Thursday, March 22, 2012

My new article on virtualizationadmin.com "Remote Desktop Server farms explained (Part 2)"

My new article titled "Remote Desktop Server farms explained (Part 2)" on virtualizationadmin.com got published yesterday.

"...Introduction
This article continues where we left off in Part 1. In Part 1, we walked through the different types of load balancing solutions which can be used in order to distribute users over multiple servers in a Remote Desktop Services farm. We mentioned that there are four types of load balancing solutions. There is RR DNS, software (e.g. NLB), hardware and the RD Connection Broker. On multiple occasions in the article, we mentioned that the first three types could also be combined with the RD Connection Broker. In this second part, we will see why and how the RD Connection Broker serves a central role..."

Read the complete article here: http://www.virtualizationadmin.com/articles-tutorials/vdi-articles/general/remote-desktop-server-farms-explained-part2.html

You can find the part 1 of the this article here: http://www.virtualizationadmin.com/articles-tutorials/vdi-articles/general/remote-desktop-server-farms-explained-part1.html

Wednesday, March 21, 2012

Test lab guides for RDS in Windows Server 8 Beta

Microsoft released several test lab guides to get you started with setting up Remote Desktop Services on Windows Server 8 Beta in a lab environment. If you used the labs you can give feedback on the lab pages by rating it and adding a comment.

Test Lab Guide: Remote Desktop Services Session Virtualization Quick Start
This topic contains instructions for setting up a test lab based on the Test Lab Guide: Base Configuration and deploying Remote Desktop Services Session Virtualization Quick Start deployment using two server computers and one client computers. The resulting Session Virtualization Quick Start deployment test lab demonstrates how to successfully deploy a Session Virtualization Quick Start deployment.
http://technet.microsoft.com/en-us/library/hh831754.aspx


Test Lab Guide: Remote Desktop Services Session Virtualization standard deployment
This paper contains instructions for setting up a test lab based on the Test Lab Guide: Base Configuration and deploying Session Virtualization using two server computers and one client computer. The resulting Session Virtualization standard deployment test lab demonstrates how to successfully install and configure a Session Virtualization standard deployment.
http://technet.microsoft.com/en-us/library/hh831610.aspx

Test Lab Guide: Remote Desktop Services Publishing
This paper contains instructions for setting up a test lab based on the Test Lab Guide: Demonstrate Remote Desktop Services Session Virtualization Standard Deployment and publishing and managing resources using four server computers and one client computer. The resulting centralized resource publishing test lab demonstrates how to successfully install and configure resource publishing.
http://technet.microsoft.com/en-us/library/hh831442.aspx


Friday, March 16, 2012

RDS in WIN8 Feature highlight no. 7 SSL configuration made easy.

RDS in WIN8 Feature highlight no. 7  SSL configuration made easy.

If you ever had to set up or configure certificates for a Remote Desktop Services environment based on Windows Server 2008 (R2), you’ve probably dealt with having to setup certificates in many different places on many different machines running the various RDS roles. With Windows Server 8 (Beta) SSL certificate management has been made much easier for the administrator.

If you open up the server manager en browse to “Remote Desktop Services” from the left pane and select “Collections” you have the ability to choose “Edit Deployment Properties”.



A dialog will appear in which we select “Certificates”. Using this dialog we can actually setup the SSL certificate for the Redirector, publishing and RD Web Access all from the same console!

Thursday, March 15, 2012

RDS in WIN8 Feature highlight no. 6 Demo environment within just a few minutes

RDS in WIN8 Feature highlight no. 6  Demo environment within just a few minutes

Setting up a RDS demo environment on a server or VM running Windows Server 8 (Beta) literally takes you a few mouse clicks and a few minutes. If you read my Feature Spotlight no. 4 (http://microsoftplatform.blogspot.com/2012/03/rds-in-win8-feature-highlight-no-4.html) you know that installing the RDSH role as a prerequisite prior to the Scenario Based Deployment was a bug in the pre-beta release and is now fixed. This means that setting up a lab for demo-environments using the quick deployment only takes a few minutes. If you’ve ever setup a RDS lab or environment on Windows Server 2008 (R2) you’ll remember that it was always a hassle because you had to add the roles manually, add computers to the correct groups etc. The steps have not changed much compared to the pre-beta release, but I added them below to give you the complete story.

Open up the Server Manager Console and choose option 2, “Add roles and features”:

Choose next to start the deployment


Select the “Remote Desktop Services scenario-based installation”


As we want all the roles to be running on the same server, we choose the Quick Deployment option.


As we are going to be deploying sessions, not Virtual Desktops, we choose Session Virtualization.


