Category: Windows

The blog post of Jay about running Windows Server 2012 R2 on an Intel NUC 54250WYKH and the problems with the on-board network card do apply to Windows Server 2016 CTP4 too.

Keith H. contacted me today (2016/02/23) about the Wireless network card on the Intel NUC 5i5 RYH. I added the steps to install the Wireless network card on the bottom.

Today I installed Windows Server 2016 CTP 4 on my Intel NUC 5i5RYH and encountered the same problem with a non-recognized network card. Intel has decided in all its wisdom to not let you install network card drivers when you are using a Microsoft Server operating system. As described in the blog post of Jay it is however possible to install the network card drivers. The method described works on most hardware with drivers that do not support a Windows Server operating system. The details will change with different hardware.

Warning!To install drivers with an edited INF file you need to trick Windows to install them. With some BCDEDIT commands this can be done. Please make sure the drivers you want to install are legitimate Intel drivers and not downloaded from some rogue site. Because you make some changes to the INF file Windows cannot verify the source of the drivers. There are some checksums for the driver files (included the INF file) and when you edit them the checksum is not valid anymore. When you use the official Intel drivers from the Intel site and you only adjust the INF file as mentioned below you are reasonably safe.

Be very careful not to install drivers from a non-trustworthy source!

Below the steps I took for the Intel NUC 5i5RYH:

  • Login to your Intel NUC 5i5RYH after you installed Windows Server 2016 CTP4
  • Run a CMD command prompt with Administrator privileges (Windows key + R and type CMD and press CTRL + SHIFT + ENTER) and run the following BCDEDIT commands.

bcdedit /set LOADOPTIONS DISABLE_INTEGRITY_CHECKS
bcdedit /set TESTSIGNING ON
bcdedit /set nointegritychecks ON

  • These commands switch the Driver Enforcement off so non verified drivers can be installed.
  • Restart the Intel NUC 5i5RYH.
  • The following part must be done on another computer because you still have no network on your NUC.
  • Download the latest driver for the Intel NUC 5i5RYH network card (link). I downloaded to [C:\Install].
  • Download WinRAR (link).
  • Expand using WinRAR the network card driver package. I unpacked to [C:\Install\LAN_Win10_64_20.4.1].
  • Look at the properties of the network card in [Computer Management], [Device Manager], [Details] and [Hardware ids]. In case of the Intel NUC 5i5RYH the string of text you need is: [VEN_8086&DEV_15A].

clip_image002

  • Using PowerShell find the INF files in the directory where you unpacked the drivers files.
    • Get-ChildItem -recurse | Select-String -pattern “VEN_8086&DEV_15A” | group path | select name
  • The result should look like this:

clip_image004

  • The INF file you need depends on the operating system you are using. [e1d65x64.inf] is for Windows 10 and Windows 2016, [e1d64x64.inf] is for Windows 8.1 and Windows 2012 R2.
  • In my case I needed the driver for Windows 2016 so browse to the directory with the [e1d65x64.inf] file.
  • Open the [e1d65x64.inf] file with notepad and change the following lines:
  • Change the following lines:

[ControlFlags]
ExcludeFromSelect = \
PCI\VEN_8086&DEV_153A,\
PCI\VEN_8086&DEV_153B

  • To: (put an [;] before the three lines after [ControlFlags])

[ControlFlags]
;ExcludeFromSelect = \
; PCI\VEN_8086&DEV_153A,\
; PCI\VEN_8086&DEV_153B

  • Next find the following lines below the [ControlFlags] section, the lines are marked blue below and copy those lines.

clip_image006

  • Next find the [Intel.NTamd64.10.1] section and paste the blue lines below the last line of this section.

clip_image008

  • The result should look like this:

clip_image010

  • Save the file and copy the C:\Install directory to an USB stick.
  • Log on to your Intel NUC 5i5RYH.
  • Copy all of the files from the USB stick to the C:\Install directory on your Intel NUC 5i5RYH.
  • Before you move on check if the message [Test Mode] is visible. If not then go back to the first step and run the BCDEDIT commands again and reboot.

clip_image012

  • Go to [Device Manager], [Properties] of the network card and choose [Update Driver…] from the [General] tab.

clip_image014

  • Next choose [Browse my computer for driver software].

