Server manager

Server manager is a great tool to administer and monitor servers remotely, and it works well with containers based on Windows Server Core. You need to take a similar approach to the IIS management console, configuring a user in the container with administrator access and then connecting from the host.

Just as with IIS, you can add a script to the image, which enables access so you can run it when you need it. This is safer than always enabling remote access in the image. The script just needs to add a user, configure the server to allow remote access from administrator accounts, and ensure the Windows Remote Management (WinRM) service is running:

net user serveradmin "s3rv3radmin*" /add
net localgroup "Administrators" "serveradmin" /add

New-ItemProperty -Path HKLM:SOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem `
  -Name LocalAccountTokenFilterPolicy -Type DWord -Value 1
Start-Service winrm

I have a sample image which shows this approach, dockeronwindows/ch08-iis-with-server-manager:2e. It is based on IIS and packages a script to enable remote access with server manager. The Dockerfile also exposes the ports used by WinRM, 5985 and 5986. I can start a container running IIS in the background and then enable remote access:

> > docker container run -d -P --name iis2 dockeronwindows/ch08-iis-with-server-manager:2e
9c097d80c08b5fc55cfa27e40121d240090a1179f67dbdde653c1f93d3918370

PS> docker exec iis2 powershell .EnableRemoteServerManagement.ps1
The command completed successfully.
...

You can connect to the container with the server manager, using the container's IP address, but the container isn't domain-joined. The server manager will try to authenticate over a secure channel and fail, so you'll get a WinRM authentication error. To add a server that isn't domain-joined, you need to add it as a trusted host. The trusted host list needs to use the hostname of the container, and not the IP address, so first I'll get the hostname of the container:

> docker exec iis2 hostname
9c097d80c08b

I will add that as an entry in the hosts file for my server, at C:Windowssystem32driversetchosts:

#ch08 
172.27.59.5  9c097d80c08b

And now, I can add the container to the trusted list. This command needs to run on the host, and not in the container. You're adding the container's hostname to the local machine's list of trusted servers. I run this on my Windows Server 2019 host:

Set-Item wsman:localhostClientTrustedHosts 9c097d80c08b -Concatenate -Force
I'm running Windows Server 2019, but you can use the server manager on Windows 10 too. Install the Remote Server Administration Tools (RSAT), and you can use the server manager on Windows 10 in the same way.

In the server manager, navigate to All Servers | Add Servers, and open the DNS tab. Here, you can enter the hostname of the container, and the server manager will resolve the IP address:

Select the server details and click on OK—now the server manager will try to connect to the container. You'll see an updated status in the All Servers tab, which says the server is online but that access is denied. Now, you can right-click on the container in the server list and click on Manage As to provide the credentials for the local administrator account. You need to specify the hostname as the domain part of the username. The local user created in the script is called serveradmin, but I need to authenticate with  9c097d80c08bserveradmin:

Now the connection succeeds, and you'll see the data from the container surfaced in the server manager, including the event log entries, Windows Services, and all the installed roles and features:

You can even add features to the container from the remote server manager UI—but that wouldn't be a good practice. Like the other UI management tools, it's better to use them for exploration and investigation but not to make any changes in the Dockerfile.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.218.224.226