We select the server where we want to install the roles


We confirm that we allow the deployment to reboot the server (needed for the RDSH role)


And that it! The Scenario Based Deployment will now install the RD Session Host, RD Connection Broker and RD WebAccess role, create a first Session Collection and add computer to the Active Directory Groups as needed.


To make the lab even more complete, several applications are already added to the Remote App sections and published on RD WebAccess to give you an environment that can be used for demo’s instantly!

A Remote Desktop Services session stops responding during the logoff process in Windows Server 2008 R2

A new KB article (2571388) was released yesterday regarding the logoff process on a Windows Server 2008 R2 machine running the RD Session Host role. The cause is a deadlock situation in the Csrss.exe process. To apply the hotfix you must be running Service Pack 1.

Article ID: 2571388 - Last Review: March 14, 2012 - Revision: 1.0
A Remote Desktop Services session stops responding during the logoff process in Windows Server 2008 R2.

"...Consider the following scenario. You install the Remote Desktop Session Host role service on a computer that is running Windows Server 2008 R2. You try to log off a Remote Desktop Services session on the computer. In this scenario, the Remote Desktop Services session stops responding. After some time, the computer stops accepting incoming Remote Desktop Protocol (RDP) or Independent Computing Architecture (ICA) connections.

You must turn off and then restart the computer to recover from this issue..."


Source: http://support.microsoft.com/kb/2571388/en-us?sd=rss&spid=14134#appliesto

Wednesday, March 14, 2012

A closer look at MS12-020's critical issue

A blog post on Technet.com was brought online that more closely describes the issue with the MS12-020 vulnerability, possible workarrounds and affected systems. Follow the link on the end of this blog post to read the whole article.

"...Security Update MS12-020 addresses two vulnerabilities in Microsoft’s implementation of the Remote Desktop Protocol (RDP). One of the two, CVE-2012-002, is a Critical, remote code execution vulnerability affecting all versions of Windows. This blog post shares additional information with the following goals:
To strongly encourage you to make a special priority of applying this particular update;
To give you an option to harden your environment until the update can be applied.

Note that CVE-2012-0002 was privately reported and we are not aware of any attacks in the wild. Additionally, the remote desktop protocol is disabled by default. However, due to the attractiveness of this vulnerability to attackers, we anticipate that an exploit for code execution will be developed in the next 30 days.

We understand and appreciate that our customers often need time to evaluate and install bulletins as appropriate for their environment. For systems running RDP without Network-Level Authentication (NLA) enabled, this post includes information on a mitigation that may be applied in advance of the bulletin..."

Source: http://blogs.technet.com/b/srd/archive/2012/03/13/cve-2012-0002-a-closer-look-at-ms12-020-s-critical-issue.aspx

RDS in WIN8 Feature highlight no. 5 E-mail subscription for Remote Apps

RDS in WIN8 Feature highlight no. 5  E-mail subscription for Remote Apps

Users are now able to subscribe to their Remote Apps using their email address. Users open up their RemoteApp and Desktop Connections, either from the Control Panel or QuickLaunch.

Quick launch:

Control panel:

When they do so the following screen will appear:

Here they can also specify their email address instead of the URL to RD Web Access, which makes it much easier for users to connect and integrate their desktop with RD Remote Apps.

New KB: You cannot reestablish a Remote Desktop Services session to a Windows Server 2008 R2-based server. (2661332)

Microsoft has released a new KB article and fix today regarding RDS on Windows Server 2008 R2. For details see below or browse to the included URL for the original source and download link.
Article ID: 2661332 - Last Review: March 14, 2012 - Revision: 1.0
You cannot reestablish a Remote Desktop Services session to a Windows Server 2008 R2-based server.
 


"...Consider the following scenario:
  • You establish a Remote Desktop Services session to a Windows Server 2008-based server from a client computer.
  • You disconnect the Remote Desktop Services session.
  • You try to reestablish the Remote Desktop Services session.
In this scenario, you cannot reestablish the Remote Desktop Services session. Additionally, you receive the following error message:
The task you are trying to do can't be completed because Remote Desktop Services is currently busy. Please try again in a few minutes. Other users should still be able to log on.
 
This issue occurs because of a deadlock situation that occurs between the Csrss.exe process and some applications (for example, Microsoft Excel or Microsoft Visio)..."
 

