Cidway with RDS 2012 R2

Similar Messages

• Moving user profiles from Server 2012 with RDS services to User profile disks Server 2012R2

  Hello i have a question about moving my C:\users profiles.
  My current settings on the servers are:
  AD-Server 2012
  SQL-Server 2012
  TS- server with RDS roles (RDwebacces, RDs broker, RD session host) 2012
  everything about user profiles is now in C:\Users
  My new settings for the server will be:
  AD-ActiveDirectory - server
  SQL-Server
  TS1- RDS (RDwebacces, broker, RDS server group management) 2012R2 (I have enabeld userProfileDisks to Filesistem server)
  TS2- RDS(Session host) load balance 2012R2
  TS3- RDS (Session host) load balance 2012
  FileSistem - server ( here i will have on E: partition the new functionality UserProfileDisks) 2012R2
  So is there a way to move profiles from TS - C:\Users to FileSistem - E:\UserProfileDisks
  I am new to this so any idea wil be helpful.

  Hi,
  If the UPD is configured on the server which holds existing user profiles, just select the option:
  store all user settings and data inside the profile disk.
  Since you are moving user profiles between different servers, then user profile contents need to be migrated manually.
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• RDS 2012 R2 best design possible with wildcard certificate

  Hi!
  I am looking for some guidance for my RDS 2012 R2 design flaw. 
  What I would like to achieve?
  *I would like my users either internal or external to be able to connect to RDWeb via one single webaddress ( remote.mydomain.com)
  What I have in place?
  1x Broker
  1x WebAccess
  1x Gateway (also license server)
  1x SessionHost
  1x Wildcard Certificate
  my internal domain is mydomain.local and external is mydomain.com
  I have tried ( http://msfreaks.wordpress.com/2013/12/23/windows-2012-r2-remote-desktop-services-part-2/) without success.
  Any guidence here will be very helpfull.
  cheers
  Elton

  Hi Elton
  I have a similar configuration working with 2012 R2. However, my config is slightly different, namely:
  2 x RDSH servers
  1 x all other roles (web, gateway etc).
  However, I am using a valid single URL cert on the gateway/web server, which is accessible using remote.domain.com. I did NOT replace the cert on the RDSH servers (using WMI), because you end up with 0x607authentication errors if the certificate is not fully
  valid - corrrect name, trusted, and recovation information available. If you have purchased a  commercial wildcard cert, this should work.
  I did some testing and concluded the following, may be of interest:
  If you are just using the farm for internal connections, you can use an internal CA, and create self signed certs for the gateway, and the RDSH servers. You could use individual
  certificates for the servers, wildcard or SAN certificates. Then you will have no errors when connecting from internal clients. This will not work from external clients however, even if you trust your root or issuing CA  manually on the external client,
  because the revocation information will not be available to clients outside the domain or network, and you will get 0x607 authentication errors.
  If you are connecting from outside your network, you have 3 options:
  Use self signed certs created during the role installation, don't change any RDP certs on RDSH servers. Then manually place the gateway certificate in trusted root authorities on the external
  client.
  Purchase commercial certificates for the gateway, and optionally all of the RDSH servers. This will avoid any warnings. You could either use separate certs, wildcard or SAN. If you replace
  the certificates on the RDSH servers, they must be valid and match the names.
  Purchase just one certificate for the external URL for accessing the gateway, leaving the default self-signed certificates on the RDSH servers. This will mean that there is no warning
  when connecting to RDWeb, but there may be warnings when the connection establishes. I use this option with one free StartSSL certificate.
  To summarise, you can use either commercial or self signed for the RDWeb page. However, if you replace the certificate on the RDSH servers, this MUST be valid commercial for external clients to be able to connect. Otherwise
  just leave it as self signed.
  In my case, I can use remote.domain.com from either outside or inside the network. So, I configure the deployment to use the external URL, and that URL works from inside too. This is because it resolves to the external
  address, so requests go out to the firewall and then back in again. This way you do not have to worry about the internal connections not using a matching URL as on the certs. Or, create an internal DNS record, so that remote.domain.com points to your internal
  address of the RDweb server. This should work as well.

• I heard some promote use of "Terminal Services(RDS)", rather than App-V application with SCCM 2012 even if you have SCCM licens.

