Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Win2012-Overview-LabGuide

Windows Server 2012 Overview
Hands-on lab exercise guide
Omer Palo
World Wide Technical Support Readiness
October 2012
Page 1
Table of Contents
Table of Contents .............................................................................................................................................. 2
Overview............................................................................................................................................................. 3
Exercise 1: Attaching to your XenServers ..................................................................................................... 5
Exercise 2: Creating RDP Connections to Lab VMs ................................................................................... 9
Exercise 3: Active Directory Domain Services ........................................................................................... 19
Exercise 4: DHCP Service ............................................................................................................................. 62
Exercise 5: NIC Teaming ............................................................................................................................... 77
Exercise 6: Storage Spaces ............................................................................................................................. 84
Exercise 7: IIS Features .................................................................................................................................. 96
Exercise 8: Deploying Remote Desktop Services .................................................................................... 112
Exercise 9: Configuring RD Web Access Role. ........................................................................................ 125
Page 2
Overview
Hands-on Training Module
Objective

Provide hands-on experience with configuration of various aspects
of Windows Server 2012
Prerequisites


Windows Server 2008 /R2 experience
This lab requires the Citrix Receiver (ICA client) to be installed on
your workstation.
Audience

Citrix Partners and Customers.
Lab Environment Details
The lab environment uses a single physical XenServer accessed across the internet. The lab environment
is built on single XenServer running 6 Windows Server 2012 VMs and 1 Windows 8 Professional VM. In
addition to the mentioned VMs, the lab environment also includes 1 hidden Windows Server 2008 VM
that will be referred as “Published Desktop” and 1 hidden Linux based virtual router.
Virtual Lab Environment: Management Network
Page 3
Lab Environment Details: XenServer Network Configuration
List of Virtual Machines Used
VM Name
Router (Hidden)
XAStudent (Hidden)
DC1
IP Address
192.168.10.1
192.168.10.10
192.168.10.11
DC2
Server3
Server4
Server5
Server6
Win8
192.168.10.12
192.168.10.13
192.168.10.14
192.168.10.15
192.168.10.16
192.168.10.14
Description / OS
Lab Router for Management traffic
Published Desktop, RDP Connections to Lab VMs
Windows Server 2012 Pre-Installed DC for Lab8.ctx
domain
Windows Server 2012
Windows Server 2012
Windows Server 2012
Windows Server 2012
Windows Server 2012
Windows 8 Professional 32 bit
Required Lab Credentials
The login credentials required to connect to the environment and complete the lab exercises.
Machine
Username
Password
Description
Page 4
XAStudent
All Lab VMs
administrator Citrix123
Lab8\admin Citrix123
Student Desktop for launching XenCenter, Firefox etc.
List of Available VM templates
The templates listed below can be used to reset the lab to a known state, ready for a specific exercise. This
allows resetting and skipping forward as needed.
Template
Lab Performance
The lab environment is designed to run with multiple RDP connections to Lab VMs. While it is possible
to create separate RDP connections, managing 7 individual RDP screens will be difficult. It is highly
recommended to for attendees to download Microsoft Remote Desktop Connection Manager and create
connection group for all 7 lab VMs.
Exercise 1: Attaching to your XenServers
Overview
Upcoming DHCP, NIC bonding and Remote Desktop exercises may cause RDP connections to lab VMs
to fail. During these exercises we will need XenCenter access to individual VMs. Upon completing this
exercise will be able to gain console access to lab VMs.
Step by step guidance
Estimated time to complete this lab: 5 minutes.
Step Action
Page 5
Step
1.
Action
You have successfully accessed the lab environment once you see your student desktop as
shown above. Your student desktop will be used to launch the various applications needed
during the lab.
Please proceed once instructed to do so.
Caution: Do not use XenCenter on your laptop to connect directly to the XenServers; it won’t work!
2.
You may see a dialog box asking about access to your computer; just click “Block Access”.
Page 6
Step
3.
Action
From your student desktop, launch “Citrix XenCenter”:
XenCenter is a graphical user interface capable of accessing the VMs running on XenServer:
To add your first XenServer to XenCenter, click “ADD a server”.
Page 7
Step
4.
Action
Add your assigned XenServer:
IP Address:
Username:
Password:
Provided Public IP
root
<Provided password>
Note: Your XenServer IP address will be different than above screenshot.
Summary
Key
Takeaways
The key takeaways for this exercise are:

You have used the lab environment to attach both of XenServers to your
XenCenter.
NOTES
Page 8
Exercise 2: Creating RDP Connections to Lab
VMs
Overview
Note: This exercise is only for self-paced sessions. In an instructor led session, your instructor will provide
Remote Desktop Connection Manager for you.
In this exercise you will establish RDP connections to lab VMs using MS Remote Desktop Connection
Manager.
Step by step guidance
Estimated time to complete this lab: 20 minutes.
Step Action
1.
From your published desktop, open internet explorer and connect to
http://www.microsoft.com/en-us/download/details.aspx?id=21101
Download the MSI package to Published Desktop.
Note: above link may not work as MS may make changes to URL addresses. If this is the
case, download “Microsoft Remote Desktop Connection Manager” by searching online.
Page 9
Step
2.
Action
Once download done, install the MSI package and launch “Remote Desktop Connection
Manager” from your start menu.
Page 10
Step
3.
Action
Once RDCM window is open, click on File from menu and click on New.
Page 11
Step Action
4. dIn New File menu, type lab8 and click on Save
s
d
s
Page 12
Step
5.
Action
You should see a line lab8 in RDCM window, right click on lab8 and click on Properties
Page 13
Step
6.
Action
In File Properties window, click on Logon Credentials tab and uncheck Inherit from
parent checkbox
Provide the following information
Username:Admin
Password:Citrix123
Domain:lab8.ctx
Click on OK
Page 14
Step
7.
Action
Right click on lab8 and click on Add server…
In the Warning message click on Yes to continue.
Page 15
Step
8.
Action
In Add Server window, provide the following information
Server name: 192.168.10.11
Display name: DC1
Click on Add to complete adding the first server.
9.
In RDCM, you should notice a + sign next to lab8, expand tree to view DC1 in RDCM
Page 16
Step
10.
11.
Action
Right click on lab8 again and click on Add Server, provide following information to add
DC2 to RDCM
Server name= 192.168.10.12
Display name= DC2
Click Add.
