Windows Server requirements

TeamViewer DEX Platform 26.3 | 1E Platform 23.11 | 1E Platform on-premises 9.x

This article covers the minimum and recommended Windows Server requirements for deploying the 1E Platform. Includes supported OS versions, hardware specs, SQL Server compatibility, and setup guidance for a successful installation.

You will need to provision one or more servers using the guidance provided here as the minimum specification. For comprehensive guidance for CPU, RAM, disk volumes, and network connections, refer to Server sizing requirements.

You will install each 1E Server using 1E Server setup. To make the process easier for installing 1E Platform and its applications, 1E Setup helps you:

Prepare for a successful deployment of 1E Platform and applications.
Find online resources for 1E Platform and applications.
Check and configure prerequisites.
Create the 1E Server certificate for use with the 1E Server website and the 1E Switch.
Deploy selected components.
Perform post-installation tasks, including configuring the components for interaction with each other.
Running validation tests on the completed installation.

The correct choice of DNS Name(s) for your 1E Servers is perhaps the most fundamental decision you will make.

Server software

Category	Product	Notes
Server OS	Windows Server 2022 Windows Server 2019	Only 64-bit server OS are supported. The server must be joined to a supported directory service, such as Active Directory (on-premises) or Azure Active Directory Domain Services (Azure ADDS). This version of 1E requires the server OS to be English because of a known issue with certain regional settings. If TLS 1.0 is disabled, ensure you follow the steps in Preparation If TLS1.0 is disabled to add registry entries, for the 1E Catalog Update Service to successfully connect to the 1E Cloud Catalog. This list shows only those OS versions in mainstream support by Microsoft, and therefore supported by 1E, and by 1E Client . Refer to Constraints of legacy OS regarding the end of mainstream support. For Microsoft product lifecycle details, refer to Search Product and Services Lifecycle Information. Refer to Support for Microsoft Rapid-Release Cycle for details of which Current Branch versions are supported by 1E products, and known issues regarding specific versions.
SQL Server SQL Server Analysis Services (SSAS)	SQL Server 2022 SQL Server 2019	For more detail, refer to SQL Server requirements. Standard and Enterprise editions of these versions of SQL Server are supported. 1E only supports AlwaysOn Availability Groups on SQL Server Enterprise Edition, refer to High Availability options for SQL Server for HA options and their requirements. A SQL Server database instance is required for the following databases: 1E Catalog ContentDistribution (optional - required for Content Distribution) SLA-BI (optional - required for Patch Success) SLA-Data SLA-Integrate SLA-Shared TachyonExperience (optional - required for Experience Analytics) TachyonMaster TachyonResponses SLA Inventory databases: 1E Server Setup can install the above databases on separate SQL Server instances, however SLA-Data, SLA-Integrate, and SLA-Shared must exist on the same instance. All SQL Server instances must be configured with the following: A case-insensitive, accent-sensitive collation which is SQL_Latin1_General_CP1_CI_AS by default. Allow remote connections to this server enabled. SQL Server Management Studio is required to review the configuration and edit settings in 1E database tables. For the latest information about SQL Server prerequisites, refer to MSDN: Hardware and Software Requirements for Installing SQL Server.
Microsoft Endpoint Configuration Manager	MECM CB 2303 MECM CB 2211 MECM CB 2207 MECM CB 2203 MECM CB 2111	1E uses Configuration Manager for the following optional apps and features: Reclaiming a product using SCCM Uninstall Application Migration captures data using the System Center Configuration Manager connector ConfigMgr extensions for 1E Endpoint Troubleshooting - installed on Configuration Manager consoles using the 1E Toolkit installer Monitoring Content Distribution helps make Configuration Manager more efficient Content Distribution provides the following Content Distribution features for Configuration Manager: Content Distribution app Single Site Download Task sequence actions to augment OS Deployment Peer Backup Assistant - PBA High Availability PBA (HAPBA) Get Migration Settings to manage computer associations Pre-caching Download Pause The Nomad app requires the Content Distribution web service to synchronize with the Configuration Manager database. For standalone primary site environments, permissions are automatically assigned to the service account of Content Distribution's web application pool service (by default Network Service) using the ConfigMgr_DViewAccess localgroup native to Configuration Manager. For a CAS, this group is not created natively therefore additional steps are required to allow access. Refer to Microsoft Endpoint Configuration Manager preparation.
Web Server	IIS 10	Refer to Windows Server roles and features
Runtime libraries	ASP.NET Core Framework 6.0 Visual C++ 2013 Redistributable Visual C++ 2015-2019 Redistributable .NET Framework 4.8	Refer to Windows Server roles and features. For supported combinations of OS and .NET Framework, refer to: .NET Framework versions and dependencies. Both Windows Server 2022 has .NET Framework 4.8 and Windows Server 2019 have .NET Framework 4.7.2 installed by default. For ASP, Visual C ++ and SQL BCP: ASP.NET Core Hosting Bundle: Is required only for the Content Distribution component. It is not included with the Operating System, and must be downloaded and installed separately. If it not already installed, 1E Setup will attempt to automatically download version 6.0.5 and install it. Alternatively you can download it, or a later version, and install it yourself. Refer to ASP.NET Core Hosting Bundle. Visual C ++: Installers include and automatically installs the redistributable packages for Visual C++ 2013 and Visual C++ 2015-2019. The Coordinator (licensing module on the Master Stack), and Switch (on Response Stack) are written in C++ using Visual Studio 2013 and 2019, therefore require the runtime (x64) versions of these packages. Other server components use .NET Framework. SQL BCP is required by the Export All feature described in Exporting data from Endpoint Troubleshooting, and must be installed on each Tachyon Response Stack server (specifically the servers which have the Tachyon Core installed). BCP uses ODBC, which requires Microsoft ODBC Driver versions 13.1 and 17 and Visual C++ 2017 Redistributable to be installed first, refer toP SQL BCP.
Other software	PowerShell	PowerShell is required by 1E Server Setup during installation.
Browsers	Latest version of: Google Chrome Microsoft Edge (Chromium) Mozilla Firefox	A browser is not a prerequisite for installation of 1E servers and components, but is required to use and administer 1E. Administration is performed via the 1E portal and can be on a remote computer. These browsers are supported on all OS platforms which the browser vendor supports. The portal and any API should be added as a trusted site. This is especially important when running scripts which may produce unexpected errors. Microsoft legacy browsers: Support has been withdrawn for Internet Explorer 11 and legacy Microsoft Edge (non-Chromium version) because Microsoft no longer supported them since 2021. We recommend you use Google Chrome, Firefox, or Microsoft Edge Chromium browser.

