RDS 2012 R2 best design possible with wildcard certificate

Similar Messages

• What is the best design tablet with stylus to have an easy interface with Adobe Photoshop?

         What is best design tablet with stylus for use with Adobe Photoshop for this holiday seasons offering 2013?
  I am trying to find a tablet with good stylus  to work with Adobe Design products primarily Photoshop. I would like one that worked in layers with photoshop.
  The folks a Wacom don't even answer the phone just a recorded message go to the web site with questions.  Not a good sign for a company. So what is a good design tablets for pressure sensitive stylus? Will wacom cintiq tablet interface well with Apple Imac IOS 10.8?
  I love my Samsung note 3 but it will not easily transfer images to apple Imac 10.8.
  Please help me find tablets with good adobe design interface?  Just tell me which way to jump. It is easier to leave Apple for PC or Android  than to abandon Adobe knowledge. The products have to work together.
  Does wacom Cintiq not embrace an easy interface with Apple  Imac IOS 10.8 latest software. Wacom seems to be championing Windows 8 as a companion to their tablet interface.
  Can an Ipad deliver good layered designs using adobe software design programs and a stylus?
  What should I buy for an Adobe design tablet with pressure sensitive stylus for ths Holiday Season? 
  Should i wait until next year?
  Will the tablet work in  Photoshop layers?
  this link seemed ominus
  http://forums.adobe.com/message/4950467

  subhash007 wrote:It's not 802.3ad link aggreagated interface. In the switch side, the ports will be configured as normal access ports and the bonding config will be done on the server side.
  To be honest, I don't understand how the Linux bonding mode can work without anything configured the other end.
  My understanding of 'bonding' comes from Multilink PPP (MLP) where the data stream is chopped up and split across two (or more) circuits. At the other end, a similar MLP-enabled device reforms the data stream from the multiple circuits, maintaining packet order. But this requires MLP-enabled 'bonding' devices at each end.
  Perhaps you could help me better understand the Linux bonding...
  subhash007 wrote:If any single homed server is connected to Switch 2, what will be traffic path for its data packets?Switch 2 ------------------> Switch 1 ----------------------> Active firewall                                   ORSwitch 2 ------------------> Passive Firewall -----------> Active Firewall
  If the firewalls operate in the same fashion as Cisco ASAs, then the inter-firewall link doesn't carry traffic. It's for failover detection and HTTP replication only. But like I said, I'm not familiar with this vendor's products.
  subhash007 wrote:Also will there be any change in traffic path if the trunk between Switch 1 & Switch 2 is converted to L3 routed interface? Since there is no VRRP, i can convert the trunk to L3 right?
  Same as above.

• RDS 2012 - Using a reverse proxy with the Gateway server on the internal LAN

  Hi there,
  I'm looking to introduce an RDS 2012 farm and would like to put the RDS Gateway server on the internal LAN (due to it's AD requirements etc).
  What are the best practise options for using a reverse proxy to forward traffic to the gateway server and is it better to do this than just forward 443 traffic from the DMZ through to the Gateway directly?
  Thanks,
  Paul.

  Hi Paul,
  It is generally considered more secure to have a reverse proxy in front of RDG.  I don't know of a proxy that will handle the RDG UDP traffic, so you will need to consider using direct server return for that or not having the benefit of UDP.  Whether
  or not it is acceptable to simply forward TCP 443/UDP 3391 directly to your internal RDG is up to your security policies.  Many companies are fine with it while many other companies think it is unacceptable and require a reverse proxy or other method
  to provide an extra layer of protection.
  -TP

• Problem: Mixed Exchange 2007 / 2013 CAS Servers with wildcard certificates in Europe and non-wildcard Certficate in China