clip_image016

  • Browse to the location of the edited driver files, in this case [C:\Install\LAN_Win10_64_20.4.1\PRO1000], and click [Next].

clip_image018

  • When the drivers are found and installed a warning will be displayed [Windows can’t verify the publisher of this driver software] choose [Install this driver software anyway].

clip_image020

  • After the installation of the driver software is finished the message should look like this:

clip_image022

  • Click [Close] and go back to [Device Manager] to check if the network adapter is now correctly installed.

clip_image024

  • Next run the following BDCEDIT commands:

bcdedit /set LOADOPTIONS ENABLE_INTEGRITY_CHECKS
bcdedit /set TESTSIGNING OFF
bcdedit /set nointegritychecks OFF

  • These commands switch the Driver Enforcement back on so non verified drivers cannot be installed anymore.
  • After running the BCDEDIT commands the Intel NUC 5i5RYH needs to be rebooted and now you have a functional network card.
  • To be sure check if the [Test Mode] message is removed from the desktop!

clip_image026

Good luck with installing the drivers on your Intel NUC 5i5RYH! This method will work for other hardware and drivers too. Just be careful not to install drivers from an untrustworthy source.

Steps to install the Wireless Network Card (added on 2016/02/23) thanks to Keith H.

  1. Clean install Windows Server 2016 TP4 build 10586 (downloaded from MSDN.microsoft.com)
  2. Add Wireless LAN feature; enable automatic restart
  3. Complete Wireless LAN feature installation (watching device manager correctly detects wireless LAN adapter… but I’m not able to connect to my access point)
  4. Reboot NUC
  5. Connect to access point correctly…

After these steps my WiFi card works perfectly. Good luck again!

If you need the drivers for the WiFi card they can be found here:

  1. Download the Windows 10 x64 drivers for the Intel Dual Band Wireless-AC 7265 network card

Word of advice: If you have no experience with installing Microsoft Server products and configuring a Domain Controller, DHCP server and WDS: Make sure you have plenty of time to learn all this or just follow a guide on the Internet to install Windows 8.1 via an USB stick. From here on I presume you have the knowledge to do all that and in fact already have done some or all of the work of setting up a Windows domain, DHCP server and WDS server

After I bought a Surface Pro I decided to reinstall Windows 8.1 Pro on it. Mainly because the device was pre-installed with an image of Windows 8.1 Pro in Spanish, Portuguese or Italian as language choice.

The first thing you need for this is an original Microsoft USB Ethernet adapter. Other brands will not work (for using PXE boot, after installation other USB Ethernet adapters will work). This is because of some firmware code that only supports the Microsoft USB Ethernet adapter.

The second step is to upgrade the firmware of the Surface Pro to the newest version. There is a download available with all the drivers and firmware software you need. Link to the download location.

To install the new firmware you have to go to Computer Management and Device Manager and expand the Firmware section. Update all four of the Firmware devices found there with the software from the link above. Just double click on the first, go to the second tab (Driver) and choose Update Driver. Point to the location of the downloaded software on your drive and let Windows do the magic. Repeat this for all four of the firmware items.

If you have not already installed a WDS server it is time to do so.

Install the WDS role on your server (if it is a home setup like I have, the easiest way is to use the DHCP server machine to install the WDS role).

Configure the WDS role by adding two boot images for Windows 8.1 (x64) (one specifically for the Surface and one for normal installations) and a Windows 8.1 install image. If you have a custom image for Windows 8.1 that could be added too. The second boot image can easily be renamed to Surface Boot Image (x64) or something else so you see the difference.

Add drivers to the WDS server by downloading the drivers from the above mentioned link. Next step is to add the driver of the USB network adapter to the boot image. Make sure the driver “msu30x64w8” is added to the Surface boot image.

After all this is done make sure the Surface Pro is completely off. Press, and hold, the Volume Up button and power on the Surface Pro. (keep the Volume Up pressed) and release the Volume Up button when you are in the settings screen of the firmware. Disable the Secure Boot Control option. Exit and reboot and immediately shutdown the machine by pressing the Power Button.

To install via PXE boot and WDS press an hold the Volume Down button and power on the Surface Pro. Keep the Volume Down pressed until the PXE boot information is displayed. After a few seconds you need to press Enter to start the network boot. From there on the installation is pretty straight forward.