Naming

Computername

The computername of a 1E Server must comply with Microsoft NetBIOS naming standards, which includes having a length of 15 characters or less. Refer to Computer Names.

DNS names and SPNs

Refer to the following sections on the Network requirements page:

Windows Server roles and features

Items in bold are included in the PowerShell script available for download from Windows Server roles and features.

1E Setup will create a website with the necessary bindings, therefore do not pre-create a website of the same name.

The following roles, role services and features must be installed/enabled as a minimum. The Name column is the reference used in PowerShell commands. In the case of .NET Framework features we refer to 4.X in the Display Name, as X may be different depending on the server OS. The PowerShell Name always uses 45 instead of the actual version.

Roles and features

Role or Feature	Display Name	Name	Notes
Web Server	Web Server (IIS)	Web-Server
Web Server Common HTTP Features	Default Document	Web-Default-Doc	Included in Web-Server.
	Directory Browsing	Web-Dir-Browsing	Included in Web-Server.
	HTTP Errors	Web-Http-Errors	Included in Web-Server.
	Static Content	Web-Static-Content	Included in Web-Server.
	HTTP Redirection	Web-Http-Redirect	Only required to support legacy Nomad clients after upgrading ActiveEfficiency.
Web Server Health and Diagnostics	HTTP Logging	Web-Http-Logging	Included in Web-Server.
Web Server Performance	Static Content Compression	Web-Stat-Compression	Included in Web-Server.
	Dynamic Content Compression	Web-Dyn-Compression
Web Server Security	Request Filtering	Web-Filtering	Included in Web-Server.
Basic Authentication	Web-Basic-Auth	Only required if using 1E ITSM Connect or 1E Core for integrating ServiceNow and 1E Platform.
	IP Address and Domain Restrictions	Web-IP-Security	See note below.
	Windows Authentication	Web-Windows-Auth
Web Server Application Development	.NET Extensibility 4.X	Web-Net-Ext45	Included in Web-Asp-Net45.
	ASP.NET 4.X	Web-Asp-Net45
	ISAPI Extensions	Web-ISAPI-Ext	Included in Web-Asp-Net45.
	ISAPI Filters	Web-ISAPI-Filter	Included in Web-Asp-Net45.
Web Server Management Tools	IIS Management Console	Web-Mgmt-Console
.NET Framework 4.X Features	.NET Framework 4.X	Net-Framework-45-Core
	ASP.NET 4.X	Net-Framework-45-ASPNET

