Jenkins agent working with Windows Server 2016

After much trial and error, I finally got Jenkins Agents working with Windows Server 2016.

I’m running Jenkins 2.222.3.

Thanks to this guide that got me most of the way there…

I setup a Jenkins Node first with an AD user called “yourDomain/yourUser” to let Jenkins control nodes as a Windows Service.

Install .NET 3.5
Install .NET 3.5 using the sources directory from the 2016 ISO. (d:\sources\sxs directory)

Add Jenkins user to local Admins
Add AD user “myDomain/myUser” to local Administrators group on the Agent machine.

Local Policy “Log on as a service” needed the user “yourUser” used by Jenkins
Open Local Policies
Local Policies, and then click User Rights Assignment.
In Log on as a service add user myDomain/yourUser.

Disable windows firewall, or allow the following ports
Jenkins controller needs these ports in SG to the subnet.
TCP 135, TCP 445, TCP 49152-65535
For other services, I also opened these ports for Ansible maintenance and remote desktop
TCP 139, TCP 3389, TCP 5985

Error: 0x8001FFFF
To resolve these issues, you need to disable NTLMv2 authentication. To turn off the NTLMv2 authentication:
Run regedit to edit the registry.
Locate the following registry key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
Locate the value named LMCompatibilityLevel, and change the DWORD value to 2 (send NTLM authentication only).
Close regedit and restart the machine.

Error: 0xC00000AC
Launch ‘regedit’ (as Administrator)
Find the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID{72C24DD5-D70A-438B-8A42-98424B88AFB8}
Right click and select ‘Permissions’
Click Advanced and change owner to local Administrators group. (NOTE: your logged in user must be in this group)
Change permissions for local Administrators group. Grant Full Control.
Change owner back to TrustedInstaller (user is “NT Service\TrustedInstaller” on local machine)
Repeat the steps 1-6 for HKEY_CLASSES_ROOT\CLSID{76A64158-CB41-11D1-8B02-00600806D9B6}
Restart the Remote Registry service (Administrative Tools / Services)