Manage Azure Virtual Machines Using Windows Admin Center
Now that Windows Server 2019 is generally available, it seems like a good time to start using Windows Admin Center (WAC) as the default management tool. WAC is a web-based tool for managing local or remote servers via a gateway that uses PowerShell Remoting and Windows Management Instrumentation (WMI) over WinRM. And while Windows Server 2019 still includes Server Manager, Windows Admin Center is where Microsoft is now investing all its efforts.
In this article, I’m going to show you how to manage Windows Server 2019 running in an Azure VM. I will use a WAC gateway installed on my Windows 10 PC. This requires the VM you want to manage to have a public IP address and you need to make the necessary management ports available over the Internet. Naturally, this is not the most secure option, but it is a quick way to start managing Windows Server. If your VM doesn’t have a public IP address or you want a more secure way to manage your cloud servers, you’ll need to install a WAC gateway on an Azure VM and/or connect your local network to the Azure VNet using ExpressRoute, Site-to-Site VPN, or Point-to-Site. But that’s beyond the scope of this article.
Configure Windows Firewall for Inbound WinRM
Let’s start by configuring Windows Firewall to allow an inbound connection for WinRM.
Say Goodbye to Traditional PC Lifecycle Management
Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.
- Start the Windows Server 2019 Azure VM that you want to manage using the Azure management portal.
- Log in to the Windows Server 2019 virtual machine that you want to manage using Remote Desktop by clicking Connect on the Overview screen for the VM in the management portal.
- In Windows Server, open a Windows PowerShell window with admin privileges.
Note that the Windows Server 2019 Azure marketplace image has WinRM enabled by default. If you want to manage another supported version of Windows Server, you may need to manually run winrm quickconfig in an elevated command prompt to enable WinRM.
- Run the Set-NetFirewallRule cmdlet as shown below to allow inbound WinRM access through the Windows Firewall.
Set-NetFirewallRule -Name WINRM-HTTP-In-TCP-PUBLIC -RemoteAddress Any
Configure Azure Networking to Allow Inbound WinRM
Before we can connect WAC to Windows Server, we also need to configure Azure networking to allow inbound WinRM connections.
- Select your VM in the Virtual Machines section of the Azure management portal.
- On the VM’s page in the portal, click Networking under Settings.
- Make sure that Inbound port rules is selected and then click Add inbound port rule.
- On the Add inbound security rule pane, type 5985 in the Destination port ranges
- In the Name field, type Port_5985.
- Click Add.
The new rule will now appear in the list of inbound rules.
Connect to Windows Server using WAC
Now all that’s left to do is test whether I can connect to the server using WAC. I’ve already installed a WAC gateway on my Windows 10 PC. For more information on installing a WAC gateway, check out Getting Started with the Windows Admin Center on Petri.
- Connect to your WAC gateway from a supported browser.
- On the All Connections screen, click + Add. If you don’t see the All Connections screen, click Windows Admin Center in the top left corner.
- In the Add Connections pane, click Add Server Connection.
- In the Server name box, type the public IP address or DNS name of the server you want to manage.
- If you are using an IP address, select Don’t attempt to resolve the server name. You can get the IP address or DNS name of the VM on the Overview pane in the Azure management portal. If you haven’t assigned the VM a static IP address, don’t forget that the IP address will probably change each time the VM is started.
You may get an error message saying that the connection cannot be verified. This is normal if you are connecting to the VM for the first time and you can safely ignore it.
- Click Submit.
- The server will now appear in the list of connections. Click the box to the left of the listing to select it and then click Manage As.
- On the Specify your credentials pane, click Use another account for this connection, enter an administrator user name and password for the Windows Server VM, and click Continue.
- Select the server again in the list of connections and then click Connect.
- You’ll be taken to the Server Manager screen for the remote server.
Microsoft is updating WAC on a regular basis, so it’s worth coming back to it often to check out what is new.