Antivirus exclusions for RDS 2012 R2

Hi all,
I have a RDS 2012 R2 envirionment. 8 SH servers, 2 WA servers, 2 CB servers (in HA), 1 GW server, 1 x two node Fail over cluster containing the UPD disk files (among other things).
I've been surfing the net to find antivirus exclusions specific to RDS 2012 R2 but didn't find much. Aside from the regualr OS exclusions, are there any specific exclusions for RDS, specifically Session Host Servers? Any special considurations for UPD?
Thanks!
Jesmat.

Hi Jesmat,
Thank you for posting in Windows Server Forum.
There is previous version for “Terminal Service Antivirus Exclusions” is available but sorry to inform that “Antivirus
Exclusions for RDS server 2012 R2” is still
not published as Microsoft team is in the process of publishing. Please check
this article for information.
Hope it helps!
Thanks,
Dharmesh

Similar Messages

  • SCCM 2012 Antivirus Exclusions for Servers and Workstations

    Hii,
    Just sharing the antivirus exclusions for Configuration Manager 2012 Servers and workstations as well.
    Please share if anything is missing.
    McAfee Exclusion's for Configuration Manager 2012:
    1. C:\Windows\TEMP\BootImages
    and subfolders.
    2. Directories:
    %allusersprofile%\NTUser.pol
    %systemroot%\system32\GroupPolicy\registry.pol
    %windir%\Security\database\*.chk
    %windir%\Security\database\*.edb
    %windir%\Security\database\*.jrs
    %windir%\Security\database\*.log
    %windir%\Security\database\*.sdb
    %windir%\SoftwareDistribution\Datastore\Datastore.edb
    %windir%\SoftwareDistribution\Datastore\Logs\edb.chk
    %windir%\SoftwareDistribution\Datastore\Logs\edb*.log
    %windir%\SoftwareDistribution\Datastore\Logs\Edbres00001.jrs
    %windir%\SoftwareDistribution\Datastore\Logs\Edbres00002.jrs
    %windir%\SoftwareDistribution\Datastore\Logs\Res1.log
    %windir%\SoftwareDistribution\Datastore\Logs\Res2.log
    %windir%\SoftwareDistribution\Datastore\Logs\tmp.edb
    %programfiles%\Microsoft Configuration Manager\Inboxes\*.*
    %programfiles(x86)%\Microsoft Configuration Manager\Inboxes\*.*
    %systemroot%\system32\GroupPolicy\Machine\registry.pol"
    %systemroot%\system32\GroupPolicy\User\registry.pol"
    \SCCMContentLib
    \SMSPKG
    \SMSPKGC$
    \SMSPKGSIG
    \SMSSIG$
    \Program Files\SMS_CCM\ServiceData
    \Program Files\SMS_CCM\Logs
    \Program Files\Microsoft Configuration Manager\Logs
    \Program Files\Microsoft Configuration Manager\Install.map
    \ConfigurationManager DB
    \SMSPKGSIG
    \SCCMContentLib
    \Sources
    \SCCMImages
    \DatabaseBackup
    \SMSPKGE$
    \SMSPKGSIG
    \SMSSIG$
    3. Processes that will be excluded:
    Configuration Manager 2012 processes that will be excluded are:
    Smsexec.exe
    Ccmexec.exe
    CmRcService.exe
    Sitecomp.exe
    Smswriter.exe
    Smssqlbbkup.exe
    4. SQL Server Exclusion's:
    SQL Server 2012 Processes exclude from virus scanning
    %ProgramFiles%\Microsoft SQL Server\MSSQL11. <InstanceName>\MSSQL\Binn\SQLServr.exe
    %ProgramFiles%\Microsoft SQL Server\MSRS11. <InstanceName>\Reporting Services\ReportServer\Bin\ReportingServicesService.exe
    %ProgramFiles%\Microsoft SQL Server\MSAS11. <InstanceName>\OLAP\Bin\MSMDSrv.exe
    SQL Server data files
    *.mdf
    *.ldf
    *.ndf
    SQL Server backup files
         These files frequently have one of the following file-name extensions:
    *.bak
    *.trn
    Full-Text catalog files
    %Program Files%\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\FTData
    Analysis Services backup files
         C:\Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Backup
         C:\Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Log
    5. IIS Exclusions:
    * .ida
    %systemroot%\IIS Temporary Compressed Files
    %SystemDrive%\inetpub\temp\IIS Temporary Compressed Files
    6. WSUS Exclusions:
    *.cab
    \WSUS\WSUSContent
    \WSUS\UpdateServicesDBFiles
    \SoftwareDistribution\Datastore
    \SoftwareDistribution\Download
    Reference Links:
    https://community.mcafee.com/thread/59504
    http://www.systemcenterblog.nl/2012/05/09/anti-virus-scan-exclusions-for-configuration-manager-2012/
    http://social.technet.microsoft.com/wiki/contents/articles/953.microsoft-anti-virus-exclusion-list.aspx
    http://support.microsoft.com/kb/309422
    http://support.microsoft.com/kb/821749
    http://support.microsoft.com/kb/817442
    http://support.microsoft.com/kb/900638/en-us
    http://technet.microsoft.com/en-us/library/dd939908(WS.10).aspx#av
    McAfee Exclusions for workstations:
    Turn off scanning of Windows Update or Automatic Update related files
    Turn off scanning of the Windows Update or Automatic Update database file (Datastore.edb). This file is located in the following folder:
    %windir%\SoftwareDistribution\Datastore
    Turn off scanning of the log files that are located in the following folder:
    %windir%\SoftwareDistribution\Datastore\Logs
    Specifically, exclude the following files:
    Res*.log
    Edb*.jrs
    Edb.chk
    Tmp.edb
    Turn off scanning of Windows Security files
    Add the following files in the %windir%\Security\Database path of the exclusions list:
    *.edb
    *.sdb
    *.log
    *.chk
    *.jrs
    Turn off scanning of Group Policy related files
    Group Policy user registry information. These files are located in the following folder:
    %allusersprofile%\
    Specifically, exclude the following file:
    NTUser.pol
    Group Policy client settings file. This file is located in the following folder:
    %Systemroot%\System32\GroupPolicy\
    Specifically, exclude the following file: Registry.pol
    For the configuration manager clients the following exclusion will be added:
    %windir%ccmcache
    \SoftwareDistribution\Datastore
    \SoftwareDistribution\Download
    Reference Links:
    http://support.microsoft.com/kb/822158/en-us
    Regards, Syed Fahad Ali

