Tag: Windows Server 2016

Cluster Functional Level and Cluster Upgrade Version

Learn about Windows Server Cluster Functional Levels

A couple of weeks ago, I released a blog post about Hyper-V VM Configuration versions to give an overview about the version history of Hyper-V virtual machines. After that I had the chance to work with John Marlin (Microsoft Senior Program Manager High Availability and Storage) on a similar list of Windows Server Cluster Functional Levels.

Why Cluster Functional Levels are important

With Windows Server 2016, Microsoft introduced a new feature called Cluster OS Rolling Upgrade or Cluster Rolling Upgrade. This feature allows you to upgrade the operating system of the cluster nodes to a new version, without stopping the cluster. With mixed-OS mode, you can have for example 2012 R2 and 2016 nodes in the same cluster. Keep in mind that this should only be temporary, while you are upgrading the cluster. You can basically upgrade node by node, and after all nodes are upgraded, you then upgrade the Cluster functional Level to the latest version.

List of Windows Server Cluster Functional Levels

Since the feature Cluster OS Rolling Upgrade was first introduced with Windows Server 2016, you never really knew about Cluster Functional Levels before. However, it already existed since Windows Server NT4.

Windows Server VersionCluster Functional Level
Windows Server 201911
Windows Server RS410.3
Windows Server RS310.2
Windows Server 20169
Windows Server 2012 R28
Windows Server 20127
Windows Server 2008 R26
Windows Server 20085
Windows Server 2003 R24
Windows Server 20033
Windows Server 20002
Windows Server NT41

Tips and PowerShell

If you want to know more about Cluster OS Rolling Upgrade, you can check out the Microsoft Docs. Together with John, I created a quick list of some tips for you, and some of the important PowerShell cmdlets.

To check which Cluster Functional Levels your cluster is running on, you can use the following PowerShell cmdlet:

If you have upgraded all nodes in the cluster, you can use the Update-ClusterFunctionalLevel to update the Cluster Functional Level. Also make sure that you upgrade the workloads running in that cluster, for example upgrade the Hyper-V Configuration Version or in a Storage Spaces Direct Cluster, the Storage Pool version (Update-StoragePool).

In Windows Server 2019 the Clustering team introduced a new PowerShell cmdlet to check how many nodes of the cluster are running on which level. Get-ClusterNodeSupportedVersion helps you to identify the Cluster Functional Level and the Cluster Upgrade Version.

Cluster Functional Level Get-ClusterNodeSupportedVersion

This means that the functional level is 11 (Windows 2019).  The Upgrade version column is what you can upgrade to/with, meaning 11.1 or Windows 2019 only.

Cluster Functional Level and Cluster Upgrade Version

This means your Cluster Functional Level is 10.  Meaning you can add basically anything 10.x (2016, RS3, RS4) and 11 (2019) to it.

If you are running System Center Virtual Machine Manager, the Cluster OS rolling upgrade, can be fully automated as well. Check out the Microsoft Docs for Perform a rolling upgrade of a Hyper-V host cluster to Windows Server 2016 in VMM.

To find out more about information Cluster operating system rolling upgrade, like how-to, requirements and limitations, check out the Microsoft Windows Server Docs page.



Azure Confidential Compute VM Deployment

Protect Workloads with Azure Confidential Computing

A year ago Microsoft announced that they were working on a new technology in Azure to protect and encrypt data in use, called Azure Confidential Computing. If you are moving sensitive data to the cloud, you also want to encrypt it. Today, you can do this for data in transit and data at rest, however data in use is a challenge. Azure Confidential Computing addresses exactly that scenario, and helps you to encrypt data in use. Microsoft was running a private preview program in the last year, and at Microsoft Ignite this year, Microsoft opened up a public preview.

What is Azure Confidential Computing

Azure Confidential Computing together with Intel SGX technology addresses the following threads:

  • Malicious insiders with administrative privilege or direct access to hardware on which it is being processed
  • Hackers and malware that exploit bugs in the operating system, application, or hypervisor
  • Third parties accessing it without their consent

There are ways to secure data at rest and in transit, but you need to protect your data from threats as it’s being processed. Now you can. Confidential computing adds new data security capabilities using trusted execution environments (TEEs) or encryption mechanisms to protect your data while in use. TEEs are hardware or software implementations that safeguard data being processed from access outside the TEE. The hardware provides a protected container by securing a portion of the processor and memory. Only authorized code is permitted to run and to access data, so code and data are protected against viewing and modification from outside of TEE.



Install SNMP Feature on Windows Server Core

Install SNMP on Windows Server Core

If you run Windows Server as Core Installation, like Windows Server 2016 Core or any Microsoft Hyper-V Server edition and you want to use SNMP (Simple Network Management Protocol) on that system, you first have to install the SNMP feature on that Core Server. After that you can use the MMC to remotely connect to the services list on the Core Server.

Install SNMP on Windows Server Core

First lets see if the SNMP feature is installed, using PowerShell:

By default the SNMP feature is not installed. To install the SNMP feature on Windows Server Core, you can run the following command:



Windows Server FTP

Install FTP Server on Windows Server

Windows Server has IIS build in, which also offers a FTP server option. The File Transfer Protocol (FTP) is still a very popular protocol that allows users to simply upload and download files. Of course today you have more modern options, however it is still very often used and a lot of legacy applications still support it.

In this blog post I wanna quickly go rough how you can install the FTP Server on Windows Server. I do this on a brand new Windows Server 2019 operating system, however it didn’t really change since early Windows Server versions.

