RDS 2012 issues after disabling SSL 3.0
Hi all, we have Server 2012 R2 RDS infrastructure. I have 2 servers running RD web, gateway, and conn broker using Windows network load balancing. 3 RDSH servers behind them handling user workload.
Last night I disabled SSL 3.0 on both of these servers using the registry key 'Enabled' set to zero in HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server. Servers were rebooted after this change.
I did not disable SSL 3.0 on the RDSH servers yet, but I don't think it matters in this situation because the SSL traffic only passes between the remote computer and the RDGW server, AFAIK.
Today all the remote users were having issues with remote desktop sessions disconnecting them, but they would reconnect after a short time. They all told me this is unusual, normally the connections are quite stable. After I turned SSL 3.0 back on and rebooted,
no more issues, users are happy. Has anyone else experienced this? Is there anything that can be done to stabilize connections while SSL 3.0 is disabled?
Hi,
Thank you for posting in Windows Server Forum.
Did they receive any precise error when SSL3 is disabled?
What’s your client OS and RDP version using for your network?
If you would like to continue with SSL3 disabled you may try to change the RDP Security Layer under Security Layer.
When you are using RD Security Layer you are susceptible to MITM attack because there is no Server Authentication. I suggest you re-enable TLS 1.0 and have a ssl certificate from a public authority set on your RDP-Tcp listener.
You can also refer this article for other information.
Hope it helps!
Thanks.
Dharmesh Solanki
TechNet Community Support
Similar Messages
-
Issues After Disabling IPv6 on Your NIC on SBS 2008
If you uncheck the IPv6 protocol from your network interface card on your Windows SBS 2008 server you may see the following issues after a reboot:
Microsoft Exchange services fail to start
Server hangs at “Applying Computer Settings…” (can eventually logon after 30 – 60 minutes)
Network icons show as offline
Some or all of the following events
Application Log Events
Source: MSExchange ADAccess
Event ID: 2114
Task Category: Topology
Level: Error
Description:
Process MAD.EXE (PID=2088). Topology discovery failed, error 0x80040a02 (DSC_E_NO_SUITABLE_CDC). Look up the Lightweight Directory Access Protocol (LDAP) error code specified in the event description. To do this, use Microsoft Knowledge Base article 218185,
“Microsoft LDAP Error Codes.” Use the information in that article to learn more about the cause and resolution to this error. Use the Ping or PathPing command-line tools to test network connectivity to local domain controllers.
Source: MSExchange ADAccess
Event ID: 2601
Task Category: General
Level: Warning
Description:
Process MSEXCHANGEADTOPOLOGY (PID=952). When initializing a remote procedure call (RPC) to the Microsoft Exchange Active Directory Topology service, Exchange could not retrieve the SID for account <WKGUID=DC1301662F547445B9C490A52961F8FC,CN=Microsoft Exchange,CN=Services,CN=Configuration,…>
– Error code=80040a01.
The Microsoft Exchange Active Directory Topology service will continue starting with limited permissions.
Source: MSExchange ADAccess
Event ID: 2102
Task Category: Topology
Level: Error
Description:
Process MAD.EXE (PID=2088). All Domain Controller Servers in use are not responding: SBS.sbs2008.local
Source: MSExchange ADAccess
Event ID: 2105
Task Category: Topology
Level: Warning
Description:
Process MAD.EXE (PID=2088). Exchange Active Directory Provider failed to obtain DNS records for domain sbs2008.local. DNS Priority and Weight for the Domain Controllers in this domain will be set to the default values 0 (priority) and 100 (weight).
Source: MSExchange ADAccess
Event ID: 2114
Task Category: Topology
Level: Error
Description:
Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=952). Topology discovery failed, error 0x80040a02 (DSC_E_NO_SUITABLE_CDC). Look up the Lightweight Directory Access Protocol (LDAP) error code specified in the event description. To do this, use Microsoft Knowledge
Base article 218185, “Microsoft LDAP Error Codes.” Use the information in that article to learn more about the cause and resolution to this error. Use the Ping or PathPing command-line tools to test network connectivity to local domain controllers.
Source: MSExchangeFBPublish
Event ID: 8197
Task Category: General
Level: Error
Description:
Error initializing session for virtual machine SBS. The error number is 0x80040a01. Make sure Microsoft Exchange Store is running. Also, make sure that there is a valid public folder database on the Exchange server.