The following roles, role services and features must be removed/disabled.

Parent	Display Name	Name
Web Server Common HTTP Features	WebDAV Publishing	Web-DAV-Publishing

IIS Features Configuration

Core web applications use IP and Domain Restrictions so that only specific servers can access it. Other web applications cannot be accessed using HTTP because their SSL Settings are configured with Require SSL.
The web applications for the Consumer API and Explorer use 1E role-based security and therefore have Windows Authentication enabled. The other web applications have Anonymous Authentication enabled.
HTTP Redirection (Web-Http-Redirect)and Web-Http-Redirect are only required to support legacy Content Distribution clients after an In-place upgrade of ActiveEfficiency Server for Nomad.
Basic Authentication (Web-Basic-Auth) and Web-Basic-Auth are required only if you will be installing 1E ITSM Connect or 1E Core for integrating ServiceNow and 1E Platform.

Anti-Virus and malware

The following should be excluded from scans to prevent file locking and resource deletion.

1E log files
The Background channel virtual directories,Agent, Content, Installers, PolicyDocuments, and Updates, which by default are in %programdata%\1E\Tachyon

Constraints of legacy OS

1E does not provide support for 1E products on the following operating systems unless the operating system is explicitly listed as being supported for a specific 1E product or product feature. This is because Microsoft has ended mainstream support for these operating systems or they are not significantly used by business organizations.

For Microsoft product lifecycle details, refer to Search Product and Services Lifecycle Information. For details of which Current Branch versions are supported by 1E products, and known issues regarding specific versions, refer to Support for Microsoft Rapid-Release Cycle.

Windows XP
Windows Vista
Windows 7
Windows 8.0
Windows 8.1
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Windows Server 2019

1E Client 24.5 and later will not install on Windows XP and Windows Server 2003. Contact 1E if you intend to continue using any of the other legacy OS. If you experience an issue, then please try replicating the issue on a supported OS.

Microsoft legacy browsers

Support has been withdrawn for Internet Explorer 11 and legacy Microsoft Edge (non-Chromium version) because Microsoft no longer supported them since 2021. We recommend you use Google Chrome, Firefox, or Microsoft Edge Chromium browser.

Certificate limitations - SHA2

Like most software vendors, 1E software requires the OS to support SHA2. If your organization has a PKI configured to use SHA2 256 or higher encryption, then your legacy OS may have already been updated to support it.

Windows XP and Server 2003 require an update as described in KB968730. Microsoft no longer provides this hotfix as a download. You must contact Microsoft Support if you need it.
Windows 7 and Server 2008 R2 require an update as described in KB3033929. This update is not available for Vista and Server 2008.
Windows 8, 8.1, Server 2012, Server 2012 R2 and later OS already support SHA2.

Certificate limitations - encrypted certificate requests

Windows XP and Server 2003 are unable to encrypt certificate requests, whereas later OS are able to support higher more secure RPC authentication levels. If you are using a Microsoft CA and expect these clients to request (enrol) certificates then the CA must have its IF_ENFORCEENCRYPTICERTREQUEST flag disabled. It is disabled by default on Windows 2003 and 2008 CA, but is enabled by default on Windows 2012 CA.

