340 likes | 587 Views
SAC-416T. Windows Server 8 apps must run without a GUI - learn more now. Jeffrey Snover Distinguished Engineer and Lead Architect of Windows Server Andrew Mason Principal Group Program Manager. Windows Server History. Prior to Windows Server 2008, full GUI at all times
E N D
SAC-416T Windows Server 8 apps must run without a GUI - learn more now Jeffrey Snover Distinguished Engineer and Lead Architect of Windows Server Andrew Mason Principal Group Program Manager
Windows Server History • Prior to Windows Server 2008, full GUI at all times • WS08 introduced Server Core which minimized: • Servicing • Security attack surface • Resource consumption • Deployment overhead • Critical patches reduced by 50-70% from full GUI install • However • One time install choice: full or core • Limited application compatibility • Limited local manageability
In the past, Windows has been a great OS for a serverand itsdevices
Windows Server 8 is a great OS for lots of servers and the devices connectingthemwhether they are physicalorvirtualwhether they are on-premise or off
A Cloud Optimized OS requires • Low friction deployment • Just Enough Server: install only what is absolutely needed to minimize • Security footprint • Serviceability footprint • Resource footprint • Multi-Machine Automation • Uniform, remote, lights-out management • Modern multi-machine management GUIs • Consuming lots of CPU and running on Client machines
GUIs on Servers Are Evil • Low friction deployment • Require large amounts of code to support the GUI • Multi-Machine Automation • Often call private APIs instead of public formal management APIs • Thwarts remote management which thwarts multi-machine management • Modern multi-machine management GUIs • Require GPUs • Takes large amounts of resources away from the server workload
Windows Server 8 Deployment Options • Full Server UI option provided for backwards compatibility • Server Core is the preferred deployment configuration • RSAT for remote GUI management • PowerShell support achieves critical mass with 2300+ cmdlets • More roles, features available • NEW Full Server without Server Graphical Shell • No Explorer, Internet Explorer or associated files • MMC, Server Manager, and a subset of Control Panel applets are still installed • Provides many of the benefits of Server Core for those applications or users that haven’t yet made the transition • NEW Can move between Server Core and Full Server by simply installing or uninstalling components
Server Core is Ready for the Mainstream WS08 & WS08/R2 Windows 8 Manageability PowerShell with > 2430 cmdlets Remote install/config of roles via Server Manager, Powershell, WMI Role Support 13 roles SQL Denali support Flexibility Migrate between core and full server by adding/removing components • Manageability • No PowerShell in WS08 • Powershell with ~230 cmdlets in WS08/R2 • No Remote install/config of roles • Role Support • 10 roles in WS08/R2 • Flexibility • Install Core or Full Server with no migration between them
Transitioning between Server Core and Full Server • PowerShell cmdlets • Full Server to Server Core • Import-Module Dism • Disable-Feature –online -FeaturenameServerCore-FullServer • Server Core to Full Server • Import-Module Dism • Enable-Feature –online -FeaturenameServerCore-FullServer,Server-Gui-Shell,Server-Gui-Mgmt • DISM • Full Server to Server Core • Dism /online /disable-feature /featurename:ServerCore-FullServer • Server Core to Full Server • Dism /online /enable-feature /featurename:ServerCore-FullServer /featurename:Server-Gui-Shell /featurename:Server-Gui-Mgmt
Reducing on Disk Footprint • Roles and Features can be removed from the WinSXS folder • PowerShell: Disable-Feature –online … … –Remove • Dism: Dism/online /disable-feature … … /remove • Can be reinstalled from Windows Update or a WIM • PowerShell: Enable-Feature –online … … –Source x:\wim • Dism: Dism/online /enable-feature … … /source:x:\wim