Source: MSExchangeTransportLogSearch
Event ID: 7005
Task Category: General
Level: Error
Description:
Microsoft Exchange couldn’t read the configuration from the Active Directory directory service because of error: Failed to load config due to exception: Microsoft.Exchange.Data.Directory.NoSuitableServerFoundException: The Exchange Topology service on server
localhost did not return a suitable domain controller.
System Log Events
Source: Service Control Manager
Event ID: 7044
Task Category: None
Level: Warning
Description:
The following service is taking more than 16 minutes to start and may have stopped responding: Microsoft Exchange System Attendant
Source: Service Control Manager
Event ID: 7022
Task Category: None
Level: Error
Description:
The Microsoft Exchange Transport service hung on starting.
Source: Service Control Manager
Event ID: 7024
Task Category: None
Level: Error
Description:
The Microsoft Exchange Information Store service terminated with service-specific error 0 (0×0).Hi,
Based on your description, it seems to be the same as the following blog.
Issues
After Disabling IPv6 on Your NIC on SBS 2008
Did you mean that encounter the same issue? If so, there is a resolution in that blog, please check if can
help you solve the issue.
If any other issue exists or any update, please don’t hesitate to let me know and provide more details. It
will help me understand clearly.
Best regards,
Justin Gu -
Sql server service wont start after disabling TLS 1.0 and SSL 3.0 on windows
We have been hardening our servers for some time now and recently we disabled SSL 3.0 because of the poodle attack. When I did this on one of our test servers SQL Server failed to start up after the restart.
I have been able to reproduce this on Windows Server 2012 and Windows 7 by disabling TLS 1.0 and SSL 3.0 through the registry. I am using SQL Server 2012 on the server machine. On my windows 7 machine sql server 2012 and sql server 2005 will not start with
those disabled.
These are the event log errors I get:
Application Logs:
(28/10/2014 8:38:54 AM) SQL Server could not spawn FRunCM thread. Check the SQL Server error log and the Windows event logs for information about possible related problems.
(28/10/2014 8:38:54 AM) Could not start the network library because of an internal error in the network library. To determine the cause, review the errors immediately preceding this one in the error log.
(28/10/2014 8:38:54 AM) TDSSNIClient initialization failed with error 0x80090331, status code 0x1.
(28/10/2014 8:38:54 AM) TDSSNIClient initialization failed with error 0x80090331, status code 0x80.
System Logs:
(28/10/2014 8:38:54 AM) The SQL Server (MSSQLSERVER) service terminated with service-specific error %%-2146893007.
(28/10/2014 8:38:54 AM) A fatal error occurred while creating an SSL server credential. The internal error state is 10013.
Done anyone know have we can keep SSL 3.0 and TLS 1.0 disabled and get SQLServer server to start?Hi Don,
I already have TLS 1.0 Disabled to prevent the BEAST exploit. So the values I have for:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS
1.0\Server
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS
1.0\Client
Both have enabled set to ("Enabled"=dword:00000000).
If change both of these back to ("Enabled"=dword:00000001)
to enable TLS 1.0, and restart then SQLServer is able to start again. But we are now vulnerable to the BEAST attack once again.
If I keep server enabled and disable the client or vice versa and restart. Then SQLServer starts but I
am unable to connect to it. When I check the Event logs I get the same errors as my original past.
With your last post, do you mean to backup SCHANNEL and delete it so it gets recreated? If that is the case it will probably work because if I re enable SSL 3.0 or TLS 1.0 from here it fix's the issue, but I then I won't have the exploits patched and
we need this for some of our customers.
This is my SCHANNEL Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client]
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
"Enabled"=dword:00000000 -
RDS 2012 - Connection issues when selecting "This is a private Computer"
We recently cutover our corporate RDS system the Windows 2012 version and it was pretty smooth, only few issue that where resolved quickly. In the last 3 weeks I nave had 4 differnet users working from home on personal WIndows 7 system that
they use to connect to their computer in the office using Windows 2012 RDS telling me that they can't connect any longer. Doing some basic troubleshooting I discovered that if they select the option on the RDS Webaccess page "This is a private computer'
they can't connect to their computer in the office. If they select "This is a public or shared computer" It works fine.
