices and added it to the VM, this time the device did show up. I can’t remember the exact performance counters. I’ll update this post when I do some better analysis. My plan is to script some I/O tests using diskspd and PowerShell. Stay tuned. 😀

I’m also going to see if I can connect the same USB device via hardware pass-through instead of utilizing the USB controllers and Devices VM settings options. I’ve manly done this with RDM’s and storage controllers with storage type VM’s (FreeNas mostly).

As for the main point of this post… I figured the main link I posted and this one here as well form the VMware forms that I’d be able to get a way to make the xCHI controller work on the Windows 7 VM guest. The answer is basically grab the Intel xCHI drivers for Windows 7/2008R2 from Intel and install it manually, not via the setup.exe.

To my dismay I couldn’t get it to work, the wizard simply couldn’t locate the device (since the hardware IDs didn’t match) and installing the otherwise the device wouldn’t start.

I even decided to try and use double driver (extracts drivers) against a newer guest OS. This also failed. I simply couldn’t get it to work.

Lame mans V2V

Quick V2V’s

There are multiple ways to do a V2V depending on your migration/conversion.

See here, here and here for some source examples and more in depth reviews of alternative tools/products, or even V2P as unlikely as that maybe 😛


This one will be short n sweet.
V2V a VMDK to a VHDX

Get this.

DO this:

Import-Module ‘C:\Program Files\Microsoft Virtual Machine Converter\MvmcCmdlet.psd1’

ConvertTo-MvmcVirtualHardDisk -SourceLiteralPath (Drive):\VM-disk1.vmdk -VhdType DynamicHardDisk -VhdFormat vhdx -destination (Drive):\vm-disk1

This was nice, but after a good amount of time, I realized I don’t like using Hyper-V much…. so how do you convert back from VHDX to a VMDK?


I used Linux open source tool;

Using qemu-img in Linux

Ubuntu Linux is used in this example for running qemu-img.

First, install qemu-img from the online software repositories:

sudo apt-get install qemu-utils

*Note if using Ubuntu live you will need to enable the community (*Universe) repository (outside the scope of this post)

Go to the directory where virtual disk images are stored (in this example VHD and VHDX virtual disk files are stored in /media/user1/data/):

cd /media/user1/data/

Check the VHDX file

Get the root privileges (with the sudo su command) and view the VHD image information:

qemu-img info test-disk.vhd

How to convert VHD to VMDK with qemu-img – checking the VHD info

Similarly, you can check the information about the VHDX virtual disk:

qemu-img info /media/user1/data/WinServer2016.vhdx

Check the VHDX info before you convert VHDX to VMDK with qemu-img

Convert VHD to VMDK in Linux

In order to convert VHD to VMDK with qemu-img in Linux, run the command as root:

qemu-img convert /media/user1/data/WinServer2016.vhdx -O vmdk /media/user1/data/WinServer2016qemu.vmdk -p


-O – define the output file format

-p – show the progress bar

Wait until the conversion process is finished.

Using qemu-img in Windows

Download qemu-img from the official web site (32-bit and 64-bit installers are available to download). In the current example, qemu-img-win-x64-2_3_0 is used. Extract files form the downloaded archive, for example, to C:\Programs\qemu-img\. Then launch the Windows command line (CMD) – Press Windows+R to open the “Run” box. Type “cmd” into the box and press Ctrl+Shift+Enter to run the command as an administrator.

Go to the qemu-img directory:

cd C:\Programs\qemu-img

Commands of qemu-img in Linux and Windows are identical.

Convert VHD to VMDK in Windows

Run CMD as administrator and go to the directory where qemu-img is installed.

View the virtual disk information:

qemu-img.exe info c:\Virtual\Hyper-V\test-disk.vhd

Convert the VHD disk image to the VMDK format:

qemu-img.exe convert -p c:\Virtual\Hyper-V\test-disk.vhd -O vmdk c:\Virtual\Hyper-V\test-disk.vmdk


-p – show progress

-O – the output file

Wait until the conversion process is finished.

How to convert VHD to VMDK – using qemu-img as VHD to VMDK converter

Now the main thing to note is this conversion will be of a “type” that will only work with VMware Workstation… so if you need to mount this VMDK to a ESXi VM, you’ll need to “import it” basically convert it to the proper type… I’m usually a fan of VMware but this one is kind of lame.

Don’t Squat on my Name

I found this interesting, I was checking out my DNS server to make some new static host records for my newly networked Test environment/sandbox. To my surprise I found these weird new records DHCID (Dynamic Host Configuration Identifier) I wasn’t sure what was up with these but I did notice them paired along with an A host record (same name, different value). A quick google search revealed this nice old MS gem.

