How to Configure Windows Admin Center Extensions on Windows Server 2025

How to Configure Windows Admin Center Extensions on Windows Server 2025

Windows Admin Center (WAC) is Microsoft’s modern, browser-based server management platform that consolidates the capabilities of Server Manager, Remote Server Administration Tools (RSAT), and numerous MMC snap-ins into a single web interface. What makes WAC especially powerful is its extensibility: a rich marketplace of extensions allows you to add specialized management capabilities for clustering, storage, containers, Azure hybrid services, and more — all without installing additional management tools on administrator workstations. On Windows Server 2025, WAC benefits from an updated extension API, improved Azure integration for hybrid scenarios, and tighter integration with Windows Defender and Windows Update. This guide covers installing and managing WAC extensions from the marketplace, configuring private extension feeds for internal tools, developing a custom extension using the WAC SDK, and troubleshooting common extension issues.

Prerequisites

• Windows Admin Center 2311 or later installed (gateway mode recommended for production)
• Windows Server 2025 target servers registered in WAC
• Microsoft Edge or Google Chrome (WAC is not supported on Internet Explorer)
• WAC gateway running on a Windows Server 2025 or Windows 11 machine
• Node.js 18 LTS or later (for custom extension development)
• Visual Studio Code with the Windows Admin Center extension development pack
• WAC Toolkit CLI installed: npm install -g @microsoft/windows-admin-center-sdk
• Outbound internet access from the WAC gateway to the Microsoft extension feed (for online installs)

Step 1: Navigate the WAC Extensions Marketplace

WAC extensions are managed through the Settings panel in the WAC interface. Access them by clicking the gear icon in the top-right corner and selecting Extensions. The marketplace shows available extensions (published to the Microsoft NuGet feed) and installed extensions with version information. Extensions can be installed, updated, or uninstalled from this panel without restarting the WAC service.

# Check WAC service status and version
Get-Service -Name "ServerManagementGateway" | Select-Object Name, Status, StartType

# Get WAC installation path and version from registry
Get-ItemProperty -Path "HKLM:SOFTWAREMicrosoftServerManagementGateway" |
    Select-Object InstallLocation, ProductVersion

# View WAC access URL and port
$wacConfig = Get-ItemProperty -Path "HKLM:SOFTWAREMicrosoftServerManagementGateway"
Write-Host "WAC URL: https://$env:COMPUTERNAME`:$($wacConfig.Port)"

# Restart WAC gateway service (required after some extension operations)
Restart-Service -Name "ServerManagementGateway" -Force
Write-Host "WAC gateway restarted."

# Verify WAC gateway is listening on its configured port
Get-NetTCPConnection -State Listen |
    Where-Object { $_.LocalPort -eq 443 -or $_.LocalPort -eq 6516 } |
    Select-Object LocalAddress, LocalPort, State

Step 2: Install Key WAC Extensions from the Marketplace

WAC ships with a base set of built-in tools (Firewall, Event Viewer, Storage, Remote Desktop, PowerShell). The following extensions extend its capabilities significantly and are recommended for Windows Server 2025 environments. Install them via Settings → Extensions → Available Extensions.

• Failover Clustering — manage Windows Server Failover Clusters, view nodes, roles, and networks
• Storage Replica — configure synchronous and asynchronous block replication between servers
• Storage Spaces Direct — manage hyper-converged infrastructure (HCI) storage pools and virtual disks
• Hyper-V Virtual Machines — manage VMs, virtual switches, and checkpoints
• Azure hybrid services — onboard servers to Azure Arc, Azure Backup, Azure Site Recovery, and Azure Monitor
• Containers — manage Windows containers and Docker images on the server
• Networks — advanced network configuration including RDMA, SET teaming, and virtual switches

# WAC extensions can also be managed via the WAC PowerShell module
# The module is installed with WAC at: $env:ProgramFilesWindows Admin CenterPowerShell
Import-Module "$env:ProgramFilesWindows Admin CenterPowerShellWacModule.psm1" -ErrorAction SilentlyContinue