    Thanks for sharing this.. Many people will find this useful.
    http://www.enhansoft.com/

  • Antivirus exclusions for updating Flash Player

    We are trying to get it so that all of our PC's can automatically update Flash Player (due to all of the recent updates) rather than have me download the redistributable and push it out over Zenworks.
    When we do this, McAfee ePO 8.8i is apparently blocking the Flash Player install. 
    What do we need to list as an exception/exclusion from McAfee so that we can accomplish the updates?  My List would be:
    InstallFlashPlayer.exe
    FlashUtil*_ActiveX.exe
    install_flashplayer*.exe (maybe install_flashplayer*aih.exe?)
    FP_AX_CAB_INSTALLER64.exe
    My concern with using the wildcards is the enormous amount of spyware that might be introduced because of this.  Is there anything else I can do?
    Here are the lines from the Access Protection log:
    10/10/2011
    8:07:20 AM
    Blocked by Access Protection rule
    <Computername>\<user>
    C:\DOCUME~1\<user>\LOCALS~1\Temp\7A.dir\InstallFlashPlayer.exe
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB70-AE6D-11cf-96B8-444553540000}\Compatibility Flags
    Anti-spyware Standard Protection:Protect Internet Explorer favorites and settings
    Action blocked : Delete
    10/10/2011
    8:07:35 AM
    Blocked by Access Protection rule
    <Computername>\<user>
    C:\DOCUME~1\<user>\LOCALS~1\Temp\7A.dir\InstallFlashPlayer.exe
    \REGISTRY\USER\S-1-5-21-431391153-592018285-4164930105-1040\Software\Microsoft\Windows\Cur rentVersion\Internet Settings\ZoneMap\AutoDetect
    Anti-spyware Standard Protection:Protect Internet Explorer favorites and settings
    Action blocked : Create
    10/10/2011
    8:07:38 AM
    Blocked by Access Protection rule
    NT AUTHORITY\SYSTEM
    C:\WINDOWS\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe
    \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
    Anti-spyware Standard Protection:Protect Internet Explorer favorites and settings
    Action blocked : Create
    10/10/2011
    8:07:45 AM
    Blocked by Access Protection rule
    <Computername>\<user>
    C:\DOCUME~1\<user>\LOCALS~1\Temp\7A.dir\InstallFlashPlayer.exe
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB70-AE6D-11cf-96B8-444553540000}\Compatibility Flags
    Anti-spyware Standard Protection:Protect Internet Explorer favorites and settings
    Action blocked : Delete
    10/10/2011
    8:07:56 AM
    Blocked by Access Protection rule
    <Computername>\<user>
    C:\DOCUME~1\<user>\LOCALS~1\Temp\7A.dir\InstallFlashPlayer.exe
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}\Policy
    Anti-spyware Standard Protection:Protect Internet Explorer favorites and settings
    Action blocked : Create
    10/10/2011
    8:07:57 AM
    Blocked by Access Protection rule
    <Computername>\<user>
    C:\DOCUME~1\<user>\LOCALS~1\Temp\7A.dir\InstallFlashPlayer.exe
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}\AppPath
    Anti-spyware Standard Protection:Protect Internet Explorer favorites and settings
    Action blocked : Create
    10/10/2011
    8:07:57 AM
    Blocked by Access Protection rule
    <Computername>\<user>
    C:\DOCUME~1\<user>\LOCALS~1\Temp\7A.dir\InstallFlashPlayer.exe
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}\AppName
    Anti-spyware Standard Protection:Protect Internet Explorer favorites and settings
    Action blocked : Create
    10/10/2011
    8:08:04 AM
    Blocked by Access Protection rule
    <Computername>\<user>
    C:\DOCUME~1\<user>\LOCALS~1\Temp\7A.dir\InstallFlashPlayer.exe
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB70-AE6D-11cf-96B8-444553540000}\Compatibility Flags
    Anti-spyware Standard Protection:Protect Internet Explorer favorites and settings
    Action blocked : Create
    10/10/2011
    8:13:54 AM
    Would be blocked by Access Protection rule  (rule is currently not enforced)
    <Computername>\<user>
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\<user>\Local Settings\Temporary Internet Files\Content.IE5\VNQ6E7G4\install_flashplayer11x32ax_gtbd_aih[1].exe
    Common Standard Protection:Prevent common programs from running files from the Temp folder
    Action blocked : Execute
    10/10/2011
    8:13:54 AM
    Blocked by Access Protection rule
    <Computername>\<user>
    C:\Documents and Settings\<user>\Local Settings\Temporary Internet Files\Content.IE5\VNQ6E7G4\install_flashplayer11x32ax_gtbd_aih[1].exe
