Sitecore DevOps

Sitecore in Windows Server Core (without UI) – Tips and Tricks

by

wmoyano
in

The majority of instances and ensembles of Sitecore, often are hosted in machines with Windows OS on them. There will be some other installations in which you will have Sitecore in Windows Server Core, which means the Operative System is more focused on performance, sacrificing Windows UI.

Windows Core Start Screen

Troubleshooting Sitecore in Windows Server Core can be challenging in this kinds of instances as we usually are accustomed to do all processes visually.

But fear not, as in this blog I will share all the tips, tricks and hacks that I have compiled when dealing with Windows Server Core Sitecore Instances.

File Navigation

Windows Core OS does not have a File Explorer available. Sometimes we want to search for a configuration file, or a log file by date, tasks done easier with a UI. To solve this one, we have notepad (and/or notepad++) to thank.

Notepad and Notepad++

To be able to navigate through files, we are going to use the Open (Ctrl + O) feature of Notepad:

Open Feature in Notepad

This feature can help us navigate, copy + paste files and visually search by date.

Search By Date Modified

Windows Event Logs

Often, we encounter errors that don’t have enough information in the Sitecore log stack trace, so we need to search in the Windows Event Logs (Application) for more information.

The routinary way to do this is in a normal Windows machine is by opening Event Viewer app, capability that Windows Core does not have. To solve this one, we need to dive into PowerShell commands.

With the following line, you can get the latest 10 Application Logs from Windows Event Viewer:

Get-EventLog -LogName Application -Newest 10

The results for this one are something similar to:

get-eventlog results

We can see that each Log Object has some very interesting properties, so to expand these (in this example we’ll use Index 61015) we can use the following line:

Get-Eventlog -LogName Application -Index 61015 | Select-Object -Property *

The results will be all the properties expanded:

get-eventlog detail results

For more information, you can visit also the Microsoft Learn Documentation for Get-EventLog.

SSL / PFX Certificates Installation and Renovation

For this one, what we usually do in normal Windows instances is open mmc.exe to manage our Certificates, once again a feature that is lacking in Windows Core.

For the process of installing or renovating an SSL Certificate we are going to start by installing the pfx with this commands:

Pfx Install

$securePass = 'password-for-pfx'
$SecurePassword = $securePass | ConvertTo-SecureString -AsPlainText -Force
Import-PfxCertificate -FilePath "C:\route-to\your0certificate.pfx" -CertStoreLocation Cert:\LocalMachine\My -Password $SecurePassword

After we have installed our PFX, in order to attach the new SSL certificate, we need to have new bindings in our IIS Site (for all our Sitecore Roles).

First, we stop our Sitecore websites, app pools and windows services, then we recreate our site’s bindings as follows:

Stop Sitecore

# Stop all Websites
Get-ChildItem -Path IIS:\Sites | foreach { Stop-WebSite $_.Name; }
# Stop all IIS App Pools
Get-IISAppPool | foreach {stop-webapppool -name $_.Name}
# Stop all Sitecore windows Services (XP instance)
stop-service -name 'sitecore*'

Remove Existing Bindings

Remove-IISSiteBinding -Name "site-name" -BindingInformation "*:443:your-domain.com" -Protocol https

Create New Web Bindings

New-IISSiteBinding -Name "site-name" -BindingInformation "*:443:your-domain.com" -CertificateThumbPrint "thumbprint" -CertStoreLocation "Cert:\LocalMachine\My" -Protocol https -SslFlag 1

This is one of the most important steps, managing Certificate’s Private Keys. Meaning we need to allow the application pools, and Local Services, access to the private keys.

Manage Certificate’s Private Keys

$CertObj= Get-ChildItem Cert:\LocalMachine\my\certificate-thumbprint

$rsaCert = [System.Security.Cryptography.X509Certificates.RSACertificateExtensions]::GetRSAPrivateKey($CertObj)
$fileName = $rsaCert.key.UniqueName
 
$path = "$env:ALLUSERSPROFILE\Microsoft\Crypto\Keys\$fileName"
# Alternate Path for installed certs:
# $path = "$env:ALLUSERSPROFILE\Microsoft\Crypto\RSA\MachineKeys\$filename"
 
# repeat this block with as many rules as needed {
 
  $permissions = Get-Acl -Path $path
 
  # add access to LocalService
  $rule = new-object security.accesscontrol.filesystemaccessrule "LocalService", "FullControl", allow
 
  # add access to the application pools
  # $rule2 = new-object security.accesscontrol.filesystemaccessrule "IIS APPPOOL\your-app-pool", "FullControl", allow
  # example: $rule = new-object security.accesscontrol.filesystemaccessrule "IIS APPPOOL\osh.com.mr.xc", "FullControl", allow
 
  $permissions.AddAccessRule($rule)
  Set-Acl -Path $path -AclObject $permissions

Connection Stings Changes

  • Replace new Thumbprint in all *.config files for all Sitecore sites / services for all roles

Example Connection Strings file (with example thumbprint):

connection strings file example

And Finally we start Sitecore back again:

Start Sitecore

# Start all app pools
Get-IISAppPool | foreach {start-webapppool -name $_.Name}
# Start all websites
Get-ChildItem -Path IIS:\Sites | foreach { Start-WebSite $_.Name; }
# Start all windows services
start-service -name 'sitecore*'

Hopefully this tips and tricks can help you when troubleshooting / maintaining or solving problems with your Sitecore instances in Windows Core.

Cheers!