  Hi,
  we have following problem. We have a mixed multi-domain one-forest AD environment. We also have still a mixed exchange 2007 / 2013 environment. We also have different CAS Servers for 2007 SP3 (RU15) and 2013 (CU8) in europe and one 2007 SP3 (RU15) CAS Server
  in China, because of bad connection to Europe. For the Migration to 2013 in Europe we installed a wildcard-certificate *.xyz.com and used the Set-OutlookProvider EXPR -CertPrincipalName msstd:*.xyz.com, so the wildcard certificate is accepted. Everything in
  Europe works fine, inside and outside also between exchange 2007 and 2013 (both CAS Server 2013 and 2007 use the same wildcard certificate). But since the change of the Set-OutlookProvider EXPR we are facing problems with our CAS Server in China, because this
  server has a different non-wildcard certificate and a different domain name (cas-server.xyz-china.com instead xyz.com). Now we have the problem that this Chinese CAS server the Outlook Anywhere does not work anymore and prompts always for the username. As
  I see it is because of the EXPR change. Is it possible to set the the Outlook-Provider EXPR per Cas-Server ? (They also have their own Autodiscover on this front-end server). Because I see that the Outlook-Provider can only be stored forest-wide.
  If not the other solution would be to register the chinese cas server in our xyz.com domain and use the same wildcard certificate on this system right ?
  Any help would be appreciate….

  Yes setting the EXPR value is most likely the cause of your issue.  When you set this value you are telling Outlook to only accept connections from connections that have the cert with the subject name you specify here.
  Unfortunately, based on my experience I believe this is an organization wide setting and cannot be configured on a CAS by CAS basis (If I'm wrong someone please keep me honest :)).  
  So the only option would you have is to change all the URLs to be on *.xyz.com domain.  There's no need to change the domain the server actually resides on.  The other option would be to purchase a UCC Cert with all the names you need and apply
  to all your CAS servers and reset the EXPR value. 
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread

• Pop imap with wildcard certificate

  Hello , 
   WE Have a wildcard certificate to certificate to the clients and we have a problem with pop and imap logon .
  this only run when you put :
  set-POPSettings -X509CertificateName nameserver
  set-IMAPSettings -X509CertificateName nameserver 
  if you put:
  set-POPSettings -X509CertificateName mail.domain.com
  set-IMAPSettings -X509CertificateName mail.domain.com
  dont run.
  any advice ? 
  must remove any autosignal certificate 
  any trick?
  Thanks.
  mcse 200x + mesaging 2000 2003 2007 2010

  No error when you put the command , POp3 and imap is only for internal access , login error only when you try access by pop3 to the server.
  this only run when you put :
  set-POPSettings -X509CertificateName nameserver
  set-IMAPSettings -X509CertificateName nameserver 
  if you put:
  set-POPSettings -X509CertificateName mail.domain.com
  set-IMAPSettings -X509CertificateName mail.domain.com
  try access by pop3 client and dont run.
  Thanks
  mcse 200x + mesaging 2000 2003 2007 2010

• Best Buy exchange with rewards certificate issue

  Hi,
  I have been a loyal customer of Best Buy over the years and go out of my way to shop there for my electronics. I hope someone can assist me with my problem. Below I have given a brief synopsis of what is going on. Thank you for your time.
  On 01/10/15 I purchased a Bose headset using some of my best buy rewards certificates and the rest of the balances on my credit card. I forgot to use a $50.00 gift card that I had received, towards the purchase that day. On 01/13/15 I returned to the same store to ask that the receipt be credited and re rung so I could apply my $50.00 gift card. The customer representative advised that since I used best buy rewards certificates I would not be able to do the exchange since the rewards take 8 days to return to my account. I asked if the rewards could just go onto a best buy gift card and he stated they were not able to. I had no intention of returning my item; all I wanted was to get the $50.00 gift card applied to my receipt. Instead I was forced to return my headset and now wait 8 days to then repurchase the same headset in order to be able to use my best buy rewards certificates plus my $50.00 gift card. I find it ironic that best buy is willing to take in a returned item (never intended for return), make customers wait 8 days, and then have the customers travel back to the store to buy the same item over again just to be able to use their rewards certificates that were returned.
  I did advise the customer service representative of how absurd the process is and he stated “I know I’ve been dealing with it for the entire holiday season but this is the only way it can be done.”   Best Buy should really take a step back and look at this process since they are incurring a loss on the returned product and the overall poor customer experience.
  Thank You