    \REGISTRY\USER\S-1-5-21-431391153-592018285-4164930105-1040\Software\Microsoft\Windows\Cur rentVersion\Internet Settings\ZoneMap\AutoDetect
    Anti-spyware Standard Protection:Protect Internet Explorer favorites and settings
    Action blocked : Create
    10/10/2011
    8:13:57 AM
    Blocked by Access Protection rule
    <Computername>\<user>
    C:\Documents and Settings\<user>\Local Settings\Temp\install_flashplayer11x32ax_gtbd_aih[1].exe
    \REGISTRY\USER\S-1-5-21-431391153-592018285-4164930105-1040\Software\Microsoft\Windows\Cur rentVersion\Internet Settings\ZoneMap\AutoDetect
    Anti-spyware Standard Protection:Protect Internet Explorer favorites and settings
    Action blocked : Create
    10/10/2011
    8:13:58 AM
    Blocked by Access Protection rule
    <Computername>\<user>
    C:\Documents and Settings\<user>\Local Settings\Temp\install_flashplayer11x32ax_gtbd_aih[1].exe
    \REGISTRY\USER\S-1-5-21-431391153-592018285-4164930105-1040\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version
    Anti-spyware Standard Protection:Protect Internet Explorer favorites and settings
    Action blocked : Create
    10/10/2011
    8:13:59 AM
    Would be blocked by Access Protection rule  (rule is currently not enforced)
    <Computername>\<user>
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\<user>\Local Settings\Temp\install_flashplayer11x32ax_gtbd_aih[1].exe
    Common Standard Protection:Prevent common programs from running files from the Temp folder
    Action blocked : Execute
    10/10/2011
    8:14:34 AM
    Would be blocked by Access Protection rule  (rule is currently not enforced)
    <Computername>\<user>
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\<user>\Local Settings\Temporary Internet Files\Content.IE5\VNQ6E7G4\install_flashplayer11x32ax_gtbd_aih[1].exe
    Common Standard Protection:Prevent common programs from running files from the Temp folder
    Action blocked : Execute
    10/10/2011
    8:14:35 AM
    Blocked by Access Protection rule
    <Computername>\<user>
    C:\Documents and Settings\<user>\Local Settings\Temporary Internet Files\Content.IE5\VNQ6E7G4\install_flashplayer11x32ax_gtbd_aih[1].exe
    \REGISTRY\USER\S-1-5-21-431391153-592018285-4164930105-1040\Software\Microsoft\Windows\Cur rentVersion\Internet Settings\ZoneMap\AutoDetect
    Anti-spyware Standard Protection:Protect Internet Explorer favorites and settings
    Action blocked : Create
    10/10/2011
    8:14:37 AM
    Blocked by Access Protection rule
    <Computername>\<user>
    C:\Documents and Settings\<user>\Local Settings\Temp\install_flashplayer11x32ax_gtbd_aih[1].exe
    \REGISTRY\USER\S-1-5-21-431391153-592018285-4164930105-1040\Software\Microsoft\Windows\Cur rentVersion\Internet Settings\ZoneMap\AutoDetect
    Anti-spyware Standard Protection:Protect Internet Explorer favorites and settings
    Action blocked : Create
    10/10/2011
    8:14:38 AM
    Blocked by Access Protection rule
    <Computername>\<user>
    C:\Documents and Settings\<user>\Local Settings\Temp\install_flashplayer11x32ax_gtbd_aih[1].exe
    \REGISTRY\USER\S-1-5-21-431391153-592018285-4164930105-1040\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version
    Anti-spyware Standard Protection:Protect Internet Explorer favorites and settings
    Action blocked : Create
    10/10/2011
    8:14:38 AM
    Would be blocked by Access Protection rule  (rule is currently not enforced)
    <Computername>\<user>
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\<user>\Local Settings\Temp\install_flashplayer11x32ax_gtbd_aih[1].exe
    Common Standard Protection:Prevent common programs from running files from the Temp folder
    Action blocked : Execute
    10/11/2011
    10:48:42 AM
    Blocked by Access Protection rule
    <Computername>\<user>
    C:\WINDOWS\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB70-AE6D-11cf-96B8-444553540000}\Compatibility Flags
    Anti-spyware Standard Protection:Protect Internet Explorer favorites and settings
    Action blocked : Delete
    10/11/2011
    10:48:43 AM
    Blocked by Access Protection rule
    <Computername>\<user>
    C:\WINDOWS\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe
    \REGISTRY\USER\S-1-5-21-431391153-592018285-4164930105-1040\Software\Microsoft\Windows\Cur rentVersion\Internet Settings\ZoneMap\AutoDetect