Do not forget to enable the Secure Boot Control option in the firmware settings and install the default keys before you exit and save the firmware settings.

Last week I got a new loginname and password for an environment based on Windows Server 2012 R2. Also in the mail I got the request to change my password at first login. Good practice so no problem with that!

To get to the environment I first needed to connect via MSTSC to a server based on Windows Server 2008 R2. Then connect via MSTSC to the environment based on Windows Server 2012 R2.

Normal steps to change your password are using CTRL + ALT + DEL and choose Change A Password.

ChangePasswordServer2012R2.PNG

The problem I was facing was that CTRL + ALT + DEL does not work in a MSTSC session​. There is a solution for that. You can use CTRL + ALT + END to send a CTRL + ALT + DEL to the server you are connected to. So when I did exactly that I got a bit surprised by the view I got:

ChangePasswordServer2008R2.png

This is the result of CTRL + ALT + DEL on a computer based on Windows Server 2008 R2, not the result you would expect when connected to a Windows Server 2012 R2 machine. It seems that the CTRL + ALT + END is only used on the first session of MSTSC. So what now? Next I tried to change the password via my user account tile on the start menu.

ChangeAccountPicture.PNG

When you choose Change Account Picture and then Sign in Options you get to the new style of programs from Windows.

Accounts.png

To my surprise the option Change to change the password was greyed out…

After some searching on the Internet my collegue Willem found a wonderful workaround (or possible security bug?) to change the password.

  1. Go to the start menu
  2. Type OSK
  3. Start the On Screen Keyboard
  4. Press on your Physical keyboard CTRL + ALT
  5. Press on the On Screen Keyboard DEL
  6. Remove the On Screen Keyboard
  7. Click on Change A Password
  8. Change your password

ChangeAPasswordServer2012R2.PNG

Why the option is greyed out by default is a bit strange. In Windows Server 2012 R2 it is mandatory to change your password every 42 days. The days the management of servers was done on the physical console of the server is a long time ago by my standards… And why, if this default is not permitted, it can be done in this way makes it even more strange.

Of course there is always the option to change the password via the command prompt… IF you have domain Admin rights…

So if anyone has a better option (Powershell?) please share.

Update 2014-10-19: I got a link via Twitter from SystematicADM how to change your password via Powershell. And also a link how to change other AD user’s passwords via Powershell. Thanks to SystematicADM for the response!

Azure Backup is a service from the Azure environment that can be used to back up on premise machines, on premise virtual machines and cloud virtual machines. My first test was if an IAAS VM from Azure could be backed up by Azure Backup. The Azure Backup service is not advertised to do the last option but a customer is planning on moving the Hyper-V environment partly to Azure and there also needed to be a backup in place for the environment. Of course you can use Data Protection Manager or other systems but the drawback is that you need an extra VM for DPM and it is not really with the cloud in mind if there is a service that is able to back up your environment. So I started to test Azure Backup with my home/test environment. No extra charges when you have a Visual Studio Ultimate subscription with MSDN. It has a 115 EURO free of charge limit for testing purposes.

Below is the complete process of configuring the Azure Backup solution. For cost reasons I have used a Self-Signed Certificate instead of a certificate that needs to be bought. So if you would like to try this out yourself the only thing you need is an Azure account with some spending room. There are test Azure offers where you are limited in what you can use. If you would like more spending room you can always get your credit card and test some further… It is all up to you.

In short the following steps are taken:

  1. Create a Self-Signed Certificate
  2. Create the Backup Vault and upload the certificate to Azure
  3. Export the certificate from MMC
  4. Import the certificate on the VM
  5. Run WBInstaller.exe on the Virtual Machine
  6. Register Server
  7. Schedule backup

 

The following steps need to be done once:

 

Create a Self-Signed Certificate

Start Visual Studio Command Prompt

%comspec% /k “”C:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\vcvarsall.bat”” x86_amd64

Use the following statement to create a Self-Signed Certificate

makecert.exe -r -pe -n CN=AzureBackup -ss my -sr localmachine -eku 1.3.6.1.5.5.7.3.2  -e 12/12/2040  -len 2048 C:\Temp\AzureBackup.cer

 