# List all currently installed WAC extensions
# (Run these from the WAC server itself)
$wacExtPath = "$env:ProgramFilesWindows Admin CenterNodeextensions"
Get-ChildItem -Path $wacExtPath -Directory | Select-Object Name, CreationTime, LastWriteTime

# Check WAC extension feed URL (default: Microsoft NuGet feed)
$feedConfigPath = "$env:ProgramDataServer Management Gatewayextensions.json"
if (Test-Path $feedConfigPath) {
    Get-Content $feedConfigPath | ConvertFrom-Json | Select-Object -ExpandProperty feeds
}

# Verify extension package integrity (NuGet package signature)
$nupkgFiles = Get-ChildItem -Path $wacExtPath -Filter "*.nupkg" -Recurse
foreach ($pkg in $nupkgFiles) {
    Write-Host "Extension package: $($pkg.Name) — Size: $($pkg.Length) bytes"
}

Step 3: Configure a Private WAC Extension Feed

Organizations developing internal WAC extensions or staging tested versions before broader rollout can host a private NuGet extension feed. WAC supports adding custom feed URLs through the Extensions settings panel. A private feed can be as simple as a network share hosting .nupkg files (using the NuGet local folder provider) or a full NuGet server (e.g., Azure Artifacts, Nexus, or ProGet).

# Create a local folder-based NuGet feed on a network share
$feedPath = "\srv-mgmt01WACExtensions"
New-Item -ItemType Directory -Path $feedPath -Force

# Set permissions so WAC gateway service account can read the feed
$acl = Get-Acl $feedPath
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule(
    "progressiverobotWACGatewayService",
    "ReadAndExecute",
    "ContainerInherit,ObjectInherit",
    "None",
    "Allow"
)
$acl.SetAccessRule($accessRule)
Set-Acl -Path $feedPath -AclObject $acl

# Add the private feed to WAC via the extensions.json configuration
# WAC reads this file at startup; edit it and restart the service
$feedConfig = Get-Content "$env:ProgramDataServer Management Gatewayextensions.json" | ConvertFrom-Json

# Add new feed entry
$feedConfig.feeds += [PSCustomObject]@{
    url         = $feedPath
    displayName = "Internal WAC Extensions"
    private     = $true
}

$feedConfig | ConvertTo-Json -Depth 10 |
    Set-Content "$env:ProgramDataServer Management Gatewayextensions.json" -Encoding UTF8

# Restart WAC to pick up the new feed
Restart-Service -Name "ServerManagementGateway" -Force
Write-Host "Private feed configured. Restart WAC and check Settings → Extensions → Feeds."

# Install NuGet CLI to package and publish internal extensions to the feed
# Download nuget.exe from https://dist.nuget.org/win-x86-commandline/latest/nuget.exe
$nugetPath = "C:Toolsnuget.exe"
# Publish a .nupkg to the local feed:
& $nugetPath add "C:BuildMyWACExtension.1.0.0.nupkg" -Source $feedPath
Write-Host "Extension package published to private feed."

Step 4: Develop a Custom WAC Extension with the WAC SDK

WAC extensions are Angular-based TypeScript applications that communicate with WAC’s PowerShell gateway to execute commands on managed servers. The WAC Toolkit CLI scaffolds a new extension project with the correct structure, build pipeline, and WAC API service wiring. Custom extensions can add new tools to the server connection view, add dashboard widgets, or even extend the cluster management interface.

