Category Archives: Server

Connecting to a Remote Desktop Gateway behind a proxy server

Connecting to a Windows 2012 R2 RD Gateway server when you are behind a proxy server, especially one requiring authentication, may fail with the following errors:

‘Your computer can’t connect to the remote computer because an error occurred on the remote computer that you want to connect to.’

 RDPError2

Or

‘Remote Desktop can’t connect to the remote computer for one of these reasons:

  1. Remote access to the server is not enabled
  2. The remote computer is turned off
  3. The remote computer is not available on the network’

RDPError

Additionally, you will see the following event ID 4625 in the security log on the gateway server.

Log Name: Security

Source: Microsoft-Windows-Security-Auditing

Date: 8/5/2013 4:20:00 PM

Event ID: 4625

Task Category: Logon

Level: Information

Keywords: Audit Failure

User: N/A

Computer: RDGW.CONTOSO.COM

Description:

An account failed to log on.

 This issue is documented here:

 https://support.microsoft.com/en-us/kb/2903333

To fix it, set the EnforceChannelBinding registry value to 0 (zero) to ignore missing channel bindings on the Gateway server.

HKLM\Software\Microsoft\Windows NT\CurrentVersion\TerminalServerGateway\Config\Core

Type: REG_DWORD

Name: EnforceChannelBinding

Value: 0 (Decimal)

RDPError_reg

 Note By default, the EnforceChannelBinding value does not exist on the Gateway server. You must create this value. When you are done, reboot the server and it should work behind your proxy server.

Installing OneDrive on Windows Server 2012 R2

How to install OneDrive on Windows Server 2012 R2. Unlike it’s desktop counterpart, Windows 8.1, Windows Server 2012 R2 does not include the OneDrive client. But, you can install it manually. This is useful for a remote desktop (terminal server) environment where users may want to save their files online. Admittedly this is not a very secure option for most organisations, but could be acceptable for small businesses. I run this at home for the family on a small RDS farm, with OneDrive and Office installed, although Office 2013 does of course allow saving natively as well.

To install OneDrive on Window Server 2012 R2:

  • Disable Internet Explorer Enhanced Security Configuration from the Server Manager, Local Server page, if you have it enabled. This will allow you to sign in.- Install the .NET Framework 3.5 feature
  • Download Windows Live Essentials 2012 from http://windows.microsoft.com/en-us/windows-live/essentials
  • Install just OneDrive

You will then need to sign into the app.

Note that this does give the inferior Windows 7 style Onedrive sync, i.e. you have to choose which files and folders will be available on the server. It does not use the placeholders like in Windows 8, unfortunately, since this is basically the same Onedrive client that you can install on Windows 7.

BIOS for HP ProLiant MicroServer G7 N54L

System ROMPaq Firmware Upgrade for HP ProLiant MicroServer (For USB Key-Media)

Download: SP64420

Type:
BIOS – System ROM

Version:
2013.10.01 (A) (15 Nov 2013)

Operating System(s):
Red Hat Enterprise Linux 5 Server (x86-64), Red Hat Enterprise Linux 5 Server (x86), Microsoft Windows Server 2008 Small Business, Microsoft Windows Server 2008 R2, Microsoft Windows Server 2008 Foundation Edition, Microsoft Windows Small Business Server 2011 Standard and Essentials, Microsoft Windows Server 2012, Microsoft Windows Server 2012 Essentials, Microsoft Windows Server 2012 R2

File name:
SP64420.exe (2.6 MB)

Important Notes:

This SoftPaq version will execute the “kbd” utility to upgrade the system bios due to a bootblock change.

Deliverable Name:

HP ProLiant MicroServer System ROM – O41

Release Date:

10/01/2013

Last Recommended or Critical Revision:

09/30/2010

Previous Revision:

07/29/2011

Firmware Dependencies:

None

Enhancements/New Features:

None

Problems Fixed:

Addressed an issue where Microsoft Windows 2012 R2 may stop responding while booting the operating system.