Anyone seen this before???
Joe GomezHello,
Thanks for your response.
1. Windows Server 2012
2. it appears that it is connecting then it times out after about 30-40 second.
3. "Remote Desktop can't connect to the remote computer for one of the these resons:"
Remote access to the server is not enabled.
The remote computer is turned off.
The remote computer is not avalible on the network.
Make sure the remote computer is turned on and is connected to the network and that remote access is enabled.
4. I will try the a non customized RDWEB page.
5. Our users have a range of RDP clinet version, I will make sure that these having the problem are on 6.3.9600
6. Yes they use the Connect to Remote PC feature to connect to a physical PC in the office.
This worked fine in the Windows 2008R2 RDS environment. The new RDS 2012 we started to see this.
Thanks
Joe
Joe Gomez -
I have successfully to installed the RDS 2012 Server R2 per user CAL (5pcs) Open License after is found not allow over two users to remote desktop connection on this Server problem, I try to uninstall the license and then (internet on-line & telephone
call Microsoft Activate Center get the activate key) to reinstall is still same of the result on below problem.
Select a user disconnect so that you can sign in.
There are too many users signed in
User1 Active
User2 Active
() Force disconnect of the userHi,
In addition you can also refer following article for RDL configuration.
RD Licensing Configuration on Windows Server 2012
http://blogs.technet.com/b/askperf/archive/2013/09/20/rd-licensing-configuration-on-windows-server-2012.aspx
Hope it helps!
Thanks.
Dharmesh Solanki
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
How to disable SSL v3 for sun os 5.6 (OAS 4.0.8), I am facing POODLE vulnerability issue?
my Website is hosted on Sun OS 5.06 (OAS 4.0.8) and using web server : Oracle_Web_Listener/4.0.8. Website is configured to use https for secure pages and it was working fine from last 10 years but suddenly i am getting complaints from my customers that they can not browse site on chrome version 40 and above and firefox 34 and above.
I searched for this issue and found that there is POODLE attack which may causing this issue. now the only solution i can see is to disable SSL v3 on server.
Can any help me out with the process or an idea, How to disable SSL V3 on this Olde server? its sun microsystem server.Hi Aamir,
This is old software, been a while since I saw one of these.
Normally when SSL was setup there were two listeners, one with SSL and one without, in a different port, so you could try to find this second port, which may work without any need to change the configuration.
Else, try to check on the OAS manager (Usually on port 8888), the HTTP listener -> WWW -> Network, if there is a setup only for the SSL port, you will need to add a new line, with the same configuration, but a different port and the security disabled.
Also, there may be some setting on the application itself for the url path. If so, when you navigate in the application it will try to redirect you back to the SSL port. In that case you will need to figure out where to change that, which depend on the application itself.
Found this page on google with the process to setup SSL on OAS 4.0, you need to do the inverse of step 5.
WoSign Support: SSL Certificates Installation Instruction - Oracle Web Server (OAS 4.0.8)
Regards,
Luis -
SCCM 2012 R2 - OSD issues after update to CU4
Over the weekend, I updated my SCCM environment from RTM to CU4.
All seems to have gone well, except for OSD
When attempting OSD, I receive the following error:
"An error occurred while retrieving policy for this computer (0x80004005)..."
So, a quick look over at smsts.log and I see the following:
I did some bing'in and googling around for this and found plenty of pages about this error and all pointed to incorrect BIOS times. I checked the BIOS time on the system I was trying to image, and it was correct (including date). Just in case,
I tried two more machines and I had the same issue. Each machine has the correct BIOS date/time as well, so the issue I have doesn't seem related.
... and that brings me here. Does anyone have any insight as to what might be causing the issue?
Thanks!I noticed two thing in your log file that are worth a check:
I noticed a 404 error in your log file that might indicate an issue with some files that can't be found. Check the IIS log file for more information;
I noticed that you're using HTTPS. I've seen weird issues after a CU update in which the distribution point certificate got missing. In that case, check the distribution point properties and update the boot image.
My Blog: http://www.petervanderwoude.nl/
Follow me on twitter: pvanderwoude
I did miss the 404 message... silly me.
