Hosting Windows Server Essentials Experience on Azure Virtual Machines
Applies To: Azure, Windows Server 2012 R2 Essentials
Windows Server Essentials Experience, the new server role in Windows Server 2012 R2, enables you to use all the features (such as Remote Web Access) that are available to you in Windows Server 2012 R2 Essentials, without the locks and limits that are enforced on it.
This topic provides instructions for how to install Windows Server 2012 R2 with Windows Server Essentials Experience. It is installed as a virtual machine in Microsoft Azure from the Image Gallery in the Azure Management Portal. This topic includes the following sections:
Benefits of running Windows Server Essentials Experience as a virtual machine in Azure
Install Windows Server 2012 R2 with Windows Server Essentials Experience as a new domain controller or a domain member in Azure
Connect to the virtual machine running Windows Server 2012 R2 with Windows Server Essentials Experience
Known limitations
Benefits of running Windows Server Essentials Experience as a virtual machine in Azure
Running Windows Server Essentials Experience as a virtual machine in Azure provides the following benefits:
You can create your first server that is running Windows Server Essentials Experience in your office in minutes and adjust your usage as your needs change.
With the pay-as-you-go approach, you only pay for what you use, and there are never any penalties for changing your virtual machine configurations.
Your server running Windows Server Essentials Experience is deployed into a multizone production environment that is commercially backed with a service level agreement (SLA).
You can seamlessly integrate Windows Server Essentials Experience with other cloud-based services.
To learn more about virtual machines in Azure, see Azure Virtual Machines.
Install Windows Server 2012 R2 with Windows Server Essentials Experience as a new domain controller or a domain member in Azure
This section includes steps to install and configure Windows Server Essentials Experience as a new domain controller or a domain member in an Azure virtual machine.
Sign up for an Azure subscription
Create a virtual network
Create a virtual storage account
Create a virtual machine running Windows Server 2012 R2 with Windows Server Essentials Experience
Connect to the virtual machine running Windows Server 2012 R2 with Windows Server Essentials Experience
Configure the Windows Server Essentials Experience role
Manage Windows Server Essentials Experience role
Sign up for an Azure subscription
Follow these steps to sign up for an Azure subscription:
Make sure that you have a Microsoft account or an organizational account. To get a new Microsoft Account, click Microsoft account site.
To sign up for an Azure subscription, see the Microsoft Azure site.
Use your Microsoft account or your organization account to sign in to the Microsoft Azure Management Portal.
Create a virtual network
Important
Before you create a virtual machine that is running Windows Server 2012 R2 with Windows Server Essentials Experience, you must configure a valid virtual network in Azure that can use Anywhere Access functionalities, such as VPN connections.
Important
In general, the use of Routing and Remote Access (RRAS) functionality for routing and as a VPN gateway within a virtual network is not supported in Azure virtual machine, and is supported only for the scenario that is specified within this document.
To create a virtual network in Azure
Sign in to the Microsoft Azure Management Portal by using your Microsoft account or your organizational account.
In the lower-left corner of the screen, click New. In the navigation pane, click Network services > Virtual Network. Click Custom Create to start the configuration wizard.
On the Virtual Network Details page, enter the following information:
Note
For more information about the settings on the details page, see the Virtual Network Details section in Configuring a Virtual Network using the Management Portal.In the Name box, type a name for the virtual network (for example, ContosoNetwork).
-
Note
Affinity groups are a way to physically group Azure services together at the same data center to increase performance. Only one virtual network can be assigned an affinity group.In the Affinity Group drop-down list, select an existing affinity group. Or if you want to create a new affinity group, do the following:
From the drop-down list, choose Create a new affinity group.
In the Region drop-down list, choose your desired region. Your virtual network will be created at a datacenter that is located in the specified region, so make sure that the subscription and region are what you want.
In the Affinity Group box, type a name for your affinity group.
Click the Next arrow.
Skip the DNS Servers and VPN Connectivity page. To create advanced configurations, click Configure point-to-site VPN or Configure site-to-site VPN.