Repeat the following steps to add remaining Lab VMs with following information
Server Name
192.168.10.13
192.168.10.14
192.168.10.15
192.168.10.16
192.168.10.17
Display Name
Server3
Server4
Server5
Server6
Win8
Page 17
Step
12.
13.
Action
Once you have completed adding all the VMs, right click on lab8 and click on Connect to
Group
If all RDP connections are configured correctly, you should be able to see desktop of all
VMs.
Page 18
Step
14.
Action
Right click on lab8 in RDCM and click on Save lab8.rdg
15.
16.
Summary
Key
Takeaways
The key takeaways for this exercise are:

You have configured RDCM group to connect to Lab VMs.
NOTES
Exercise 3: Active Directory Domain Services
In this exercise you will promote DC2 VM to be an additional domain controller for lab8.ctx. You will
practice installing a domain controller using the new Server Manager as Windows Server 2012 no longer
utilizes DCPROMO. We will also explore the new interface improvements around AD Recycle Bin and
Password Setting Objects.
Page 19
Step by step guidance
Estimated time to complete this lab: 30 minutes.
Step Action
1.
From Published desktop, open RDCM and connect to lab8 group.
2.
From RDCM, click on DC2 from left side to view its desktop.
Page 20
Step
3.
Action
Start Server Manager on DC2 if it is not already running. Within Server Manager, click on
Dashboard link and click on Add roles and features link
Page 21
Step
4.
Action
Click Next on Before You Begin page on Add Roles and Features Wizard
Page 22
Step
5.
Action
In Installation Type page, verify Role-based or feature-based installation is selected
and click on Next
Page 23
Step
6.
Action
In Server Selection page, verify that DC2.LAB8.CTX is selected, click Next to continue
Page 24
Step
7.
Action
In Server Roles page, click on Active Directory Domain Services. Wizard will present a
dialog page listing required additional components. Click on Add Features to continue.
Click Next.
Page 25
Step
8.
9.
Action
On Features page, click Next accept the defaults.
On AD DS page click Next
Page 26
Step
10.
Action
On Confirmation page, click on Restart the destination server automatically if
required checkbox, click Yes in dialog box
Click on Install to start the installation.
Note: Restart the destination server checkbox will only restart the server if it is required by
the role installation. Above process will only install the binaries needed for ADDS roles.
Since we haven’t configured the role parameters, server will not restart yet.
Page 27
Step
11.
12.
Action
Once installation is completed, click on Close on Add Roles and Features Wizard
On Server Manager on DC2 we should now see AD DS node on the left side. Click on AD
DS to view the details.
Page 28
Step
13.
Action
Notice that a warning message indicating pending configuration for AD DS role. Click on
More… link to start configuration
14.
In All Servers Task Details, click on Promote this server to a domain controller link
Page 29
Step
15.
Action
Active Directory Domain Services Configuration Wizard will start. In Deployment
Configuration page, click on Add a domain controller to an existing domain, verify
that LAB8\admin is the credentials for this installation.
Click Next
Page 30
Step
16.
Action
In Domain Controller Options page, provide Citrix123 as DSRM password and click on
Next
Note: DSRM password is used for offline maintenance of the Domain controller. For
example to restore Authoritative Restore of AD database or compressing NTDS database
etc.
Page 31
Step
17.
Action
In DNS Options page click Next
Note: AD installation normally will attempt to create a delegation record in any parent DNS
zone if there is one. In our lab environment we are using .ctx as our domain name extension
that doesn’t really exist.
Page 32
Step
18.
Action
In Additional Options page click on Next.
Note: This steps would normally be seen on with /adv option in R2. If network bandwidth
is limited, initial replication could be delivered via a media which could be faster installation.
Page 33
Step
19.
20.
Action
In Paths page, click Next to accept default values.
in Review page, click Next
Page 34
Step
21.
22.
23.
Action
In Prerequisites Check page, click on Install
Once installation process is completed, the server will restart which will result with RDP
connection to drop. Wait for 3-4 minutes and re-establish your RDP session within RDCM
(right click on DC2 and click on Connect to server.
Once logged in to DC2, open Server Manager and click on AD DS. Notice that DC2 is now
configured as a domain controller.
Page 35
Step
24.
Action
From RDCM, click on DC1, from Server Manager click on AD DS. Notice that although
we have promoted DC2, we can only see DC1 under AD DS.
25.
In DC1’s Server Manager, click on Dashboard and click Add other servers to manage
link
Page 36
Step
26.
Action
In Add Server window click on Find Now, highlight DC1 through Server6 and add them
to right side of the window as shown in below screenshot.
Click on OK to complete adding all the servers to the Server Manager.
Page 37
Step
27.
28.
Action
From DC1’s Server Manager, click on AD DS link to view both domain controllers.
In AD DS page, right click on DC1 and launch Active Directory Users and Computers
Page 38
Step
29.
30.
Action
In Active Directory Users and Computers console, click on Domain Controllers
organizational unit to verify both DC1 and DC2 are listed
Create a new Organizational Unit named “Members”
Right click on LAB8.CTX in AD users and Computers console, point to New and click on
Organization Unit menu
Note: Notice that the only attribute that can be configured about this OU is the name. If we
wanted to configure other options, we would have to go to properties of this OU.
Page 39
Step
31.
Action
Click on Computers container to view all domain member computers. Move all member
computers to “Members” OU.
Page 40
Step
32.
Action
Close AD Users and Computers start Active Directory Administrative Center from Server
Manager>AD DS> DC1 context menu.
Page 41
Step
33.
Action
In AD Administrative Center, right click on LAB8(Local), point to New and click on
Organizational Unit
Page 42
Step
34.
Action
Name the new Organizational Unit as Lab-Users, optionally configure other attributes as
seen in below screen
Note: Notice that UI to create an organizational unit provides a flat UI where multiple
attributes can be configured from a single interface.
35.
In AD Administrative Center, double click on Lab-Users OU. (You may have to refresh the
AD Administrative Center)
Page 43
Step
36.
37.
Action
Create a new user named User1 in Lab-Users OU
Assign Citrix123 as password of this new user. Again, notice that all AD user attributes can
be configured from a single interface
Page 44
Step
38.