Known Issues:

None

Installation:

1. Obtain a formatted USB Key media.

2. Download the SoftPaq to a directory on a system running Microsoft Windows 2000, Microsoft Windows XP, Microsoft Windows Vista, Microsoft Windows 7, Microsoft Windows Server 2003, Microsoft Windows Server 2008, or Microsoft Windows Server 2008 R2 and change to that directory.

3. From that drive and directory, execute the downloaded SoftPaq file: Simply double click on the SPxxxxx.exe file and follow the installation wizard to complete the SoftPaq installation process. At the end of a successful installation of the SoftPaq a web page will automatically appear to provide you with the different methods for restoring and/or upgrading the firmware on the system.

4. After the USB Key is created, you may delete the downloaded file if you wish.

5. Insert this USB Key into the USB Key port of the system to be updated and power the system on to boot to the USB Key.

Install and configure a Remote Desktop certificate on RD Session Host servers

When installing an Remote Desktop farm with a RD Gateway on Windows Server 2012, you install a certificate for the Broker, Web Access and Gateway roles using Server Manager. However, this does not add the certificate to the Remote Desktop Session Host (RDSH) servers. This means that you get a warning when connecting to a RemoteApp or desktop, because the RDSH severs will have a self-signed certificate. You can replace this certificate using a valid certificate. You will continue to get warnings for the following reasons:

  1. The name on the certificate does not match the RDSH server name
  2. The certificate is not from a trusted root certificate authority

The best way to resolve this is to purchase a single wilcard certificate e.g. *.domain.com that covers both the RDWeb URL, as well as the server names. This also requires that your internal domain is a subdomain of your external domain. So you might use domain.com on the web, and internal.domain.com as your AD domain. Your RDSH server is then e.g. rdsh01.internal.domain.com. You could also use a SAN certificate.

Note that you should NOT replace the certificates on the RDSH servers as listed below, if you are using self-signed certificates and you want to be able to connect from clients which are not joined to your domain. Even if you trust the root manually, the revocation information will not be available, and clients will not be able to connect, and will give a 0x607 error. See http://social.technet.microsoft.com/Forums/ru-RU/94780a11-23ba-4a3c-b11a-734007c2d2fd/an-authentication-error-has-occured-code-0x607?forum=winserverTS for more info on this error.

If you are just connecting internally from clients in the same domain, you should be able to use an internal Enterprise CA to create a SAN or wildcard certificate which you can use on your servers. So, only replace the certificates on the RDSH servers if:

  • Clients are all in the same      domain and you are using internal certificates
  • Clients are outside the domain,      but you have purchased commercial certificates

It is necessary to install the certificate on all of the RD Session Host servers manually. This is because there is no way to do this using the Server Manager GUI, and the certificate is not applied to session host servers automatically when configuring the certificates on the other roles.

  • Open the MMC and open the      Certificates snapin
  • Add the Local Computer
  • Import the certificate into      Computer\Personal
  • Open the certificate and find      the thumbprint on the details tab. Copy the thumbprint to notepad and      delete all the spaces.
  • Open up an elevated PowerShell      prompt and write:
  • wmic      /namespace:\\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set      SSLCertificateSHA1Hash=”‎PASTE_THUMBPRINT_STRING”
  • You can check the certificate      by running:
  • Get-WmiObject -class      “Win32_TSGeneralSetting” -Namespace root\cimv2\terminalservices -Filter      “TerminalName=’RDP-tcp'”

Note that sometimes for the last command, you may need to remote the end quotes around RDP-tcp and type them in again if posting.

See http://blogs.technet.com/b/askperf/archive/2014/01/24/certificate-requirements-for-windows-2008-r2-and-windows-2012-remote-desktop-services.aspx for more information.

Customising the RDWeb web page

This outlines the customisation options with the default RDWeb page in Microsoft Server 2012, when using Remote Desktop Services with RDWeb. You can easily replace the logon and text at the top of the page.