    Anti-spyware Standard Protection:Protect Internet Explorer favorites and settings
    Action blocked : Create
    10/11/2011
    10:49:05 AM
    Would be blocked by Access Protection rule  (rule is currently not enforced)
    <Computername>\<user>
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\<user>\Local Settings\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
    Common Standard Protection:Prevent common programs from running files from the Temp folder
    Action blocked : Execute
    10/11/2011
    10:49:05 AM
    Would be blocked by Access Protection rule  (rule is currently not enforced)
    <Computername>\<user>
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\<user>\Local Settings\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
    Common Standard Protection:Prevent common programs from running files from the Temp folder
    Action blocked : Execute
    10/11/2011
    10:49:14 AM
    Blocked by Access Protection rule
    <Computername>\<user>
    C:\DOCUME~1\<user>\LOCALS~1\Temp\371.dir\InstallFlashPlayer.exe
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}\Policy
    Anti-spyware Standard Protection:Protect Internet Explorer favorites and settings
    Action blocked : Create
    10/11/2011
    10:49:14 AM
    Blocked by Access Protection rule
    <Computername>\<user>
    C:\DOCUME~1\<user>\LOCALS~1\Temp\371.dir\InstallFlashPlayer.exe
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}\AppPath
    Anti-spyware Standard Protection:Protect Internet Explorer favorites and settings
    Action blocked : Create
    10/11/2011
    10:49:14 AM
    Blocked by Access Protection rule
    <Computername>\<user>
    C:\DOCUME~1\<user>\LOCALS~1\Temp\371.dir\InstallFlashPlayer.exe
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}\AppName
    Anti-spyware Standard Protection:Protect Internet Explorer favorites and settings
    Action blocked : Create
    10/11/2011
    10:49:14 AM
    Blocked by Access Protection rule
    <Computername>\<user>
    C:\DOCUME~1\<user>\LOCALS~1\Temp\371.dir\InstallFlashPlayer.exe
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB70-AE6D-11cf-96B8-444553540000}\Compatibility Flags
    Anti-spyware Standard Protection:Protect Internet Explorer favorites and settings
    Action blocked : Create
    10/11/2011
    10:49:26 AM
    Blocked by Access Protection rule
    <Computername>\<user>
    C:\DOCUME~1\<user>\LOCALS~1\Temp\371.dir\InstallFlashPlayer.exe
    \REGISTRY\USER\S-1-5-21-431391153-592018285-4164930105-1040\Software\Microsoft\Windows\Cur rentVersion\Internet Settings\ZoneMap\AutoDetect
    Anti-spyware Standard Protection:Protect Internet Explorer favorites and settings
    Action blocked : Create
    10/12/2011
    8:05:12 AM
    Blocked by Access Protection rule
    <Computername>\<user>
    C:\Documents and Settings\<user>\My Documents\Downloads\install_flashplayer11x32_mssd_aih.exe
    \REGISTRY\USER\S-1-5-21-431391153-592018285-4164930105-1040\Software\Microsoft\Windows\Cur rentVersion\Internet Settings\ZoneMap\AutoDetect
    Anti-spyware Standard Protection:Protect Internet Explorer favorites and settings
    Action blocked : Create
    10/12/2011
    8:05:13 AM
    Blocked by Access Protection rule
    <Computername>\<user>
    C:\Documents and Settings\<user>\Local Settings\Temp\install_flashplayer11x32_mssd_aih.exe
    \REGISTRY\USER\S-1-5-21-431391153-592018285-4164930105-1040\Software\Microsoft\Windows\Cur rentVersion\Internet Settings\ZoneMap\AutoDetect
    Anti-spyware Standard Protection:Protect Internet Explorer favorites and settings
    Action blocked : Create
    10/12/2011
    8:05:14 AM
    Blocked by Access Protection rule
    <Computername>\<user>
    C:\Documents and Settings\<user>\Local Settings\Temp\install_flashplayer11x32_mssd_aih.exe
    \REGISTRY\USER\S-1-5-21-431391153-592018285-4164930105-1040\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version
    Anti-spyware Standard Protection:Protect Internet Explorer favorites and settings
    Action blocked : Create
    10/12/2011
    8:05:14 AM
    Would be blocked by Access Protection rule  (rule is currently not enforced)
    <Computername>\<user>
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\<user>\Local Settings\Temp\install_flashplayer11x32_mssd_aih.exe
    Common Standard Protection:Prevent common programs from running files from the Temp folder
    Action blocked : Execute