Action
From AD Administrative Center, click on LAB8 (local) and click on arrow in bottom right
corner to view PowerShell History
Page 45
Step
39.
40.
41.
Action
Once PowerShell History is expanded, notice that all previously performed actions are
visible. The commands in this history can be used to create scripts for common AD
Actions.
While LAB8 (local) is highlighted in AD Administrative Center, click on Enable
Recycle Bin… menu from Tasks section.
Accept the confirmation to Enable Recycle Bin in your forest.
Close and re-open AD Administrative Center so that the changes are refreshed
Page 46
Step
42.
Action
In AD Administrative Center double click on Lab-Users OU. Locate User1 and delete the
user.
Click Yes to accept confirmation.
Page 47
Step
43.
Action
Click on LAB8 (local) in AD Administrative Center and double click on Deleted Objects
Page 48
Step
44.
45.
Action
Right click on User1 and click on Restore
Navigate to Lab-Users OU to verify User1 has been successfully restored.
Page 49
Step
46.
Action
Active Directory Recycle Bin feature was introduced in Windows Server 2008 R2. However
there wasn’t interface to manage the feature. Before R2, accidently deleted AD objects
would require
A) A third party utility if object was deleted for less than 60 days (AD Tombstone
interval)
B) An Authoritative Restore of NTDS Database on one of the DCs.
47.
Using AD Administrative Center, create another user account
User name= User2
Password=Citrix123
48.
Right click on User1 and attempt to reset the password to 123
Note: Resetting User1’s password to 123 will not be successful since default domain policy
requires complex passwords with minimum of 7 characters. Assume for an unknown
reason, we need to allow User1 to have password of 123. While Fine Grained Password
policies were available in R2, the only interface to manage PSOs (Password Settings
Objects) was in EDSIEDIT (which is not the most user friendly interface of this century)
Page 50
Step
49.
50.
Action
To enable Fine Grained Password Settings, navigate to LAB8 (local)>System>Password
Settings Container in AD administrative Center.
Once in Password Settings Container, right click on any empty space in details pane,
point to New and click on Password Settings
Page 51
Step
51.
Action
Provide following values for PSO:
Name=Low-Security
Precedence=10
Enforce Minimum Password Length: 3
Enforce Password history: 2
Password must meet complexity requirements: Unchecked
Enforce minimum password age:1
Enforce maximum password age: 42
In Directly Applies To section add user1 as seen in below screen
Click OK to create the PSO.
Page 52
Step
52.
53.
Action
On DC1, open PowerShell and issue “gpupdate /force” command to refresh group policy
Switch back to AD Administrative Center and reset user1’s password to 123.
We will now be able to reset the password as we have custom password settings assigned to
this user.
54.
Note: PSO’s can be assigned to individual users or Global Groups. Universal and domain
local groups are not supported.
From DC1, open start screen by pointing the mouse cursor to the left bottom corner.
Page 53
Step
55.
Action
Once in start screen, start Group Policy Management.
Page 54
Step
56.
Action
In GPMC, expand Forest:LAB8.CTX \ Domains \ LAB8.CTX, right click on Members
OU and click on Create a GPO in this domain…
Page 55
Step
57.
Action
Name the policy as Members-Policy and click on OK.
Right click on newly created Members-Policy and click on Edit.
Page 56
Step
58.
Action
Once Group Policy Management Editor shows up, navigate to Computer
Configuration\Preferences\Folers. Right Click on Folders, point to New and click on
Folder.
Page 57
Step
59.
Action
In New Folder Properties;
Choose Create in action drop down menu,
in Path section type c:\GP-Test-Folder
and click on OK
Note: We have now configured that all computers in Members organizational unit will
have to create a folder named GP-Test-Folder in their c: drives. Normally this process
would take about 90 minutes complete due to default GP refresh interval for non-domain
controller members.
Page 58
Step
60.
Action
Close Group Policy Management Editor.
In Group Policy Management Console, right click on Members OU and click on Group
Policy Update menu.
Page 59
Step
61.
Action
In the confirmation dialog, click Yes.
Verify that GP update was completed for all 5 members
You could also issue following command in this example
Get-ADComputer –filter * -Searchbase “ou=members,dc=lab8,dc=ctx" | foreach{ InvokeGPUpdate –computer $_.name -force}
Page 60
Step
62.
Action
From RDCM, connect to each VM (Server3 through Win8) and verify that the folder is
created in C: Drive.
Note: Remote Group Policy update might take 5-10 minutes before it is completed. If the
folder is not created right away check back within 10 minutes.
Summary
Key
Takeaways
The key takeaways for this exercise are:

You have practiced with updated Active Directory Administrative Center
and Server Manager

You have practices Password Settings Objects and Active Directory Recycle
Bin
NOTES
Page 61
Exercise 4: DHCP Service
Overview
In this exercise we will explore new features of DHCP Service in Windows Server 2012.
Step by step guidance
Estimated time to complete this lab: 20 minutes.
Step Action
1.
Using RDCM, start DC1’s Server manager and click on Add roles and features in
Dashboard section
2.
In Before You Begin page, click Next
3.
In Installation Type page, verify Role-based or Feature-based installation is selected,
click Next
4.
In Server Selection page, click DC1.LAB8.CTX and click on Next
5.
From Server Roles page, check DHCP Server role, in Add Roles and Features Wizard,
click on Add Features and click Next
6. aIn Features page, click Next
7. BOn DHCP Server page, click Next
8.
Click Install to start deploying DHCP role on DC1. Wait for about 3-4 minutes for
installation process complete, click on Close.
Page 62
Step
9.
Action
On DC1’s Server Manager, DHCP node should show up. Click on DHCP node and click
on More link
10.
in All Servers Task Details page, click on Complete DHCP configuration
11.
12.
In Description page, click on Next
In Authorization page, verify LAB8\Admin is selected and click on Commit and click on
Close.
Page 63
Step
13.
Action
In Server Manager of DC1, click on DHCP node, right click on DC1 and click on DHCP
Manager
14.
In DHCP console expand DC1.LAB8.CTX, right click on IPv4 and click on New Scope
15.
16.
In New Scope Wizard page, click Next
In Scope Name type Lab8-Scope and click on Next
Page 64
Step
17.
