I'm in the process of replacing my Ubiquiti core switch with a Brocade L3 and setting it up with OPNsense. Since OPNsense doesn't function properly with DHCP & VLANs/subnets - I will need to have a Windows server running DNS/DHCP on the network. I decided to go down the Server Core path because
The solution is to use Microsoft's command line utilities - devcon.exe and pnputil.exe. As way of example, I'll show how to get the Topton N5105's i225-V NICs running on Server Core
Of course you'll need to identify your NIC (or whatever other hardware you have) and make sure you know the device ID. One way to do this is to (if you read further down and get hold of devcon.exe) is to use devcon status / devcon find /devcon findall and see which drivers have stopped or which device IDs do not have matching drivers installed
Another way is to see if the device installs in "normal" Server or even Windows Workstation by choosing a different driver and then looking at the INF file for details on that specific driver.
In my case, I downloaded Rel 28 of the Intel complete driver pack here: and used

Note the
In the INF file you will find two or possibly three "manufacturer" sections as follows:
i.e. the
Similarly,
Now if we look at our e2.inf file inside the Intel WS2022 directory, we find the following for the

That's right - the entry exists only for Windows Workstation (the 10.0.1 section) and NOT for any OTHER version of Windows (i.e. the 10.0... section). Which means on Server it will NOT install this driver automatically. You can still force install it - which is what we will do with Server Core.
To force install, we will
Modifying the INF file: Please don't download modded INF files and drivers. Modify them yourself because it's easy and you'll tailor the INF to your specific hardware. In order to do this, we only need to modify the manufacturer section in the file that is used for non-workstation versions when installing i.e.

Notice the highlighted section? All I've done is taken the specific model entry
Usually, that's pretty much the only change you need to make, leave the rest of the INF file untouched - however, sometimes you might need to make sure the
Downloading Devcon.exe from Microsoft: please don't download devcon from anywhere else except Microsoft. It's usually installed as part of the Windows DDK, however, one can download just devcon as follows: Take a look at Drawbackz's repo here: GitHub - Drawbackz/DevCon-Installer. They maintain a JSON that tracks devcon for every Windows version - devcon_sources.json. Use the JSON to look at the URL for your Server Core version - you'll need to download the CAB file and then expand the specific file inside - I used 7zip to do this.
There's an excellent page by Microsoft on devcon examples here: Device Console (DevCon.exe) examples - Windows drivers
Try the following to get your problem driver IDs
And look for anything that says 'no matching driver' or 'device has a problem:28' etc
Turning off driver signature enforcement: as Administrator, in a command window, type the following and reboot

Once this is done, login back to server core, make sure you have the driver files with the modded INF and use devcon WITH THE CORRECT HARDWARE ID. This is super important. If you do not use it with the proper hardware ID, it will NOT install correctly. In my case, I used devcon status to find out the exact hardware IDs that had Code 28 problems. There were four of them and they were of the form

If you've turned off driver signing enforcement - you will get the popup that asks if you want to install these drivers because they're unsigned. Once you choose yes, it should say "drivers installed successfully"
That's it. You now have Server Core 2022 working with the Topton N5105 and i225-V NICs ! You can now use Get-NetAdapter to check if the NICs are doing their thing

