Installing Windows Server 2016 Essentials (Part 3)

Set up Windows Defender

New to the Windows 2016 Essentials Dashboard is the convenient configuration of Windows’ anti-malware suite – Windows Defender. You can enable Windows Defender from the Dashboard to provide real-time protection for your data and keep an eye on your security status via the Dashboard’s Health Monitoring and Health Reporting tabs.


Your server should have enabled Windows Defender by default, but that may not necessarily be the case. Hit the Click to enable Windows Defender command to get started. Your server will check Windows Defender status and enable the feature if required.


Set up Anywhere Access

Anywhere Access on a Windows Server 2016 Essentials computer consists of two components, RWA (Remote Web Access) and VPN (Virtual Private Network). From a computer that has the Dashboard connector installed, one can securely access the server and computer desktops on the LAN from any remote location through a web browser. You can still access the computers on the Local Area Network from computers that have not had the connector installed, the downside is that the connection is not a secured connection. This is the RWA side of Anywhere Access.

The VPN half of Anywhere Access uses a protocol that is basically a network connection similar to your NIC adapter connection. However, using VPN, instead of connecting directly to the Internet, a remote computer actually accesses the local network from that remote location through the Essentials server and then back out to the Internet. This connection is encrypted and is therefore secure. When dealing with potentially sensitive material, you want that secure connection when using a public network.


To set up your server for Anywhere Access, select the appropriate setup option in the Dashboard, then click on the Click to configure Anywhere Access item.


A wizard opens to begin the Anywhere Access process.  Click Next.


As you’d expect, the Anywhere Access wizard offers an automated method to configure your server – and indeed your router – for remote access. On the server side, the wizard works well however, automatically configuring routers can be problematic. It’s worth attempting the automatic setup, but if you struggle, you’ll see an option is included to skip the router setup. Select this and you’ll need to manually forward the relevant ports on your router to the server’s IP address.

The first task is to configure a domain name for the server. In the following screen, you are given the choice to use a domain name you already own or to set up a new domain name.  We are going to use the second option:


So, click on the “I want to set up a new domain name” radio button and click Next. In the next screen you are asked if you want to purchase a domain name or get one from Microsoft. 


As the Microsoft route is the easiest way and cheapest (free) way to go for demo purposes, we will select that option. Obviously, if you need a business/personal domain, you can pick one up.

You need to have a Microsoft account to use a free domain.  However, as with the domain name from Microsoft, this costs you nothing. To obtain an account, click the Sign up now link and register.  Be sure to record the account name and password and save it in a secure place for future use!

Once you have your account, enter the details and click Sign in. The wizard begins the process, and in this case, produces a list of domain names associated with my particular Microsoft account. 


Create a new domain name, and click on the Check availability button.

  • The name can contain a maximum of 63 characters.
  • Only letters, numbers, or hyphens (-) are allowed.  The name must begin and end with a letter or a number.
  • Please note that the Domain names are not case sensitive.

If that domain name is available, you will get the message as noted below, and it is time to click on the Set up button. Otherwise, if you wish to use a previously registered name, select it from the dropdown menu and click Next.

The registration process begins and if all goes well you get the following screen.  You now have your Domain set up for remote access, and all that is left to do is click on Next to enable the Anywhere Access features.


Based upon your particular needs are for remote access, you can set up a VPN connection and access to the server from a web browser.


Tick the appropriate boxes and click Next.

In the next screen, the default option is to allow remote access to anyone with the appropriate credentials.  You may want to uncheck this box and decide on a per user basis whether remote access is needed.


Once decided, click Next to finally complete this task. Keep an eye on the wizard as it’ll test connectivity to your server from outside the network to ensure remote access has been correctly configured. The troubleshooting steps published in case of an error are really useful for identifying and resolving any problems.


Once you have remote access configured, click on the Close button to take you back to the Dashboard.



  1. Thanks for this Terry. I am trying to decide if there is value add going from 2012 R2, so far it looks like no. One thing that I didn’t like about 2012 is you are limited to a 2GB max size for the backup drive. Do we know if that barrier is finally lifted with 2016?

    1. Hi Brad,

      I am using 2 x 4 TB disks in an eSata enclosure, one for data and client backups and the other for server backup. Both are working fine, although neither have exceeded 2TB yet. However, I believe I wouldnt be able to use a 4TB at all for server backup if the limitation was still in place, so I think you are OK.


  2. In regards to accessing the server from the MS provided web address, to play music and videos, does this version of software still force you to use Silverlight? Like windows home server did?

  3. Have you attempted to do an “upgrade” of your domain?

    I don’t want to create a new domain, but I want to replace my old server with a server running a new server.

    I followed the instructions for Windows server 2012 ( and it worked mostly. The users in my domain don’t show up in the dashboard on the new server.

    I attempted to use windows powershell commands to import users, but the commands that existed in 2012 seem to be removed from 2016. (

    Import-Module WssCmdlets
    Import-WssUser –SamAccountName

    I know 2016 is new, but my old server is in need of upgrade. Thanks.. Wim.

  4. Hi Terry,

    Thanks for a great how-to guide on installing WSE 2016!