Action
In IP Address Range page, provide following values and click Next
Start IP Address: 192.168.10.101
End IP Address: 192.168.10.200
Length: 24
Subnet mask: 255.255.255.0
Page 65
Step
18.
Action
In Add Exclusion and Delay page do not make any changes. Notice that Subnet delay in
milli seconds box. This value is new to DHCP server due to possible redundant DHCP
Servers
19.
20.
In Lease Duration page, click Next.
In Configure DHCP Options page, verify Yes, I want to configure these options now
is selected, click Next
Page 66
Step
21.
Action
In Router (Default Gateway) page type 192.168.10.1 and click Add
Page 67
Step
22.
Action
In Domain Name and DNS Servers page, verify Parent domain is LAB8.CTX and the
IP address is 192.168.10.11, click Next.
23.
24.
In WINS Servers page, click Next
In Activate Scope page, very Yes, I want to activate this scope now is selected, click
Next
In Completing the New Scope Wizard, click Finish.
We have now created a basic Scope. We can now begin testing DHCP functions on Win8
VM. On your Published Desktop, open XenCenter and gain console access Win8.
Note: RDP connection to Win8 VM will not work as the IP number of the VM will change
during this lab.
Using XenCenter, login to Win8 VM with lab8\admin with password of Citrix123
25.
26.
27.
28.
29.
30.
In Win8 VM’s start screen type ncpa.cpl and press ENTER. (Start screen works like run
menu of previous versions of Windows.
Win8 VM should display the Network Connections window. Right click on Ethernet and
click on Properties.
On Ethernet Properties window, scroll down and double click on Internet Protocol
Version 4 (TCP/IP4).
31. BClick on Obtain an IP address automatically, click on Obtain DNS server address
automatically options, and click on OK twice to accept the changes.
Page 68
Step
32.
33.
Action
In Win8, access the command prompt (type cmd from start screen), type ipconfig /all
verify that DHCP server has leased an IP address
Switch to RDCM (dc1) and verify the address lease in DHCP Console. Ignore the
additional leases you may see for Server5 and Server6 which have multiple NICs that will be
used in upcoming exercises.
Page 69
Step
34.
35.
Action
Right click on the lease for Win8 VM click on Add to Filter and click on Deny.
In DHCP Console, expand Filters node and click on Deny node. Notice that the MAC
address of Win8 is added to Deny list. At this point Win8 VM should not be able to receive
an IP address from our DHCP Server. Using filters an organization could create while lists.
of all the MAC addresses. In our example, we need to enforce the Deny filters. Right click
on Deny node under Filters, and click on Enable
36.
Page 70
Step
37.
Action
Switch back to Win8 Console in XenCenter. From Command Prompt issue ipconfig
/release command. Issue ipconfig /renew command to try leasing an IP address again.
This command should time out as we have a filter in our DHCP Server at this point.
38.
Switch back to DHCP Console on DC1 and Disable the Deny Filters
39.
Switch back to Win8 VM in XenCenter and issue ipconfig /renew command once again.
Win8 VM should receive an IP address now.
40.
At this point, we have single DHCP Server providing IP addresses for lab8 network. If we
wanted to provide redundant DHCP service we can simply install another DHCP Server on
another server. While we could do that since NT4.0 times, the two DHCP servers would
have disconnected databases. Effectively it would be up to administrators to split the scopes
or create DHCP clusters. In Windows Server 2012, DHCP Service does not require
clusters to provide fault tolerant DHCP Service. We are going to install DHCP Server on
DC2 to explore this feature now.
Page 71
Step
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
Action
On RDCM, connect to DC1’s Server Manager and click on Dashboard node.
In Dashboard node, click on Add roles and features
Verify that Role-based or feature-based installation is selected, click Next
On Server Selection page, click on DC2.LAB8.CTX and click Next
In Server Roles page, click on DHCP Server, in Add Roles and Features Wizard page,
click on Add Features to confirm, click Next
On Features page, click Next
On DHCP Server, click Next
On Confirmation page, click Install. Wait for few minutes for installation to complete.
In DC1, click on DHCP node in Server Manager and click on More link
In All Servers Task Details window click on Complete DHCP Configuration link
51.
52.
53.
In DHCP Post-Install configuration wizard, click Next
In Authorization page, verify that LAB8\Admin is selected, click Commit, click Close
Switch to DHCP Console on DC1 and locate the Scope we created earlier in this exercise.
Page 72
Step
54.
55.
56.
Action
Right click on Scope [192.168.10.0]… and click on Configure Failover…
In Configure Failover page, click Next
In Specify the Partner Server to use for failover page, click on type DC2, click Next
Page 73
Step
57.
Action
In Create a new failover relationship page, in Shared Secret line type Citrix123 and
click Next
Page 74
Step
58.
Action
In review page click Finish and click Close on Progress window
59.
Using RDCM, open DHCP Console on DC2.
60.
On DHCP Console on DC2, expand DC2.LAB8.CTX\IPv4\Scope [192.168.10.0] Lab8Scope\Leases. Notice that all address leases have been replicated.
Switch back to DC1 and open command prompt.
61.
Page 75
Step
62.
63.
64.
65.
Action
From command prompt type net stop dhcpserver to stop DHCP Service on DC1.
Now that we have stopped the DHCP Service on DC1, switch to Win8 using XenCenter,
From command prompt on Win8 VM, issue ipconfig /release command to end the
current lease.
From command of Win8, issue ipconfig /renew command. Once Win8 receives the lease,
issue ipconfig /all command to verify that DC2 is new DHCP Server.
Note: Failing over to the dhcp service on DC2 might take few minutes, if ipconfig /renew
command on Win8 fails, just re-issue the command.
66.
67.
From command prompt of Win8, issue ncpa.cpl to open Network Connection window
Configure IPv5 address of Win8 as following
IP address: 192.168.10.17
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.10.1
Preferred DNS: 192.168.10.11
Summary
Page 76
Key
Takeaways
The key takeaways for this exercise are:

We have seen improvements around DHCP resiliency provided by Windows
Server 2012
Exercise 5: NIC Teaming
Overview
In this exercise we are going to configure NIC teaming on Windows Server 2012.
Step by step guidance
Estimated time to complete this lab: 15 minutes.
Step Action
1.
Using XenCenter, connect to Server5’s console
Note: Because NIC teaming will disturb network connectivity, we cannot use RDP for NIC
teaming exercise.
