Windows Admin Center Extension Architecture
Windows Admin Center (WAC) is a browser-based, locally deployed management tool for Windows Server 2022 that runs as either a desktop application or a gateway service. Unlike older management consoles such as Server Manager or the MMC snap-ins, WAC is built on modern web technologies — it is an Angular-based single-page application that communicates with managed nodes via WinRM (PowerShell remoting) and WMI over HTTPS. This architecture makes WAC highly extensible: its functionality is delivered entirely through a plugin system called extensions, and any developer (Microsoft, OEM, or third party) can write and publish an extension that appears as a new tool in the WAC interface.
WAC has two types of extensions: tool extensions and gateway plugins. A tool extension is a UI component rendered in the WAC interface — it adds a new pane or panel to the management view of a connection. A gateway plugin runs code on the WAC gateway server itself (server-side), enabling custom communication protocols or data sources. Most extensions you install are tool extensions; gateway plugins are used by specialized integrations like custom hardware management interfaces.
Extensions are packaged as NuGet packages (.nupkg files). The WAC extension feed is a NuGet-compatible repository. By default, WAC is configured to pull extensions from the Microsoft official feed at https://aka.ms/sme-extension-catalog-feed, but you can add private feeds for custom or internally developed extensions.
Installing WAC Extensions from the Built-in Feed
Open Windows Admin Center in your browser and navigate to Settings (gear icon in the top right) > Extensions. The Extensions page shows three tabs: Installed Extensions, Available Extensions, and Feeds. The Available Extensions tab lists all extensions published to the Microsoft extension catalog feed.
To install an available extension, select it from the list and click Install. WAC downloads the .nupkg from the feed, extracts it, and registers the extension. The page reloads and the new tool appears in the relevant connection types.
For unattended installation via PowerShell (useful when deploying WAC extensions at scale or during initial server provisioning), use the WAC REST API or the SMEDiag module. The WAC gateway exposes a REST API on its port (default 443) that can be scripted:
# List all available extensions via REST API
$gatewayUrl = "https://wac.yourdomain.com"
$headers = @{ "Authorization" = "Bearer $token" }
Invoke-RestMethod -Uri "$gatewayUrl/api/extensions" -Headers $headers -Method GetWAC does not natively expose a simple PowerShell install-extension cmdlet in its management interface. For scripted installs of specific .nupkg files, copy them directly to the WAC extensions directory:
# Default extension directory for gateway mode
$wacExtDir = "C:Program FilesWindows Admin Centernode_modules@microsoft"
Copy-Item -Path "C:extensionsMyExtension.1.0.0.nupkg" -Destination "$wacExtDirMyExtension.1.0.0.nupkg"After copying, restart the Server Management Experience service:
Restart-Service ServerManagementGatewayManual Extension Installation from a .nupkg File
When an extension is not published to the Microsoft feed — for example, a private extension developed in-house, a beta extension, or an OEM extension distributed by a hardware vendor — install it manually from a .nupkg file.
In the WAC Extensions settings page, click the Available Extensions tab, then click Install from file at the bottom of the panel. Browse to the .nupkg file and confirm the installation. WAC validates the package structure and registers the extension.
Alternatively, configure a private NuGet feed that hosts your internal extensions. This allows WAC to discover and install internal extensions through the same UI workflow as official extensions. See the NuGet feed configuration section below for details.
If a .nupkg file needs to be inspected before installation (for security review or troubleshooting), rename it with a .zip extension and extract it. The extension’s Angular application code is in the dist/ folder, and the package manifest is in the nuspec file. The bundle.js file contains the compiled extension logic.
Enabling and Configuring Extension Auto-Update
WAC can automatically update installed extensions when new versions are published to the configured feeds. Auto-update is controlled per-extension and applies at next launch. To enable or disable auto-update globally, go to Settings > Extensions > Installed Extensions and toggle the Automatically update extensions setting at the top of the page.
Per-extension auto-update is visible in the Installed Extensions list — each extension has an Auto-update column showing whether it is enabled. Extensions installed manually from .nupkg files do not auto-update; only feed-sourced extensions do.
In enterprise environments, you may want to disable auto-update for production WAC gateways to prevent untested extension versions from appearing without change control. Manage updates manually: review the Available Extensions tab periodically, note version changes, test on a staging WAC gateway, and then manually update production.
The WAC gateway configuration file is at:
C:Program FilesWindows Admin Centersettings.jsonThis JSON file stores feed URLs, TLS certificate settings, and gateway port configuration. Do not modify it while the gateway service is running.
Configuring NuGet Feeds for Private Extensions
To distribute internally developed WAC extensions or host OEM-provided extensions on your own NuGet server, configure a custom NuGet feed in WAC. In Settings > Extensions > Feeds, click Add. Enter a name and the URL of your NuGet v2 or v3 feed endpoint.