Note
If your organization needs a site-to-site VPN connection, see Create a Virtual Network for Site-to-Site Cross-Premises Connectivity for step-by-step instructions. After deploying and configuring Windows Server Essentials Experience in the virtual machine, configure the virtual network, and then set the domain controller as the DNS server.On the Virtual Network Address Spaces page, enter the following information, and then click the checkmark on the lower right to configure your network:
Type the starting IP address and CIDR (address count), such as 10.0.0.0/16.
Note
We recommend that the address count of the network and the subnet are equal or larger than /24 (256).For the Subnet, keep the default value of Subnet-1, change the value, or add a new subnet if needed.
Note
The address count field should be large enough to allow VPN connection from all the clients. For example, if there are 100 client computers on-premises that need a VPN connection, we recommend that you select a CIDR value of at least /24 (256).
Create a virtual storage account
This section explains how to create a storage account in Azure.
To create a virtual storage account
Sign in to the Microsoft Azure Management Portal by using your Microsoft account or your organizational account.
In the taskbar, click New > Data Service > Storage > Quick Create.
In the quick create form, do the following:
In the URL box, type a unique URL (for example, contosostorage).
In the Location/Affinity Group drop-down list, select the same affinity group as the virtual network (for example, ContosoAffinityGroup).
In the Subscription box, review and confirm that the correct subscription is selected.
Ensure that the Enable Geo-Replication check box is selected. (However, if you don't want geo-replication for your storage account, clear the Enable Geo-Replication check box.)
Click the checkmark to create your virtual storage account.
Note
It can take a while for the storage account to be created. To check the status, you can monitor the notifications in the status bar of the Management Portal. After the storage account has been created, your new storage account shows an Online status, and is ready to use.
Create a virtual machine running Windows Server 2012 R2 with Windows Server Essentials Experience
This section explains how to create a virtual machine that is running Windows Server 2012 R2 with Windows Server Essentials Experience. This image is available from the Image Gallery in the Azure Management Portal.
To create virtual machine running Windows Server Essentials Experience on Windows Server 2012 R2
Sign in to the Microsoft Azure Management Portal using your Microsoft Account or your Organization Account.
In the taskbar, click New.
In the navigation pane, click Compute > Virtual Machine, and then click From Gallery to launch the Create a Virtual Machine Wizard.
On the Virtual Machine Operating System Selection screen, choose Windows Server Essentials Experience on WS 2012 R2 as the platform image.
On the Virtual machine configuration page, enter the following information, and then click the Next arrow:
In the Virtual Machine Name box, type a unique virtual machine name. For example, ContosoServer.
In the New user name box, type a user name.
In the New Password box, type a strong password.
Tip
Write down the user name and password because these are the credentials that you will use to sign in to your new virtual machine.In the Confirm Password box, type the password again.
In the Size drop-down list, select Medium (2 cores, 3.5 GB memory), which supports >5 – 200 client computers. If you want the virtual machine to support less than 5 client computers, you can select Small (1 core, 1.75 GB memory).
On the Virtual machine configuration page, enter the following information, and then click the next arrow.
For Cloud Service, select Create a new cloud service.
Keep the automatically generated cloud service DNS name, or specify a new one.
Select the subscription that you want to use. (If you have only one subscription, this option is not visible).
In the Region/Affinity Group/Virtual Network drop-down list, select the virtual network that you created earlier (for example, ContosoNetwork). If this network doesn’t appear in the list, make sure that the correct subscription is selected.
Leave the default selection for Virtual network subnets, or choose a different subnet if needed. Make sure that the subnet has enough IP addresses for VPN connections.
In the Storage Account field, select the storage that was created in the previous step (for example, ContosoStorage).
On the Virtual machine configuration page, add two new endpoints as follows:
Click to expand the dropdown list in the new line below PowerShell, and then select HTTP. Verify that the protocol is TCP, and that the public port and the private port are 80.
Note
The Media Streaming feature does not work if Port 80 is not enabled.Click to expand the dropdown list in the new line below HTTP, and then choose HTTPS. Verify that the protocol is TCP, and that the public port and the private port are 443.
Click the checkmark to begin the virtual machine creation.