2.
If needed, login as lab8\admin with password of Citrix123. Navigate to start screen.
3.
From start screen of Server5, type ncpa.cpl to access network connections. Notice that
Server5 has 3 NICs at this point.
4.
Switch to Server Manager on Server5 and click on Local Server node
Page 77
Step
5.
6.
Action
Notice that NIC Teaming is disabled for Server5. Click on Disabled link.
In NIC Teaming window, click on TASK under TEAMS section, click on New Team
Page 78
Step
7.
8.
Action
Type Team1 as the name of the Team, and select all 3 available NICs from the list, and
click on Additional Properties. Notice that configuration is switch independent, load
balancing will be address hash based and all adapters will be active.
Click on OK to begin teaming
BConfiguration should take less than a minute to complete. Once Team is created, access to
Network Connections window (ncpa.cpl) and view the state of network connections.
Page 79
Step
9.
10.
Action
Notice that TEAM1 icon is now present under network connections.
Team1 can be used to collectively manage the IP assignment to team (BOND). By default,
NIC Teaming uses dynamic IP assignment. Right click on Team1 and click on Properties.
Notice that Microsoft Load Balancing / Failover Provider is new protocol
Page 80
Step
11.
12.
13.
Action
In Team1 Properties, double click on Internet Protocl Version 4 and statically assign the
following IP address information:
IP Address=192.168.10.15
Subnet Mask=255.255.255.0
Default Gateway=192.168.10.1
Preferred DNS:192.168.10.11
Right click on Ethernet and click on Properties. Notice that a team member NIC has only
a single protocol selected.
From Server5 open PowerShell
Page 81
Step
14.
Action
In Server5’s PowerShell, issue get-netlbfoTeam view the overview of the team
15.
Issue get-netlbfoTeamMember command to view details of each team member NIC
16.
Issue Rename-NetlbfoTeam –name Team1 –NewName Renamed-Team command to
rename the Team1
Page 82
Step
17.
Action
On Server5 right click on Task Bar and access Task Manager
18.
From Task Manager click on More Details
19.
Click on Performance tab and click on Ethernet section. Notice that network performance
treats the Teamed NICs as single entity.
Page 83
Step
20.
Action
From PowerShel issue the following command to remove NIC teaming from Server5
Remove-NetLbfoTeam Renamed-Team
When PowerShell asks for confirmation, press Y to confirm.
21.
From PowerShell issue ipconfig command to verify that 192.168.10.15 is assigned to
Ethernet interface
Note: If for any reason 192.168.10.15 address is not assigned to Ethernet interface,
manually assign it as we will need this IP address for upcoming exercises.
IP address:192.168.10.15
Mask: 255.255.255.0
Gateway:192.168.10.1
DNS: 192.168.10.11
Summary
Key
Takeaways
The key takeaways for this exercise are:

We have used different compute offerings and reviewed logged files to find
out any possible issues with instance deployment.
Exercise 6: Storage Spaces
Overview
In this exercise we are going to configure Storage Spaces on Server6.
Step by step guidance
Estimated time to complete this lab: 20 minutes.
Step Action
1.
Using RDCM, connect to Server6 and open Server Manager
2.
In Server Manager of Server6, click on File and Storage Service Node
Page 84
Step
3.
4.
Action
In File and Storage Services, click on Disks node. Notice that Server6 has 4 physical disk
attached. (Disk0 is the system drive. Disk 1-3 are offline)
In File and Storage Services, click on Storage Pools node. Notice that Server6 has 1
Storage Pool named Primordial which indicates availability of disks for storage pools
Page 85
Step
5.
Action
Right click on Primordial under Storage Spaces and click on New Storage Pool
6.
7.
8.
In Before you begin page, click Next
BIn Storage Pool Name type Storage-Pool1, click Next
In Physical Disks page, select PhysicalDisk1, PysicalDisk2 and PysicalDisk3, and click
Next
9.
In Confirmation page, click Create. Once Results indicates completed, click Close.
Page 86
Step
10.
Action
In Storage Pools node, right click on Storage-Pool1 and click on New Virtual Disk…
11.
12.
13.
In Before you Begin page, click Next
In Storage Pool page click on Next
In Virtual Disk Name page, type Mirror and click on Next
14.
In Storage Layout page, verify that Mirror is selected, click on Next
Page 87
Step
15.
16.
Action
On Provisioning page, select Thin, click Next
On the Size page, type 50, click Next
Page 88
Step
17.
Action
On Confirmation page, click Create. Once all tasks are completed, verify that Create a
Volume when this Wizard closes check box is selected, click Close
18. In Before you Begin page click Next,
19. On Server and Disk page, verify Server6 and Disk4 are highlighted, click Next
20. In Size page, click Next
21. In Drive Letter or Folder page verify the E will be the drive letter, click Next
22. BIn File System Settings type Mirror in Volume label area, click Next
23.
In Confirmation page, click Create
Page 89
Step
24.
25.
26.
27.
28.
Action
In Results page, verify that all steps are completed, click Close
In Storage Pools page, right click on Storage-Pool1 and click on New Virtual Disk
In Before You Begin page, click Next
In Storage Pool page, click Next
In Virtual Disk Name page, type Raid5, click Next
Page 90
Step
29.
Action
In Storage Layout page, click on Parity, click Next
30.
31.
32.
33.
In Provisioning page, select Thin, click Next
In Size page, type 50 for Virtual disk size, click Next
In Confirmation page, click Create
On Confirmation page, click Create. Once all tasks are completed, verify that Create a
Volume when this Wizard closes check box is selected, click Close
34.
35.
36.
37.
On New Volume Wizard, click Next
In Server and Disk page, verify that server6 and Disk5 are selected, click Next
On Size page, click Next
On Driver Letter or Folder page, verify that F is selected, click Next
Page 91
Step
38.
39.
40.
41.
42.
43.
44.
Action
In File System Settings page, type Raid5 for Volume Label, click Next
On Confirmation page click Create
Verify that all tasks are completed on Results page and click Close
We have now created 1 storage pool that includes 3 physical disk. We have also created 2 50
GB volumes based on VHDs that behave like Mirror and Raid volumes
It is important to remember that Storage Spaces do not depend on traditional Windows
Disk implementation. If we recall before we creating storage pools Windows disk manager
was able to see 3 offline disks which we could partition and use. Once we have included a
raw disk in a storage pool, Windows Disk Management will only be able to detect the VHD
that represent the storage space volume.
