Windows Server Core: Setting a New IP Address For Your DC (including IPv6 & Client DNS)

All your .cpl are belong to us (all 6 of them, woah)

All your .cpl are belong to us (all 6 of them, woah)
All your .cpl are belong to us (all 6 of them, woah)

I’ve been working on moving to Windows Server Core for my DCs, and getting adjusted to PowerShell has been slightly daunting, as the only CLI I’m really familiar with is Unix-based, and, while there are similarties to be sure, they are also very different in a lot of respects. There’s a plethora of remote-based GUI programs for configuring Core servers available that are useful as “training wheels”, like Windows Admin Center (aka Webmin for Windows) and the ever-ubiquitous RSAT tools, which are desktop applications that, by using WinRM, can manage remote machines – programs like Server Manager, ADUC, PSRemoting (aka MS-SSH – hint: just use SSH), and time-tested (old) MMC snap-ins.

But what if you just want to get something essential done, especially if you don’t have remote access available? Well, there’s actually a lot of options still: The Sconfig TUI program, which is always included, but it’s extremely limited in scope, and I’ve realized through difficult experiences can be problematic (more later).

You actually can use MMC locally on a Server Core machine, but it’s more limited in snap-ins, and often these don’t cover what you need.

MMC on Server Core 2022 doesn’t even have Network Shares or Computer Management – boo.

I’ve learned through installing RocketDock for giggles (honorable mention) there actually is an instance of the control panel on Windows Server Core (I had read otherwise), but it’s pretty :sad trombone:.

Featured image also shows cult-beloved Rocket Dock, which does seem rather applicable to this bolt-on situation
Featured image also shows cult-beloved Rocket Dock, which does seem rather applicable to this bolt-on situation

If none of those fit your necessities, you’re looking at using netsh, wmic, or PowerShell. Thankfully, they are all fairly comprehensive and easy to learn, even if they have completely different syntax from anything you’ve had to rely on CLI commands over the past few decades.

OK, enough rant and external links. Here’s something I discovered pawing through the MS wiki and random blog posts about configuring my DCs IP addresses.

I’ve had to re-configure the IPs on my DCs now a couple times since I’ve been migrating them between hosts to deal with hardware upgrades. Every time I clone one and start it on a new machine, it either resets the NIC to DHCP or a link-local address, so I have to re-set the static IP manually and (sometimes) re-authorize the connection to the domain (on the domain controller … irony?).

HAPPYMUFFIN has decided not to recognize he’s a DC anymore, probably because he’s barfing out this Link-Local address

Setting your IP address is obviously trivial on a Server instance with Desktop Experience. Observe:

Like any other Windows Desktop, via Control Panel -> Network Connections

Server Core should be even easier since the SConfig menu pops up whenever you log in, but Sconfig routinely fails to accept a static configuration. Observe:

boo.

Note, if you hate that SConfig pops up when you log in, you can disable it with the cmdlet Set-SConfig, ala:

Set-SConfig -AutoLaunch $false

TL;DR

That was an incredibly long wind-up to say, here’s how to set the NetIPAddress and DnsClientServerAddress in Windows Server Core

Synopsis:

  1. If you’ve got a pre-existing static IP, be sure to delete it first (Remove-NetIPAddress)
  2. If you’ve got DHCP configured, disable it first (Set-NetIPInterface)
  3. Use New-NetIPAddress to create your new address (not Set-NetIPInterface)
  4. Use Set-DnsClientServerAddress to point to your DNS forwarders – which, in my case, are these very DCs I’m configuring

Basics – gathering necessary info:

Get-NetIPInterface will give you a list of network adapters inside your machine currently (including loopback):

PS C:\Users\administrator.DOMAIN> Get-NetIPInterface

ifIndex InterfaceAlias            AddressFamily NlMtu(Bytes) InterfaceMetric
------- --------------            ------------- ------------ ---------------
4       Ethernet0                       IPv6            1500              15
1       Loopback Pseudo-Interface 1     IPv6      4294967295              75
4       Ethernet0                       IPv4            1500              15
1       Loopback Pseudo-Interface 1     IPv4      4294967295              75

