How to Upgrade Windows Admin Center with Powershell

As announced few hours ago at Ignite this year Windows Server 2019 will be available this October . But to me my biggest take-away is that Windows Admin Center is been updated to version 1809, to support Windows Server 2019 and Azure hybrid scenarios.

Ready for Windows Server 2019

Last week article was about deploying Windows Admin Center on a Windows Server 2016 (Core), but I didn’t mention the upgrade path or checked if WAC was already installed.
So I’ve changed the script to address that requirements and ready to be re-used for Windows Server 2019 (core).

Microsoft’s Modern Lifecycle Policy

For customers currently using version 1804 of Windows Admin Center, upgrade to version 1809 is required within 30 days to remain supported under Microsoft’s Modern Lifecycle Policy.

Install-WAC.ps1 powershell script

The installation/upgrade process is straightforward, so the process requires to set just your port number and eventually a certificate thumbprint. What I added is also once the installation process is completed, a couple of checks if the service is running (ServerManagementGateway) and the desired port used (according to my settings 443) is open as expected and custom certificate instead of a self-signed one.

Read the previous article. If you want to consider your deployment “stateless” and just using Windows Admin Center in Gateway mode a self-sign certificate is an easier way of deploying it on your network, you can always use a reverse proxy later (IIS as a Reverse Proxy, NGINX as a Reverse Proxy or Apache as a Reverse Proxy).

Using your SSL Certificate

If you want to use a SSL Certificate, you need to install it first and get its thumbprint with one of these methods:

Or checking the details on the certificate file itself:

In case you have more issues, there is a useful troubleshoot page that I suggest you to read:

As usual this script is available on my github repository.

3 Replies to “How to Upgrade Windows Admin Center with Powershell”

  1. Can you verify if WAC works behind NGINX reverse proxy? I am able to get login request but then fails 400 . using enterprise cert.

    1. Hi Tj,
      Thanks for your comment.
      Is Nginx terminating SSL as well? If so the first thing I would do is testing it with a self-signed certificate, if between the reverse proxy and WAC there is a valid certificate (self-signed or provided by your local CA) it shouldn’t be a problem. Anyway looking at the release cycle of WAC you can re-generate the self-signed certificate every time you upgrade (at least every 3/4 months).

      1. I have opnsense running on a cloud instance with NGINX reverse proxy to vpn network to the windows admin center host which has a CA on the internal domain and on the opnsense I have a Let’s encrypt cert that handles the external , I have several websites/services that are able to connect and use this setup including guacamole server using websocket. So not sure why/where the connection is failing after login prompt for windows admin center is reached. WAC works fine internally and no cert error on domain joined machines.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.