Server 2016

PowerShell Core 6.0

PowerShell Core 6.0 is a new edition of PowerShell that is cross-platform (Windows, macOS, and Linux), open-source, and built for heterogeneous environments and the hybrid cloud.

Windows PowerShell 3.0, 4.0, and 5.1 will continue to be supported on supported versions of Windows and Windows Server. While Windows PowerShell 2.0 is still in support, it has been deprecated, and it’s recommend that workloads be migrated to newer versions of PowerShell.

To install PowerShell on a Windows client or Windows Server (works on Windows 7 SP1, Server 2008 R2, and later), download the MSI package from our GitHub releases page.

The MSI file looks like this – PowerShell-6.0.0.<buildversion>.<os-arch>.msi

Once downloaded, double-click the installer and follow the prompts.




PowerShell Core uses .NET Core 2.0 as its runtime. .NET Core 2.0 enables PowerShell Core to work on multiple platforms (Windows, macOS, and Linux). PowerShell Core also exposes the API set offered by .NET Core 2.0 to be used in PowerShell cmdlets and scripts.

Windows PowerShell used the .NET Framework runtime to host the PowerShell engine. This means that Windows PowerShell exposes the API set offered by .NET Framework.

PowerShell now officially supports macOS and Linux, including:

  • Windows 7, 8.1, and 10
  • Windows Server 2008 R2, 2012 R2, 2016
  • Windows Server Semi-Annual Channel
  • Ubuntu 14.04, 16.04, and 17.04
  • Debian 8.7+, and 9
  • CentOS 7
  • Red Hat Enterprise Linux 7
  • OpenSUSE 42.2
  • Fedora 25, 26
  • macOS 10.12+

The binary name for PowerShell Core has been changed from powershell(.exe) to pwsh(.exe).

PowerShell Core is adopting the Microsoft Modern Lifecycle Policy. This support lifecycle is intended to keep customers up-to-date with the latest versions. The version 6.x branch of PowerShell Core will be updated approximately once every six months. You must update within six months after each new minor version release to continue receiving support.

Containers, Server 2016

Windows Server 2016 version 1709

Most IT administrators have been waiting for a release and probably another “R2” version of Server 2016 just like the previous Server editions but Microsoft has changed a few things. This version is called 1709 which is a combination of the year 2017 and September (9th month) release. I think they are following the same approach as they did for the System Center products.

Starting with this release, you have two options for receiving Windows Server feature updates:

  • Long-Term Servicing Channel (LTSC): This is business as usual with 5 years of mainstream support and 5 years of extended support. You have the option to upgrade to the next LTSC release every 2-3 years in the same way that has been supported for the last 20 years.
  • Semi-Annual Channel (SAC): This is a Software Assurance benefit and is fully supported in production. The difference is that it is supported for 18 months and there will be a new version every six months. Windows Server, version 1709 runs in Server Core mode. That means there is no graphical user interface, so you manage it remotely.

Other Improvements such as;

  • The Server Core container image has been further optimized for lift-and-shift scenarios where you can migrate existing code bases or applications into containers with minimal changes, and it’s also 60% smaller.
  • The Nano Server container image is nearly 80% smaller.
    • In the Windows Server Semi-Annual Channel, Nano Server as a container base OS image is decreased from 390 MB to 80 MB.
  • Linux containers with Hyper-V isolation

Microsoft introduced a new management tool “Project Honolulu“. It includes next generation tooling with a simplified, integrated, secure, and extensible interface. Project Honolulu includes an intuitive all-new management experience for managing PCs, Windows servers, Failover Clusters, as well as hyper-converged infrastructure based on Storage Spaces Direct, reducing operational costs.

Those running Server 2016 today shouldn’t treat 1709 as a feature update to 2016, officials said. To move from Windows Server 2016 or earlier versions of Windows Server to 1709, users must run a clean install, as no in-place upgrades are supported. Those who want Semi-Annual Channel releases need Software Assurance for their Windows Server licenses or be willing to use the Semi-Annual Channel releases hosted on Azure or other cloud-hosted environments. Windows Server Essentials releases will only be available in LTSC; Standard or Datacenter are the only supported editions in the Semi-Annual Channel.