Install FTP Server Feature on Windows Server

Install FTP on Windows Server using PowerShell

First you will need to install the FTP feature. I usually simply do that using PowerShell to install the FTP Server feature in Windows Server. You can also do that using the Server Manager. However, if you want to use PowerShell, you can use the following command:



Windows Admin Center Azure Backup

Setup Azure Backup in Windows Admin Center

With Windows Admin Center you have a great new web-based management experience for Windows Server. With Microsoft efforts to bring Hybrid Cloud capabilities closer to your on-premises systems, they added support for Azure Backup in Windows Admin Center. This allows you to simply configure Azure Backup for your Windows Server with a couple of clicks.

Setting up a cloud backup of a server is simple and safes you a lot of time and resources. It is especially great, if you have a small environment in your datacenter or hosted at a different service provider, where having an own backup infrastructure doesn’t make much sense.

Configure Azure Backup in Windows Admin Center

Windows Admin Center Azure Backup

First you will need to register your Windows Admin Center to Microsoft Azure. This can be done in the settings of Windows Admin Center. If you haven’t done this yet, the wizard will guide you through. After this is done you can go to the Azure Backup Extension in Windows Admin Center and sign in. You can now configure Azure Backup directly in Windows Admin Center.

Configure Azure Backup in Windows Admin Center

This will Azure Backup client on Windows Server and as well as in Microsoft Azure. It will create the Recovery Services Vault and the necessary resources

Windows Admin Center Setting up Azure Backup

Register Recovery Services Resource Provider

If you get the error message “Error Failed to create Microsoft Azure Recovery Services Vault. Detailed error: Das Abonnement ist nicht für die Verwendung des Namespace  Microsoft.RecoveryServices” registriert.” You will need to register the Recovery Services Resource Provider in you Azure Subscription.

Register Azure Recovery Services Resource Provider

Configure and Recover from Azure Backup

Windows Admin Cenetr Azure Backup Settings

After Azure Backup is fully configured, you can see the configuration, the latest recovery points and you also will be able to recover data.

I hope this post was helpful and showed you how simple it is to back up your servers to the cloud using Windows Admin Center and Azure Backup. If you have any questions, feel free to leave a comment.

Configure Azure Hybrid Services in Windows Admin Center Video Series

I have created a short video series which shows how to setup the Azure Hybrid services directly from Windows Admin Center. You can start with the intro here and then follow the different videos, and check out our overview blog about Configure Azure Hybrid Services in Windows Admin Center.

Also check out my blog post about Microsoft investments in Windows Server 2019. You can download Windows Admin Center here.



Windows Server 2019 Upgrade

Windows Server 2019 In-place Upgrade

As another part of my series for Windows Server 2019, this blog post covers the in-place upgrade feature. The in-place upgrade allows you to upgrade your existing LTSC versions of Windows Server 2012 R2 or Windows Server 2016 servers to Windows Server 2019. Windows Server 2019 In-place Upgrade allows businesses to update to the latest version quickly. Especially, if you have servers which you might need to install some dependencies for the applications. I saw a lot of customers who not have documented their server installations and neither used infrastructure as code to deploy them. For these customers, it can be hard to upgrade to newer versions of Windows Server. With the Windows Server 2019 In-Place Upgrade feature, this should get a lot easier. Especially since Windows Server 2019 brings a lot of improvements.

You can in-place upgrade to Windows Server 2019 from

To find out more about the in-place upgrade on the Microsoft Docs page.

How to in-place upgrade to Windows Server 2019

Windows Server 2016 upgrade to Windows Server 2019

To in-place upgrade to Windows Server 2019, insert the Windows Server 2019 media into the existing server, by attaching an ISO file, copying the sources, adding a USB drive or even a DVD drive and start the setup.exe.

Installing Windows Server 2019

The setup will discover the existing installation and will let you perform an in-place upgrade. The installation will run for a couple of minutes; it will take quite some time depending on the speed of your server hardware and the installed roles and features. Microsoft MVP Didier Van Hoye did write a great blog post about Windows Server 2019 In-Place Upgrade testing. In that blog post, he has a quick look at upgrading to Windows Server 2019.

You can also find an overview of what is coming new in Windows Server 2019, in my blog: Windows Server 2019 – What’s coming next.



OpenSSH Server on Windows Server

Install OpenSSH Server on Windows Server

Back in 2017 Microsoft made OpenSSH available on Windows 10. Shorty after OpenSSH was also available for Windows Server, version 1709. This blog post should give you a simple step by step guy how you install OpenSSH Server on Windows Server. OpenSSH is available for Windows Server, version 1709 and higher. If you are running Windows Server 2016, and you want to stay in the long-term servicing branch, you will need to wait for the next Windows Server LTSC build.

Install OpenSSH Server on Windows Server

If you are running a Windows Server 1709 or higher, you can simply use PowerShell to install the OpenSSH Client and Server.

OpenSSH on Windows Server

You can use the following PowerShell commands to install the OpenSSH Server on the server.

After the installation you can find the OpenSSH Server files and some more configuration options under “C:\Windows\System32\OpenSSH”

Next you need to configure the OpenSSH Server (sshd)

To enable authentication into an SSH server on Windows, you first have to generate host keys and repair the ACL on the host keys.

Configure OpenSSH Server on Windows

To configure the OpenSSH Server, just run the following PowerShell commands:

Now you should be able to access your Windows Server using an SSH client.

OpenSSH Server on Windows Server

Remember if you run your server in Microsoft Azure, you might also need to configure the Network Security Group to allow SSH Remoting on port 22.

I hope this post help you and if you have any questions, please let me know in the comments.