• Hyper-V 2016
    What's new in Hyper-V 2016
  • Microsoft Azure
    Microsoft Azure

How to Install VPN on Windows Server 2016

Installation Windows Server 2016 VPN

How to Install VPN on Windows Server 2016

This post shows you how you can install a VPN Server on Windows Server 2016 Step-by-Step. It shows you how you can easily setup a VPN server for a small environment or for a hosted server scenario.

This is definitely not a guide for an enterprise deployment, if you are thinking about a enterprise deployment you should definitely have a look at Direct Access.

I already did similar blog posts for Windows Server 2008 R2, Windows Server 2012 and Windows Server 2012 R2.

You can simply follow this step by step guide:

First install the “Remote Access” via Server Manager or Windows PowerShell.

Install Remote Access Role VPN

Select the “DirectAccess and VPN (RAS)” role services and click next.

DirectAccess and VPN (RAS)


Speaking at Geekmania 2016

Today I can announce that I will speak at Geekmania 2016 at Friday 04.11.2016 at the Pathé Dietlikon. I this is the 4th time I am speaking at Geekmania, which is a one day event in Switzerland focusing on real world IT topics and Microsoft technologies.

Marcel Zehner from itnetX and me will speak in several different sessions about Windows Server 2016, System Center 2016, Microsoft OMS and Microsoft Azure Stack.

What's new in Windows Server 2016 Hyper-V

With the next version of Microsoft hypervisor Microsoft released some great new features for your Cloud infrastructure. Come to this session to get the details of all the new stuff that is in Hyper-V and learn about how you can play with it “hands-on.” This session includes also the latest updates from the GA Release.

What’s new in Windows Server 2016 Storage

With the next version of Microsoft hypervisor Microsoft released some great new features for your Cloud infrastructure. Microsoft announced several new feature on Windows Server 2016 including a lot of new Storage features, such as Storage Spaces Direct, ReFS, Storage Replica and much more. In this session you get an overview about the new Storage technologies in Windows Server 2016 and Hyper-V.

Microsoft Azure Stack - Azure for your Datacenter

Get more information about Microsoft Azure Stack and how you can get Azure for your Datacenter.

I hope I see you there!


Nano Server Image Builder

Create a Nano Server using the Nano Server Image Builder

Last week Microsoft released Windows Server 2016 to the public and at the weekend Microsoft released the Nano Server Image Builder. I already wrote a few blog posts how you can create new Nano Server Images using PowerShell. The Nano Server Image Builder is a UI based wizard to create new Nano Server Images. The Nano Server Image Builder helps you create a custom Nano Server image and bootable USB media with a graphical interface. Based on the inputs you provide, it generates images for deployment and it also creates reusable PowerShell scripts that allow you to create installations of Nano Server.

The Nano Server Image Builder can help you with the following tasks:

  • Graphical UI to create Nano Server Images
  • Adding drivers
  • Choose Windows Server Edition
  • Adding roles and features
  • Adding drivers
  • Adding updates
  • Configuration of Network Settings
  • Configuration of Domain settings
  • Set Remoting Options
  • Create an ISO file to boot from DVD or BMC (remote connection like HP ILO)

First download and install the Windows Assessment and Deployment Kit (ADK) and the Nano Server Image Builder.

I will not go trough all the options but here is just quickly how you can use it.

First create a new Nano Server Image (this can be a VHD, VHDX or WIM file. If you want to use it on a USB drive or ISO save it as a WIM file)

Nano Server Image Builder

Make sure you have prepared everything like the Windows Server 2016 files and drivers etc

Prepapre Nano Server Files

Select the Windows Server 2016 source

Nano Server Sources

Set more options, choose packages (roles and feature), drivers and more.

Nano Server Packages and Drivers

You can also configure some advanced options

Nano Server Image Builder Advanced Configuration

You can now create the Nano Server Image. The Nano Server Image Builder will also show you the PowerShell command to create more Nano Servers.

Nano Server Image Builder PowerShell Creation

You can also use this tool to create a bootable USB drive or ISO using an existing Nano Server Image.