You can host a private NuGet feed using NuGet.Server (a simple ASP.NET application), Azure Artifacts, ProGet, Nexus Repository, or any other NuGet-compatible feed server. The feed must be accessible from the WAC gateway server over HTTPS.
Example: Hosting a simple file-based NuGet feed using NuGet.Server on IIS. Install NuGet.Server via NuGet.Server NuGet package into an IIS application, set the package path to a directory containing your .nupkg files, and configure IIS to expose it at https://nuget.yourdomain.com/nuget. In WAC, add the feed URL as:
https://nuget.yourdomain.com/nugetTo automate adding a feed via the WAC settings.json file, add an entry to the feeds array:
{
"feeds": [
{
"displayName": "Internal Extensions Feed",
"url": "https://nuget.yourdomain.com/nuget",
"authentication": "none"
}
]
}If the feed requires authentication, set the authentication type to “apiKey” and supply the key, or use “basic” with username/password. Store credentials securely — avoid hardcoding them in settings.json for production environments.
First-Party Extensions Built Into WAC
Several Microsoft extensions ship with WAC or are available from the official feed and are essential for Windows Server 2022 management:
Storage Replica: Provides a graphical interface for configuring and monitoring Storage Replica replication partnerships. Without this extension, Storage Replica must be managed entirely via PowerShell. The extension shows replication health, log progress, volume sync status, and lets you initiate failover. Install it from the Available Extensions tab — search for “Storage Replica”.
Failover Cluster Manager: Integrates Windows Server failover cluster management into WAC, allowing you to manage cluster nodes, roles, shared storage, and quorum from the WAC interface without the full Failover Cluster Manager MMC snap-in. This extension requires the Failover Clustering feature to be installed on the managed nodes.
Hyper-V: The Hyper-V extension in WAC provides VM management: creating and configuring VMs, managing virtual switches, monitoring CPU/memory usage, and accessing VM consoles via Enhanced Session Mode. It replaces Hyper-V Manager for basic operations. Install from the feed — search for “Hyper-V”.
Software Defined Networking (SDN): For organizations using Windows Server SDN with Network Controller, the SDN extension provides management of virtual networks, load balancers, gateways, and access control lists from WAC. This requires Azure Stack HCI or a full SDN deployment.
To install any of these from PowerShell by directly downloading and placing the nupkg:
# Example: install Storage Replica extension manually
$feed = "https://aka.ms/sme-extension-catalog-feed"
$pkg = "Microsoft.SME.StorageReplica"
$version = "2.0.0.0"
$destDir = "C:Program FilesWindows Admin Centerpackages"
Invoke-WebRequest -Uri "$feed/package/$pkg/$version" -OutFile "$destDir$pkg.$version.nupkg"
Restart-Service ServerManagementGatewayThird-Party OEM Extensions
Hardware vendors publish WAC extensions that expose server-specific management features — BMC/iDRAC/iLO access, firmware updates, RAID configuration, and hardware health monitoring — directly in the WAC interface. These extensions are available from vendor websites or from the Microsoft extension catalog.
Dell OpenManage Integration with WAC: Provides Dell-specific hardware monitoring, firmware update management, and iDRAC access for Dell PowerEdge servers. Download from the Dell Technologies support portal as a .nupkg file and install via the manual extension upload in WAC Settings.
Lenovo XClarity Integrator: Available in the WAC extension catalog under the name Lenovo XClarity Integrator for Windows Admin Center. Provides hardware health monitoring, system update management, and BMC console access for Lenovo ThinkSystem servers. Can be installed directly from the Available Extensions tab if it appears in your feed, or downloaded from Lenovo’s support site.
HPE InfoSight for Windows Admin Center: Provides predictive analytics, storage health, and HPE server management for HPE ProLiant servers. Available from HPE’s download center.
When installing OEM extensions, verify the publisher certificate of the .nupkg before installing in production. Right-click the .nupkg renamed as .zip, inspect the package metadata, and verify it is signed by the expected vendor.
Creating Custom WAC Extensions (SDK Overview)
Microsoft provides a WAC SDK that allows developers to build custom tool extensions. Extensions are Angular 14+ applications that use the WAC SDK Angular library (@msft-sme/core) for framework integration, communication with managed nodes, and UI components. The SDK includes shell commands for scaffolding a new extension project.