Optional Server Graphical Shell • Full Server without Explorer and Internet Explorer • Provides some of the benefits of Server Core for those products or admins that can’t fully make the transition to Server Core • Can run Server Manager, MMC, local admin GUIs and some Control Panel Applets • Enables developers to begin shifting their applications to support headless servers • Remove Shell dependencies • Ensure full remote management • Aligned with Server futures • Enhanced availability
Uninstalling Server Graphical Shell • Server Manager, under the Features UI • PowerShell cmdlets • Uninstall • Import-Module ServerManager • Remove-WindowsFeature Server-Gui-Shell -Restart • Install • Import-Module ServerManager • Add-WindowsFeature Server-Gui-Shell -Restart • DISM /online /disable-feature /featurename:Server-Gui-Shell
demo Minimal Server Interface
Server Graphical Shell Capabilities • If you do not install the Server Graphical Shell, there is • No Explorer Shell, Task Bar, or System Tray • E.g. explorer.exe, systray.exe, themeservice.dll • Common dependency issues • Shell namespace extension APIs • Common dialog boxes • No Internet Explorer or Help • E.g. iexplore.exe, mshtml.dll,
Common Dialog Box Control is Limited OPENFILENAME ofn = { 0 }; ... ofn.lpfnHook = HookProcOldStyle; ofn.Flags = OFN_ENABLEHOOK; // The callback HookProcOldStyle is as follows UINT_PTR CALLBACK HookProcOldStyle( HWND hdlg, UINT uiMsg, WPARAM wParam, LPARAM lParam ) { // This is a dummy hook proc to force non-Explorer style dialogs // Just return FALSE to allow standard dialog to handle messages return FALSE; } • Common Dialog box is functional with the exception of Networking • If not a common scenario, no changes needed • If a common scenario, use old style common dialog box • To display old-style dialogs pass in an old-style hook function and do not specify OFN_EXPLORER
Shell Namespace Extensions APIs • Any UI with dependencies on items implemented as Shell Namespace Extensions will fail • Shell Namespace Extensions are described at: • http://msdn.microsoft.com/en-us/library/cc144095(v=VS.85).aspx • Certain CPLs are namespace extensions • Check for dependencies on namespaces extensions • Applications should re-targeted at the appropriate PowerShell or command line option • Primary examples are the CPLs for Firewall, Windows Update, and Windows Networking
Internet Explorer • Internet Explorer is not available when Server Graphical Shell is uninstalled, for example • IELaunchURL() (ieframe.dll) http://msdn.microsoft.com/en-us/library/aa767962(v=VS.85).aspx • IHTMLWindow*, IHTMLDocument* (mshtml.dll) http://msdn.microsoft.com/en-us/library/aa741322(v=VS.85).aspx • Code can be modified to check for Server Graphical Shell and if not available display a message stating that it is required. • If you are querying the IE version (HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Version), you must fail gracefully when not present.
No Help System • Check & modify your help menu options and buttons • HtmlHelp() will return NULL as the hWnd of the help viewer. • Occurs in both Minimal Server Interface and Server Core • Existing code using HtmlHelp() returns NULL • Fail gracefully, e.g. display a message box to saying help is not available. • New code using HtmlHelp() or other help mechanisms, either: • Do not display option to invoke help in the UI • Use a wrapper function which can either invoke help using a dynamic dependency (e.g. LoadLibrary() or delayload), or display the "help not available" message box.
Silent Help Failures • When trying to start help nothing happens, there is no error message. Common causes are: • When launching help, loading hhctrl.ocx which queries the IE version (HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Version) and fails. • Help tabs disappearing when clicking on help – occurs with loading hhctrl.ocx which queries the IE version and fails. • Using a help viewer that tries to load IEFrame.dll (CLSID 8856F961-340A-11D0-A96B-00C04FD705A2) • Using the help viewer from Microsoft Visual Studio (dexplore.exe) which attempts to load ieproxy.dll which is no longer installed.