    I was a somewhat happy WHS 2011 user for years, but figured I had better migrate to a supported platform, so I recently went ahead and installed WSE 2012 R2 on new hardware. The install was a bit bumpy, but I got it down. However, getting our 5 PC’s (Win 7’s and 10’s) setup for backup was a nightmare (especially the WIN 10 issues, but a lot of others as well such as computers not showing online etc.) After days and nights of googling and installing/uninstalling various versions of the connector, I decided I would try 2016 essentials instead since I was installing from scratch on new hardware anyway.

    In researching this, I found your 3 part installation guide which I used as my bible and which was really helpful – thanks!

    During the server install, I only ran into ONE (1) issue (amazing!), which was: During the server config phase the progress bar stalled at 17%. Back to googling and I found this workaround: simply start the “Windows Server Essentials Management Service” and the process will start moving again – workaround found here: – piece of cake.

    I then setup and tested the server backup – this process went equally smoothly – I was stoked!. (The only issue I am facing in this regard is performance – the backup is extremely slow, but I’m not too worried and will work on this later).

    Finally, after this promising effort, I proceeded with the most important part of the project, and the real reason I need a windows server: Setting up the client backups. However this is where I hit a wall 🙁

    The good news first: unlike WSE 2012, the connector installs now go smoothly for both Win 7 and Win 10 clients – another promising sign. HOWEVER, after the connectors are installed, there is no right click option to start a manual backup even though backup is turned ON in the client backup config. Also, no backup started automatically during the specified timeframes. Finally, although the clients are showing online, the various status columns are showing “Not Available”. Both the clients and the server are up to date with all windows updates.

    I did some googling, but there is not much out there for WSE 2016 as it is so new. So after all of this, I have 2 questions:

    – Would you have some ideas as to how to troubleshoot the backups?
    – Do you know of any forums that actively deal with WSE2016 troubleshooting?

    Thanks again for your help,


    1. Wanted to know if the hack for…

      How to make Windows Server 2012 R2 Essentials client connector install behave just like Windows Home Server

      Still works with Windows Server 2016 Essentials?

  5. Hi Terry, thanks for you guides they are awesome. Installed Essentials today but when trying to change Microsoft Update settings I get an error “Cannot run the task” it says.

    When going to Windows Update and trying there I get another error (0x80070422) and I can’t get any updates that way too. Any suggestions what to do to get it to work?

    1. I realise I’m not terry, and this is somewhat late, but if anyone else has the problem (like I just did there is an easy fix. Go to Control Panel> Administrative Tools (click view small icons to see the option easily). Then double click ‘Services’, scroll down to find Windows Update and double click. You can change it to Automatic Startup and also Start the update service from here, and then the Update option will work from the Dashboard.

  6. Hi Terry,

    I used the WS2012R2 Eseentials bought your books and was a happy user – I was also lucky to set up the VPN for IOS devices. Recently I upgrades to WS2016 Essentials – and biggest concern the VPN for IOS – I´m still fighting to set it up. The RRAS – Routing and Remote Access console – says Legacy mode is disabled on this Server – even if I click on server properties – it says no properties are available – in 2012R2 it was the place where you could enter here the “IP Sec Shared Secret” password in the L2TP setup. Is there any default shared secret – or did you manage not just to set up but also connect from a W10 or even better via IOS to VPN of WS2016?

    1. i’ve the same problem. I try to uninstall remote access from WSE and install it from server manager… the result was i can configure VVPN parameters but (i don’t know why) i can’t use… I install (it was very hard) everything and the result is the same… Legay Mode and no way to configure vpn parameters. had you solve the problem?

  7. Thank you Terry. Just purchased Windows Server 2016 Essentials and doing a new installation. I had the issue you described where installation stopped at 17%. Your suggestion worked perfectly for me!
    Apparently this is still an issue.

  8. Has anyone been able to successfully change ports for Anywhere Access or use port forwarding? My ISP (UVerse) already uses port 443 so I can’t get a working solution.

    1. Use Port Forwarding in your router.
      I *never* use default port numbers for remote anything.
      For example, set the “incoming” port to listen at 4443, and forward that to 443 on the internal LAN.

  9. Hi There,

    I’m new on this, here is the thing:
    – My company solds a file system solution, with a backup solution.
    – I got two ML30 gen9 servers, both with WSEss2016. The architecture is this: One server should be ton the primary site and has to got the role of File Server. The second server should be in a recovery site, and should work as a back server. There will be a VPN between the two sites. And a Veeam Software would be used as backup application. This app needs a file system as a storage target so I would have to able to configure the second server as a file system, that can be seen thru the VPN.

    I need to configure 5 shared folders in the main site. And the backup server should be access thru the VPN.

    My main concern is about the Domain Controller. I only have Windows Server Essentials licenses, and as long as I’ve been reading, Essentials Server can only be deploy as the Main Domain Controller, it can’t be installed in a previously-installed Active Directory environment.

    I’m trying to make a lab, but the Virtual Box VM doesn’t start. It stopped at 17%…

    Can anybody help with the architecture?


Leave a Reply