This definitely pointed in the right direction. What we found was that it wasn't an issue IIS or the https certificate, but our certificate chain had issues. We cleared out the certificate chain issues and re-installed the MP role. This
cleared the issue immediately.
Thanks Peter for the guidance! -
RDS 2012 (An Authentication error has occurred 0x607) - WINDOWS 8 ONLY
Hi - please help. I've read many posts relating to this error, but none have fixed my issue.
We have an RDS 2012 setup. 2 Servers. Both session hosts. only 1 is the broker. Cert from official CA.
My authentication is set to ONLY allow devices with Network Level Authority. I don't want to remove this.
Windows XP and Windows 7 can connect both internally, and externally via the RDWeb address perfectly fine, but all Win8 machines get the error "An authentication error has occurred. Code 0x607.
Can anyone please advise why?
Many thanksHi,
I have seen other similar cases got resolved by setting the encryption level to low and security layer to Negotiate.
Here is a thread below:
An authentication error has occured (Code: 0x607)
https://social.technet.microsoft.com/Forums/windowsserver/en-US/94780a11-23ba-4a3c-b11a-734007c2d2fd/an-authentication-error-has-occured-code-0x607?forum=winserverTS
If it is not an option for you, I suggest you check whether the SSL certificate used by RDWeb access is trusted by the Windows 8 clients. There should be a corresponding root CA certificate installed in the Trusted Certification Authorities store.
Best Regards,
Amy
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
Users see all applications in RDS 2012 Web access in one-way trust domain environment
Hello!
We have RDS 2012 deployment in domainA.local. There is a one-way trust between domainA.local and domainB.local: A trusts B and B doesn't trust A.
A user from domainB.local authenticates in Web-access interface (wa.domainA.local) and sees
every published application in every collection in the deployment independently of UserGroups setting of collections and applications. This occurs for any domainB user.
In the security log of wa.domainA.local we can find an event :
An account failed to log on.
Subject:
Security ID: IIS APPPOOL\RDWebAccess
Account Name: RDWebAccess
Account Domain: IIS APPPOOL
Logon ID: 0x2C7B16
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name:
Account Domain:
Failure Information:
Failure Reason: An error occurred during logon
Status: 0xC000005E
Sub Status: 0x0
Also in network trace on wa.domainA.local kerberos error could be found:
On TGS-REQ for krbtgt/[email protected] there is an answer: KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN (7), server name krbtgt/domainB.
How to deal with this issue? The aim is to show only specified applications to domainB users.
Any help would be appreciated.Hi,
Thank you for your posting in Windows Server Forum.
Please check below links might useful for your case.
“After adding the RDS server’s computer account to the Builtin Windows Authorization Access Group domain group, the RemoteApp icons displayed perfectly.” (Quoted from
this article)
1. Remote APP list empty
2. RD
Web Access unable to access Source (RD Server)
In respect to Kerberos Error, refer this link for troubleshooting.
1. Troubleshooting Kerberos Authentication problems – Name resolution issues
2. Kerberos Authentication problems – Service Principal Name (SPN) issues - Part 2
Hope it helps!
Thanks,
Dharmesh -
Hi,
I have set up an RDS 2012 R2 deployment for internal use. I plan to add a gateway server cluster for external access later (RDGW). That cluster will be placed in DMZ and use a public wildcard cert. It will connect external users to the farm. Internal or
Direct Access (DA) users will use the Web Access servers to connect internally in the corp. LAN.
For now, i have the following setup. Web Access role on 2 servers with DNS RR (RDWA). 2 clustered Connection Broker servers (RDCB), two Session Hosts (RDSH) and one licesning server. So a total of 7 servers (+ 2 GRGW servers in DMZ that are not set up
yet).
So, the issue is; I need to set up certificates. We have a CA in an AD top domain (our site is a sub.domain.com). We do not have access to that CA and need to order certs. from our corp. HQ. Ok, but what do i ask for? I need 3
DER encoded binary X.509
certs. That's the info i have. How can create a cert. request? See pictures below.
This posting is provided "AS IS" with no warranties or guarantees and confers no rightsHi,
Thank you for your posting in Windows Server Forum.
Can you exactly let us know which certificate you want for your network (Self-signed or SSL)?
As per my suggestion you can use wildcard or SAN certificate for your network which can be used for external network also.