Server Graphical Shell Coding Best Practices • Ideal Solution - Run on Server Core • Have no dependencies on Full Server or Server Graphical Shell • For native code, use the lowest level Win32 APIs available • For managed code, limit to Server Core subset if Server Core is supported • Primarily test on Server Core • Enable remote management using WS-Management and PowerShell cmdlets
Server Graphical Shell Coding Best Practices (cont) • Interim solution phase – Run on Server Core with some optional Server Graphical Shell dependencies • Make Server Graphical Shell dependencies optional via delay load • Detect if running on Server Core or the minimal server interface • If so, do not use any Server Graphical Shell code paths • Primarily test on lowest level supported, e.g. Server Core or minimal server interface • If you have functionality that requires the Server Graphical Shell • Make functionality optional and installable only with Server Graphical Shell
Detecting the state of Server Graphical Shell • Using the Registry • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Server\ServerLevels • If only ServerCore=1 is set = Server Core • ServerCore=1 set by the foundation, always set in Windows Server 8 • If Server-Gui-Mgmt=1 is set and Server-Gui-Shell is not set = Minimal Server Interface • If both Server-Gui-Mgmt=1 and Server-Gui-Shell=1 = Full Server • Using the DISM APIs • Calling code must be running elevated • Requires C/C++ • Approach: enumerate features, record state of relevant features, evaluate overall Server state • #include <dismapi.h>, link to dismapi.lib
DISM API Sample hr= DismInitialize( DismLogErrorsWarningsInfo, NULL /* Optional path to logfile */ , NULL /* Optional path to scratch directory */ ); DismSession session; hr = DismOpenSession( DISM_ONLINE_IMAGE, NULL /* for DISM_ONLINE_IMAGE */ , NULL /* for DISM_ONLINE_IMAGE */ , &session );DismFeature *pDismFeaturesList; UINT dismFeaturesCount; hr = DismGetFeatures( session, NULL /* no optional Identifier */ , DismPackageNone /* no optional Identifier */, &pDismFeaturesList, &dismFeaturesCount ); for( UINT i=0; i < dismFeaturesCount; i++ ) { if ( ! bFoundServerGuiShell && (_wcsicmp(L"Server-Gui-Shell", pDismFeaturesList[i].FeatureName) == 0) ) { bFoundServerGuiShell = true; if ( DismStateInstalled == pDismFeaturesList[i].State ) { bEnabledServerGuiShell = true; } } // … Similarly for bEnabledServerGuiMgmt, bEnabledServerCoreFullServer } if ( ! bEnabledServerCoreFullServer ) { wprintf( L" Server Core\n" ); } else if ( bEnabledServerGuiMgmt && bEnabledServerGuiShell ) { wprintf( L" Full Server" ); } else if ( bEnabledServerGuiMgmt && ! bEnabledServerGuiShell ) { wprintf( L" MinShell" ); } else { wprintf( L" Other sub-Full-Server configuration" ); } hr = DismDelete( pDismFeaturesList ); // Delete structure returned by DISM APIhr = DismCloseSession( session ); hr = DismShutdown();
Troubleshooting Existing Code • Ensure your code runs on a Full Server with Server Graphical Shell installed • If it does, but not on the minimal server interface or Server Core, it is likely a missing dependency: • Missing DLL – use a debugger or a tool like Process Monitor • Missing Registry value – use a debugger or a tool like Process Monitor
Troubleshooting Existing Code (cont) • List static file dependencies • dumpbin /dependents <filename> • List API imports from each of the dependents files • dumpbin /imports <filename> • List API imports from the specified dependent file • dumpbin /imports:<dependent file> <filename> • Enable loader snaps to see what the loader is doing • http://blogs.msdn.com/b/junfeng/archive/2006/11/20/debugging-loadlibrary-failures.aspx • gflags.exe -i your-app.exe +sls • windbg.exe your-app.exe
Call to Action • Join the Windows Server direction for the datacenter! • Modify your apps/drivers to install and run on Server Core • Do not install GUI tools by default – make them optional • Write PowerShell Cmdlets to ensure it can be completely managed locally and remotely • WMIV2 or managed code • WS-Management • Write rich admin GUIs layered on top of PowerShell and install them on Windows Client • Profile and understand your dependencies