While it states “Name squatting occurs when a non-Windows-based computer registers in Domain Name System (DNS) with a name that is already registered to a Windows-based computer.” and even Susie Long pretty much states the same thing from this TechNet Post.

What I found in my case was it was created for only a couple users and it was from their iPhones after I had renewed them with new iPhones and updated their phones by using iTunes to make a backup and copy their contents to their new phones. I’m assuming cause the same name already existed in DNS from the old phones DHCP request, and the new phone had the same device name after the restore. In my case I knew they weren’t important records since noone would ever need to access their phones via DNS name, lol. So I simply deleted them. We’ll see if they come back.

I already knew all about DHCP and DNS scavenging but this was a new one for me. 😀

Adding a static host record to PiHole

Adding a record:

pihole -a hostrecord

Removing a record:

pihole -a hostrecord

*UPDATE* This only adds one record, and doing this command a second time removes the old record. For multiple records hosting on a PiHole, here’s the main deets as provided by llauren:

With a little configuration, you can use your pi-hole as the DNS server for your LAN, if, for example, your router isn’t doing a very good job serving local names. Here’s how:

Create a second dnsmasq configuration file:

% echo "addn-hosts=/etc/pihole/lan.list" | sudo tee /etc/dnsmasq.d/02-lan.conf

(that % is for whatever your system prompt is; don’t type it out :wink: )

After this, create a “hosts file” for your network /etc/pihole/lan.list with the format ipaddress fqdn hostname, eg     marvin.your.lan  marvin     eddie.your.lan   eddie     hactar.your.lan  hactar

…substituting “your.lan” for whatever you want your domain name to be.

On your DHCP server (most likely your router, though pi-hole indeed can be configured into one), you’ll also need to set your search domain to whatever “your.lan” corresponds to.

Finally, restart your name server:

% sudo pihole restartdns

Additional thoughts

  • If all this domain name stuff confuses you, you can leave it out and live a domain-less life on your LAN.
  • While you certainly can serve any name, also of hosts outside of your LAN, you probably can’t outsmart Netflix to play shows from outside your geographical area :slight_smile: . Drop that thought. It’s probably against their TOS and you might end up losing your Netflix account.
  • The dnsmasq manual page 765 suggests the configuration option hostsdir, but this didn’t work on my raspi. Possibly i was just incompetent.”

Clearing the DNS cache

This one will be nice and short. I was working on a DNZ zone migration, from one domain to another. Since the zone wasn’t the parent zone of the AD domain it was in I had two options.
One make the new domain authorative for the zone, once trust is established they would take over for the zone.
Or in this case since there were only a few records and the new AD domain was already created with the same domain anem as the zone I was attempting to migrate, I figured I’d simply recreate the records manually.
Basically setup your conditional forwarders to the new domain DC’s which will be authorative for the new zone. Generally allow UDP (TCP as well if you want to be extra safe) on port 53 through the firewall, and records should resolve just fine.
In this case you’ll clearly notice that resolving the record for the transferred zone from the orginal domain now replies with non-authorative answer.
This is to be expected as the domain’s DC that you are associated with (and generally your DNS settings configured to via DHCP of course) are no longer controlling the zone (adding/removing/editing records).
Again as to be expecting these are now managed via the new domain which teh zone was transferred to.

So low and behold I messed u one of the records IP addresses. So sure it’s super fast to adjust and force replication, however replication would be domain/forest wide. Which even though I did on both domains i found my previous DC’s would update the non-authorative answer.
I tripple checked all systems in teh new domain could get the proper reply from the DC/DNS servers. So what gives why were the old DC’s DNS servers replying with the old IP address, when the conditional forwarders were setup to query the proper DNS servers and they were 100% holding the correct IP address?
The answer? Cache? yup the lovely blessing and nightmare that is cache. so what does any regular workstation admin try… yeah you guessed it “ipconfig /flushdns” (cmon were talking AD here which is Microsoft specific AFAIK). Do a query from your old domain DC’s and yet the record is still the old IP adress?!?!
What gives? Well… in this case ipconfig /flushdns is only used for clients. You maybe wondering isn’t the old DC a client in this case? Yes/No It’s still a DNS server, and it still needs to answer queries it recieves, the command provided would help if simply doing a query (yes we are doing a query but for a record it needs to hold a record for to reply with).
Just to stop beating around the bush, as a DNS server it needs to clear its own cache, the records to retains to provide to requesting clients. this is a different command. in this case it’s dnscmd /clearcache.
That’s it, do another lookup and find your old DC DNS servers showing a non-authorative answer of the new IP address. Of course you could have also simply waited for cache to clear and replication to occur naturally… but ain’t no body got time for that!

