How to Install Windows Admin Center in a Windows Failover Cluster

Introduction

Windows Admin Center (WAC) is a browser-based management tool for Windows Server that works locally on your network. Unlike many cloud-based solutions, WAC doesn’t push you toward Azure, making it a perfect option for those who prefer to keep their infrastructure on-premises. With WAC, you can manage your servers and workstations from anywhere, without needing a connection to the cloud.

Before WAC, administrators relied on Windows Server Manager for managing Windows environments. But with Windows Server 2019, WAC brought browser-based management to the forefront, allowing you to manage your servers from any device, regardless of the operating system.

What is WAC?

WAC is essentially an upgrade to Windows Server Manager, with all the benefits of a fully browser-based tool. It lets you manage your servers from anywhere, whether they’re running on Windows Server 2022 or another version. It’s like VMware’s vCenter for Windows, giving you comparable level of remote management functionality, but specifically for Windows environments.

Introduced with Windows Server 2019, WAC complements Server Manager without replacing it. It allows administrators to access and manage systems remotely, controlling servers, workstations, and virtual machines running on Windows. You can handle tasks like performance monitoring and storage configuration all from a web browser, making it super convenient.

How to Install Windows Admin Center

Prerequisites

Before jumping into the installation, make sure you have the following:

• Windows Server 2022 deployed (latest version).
• A 2-node Windows Server Failover Cluster (WSFC) (although more nodes can be used, we’ll focus on a 2-node setup).
• A Cluster Shared Volume (CSV) with at least 10GB of available space.
• A signed .pfx certificate (or you can generate a self-signed certificate if needed).
• Administrator access on the target server.

Script for Installing WAC in a Failover Cluster

Here’s a PowerShell script to automate the WAC installation in a Windows Failover Cluster:

#requires -runasadministrator

# Download WAC installer from official Microsoft link

$WAC_Online = "http://aka.ms/WACDownload"

$WAC_Installer = "C:\windows\Temp\wac.msi"

$Port = 443

# Check if WAC is already installed

$IsAdminCenterInstalled = [bool] (Get-WmiObject -class win32_product | Where-Object {$_.Name -eq "Windows Admin Center"})

If ($IsAdminCenterInstalled){

$ReInstall = Read-Host "Admin Center is already installed. Do you want to re-install/upgrade it? [Y/N]"

If (("N", "n") -contains $ReInstall){

Write-Warning "No further action is required."

Exit 0

}

}

# Download the WAC installer

Write-Output "Downloading Windows Admin Center..."

Invoke-WebRequest -Uri $WAC_Online -OutFile $WAC_Installer

# Certificate management: Use provided certificate or generate a self-signed one

$CertificateThumbprint = "" # Specify thumbprint here, leave blank for self-signed cert

if ([bool](get-childitem cert: -recurse | where-object {$_.thumbprint -eq $CertificateThumbprint})){

msiexec /i $WAC_Installer /qn SME_PORT=$Port SME_THUMBPRINT=$CertificateThumbprint SSL_CERTIFICATE_OPTION=installed

} else {

msiexec /i $WAC_Installer /qn SME_PORT=$Port SSL_CERTIFICATE_OPTION=generate

}

# Post-installation: Ensure the WAC service is running

do {

if ((Get-Service ServerManagementGateway).status -ne "Running"){

Write-Output "Starting Windows Admin Center (ServerManagementGateway) Service..."

Start-Service ServerManagementGateway

}

Start-Sleep -Seconds 5

} until ((Test-NetConnection -ComputerName "localhost" -Port $Port).TcpTestSucceeded)

Write-Output "Installation completed and Windows Admin Center is running as expected."

How the Script Works

Here’s a breakdown of what the script does:

1. Download the WAC Installer: First, the script downloads the latest version of WAC from the official Microsoft site.
2. Check if WAC is Already Installed: It checks if WAC is already installed on your system. If it is, the script will ask if you want to reinstall or upgrade. If you choose “No,” the script will stop here, preventing unnecessary reinstallation.
3. Certificate Handling: The script looks for a certificate thumbprint. If a valid certificate is found, it’s used for the installation. If not, the script will automatically generate a self-signed certificate.
4. Installation of WAC: The script uses msiexec to install WAC with your specified port and certificate settings.
5. Service Startup: After installation, the script ensures that the ServerManagementGateway service is running. It will check every few seconds to make sure it’s up and running before finishing the installation.
6. Post-Installation Check: Finally, the script checks that WAC is accessible by testing the network connection on the specified port (default 443).

Troubleshooting

If you can’t access WAC after installation, it might be a permissions issue on the client machine. Here’s how to configure permissions in Active Directory:

1. Open Active Directory Users and Computers.
2. In the View tab, enable Advanced Features.
3. Find the WAC client machine (e.g., “CL-WIN19-WAC”) and open its properties.
4. In the Security tab, click Advanced, then Add.
5. Select Object types, check Computers, and click OK.
6. Add the object name (e.g., the WAC client machine) and grant it the Create Computer objects permission.
7. Apply the settings and try accessing WAC again.

Conclusion

With the script provided above, you can easily install Windows Admin Center in your Windows Failover Cluster setup. This process ensures that you can manage your servers effectively with a browser-based interface, all while keeping your infrastructure on-premises. WAC will provide centralized, secure management of your Windows Server 2022 environment, making your day-to-day tasks much easier.