    Hi Ulendal,
    Unfortunately, we cannot make a guarantee on specific file names for our installers, or that they will keep the same file names in the future.
    However, great effort is going into improving the current update experience in a future release.
    Thanks,
    Stephen

  • Cidway with RDS 2012 R2

    Hi,
    We want to run two factor login for RDS 2012 R2 web by using cidway, is this possible?

    Hi,
    Thank you for your posting in windows Server Forum.
    You can use 2 factor authentication for RD Web with RD gateway setup on your network, so that you can work seamlessly and can enjoy the function of RD gateway pluggable authentication. For that you on client system you can install new RDP 8.1 and enjoy full
    feature. 
    What's New in Remote Desktop Services for Windows Server 2012 R2
    Customizing RD Gateway authentication and authorization schemes
    In addition, you can also refer below thread.
    RDS 2012 2 Factor Authentication
    For 3rd party authentication, you need to contact their customer support whether they support the feature to access with Windows Server feature or not.
    Hope it helps! 
    Thanks,
    Dharmesh

  • App-V 5.x antivirus exclusions

    For App-V 4.x Microsoft have documented recommended antivirus exclusions. Are there any similar recommended antivirus exclusions for App-V 5.x?

    Hello,
    App-V 5.0 does not have any recommended antivirus exclusions.
    Nicke Källén | The Knack| Twitter:
    @Znackattack

  • Crystal Report Server - Antivirus Exclusions

    Does SAPBO have a list of antivirus exclusions for the Crystal Report Server's - Application Directories, Files, Databases, or other objects that need to be exculded from 'Real-Time' and 'Shcheduled' scans?  If so where is it?  I have querired all the forums with no results on the exclusions list.
    We deployed a new version of McAfee 8.5.1i patch-level 7 that caused CRS to stop functioning properly for 12 hours.

    Agreed, the root cause in this case was an incorrect set of exclusions that allowed a Full Virus Scan to touch database .mdf and ldf files.
    We had originally set up the exclusions according to all Microsoft SQL Server 2005 and IIS standards for Anti-Virus exclusions, and then subsequently installed Crystal Report Server some time after that with no negative impact.
    The upgrade we just performed however removed the exclusions and caused the CRS to have issues.  My experience with defining exclusions has been to go to the vendors of all the installed products and ask for their techncal documenation on the anti-virus exclutions and best practices.  Because I had never done so before I thought now would be a good time.
    SAP/BO are not alone by not having an 'Official' document on this matter, but if we are to continue to be #1 then having high expectations goes with the territory.
    Thanks Question Asked and Answered

  • RDS 2012- connect to session collection trough mstsc.exe on XP SP3

    Hi!! i need to connect to a session collection based on rds 2012 directly trough mstsc.exe on xp sp3 clients... xp don't support remoteapp and desktop connection and my users can't use internet explorer to connect trough rd web Access..
    Thanks!

    Hi,
    What you could do is upgrade Windows XP with the latest Remote Desktop Client available for Windows XP (http://support.microsoft.com/kb/969084)
    Then extract the .RDP file you want from the RDS 2012 environment (or specify the properties manually in a .RDP) file.
    Recently I wrote on article on the distribution of Remote Apps and desktops in Windows Server 2012, that might be useful:
    http://virtualizationadmin.com/articles-tutorials/vdi-articles/general/distribution-of-remote-apps-and-desktops-in-windows-server-2012.html
    Also, more info on the .RDP properties specifically needed for RDS 2012:
    http://microsoftplatform.blogspot.nl/2012/04/rd-connection-broker-ha-and-rdp.html
    Kind regards,
    Freek Berson
    The Microsoft Platform
    Twitter
    Linked-in
    Wortell company website

  • Antivirus software exclusions for DFS and Hyper-V

    I am rolling out an updated antivirus solution to our DFS server and Hyper-V (Windows 2008 and 2012) and I am curious of the following:
    1. What are the exclusion suggestions for Hyper-V servers?  I found a URL that showed the exceptions to add but I thought there would be more for Hyper-V to exclude.
    2. What are the specific exclusions to include for a DFS server?  I read somewhere that there were some DFSR hidden folders that need to be included but I would like to know if there is an official suggestion from Microsoft of what files/folders need
    to be excluded.

