- Deploy Azure Stack HCI Cluster with Windows Admin Center
Deprecated as Azure Stack HCI should be deployed either with PowerShell (22h2) or with Cloud Deployment/Supplemental Package (23H2)
In this lab you will deploy 4 node Azure Stack HCI cluster using Cluster Creation Extension in Windows Admin Center. To simplify lab, Windows Admin Center will be running on Windows Server "WACGW" and you will log into "DC" virtual machine to manage the lab.
Optionally you can deploy Windows 11 machine, and test Azure Stack HCI deployment from there
You can also deploy real physical servers and try deploymemt either from WACGW or Windows 11 VM.
-
Hydrated MSLab with LabConfig from 01-HydrateMSLab
-
Understand how MSLab works
-
Optional - OS deployed on hardware
-
Optional - Windows 10 or 11 VHD, created with CreateParentDisk.ps1. You can download Windows Client Operating system in eval center
Below LabConfig will deploy 4 nodes for Azure Stack HCI 21H2. You can modify number of Virtual Machines by modyfing number. You can also modify Parent Disk Name by modifying ParentVHD property.
To deploy not domained VMs, you can uncomment the code for adding not domain joined VMs.
To deploy Windows 11, you can uncomment code for Windows 11 as management machine.
$LabConfig=@{ DomainAdminName='LabAdmin'; AdminPassword='LS1setup!'; DCEdition='4'; Internet=$true ; VMs=@()}
#pre-domain joined
1..4 | ForEach-Object {$VMNames="AzSHCI" ; $LABConfig.VMs += @{ VMName = "$VMNames$_" ; Configuration = 'S2D' ; ParentVHD = 'AzSHCI21H2_G2.vhdx' ; HDDNumber = 12; HDDSize= 4TB ; MemoryStartupBytes= 4GB; MGMTNICs=4 ; NestedVirt=$true}}
#optional not domain joined
#1..4 | ForEach-Object {$VMNames="AzSHCI" ; $LABConfig.VMs += @{ VMName = "$VMNames$_" ; Configuration = 'S2D' ; ParentVHD = 'AzSHCI21H2_G2.vhdx' ; HDDNumber = 12; HDDSize= 4TB ; MemoryStartupBytes= 4GB; MGMTNICs=4 ; NestedVirt=$true ; Unattend="NoDjoin"}}
#Windows Admin Center gateway
$LabConfig.VMs += @{ VMName = 'WACGW' ; ParentVHD = 'Win2022Core_G2.vhdx' ; MGMTNICs=1 }
#Windows 11 as management machine
#$LabConfig.VMs += @{ VMName = 'Win11'; ParentVHD = 'Win1121H2_G2.vhdx' ; AddToolsVHD = $True ; MGMTNICs=1 }
Deployment result
Depending if you deployed Windows Client operating system, or Windows Server for Windows Admin Center in Gateway mode, complete Task01a or Task01b
Step 1 Log in Into DC virtual machine with following credentials
Username: corp\LabAdmin Password: LS1setup!
Step 2 From start menu, run PowerShell as administrator
Step 3 To simplify deployment of Windows Admin center in Gateway mode, paste following code into PowerShell window to download and install Windows Admin Center with self-signed certificate, that is also added into trusted root certificate authorities.
$GatewayServerName="WACGW"
#Download Windows Admin Center if not present
if (-not (Test-Path -Path "$env:USERPROFILE\Downloads\WindowsAdminCenter.msi")){
Start-BitsTransfer -Source https://aka.ms/WACDownload -Destination "$env:USERPROFILE\Downloads\WindowsAdminCenter.msi"
}
#Create PS Session and copy install files to remote server
Invoke-Command -ComputerName $GatewayServerName -ScriptBlock {Set-Item -Path WSMan:\localhost\MaxEnvelopeSizekb -Value 4096}
$Session=New-PSSession -ComputerName $GatewayServerName
Copy-Item -Path "$env:USERPROFILE\Downloads\WindowsAdminCenter.msi" -Destination "$env:USERPROFILE\Downloads\WindowsAdminCenter.msi" -ToSession $Session
#Install Windows Admin Center
Invoke-Command -Session $session -ScriptBlock {
Start-Process msiexec.exe -Wait -ArgumentList "/i $env:USERPROFILE\Downloads\WindowsAdminCenter.msi /qn /L*v log.txt REGISTRY_REDIRECT_PORT_80=1 SME_PORT=443 SSL_CERTIFICATE_OPTION=generate"
} -ErrorAction Ignore
$Session | Remove-PSSession
#add certificate to trusted root certs
start-sleep 30 #for some reason it requires some sleep to be able to grab certificate
$cert = Invoke-Command -ComputerName $GatewayServerName -ScriptBlock {Get-ChildItem Cert:\LocalMachine\My\ |where subject -eq "CN=Windows Admin Center"}
$cert | Export-Certificate -FilePath $env:TEMP\WACCert.cer
Import-Certificate -FilePath $env:TEMP\WACCert.cer -CertStoreLocation Cert:\LocalMachine\Root\
Step 4 Validate deployment by opening Edge and navigating to https://wacgw. When asked for Credentials, use following
Username:corp\LabAdmin Password:LS1setup!