  Hi,
  I heard some promote use of "Terminal Services(RDS)", rather than App-V application with SCCM 2012 even if you have SCCM licens. The reason you dont need to repackage\test the application on an client OS...
  I don't agree and I have not Heard this Before, just that you use TS for some scenario.
  Or is it more likely that "Terminal Services(RDS)", take over the applikation administration?
  /SaiTech

  Surely this all depends on your environment. There's nothing wrong with creating RemoteApps to push to client devices. Maybe you have an environment where RDS is widely used. 
  Why not leverage both solutions and target App-V's at RDS servers and then create App-V based RemoteApps that users can run at home as part of a home working solution via RDWeb.
  Creating apps via RDS will be an admin overhead yes but then so is creating App-V packages in SCCM.
  I don't agree with the arguement re: 'you dont need to repackage\test the application on an client OS...' as
  App-V allows you to run on multple O/S types. 
  To be honest both technologies have their pros and cons. 
  Cheers
  Paul | sccmentor.wordpress.com

• RDS 2012-PUBLISING REMOTEAPPS WITH VIRTUAL DESKTOP SESSION

  Hello,  I deployed a RDS 2012 VIRTUAL DESKTOP SESSION FARM.
  Is it possible publish a REMOTEAPPS with Virtual Desktop Session?, I only find information with Remote Desktop Session
  Thanks
  Regards

  Hi,
  Seems this is not the possible scenario for deployment, we need to have Session based deployment as both virtual desktop session and session based deployment differs from other.
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• RDS 2012: Compatible with SQL Server 2014 AlwaysOn?

  Is Remote Desktop Services 2012 R2 compatible with SQL Server 2014 AlwaysOn Availability Groups?  Are there any procedural documents available for RDS requirements on how it expects AlwaysOn to be configured?
  Thanks

  Hi,
  Thank you for posting in Windows Server Forum.
  As per my research, we can install SQL server 2014 on RDS Server 2012\R2, you can check below article with step by step guide.
  How to install SQL Server 2014
  In addition for SQL AlwaysOn Consideration there is useful blog (RDS 2012 SQL AlwaysOn Considerations) you can go through for details.
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• RDS 2012 - Using a reverse proxy with the Gateway server on the internal LAN

  Hi there,
  I'm looking to introduce an RDS 2012 farm and would like to put the RDS Gateway server on the internal LAN (due to it's AD requirements etc).
  What are the best practise options for using a reverse proxy to forward traffic to the gateway server and is it better to do this than just forward 443 traffic from the DMZ through to the Gateway directly?
  Thanks,
  Paul.

  Hi Paul,
  It is generally considered more secure to have a reverse proxy in front of RDG.  I don't know of a proxy that will handle the RDG UDP traffic, so you will need to consider using direct server return for that or not having the benefit of UDP.  Whether
  or not it is acceptable to simply forward TCP 443/UDP 3391 directly to your internal RDG is up to your security policies.  Many companies are fine with it while many other companies think it is unacceptable and require a reverse proxy or other method
  to provide an extra layer of protection.
  -TP

• What is the criteria for a local network with RDS Gateway 2012?

  I have a hard time finding out what the criteria are how RDS 2012 detemines that the network the client is on is a local network or an external one.  I have one subnet within our network that isn't recognised as a local network and all RDS traffic is
  passed to the gateway server. This is something we don't want for internal addresses. Can anyone enlighten me how RDS determines whether you are on an internal or external network?
  Thanks!
  Leo

  Hi,
  Thank you for posting in Windows Server Forum.
  As per my research I can say that RDS when getting any connection it looks for DNS to verify as all the usage for internal\external entries is made under DNS for his environment through RD Gateway. 
  The RD Gateway role service provides secure access by establishing an SSL tunnel from the client to the RD Gateway. The RD Gateway acts as the middleman. It passes traffic to and from the client over port 443, and to and from the internal resource over port
  3389. Any communication between the RD Gateway and the external client is also encrypted. The RD Gateway uses authorization policies to determine who can use the service and the specific resources to which they’re allowed access. You can configure different
  permission sets for people depending on whether they’re connecting from within or outside the network.
  You can get more details from beneath link.
  How To Work with RD Gateway in Windows Server 2012
  http://redmondmag.com/articles/2013/12/24/rd-gateway-in-windows-server.aspx
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Are sticky notes compatible with Cloud RDS 2012 R2 Server?