 1) To Clear Dns from a client system (Windows): ipconfig /flushdns
 2) To clear non-authoritative DNS servers cache:	 dnscmd /clearcache

Arrays Gone Astray

I love powershell, and as one figures you’ll have to deal with arrays. and when you learn them, they become a handy tool for any dev/scripters toolkit.
This guy covers it well. in short do this

PS C:\Scripts> $Fruit = @("Apple","Banna","Orange")
PS C:\Scripts> $Fruit.Add("Kiwi")
Exception calling "Add" with "1" argument(s): "Collection was of a fixed size."
At line:1 char:1
+ $Fruit.Add("Kiwi")
+ ~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : NotSupportedException

PS C:\Scripts> $Fruit = $Fruit + "Kiwi"
PS C:\Scripts> $Fruit
PS C:\Scripts> $Fruit.GetType()

IsPublic IsSerial Name                                     BaseType
-------- -------- ----                                     --------
True     True     Object[]                                 System.Array

PS C:\Scripts> $Fruit = $Fruit - "Kiwi"
Method invocation failed because [System.Object[]] does not contain a method named 'op_Subtraction'.
At line:1 char:1
+ $Fruit = $Fruit - "Kiwi"
+ ~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (op_Subtraction:String) [], RuntimeException
    + FullyQualifiedErrorId : MethodNotFound
PS C:\Scripts> $Fruit = $Fruit -ne "Kiwi"
PS C:\Scripts> $Fruit
PS C:\Scripts> $FruitIsFixedSize
PS C:\Scripts> $Fruit.IsFixedSize

Center Write-Host Output


It’s great and it’s main purposes is to well write to the host. Nothing more. So often people abuse it and leaving people to rant about it.
E.G. This guy and the “Gurus”
I agree with both of them in terms of displaying data, hands down. However, when it comes to simple informing the admin/user of the script the “it displays and gets rid of that info” is efficient, and interactive (colors).

With that out of the way. I am working on a script to clear web parts from a sharepoint page via powershell.
I always like clean code an usually my scripts are interactive, for other non-interactive scripts I’d stick with Write-Output as described by the scripting guys.
However since I like to display things colorfully and neatly Write-Host is perfect!

The Problem

Turns out there’s no easy way to get-write host to center it’s output, no mater how hard I googled. This reply from James Bernie however kicked off the idea it was possible.
There were actually a decent amount of issues with his propsed idea, when implemented. First we’ll want a static variable of the window size at start of script.
Then it turns out Bernies fancy full integer trick may return whole numbers, but does so as a dang string type. Instead of wasting time dicking around with another method, i simply did this trick of dividing by 1 on the variable.
The final problem with his concept which was driving me nuts for a good while was due to the fact of how padding method actually works.
PadLeft adds spaces to the left of a string.
This is handy for numeric out-put because padding keeps the numbers properlly aligned on the right.
This was exactly the problem I was facing, testing my existing function with a series of dots of different lengths, I found them all to be right aligned, and not centered.
Another issue I found was that the pipe into measure method under an expression based section of code and calling its sub routine of count ($var | measure).count wasn’t returning the correct value.
That line was pretty stupid anyway when you can simply call any variable thats of a string type length method.
And the final nail in the logical coffin, the padding was again aligning more right of center than actual center due to the fact that’s what it was comparing to first in the convert.
So it made more sense to take ((Wdith of screen) – String.Length)/2 + String.Length, this associated with a left and right padding, creates a centered master piece!!
Finally!!Here’s the final thing I had to overcome. My function I wanted to support Write-Host outputs color param.
As it turns out, overloading functions isn’t supported in powershell, but that didn’t stop someone from comming up with a work around!
This guy and his buzz works… Woo Ad-hoc Polymorphism!!! OK OK… here’s my final piece of code for you guys. NOTE I didn’t do fully ad hoc polythingy I cheated and only supprted foreground color via an if else.
If you *burp* want to make it support background and foreground… Uhhhhh.. do it yourself… getting to wasted right now…

#Function to Centralize Write-Host Output, Just take string variable parameter and pads it
#Nerd Level over 9000!!! Ad-hoc Polymorphic power time!!
$pswwidth = (get-host).UI.RawUI.MaxWindowSize.Width
function Centralize()
    $sLength = $S.Length
    $padamt =  "{0:N0}" -f (($pswwidth-$sLength)/2)
    $PadNum = $padamt/1 + $sLength #the divide by one is a quick dirty trick to covert string to int
    $CS = $S.PadLeft($PadNum," ").PadRight($PadNum," ") #Pad that shit
    if ($C) #if variable for color exists run below
        Write-Host $CS -ForegroundColor $C #write that shit to host with color
    else #need this to prevent output twice if color is provided
        $CS #write that shit without color

*Update* This code is being managed on GitHub, please download or fork the latest version from there, maybe one day I’ll implement background color.. :S