Select the Nano Server Image you have already created

Nano Server Image Builder WIM file

As an option you can also create a ISO file

Nano Server Image ISO


You can now boot from USB drive or ISO and you can get the following WinPE Image to boot and this copies the Nano Server Image to the server

Nano Server WinPe

If you want to know more, check out the blog post from Scott Johnson (Microsoft): Introducing the Nano Server Image Builder


How to create a Nano Server Image using PowerShell

Last week Microsoft released Windows Server 2016 with the first GA release of Nano Server. A couple of months back I already wrote a blog post how you can create a new Nano Server Image in Technical Preview 4. This post is an updated version of that this post using Windows Server 2016 GA. In this post I will quickly show you how you can create a new VHD, VHDX or WIM file with your Nano Server configuration.

This is the PowerShell option, you can also use the Nano Server Image Builder.

First you have to download the latest Windows Server 2016 ISO file.

NanoServer Folder

If you open the Windows Server 2016 ISO file you can see a folder called “NanoServer” on the medium. This folder includes:

  • NanoServer.wim – This is the Nano Server Image file
  • Packages – The Package folder includes the Nano Server Packages, Windows Roles and Features and some basic drivers
  • NanoServerImageGenerator – In this folder you can find the Nano Server Image Generator PowerShell Module

I usually create a folder on my C:\NanoServer to store all the things I need, which makes things a little simpler.

Create Nano Server Image Folder

  • Base – This is a temporary folder where the images get mounted while updating or creating new images
  • Drivers – This is the folder where I copy all the drivers for a physical image
  • Files – This is the unpacked Windows Server 2016 ISO image (including, the sources folder, NanoServer folder, support, boot and efi folder as well as the setup.exe file)
  • Images – In this folder I store all the new created images
  • Updates – In this folder I store the Windows Server 2016 Update cumulative updates (.cab files)
  • XMLs – In this folder I store unattend.xml files if I need to do a extended configuration.

Of course you don’t have to use this folder structure, but it makes things easier.

If you have a look at the Packages folder you can find all the available packages for Nano Server:

Nano Server Packages

A new Nano Server Image can be created using the New-NanoServerImage PowerShell cmdlet. This will create a new Nano Server Image in a VHDX including the VM Guest drivers and nothing more.


  • MediaPath – The location with the Windows Server 2016 files
  • BasePath – Temporary folder to mount the WIM file
  • TargetPath – Where the new Image file gets stored. You can create a .wim, .vhd or .vhdx file
    • .vhd creates a Image for a Generation 1 VM (BIOS boot)
    • .vhdx create a Image for a Generation 2 VM (UEFI boot)
  • DeploymentType allows you to choose between Guest and Host
    • Guest creates a Virtual Machine
    • Host creates a Physical Image
  • Edition can be Standard or Datacenter
  • ComputerName adds the server name of the Nano Server
  • MaxSize changes the Partition size, if you are not using this parameter it will create a default partition of 4GB

Hyper-V NanoServer VHDX

You can now copy the VHDX file from the Images folder, attach this to a new Hyper-V virtual machine and boot.

This will show the Nano Server recovery console:

Hyper-V Nano Server Console

There are more parameters to add roles and features, updates, drivers and additional configuration like IP addresses and more

For example if you want to add some updates to the Nano Server Image you can use the following cmdlet:

To add a fixed IP address you can for example use the following cmdlet:

If you have some advanced deployment you can use for example the following thing, which helps you to set different configuration options. This example here is designed for a physical Hyper-V host

You can for example use this VHDX file now to create a boot from VHDX scenario:

I hope this helps you to get started with Nano Server in Windows Server 2016. I also prepared a blog post how you can create a Nano Server Image using the Nano Server Image Builder tool.

Add Updates to Nano Server Image

Getting started with Windows Server 2016 and System Center 2016

Microsoft announced Windows Server 2016 release at Microsoft Ignite in Atlanta 2 weeks ago. Microsoft released the Evaluation version of Windows Server 2016 which allow you to start play with Windows Server 2016. And today Microsoft announced the GA (General Availability) of Windows Server 2016 and System Center 2016.

Windows Server brings some great new features and possibilities such as Hyper-V, Storage Spaces Direct, Nano Server, Storage Replica and much more.

Here are some information about deployment, upgrading and certification:

Windows Server

If you want to go to production make sure you also install the latest Cumulative Update for Windows Server 2016:

If you want to try Windows Server 2016 you can also do this on Microsoft Azure.