  Greetings tech wizards.  We are running an RDS 2012 R2 Server in the Cloud, and I would like to pose a question: is the default windows sticky notes application compatible in a Cloud environment?  Multiple users would be using the application
  at the same time.   Any expertise is appreciated.  Thank you.  

  Hi,
  From your description seems you have performed all the steps and that’s the proper way for removing. Apart from this, there might some database left behind related to RDS server and we need to remove it for completely remove it.
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Office 365 with Shared Computer Activation (on RDS 2012)

  Hi,
  I have installed Office 365 (shared activation method) on RDS 2012.
  This works fine, users can activate using their Office 365 account and the entire Office suite appears activated.
  The issue is that the users intermittently (random intervals) have to re-enter their details and reactivate.
  Under what circumstances should the users have to reactivate, sometimes I can logon and activate and the next logon I have to do it again. Other times it can last for days..
  Thanks.

  SCA is referenced here:
  https://technet.microsoft.com/en-us/library/dn782860.aspx and
  https://technet.microsoft.com/en-us/library/dn782859.aspx
  I haven't seen or heard much more about it in detail except here:
  http://blogs.technet.com/b/uspartner_ts2team/archive/2014/09/03/office-365-shared-computer-activation.aspx
  http://blogs.office.com/2014/11/19/garage-series-questions-answered-shared-computer-activation-office-365-proplus/
  If you have ADFS or DirSync to your O365 tenant, most likely you wouldn't see this happening, it would all hookup seamlessly (a lot like KMS just does...)
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• How do you configure a farm name in RDS 2012?

  I understand Remote Desktop Services has undergo some drastric changes.
  How do you configure a farm name in RDS 2012? Or is the concept around farm name changed in another concept?
  Although I have imported a certificate on the RDCH withe the farm name I want to use. When I click on a RemoteApp on the RD Web Access portal, it does not connect to the right farm name.
  Boudewijn Plomp, BPMi Infrastructure & Security

  You don't.  You create a collection.  A client connects to the Connection Broker and then is redirected to the collection it is connecting to.  The collection name is embedded in the connection file that the client downloads from RDWeb or
  the RDWeb feed. 
  A collection is basically at least one RDSH server (for session based desktops) or one virtual machine (virtual machine based desktops). 
  Don Geddes - SR Support Escalation Engineer - Remote Desktop Services - Printing and Imaging

• How can I Create a Client Configuration File for RemoteApp and Desktop Connection with Server 2012?

  I have a working RDS RemoteApp site and looking to test out the feature in Windows 7 Control Panel\All Control Panel Items\RemoteApp and Desktop Connections
  I came across this link: Create a Client Configuration File for RemoteApp and Desktop Connection and I believe this is what I need to do first, but these instructions are for
  Server 2008, and I'm running 2012.
  Any suggestions or tips on how I can begin testing this with Server 2012?

  Hi,
  You can manually enter the path to the 2012 feed and it will connect and download the RemoteApps and Desktop connections.
  If you need a sample .wcx file I have posted one here a couple of times.  If you want I will look for it and post a link.
  -TP
  I tried adding my URL's below, these are sample links that work for me right now for when I log into the web page, but neither of these work.  And I'm not sure what I would need to do with or how to create a .wcx file.
  When I type in my URL of: https://connect.mydomain.org/RDWeb, I get redirected to: 
  https://connect.mydomain.org/RDWeb/Pages/en-US/login.aspx?ReturnUrl=/RDWeb/Pages/en-US/Default.aspx

• Best practice for RDGW placement in RDS 2012 R2 deployment

  Hi,
  I have been setting up a RDS 2012 R2 farm deployment and the time has come for setting up the RDGW servers. I have a farm with 4 SH servers, 2 WA servers, 2 CB servers and 1 LS.
  Farm works great for LAN and VPN users.
  Now i want to add two domain joined RDGW servers.
  The question is; I've read a lot on technet and different sites about how to set the thing up, but no one mentions any best practices for where to place them.
  Should i:
  - set up WAP in my DMZ with ADFS in LAN, then place the RDGW in the LAN and reverse proxy in
  - place RDGW in the DMZ, opening all those required ports into the LAN
  - place the RDGW in the LAN, then port forward port 443 into it from internet
  Any help is greatly appreciated.
  This posting is provided "AS IS" with no warranties or guarantees and confers no rights