Tuesday, March 13, 2012

Microsoft Security Bulletin MS12-020 - Critical - Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387)

Microsoft has released a critical security bulletin today on Remote Desktop

Microsoft Security Bulletin MS12-020 - Critical
Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387)
Published: Tuesday, March 13, 2012

For the complete bulletin please see: http://technet.microsoft.com/en-us/security/bulletin/ms12-020

"...Executive Summary
This security update resolves two privately reported vulnerabilities in the Remote Desktop Protocol. The more severe of these vulnerabilities could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system. By default, the Remote Desktop Protocol (RDP) is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.
This security update is rated Critical for all supported releases of Microsoft Windows. For more information, see the subsection, Affected and Non-Affected Software, in this section.
The security update addresses the vulnerabilities by modifying the way that the Remote Desktop Protocol processes packets in memory and the way that the RDP service processes packets. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.
Recommendation. The majority of customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.
For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.
See also the section, Detection and Deployment Tools and Guidance, later in this bulletin.
Known Issues. Microsoft Knowledge Base Article 2671387 documents the currently known issues that customers may experience when installing this security update. The article also documents recommended solutions for these issues..."

RDS in WIN8 Feature highlight no. 4 Installing RDSH prior to a scenario based deployment, no requirement anymore

RDS in WIN8 Feature highlight no. 4  Installing RDSH prior to a scenario based deployment, no requirement anymore

This is more of a bug fix then a feature highlight of course, but if you have read one of my previous blog posts back in October 2011, I wrote that having the RD Session Host role installed was a prerequisite for being able to successfully walk through the new the Scenario Based deployment. Described here: http://microsoftplatform.blogspot.com/2011/10/take-rds-management-to-higher-level.html

Since the Beta release of Windows Server 8, this is no longer necessary. Therefore, the deployment of the scenario is now even faster than before.

I tested the quick scenario based deployment on a single server on the Beta Edition of Windows Server 8, within a few mouse clicks and an automatic reboot afterwards all the roles (RD Session Host, RD WebAccess and RD Connection Broker) are installed and the first Session Collection (QuickSessionCollection) is created. The scenario deployment runs very smooth.

Monday, March 12, 2012

RDS in WIN8 Feature highlight no. 3 Change password option in RD WebAccess

RDS in WIN8 Feature highlight no. 3  Change password option in RD WebAccess

This is a long waited feature for RD WebAccess! You will now be able to let your users perform a change of their domain password. The password change option is not enabled by default. Using the application settings section in IIS Manager, you are able to change the parameter “PasswordChangeEnabled” from false to true.


After that you will be able to browse to the following URL:
https://<Server Or DNS>/RDWeb/Pages/en-US/password.aspx

Note that if you did not set the PasswordChangeEnabled to true browsing to the above URL would result in a redirect to login.aspx.

If PasswordChangeEnabled is set to true the following screen will appear in which a user is able to change his password.












By default, the file is located here: C:\Windows\Web\RDWeb\Pages\en-US\password.aspx

I would assume that a link to this page would be showing up on the main page called e.g.“change password” to lead the user to this page, but there is not, at least not yet in the Beta version of Windows Server 8. Maybe it will be added to the final version. And if not, you could of course change the login.aspx yourself as needed

Friday, March 9, 2012

RDS in WIN8 Feature highlight no. 2 RD Dedicated Redirector now part of RD Connection Broker

RDS in WIN8 Feature highlight no. 2  RD Dedicated Redirector now part of RD Connection Broker

If you read the previous feature highlight on RD Connection Broker (http://microsoftplatform.blogspot.com/2012/03/rds-in-win8-feature-highlight-no.html) you know that the RD Connection Broker in Windows Server 8 will play a more central role. This feature highlight will amplify that statement even more. Within Windows Server 8 (beta) the RD Connection Broker is by default now also the your RD Dedicated Redirector.

Let’s quickly recall what the function of the RD Dedicated Redirector is. The RD Dedicated redirector was introduced in Windows Server 2008. It’s a server role, which can be part of an RDS deployment. The RD Dedicated Redirector is in fact a RD Session Host server that runs in Drain Mode en therefore does not host any active sessions. Its purpose is to serve as the initial connection. Users will connect their RDP session to this dedicated redirector. The dedicated redirector, as it is running in drain mode, will contact the RD Connection Broker, which in turn will return the final RD Session Host to connect to (either based on RD Connection Broker load balancing or redirecting to disconnected sessions).

The fact that the RD Dedicated Redirector is now integrated with the RD Connection Broker is great because this means that when you install and configure your RD Connection Broker you immediately have your RD Dedicated Redirector, and thus your Initial connection point up and running. Therefore, the RD Connection Broker will be running in RD Session Host drain mode. This also means that when you make your RD Connection Broker High Available, which, as we’ve seen in the previous feature highlight has become much easier in Windows Server 8 Beta, you also make your Initial Connection (Dedicated redirector) High Available. In my opinion, a great move! You can expect a blog post here soon in which I will discuss the actual setup in detail.