  Hi jonchiarito,
  Thank you for signing up for the forum and connecting with us.
  I can imagine feeling frustrated after hearing that your certificates would be returned to your My Best Buy™ account, which may cause you to have to make another trip to the store to redeem them.  The only way we could have applied the $50 gift card to your existing purchase is to process a return and repurchase, which would cause the certificates point value to repost to your account.  Since certificates have no actual monetary value, they cannot be put onto a gift card.
  It can usually take between 3 - 6 business days for a certificates point value to repost to a member's account following a return, and it pretty common for the point value to repost the same day that a return is processed.  I looked over your My Best Buy™ account using the email address you registered with the forum, and from what I can see, the point value for the certificates you redeemed reposted to your account yesterday following the return.  It may take 24 hours for your account to update though.
  If after 24 hours you for some reason are unable to access those points or if you have any other program related questions, then do not hesitate to send me a private message and I will see what I can do to further assist.  You can send a private message by clicking on the blue button in my signature labeled "Private Message."  Also, please feel free to post any ideas or suggestions you have to the IdeaX section of the forum.
  Returns When a My Best Buy™ Certificate was Used
  I hope you enjoy the rest of your day.
  Derek|Social Media Specialist | Best Buy® Corporate
   Private Message

• RDS 2012 - No Wildcard Certificate

  Hi all,
  I will be using indivisual certificates per component so I will have a certificate for broker.domain.com, gateway.domain.com and [email protected] These will be used from within the RDS console to deploy the certificates to the componenets.
  My question is, do I need to do anything else for the RDS Session Host servers (or will the use the certificates above)? Will i need a certificate per server and if so does it need to be in the format SessionHost1.domain.com?
  Thanks.

  Hi,
  Thank you for posting in Windows Server Forum.
  As per my research, I can say that if you have less server than you can follow the same procedure of certificate and can use that. But personally if you have more server then suggest you to purchase wildcard certificate for your environment. Because with wildcard
  certificate you just need to purchase one certificate and can use for your installed roles.
  Please check below article for more details.
  Certificate Requirements for Windows 2008 R2 and Windows 2012 Remote Desktop Services
  http://blogs.technet.com/b/askperf/archive/2014/01/24/certificate-requirements-for-windows-2008-r2-and-windows-2012-remote-desktop-services.aspx
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support

• RDS 2012 R2 RemoteApp Server Name Mismatch

  Hi All,
  I wonder if someone can scratch my head on this.
  Brand new RDS 2012 R2 deployment.
  RDS01 with Connection Broker and Session Host Roles installed
  RDS02 with Web Access and Gateway roles installed
  one ssl certificate with one domain remote.mycompany.com 
  the certificate have been imported to all the servers via the Edit Deployment
  the local domain is mycompany.local
  the problem that i am having is that when i launch RemoteApp after login in the remote.mycompany.com externally, i get Certificate mismatch, because it is contact the local name of the Session host server RDS01.
  What i tried so far.
  Used the Set-PublishName (http://gallery.technet.microsoft.com/Change-published-FQDN-for-2a029b80) without success
  Try to configure RDS01 certificate via (http://ryanmangansitblog.wordpress.com/2013/03/10/configuring-rds-2012-certificates-and-sso/)
  Check Any resources ( http://social.technet.microsoft.com/Forums/en-US/d1b0ebe4-9e53-47ff-8c75-43fd91ff538a/windows-2012-rds-certificate-mismatch?forum=winserverTS)
  Has anybody out there could shade me some knowledge in how to rectify the mismatch name warning.
  Thanks
  Elton

