Unable to install AD Services on VM

Highlighted
New Contributor

Hi

 

I am testing out a new dev/test SharePoint farm in Azure which isn't joined to the local lan. 

Anyway I have got as far as setting up the DS .   

 

 

Install-WindowsFeature -ComputerName "myserver" AD-Domain-Services -IncludeManagementTools

Install-WindowsFeature : Cannot validate argument on parameter 'ComputerName'. The argument is null or empty. Provide
an argument that is not null or empty, and then try the command again.
At line:1 char:38
+ Install-WindowsFeature -ComputerName $adVm AD-Domain-Services -Includ ...
+                                      ~~~~~
    + CategoryInfo          : InvalidData: (:) [Install-WindowsFeature], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.Windows.ServerManager.Commands.AddWindowsFeat
   ureCommand

 

 

 

To resolve this, I have 

  1. I have installed Remote Server Administration Tools for Windows 10
  2. Started WInRM
  3. Set-Item -Path WSMan:\localhost\Client\TrustedHosts -Value myVM

I am assuming  I won't be able to use the  AD DS Deployment Commandlets directly from my win10 client , until this issue is resolved

 

Just name resolution I guess?

 

 

 

 

6 Replies
Highlighted

Hi Daniel,

 

Use Enter-PSSession to login for the DC then you can install ADDS.

 

What I can see in the error is it cant resolve the computer name are you storing the computer name as a variable?

Highlighted
Hi @Kasun

Thanks your reply. I will look into adding this to my script. BTW were my WinRM settings correct?

I store the server name, location and resource group as variables.

I will let you know how this goes on Monday.
Highlighted

One important thing did you allow WinRM  from Network security group that attached to nic of the VM?

 

Yes your WinRM setting is correct and make sure you have run the winrm qc command on you client pc to allow firewall rules 

Highlighted

@Kasun Rajapakse wrote:

One important thing did you allow WinRM  from Network security group that attached to nic of the VM?

 

Yes your WinRM setting is correct and make sure you have run the winrm qc command on you client pc to allow firewall rules 


Hi

 

I have another chance to look at this today. I restarted my VM and noted my IPAddress

 

I think the rule needed to allow my WInRM access is set below

$rule4 = New-AzureRMNetworkSecurityRuleConfig -Name "WinRM_HTTP" -Description "Allow WinRM traffic over http"  -Access Allow -Protocol Tcp -Direction Inbound -Priority 103 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 5985

Next,  I need to add my VM to be trusted Host since I am using HTTP, start simple eh!

winrm set winrm/config/client '@{TrustedHosts="adVM"}'

 

Now, I hit my issue. I still don't see the how I can resolve the DNS address of my VM if I am on a different subnet.

 

Here is another test

Test-WsMan $pip.IpAddress
Test-WsMan : <f:WSManFault 
xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault" Code="2150859046" 
Machine="WSLDEV2015"><f:Message>WinRM cannot complete the operation. Verify that the 
specified computer name is valid, that the computer is accessible over the network, 
and that a firewall exception for the WinRM service is enabled and allows access from 
this computer. By default, the WinRM firewall exception for public profiles limits 
access to remote computers within the same local subnet. </f:Message></f:WSManFault>
At line:1 char:1
+ Test-WsMan $pip.IpAddress

 

 

 

 

Highlighted

Hi

 

All is now working.........Thanks for your advice.

 

 

1) On the Azure Portal I noticed the NIC reported that there was no assigned  Network Security Group. I thought this was odd as I gone through the test lab steps a few times and I know the NSG has been created correctly.

 

These were some of my steps

 

$nsg=Get-AzureRMNetworkSecurityGroup -Name SP2016Subnet -ResourceGroupName $rgName

Set-AzureRMVirtualNetworkSubnetConfig -VirtualNetwork $vnet -Name SP2016Subnet -AddressPrefix "10.0.0.0/24" -NetworkSecurityGroup $nsg

$nic = Get-AzureRMNetworkInterface -Name ($vmName + "-NIC") -ResourceGroupName $rgName
# line below shows a null
$nic.NetworkSecurityGroup

# this appeared to work but didn't when viewed onthe ADmin portal
$nic.NetworkSecurityGroup = $nsg

Q: why didn't the above work? 

Next, in the Admin Portal, I navigated to the Network section and added my NSG

 

2) I RDPed to my VM and checked  WinRM was allowed etc. All looked good

 

3) on my laptop

I set the just the iP Address

 winrm set winrm/config/client '@{TrustedHosts="[PIP]"'

Q: I can't see how my laptop could ever resolve the  VM ( ComputerName) address unless I messed around with the Hosts file .  

 

4) Finally,

 

>Enter-PSSession -ComputerName [PiP}   'mylocalserverAdmin'

>Install-WindowsFeature AD-Domain-Services -IncludeManagementTools

Success Restart Needed Exit Code Feature Result
------- -------------- --------- --------------
True No Success {Active Directory Domain Services, Group P...

 

 

 

Highlighted

Hi @Kasun Rajapakse

 

 

My "clever workaround"  is really temporary as every time I restart a VM I get a new IP address allocated. Hence, I still need a robust way of resolving the public ip address of any of my VMs from my Windows 10 client pc. - a sort of MyDNS equivalent .

 

I can work around this by RDPing to my VMS and adding them to domains etc. but not ideal as I want to do this in PS.