On File and Storage Services, click on Disks node. Notice that 3 physical disks are not
seen by windows Disk Manager. Instead, Disk manager only interacts with VHD volumes
as if they were physical disks
From Server6, open Windows Explorer and navigate to the Computer container.
Page 92
Step
45.
46.
Action
Notice that Mirror and Raid5 volumes are present in Windows Explorer. Any file written
to Mirror partition will be duplicated across two physical disk in the back end. In the same
way, any file saved in Raid5 volume will be stripped with parity similar to traditional Raid5
disks
Switch to Server Manager and locate File and Storage Services
Page 93
Step
47.
48.
Action
Locate the Storage-Pool1 and right click on Raid5 virtual disk, and click on Extend
Virtual Disk…
In Extend Virtual Disk configure 3 TB as the new size
Note: our physical disks have 300 GB space all combined. But storage spaces will allow
creating potentially larger capacities than physical limitations by leveraging VHD thin
provisioning. User can add new physical disks the extend the capacity in the feature.
Page 94
Step
49.
50.
Action
Click on Volumes node in File and Storage Services, right click on F: Raid5 volume and
click on Extend Volume…
In Extend Volume window, assign the maximum size and click on OK
Page 95
Step
51.
Action
Switch to Windows Explorer verify that usable space on RAID5 volume is now 3 TB.
Summary
Key
Takeaways
The key takeaways for this exercise are:

We have created a storage pool that can provide greater flexibility for space
and disk management.
Exercise 7: IIS Features
Overview
In this exercise we will explore SSL bindings and Central Certificate Store features of Internet Information
Services on Windows Server 2012
Step by step guidance
Estimated time to complete this lab: 20 minutes.
Step Action
1.
Using RDCM, connect to Server5 and open Server Manager
2.
From Dashboard node in Server Manager, click on Add roles and features
3.
On Before You Begin page, click Next
Page 96
Step
4.
5.
6.
7.
8.
Action
On Installation Type page verify that Role-based or feature-based installation is
selected, click Next
On Server Selection page, verify that Server5.LAB8.CTX is selected, click Next
On Server Roles page, scroll down and select the box next to Web Server (IIS), in Add
Roles and Features Wizard dialog, click on Add Features and click Next
B On Features page, click Next
On Web Server Role (IIS) page click Next
Page 97
Step
9.
Action
On Role Services page scroll down to Security section, select Centralized SSL
Certificate Support and click Next
10.
11.
On Confirmation page, click Install
Wait for about 3-6 minutes for installation process to complete, once it is complete, click
Close.
From Server5’s Server Manager, click on IIS node from left side, right click on Server5
from detail pane and click on Internet Information Services (IIS) Manager
12.
Page 98
Step
13.
Action
In IIS Manager, click on Server5 from left side, in the IIS Manger dialog, click Do not
show this message and click No
14.
In this exercise we are going to have 3 different secure sites using host headers. Our Web
sites are going to be Sales, IT and HR sites. As the first step, we need to request and install
SSL Certificates with correct common names
In detail pane of Server5, double click on Server Certificates icon
15.
16.
Once in Server Certificates pane, click on Create Domain Certificate from Action
column
Page 99
Step
17.
Action
In Create Certificate page, type it.lab8.ctx in common name line, complete remaining
fields by typing ctx, and click Next. (for sake of this exercise other fields just need to be
filled in as they are not used)
18.
In Online Certification Authority page, click on Select button and select the CA that is
installed on DC1. In Friendly Name line type IT-SSL Click Finish
Page 100
Step
19.
Action
We should now have a certificate named IT-SSL under Server Certificate window
20.
Repeat 16-19 to create two more domain certificates with following common names;
sales.lab8.ctx
hr.lab8
once completed, we should have 3 SSL certificates listed under Server Certificates window
21.
Centralized Certificates Store feature of IIS requires web sites security certificates to be
located on a shared folder. In this step we are going to create a shared folder on DC1 for
this purpose. To create and share a folder on DC1;
 Create folder called IIS-Share on root of C: drive of DC1
 Right click on IIS-Share folder that you just created click on Share With\
Specific people menu
 Click on Share button on Fire Sharing window.
Page 101
Step
22.
Action
Switch back to Server5 and type \\dc1 on windows explorer to verify the folder has been
created and shared
23.
Switch to IIS Manager on Server5, In Server Certificates page, right click on HR-SSL and
click on Export
Page 102
Step
24.
Action
In Export Certificate window, type\\dc1\iis-share\hr.lab8.ctx.pfx,
in Password and confirmation boxes type Citrix123 and click on OK.
Note: It is important to assign the correct file name for exported PFX file. The file name
PFX has to be in <CN>.pfx format. IIS will identify the correct certificate based on the file
name. For example the common name of the certificate of hr.lab8.ctx, so the PFX file
name needs to be hr.lab8.ctx.pfx
25.
Repeat steps 22 and 23 to export IT-SSL and Sales-SSL certificates with following file
names
it.lab8.ctx.pfx
sales.lab8.ctx.pfx
Page 103
Step
26.
Action
Once the export is completed, verify that all three PFX files are located on IIS-Share on
DC1.
27.
Switch to IIS Manger on Server5, right click on Server5, in details pane of Server5, double
click on Centralized Certificates icon.
Page 104
Step
28.
Action
Under Actions section, click on Edit Feature Settings… menu
29.
In Edit Centralized Certificates Settings window, click on Enable Centralized
Certificates checkbox, and fill provide physical provide the following information;
Physical path: \\dc1\IIS-share, Username: lab8\admin, Password:Citrix123,Certificate
Private Key Password: Citrix123.
Page 105
Step
30.
Action
You should now see 3 certificates listed under Centralized Certificates window.
31.
Now that we have configured central certificates we can create sites. Server5 has a folder at
c:\sites with simple HTML files created for this exercise.
In IIS Manager, right click on Sites node and click on Add Website…
32.
33.
In Add Website window, type IT for the Site Name and point the Physical path to
c:\sites\it folder
Page 106
Step
34.
Action
In Binding section of Add Website window,
select https as Binding type,
in Host name: section type it.lab8.ctx,
click on Use Centralized Certificate Store check box
click on OK
35.