# Install Node.js 18 LTS and npm first, then install the WAC SDK CLI
# These commands are run in a developer PowerShell session, not on the server
npm install -g @microsoft/windows-admin-center-sdk@latest
wac --version

# Scaffold a new WAC tool extension
# A tool extension adds a new entry to the left nav of a server connection
New-Item -ItemType Directory -Path "C:DevWACExtensions" -Force
Set-Location "C:DevWACExtensions"

# Create the extension scaffold
wac create extension --name "ServerDiskReport" --type "tool"
# This generates:
#   src/              — Angular source (components, services, modules)
#   manifests/        — package.json and manifest files
#   gulpfile.js       — build pipeline
#   package.json      — npm dependencies

Set-Location "C:DevWACExtensionsServerDiskReport"
npm install   # Install Angular and WAC SDK dependencies

# Build the extension in watch mode for development (hot-reload)
npm run build:dev

# Side-load the extension into your WAC gateway for testing
# In WAC: Settings → Extensions → Installed → Load unpacked
# Point to: C:DevWACExtensionsServerDiskReportdist

Step 5: Implement a PowerShell Gateway Provider in Your Extension

WAC extensions communicate with managed servers by calling PowerShell scripts through the WAC gateway. The gateway acts as a secure proxy — WAC authenticates the admin, then runs the PowerShell command on the target server using CredSSP or Kerberos delegation. In your extension’s TypeScript service, you use the PowerShell gateway provider to run commands and receive results.

# Example PowerShell script that your WAC extension will invoke on managed servers
# Save this in your extension's src/resources/scripts/get-disk-report.ps1

param (
    [Parameter(Mandatory=$false)]
    [string]$DriveLetter = "C"
)

$disk = Get-PSDrive -Name $DriveLetter -ErrorAction SilentlyContinue
$volume = Get-Volume -DriveLetter $DriveLetter -ErrorAction SilentlyContinue

if (-not $disk -or -not $volume) {
    throw "Drive $DriveLetter not found on this server."
}

$totalGB = [math]::Round($volume.Size / 1GB, 2)
$freeGB  = [math]::Round($volume.SizeRemaining / 1GB, 2)
$usedGB  = [math]::Round(($volume.Size - $volume.SizeRemaining) / 1GB, 2)
$usedPct = [math]::Round(($usedGB / $totalGB) * 100, 1)

[PSCustomObject]@{
    DriveLetter   = $DriveLetter
    FileSystemLabel = $volume.FileSystemLabel
    FileSystem    = $volume.FileSystem
    TotalGB       = $totalGB
    UsedGB        = $usedGB
    FreeGB        = $freeGB
    UsedPercent   = $usedPct
    HealthStatus  = $volume.HealthStatus
    DriveType     = $volume.DriveType
}

# WAC TypeScript service stub showing how the Angular service calls PowerShell
# (TypeScript/Angular — shown in PowerShell comment block for context)
# File: src/app/disk-report/disk-report.service.ts
#
# import { Injectable } from '@angular/core';
# import { PowerShell, PowerShellSession } from '@microsoft/windows-admin-center-sdk/core';
#
# @Injectable()
# export class DiskReportService {
#   constructor(private appContext: AppContextService) {}
#
#   getDiskReport(nodeName: string, driveLetter: string): Observable {
#     return PowerShell.run(
#       this.appContext,
#       nodeName,
#       Scripts.getDiskReport,      // compiled PowerShell script reference
#       { driveLetter: driveLetter } // parameter mapping
#     );
#   }
# }

# Package the completed extension as a NuGet package for distribution
Set-Location "C:DevWACExtensionsServerDiskReport"
npm run build          # Production build
gulp package-solution  # Creates ServerDiskReport.1.0.0.nupkg

# View the generated package
Get-Item ".distServerDiskReport.*.nupkg" | Select-Object Name, Length, LastWriteTime

Step 6: Troubleshoot WAC Extension Issues

Extension installation failures most commonly stem from version incompatibility between the extension and the WAC gateway API version, certificate trust issues (self-signed gateway cert), or network restrictions blocking the NuGet feed. Use the WAC diagnostic log and browser developer tools to identify the root cause.