  Hi -TP,
  Answering your queries.
  1_the Set-RDPublishedName was successful, restarted the servers, refreshed the RDWeb page externally, tried to connect unsuccessfully.
  2_I am using externally windows 8 and internally 7 fully updated
  3_it had the green successful message.
  After, set-rdpublishedname command, i get an erro when try to connecting saying, RemoteApp Disconnected.
  Error:
  Remote desktop cant connect to the computer "remote.mycompany.com"
  1)Your user account is not listed in the RD Gateway Permission ( not true, it was set for domain users and my test user is under that group)
  2)you might have specified the remote computer in netbios format or ip
  Do you reckon i am having this problem because the RDS01 with Connection Broker and Session Host Roles installed?
  Cheers
  Elton

• RDS 2012 The WinRM service failed to create the following SPNs: Additional Data The error received was 1355

  Hi,
  I have RDS 2012 session deployment in Azure with connection broker high availability.
  The "Remote Desktop Management" service does not start automatically when the connection broker virtual machines are stopped and started.
  I see the below error in event logs of both the connection broker VMs
  Note: WHen i manually start the "Remote Desktop Management" service after this error, it all works without issues.
  I get 
  Error ID 46 - Crash dump initialization failed!
  Warning 10154 - in Microsoft-Windows-Windows Remote Management
  The WinRM service failed to create the following SPNs: 
   Additional Data 
   The error received was 1355

  Hi,
  Thank you for posting in Windows Server Forum.
  In respect to error 46, this issue may occur if the computer boots without a configured dump file. The default dump file is the pagefile. During a clean Windows OS installation, the very first boot will hit this condition as the pagefile has not been set up
  yet. 
  To resolve this issue, you may want complete the paging file configuration.
  More information:
  Event ID 46 logged when you start a computer
  http://support.microsoft.com/kb/2756313/EN-US
  In regards to error 10154, you need to create the SPN specified in the event using the
  setspn.exe utility and also need to grant the “Validated Write to Service Principal Name” permission to the NETWORK SERVICE.
  For more information refer beneath articles.
  Event ID 10154 — Configuration
  http://technet.microsoft.com/en-us/library/dd348559(v=ws.10).aspx
  Domain Controllers Warning Event ID: 10154
  http://srvcore.wordpress.com/2010/01/02/domain-controllers-warning-event-id-10154/
  Hope it helps!
  Thanks,
  Dharmesh

• VPN Cluster and Wildcard Certificate

  Hi,
  I am setting up a VPN cluster with three ASA boxes and i am wondering if anyone has any experience using a wildcard certificate with this kind of setup.
  I am done with the setup and everything works fine, but as my initial setup (and the doc i have been reading) shows, the client first connect to:
  cluster.domain.com
  Then the master returns the address or fqdn (i am using fqdn) of the least busy asa in the cluster:
  vpn01.domain.com
  or
  vpn02.domain.com
  or
  vpn03.domain.com
  Thus i would need 4 certificates to meet my needs. The cluster.domain.com certificate also must be present on all 3 boxes, because the cluster ip is configured on all boxes, and the master role is shifted if one of the boxes fail.
  Because of this i thought it would be a good idea to use 1 wildcard certificate (*.doman.com) on all boxes and avoid the hassle.
  Any experience or recommendations?
  BR,
  /K

  Hello Kenneth,
  It was working for version before 9.
  On ASA9 you even can not install wildcard certificate to manage ASA via ASDM, so i guess vpn loadbalancing with wildcard certificate will not work either (but i have not tested that).
  And it's not a bug - it's a feature - it's a security device and wildcardard certificates are strongly discouraged
  Michal

• Best practice for RDGW placement in RDS 2012 R2 deployment

  Hi,
  I have been setting up a RDS 2012 R2 farm deployment and the time has come for setting up the RDGW servers. I have a farm with 4 SH servers, 2 WA servers, 2 CB servers and 1 LS.
  Farm works great for LAN and VPN users.
  Now i want to add two domain joined RDGW servers.
  The question is; I've read a lot on technet and different sites about how to set the thing up, but no one mentions any best practices for where to place them.
  Should i:
  - set up WAP in my DMZ with ADFS in LAN, then place the RDGW in the LAN and reverse proxy in
  - place RDGW in the DMZ, opening all those required ports into the LAN
  - place the RDGW in the LAN, then port forward port 443 into it from internet
  Any help is greatly appreciated.
  This posting is provided "AS IS" with no warranties or guarantees and confers no rights