    Hi,
    Anti-virus software should exclude Hyper-V specific files which listed in the article below:
    Hyper-V: Anti-Virus Exclusions for Hyper-V Hosts
    http://social.technet.microsoft.com/wiki/contents/articles/2179.hyper-v-anti-virus-exclusions-for-hyper-v-hosts.aspx
    For the DFS antivirus exclusion, you could refer to the article below:
    Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows
    http://support.microsoft.com/kb/822158/en-us
    Regards,
    Mandy
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • File & directory exclusion for Exchange 2010 in antivirus

    Hi
    I'm running Exchange 2010 servers.
    Can someone told me what would be the exclusion should be done in terms of file level & directory level for exchange 2010 in antivirus.
    Thanks in Advance
    Anuj Gupta

    Hi,
    Let’s begin with the following article:
    http://blogs.technet.com/b/davmcg/archive/2012/02/04/exchange-server-2010-and-antivirus-exclusions.aspx
    The article lists the individual files and extensions of antivirus in Exchange 2010.
    And here is more reference:
    http://blogs.technet.com/b/mspfe/archive/2011/05/05/exchange_2d00_server_2d00_recommendations_2d00_for_2d00_file_2d00_level_2d00_antivirus_2d00_scanners.aspx
    If you have any question, please feel free to let me know.
    Thanks,
    Angela Shi
    TechNet Community Support

  • Best practice for RDGW placement in RDS 2012 R2 deployment

    Hi,
    I have been setting up a RDS 2012 R2 farm deployment and the time has come for setting up the RDGW servers. I have a farm with 4 SH servers, 2 WA servers, 2 CB servers and 1 LS.
    Farm works great for LAN and VPN users.
    Now i want to add two domain joined RDGW servers.
    The question is; I've read a lot on technet and different sites about how to set the thing up, but no one mentions any best practices for where to place them.
    Should i:
    - set up WAP in my DMZ with ADFS in LAN, then place the RDGW in the LAN and reverse proxy in
    - place RDGW in the DMZ, opening all those required ports into the LAN
    - place the RDGW in the LAN, then port forward port 443 into it from internet
    Any help is greatly appreciated.
    This posting is provided "AS IS" with no warranties or guarantees and confers no rights

    Hi,
    The deployment is totally depends on your & company requirements as many things to taken care such as Hardware, Network, Security and other related stuff. Personally to setup RD Gateway server I would not prefer you to select 1st option. But as per my research,
    for best result you can use option 2 (To place RDG server in DMZ and then allowed the required ports). Because by doing so outside network can’t directly connect to your internal server and it’s difficult to break the network by any attackers. A perimeter
    network (DMZ) is a small network that is set up separately from an organization's private network and the Internet. In a network, the hosts most vulnerable to attack are those that provide services to users outside of the LAN, such as e-mail, web, RD Gateway,
    RD Web Access and DNS servers. Because of the increased potential of these hosts being compromised, they are placed into their own sub-network called a perimeter network in order to protect the rest of the network if an intruder were to succeed. You can refer
    beneath article for more information.
    RD Gateway deployment in a perimeter network & Firewall rules
    http://blogs.msdn.com/b/rds/archive/2009/07/31/rd-gateway-deployment-in-a-perimeter-network-firewall-rules.aspx
    Hope it helps!
    Thanks.
    Dharmesh Solanki
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • RDS 2012 External access for Session Hosts over different port to default 443

    Hello there
    I am having problems solving this problem as you may see on other posts, so I am going to try again.
    I have two Server 2012 machines for RDS. Server 1 one with all roles (Gateway, Broker, Session host etc.) and second machine, Server 2 as a session host only. I am running RDWeb Apps, with CA certificate installed and
    everything works fine internally.
    Due to limitations on the router I had to change the default SSL port on the gateway (Server 1) to 4043. I have this and 3391 for UDP open to Server 1 from the router.
    Working externally, I can login to the RDS site and open apps form Server 1, but when I try to open an app installed on Server 2, I get a certificate error.  The error is:
    “Your computer can’t connect to the remote computer because the Remote Desktop Gateway server address
    and the certificate subject name do not match. Contact your network administrator for assistance". 
    The certificate address the error points to is referring to is an SBS 2011 cert for RWW and email. Experimenting, if I use 443 on the Server 1
    gateway instead of 4043 and change the router accordingly, it then works. I can open apps form both session hosts externally . But not if is set to 4043. 
    For the record Server 2 session host also gives this error:
    Event ID: 1280 Warning Microsoft Windows TerminalServcies-session broker client 
    Remote Desktop Services failed to join the Connection Broker on server sever-vm1.local.
    Error: Current async message was dropped by async dispatcher, because there is a new message which will override the current one.
    Because everything works fine using default 443, I figure this is a communication or firewall issue between the gateway and the session host on Server 2.  
    Can anyone help here? 
    Many Thanks 
    MIS5000

