Windows Admin Center (WAC) is a flexible, locally-deployed, browser-based management platform and solution. It contains core tools for troubleshooting, configuration, management and maintenance for Windows Server, Windows Client, Software-Defined Storage (SDS), Software-Defined Network (SDN), Microsoft Hyper-V Server, and more.
At Ignite 2018 a couple of weeks ago, Microsoft announced several Azure integration services with Windows Admin Center, such as Azure Backup, Azure File Sync, Azure Site Recovery and more. Please check the following document for the complete list of Azure integration options. As more and more services are being integrated with Windows Admin Center (WAC), it becomes a core management tool in your environment. The good news is, you can deploy Windows Admin Center in a failover cluster to provide high availability for your Windows Admin Center gateway service.
In this blog post, I will show you how to deploy Windows Admin Center in a failover cluster to provide highly available service for your IT Administrators.
To deploy Windows Admin Center in high availability mode, you need to have the following:
- A failover cluster of 2 or more nodes on Windows Server 2016 or Windows Server 2019. This can be a Hyper-V guest cluster or physical cluster.
- A Cluster Shared Volume (CSV) to store persistent data for Windows Admin Center that can be accessed by all the nodes in the cluster. 10 GB will be sufficient for your CSV.
- You need to have the latest Windows Admin Center build. As of this writing, I am using Windows Admin Center version 1809, you can download it from here.
- You need a minimum Self-Signed (SSL) certificate to install Windows Admin Center gateway service, however, for production environment it’s highly recommended to have a signed certificate. You can use your existing PKI infrastructure or you can buy a third-party certificate. In this example, I will use a private certificate generated from my internal PKI infrastructure. If you need more information on how to create an Enterprise PKI, please check the following article.
- Last but not least, you need to download the deployment HA scripts for Windows Admin Center from this link.
Install Windows Admin Center in HA
Now take the following steps:
- Copy WindowsAdminCenter1809.msi file to a node in your cluster or to a folder in your Cluster Shared Volume (CSV).
- Copy Windows Admin Center HA Setup Scripts files to the same node where you copied the .msi file in Step 1.
- Copy the private signed certificate (.pfx) to the same node in your cluster.
- In a folder on a node of the cluster, you should have the following files before you start the installation:
- Open an elevated PowerShell console and run the following command to install Windows Admin Center with a signed certificate. If you don’t want to provide a signed certificate, you need to include -GenerateSSLCert parameter instead. The -ClientAccessPoint parameter is the name that you will use to access Windows Admin Center in your environment. If you don’t specify a port number using -PortNumber parameter, the gateway service is deployed on the default port 443. And finally, you need to specify a Static IP Address for the cluster generic service.
Install-WindowsAdminCenterHAPowerShell1234$CertPW = Read-Host 'Enter Certificate Password' -AsSecureString.\Install-WindowsAdminCenterHA.ps1 -clusterStorage 'C:\ClusterStorage\Collect\WindowsAdminCenter' `-ClientAccessPoint WindowsAdminCenterHA -msiPath .\WindowsAdminCenter1809.msi `-CertPath .\waccertificate.pfx -CertPassword $CertPW -StaticAddress 192.168.153.25
- When the installation is completed, the service is deployed on each node in the failover cluster and you have Windows Admin Center in high availability mode. The gateway service will be active on one node at a time. If one node fails, the service will start on the second node automatically.
- The installation will also create a sub-folder on your Cluster Shared Volume (CSV) named Server Management Experience containing the Database, Extensions, and the Ux.
- To access Windows Admin Center in HA, you need to use the Client Access Point name that you specified when you ran the script in Step 5 including the domain name (FQDN), for example: https://WAC.domain.com. Please note that you need to use Google Chrome or Microsoft Edge to access Windows Admin Center. As you can see, the web page opened without any certificate error.
Troubleshooting Windows Admin Center HA Installation
During the installation of Windows Admin Center in failover cluster, I came across couple of issues that I would like to mention here:
- The first one is, processing data for a remote command failed with the following error message. It turns out to be a firewall issue, you need to make sure that the port you assigned for Windows Admin Center is reachable from all nodes.
- The second issue is, if the installation failed as described above, you need to uninstall Windows Admin Center from each node, and then delete Windows Admin Center Encryption certificate from the Certificates store on each node as well.
- When the installation is succeeded, you might see a warning message under Cluster Events. The warning message is the following:
The computer object associated with cluster network name resource ‘Client Access Point Name’ could not be updated. The text for the associated error code is: Unable to protect the Virtual Computer Object (VCO) from accidental deletion.The cluster identity ‘NAME$’ may lack permissions required to update the object. Please work with your domain administrator to ensure that the cluster identity can update computer objects in the domain.
To fix this, you need to add the Cluster Name account (computer account) on the Computers container with the following two permissions entry (Create Computer objects / Read All Properties).
- Last but not least, Windows Admin Center installation logs are saved in the temp folder of the CSV (for example, C:\ClusterStorage\VolumeName\temp).
You can deploy Windows Admin Center in a failover cluster to provide high availability for your Windows Admin Center gateway service. This solution provide an active-passive deployment, where only one instance of Windows Admin Center is active. If one of the nodes in the cluster fails, then Windows Admin Center gracefully fails over to another node, letting you continue managing the servers in your environment seamlessly.
Windows Admin Center is a freely available management tool for anyone to use and makes managing a set of servers with or without GUI remotely, very easy, especially for “day-to-day activities”. Download the latest copy of Windows Admin Center from here, deploy it in a failover cluster, and enjoy the modern server management.
Thank you for reading my blog.
If you have any questions or feedback, please leave a comment.