If you want Self-signed certificate for internal use, you can create the certificate from Deployment properties of RDS page or IIS Manager as per below path.
IIS Manager>Server Certificate>Create Self-Signed Certificate>Export the certificate on specified location then select the certificate in RDS installation process.
But see that, the certificate is installed into computer’s “Personal” certificate store with its corresponding private key & it’s added under trusted root certificate authority.
Please check below articles for detail.
1. Certificate Requirements for Windows 2008 R2 and Windows 2012 Remote Desktop Services
2. Configuring RDS 2012 Certificates and SSO
3. Minimum Certificate Requirements for Typical RDS implementation
Hope it helps!
Thanks.
Dharmesh Solanki -
RDS 2012 R2 Separate Session Collection Behavior
Hi everyone! I should start by saying that I've found a number of threads which are semi-related to this topic, but they just don't seem to address my particular complaint. I'm not sure if this is a bug, a configuration error on my part, or if
it is expected behavior (which would be unfortunate for my intended use cases).
The issue is that I need to provide two separate collections of RemoteApps, and I only want the collection appropriate to the logged-in user to be displayed in Web Access (or in the feed, for that matter). One collection includes an expansive set of
RemoteApps, and the other collection includes a limited subset of those published in the first.
Now, I know that a SH can only belong to one session collection. That makes sense, and in my case, I wouldn't want it any other way. It offers better separation between the user environment intended for use by employees, and the user environment
intended for use by non-employees, which is a bit more restrictive. (Those are the actual purposes of the two collections described earlier.) So far, so good. Now, it seems to me like every other role beside the SH role should be able to
do its job for all collections. What other purpose could the concept of a "Collection" possibly serve, after all? If I had to stand-up Connection Broker, Web Access, Gateway, and Session Host for every collection of RemoteApps, then there
wouldn't need to exist any concept in RDS 2012 R2 called "Collections". So, I figured that Connection Broker, Web Access, and Gateway could serve all collections, and Session Host is of course limited to serving one single collection. And,
I guess, that's largely the way it works, with one exception.
My issue is that in Web Access, all RemoteApps from all published RemoteApp collections are presented to every user who has access to one collection OR the other, despite my best intentions of having provisioned each collection with seprate user group assignments
using two separate AD groups. I don't want to advertise all RemoteApps from all collections in the Web Access namespace! To me, the presence of "User Group" configuration at both the Collection level and at the RemoteApp level implies
that there is some user group filtering going on, but so far that's looking like a false assumption. Why would the RemoteApp list in one collection bleed into the RemoteApp list in the second collection? Why would I want the users of one collection
to see the applications of the other, even when they're not going to be able to launch them anyway?
Does anyone have anything to add to the equation? Is there something I'm missing? Thanks ahead of time.This is now resolved. There is obviously some additional configuration necessary in some relatively odd places when you want your RemoteApp collections to work as advertised. I hope this thread can help others in that regard.
The relevant (error) event generated for each "populate list of RemoteApps for Web Access" process (refreshing the web access portal was my test case), when my IIS application pool is provisioned by the new AD account is Event ID 10, Source: RDWebAccess.
In the body, it says "[...] unable to access rdcb1.[local]" and suggests that the RD Web Access server needs to be added to the TS Web Access Computers security group on the connection broker. However, that was obviously already the case.
Although not 100% correct in its suggested resolution, this error was helpful, because it shows that the break is occurring when Web Access tries to populate RemoteApps, and is shows that the break is occurring en-route to the CB server. So, I added
the new service account (for the Web Access application pool identity) to the Administrators group on the server with the CB role, and all is now resolved. I now have two separate collections, the list of each appearing for the appropriate user scopes,
but not for both user scopes like before.
Obviously, adding an account as an administrator fixes a lot of access related things very easily, but it is probably not the least-privileged way of doing things. To that end, I'd like to know the least privileged way, but can certainly live with
this much improved functionality as-is.
Thanks for all your help, Razwer. -
RDS 2012 R2 RemoteApp Server Name Mismatch
Hi All,
I wonder if someone can scratch my head on this.
Brand new RDS 2012 R2 deployment.