⚠️ If you have issues validating the install. Head over to your Gateway server and reboot it. Once you have rebooted the validation will work correctly.⚠️
Step 5 In Windows Admin Center in Gateway mode it is very useful to configure Kerberos Constrained Delegation for not to be asked for credentials when connecting to remote server - in this case Azure Stack HCI OS. To do it in PowerShell, you can use following code.
$GatewayServerName="WACGW"
#Configure Resource-Based constrained delegation
$gatewayObject = Get-ADComputer -Identity $GatewayServerName
$computers = (Get-ADComputer -Filter {OperatingSystem -eq "Azure Stack HCI"}).Name
foreach ($computer in $computers){
$computerObject = Get-ADComputer -Identity $computer
Set-ADComputer -Identity $computerObject -PrincipalsAllowedToDelegateToAccount $gatewayObject
}
Step 1 Log in Into Win11 virtual machine with following credentials
Username: corp\LabAdmin Password: LS1setup!
Step 2 in Edge browser, navigate to https://aka.ms/wacdownload to download Windows Admin Center installer
Step 3 Run the downloaded file to initiate a setup. You can select default installation options. Finish installation.
Step 4 Open Windows Admin Center from start menu.
Step 1 In Windows Admin Center click on + Add and in Server clusters window click on Create New. The Cluster Creation extension will run.
Step 2 In Choose the cluster type click on Azure Stack HCI and select All servers in one site. Click on Create
Step 1 In Deploy and Azure Stack HCI cluster wizard, Check the prerequisites site click Next
Step 2 In Add servers specify following username and password, and add servers AzSHCI1,AzSHCI2,AzSHCI3 and AzSHCI4
username: corp\LabAdmin password: LS1setup!
Step 3 In Join a domain page, click next, as machines are already domain joined.
Step 4 In Install features page click on Install features
Since this is virtual environment, due to architecture change in windows, Hyper-V has to be installed "manually" - information about nested virtalization not enabled is misleading.
Step 5 While logged into DC (or Win11) Open PowerShell and paste following script to install Hyper-V
$Servers="AzSHCI1","AzSHCI2","AzSHCI3","AzSHCI4"
Invoke-Command -ComputerName $Servers -ScriptBlock {Enable-WindowsOptionalFeature -FeatureName Microsoft-Hyper-V -Online -NoRestart}
Step 6 After you click on Install features again, status will turn into Installed. You can click next, once finished.
Step 7 At Install updates page, click on Install updates. Once finished, click on Next
⚠️ If you receive an error message trying to install updates, try rebooting your AzSHCI servers, and then try the updates again.⚠️
Step 8 Since this system is virtual, you will not be able to see hardware updates. In case you are deploying physical servers, you would be able to launch Dell OMIMSWAC (Open Manage Integration for Microsoft Windows Admin Center) extension.
Step 9 In Restart servers page, click restart and wait for servers to come up again. Once finished, click on Networking
Window Admin Center currently does not support converged networking. In following example we will use 4 NICs - two for east-west and two for north-south traffic.
Step 1 On Check network adapters page explore adapters and click Next.
Step 2 On Select management adapters page, select Two physical adapters teamed for management and select first 2 adapters as management. Once all first two adapters are selected, click on Apply and test. After all is applied, click Next.
Step 3 On Virtual Switch page keep Create one virtual switch for compute and storage together selected and click Next
Step 4 On RDMA page click Next as in Virtual Environment RDMA does not work.
Step 5 On Define Networks page, fill network adapters names, IP Addresses and VLAN ID as per screenshot below.
Click on Apply and test once finished.
When asked for credentials, use following
username: LabAdmin password: LS1setup!
When asked for CredSSP, click Yes
Once finished, click Next:Clustering
Step 1 On Validate the cluster page click on Validate to validate the cluster. Cluster validation will start.
Once validation is completed, click Next.
Step 2 On Create cluster page fill Cluster Name (AzSHCI-Cluster) and IP Address (10.0.0.111) and click Create Cluster. Cluster creation will start.
Once finished, click on Next: Storage
Step 1 On Clean drives page, click on Erase Drives. Once erasing is done, click Next
Step 2 On Check drives page explore disks, and click Next
Step 3 On Validate Storage page, wait for Validate Storage to finish. After validation is finished, explore results and click Next.
Step 4 On Enable Storage Spaces Direct page, click Enable.
⚠️ If you have issues enabled Storage Spaces Direct. Reboot your AzSHCI servers, and then try again.⚠️
Once finished, click on Next: SDN
For sake of complexity, SDN step will be skipped. Click on Skip to close Cluster Creation extension.
Step 1 After Cluster Creation Extension finishes, click on Go to connection list button. Azure Stack HCI cluster will be present.
Step 2 to avoid asking for credentials again, configure kerberos constrained delegation for CNO using following PowerShell command
$GatewayServerName="WACGW"
#Configure Resource-Based constrained delegation
$gatewayObject = Get-ADComputer -Identity $GatewayServerName
$computers = (Get-ADComputer -Filter {OperatingSystem -eq "Azure Stack HCI"}).Name
foreach ($computer in $computers){
$computerObject = Get-ADComputer -Identity $computer
Set-ADComputer -Identity $computerObject -PrincipalsAllowedToDelegateToAccount $gatewayObject
}
Step 3 In Windows Admin Center open azshci-cluster.corp.contoso.com. You can now explore your newly created cluster.