System Center:




Install Updates on Nano Server

How to install Updates on Nano Server

Microsoft just released Windows Server 2016, which comes with a new deployment option called Nano Server. Nano Server is a very small version of Windows Server which addresses a lot of different issues. Now after the release of Windows Server 2016 Microsoft is releasing the first updates for Windows Server 2016 and Nano Server.

Microsoft released the first Cumulative Update for Windows Server 2016 was released on September 26, 2016 (KB3192366) and the prerequisite for this and future Cumulative Update is the Servicing Stack Update for Windows 10 Version 1607 (KB3176939).


You can download the .msu updates from the Windows Server Catalog:

Folder Structure

Just to make it easier for you, here is the folder structure I use:

  • C:\NanoServer – The Folder where I put all my files and folders to create and manage NanoServer. I copied the NanoServerImageGenerator PowerShell module to this folder
    Nano Server Folder
  • C:\NanoServer\Files – Copied all the files from the Windows Server 2016 ISO file
    Nano Server ISO Folder
  • C:\NanoServer\Updates – Downloaded .msu files and extracted .cab files
    Nano Server Update Folder
  • C:\NanoServer\Images – Created Nano Server Images

Extract the .cab files from the .msu file

For the most update scenarios you will need the .cab update package , which is included in the .msu file. To extract the .cab file from the .msu file you can use the expand command line utility.

In my case renamed the .msu files to for easier identification and copied both files to C:\NanoServer\Updates.

nano Server Epxand MSU Update Files

Integrate Updates into a new Nano Server Image

If you create a new Nano Server Image you can simply include the latest updates and cumulative updates while building the image. With that you have a new fresh NanoServer Image which will be fully patched after the first boot.

New Nano Server Image with Updates

Integrate Updates into an existing Nano Server Image

If you already have an existing Nano Server Image you can also updates this one.

Add Updates to Nano Server Image

Integrate Updates into an VHD or VHDX (offline)

If you have VHD or VHDX templates and you want to integrate new updates you can do this as well using the DISM PowerShell module. You can also update existing Virtual Machines with this if you shutdown the VM (Offline Patching).

Install Updates on a running Nano Server (online)

If you have a running Nano Server in a virtual machine or on a physical host you can also use the downloaded .cap files and the DISM PowerShell module to install the patches on a Nano Server. For that you will need to use PowerShell remoting to connect to the Nano Server.

Install Updates on Nano Server

If the Nano Server is running inside a VM, you can also use PowerShell Direct to connect directly to the Virtual Machine from the Hyper-V host.

Download and Install Updates on a running Nano Server from Windows Update (online from Windows Update)

If you have a running Nano Server VM or physical host, you can use the Windows Update WMI provider to download and install the update from Microsoft Update.

Download and Install Updates on a running Nano Server from Windows Update using the Azure Remote Server Management Tools

You can also use a graphical UI to update Nano Server directly from the Remote Server Management Tools.

Install Updates on Nano Server from Server Management Tools SMT

You can get more information about Updating Nano Server on this Microsoft blog post.





5Nine Hyper-V Security Agentless

Secure your Hyper-V environment with 5nine Cloud Security 8.1

In the past years I was building several Hyper-V environments together with Enterprise customers and with service providers. In a lot of cases customer wanted more security in there Cloud and Virtualization environment. Security becoming a even more critical part in your datacenter and with a high virtualization rate, it gets even more critical and complex to manage. Especially when Virtual Machines can move from on cluster to another or from one datacenter to another. 5nine is one of the vendors who has a great solution, for this challenges. A couple of years back I wrote a blog post about 5Nine Cloud Security version 4.0. 5nine Cloud Security is a unified security and compliance solution designed to specifically address every Hyper-V security vulnerability across every virtual resource.

Last week at Microsoft Ignite, Microsoft released Windows Server 2016 and Hyper-V 2016, with that 5nine released 5nine Cloud Security 8.1 which supports Windows Server 2016 and Hyper-V 2016.

5nine Cloud Security has some unique key features to secure your environment.