Notice that although we defined https as the binding, we did not select any security
certificate. IIS will search in the configured central certificate store for any certificate
consistent with host header of the site. For IT website which uses the it.lab8.ctx host
header, certificate store must have a certificate named it.lab8.ctx.pfx in certificate store.
Page 107
Step
36.
Action
Repeat steps 31 – 33 to create two more sites named HR and Sales
HR:
Physical Path: c:\sites\HR
Binding Type: https
Host Name: hr.lab8.ctx
Use centralized Certificate Store
Sales
Physical Path: c:\sites\sales
Binding Type: https
Host Name: sales.lab8.ctx
Use centralized Certificate Store
37.
Notice each site is associated with a different host name (host header). We need to create
corresponding DNS records for name resolution. In RDCM, switch to DC1 and open DNS
Manager.
38.
In DNS Manager of DC1, expand DC1, expand Forward Lookup Zones and click on
LAB8.CTX zone.
Page 108
Step
39.
Action
In DNS Manager, right click on LAB8.CTX zone and click on New Host (A or
AAAA)…
40.
In New Host window, type it in the Name line and provide 192.168.10.15 as the IP
address, and click on Add Host
Page 109
Step
41.
Action
Repeat step 38 and 39 to create two more host records for;
hr = 192.168.10.15
sales= 192.168.10.15
42.
We can now proceed to test the three sites we have created. From DC1, open internet
explorer from start screen and connect to https://it.lab8.ctx site
43.
Once the “extremely sophisticated” it web site loads, click on the lock symbol next to URL
address to view the certificate information
Page 110
Step
44.
Action
In Web site identification information box, click on View certificates to view the details.
45.
In General tab of the Certificate we can verify that correct certificate is being used for this
web site
Page 111
Step
46.
Action
Using IE on DC1, connect to https://hr.lab8.ctx and https://sales.lab8.ctx sites and verify
that correct certificates are being used for each site.
Summary
Key
Takeaways
The key takeaways for this exercise are:

We have configured multiple SSL sites over a single IP address. We have also
configured Central Store for security certificates which is will help with
deploying web server farms.
Exercise 8: Deploying Remote Desktop
Services
Overview
In this exercise we will install and configure Remote Desktop Services Session Virtualization.
Step by step guidance
Estimated time to complete this lab: 30 minutes.
Step Action
1.
Using RDCM, connect to DC1 and start Server Manager if it is not already started.
Page 112
Step
2.
Action
In DC1’s Server Manager, click on All Servers node and verify that all Lab servers (Server3
– Server6) are added for management
3.
Note: We need to make sure that all servers that will participate in RDS are managed by the
Server Manager that will perform the installation. If any of the servers are not added in your
server manager make sure they are added.
In DC1’a Server Manager click on Dashboard and click on Add roles and features link
4.
In Before You Begin Page, click Next
Page 113
Step
5.
Action
In Installation Type page, choose Remote Desktop Services Installation and click
Next
Page 114
Step
6.
Action
In Deployment Type page verify that Standard deployment is selected, click Next
Note: Standard deployment allows RDS components to be installed on multiple servers.
Quick Start installs all RDS components on a single server.
Page 115
Step
7.
8.
Action
In Deployment Scenario page, click Session-based desktop deployment and click Next
In Role Services page, verify that lab8\admin account will used for this deployment and
click Next
9.
Page 116
Step
10.
Action
In RD Connection Broker page, select Server3 and move it the Selected column.
Page 117
Step
11.
Action
In RD Web Access page, select Server3 once again, and move it selected column.
Note: with this configuration RD Web Access and Connection Broker roles will be installed
on Server3
Page 118
Step
12.
Action
In RD Session Host page, move Server4 and Server5 to Selected column, click Next
Page 119
Step
13.
14.
15.
Action
In Confirmation page, select Restart the destination server automatically if required
checkbox and click Deploy
Installation process will begin; Server4 and Server5 will be restarted during the process, the
entire process should take about 10-15 minutes.
Once the installation processes succeeds, click on Remote Desktop Services within Server
Manager of DC1.
16.
Page 120
Step
17.
Action
Overview node under Remote Desktop Services provides logical layout of RDS roles. If
need be additional servers can be added for each role.
Servers node under Remote Desktop Services lists all participating servers and events.
18.
Collections node displays any previously configured Collections. (A Collection is
configuration settings for Remote Desktop Session Hosts. We can think of them as
XenApp WorkerGroups.)
While in Collections node, click on Tasks menu and click on Create Session Collection
19.
In Before You Begin page, click Next
20.
In Collection Name page, type Lab8-Remote-Apps and click Next
Page 121
Step
21.
22.
Action
In RD Session Host page, select both Server4 and Server5 and move to Selected column
and click Next
In User Groups page, verify that Domain Users are listed, click Next
Page 122
Step
23.
24.
25.
26.
27.
Action
In User Profile Disks page, type c:\Profile-Disks and click Next
In Confirmation page, click Create.
By creating a collection with two members (Server4 and Server5), We can manage
publishing applications with one steps (for those who are familiar with XA, we practically
created a WorkerGroup)
Once creating the collection is done, click Close.
In Server Manager click on Lab8-Collection. Notice that we have not published any
remote apps as we just created the collection. Click on Publish RemoteApp Programs
link.
Page 123
Step
28.
29.
Action
Publish RemoteApp Programs wizard will show up. In RemoteApp Programs page, select
Calculator, Paint and Server Manager from list and click on Next
In Confirmation page, click on Publish. We have now published three remote apps.
Summary
Key
Takeaways
The key takeaways for this exercise are:

We have practiced deploying Remote Desktop Services on multiple Servers
and published remote applications.
NOTES
Page 124
Exercise 9: Configuring RD Web Access Role.
Overview
In this exercise we will configure Remote Desktop Services Web Access role with a valid SSL Certificate.
Step by step guidance
Estimated time to complete this lab: 20 minutes.
Step Action
1.
In RDCM click on Server3 and open Server Manager and click on IIS.
2.
In details pane of Server Manager, right click on Server3 and click on Internet
Information Services.
Page 125
Step
3.
4.
Action
In Server3’s IIS Manager, expand Server3. If you receive a dialog message asking “Do you
want to get started with Microsoft Web Platform….” Click on Do not show this message.