Get-NetIPConfiguration will give you more info about a given interface (you can identify it with -InterfaceIndex (e.g. 4), or -InterfaceAlias (e.g. Ethernet0)

PS C:\Users\administrator.DOMAIN> Get-NetIPConfiguration


InterfaceAlias       : Ethernet0
InterfaceIndex       : 4
InterfaceDescription : vmxnet3 Ethernet Adapter
NetProfile.Name      : webtool.space
IPv6Address          : 2601::dead
                       2601::beef
IPv4Address          : 10.0.0.33
IPv6DefaultGateway   : fe80::f00d
IPv4DefaultGateway   : 10.0.0.1
DNSServer            : ::1
                       10.0.0.3
                       10.0.0.33

Removing an old configured IP address:

Remove-NetIPAddress can help you get rid of that old, pesky address that might be stopping you from employing a new one (if they’re on the same subnet, they’ll probably co-exist peacefully, but different subnets = food for gremlins)

Remove-NetIPAddress -AddressFamily IPv4 -IPAddress '192.168.21.3' -Confirm:$false

You can pipe these commands to some extent with Get- and Set-NetIPInterface – here’s an example (albeit, not a very good one since it requires more typing):

Get-NetIPInterface -InterfaceIndex 4 | Set-NetIPInterface -AddressFamily IPv6 -Dhcp Disabled

The one you’re probably really after isn’t Set-NetIPInterface, but New-NetIPInterface. That kind of threw me off at first, but it’s reflected in how the workflow expects you to delete prior addresses (before creating a new one, right?)

PS C:\Users\administrator.DOMAIN> New-NetIPAddress -InterfaceIndex 4 -AddressFamily IPv6 -IPAddress '2601::dc01' -PrefixLength 64 -DefaultGateway '2601::beef'


IPAddress         : 2601::dc01
InterfaceIndex    : 4
InterfaceAlias    : Ethernet0
AddressFamily     : IPv6
Type              : Unicast
PrefixLength      : 64
PrefixOrigin      : Manual
SuffixOrigin      : Manual
AddressState      : Tentative
ValidLifetime     : Infinite ([TimeSpan]::MaxValue)
PreferredLifetime : Infinite ([TimeSpan]::MaxValue)
SkipAsSource      : False
PolicyStore       : ActiveStore

IPAddress         : 2601::dc01
InterfaceIndex    : 4
InterfaceAlias    : Ethernet0
AddressFamily     : IPv6
Type              : Unicast
PrefixLength      : 64
PrefixOrigin      : Manual
SuffixOrigin      : Manual
AddressState      : Invalid
ValidLifetime     : Infinite ([TimeSpan]::MaxValue)
PreferredLifetime : Infinite ([TimeSpan]::MaxValue)
SkipAsSource      : False
PolicyStore       : PersistentStore

DNS Client configuration:

Now that your IP and Gateway are set, the only thing missing is your DNS settings, right? Since this is a DC, I’m going to point it towards myself and the other DC.

Set-DnsClientServerAddress -InterfaceIndex 4 -ServerAddresses ('2601::dc01','2601::dc02')


InterfaceAlias       : Ethernet0
InterfaceIndex       : 4
InterfaceDescription : vmxnet3 Ethernet Adapter
NetProfile.Name      : webtool.space
IPv6Address          : 2601::dc01
IPv4Address          : 10.0.0.33
IPv6DefaultGateway   : {2601::f00d,
                       fe80::f00d}
IPv4DefaultGateway   : 10.0.0.1
DNSServer            : 2601::dc01
                       2601::dc02
                       10.0.0.3
                       10.0.0.33

OK, this post ended up being way longer than I anticipated, but that’s how you get the basics of your network adapter working again if SConfig takes the ultimate dump when trying to use it to configure your Server Core network interfaces. Enjoy!


Leave a Reply

Your email address will not be published. Required fields are marked *