To determine which InterfaceFlags are set, execute the following command on the CA server:

Copy

certutil -getreg CA\InterfaceFlags

If the following is specified then it means the flag is enabled:

Copy

IF_ENFORCEENCRYPTICERTREQUEST -- 200 (512)

To disable the encrypt certificate requests flag, execute the following commands on the CA server:

Copy

 certutil -setreg CA\InterfaceFlags -IF_ENFORCEENCRYPTICERTREQUEST
 sc stop certsvc
 sc start certsvc

Certificate limitations - signing certificates missing

On Windows computers, the installation MSI files, and binary executable and DLL files of 1E software are digitally signed. The 1E code signing certificate uses a timestamping certificate as its countersignature. 1E occasionally changes its code signing certificate, and uses it for new releases and patches for older versions, as shown in the table(s) below.

Root Certificate Authorities are implicitly trusted to validate certificates, and their certificates must be correctly installed to do this. Your computers should already have the necessary root CA certificates installed, however this may have been prevented by your organization's security policies, or inability to connect to the Internet, or they are legacy OS. In general this is not an issue because by default Windows allows software to be installed and run without validation, although you may see a warning or experience a delay. However, you must have relevant CA certificates installed if you are using 1E Client (which self-validates its own files), or your organization has applied more secure polices (for example UAC, AppLocker or SmartScreen).

Typical reasons for issues with signing certificate are:

If your organization has disabled Automatic Root Certificates Update then you must ensure the relevant root CA certificates are correctly installed on each computer.
If computers do not have access to the Internet then you must ensure the relevant root and issuing CA certificates are correctly installed on each computer, numbered in the table(s) below.

The signature algorithm of the 1E code signing certificate is SHA256RSA. In most cases, the file digest algorithm of an authenticode signature is SHA256, and the countersignature is a RFC3161 compliant timestamp. The exception is on legacy OS (Windows XP, Vista, Server 2003 and Server 2008) which require the file digest algorithm of an authenticode signature to be SHA1, and a legacy countersignature.

The table below applies to software and hotfixes released in 2020.

2020	Signing certificate	Timestamping certificates
Certificate	1E Limited	TIMESTAMP-SHA256-2019-10-15 and DigiCert Timestamp Responder.
Issuing CA	DigiCert EV Code Signing CA (SHA2) Thumbprint: 60ee3fc53d4bdfd1697ae5beae1cab1c0f3ad4e3	DigiCert SHA2 Assured ID Timestamping CA Thumbprint: 3ba63a6e4841355772debef9cdcf4d5af353a297 and DigiCert Assured ID CA-1 Thumbprint: 19a09b5a36f4dd99727df783c17a51231a56c117
Root CA	DigiCert High Assurance EV Root CA Thumbprint: 5fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25	DigiCert Assured ID Root CA Thumbprint: 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43

2020

Signing certificate

Timestamping certificates

Certificate

1E Limited

TIMESTAMP-SHA256-2019-10-15 and DigiCert Timestamp Responder.

Issuing CA

DigiCert EV Code Signing CA (SHA2)

Thumbprint: 60ee3fc53d4bdfd1697ae5beae1cab1c0f3ad4e3

DigiCert SHA2 Assured ID Timestamping CA

Thumbprint: 3ba63a6e4841355772debef9cdcf4d5af353a297

and DigiCert Assured ID CA-1

Thumbprint: 19a09b5a36f4dd99727df783c17a51231a56c117

Root CA

DigiCert High Assurance EV Root CA

Thumbprint: 5fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25

DigiCert Assured ID Root CA

Thumbprint: 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43

Certificate limitations - expired root certificates

Ensure that your Root CA Certificates are up-to-date on clients and servers. The Automatic Root Certificates Update feature is enabled by default, but its configuration may have been changed or restricted by Group Policy Turn off Automatic Root Certificates Update.

If this GPO is enabled, then you will see DisableRootAutoUpdate = 1 (dword) in HKLM\Software\Policies\Microsoft\SystemCertificates\AuthRoot.

PowerShell limitations

PowerShell version 3.0 (required by some 1E instructions) is not supported on Windows XP, Vista and Server 2003. However, PowerShell 2.0 is supported on the following OS versions:

Windows XP SP3
Vista SP1 & SP2
Windows Server 2003 R2 & SP2