Oh and do not forget to turn driver signing back on
(..now if only someone would provide similar detailed instructions on how to setup OPNsense with a Brocade L3 switch + VLANs
)
- It boots and is ready in < 20 seconds
- Core is supposed to have a significantly reduced attack surface compared to normal Server with Desktop Experience
- Server Core is less resource hungry than Server
The solution is to use Microsoft's command line utilities - devcon.exe and pnputil.exe. As way of example, I'll show how to get the Topton N5105's i225-V NICs running on Server Core
Of course you'll need to identify your NIC (or whatever other hardware you have) and make sure you know the device ID. One way to do this is to (if you read further down and get hold of devcon.exe) is to use devcon status / devcon find /devcon findall and see which drivers have stopped or which device IDs do not have matching drivers installed
Another way is to see if the device installs in "normal" Server or even Windows Workstation by choosing a different driver and then looking at the INF file for details on that specific driver.
In my case, I downloaded Rel 28 of the Intel complete driver pack here: and used
Release_28.0\PRO2500\Winx64\WS2022
directory to install drivers. The GUI prompt was looking for a Intel(R) Ethernet Controller (3) I225-V
driver and sure enough in the Release_28.0\PRO2500\Winx64\WS2022\e2.inf
file we have a section with the "Intel(R) Ethernet Controller (3) I225-V" header
Note the
[E15F3_3.10.0.1..17763]
- this bears explaining as it is crucial to proper installation. This is the model section identifier of the driver model. When Windows looks at the INF file, it looks at certain "manufacturer" sections depending on whether it is Windows Workstation or Windows Server. In each "manufacturer" section, Windows will look at a list of model sections and see if it matches the device ID for the hardware it is installing.In the INF file you will find two or possibly three "manufacturer" sections as follows:
Code:
[Intel]
;
[Intel.NTamd64.10.0.1..17763]
; DisplayName Section DeviceID
; ----------- ------- --------
; all Windows drivers here
[Intel.NTamd64.10.0...17763]
; DisplayName Section DeviceID
; ----------- ------- --------
; all Windows SERVER drivers here
[Intel.NTamd64.10.0.1..17763]
section contains driver model strings for drivers that Windows can load for Workstation versions for Windows 10 build version 1809. And the [Intel.NTamd64.10.0...17763]
section contains driver strings for ALL Windows versions build 1809. Hence the earlier section overrides the latter one and is used for Workstation and the latter is used for everything except Workstation.Similarly,
[Intel.NTamd64.10.0...20348]
would refer to Windows Server 2022 (because the build version for that is 20348). If you're curious about this - refer here for details: INF Manufacturer section - Windows driversNow if we look at our e2.inf file inside the Intel WS2022 directory, we find the following for the
[E15F3_3.10.0.1..17763]
entry:
That's right - the entry exists only for Windows Workstation (the 10.0.1 section) and NOT for any OTHER version of Windows (i.e. the 10.0... section). Which means on Server it will NOT install this driver automatically. You can still force install it - which is what we will do with Server Core.
To force install, we will
- Modify the INF file so that a suitable driver entry for Windows Server will exist.
- Download devcon.exe from Microsoft
- Turn off driver signature enforcement so that our modified INF file can be used for installation
Modifying the INF file: Please don't download modded INF files and drivers. Modify them yourself because it's easy and you'll tailor the INF to your specific hardware. In order to do this, we only need to modify the manufacturer section in the file that is used for non-workstation versions when installing i.e.
[Intel.NTamd64.10.0...17763]
. This is how my e2.inf file now looks
Notice the highlighted section? All I've done is taken the specific model entry
%E15F3_3NC.DeviceDesc% = E15F3_3.10.0.1..17763, PCI\VEN_8086&DEV_15F3&REV_03
and added it to the [Intel.NTamd64.10.0...17763]
section. I've also removed everything else because I don't want the PlugNPlay framework to get confused as to which driver to install Usually, that's pretty much the only change you need to make, leave the rest of the INF file untouched - however, sometimes you might need to make sure the
[ControlFlags]
section exists but is emptyDownloading Devcon.exe from Microsoft: please don't download devcon from anywhere else except Microsoft. It's usually installed as part of the Windows DDK, however, one can download just devcon as follows: Take a look at Drawbackz's repo here: GitHub - Drawbackz/DevCon-Installer. They maintain a JSON that tracks devcon for every Windows version - devcon_sources.json. Use the JSON to look at the URL for your Server Core version - you'll need to download the CAB file and then expand the specific file inside - I used 7zip to do this.
There's an excellent page by Microsoft on devcon examples here: Device Console (DevCon.exe) examples - Windows drivers
Try the following to get your problem driver IDs
devcon find *
devcon findall *
devcon status *
And look for anything that says 'no matching driver' or 'device has a problem:28' etc
Turning off driver signature enforcement: as Administrator, in a command window, type the following and reboot

Once this is done, login back to server core, make sure you have the driver files with the modded INF and use devcon WITH THE CORRECT HARDWARE ID. This is super important. If you do not use it with the proper hardware ID, it will NOT install correctly. In my case, I used devcon status to find out the exact hardware IDs that had Code 28 problems. There were four of them and they were of the form
PCI\VEN_8086&DEV_15F3&SUBSYS_00008086&REV_03\<MAC_ADDRESS>
. You don't need the MAC address because you want to install the driver for all of them
If you've turned off driver signing enforcement - you will get the popup that asks if you want to install these drivers because they're unsigned. Once you choose yes, it should say "drivers installed successfully"
That's it. You now have Server Core 2022 working with the Topton N5105 and i225-V NICs ! You can now use Get-NetAdapter to check if the NICs are doing their thing

Oh and do not forget to turn driver signing back on
(..now if only someone would provide similar detailed instructions on how to setup OPNsense with a Brocade L3 switch + VLANs
Last edited: