In this day and age, there seems to be an almost universal assumption that every computer is connected to the Internet. Of course, those of us in IT know that nothing could be further from the truth. Backend systems within the datacenter reside on isolated network segments where they can be kept secure. This isolation, while essential, poses a bit of a challenge when it comes to management. The Windows Admin Center and its various extensions are downloadable. So how can you download and deploy these tools for use on an isolated network segment with no Internet access?
On the surface, this would at first seem to be a total nonissue. After all, you can just go download the Windows Admin Center. Once you have downloaded the MSI file, you can simply copy it to removable media and then use the removable media to install the Windows Admin Center to a machine on your isolated network segment.
What about Windows Admin Center extensions?
While there is nothing complicated about installing the Windows Admin Center to a machine that resides on an isolated network segment, the bigger trick is to install the Windows Admin Center extensions, which isn’t quite so straightforward.
For anyone who might not be familiar with extensions, they are modules that add functionality to the Windows Admin Center. If for example, you want to use the Windows Admin Center to manage your Active Directory environment, you would need to install an Active Directory extension. You can see some of the available extensions shown in the figure below.
As you look at the figure above, there are a few things that are worth paying attention to. First, take a look at the Created By column. As you would probably expect, most of the available extensions were created by Microsoft. However, third-party vendors also contribute extensions, thereby allowing you to use the Windows Admin Center to manage their products. Several of the extensions near the bottom of the screen capture for example, were provided by Dell EMC.
Another thing to pay attention to is the Package Feed column. The Package Feed indicates where the extension is coming from. This is especially important for those who need to deploy extensions to a management computer on an isolated network segment. In the screen capture, all of the available extensions are coming from the Windows Admin Center Feed, which is a centralized repository on the Internet.
The reason why I am mentioning the fact that the extensions are coming from the Windows Admin Center feed is because if you were to simply install the Windows Admin Center to a computer on an isolated network segment, the lack of connectivity would prevent the Windows Admin Center from being able to download the extensions that it needs from the Windows Admin Center Feed. As such, if you want to use the Windows Admin Center on an isolated network segment, then you will need to access the Windows Admin Center Feed from a connected device, download the extensions, and then create an extension repository on the isolated segment and configure the Windows Admin Center to use that repository.
There are actually a few different techniques that you can use to acquire the Windows Admin Center extensions that you need. One option is to use Windows PowerShell. There are actually several PowerShell cmdlets that are dedicated specifically to managing feeds. In order to use these cmdlets, you will need to import the Extension Tools module on a system that has the Windows Admin Center installed. The command used for doing so is:
Import-Module "$env:ProgramFiles\windows admin center\PowerShell\Modules\ExtensionTools"
Once you have imported the required module, you can begin using feed-related cmdlets such as the Get-Feed cmdlet shown in the figure below. Incidentally, the URL shown in the figure points to my Windows Admin Center server.
While it is certainly possible to use the various extension-related cmdlets to manage your extensions, the good news is there is a way to take the guesswork out of the process. Jon Galloway, a senior program manager at Microsoft, has created a script that you can use to acquire the various Windows Admin Center extensions.
If you would rather not have to delve into PowerShell there is a way of downloading and importing the extensions through the GUI. The first step in the process is to download the extensions that you want to install. Unfortunately, this site requires you to download each extension individually, as shown below. The advantage of using PowerShell is that you can download the extensions in bulk.
Once you have downloaded the packages that you need to install, the next step in the process is to get them into the Windows Admin Center machine on your isolated segment. To do that, copy the .NUPKG files that you downloaded to removable media and then make them accessible to the Windows Admin Center machine.
Next, open Windows Admin Center and then click Settings, followed by Extensions. Now, go to the Feeds tab, and then click the Add button. You will now be prompted for a package source, as shown in the figure below.
Normally, the Add Feeds option is used to tie the Windows Admin Center to an Internet-based feed. In that case, you would need to enter the feed URL. Since the management machine is on an isolated segment, you will have to enter the path to the location in which the .NUPKG files reside. As a best practice, you should create a file share somewhere on the isolated segment, and then point the Windows Admin Center toward that file share.
Stuck? Get help from Microsoft
As you can see, it is relatively easy to make the Windows Admin Center work on an isolated network segment with no Internet. If you need additional help, then you can find Microsoft’s documentation here.
Featured image: Shutterstock
I got the following error when I put the script that Mr. Galloway shared in the Windows PowerShell Ise:
Directory: Z:\NTProfile\Documents
Mode LastWriteTime Length Name
—- ————- —— —-
d—– 9/11/2020 7:38 AM NuGetLocal
Exception calling “DownloadString” with “1” argument(s): “The remote server returned an error: (404) Not Found.”
At line:17 char:2
+ $feed = [xml]$webClient.DownloadString($feedUrl)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : WebException
You cannot call a method on a null-valued expression.
At line:51 char:37
+ $link = $feed.feed.link | where { $_.rel.startsWith(“next”) } | sel …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
That’s the message I got when I tried to implement the first step:
PS C:\Windows\system32> Import-Module “$env:ProgramFiles\windows admin center\PowerShell\Modules\ExtensionTools”
Import-Module : The specified module ‘C:\Program Files\windows admin center\PowerShell\Mo
dules\ExtensionTools’ was not loaded because no valid module file was found in any module
directory.
At line:1 char:14
+ Import-Module <<<< "$env:ProgramFiles\windows admin center\PowerShell\Modules\Extensio
nTools"
+ CategoryInfo : ResourceUnavailable: (C:\Program File…\ExtensionTools:St
ring) [Import-Module], FileNotFoundException
+ FullyQualifiedErrorId : Modules_ModuleNotFound,Microsoft.PowerShell.Commands.Impor
tModuleCommand
It looks like you may be missing the Windows Admin Center module. https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/use/get-started
I too am failing to install Windows Admin Center extensions in an offline mode.
I’ve success fully copied all the .nupkg files to the “C:\temp” directory on the WAC server itself.
I’ve successfully registered the feed “C:\temp” and the .nupkg files do indeed show up in the “Available extensions” area.
However — when you click “Install” it fails with:
ERROR:
“Couldn’t install the extension: ‘Active Directory’. Error: Failed to install package msft.sme.active-directory. Error: Unable to connect to the remote server”
I’ve tried making the “C:\temp” directory have “Everyone” = “Full” NTFS permissions. No change.
I’ve tried accessing the WAC console with FQDN/shortname/localhost and 127.0.0.1 in the URL field. Same error.
Tried rebooting the WAC server after registering the new “C:\temp” feed. Same error.
The puzzling piece is “unable to connect to the remote server” which doesn’t make sense as it is connecting to itself.