Note
It can take a while for the virtual machine to deploy. You can monitor the status of the virtual machine deployment in the status bar of the Management Portal.
Connect to the virtual machine running Windows Server 2012 R2 with Windows Server Essentials Experience
This section explains how to create and use a Remote Desktop file to connect to the Azure virtual machine that is running Windows Server 2012 R2 with Windows Server Essentials Experience.
To connect to a virtual machine running Windows Server 2012 R2 with Windows Server Essentials Experience
Sign in to the Microsoft Azure Management Portal by using your Microsoft account or your organizational account.
In the left pane, click Virtual Machines, and then select the virtual machine that you created in the previous step.
On the command bar, click Connect.
Note
To learn more about signing in to a virtual machine that is running Windows Server, see How to Log on to a Virtual Machine Running Windows Server.Click Open to use the Remote Desktop protocol file that was automatically created for the virtual machine.
Click Connect to proceed with the connection process.
In the Domain\user name box, type .\<username>, where username is the name of the administrative account on the virtual machine that you created earlier, and then click OK.
Click Yes to verify the identity of the virtual machine.
You can now work with the virtual machine just as you would with any other server.
Configure the Windows Server Essentials Experience role
This section explains how to configure the Windows Server Essentials Experience role on Windows Server 2012 R2 running in Azure virtual machines.
To configure the Windows Server Essentials Experience role
Connect to the virtual machine, and then double-click the readme.url on the desktop to review its content.
The Configure Windows Server Essentials Wizard automatically opens. If it doesn’t open automatically, open Server Manager, in the notification bar, click the flag, and then click Configure Windows Server Essentials.
Configure the Windows Server Essentials similar to an on-premises server. You can either configure it as a new domain controller, or as a domain member of an existing domain. For more information, see the “Deploying the Windows Server Essentials Experience role in Windows Server 2012 R2 Standard and Datacenter Editions” section in Install and Configure Windows Server 2012 R2 Essentials.
Note
- When you create a network administrator account, avoid using the same name as the virtual machine user name. This is because the virtual machine user name is automatically converted into a network administrator user name and you cannot have duplicate account names on a server.
- During configuration, the server restarts automatically.
After the Windows Server Essentials Experience role is configured, connect to the virtual machine running this role by using the administrator account that you created earlier step 5b in the Create a virtual machine running Windows Server 2012 R2 with Windows Server Essentials Experience section of this document, or the network administrator account you created in this section.
The Windows Server Essentials Experience role configuration creates a Dashboard shortcut on the server desktop. Double-click this shortcut to launch the Windows Server Essentials Dashboard.
Note
If you get an error message that states the Windows Server Essentials Dashboard cannot be opened until the server configuration is complete, please wait for a few minutes, and then try to open the Dashboard again.
Manage Windows Server Essentials Experience role
If your virtual machine is running the Windows Server Essentials Experience role in Azure, you may want to configure the following features:
Set up Anywhere Access
Turn on BranchCache (optional)
Set up Anywhere Access
Important
In general, the use of Routing and Remote Access (RRAS) functionality for routing and as a VPN gateway within a virtual network is not supported in Azure. However, the use of RRAS functionality on an Azure virtual machine is supported only for the scenario that is specified within this document.
Anywhere Access helps you set up VPN connections and Remote Web Access to Windows Server Essentials Experience. To enable Anywhere Access in Azure, you need to:
Make sure that both port 80 and port 443 are accessible on your virtual machine. If you haven’t done so while creating the virtual machine, you can add them from the virtual machine management portal, on the Endpoints tab by using the Add button on the app bar on the bottom of the page.
After the endpoints are configured, you can set up VPN connections and Remote Web Access by using the Set up Anywhere Access Wizard in the Dashboard. The steps are the identical to the on-premises setup except that you must select the Skip router setup option on the first page of the wizard. Otherwise, router configuration errors are reported. You can safely ignore the router-related warnings.
Configure the Routing and Remote Access service (RRAS) server to use a static pool of IP addresses to allocate to remote clients. For more information, see Configure the Way RRAS Assigns IP Addresses to VPN Clients to create a static IP address pool.