thank you Feedback and questions http://forums.dev.windows.com Session feedbackhttp://bldw.in/SessionFeedback
© 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
DLLs Removed by Server-Gui-Shell \Windows\System32\DevicePairing.dll \Windows\System32\DevicePairingFolder.dll \Windows\System32\DevicePairingProxy.dll \Windows\System32\DeviceUxRes.dll \Windows\System32\diskcopy.dll \Windows\System32\Display.dll \Windows\System32\docprop.dll \Windows\System32\DXP.dll \Windows\System32\dxpps.dll \Windows\System32\dxtmsft.dll \Windows\System32\dxtrans.dll \Windows\System32\efsadu.dll \Windows\System32\EscMigPlugin.dll \Windows\System32\fontext.dll \Windows\System32\hgcpl.dll \Windows\System32\icardie.dll \Windows\System32\IdCtrls.dll \Windows\System32\IEAdvpack.dll \Windows\System32\ieakeng.dll \Windows\System32\ieaksie.dll \Windows\System32\ieakui.dll \Windows\System32\ieapfltr.dll \Windows\System32\iedkcs32.dll \Windows\System32\ieframe.dll \Windows\System32\iepeers.dll \Windows\System32\iernonce.dll \Windows\System32\iesetup.dll \Windows\System32\iesysprep.dll \Windows\System32\ieui.dll \Windows\System32\imagesp1.dll \Windows\System32\imgutil.dll \Windows\System32\inetcomm.dll \Windows\System32\INETRES.dll \Windows\System32\InputSwitch.dll \Windows\System32\inseng.dll \Windows\System32\licmgr10.dll \Windows\System32\migration\shmig.dll \Windows\System32\msfeeds.dll \Windows\System32\msfeedsbs.dll \Windows\System32\mshtml.dll \Windows\System32\mshtmled.dll \Windows\System32\mshtmler.dll \Windows\System32\msident.dll \Windows\System32\msidle.dll \Windows\System32\msidntld.dll \Windows\System32\msieftp.dll \Windows\System32\msoeacct.dll \Windows\System32\msoert2.dll \Windows\System32\msrating.dll \Windows\System32\MsSpell7.dll \Windows\System32\mydocs.dll \Windows\System32\netplwiz.dll \Windows\System32\occache.dll \Windows\System32\oobe\msoobedui.dll \Windows\System32\packager.dll \Windows\System32\panmap.dll \Windows\System32\pngfilt.dll \Windows\System32\powercpl.dll \Windows\System32\RemoveDeviceContextHandler.dll \Windows\System32\RemoveDeviceElevated.dll \Windows\System32\sendmail.dll \Windows\System32\shgina.dll \Windows\System32\shimgvw.dll \Windows\System32\shpafact.dll \Windows\System32\shsvcs.dll \Windows\System32\shunimpl.dll \Windows\System32\shwebsvc.dll \Windows\System32\stobject.dll \Windows\System32\StorageContextHandler.dll \Windows\System32\sud.dll \Windows\System32\systemcpl.dll \Windows\System32\taskbarcpl.dll \Windows\System32\themecpl.dll \Windows\System32\themeservice.dll \Windows\System32\themeui.dll \Windows\System32\twext.dll \Windows\System32\url.dll \Windows\System32\usbui.dll \Windows\System32\usercpl.dll \Windows\System32\webcheck.dll \Windows\System32\wshext.dll \Windows\System32\zipfldr.dll \Program Files\Common Files\Microsoft shared\VGX\VGX.dll \Program Files\Common Files\System\wab32.dll \Program Files\Common Files\System\wab32res.dll \Program Files\Internet Explorer\hmmapi.dll \Program Files\Internet Explorer\iedvtool.dll \Program Files\Internet Explorer\ieproxy.dll \Program Files\Internet Explorer\IEShims.dll \Program Files\Internet Explorer\jsdbgui.dll \Program Files\Internet Explorer\jsdebuggeride.dll \Program Files\Internet Explorer\JSProfilerCore.dll \Program Files\Internet Explorer\jsprofilerui.dll \Program Files\Internet Explorer\msdbg2.dll \Program Files\Internet Explorer\networkinspection.dll \Program Files\Internet Explorer\pdm.dll \Program Files\Internet Explorer\sqmapi.dll \Program Files\Windows Mail\wabfind.dll \Program Files\Windows Mail\wabimp.dll \Windows\System32\ACCTRES.dll \Windows\System32\admparse.dll \Windows\System32\appinfo.dll \Windows\System32\AuthExt.dll \Windows\System32\autoplay.dll \Windows\System32\batmeter.dll \Windows\System32\browseui.dll \Windows\System32\BthMtpContextHandler.dll \Windows\System32\BWContextHandler.dll \Windows\System32\cabview.dll \Windows\System32\cryptdlg.dll \Windows\System32\deskadp.dll \Windows\System32\deskmon.dll \Windows\System32\DeviceCenter.dll