As an example, you can change the default:

RDWeb_Default

To something like this:

RDWeb_Custom

Replaceable Company Logo Image

Add the new Icon into the image folder

  • Add the new icon into the images folder located in:

C:\Windows\Web\RDWeb\Pages\en-US\images\

Modify the site.xsl file

  • Backup this file:

C:\Windows\Web\RDWeb\Pages\Site.xsl

To e.g. C:\Windows\Web\RDWeb\Pages\Site.xsl.bak

The word Replaceable appears 3 times in this file. Do a find for this word to find the sections below:

Run notepad as admin and open. I find the easiest way to do this is to run Powershell as admin, and then launch notepad from there. That way if you close down notepad, you quickly launch as admin again without finding notepad.

Edit the file:

C:\Windows\Web\RDWeb\Pages\Site.xsl

Replaceable Company Logo Image

Change:

<img src=”../images/logo_02.png” width=”48″ height=”48″/>

To e.g.:

<img src=”../images/donkey_blue.png” width=”58″ height=”34″/>

Replaceable Company Logo Text and Application Type

Change:

<td class=”headingCompanyName”><xsl:value-of select=”@workspacename”/></td>

To e.g.:

<td class=”headingCompanyName”>msdonkey remote access</td>

Change:

<xsl:value-of select=”$strings[@id = ‘HeadingApplicationName’]”/>

To e.g.:

RemoteApps and Desktops

Automatic Virtual Machine Activation (AVMA) on Windows Server 2012 R2 Datacenter

Automatic Virtual Machine Activation (AVMA) is a new feature in Windows Server 2012 R2 which allows you to activate guest virtual machines automatically, when you have a Hyper-V host that is running Windows Server 2012 R2 Datacenter. This is a pretty awesome feature, especially in a test lab environment when you may have a Technet (RIP) or MSDN Datacenter product key, and don’t want to use up all of your activations on temporary guests. This is how I manage my lab at home, which consists of 2 HP Microservers with 16GB of RAM in each:

  • Install your Hyper-V hosts with Windows Server 2012 R2 Datacenter and activate using a valid key
  • Add the Hyper-V role
  • Install guests running one of the following Operating Systems:
    • Windows Server 2012 R2 Datacenter
    • Windows Server 2012 R2 Standard
    • Windows Server 2012 R2 Essentials
  • During setup, either paste in the key below or add it to your unattend files
  • When you logon, you will find that Windows is already activated!
  • Note that you could also do this after installation, if you skipped entering a key during setup (see this post on how to do that), either entering it manually when activating, or use slmgr /ipk <AVMA_key>

These are the keys that Microsoft provide for use with AVMA:

Edition AVMA key
Datacenter Y4TGP-NPTV9-HTC2H-7MGQ3-DV4TW
Standard DBGBW-NPF86-BJVTX-K3WKJ-MTB6V
Essentials K2XGM-NMBT3-2R6Q8-WF2FK-P36R2

 

In my lab setup, I run sysprep on the first VM that I create, generalise and shut it down, and then create further VMs using a differencing disk with this as the master. This saves a lot of disk space. All the VMs using this template are then activated automatically with no further configuration required.

See http://technet.microsoft.com/en-us/library/dn303421.aspx for more information.

Install Windows to VDHX virtual hard disk on a new hard drive

This is how I create VHDX files during Windows setup, first formatting a blank disk, creating a VHDX virtual hard disk, and then installing Windows on the disk.

  1. Insert the Windows Server 2012, 8.1, or 7 DVD or bootable USB key. I always use a USB key as it is so much faster.
  2. Press SHIFT-F10 to get to a command prompt when setup is loaded.
  3. Type in diskpart
  4. list disk (note the disk ID)
  5. select disk 0 (assuming that it was listed as disk 0)
  6. clean
  7. create partition primary
  8. select partition 1
  9. active
  10. format fs=ntfs
  11. assign
  12. create vdisk file=”C:\disk1.vhdx” maximum=50000
  13. attach vdisk
  14. exit

No go back to setup and click through to the disk selection screen, or refresh if you were already there, and you will see the virtual disk. Windows will say that it cannot be installed onto this disk but just press next and it should install and boot with no issues.