RDS01 with Connection Broker and Session Host Roles installed
RDS02 with Web Access and Gateway roles installed
one ssl certificate with one domain remote.mycompany.com
the certificate have been imported to all the servers via the Edit Deployment
the local domain is mycompany.local
the problem that i am having is that when i launch RemoteApp after login in the remote.mycompany.com externally, i get Certificate mismatch, because it is contact the local name of the Session host server RDS01.
What i tried so far.
Used the Set-PublishName (http://gallery.technet.microsoft.com/Change-published-FQDN-for-2a029b80) without success
Try to configure RDS01 certificate via (http://ryanmangansitblog.wordpress.com/2013/03/10/configuring-rds-2012-certificates-and-sso/)
Check Any resources ( http://social.technet.microsoft.com/Forums/en-US/d1b0ebe4-9e53-47ff-8c75-43fd91ff538a/windows-2012-rds-certificate-mismatch?forum=winserverTS)
Has anybody out there could shade me some knowledge in how to rectify the mismatch name warning.
Thanks
EltonHi -TP,
Answering your queries.
1_the Set-RDPublishedName was successful, restarted the servers, refreshed the RDWeb page externally, tried to connect unsuccessfully.
2_I am using externally windows 8 and internally 7 fully updated
3_it had the green successful message.
After, set-rdpublishedname command, i get an erro when try to connecting saying, RemoteApp Disconnected.
Error:
Remote desktop cant connect to the computer "remote.mycompany.com"
1)Your user account is not listed in the RD Gateway Permission ( not true, it was set for domain users and my test user is under that group)
2)you might have specified the remote computer in netbios format or ip
Do you reckon i am having this problem because the RDS01 with Connection Broker and Session Host Roles installed?
Cheers
Elton -
Hopefully someone has come across this before...
We have configured a 2012 R2 server with Hyper-V and RDS for a VDI deployment. Our golden image is Windows 7 SP1 Enterprise (32-bit) and is giving us issue after issue when we try to create a collection. Basically, we receive one of two errors:
1. If we do not update the Integration Components, we receive an error when creating the collection stating that they are not up to date and the collection is created, but the VMs are not (so it's useless).
2. If we do update the IC, then sysprep will not work properly (after sysprepping the image it restarts and goes right into Windows or shuts down and looks OK, but when attempting to create the image the wizard says that it has not been "sysprep
generalized"). We have tried performing the sysprep in and out of audit mode as well as stepping into it by doing a reboot into OOBE and then generalizing, etc.
To sysprep we are using the following command (and multiple iterations of the order of the switches):
sysprep /oobe /shutdown /generalize
Any assistance or tips would be appreciated!
Thanks in advance!Hi,
Thank you for posting in Windows Server Forum.
From your description appears that there is some configuration issue during creating an image and manage that image for VDI. There is step by step article which can get you through for your case. Please follow the article and recheck all the related steps
Single Image Management for Virtual Desktop Collections in Windows Server 2012
http://blogs.msdn.com/b/rds/archive/2012/10/29/single-image-management-for-virtual-desktop-collections-in-windows-server-2012.aspx
Step-By-Step: Deploying Virtual Desktops with Windows Server 2012
http://blogs.technet.com/b/canitpro/archive/2013/04/25/step-by-step-deploying-virtual-desktops-with-windows-server-2012.aspx
Hope it helps!
Thanks.
Dharmesh Solanki
TechNet Community Support -
Apple Mail 8.2 disables SSL to POP3 server (Securityrisk)
Hi,
Setup
Computer:
OSX 10.10.2
Mail 8.2 (2070.6)
Mail server A
POP3 port 995 SSL
(Non SSL - port 110 - is disabled due to security reasons)
Mail server B
POP3 port 110
POP3 port 995 SSL
Summary
OSX Mail client removes SSL support on non regular intervals for POP3 connections. For the connections that support regular non SSL POP3 (port 110) this reduces the security, but the mail is available. This was noticed by me because one ISP has locked down their POP3 server to SSL only due to security reasons. After reenabling SSL on the connection (Mail -> Preferences -> Accounts -> Account in question -> Advanced) the connection remains with SSL support for a while, then it is removed again. As OS X Mail has no token to identify SSL or regular port 110 connection this is transparant to the user, unless the server does not support regular POP3, at which time a error is generated.
