Monday, April 27, 2015

Changing Windows 2012 Core to Full Gui

Consider the following scenario:
  • You have a computer that's running Windows Server 2012 R2.
  • The computer is running the Server Core installation option.
  • The Server Core option was installed by using Volume Licensing media that doesn't have access to Windows Update.
In this scenario, the feature installation fails. Also, you receive the following error message:

Error: 0x800f081f

The source files could not be found.
Use the "Source" option to specify the location of the files that are required to restore the feature. For more information
on specifying a source location, see

To resolve this problem, use one of the following methods.

Method 1: Connect to the Internet

­If the server can connect to Windows Update for the feature installation, let the server make the connection.

Method 2: Use Windows Server 2012 R2 installation media

If the server cannot connect to Windows Update, download the new Volume Licening media (released on December 11, 2013) and use the Install-WindowsFeature PowerShell command. To do this, follow these steps:
  1. Insert the updated Windows Server 2012 R2 DVD into the computer's DVD drive or in a VM mount the media DVD. 
  2. Type the following command to determine the index number that's required for steps 3 and 4.

    Dism /get-wiminfo /wimfile:<drive>:\sources\install.wim
    Note In this command, <drive> represents the actual drive letter.

    Example output from the DISM command:

              Index : 1
              Name : Windows Server 2012 R2 SERVERSTANDARDCORE
              Description : Windows Server 2012 R2 SERVERSTANDARDCORE
              Size : 6,653,342,051 bytes
              Index : 2
              Name : Windows Server 2012 R2 SERVERSTANDARD
              Description : Windows Server 2012 R2 SERVERSTANDARD
              Size : 11,807,528,410 bytes
              Index : 3
              Name : Windows Server 2012 R2 SERVERDATACENTERCORE
              Description : Windows Server 2012 R2 SERVERDATACENTERCORE
              Size : 6,653,031,430 bytes
              Index : 4
              Name : Windows Server 2012 R2 SERVERDATACENTER
              Description : Windows Server 2012 R2 SERVERDATACENTER
              Size : 11,809,495,151 bytes
    Note When you specify the <index> number in the Install-WindowsFeature PowerShell cmdlet in step 4, you must use the index number for the full (non-core) version of the SKU that you currently have installed. For example, if you have Windows Server 2012 R2 Datacenter installed, the required index number is 4. If you have Windows Server 2012 R2 Standard installed, the required index number is 2.
  3. Open a PowerShell command prompt by typing the following command:

  4. Type the following PowerShell command, in which <drive> represents the location of the Windows Server 2012 R2 installation files and <index> represents the numbered index from step 2:

    Install-WindowsFeature Server-Gui-Mgmt-Infra,Server-Gui-Shell –Source wim:<drive>:\sources\install.wim:<index>
    For example: If your media is on drive F, and you are installing the full version of Datacenter, enter the following command:

    Install-WindowsFeature Server-Gui-Mgmt-Infra,Server-Gui-Shell –Source wim:f:\sources\install.wim:4

Wednesday, January 7, 2015

transitioning to ipv6

dual stack routers

dual ip layer architecture

  • windows OS support both ip4/6 

tunnleinig (6to4, 4 to6)

intra-site automatic tunnel addressing protocal (ISATAP)

  • private networks
  • ipv4 embedded in ipv6
  • eg fe80::5efe:192:168.1.5
  • host client must resolve name "isatap"
    • create dns entry "isatap" for the istap router
    • host upon boot up tries to resolve name "isatap"
    • isatap router will send configuration info and host will self rconfigure itself with that info
  • isatap router sends router adv  with autoconfig prefix


  • tunnels ipv6 across ipv4 internet
  • nat is common for edge devices
  • multi-layers nat can become a problem
  • encapsulates ipv6 to ipv4 udp (nat friendly)

teredo components

  • tereso server: configure client address, set up communication
  • (requires 2 public ipv4 addresses)
  • teredo replay: forward between ipv4 only and ipv6 only
  • teredo host-specfic replay



DNS global query block list 

WIndows DNS need to allow "isatap" query.  to prevent non-satap server named "isatap"

change "wpad isatap" to "wpad"

Next, configure interface as isatap router interface.  hosts will self assign ipv6 address based on that network address advertised.

IPv6 network host self assigned an IPv6 address

IPv4 host uses isatap to communicate with IPv6 network host

ipv6 types and addresses


  • similar to APIPA (169.254.x.x)
  • start with FE80
  • randomly generated
  • used to communicate on local network

  • mac address not used by Microsoft
  • conflict detection

always get link-local even with DHCP

unique-local (site local)

  • similar to private IP but not necessary
  • FD00::/8 FC00/7  (1111 1101 or 1111 1100 network id mask)

loopback ::1 (ping ::1)

default gateway ::/0 (ping ::)

Global scope

  • public IP address
  • internet v2 (aka 6bone)
  • 0010 (2xxxx::/3) 
    • 2001, 2002
  • global routing prefix: 48 bits or less
    • assigned to large orgs and split up by them
  • subnet ID: remaining bits in 1st 64 bits after global routing prefix
  • interface id: last 64 bits


% indicates interface index number to distinguish multiple interfaces

global scope Ip


128 bit address

8 groups of 4 hex characters

characters : 0-9, A-F

340,282,366,920,928,463,463,374,607, 431,700,000,000

2 rules

  • eliminate leading zeros
  • eliminate consecutive zeros

Tuesday, January 6, 2015

dns zones

storage unit of domain names and ip

mostly forward but also reverse

stored in file or ad

  • file c:\windows\system32\domain.dns
  • primary and one or more secondary
  • only primary is r/w
  • secondary updated by primary or other secondary


  • stored in ad
  • replcated with other ad data incrementally
  • secure dynamic updates

DNS name resolution process

dns client has a local cache that can be pre-loaded from hosts file

dns client requests a recursive query to the dns server

dns server does a iterative query to each known domain specific servers that may redirect it to another dns server with answer

dns server that hosts the record is the authorative dns server.  non-authorative dns servers stores cached information that expires.

creating new zone

setting depend on level of traffic generated.  allows recognition of only dns data instead of all data to be replicated.

non-secure option used for no-AD aware DNS

connection profiles

public = public

  • all networks considered public

private = home

  • admin has to select 
  • behind firewall

domain = work

  • automatic when auth by DC

Firewall interfaces

control panel
  • general settings (lack granularity)
    • domain - work network
    • public - public network
    • private - home network

wfas (windows firewall with advance security)
  • granular rules
  • export/import rules (UI or netsh)
    • wfw file



  • wfas UI
  • large scope

configuring using Wfas

requires secure connection 

firewall via GPO (overrides firewall settings on individual server)

local and gpo rules merging

connection security rules - Uses IPsec methods.  establish security requirements for connections