# Check WAC gateway diagnostic log for extension errors
$logPath = "$env:ProgramDataServer Management GatewayLogs"
Get-ChildItem -Path $logPath -Filter "*.log" | Sort-Object LastWriteTime -Descending | Select-Object -First 3

# View the most recent WAC log (last 100 lines)
Get-Content (Get-ChildItem $logPath -Filter "*.log" | Sort-Object LastWriteTime -Descending |
    Select-Object -First 1 -ExpandProperty FullName) -Tail 100 |
    Select-String -Pattern "error|extension|failed" -CaseSensitive:$false

# Check Windows Event Log for WAC extension errors
Get-WinEvent -LogName "Application" -MaxEvents 50 |
    Where-Object { $_.ProviderName -like "*ServerManagement*" -and $_.Level -le 3 } |
    Select-Object TimeCreated, Id, Level, Message | Format-List

# Verify WAC can reach the Microsoft extension feed
Test-NetConnection -ComputerName "aka.ms" -Port 443
Test-NetConnection -ComputerName "api.nuget.org" -Port 443

# Clear WAC extension cache (resolves stale package issues)
$cacheDir = "$env:ProgramDataServer Management Gatewaypackages"
Get-ChildItem -Path $cacheDir -Filter "*.nupkg" | Remove-Item -Force
Restart-Service -Name "ServerManagementGateway" -Force
Write-Host "WAC package cache cleared and service restarted."

# Check extension compatibility (manifest should match gateway API version)
$gatewayVersion = (Get-ItemProperty "HKLM:SOFTWAREMicrosoftServerManagementGateway").ProductVersion
Write-Host "WAC Gateway Version: $gatewayVersion"
Write-Host "Extension manifests must specify API version <= $gatewayVersion"

Step 7: Integrate WAC with the Azure Portal

WAC integrates with the Azure portal, allowing you to manage on-premises Windows Server 2025 machines directly from the Azure Windows Admin Center blade — useful for organizations with Azure subscriptions that want a unified management plane. This requires the server to be Azure Arc-enabled and WAC to be registered with Azure.

# Enable Azure integration in WAC by registering with Azure
# This generates an Azure AD application registration for WAC
# In WAC UI: Settings → Azure → Register

# Verify Azure Arc agent is installed and connected
azcmagent show | Select-String "Status|ResourceGroup|Location|SubscriptionId"

# Check Arc extension health (WAC Arc extension must be installed)
Get-WinEvent -LogName "Application" |
    Where-Object { $_.ProviderName -like "*WindowsAdminCenter*" } |
    Select-Object -First 10 TimeCreated, Message

# View WAC Azure registration status via registry
Get-ItemProperty -Path "HKLM:SOFTWAREMicrosoftServerManagementGatewayAzure" `
    -ErrorAction SilentlyContinue |
    Select-Object TenantId, ClientId, Registered

# WAC in Azure portal uses these resource IDs — verify Arc onboarding
Get-ItemProperty -Path "HKLM:SOFTWAREMicrosoftAzure Connected Machine Agent" |
    Select-Object TenantId, SubscriptionId, ResourceGroup, ResourceName

Conclusion

Windows Admin Center’s extension ecosystem transforms it from a basic server management portal into a comprehensive operations hub tailored to your organization’s specific needs. By installing marketplace extensions for clustering, storage, Hyper-V, and Azure hybrid services, you consolidate management workflows that previously required multiple disparate tools. Configuring a private extension feed enables controlled rollout of internal tools and pre-release extensions without exposing your gateway to the public NuGet feed. For organizations with specialized management requirements, the WAC SDK — built on Angular and TypeScript — provides a well-documented framework for building custom extensions that invoke PowerShell on managed servers through the secure WAC gateway. When extensions misbehave, the WAC log directory and Windows Event Log are your first diagnostic stops, along with verifying API version compatibility between the extension manifest and your gateway version. As Microsoft continues to invest in WAC as the browser-based successor to traditional MMC tools, building familiarity with its extension model now positions your team to manage Windows Server 2025 infrastructure efficiently for years to come.