Create the Backup Vault and upload the certificate to Azure

  1. Create new Backup Vault in Azure by clicking + and choose Data Services, Recovery Services, Backup Vault and Quick Create
  2. Enter a name for the Backup Vault and choose a region near you (Western Europe in my case) and click on Create Vault
  3. After the message is displayed that the Vault is created select the Vault
  4. Click on the Manage Certificate icon in the screen and browse to the CER file you created and click (V)
  5. After this is completed succesfully click on Download Agent (WBInstaller.exe)

 

Export the certificate from MMC

Start MMC and add Snap-In Security on the machine where the Certificate is created

  1. Right click on the AzureBackup certificate in Certificates\Personal\Certificates and choose All Tasks and Export
  2. Click Next in the Welcome to the Certificate Export Wizard screen
  3. Select Yes, export the private key in the Export Private Key screen (if this screen does not show, delete the AzureBackup certificate and start all over) and click Next
  4. Select Personal Information Exchange (PKCS #12 (.PFX) and Include all certificates in the certification path if possible in the Export File Format screen and click Next
  5. Select Password and enter a password twice and click Next
  6. Browse to the file location where you would like to save the exported file and name the file in the File tot Export screen and click Next
  7. Check the choices in the Completing the Certificate Export Wizard screen and click Finish if all is ok
  8. On the Certificate Import Wizard message: “The Export was successful” click OK

 

The following steps need to be done on every Virtual Machine that needs to be backed up by Azure Backup

 

Import the certificate on the VM

  1. Copy the PKF certificate file and the WBInstaller.exe to the virtual machine or create a network share accessible from the Virtual Machine where you place the files.
  2.  Import the certificate (AzureBackupExport.PFX) in the Security MMC console on the Virtual Machine that needs to be backed up
  3. Start MMC and add Snap-In Security on the Virtual Machine
  4. Right click on Certificates(Local Computer)\Personal and choose All Tasks and Import
  5. Select Local Machine in the Welcome to the Certificate Import Wizard and click Next
  6. Browse to the file location where you saved the exported file and select the file type Personal Information Exchange (PFX) in the File tot Import screen and click Next
  7. Enter the Password for the PFX file and select Include all extended properties in the Private key protection screen and click Next
  8. Select Place all certificates in the following store [Personal] in the Certificat Store screen and click Next
  9. Check the settings in the Completing the Certificate Import Wizard screen and click Finish
  10. On the Certificate Import Wizard message: “The Import was successful” click OK

 

Run WBInstaller.exe on the Virtual Machine

  1. Click I accept the terms of the Supplemental Notice in the Supplemental Notice screen and click OK
  2. In the screen Prerequisites Check click on Next
  3. Change the Installation folder and the Cache Location at will or leave it default and click on Next
  4. Select Use Microsoft Update when I check for updates (recommended) or I do not want to use Microsoft Update and click Install
  5. Wait untill the WBInstaller completes and leave Check for newer updates in the Installation screen and click Finish
  6. In the Before You Begin screen click Next
  7. In the screen Upgrade Process click Finish
  8. Check for Updates and install these

 

Register Server

  1. When finished installing updates start Windows Azure Backup (shortcut on the Desktop)
  2. Click on Register Server in the top right of the application
  3. Click on Next in the Proxy Configuration screen
  4. Click on Browse and select the correct certificate in the Vault Identification screen and click Next
  5. Select the Backup Vault in the Vault Identification screen and click Next
  6. Click on Generate Passfrphase or create one your own and Enter a location to save the passphrase in the Encryption Setting screen and click Register
  7. Click Close in the Server Registration screen

 

Schedule backup

  1. Click on Schedule Backup in the top right of the application
  2. Click Next in the Getting Started screen
  3. Click on Add Items and select what you would like to backup in the Select Items to Backup screen
  4. Click on Exclusion Settings an select what files you do not want to backup
  5. Click Next in the Select Items to Backup Screen
  6. Select the days and times the backup needs to run in the Specify Backup Time screen and click on Next
  7. Select the number of days retention time in the Specify Retention Setting screen and click Next
  8. On the Confirmation screen click Finish
  9. Click Close in the Modify Backup Progress screen

 

Backup Now

  1. If needed click on Backup Now in the top right corner of the application
  2. In the Confirmation screen click Back Up
  3. You may close the Backup progress screen if needed. The backup will continue

 

Good luck! If you have any questions please let me know! Next blogpost will be on restoring your data.