Prerequisites for WAC extension development:
– Node.js 18 LTS or later
– Angular CLI
– Windows Admin Center Developer Tools browser extension
Install the WAC SDK tooling:
npm install -g @angular/cli
npm install -g @msft-sme/generator-solution
npm install -g yoScaffold a new extension project:
yo @msft-sme/solution:solution
cd my-wac-extension
npm installThe generator creates an Angular project with the WAC SDK integrated. The key file is main.ts where you register the extension with WAC. Build the extension:
npm run build
npm run packageThe build produces a .nupkg file in the dist/ directory. Install it in WAC via the manual .nupkg upload process. To run in developer mode (load the extension from a local Angular dev server without packaging):
npm run serveThen in WAC Settings > Extensions, add a developer mode feed pointing to http://localhost:4201 and enable the developer flag. Changes to the Angular code hot-reload automatically in the WAC interface. Use the WAC Developer Tools browser extension to inspect the extension’s rendered HTML, view the NgModule tree, and check the WAC shell state.
Troubleshooting WAC Extensions with Browser DevTools
When an extension fails to load or behaves unexpectedly, the browser developer console is the first diagnostic tool. Open it with F12 in Edge or Chrome. WAC extension errors typically appear as Angular errors, failed HTTP requests, or module loading failures in the Console and Network tabs.
Common error patterns and their causes:
ChunkLoadError: Failed to load module — The extension’s JavaScript bundle files cannot be fetched. Check the Network tab for 404 errors on .js files. This usually means the extension package is incomplete or the nupkg was not extracted correctly.
401 Unauthorized on gateway API calls — The WAC session token has expired. Log out and back in. In gateway mode, ensure the user is in the Windows Admin Center Administrators local group on the gateway server.
NullInjectorError: No provider for SomeService — The extension has a dependency on a WAC SDK service that is not registered. This is a development bug — contact the extension publisher.
To enable WAC gateway verbose logging on the server for deeper troubleshooting:
Set-ItemProperty -Path "HKLM:SOFTWAREMicrosoftServerManagementGateway" -Name "LogLevel" -Value "Verbose"
Restart-Service ServerManagementGatewayWAC gateway logs are written to the Windows Event Log under Applications and Services Logs > Microsoft-ServerManagementExperience. View them with:
Get-WinEvent -LogName "Microsoft-ServerManagementExperience/Admin" | Select-Object TimeCreated, LevelDisplayName, Message -First 50For network connectivity issues between WAC and managed nodes, verify WinRM is enabled and accessible on port 5985 (HTTP) or 5986 (HTTPS) from the WAC gateway:
Test-NetConnection -ComputerName "server01.yourdomain.com" -Port 5986Deploying WAC Extensions at Scale via GPO
For organizations deploying WAC to multiple gateways — for example, one per datacenter or per administrative tier — maintaining consistent extension configurations across all gateways manually is impractical. The settings.json file can be pre-configured and deployed via Group Policy or a configuration management tool like DSC (Desired State Configuration).
Create a baseline settings.json with all required feeds and extension auto-update settings. Use a GPO logon script or a scheduled task on the WAC gateway server to copy this baseline file and restart the gateway service if changes are detected:
$targetSettings = "C:Program FilesWindows Admin Centersettings.json"
$sourceSettings = "\fileserverwac-configsettings.json"
$currentHash = Get-FileHash $targetSettings
$sourceHash = Get-FileHash $sourceSettings
if ($currentHash.Hash -ne $sourceHash.Hash) {
Stop-Service ServerManagementGateway
Copy-Item $sourceSettings $targetSettings -Force
Start-Service ServerManagementGateway
}For extension .nupkg files that must be present on all gateways, use DFS-R or a file share to centrally host the packages and have each gateway pull from that location on startup.
Another approach is to configure a private NuGet feed (hosted on an internal NuGet server) in the baseline settings.json. All WAC gateways will then show the same extensions in their Available tab and can install them consistently. This approach is preferred because it uses WAC’s native extension management mechanism rather than direct file manipulation.
To verify which extensions are installed on a WAC gateway from a remote management script, query the gateway’s extension directory:
Get-ChildItem -Path "C:Program FilesWindows Admin Centernode_modules" -Filter "*.nupkg" | Select-Object Name, LastWriteTimeAlternatively, use the WAC REST API to list installed extensions programmatically:
$session = New-Object Microsoft.PowerShell.Commands.WebRequestSession
$response = Invoke-WebRequest -Uri "https://wac.yourdomain.com/api/extensions" `
-UseDefaultCredentials `
-WebSession $session
($response.Content | ConvertFrom-Json).extensions | Select-Object id, version, isInstalledSummary
Windows Admin Center’s extension architecture transforms it from a basic server management tool into a extensible management platform. By understanding how to install extensions from the Microsoft feed, configure private NuGet feeds for internal distributions, use the WAC SDK to build custom extensions, troubleshoot problems via the browser console and gateway event logs, and deploy configurations at scale, you can maintain a consistent, powerful management interface across your Windows Server 2022 infrastructure. First-party extensions for Storage Replica, Hyper-V, and Failover Clustering significantly reduce the need for legacy MMC consoles, while OEM extensions and custom-built tools integrate hardware-level management directly into the WAC workflow.