Also see http://www.msdonkey.com/server/dual-booting-windows-8-1-and-windows-server-2012-r2-from-vhd/

Skipping product or license key during installation of Windows 8 and Server 2012

Windows 8 and Server 2012 have an annoying default installation process which forces you to enter a product key during installation. Often you may want to paste this in later, or just not enter one if you are installing a demo or test system, having to type one in manually is a massive pain. Luckily, you can easily modify the installation so that it lets you skip the requirement for entering the product key. The easiest way to do this is by creating the ei.cfg file in Sources folder in your ISO or USB media.

For Windows 8 or Server 2012 – this is the file that I normally create using notepad and save as ei.cfg in the Sources folder.

[EditionID]
[Channel]
Retail
[VL]
0

This works using MSDN or Technet (RIP) keys and media. I don’t bother entering the version, since I often may want to choose that during installation. By not entering the version you can choose if you want Standard, Datacentre etc.The format of the ei.cfg is as follows:

[EditionID]
{Edition ID}
[Channel]
{Channel Type}
[VL]
{Volume License}

[EditionID]: This is the version of Windows that you want to install. This varies by OS. You can use Dism /Get-ImageInfo and specify the image file  to get the editions available from the wim file e.g. Dism /Get-ImageInfo /imagefile:I:\sources\install.wimValid options are:

Windows 7:

Starter
HomeBasic
HomePremium
Ultimate
Professional
Enterprise
Windows 8:
Core
Pro
Windows Server 2012:
SERVERSTANDARDCORE
SERVERSTANDARD
SERVERDATACENTERCORE
SERVERDATACENTER
Note that there others, e.g. Foundation and Essentials for Server 2012.

[Channel]: This can be OEM or RETAIL depending on the type of media that you have.

[VL]: This can be 1 for  Volume License, or 0 for Retail

See http://technet.microsoft.com/en-us/library/hh824952.aspx for more information.

 

Creating bootable Windows Vista, 7, 8, 2012 USB or SD memory card

There are several ways to create  bootable USB media if you have an ISO. You can also do this using an SD card if you have a USB adapter for the memory card.  For windows 7 a 4GB drive is fine, for later you will need more than 4GB.

Microsoft Windows 7 USB/DVD download tool

The easiest method is probably the Microsoft Windows 7 USB/DVD download tool http://www.microsoftstore.com/store/msusa/html/pbPage.Help_Win7_usbdvd_dwnTool

This is simple and easy to use, and should work with Windows Vista ISOs or later.

 ZOTAC WinUSB Maker

This is another nice tool from http://forums.mydigitallife.info/threads/47012-ZOTAC-WinUSB-Maker-Official-Support-Thread, and works with Windows Vista ISOs or later.

Manual method

 

If you don’t have the ISO or want to do this manually, you can also use diskpart to prepare the drive and then copy the contents over. This is the way I normally end up doing it for some reason, the advantage being that you don’t need any other tools if you are running a Windows OS. Risk of formatting the wrong drive if you don’t know what you are doing with diskpart, so be careful.

Format the Drive

Run cmd.exe as Administrator and type the following:

  • list disk (Note which one is your USB disk – make sure you get       the right one!)
  • diskpart
  • select disk 2       (assuming that it was listed as disk 2)
  • clean
  • create partition       primary
  • select partition 1
  • active
  • format fs=fat32 (Note: Quick format does not work)
  • assign
  • exit

Copy the files

Mount the ISO or insert the DVD, and then copy the Windows files to your drive.

Modify the below example depending on your drive letters:

xcopy d:\*.* /s/e/f e:\

OR easier using Robocopy:

Robocopy d: f: /e

 

Note that you can do something similar on Linux using http://www.pendrivelinux.com/

ZoomIt presentation utility

I just have to mention the awesome ZoomIt presentation tool created by the legendary Mark Russinovich.

This is great for doing presentations and technical demonstrations, it lets you:

– Draw anywhere on the screen

– Zoom in to parts of the screen

– Type anywhere on the screen

So if I was looking at the new AD Administrative Center, I could just draw on the screen in real time by pressing Ctrl-2 and entering drawing mode:

ZoomIT

Kudos to Mark, go download it here:

http://technet.microsoft.com/en-gb/sysinternals/bb897434.aspx