Thursday, March 8, 2012

RDS in WIN8 Feature highlight no. 1 Better High Availability of the RD Connection Broker

RDS in WIN8 Feature highlight no. 1 Better High Availability of the RD Connection Broker

The RD Connection Broker plays a central role in the Remote Desktop Environment. That’s not a new thing of course, however, with the release of Windows Server 8 Beta the RD Connection Broker is now even playing a more important role than before. As with any important role in any environment, High Availability is crucial! It’s good to see that the way to make the Broker High Available has improved a lot in Windows Server 8.

After performing your first scenario based deployment and open up the server manager you have an option to make the RD Connection Broker High Available called “Configure RD Connection Broker for HA”.



Doing so launches a wizard to configure the HA. The result is an active-active HA configuration for the RD Connection Broker! By default the RD Connection Broker role uses a Windows Internal Database to store session information. As you can imagine, setting up HA properly for your RD Connection Broker role requires a central SQL Server instance (which is preferably also HA itself of course). That’s why the wizard will ask for a Database Connection String, folder and DNS record name.


I’ll do a separate blogpost in the near future containing a step-by-step guide on how to configure HA for the RD Connection Broker.

Wednesday, March 7, 2012

RDS in Windows Server 8 (Beta) Feature Highlights


Windows Server 8 Beta is available since last week. I've already set up Windows Server 8 Beta in my lab to test some of the new features for Remote Desktop Services. Coming up on this blog is a series of at least 7 "Feature Highlight" blog posts in which I will discuss some of the great new features for RDS in Windows Server 8.

I'll update this blog post along the way as new feature highlight blog posts by adding links of the newly added blog posts. You can expect frequent updates, stay tuned!

Feature highlight no. 1 "Better High Availability of the RD Connection Broker"
http://microsoftplatform.blogspot.com/2012/03/rds-in-win8-feature-highlight-no.html

Feature highlight no. 2 "RD Dedicated Redirector now part of RD Connection Broker" http://microsoftplatform.blogspot.com/2012/03/rds-in-win8-feature-highlight-no-2-rd.html

Feature highlight no. 3 "Change password option in RD WebAccess"
http://microsoftplatform.blogspot.com/2012/03/rds-in-win8-feature-highlight-no_12.html

Feature highlight no. 4 "Installing RDSH prior to a scenario based deployment, no requirement anymore"
http://microsoftplatform.blogspot.com/2012/03/rds-in-win8-feature-highlight-no-4.html

Feature highlight no. 5 "E-mail subscription for Remote Apps"
http://microsoftplatform.blogspot.com/2012/03/rds-in-win8-feature-highlight-no-5-e.html

Feature highlight no. 6 "Demo environment within just a few minutes"
http://microsoftplatform.blogspot.com/2012/03/rds-in-win8-feature-highlight-no-6-demo.html

Feature highlight no. 7 "SSL configuration made easy"
http://microsoftplatform.blogspot.com/2012/03/rds-in-win8-feature-highlight-no-7-ssl.html

Friday, March 2, 2012

MVP Summit 2012, great experience!

Can't believe the MVP Summit 2012 is already over. It went by in a flash but it was a great event. It was good to meet my fellow (RDS) MVP's in person as well as meeting people from the RDS product team!

There were lot's of sessions with the RDS product group and with my fellow (RDS) MVP's. Great discussions and very interesting topics. Some of the details discussed are under NDA of course, but there are a lot of new features introduced in the Beta compared to the pre-beta. Since Windows Server 8 Beta was released Wednesday those features are not under NDA anymore so expect some new blog posts coming up here on those subjects!

Apart from the sessions, many additional events were being held throughout the week, a welcome reception, product group dinner, a great closing party at the CenturyLink field stadium! It’s been an awesome week!

I want to thank Microsoft for great Summit!
Hopefully I will be here next year!




Thursday, March 1, 2012

What’s new in Remote Desktop Services Windows Server 8 BETA

A new document was published in regard to what’s new in Remote Desktop Services Windows Server 8 BETA.

"...Applies To: Windows Server 8 Beta
[This topic is pre-release documentation and is subject to change in future releases. Blank topics are included as placeholders.]
 
The Remote Desktop Services server role in Windows Server® “8” Beta provides technologies that enable users to connect to virtual desktops, RemoteApp programs, and session-based desktops. With Remote Desktop Services, users can access remote connections from within a corporate network or from the Internet.
In Windows Server “8” Beta, Remote Desktop Services offers enhanced support for the following scenarios:
  • Virtual Desktop Infrastructure (VDI) deployments
  • Session Virtualization deployments
  • Centralized resource publishing
  • Rich user experience with Remote Desktop Protocol (RDP)
Each of these is described in the sections that follow..."

You can check it out the full document here: http://technet.microsoft.com/en-us/library/hh831527.aspx