  Hi,
  The deployment is totally depends on your & company requirements as many things to taken care such as Hardware, Network, Security and other related stuff. Personally to setup RD Gateway server I would not prefer you to select 1st option. But as per my research,
  for best result you can use option 2 (To place RDG server in DMZ and then allowed the required ports). Because by doing so outside network can’t directly connect to your internal server and it’s difficult to break the network by any attackers. A perimeter
  network (DMZ) is a small network that is set up separately from an organization's private network and the Internet. In a network, the hosts most vulnerable to attack are those that provide services to users outside of the LAN, such as e-mail, web, RD Gateway,
  RD Web Access and DNS servers. Because of the increased potential of these hosts being compromised, they are placed into their own sub-network called a perimeter network in order to protect the rest of the network if an intruder were to succeed. You can refer
  beneath article for more information.
  RD Gateway deployment in a perimeter network & Firewall rules
  http://blogs.msdn.com/b/rds/archive/2009/07/31/rd-gateway-deployment-in-a-perimeter-network-firewall-rules.aspx
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Cidway with RDS 2012 R2

  Hi,
  We want to run two factor login for RDS 2012 R2 web by using cidway, is this possible?

  Hi,
  Thank you for your posting in windows Server Forum.
  You can use 2 factor authentication for RD Web with RD gateway setup on your network, so that you can work seamlessly and can enjoy the function of RD gateway pluggable authentication. For that you on client system you can install new RDP 8.1 and enjoy full
  feature. 
  What's New in Remote Desktop Services for Windows Server 2012 R2
  Customizing RD Gateway authentication and authorization schemes
  In addition, you can also refer below thread.
  RDS 2012 2 Factor Authentication
  For 3rd party authentication, you need to contact their customer support whether they support the feature to access with Windows Server feature or not.
  Hope it helps! 
  Thanks,
  Dharmesh

• RDS 2012-PUBLISING REMOTEAPPS WITH VIRTUAL DESKTOP SESSION

  Hello,  I deployed a RDS 2012 VIRTUAL DESKTOP SESSION FARM.
  Is it possible publish a REMOTEAPPS with Virtual Desktop Session?, I only find information with Remote Desktop Session
  Thanks
  Regards

  Hi,
  Seems this is not the possible scenario for deployment, we need to have Session based deployment as both virtual desktop session and session based deployment differs from other.
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Is it possible to uninstall IE 11 from Windows Server 2012 R2 and replace it with the latest version of IE 10?

  Is it possible to uninstall IE 11 from Windows Server 2012 R2 and replace it with the latest version of IE 10? We have a remote desktop farm setup with 2012 R2 servers and we are publishing some web links that only work with IE10. As a result, we need to
  downgrade the remote desktop servers to IE10. I have a feeling that this isn't possible, but if I could get a definitive answer, I would greatly appreciate it, thank you!

  Hi,
  Agreed with DonPick.
  Internet Explorer 11 is preinstalled with Windows 8.1 and Windows Server 2012 R2.
  More information regarding Internet Explorer 11, please check:
  Internet Explorer 11 - FAQ for IT Pros
  http://msdn.microsoft.com/en-us/library/dn268945.aspx
  Best regards
  Michael Shao
  TechNet Community Support

• URL problems with SQL Server Reporting Services 2012 with wildcard SSL certificate