A few other things to mention; Nano Server is available as a container operating system. This release no longer installs the SMB1 client and server by default. Additionally, the ability to authenticate as a guest in SMB2 and later is off by default. Storage Spaces Direct is not in this release, administrators cannot add servers running 1709 to deployments of Windows Server 2016 where Storage Spaces Direct is being used. Data Deduplication now supports ReFS.

Keep in mind that Windows Server, version 1709 is NOT an update to Windows Server 2016. It’s in the Semi-Annual Channel. Windows Server 2016 is in the Long-Term Servicing Channel. If you need the Desktop Experience, you should stay on the LTSC by sticking with the current Windows Server 2016.



Hyper-V, Server 2012 / R2, Server 2016, Virtualization

Advantages of Generation 2 VMs

Generation 2 VMs use synthetic drivers and software-based devices instead, and provide
advantages that include the following:

  • UEFI boot Instead of using the traditional BIOS, Generation 2 VMs support Secure Boot, using the Universal Extensible Firmware Interface (UEFI), which requires a system to boot from digitally signed drivers and enables them to boot from drives larger than 2 TB, with GUID partition tables. UEFI is fully emulated in VMs, regardless of the firmware in the physical host server.
  • SCSI disks Generation 2 VMs omit the IDE disk controller used by Generation 1 VMs to boot the system and use a high-performance virtual SCSI controller for all disks, enabling the VMs to boot from VHDX files, support up to 64 devices per controller, and perform hot disk adds and removes.
  • PXE boot The native virtual network adapter in Generation 2 VMs supports booting from a network server using the Preboot Execution Environment (PXE). Generation 1 VMs require you to use the legacy network adapter to support PXE booting.
  • SCSI boot Generation 2 VMs can boot from a SCSI device, which Generation 1 VMs cannot. Generation 2 VMs have no IDE or floppy controller support, and therefore cannot boot from these devices.
  • Boot volume size Generation 2 VMs can boot from a volume up to 64 TB in size, while Generation 1 boot volumes are limited to 2 TB.
  • VHDX boot volume resizing In a Generation 2 VM, you can expand or reduce a VHDX boot volume while the VM is running.
  • Software-based peripherals The keyboard, mouse, and videos drivers in a Generation 2 VM are software-based, not emulated, so they are less resource-intensive and provide a more secure environment.
  • Hot network adapters In Generation 2 VMs, you can add and remove virtual network adapters while the VM is running.
  • Enhanced Session Mode Generation 2 VMs support Enhanced Session Mode, which provides Hyper-V Manager and VMConnect connections to the VM with additional capabilities, such as audio, clipboard support, printer access, and USB devices.
  • Shielded virtual machines Generation 2 VMs can be shielded, so that the disk and the system state are encrypted and accessible only by authorized administrators.
  • Storage Spaces Direct Generation 2 VMs running Windows Server 2016 Datacenter Edition support Storage Spaces Direct, which can provide a high-performance, faulttolerant storage solution using local drives



Switching between Core edition and Full GUI in Server 2016

In Windows Server 2016, you can no longer add or remove the GUI elements after the
operating system installation. In addition, there is no Minimal Server Interface option, as in Windows Server 2012 R2. This means that, at installation time, you must choose between a full graphical interface, similar to that of Windows 10, and a command line only. In Windows Server 2012 R2, it was possible to install and configure the server using the full GUI option, and then remove GUI features once the server was up and running. This is no longer possible.

Server 2016

Determine which editions of Server 2016 you need?

Windows Server 2016 is available in multiple editions, with varying prices and features. To select an edition for your server deployment, you should consider the following questions:
What roles and features will you need to run on the server?
How will you obtain licenses for the servers?
Will you be running Windows Server 2016 on virtual or physical machines?