    Hi,
    Thanks for your comment.
    Have you check the connection on your second server?
    Can you ping the server 2 from server 1?
    As from the event ID 1280 it seems there is some network connectivity to RDCB server. Also please “Add the RD Session Host server to the Session Broker Computers group” & RDWeb server's computer account needs to be a member of the local TS Web Access Computers
    group on your RDSH server.  You can get the detailed information from this article.
    In addition, do you have certificate purchased and install from trusted root authority. There is some requirement to use certificate for RDS environment, please consider following points.
    1. The certificate is installed into computer’s “Personal” certificate store. 
    2. The certificate has a corresponding private key. 
    3. The "Enhanced Key Usage" extension has a value of either "Server Authentication" or "Remote Desktop Authentication" (1.3.6.1.4.1.311.54.1.2). Certificates with no "Enhanced Key Usage" extension can be used as well. 
    You can get more details regarding certificatehere.
    Hope it helps!
    Thanks.
    Dharmesh Solanki
    TechNet Community Support

  • Pagefile exclusion for VHDs is not functional System Center DPM 2012 R2

    The Release Notes for Data Protection Manager in System Center 2012 R2 state that:
    Pagefile exclusion for VHDs is not functional
    Description: Pagefile exclusion for virtual hard disk files (VHDs) is not functional.
    Workaround: None.
    I feel silly asking this in the forums, but my mind just can't wrap around the fact that this feature (that was just recently added in DPM 2012 SP1) is broken in the new release of 2012 R2.  Does anyone with actual knowledge of the product have any
    additional info on this issue?  Do we need to wait for a service pack to fix it or are there possibly ANY workarounds or situations where it might be used?
    TIA

    Hi,
    This is a documentation error and will get it addressed.  DPM 2012 R2 RTM does still support page file VHD exclusion same as DPM 2012 SP1.
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Regards, Mike J. [MSFT]
    This posting is provided "AS IS" with no warranties, and confers no rights.

  • App-v client 5.0 sp2 for RDS, Excel 2007, ESSBase add-in, win 2012 server R2 Excel crashes

    Hi,
    I'm trying to make following work (with no success for now). 
    Issue
    > Excel crashed when It loads the ESSBase’s (xla or xll) add-in.
    For the purpose of my tests, I’m handling the app-v packages using the powershell commandlets
    (no SCCM / no App-V Infrastructure)
    Environment
    On top of a Win 2012 r2 remote desktop session host server, I :
    - installed App-V 5.0 SP2 client for RDS
    - (added/published globally) Excel as a packaged app-v app
    - (added/published globally) ESSBase as a packaged app-v app 
    - (added/Enabled it Globally) a Connection Group (witch includes both the above appv packages)
    Connection group’s XML looks like below :
    Commandlets I'm using :
    import-module
    appvclient
    #Add packages
     Add-AppvClientPackage
    -Path C:\ExcelEss\EXcel\EXcel.appv    
     -DynamicDeploymentConfiguration
    C:\ExcelEss\EXcel\Excel_DeploymentConfig.xml
     Add-AppvClientPackage
    -Path C:\ExcelEss\ESSBASE\ESSBASE.appv
     -DynamicDeploymentConfiguration
    C:\ExcelEss\ESSBASE\ESSBASE_DeploymentConfig.xml  
    #Publish packages Globally
     Publish-AppvClientPackage
    -Global -Name
    Excel
     Publish-AppvClientPackage
    -Global -Name
    ESSBASE
    #Publish Group
     Get-AppvClientPackage
    | Stop-AppvClientPackage
     Add-AppvClientConnectionGroup
    C:\ExcelEss\MyTestGroup1.xml
    | `
     Enable-AppvClientConnectionGroup
    -Global
    Any help please ?
    MCTS Windows Server Virtualization, Configuration

    Issue fixed, details below
    Upgrade to App-V SP3
    - upgrade of the App-V Client for RDS from version 5.0 SP2 to 5.0 SP3 (RDS VM)
    - uninstall of the App-V 5.0 SP2 sequencer and install of the App-V 5.0 sequencer SP3 
      (App-V Sequencer VM)
    Sequencing
    - Install/Sequencing of Excel 2007 as a 1st distinct App-V Package
    - Install/Sequencing of Oracle ESSBase  Excel Add-In as a 2nd distinct App-V Package
       > I chose type: Add-On or Plugin (second option)
          *this time I forced Oracle Add-In to install under C:\Prog~files (x86)\Oracle
              and no more under
    C:\Oracle  
    - *at the end of the add-In package’s sequencing phase I ensured to have
    mscomctl.ocx
       somewhere on the sequencer VM and then run a cmd then
    ‘regsvr32 mscomctl.ocx’
    when editing the Connection Group’s XML file, I updated the schema
    from
    xmlns=http://schemas.microsoft.com/appv/2010/virtualapplicationconnectiongroup
    to
    xmlns=http://schemas.microsoft.com/appv/2014/virtualapplicationconnectiongroup
    Explanation:
    http://technet.microsoft.com/en-us/library/dn858700.aspx#BKMK_update_schema_cg
    Deployment
    Add-AppvClientPackage -Path .\Excel\Excel.appv
    Add-AppvClientPackage -Path .\ESSBase\ESSBase.appv
    Publish-AppvClientPackage -Global ESSBase
    Publish-AppvClientPackage -Global Excel
    Add-AppvClientConnectionGroup -Path .\MyTestGroup1.xml
    Enable-AppvClientConnectionGroup –Global
    Although I modified couple of things at once (see red stars above) in this last attempt
    to make this work - I can't really distinguish what step fixed it but - I guess the upgrade to SP3 was a must do step anyway -
    Working !
    Thanks. 
    MCTS Windows Server Virtualization, Configuration