  Hi,
  I have single server, domain member, with SQL Server 2012 SP1 Reporting Services.
  I am trying to get work with url: https://reports.mydomain.com
  I have valid wildcard certificate (*.mydomain.com) implemented and configured URLs in Configuration Manager.
  https://reports.mydomain.com/ReportServer - works fine
  https://reports.3pro.hr/Reports/ - I got error:
  The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
  In rsreportserver.config I have:
  <Add Key="SecureConnectionLevel" Value="2"/>
  When looking my ReportServerService_date.log file I have something like:
  configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using report server internal url https://localhost:443/ReportServer.
  configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using report server external url https://serverhostname:443/ReportServer.
  configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using url root https://reports.mydomain.com/ReportServer.
  configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using report server internal url https://localhost:443/ReportServer.
  configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using report server external url https://serverhostname:443/ReportServer.
  configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using url root https://reports.mydomain.com/ReportServer.
  Also, error shown in log file:
  appdomainmanager!ReportManager_0-2!4c50!03/10/2013-20:24:53:: e ERROR: Remote certificate error RemoteCertificateNameMismatch encountered for url https://localhost/ReportServer/ReportService2010.asmx.
  ui!ReportManager_0-2!4c50!03/10/2013-20:24:54:: e ERROR: System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException:
  The remote certificate is invalid according to the validation procedure.
  Btw, is there a way to delete/disable access using https://localhost and/or servername (not FQDN) since SSL will not work in this way for me, and I want access only by full url - https://reports.mydomain.com , not localhost ..
  -- Hrvoje Kusulja

  I spent one of my 4 free support incidents with Microsoft (part of MSDN subscription) this year to get this investigated.  The tech support person helped me through several issues but had to leave to attend some training, and I got past the last hurdle
  before she called me back.  Here are the steps that resolved this issue for me.  I know for sure that step 5 was necessary.  Step 1 may not apply to you, and steps 2-4 may or may not have been necessary (they didn't immediately fix the issue,
  but I didn't roll them back either so they may have been necessary.)
  Step 1:
  Ensure you are editing the correct rsreportserver.config file.  I had been making changes to a file that was installed in C:\Program Files\Common Files\microsoft shared\Web Server Extensions\14\WebServices\Reporting, but that was a rsreportserver.config
  file for some sharepoint integration that I'm not using.  The correct path on my system was E:\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\rsreportserver.config, but yours may vary. If you can't figure it out, look in the registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft
  SQL Server\MSRS11.MSSQLSERVER\Setup in the key named SQLPath, and then go to the ReportServer subdirectory of that path.
  Step 2: 
  In rsreportserver.config, ensure that SecureConnectionLevel is set to the value 3.  Was set to 0 in my configuration.  Corrected line in your rsreportserver.confiog file should look like:
  <Add Key="SecureConnectionLevel" Value="3"/>
  Step 3:
  In rsreportserver.config, add the correct value to the <URLRoot> element (which already exists in the file.)  In my configuration, this value was blank.  The value should be the fully qualified path to your report server, with a hostname that
  is valid for your certificate.  For example, if my cert matches *.mydomain.local:
  <UrlRoot>
  https://myserver.mydomain.local/ReportServer
  </UrlRoot>
  Step 4:
  Ensure that your certificate exists in Trusted Root Certification Authorities in certmgr for the local machine.  I had the certificate installed as a Personal certificate for the local machine, which I still think was correct (the certificate wasn't actually
  the problem and worked correctly for Report Server, and the failure was caused by SSRS incorrectly making a https request to a localhost URL), but she had me remove the certificate from Personal and add it to Trusted Root Certificate Authorities.  That
  broke things and the cert was no longer listed as a cert I could bind to, so we then copied it so it existed in both Personal and Trusted Root Certificate Authorities.  This is how I left it, not sure if that was necessary.
  Step 5:
  This was the fix that finally got things to work. In rsreportserver.config, add the same value to the <ReportServerUrl> element (which also already exists in the file) that you added in step 3.  In my configuration, this value was also blank.
  The corrected value should be the same as in step 3, for example:
  <ReportServerUrl>
  https://myserver.mydomain.local/ReportServer
  </ReportServerUrl>
  Then restart your report server (stop & then start in Report Server Configuration Manager), and the problem should go away.  At least it did for me.
  Good luck!