The current trend in server deployment is to use relatively small servers that perform a single task, rather than large servers that perform many tasks. In cloud deployments, whether public, private, or hybrid, it is common to see virtual machines performing one role, such as a web server or a DNS server. It is for this reason that Microsoft introduced the Server Core installation option in Windows Server 2008 and Nano Server in Windows Server 2016, so that virtual machines could function with a smaller resource footprint. Before you choose an installation option, however, you must select the appropriate Windows Server 2016 edition for the server workload you intend to implement. The Windows Server 2016 editions are as follows:

Windows Server 2016 Datacenter The Datacenter edition is intended for large and
powerful servers in a highly virtualized environment. The license allows for an unlim-ited number of operating system environments (OSEs) or Hyper-V containers. The
Datacenter edition also includes additional features not available in the other editions,
such as Storage Spaces Direct, Storage Replica, shielded virtual machines, and a new
networking stack with additional virtualization options.
Windows Server 2016 Standard The Standard edition license allows for two OSEs
and includes the same core set of features as the Datacenter edition. However, it lacks
the new storage and networking features listed in the Datacenter description.
Windows Server 2016 Essentials The Essentials edition includes nearly all the
features in the Standard and Datacenter editions; it does not include the Server Core
installation option. The Essentials edition is also limited to one OSE (physical or virtual)
and a maximum of 25 users and 50 devices. Unlike the Standard and Datacenter
editions, Essential includes a confi guration wizard that installs and confi gures Active
Directory Domain Services and other essential components needed for a single-server
Windows Server 2016 MultiPoint Premium Server Available only through academic
licensing, the Multipoint edition enables multiple users to access a single server
Windows Storage Server 2016 Server Available only through original equipment
manufacturer (OEM) channels, the Storage Server edition is bundled as part of a
dedicated storage hardware solution.
Windows Hyper-V Server 2016 Available at no cost, the Hyper-V Server edition is a
hypervisor-only download, without a graphical interface, that hosts virtual machines as
its only function.

In Windows Server 2012, the Datacenter and Standard editions were functionally identical. The only difference was in the number of Hyper-V virtual machines the license authorized you to create.

In Windows Server 2016, the Datacenter edition includes several new features that
could affect your decision to choose that edition over Standard. The features in the Datacenter edition that are not included in the Standard edition are as follows:
Storage Spaces Direct Enables administrators to use relatively inexpensive drive
arrays to create high-availability storage solutions. Instead of using an expensive array
or controller with built-in storage management intelligence, the intelligence is incorporated into the operating system, enabling the use of inexpensive JBOD (just a bunch of disks) arrays.

Storage Replica Provides storage-agnostic, synchronous or asynchronous volume replication
between local or remote servers, using the Server Message Blocks Version 3 protocol.
Shielded virtual machines Provides VMs with protection from compromised
administrators that have access to the Hyper-V host computer by encrypting the VM
state and its virtual disks.
Network controller Provides a central automation point for network infrastructure
configuration, monitoring, and troubleshooting.
For most organizations, the selection of an edition will be based on cost. The Essentials
edition is inexpensive and easy to deploy, but it is limited in its features. For a small organization, it can be ideal, however.

Hyper-V, Server 2012 / R2, Server 2016, Virtualization

Enabling SR-IOV on VMs

The single root I/O virtualization (SR-IOV) interface is an extension to the PCI Express (PCIe) specification. SR-IOV allows a device, such as a network adapter, to separate access to its resources among various PCIe hardware functions. SR-IOV enables network traffic to bypass the software switch layer of the Hyper-V virtualization stack. Because the VF is assigned to a child partition, the network traffic flows directly between the VF and child partition. As a result, the I/O overhead in the software emulation layer is diminished and achieves network performance that is nearly the same performance as in nonvirtualized environments.