Comments
1) This seems to be a security related issue with mail where OS X mail downgrades from SSL connection to regular port 110 POP3 traffic
2) If corrected the connection is downgraded again within a couple of days, if not sooner.
3) Connections to POP3 servers supporting port 110 are "unaffected" with the exception of the security issue of a downgrade
4) Connections to POP3 servers that only support SSL - port 995 - are not able to complete until SSL has been reenabled manualy.
5) Downgrade bug has been seen only on my machine, so it might not be something mainstream. Machine is updated to latest patches.
Questions
1) As this has only been observed on my machine, has anybody else seen this POP3 SSL downgrade bug?Same problem. The following information is from Symantec:
To disable SSL\TLS
Open Apple Mail.
Click the Mail menu and select Preferences.
Select your mail account on the left under Accounts, then click the Advanced tab.
Confirm the check box labeled "use SSL" is not checked next to ports. If necessary remove the checkmark.
Click the Account Information tab and select Edit Server list from the drop down next to Outgoing Mail Server.
Click the Advanced tab and confirm there is not a checkmark next to Use Secure Socket Layer(SSL).
Click OK and close the accounts. Window and choose to save.
Click Save to update your settings.
Restart Apple Mail.
This does work for a while but eventually Mail reverts to enabling Use SSL and disabling Allow Insecure Authentication but only one some of my addresses but not all. Some accounts POP logs-in but not SMTP. -
RDS 2012 Deplyment RDG crashing
Hi All,
I hope someone out there can help us. We have a RDS 2012 deployment with the following configuration (.N.B. all servers are VMs on vSphere 5.5 Enterprise and brand new Dell servers and we have zero network issues as these have been fully checked several
times)
2 x RD Connection Brokers (2012 R2)
2 RD Licence Servers (2012 R2)
1 x RD Web Access (2012 R2)
1 x RD Gateway server (2012 R2)
2 x Session collections, one with 10 Session Hosts and one with 4 session hosts (all session hosts are 2012, not R2)
We are experiencing a very very strange situation where the RDG simply stops procession connections randomly. there are absolutely no errors, warnings or critical events logged in ANY of the event logs (and we have trawled through every single one of them!(and
the service does not stop or crash in the traditional sense. we also cannot launch the gateway manager console when this happens. if we restart the service then all is fine and users can reconnect. we have even replaced the gateway with a brand new box and
the issue still prevails. All clients that connect through the RDG are a minimum on Windows 7 and have at least RDP 8.0 installed
Has anyone else seen this? it is becoming a real issue for us and people are losing faith, as they doHi Richard,
Thank you for posting in Windows Server Forum.
Have you installed any anti-virus software? Please try to disable the antivirus software to see if same issue exists. Also you can check with Performance monitor and see whether you can find anything useful part for further troubleshooting. In addition, please
check the server & PC’s NIC and other driver (If facing issue with remote connection), whether it’s compatible and updated to latest version.
Hope it helps!
Thanks.
Dharmesh Solanki
TechNet Community Support
Maybe you are looking for
-
Data Transfer to CRM 5.0 to BW 3.5
Hi friends I am working on SAP BW 3.5.My Requirement is to get the Data from SAP CRM 5.0 to SAP BW 3.5 for Marketing and Sales Analysis,in that - Campaign Lead
-
Yesterday my autistic daughter was using my phone, as she often does. Some things got deleted. I went to do a restore and it showed the last backup was 4/1/14. My phone auto synced at 10:51 AM on 4/3/14. I had to leave, and when I came back itunes
-
Problem while using HTTP Client
Hi, We are working on a HTTP-XI-SOAP synchronous scenario. When we test the interface through test tool in RWB, it is working fine. But when we tried the same using SAPPIHTTPClient, we are getting error in SXMB_MONI: <SAP:Code area="HTTP">ADAPTER.HTT
-
Please can you help. Within ABAP you can go into SMLG and configure logon groups so you can separate user groups to particular application instances. I would like to do the same within NW Portal and CE. We have external and internal users accessing
-
Import Documents via Powershell from CSV
Hey guys, I have a CSV, managing metadata of documents, with following columns: WEB, DocLib, DocPath DocPath is the file location of the corresponding documents. Web+DocLib the target destination on Sharepoint. How can I import these documents to th