  • Certificate Requirement for Microsoft RDS 2012

    Hi All,
    I planning to deploy RDS VDI and remote app service, Please help me to understand the certificate
    requirement for server authentication, publication, SSO , etc.
    Internet URL is
    https://RDSVDI.domain.net
    My servers are in .local 
    RD Licensing Server--------RDSLICSVR.Domain.LOCAL
    RD Connection Broker-----RDSCB.Domain.LOCAL
    RD Web Access------------RDSWEBSVR.Domain.LOCAL
    RD Session Host-----------RDSSHSVR.Domain.LOCAL
    RD Visualization Host-------RDSVHSVR.Domain.LOCAL
    RD Gateway Server -------RDGWSVR.Domain.LOCAL
    What kind of Certificate do i required to launch Desktop and RemoteApp without any error.

    Hi,
    1. I would recommend a wildcard certificate (*.domain.net) purchased from a trusted public authority such as GoDaddy, VeriSign, Thawte, etc.  This wildcard certificate would be used for all RDS purposes.
    2. On the internal network you will need to create a DNS zone for domain.net with A records pointing to the private ip addresses, similar to the following:
    rdsvdi.domain.net --> private ip address of your RD Web server
    rdscb.domain.net --> private ip address of your RD Connection Broker
    rdsgwsvr.domain.net --> private ip address of your RD Gateway server (this is only needed if you want to use RDG for internal users)
    3. On the Internet you will need DNS records similar to the following:
    rdsvdi.domain.net --> public ip address for your RD Web server
    rdgwsvr.domain.net --> public ip address for your RD Gateway server
    4. You will need to change the published FQDN for your RDS deployment to rdscb.domain.net using the cmdlet below:
    Change published FQDN for Server 2012 or 2012 R2 RDS Deployment
    http://gallery.technet.microsoft.com/Change-published-FQDN-for-2a029b80
    5. You may need to modify your RD RAP in RD Gateway Manager. For example, you could edit the properties of the RD RAP, Network Resource tab, and select Allow users to connect to any network resource.
    6. You should make sure that all client PCs have RDP 8.1 Client (6.3.9600) installed for best results connecting to Server 2012 R2.
    7. For domain-joined PCs you may choose to set the SHA thumbprint of your certificate via group policy setting so that they will not be prompted when launching RemoteApps.
    8. It is preferred for users to use IE to connect to RD Web Access and select the Private option if possible (as long as the PC is not public).  When prompted they should Allow the Activex control to run.
    -TP

  • RDS 2012 Deplyment RDG crashing

    Hi All,
    I hope someone out there can help us. We have a RDS 2012 deployment with the following configuration (.N.B. all servers are VMs on vSphere 5.5 Enterprise and brand new Dell servers and we have zero network issues as these have been fully checked several
    times)
    2 x RD Connection Brokers (2012 R2)
    2 RD Licence Servers (2012 R2)
    1 x RD Web Access (2012 R2)
    1 x RD Gateway server (2012 R2)
    2 x Session collections, one with 10 Session Hosts and one with 4 session hosts (all session hosts are 2012, not R2)
    We are experiencing a very very strange situation where the RDG simply stops procession connections randomly. there are absolutely no errors, warnings or critical events logged in ANY of the event logs (and we have trawled through every single one of them!(and
    the service does not stop or crash in the traditional sense. we also cannot launch the gateway manager console when this happens. if we restart the service then all is fine and users can reconnect. we have even replaced the gateway with a brand new box and
    the issue still prevails. All clients that connect through the RDG are a minimum on Windows 7 and have at least RDP 8.0 installed
    Has anyone else seen this? it is becoming a real issue for us and people are losing faith, as they do

    Hi Richard,
    Thank you for posting in Windows Server Forum.
    Have you installed any anti-virus software? Please try to disable the antivirus software to see if same issue exists. Also you can check with Performance monitor and see whether you can find anything useful part for further troubleshooting. In addition, please
    check the server & PC’s NIC and other driver (If facing issue with remote connection), whether it’s compatible and updated to latest version.
    Hope it helps!
    Thanks.
    Dharmesh Solanki
    TechNet Community Support

Maybe you are looking for