Important
- Make sure that the size of the pool is large enough to allocate IP addresses for all the clients that might concurrently connect to the server. For example, if there are 100 clients that might access the server through VPN connections at the same time, the number of addresses should be larger than 100.
- Make sure that the static IP addresses are within the virtual subnet address space that you created earlier in Step 5 of Create a virtual network. The range of the pool should avoid conflict with IP addresses that are reserved for the virtual machines in this subnet. For example, if the virtual subnet IP addresses are 10.0.0.4 – 10.0.0.254, and you have less than 100 clients, you can configure the pool as 10.0.0.150 to 10.0.0.254.
Note
In the virtual machine running Windows Server 2012 R2, install the RRAS Microsoft Management Console (MMC) snap-in as follows:- Open Windows PowerShell, type mmc, and then press ENTER.
- In the Microsoft Management Console, click File/Add/Remove Snap-in…
- From the available snap-in list, select Routing and Remote Access > Add > OK.
- Expand the RRAS snap-in under the Console Root.
- Right-click Server Status, and then click Add Server.
- Keep the This computer radio button selected, and then click OK.
- To create a static IP address pool, follow the guidance in Configure the Way RRAS Assigns IP Addresses to VPN Clients.
After you run the Set up Anywhere Access Wizard, you can ignore the following error messages: “Anywhere Access to your server is blocked” and “There may be more than one router on your network.”
Turn on BranchCache (optional)
Enabling BranchCache can help reduce Internet traffic and decrease the time that is required to download files from the server. Every time a file is downloaded from the server, a cache is saved locally. The next time the same file is needed, it is retrieved directly from the local network, instead of downloading it again from the server. To turn on BranchCache:
On the Windows Server Essentials Dashboard, click Settings.
Click BranchCache > Turn on.
Connect to the virtual machine running Windows Server 2012 R2 with Windows Server Essentials Experience
To connect an on-premises client to the server running Windows Server Essentials Experience, you need to set up a VPN connection on the server and then run the connector software on the client.
To configure a VPN, see Configure virtual private network (VPN) to connect to Windows Server 2012 Essentials.
To connect a computer on-premises to the server running Windows Server Essentials Experience in Azure, see Connect Computers to the server.
Known limitations
This section explains known limitations to running Windows Server 2012 R2 with Windows Server Essentials Experience as a virtual machine in Azure.
DNS settings change if you change the size of the virtual machine
Note
This section only applies to virtual machines that are running Windows Server Essentials Experience as a domain controller.
If you change the size of your virtual machine that is running Windows Server Essentials Experience, the DNS settings of this server are reset to the value that is specified in the virtual network for this virtual machine, unless there is a dedicated DNS server in the virtual network. In the absence of a dedicated DNS server in the virtual network, the virtual machine is set to obtain the DNS server address automatically. If this occurs, the client computer is unable to connect to the virtual machine that is running Windows Server Essentials Experience.
To resolve this issue, after you resize the virtual machine, you can manually reset the DNS server address on the virtual machine running Windows Server Essentials Experience to 127.0.0.1, and then reset the IPv6 DNS setting to ::1.
False Best Practice Analyzer alert for Server Backup
If you get the Best Practice Analyzer (BPA) alert Windows Server Backup is configured to back up an unsupported partition, please ignore this alert. You can also delete the error event Security-SPP 16387 from the Application, Windows Logs.
Client full system restore over the Internet is not supported
You cannot perform a client full system restore if your server running Windows Server Essentials Experience is on a virtual machine that is hosted in Azure. You can still restore volumes, folders, or files.
Client deployment inside Azure is not supported
If you have another server or client running in Azure, you cannot use the Connector software to connect that server or client to Windows Server Essentials Experience running in Azure.
Azure Backup integration module cannot be installed
You cannot install the Azure Backup integration module. To work around the issue, use the Azure Backup Agent instead.
Remote VPN clients can only access resources that are hosted on the VM running Windows Server Essentials
A remote VPN client can only access resources that are hosted on the VM that is running Windows Server Essentials. It cannot access resources that are hosted on any other VMs that are a part of the same virtual network on Microsoft Azure.