  • Distributed vFirewall – Secure multi-tenant Hyper-V environment and provide VM isolation
  • Agentless Antimalware Detection – Protect Hyper-V with patent-pending agentless Kaspersky or ThreatTrack antivirus now with Real-Time Malware Detection
  • Enforce security compliance

5Nine Hyper-V Security Agentless

Key features

if you look at it on a security features list, 5nine Cloud Security offers you the following security features:

  • Automatically & Instantly Secure all Virtual Machines, Disks, Networks and Switches
  • Choice of Leading Antivirus Engines
  • Agentless AV – Full Virtual Machine Scans
  • Agentless AV – Real-time HTTP Virus and Malware Detection
  • Hyper-V Optimized Real-time Active Protection Agent
  • Agentless Firewall
    • Granular control over each virtual machine using Hyper-V
    • Extensible Switch, no agent required
    • Configure the Advanced / Full Kernel mode Virtual Firewall for each VM individually
    • MAC Address filtering
    • ARP Rules
    • SPI (stateful packet inspection)
    • Network traffic anomaly analysis
    • Inbound and outbound per VM bandwidth throttling
    • MAC broadcast filtering
    • All filtering events logging with more data (UM logs only contain blocked events)
    • Configure network filtering rules on a per-VM basis
    • Set inbound/outbound traffic limits and bandwidth utilization by virtual machine
  • Agentless Intrusion Detection
  • No need to access Guest OS to manage security
  • Centralized signature management with updates to host only
  • Incremental Fast Scans
  • Offline VM Scanning
  • Avoids Host Scanning Storms
  • Support for Windows Server 2012, 2012 R2 and 2016 Hyper-V
  • Supports any guest OS supported by Windows Hyper-V including Linux
  • Meet the security demands of enterprise, management service providers (MSPs), public sector, and hosting providers who leverage Microsoft’s Hyper-V Server and Cloud Platform
  • Provide the first and only seamless agentless compliance and agentless security solution for the Hyper-V Cloud
  • Deliver multi-layered protection together with integrated, agentless antivirus and intrusion detection capabilities
  • Offer unmatched levels of industry-demanded protection and compliance (including PCI-DSS, HIPAA, and Sarbanes-Oxley)
  • Secure the Cloud environment with anti-virus technology that runs with virtually zero performance impact while simultaneously improving virtual machine density
  • Provide network traffic control between virtual machines
  • Enforce secure multi-tenancy and Virtual Machines Security Groups
  • Provide NVGRE support (Hyper-V Network Virtualization)
  • Support for Microsoft Switch Embedded Teaming
  • PowerShell Module for automation

Integration and offerings

5Nine Hyper-V Security System Center VMM Plugin

5Nine Cloud Security also integrated perfectly in your Microsoft System Center environment using a System Center Virtual Machine Manager plugin.

5nine Cloud Security also offers a Windows Azure Pack Resource Provider to offer self-service to your tenants. Azure Pack (WAP) Extension is the only Security as a Service (SECaaS) solution to protect your datacenter, your customers, and their clouds as a free add-on to 5nine Cloud Security. It is the only way to enable tenants to easily manage their own Windows and Linux security policies through the Azure Pack self-service portal. Now hosting and service providers can secure multi-tenant environments and virtual machines in private, hosted or hybrid scenarios, while giving users the ability to easily configure firewalls, intrusion detection, and more.


The installation and the management is so easy, you don’t really need any documentation. That’s how a security product should work, it should not make your environment even more complex it should help you to keep your environment secure without adding extra complexity to it. Is used 5nine for several customer environments.

  • The Management Service – This would be your 5nine management server which needs a SQL database (minimum MS SQL Express) and all Hyper-V Hosts are connected to this management server.
  • The Host Management Service – which is basically the software and agent running on the Hyper-V host itself.
  • The Management Console – The console where you can configure everything. The console is simply connected to the management server.
  • The Virtual Machine Manager Plugin – This is a plugin in VMM which allows you to manage rules directly from your System Center Virtual Machine Manager Console
  • Azure Pack Extension – Resource Provider installed on the WAP Tenant and WAP Admin servers


5nine host service

5nine is a very light weight solution for the Hyper-V host with not a lot of overhead. On the Hyper-V host you have only two service running and the Hyper-V switch extensions.




Overall I think 5Nine Cloud Security is a must have solution to protect your Hyper-V environment, if you want to do more serious centralized managed security. Especially with the release of 5nine Cloud Security 8.1 directly with the release of Windows Server 2016, 5nine shows how great their development and integration in Hyper-V really is. It always supports the latest features of Hyper-V solve real world needs.

If you need more information, want to buy 5nine Cloud Security or if you need someone to help you integrated 5nine Cloud Security in your environment, feel free to contact me.