  Hi,
  The deployment is totally depends on your & company requirements as many things to taken care such as Hardware, Network, Security and other related stuff. Personally to setup RD Gateway server I would not prefer you to select 1st option. But as per my research,
  for best result you can use option 2 (To place RDG server in DMZ and then allowed the required ports). Because by doing so outside network can’t directly connect to your internal server and it’s difficult to break the network by any attackers. A perimeter
  network (DMZ) is a small network that is set up separately from an organization's private network and the Internet. In a network, the hosts most vulnerable to attack are those that provide services to users outside of the LAN, such as e-mail, web, RD Gateway,
  RD Web Access and DNS servers. Because of the increased potential of these hosts being compromised, they are placed into their own sub-network called a perimeter network in order to protect the rest of the network if an intruder were to succeed. You can refer
  beneath article for more information.
  RD Gateway deployment in a perimeter network & Firewall rules
  http://blogs.msdn.com/b/rds/archive/2009/07/31/rd-gateway-deployment-in-a-perimeter-network-firewall-rules.aspx
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• RDS 2012 App-V 5 SP2, Applications are not pinned in the Metro Start Menu

  Hey All,
  I've been building a new App-V 5 Environment using server 2012 R2 for the App-V management\Publishing\Reporting servers.
  I've installed app-v 5 SP2 on the RDS 2012 R2 servers and installed the App-V 5.1 SP1 Hotfix (KB2897087) for the 2012 R2 support.
  I have run into the following issue; When triggering a app-v publishing sync the applications are only added in the classic start menu. The applications aren't pinned in the Metro Start menu like our App-V sp1 RDS 2012 clients.
  I have checked the App-V client eventlogs (including the debug logs) and I haven't been able to find any errors that point out the cause of my issue.
  Has anyone experienced the same issue or has anyone got any tips to get the app-v 5 sp2 client on RDS 2012 R2 to pin the sequences to the Metro Start Menu?
  Thanks.

  This is the default behaviour of Windows 8.1 and Windows Server 2012 R2 - there are no programmatic ways to pin shortcuts to the Start screen.
  Here's a way to customise the Start screen layout: http://stealthpuppy.com/customizing-the-windows-8-1-start-screen-dont-follow-microsofts-guidance/
  Here's how to go it with Group Policy: http://www.grouppolicy.biz/2013/06/customising-windows-8-1-start-screen-layout-with-group-policy/
  Note that neither approach will help you pin shortcuts to the Start screen for users that have already logged on, without overwriting their existing preferences.
  Please remember to click "Mark as Answer" or "Vote as Helpful" on the post that answers your question (or click "Unmark as Answer" if a marked post does not actually
  answer your question). This can be beneficial to other community members reading the thread.
  This forum post is my own opinion and does not necessarily reflect the opinion or view of my employer, Microsoft, its employees, or other MVPs.
  Twitter:
  @stealthpuppy | Blog:
  stealthpuppy.com |
  The Definitive Guide to Delivering Microsoft Office with App-V

• RDS 2012 (An Authentication error has occurred 0x607) - WINDOWS 8 ONLY

  Hi - please help. I've read many posts relating to this error, but none have fixed my issue.
  We have an RDS 2012 setup.  2 Servers.  Both session hosts.  only 1 is the broker.  Cert from official CA.
  My authentication is set to ONLY allow devices with Network Level Authority.  I don't want to remove this.
  Windows XP and Windows 7 can connect both internally, and externally via the RDWeb address perfectly fine, but all Win8 machines get the error "An authentication error has occurred. Code 0x607.
  Can anyone please advise why?
  Many thanks

  Hi,
  I have seen other similar cases got resolved by setting the encryption level to low and security layer to Negotiate.
  Here is a thread below:
  An authentication error has occured (Code: 0x607)
  https://social.technet.microsoft.com/Forums/windowsserver/en-US/94780a11-23ba-4a3c-b11a-734007c2d2fd/an-authentication-error-has-occured-code-0x607?forum=winserverTS
  If it is not an option for you, I suggest you check whether the SSL certificate used by RDWeb access is trusted by the Windows 8 clients. There should be a corresponding root CA certificate installed in the Trusted Certification Authorities store.
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]