And click on No
In IIS, click on Server3 and double click on Server certificates icon in details pane
Page 126
Step
5.
Action
In Server Certificates page, you will notice a self-signed certificate. We need to request a
new certificate that is trusted by all clients. From actions panel, click on Create Domain
Certificate… link
Page 127
Step
6.
Action
In Create Certificate page, provide the flowing information and click on Next
Common name: rdweb.lab8.ctx
Organization: lab8
Organizational unit: RDS
City/locality: FTL
State/province: FL
Country/region: US
Page 128
Step
7.
Action
In Online Certification Authority page, click on Select and choose LAB8-DC1-CA, in
Friendly name section type rdweb-ssl and click on Finish
8.
You should now see an additional security certificate named rdweb-ssl in Server
Certificates page.
9.
We need to configure the Default Web Site to utilize this new certificate instead.
Page 129
Step
10.
11.
Action
On Server3 expand Sites and click on Default Web Site, click on Bindings in Actions
column
In Site Bindings window double click on https listener
Page 130
Step
12.
Action
In Edit Site Binding window, select rdweb-ssl certificate from drop-down list and click on
OK and click on Close
13.
Since we have chosen rdweb.lab8.ctx name as the common name of the security certificate,
we need to configure DNS Server to return correct name resolution. Switch to DC1 and
open DNS Manager
14.
On DC1’s DNS Manager, expand DC1.LAB8.CTX, expand Forward lookup Zones and
locate LAB8.CTX zone.
Page 131
Step
15.
16.
17.
18.
Action
Right click on LAB8.CTX Zone and create a New Alias (CNAME) named rdweb with
fqdn of server3.lab8.ctx and click on OK.
Verify that rdweb.lab8.ctx name successfully resolves to IP number of server3. (open
command prompt on DC1 and ping rdweb.lab8.ctx (We are just looking for name
resolution with this step. If windows firewall is not configured properly PING may fail.
However we are only testing to see if name resolution works with this step. )
From Win8 VM, open internet explorer and connect your browser to
https://rdweb.lab8.ctx/rdweb address.
Login with lab8\admin with Citrix123 password to Remote Desktop Web Access Page.
Page 132
Step
19.
20.
21.
Action
Once logged in, click on Paint icon and launch the remote App
Users can access RemoteApps via Remote Desktop Web Access page as we just practiced.
However, if we want users to access application seamlessly as we would see in Citrix
Receiver, we will have to configure RemoteApp and Connections settings.
From Win8 VM, access the Start Screen ( click on empty area in left bottom corner of the
screen)
Page 133
Step
22.
Action
Once in start screen type “RemoteApp”. As you start typing Windows 8 will search for the
term in installed apps and settings. Click Setting section in Start Screen to view available
settings. You should see two items under settings.
Click on RemoteApp and Desktop Connection icon
Page 134
Step
23.
Action
In RemoteApp and Desktop Connection window, click on Access RemoteApp and
Desktops link from left side
24.
In Enter your email address or connection URL page, type admin@lab8.ctx and click
on Next.
Page 135
Step
25.
Action
Discovery will fail as we have not configured lab8.ctx dns zone yet. Leave the window in
this state to continue once we have configured DNS on DC1.
26.
Switch to DC1’s DNS Manager. Right click on Lab8.ctx zone and click on Other New
Record
Page 136
Step
27.
28.
Action
From list of record types, scroll down to bottom of the list and locate the third item from
bottm of the list named Text (TXT), select the Text record anc click on Create Record.
Fill in the New Resource Record window as following;
Record Name= _msradc
Text: https://rdweb.lab8.ctx/rdweb/feed
and click on OK and click on Done.
Page 137
Step
29.
Action
Switch back to Win8 VM, you should see Connection discovery failed message. Click on
Try again button and click on Next. Discovery should present Ready to set up the
connection message this time
Note: if discovery fails you may have to issue ipconfig /flushdns command from Windows
8 VM and try again.
Page 138
Step
30.
31.
Action
Click Next and login as lab8\admin with password of Citrix123. Click on Finish.
From Win8 VM, access the Start Screen and launch Server Manager (Work Resources)
Summary
Key
Takeaways
The key takeaways for this exercise are:

We have practiced configuring Remote Desktop Web Access Role and
seamless access to published apps.
Page 139
NOTES
Page 140
Revision History
Revision
Draft2
Change Description
Updated By
Original Version
Omer Palo
Date
10/24/2012
About Citrix
Citrix Systems, Inc. (NASDAQ:CTXS) is the leading provider of virtualization, networking and software as a service
technologies for more than 230,000 organizations worldwide. Its Citrix Delivery Center, Citrix Cloud Center (C3)
and Citrix Online Services product families radically simplify computing for millions of users, delivering applications
as an on-demand service to any user, in any location on any device. Citrix customers include the world’s largest
Internet companies, 99 percent of Fortune Global 500 enterprises, and hundreds of thousands of small businesses
and prosumers worldwide. Citrix partners with over 10,000 companies worldwide in more than 100 countries.
Founded in 1989, annual revenue in 2008 was $1.6 billion.
http://www.citrix.com
© 2012 Citrix Systems, Inc. All rights reserved. Citrix®, Citrix Delivery Center™, Citrix Cloud Center™,
XenApp™, XenServer™, NetScaler®, XenDesktop™, Citrix Repeater™, Citrix Receiver™, Citrix Workflow
Studio™, GoToMyPC®, GoToAssist®, GoToMeeting®, GoToWebinar®, GoView™ and HiDef Corporate™ are
trademarks of Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered in the United States
Patent and Trademark Office and in other countries. All other trademarks and registered trademarks are property of
their respective owners.
Page 141
Related documents
The Duly Authorised Officer letter must first be copied onto
The Duly Authorised Officer letter must first be copied onto
lab8
lab8
Crystal structure of CTX A3 and hexasaccharide heparin complex from
Crystal structure of CTX A3 and hexasaccharide heparin complex from
Within the UN System
Within the UN System
Crystal Structure of CTX A3 and Hexasaccharide Heparin Complex
Crystal Structure of CTX A3 and Hexasaccharide Heparin Complex
DHCP Security Analysis
DHCP Security Analysis
Interview with a Daoist
Interview with a Daoist
Download