How to install Secure Gateway on Windows Server Core edition of Windows Server OS?

Description

Windows Server Core edition of Windows Server OS is the minimal installation option, containing only the core features required to execute server roles and run applications. These machines are designed for applications which requires minimal user interaction and hence do not have a GUI. The nonexistence of a GUI in Server Core, reduces the disk space and memory usage, apart from requiring limited maintenance. As setting up a Secure Gateway (Forwarding server) does not require an extensive GUI usage, the Server Core is a serviceable option. Administrators can manage Server Core using command-line interface, PowerShell, Remote Server Administration Tools (RSAT), Windows Server Manager or Windows Admin Center. 

To establish secure connection between the MDM server and third-party cloud resources, you can install a Secure Gateway on the Server Core machine. Follow the steps given below.

Steps

  • On the Server Core machine, create a folder called sharedFolder in the current directory.
  • Click on the Start button and open Command Prompt.
  • Share the folder using the command NET SHARE. Example: NET SHARE sharedFolder= <directory>:\sharedFolder /GRANT:Everyone,FULL
  • Copy the MDMSecureGatewayServer.exe to the sharedFolder by accessing it from other machine connected in the same network.
  • Navigate to sharedFolder and install the Secure Gateway using the following command in Command Prompt: MDMSecureGatewayServer.exe
  • Once the Setting Up Secure Gateway pop-up is shown, enter the port details, MDM server name, and proceed.
    If the pop-up does  go to C:\ManageEngine\ME_Secure_Gateway_Server\bin\ using Command Prompt and run FSConfigure.exe
    • Path for certificate files in MDM server: \apache\conf\
    • Path to place the certificates in Secure Gateway: C:\ManageEngine\ME_Secure_Gateway_Server\nginx\conf\
  • Once the certificates are copied, click Install.
  • For the Secure Gateway to work, the inbound port, 9383 needs to be open on the Firewall.
  • To open ports on the Firewall:
    • Open Task Manager and go to File -> Run New Task -> type Powershell and press the Enter key.
    • Run the following command on the PowerShell window: New-NetFirewallRule -DisplayName "FS" -Direction Inbound -Action Allow-Protocol TCP -LocalPort 9383