Technically, there are two functions implemented by SR-IOV: physical functions (PFs) and virtual functions (VFs). There are a number of PCI devices available in which the PFs have been implemented, but Microsoft Hyper-V provides SR-IOV support only for networking. In other words, Microsoft Hyper-V provides VFs to allow VMs to communicate to the physical network adapters directly. Since the VMs can communicate directly with the physical network adapters, organizations may benefit from increasing I/O throughput, reducing CPU utilization on Hyper-V hosts for processing network traffic, and reducing network latency by enabling direct communication. Before you can use SR-IOV for a Hyper-V VM, you will need to meet the following prerequisites:

  • The SR-IOV functionality is currently only available to Windows 8 and Windows Server 2012 guests.
  • Hyper-V must be running on a Windows Server 2012 or later operating system.
  • You must have an SR-IOV-capable physical network adapter that implements the PFs and can understand the VFs’ requests coming from the VMs.
  • You must have an external virtual switch that can understand the SR-IOV traffic.
  • The server’s motherboard chipset must also support SR-IOV.

Enabling SR-IOV is a two-step approach. First, you need to create an external switch and enablecSR_IOV or if there is one already created but SR-IOV not enabled, you will need to delete this as this can only be enabled while you are creating the switch. Once the SR-IOV is enabled on the external virtual switch, you can enable SR-IOV on the VMs by checking the “Enable SR-IOV” checkbox found under the “Hardware Acceleration” under Network Adapter settings on the VM’s properties.






Server 2012 / R2, Server 2016

Add Servers to Server Manager

As you add remote servers to Server Manager, some of the servers that you add might require different user account credentials to access or manage them. To specify credentials for a managed server that are different from those you use to log on to the computer on which you are running Server Manager, use the Manage As command after you add a server to Server Manager, which is accessible by right-clicking the entry for a managed server in the Servers tile of a role or group home page. Clicking Manage As opens the Windows Security dialog box, in which you can provide a user name that has access rights on the managed server.

Add and manage servers in workgroups;

 Although adding servers that are in workgroups to Server Manager might be successful, after they are added, the Manageability column of the Servers tile—on a role or group page that includes a workgroup server—can display Credentials not valid errors that occur while trying to connect to or collect data from the remote, workgroup server.

These or similar errors can occur in the following conditions.

  • The managed server is in the same workgroup as the computer that is running Server Manager.
  • The managed server is in a different workgroup from the computer that is running Server Manager.
  • One of the computers is in a workgroup, while the other is in a domain.
  • The computer that is running Server Manager is in a workgroup, and remote, managed servers are on a different subnet.
  • Both computers are in domains, but there is no trust relationship between the two domains.
  • Both computers are in domains, but there is only a one-way trust relationship between the two domains.
  • The server you want to manage has been added by using its IP address.

To add remote workgroup servers to Server Manager

  1. On the computer that is running Server Manager, add the workgroup server name to the TrustedHosts list. This is a requirement of NTLM authentication. To add a computer name to an existing list of trusted hosts, add the Concatenate parameter to the command. For example, to add the Server01 computer to an existing list of trusted hosts, use the following command.

    Set-Item wsman:\localhost\Client\TrustedHosts ServerName -Concatenate -Force


  2. Determine whether the workgroup server that you want to manage is in the same subnet as the computer on which you are running Server Manager.

    If the two computers are in the same subnet, or if the workgroup server’s network profile is set to Private in the Network and Sharing Center, go on to the next step.

    If they are not in the same subnet, or if the workgroup server’s network profile is not set to Private, on the workgroup server, change the inbound Windows Remote Management (HTTP-In) setting in Windows Firewall to explicitly allow connections from remote computers by adding the computer names on the Computers tab of the setting’s Properties dialog box.

  3. To override UAC restrictions on running elevated processes on workgroup computers, create a registry entry called LocalAccountTokenFilterPolicy on the workgroup server by running the following cmdlet.

New-ItemProperty -Name LocalAccountTokenFilterPolicy -path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -propertyType DWord -value 1