Category: Windows Server

Monitoring vDisk Rebalance Enabled

In a recent use-case that I stumbled across, I wanted to monitor a few different things in a Citrix-environment with Provisioning Services technology.

In this specific blog-post I’ll show you how I configured monitoring for whether Rebalance Enabled is configured for active vDisk, with Provisioning Services (PVS) Powershell SnapIn.



Monitoring vDisk Replication

In a recent use-case that I stumbled across, I wanted to monitor a few different things in a Citrix-environment with Provisioning Services technology.

In this specific blog-post I’ll show you how I configured monitoring of vDisk Replication with Provisioning Services (PVS) Powershell SnapIn.



HTML5 Web Client for Remote Desktop Services 2016

Microsoft recently announced that the new HTML5 client for Remote Desktop Services has reached general availability. The new web client lets users access the Remote Desktop infrastructure using a modern browser that supports HTML5.

Requirements & Installation

Microsoft have a great article explaining the requirements and how to get started with the new client in the following link. It’s important to note that if you run any previous versions of the client and want to update to the latest release, it first has to be uninstalled from the Web Access servers.
The client can be installed and run simultaneously as your old RDWeb-page, they just use different URLs to be accessed. To access the new client, the URL https://<FQDN>/RDWeb/webclient/ is used.

Using the new client

The new client that was released previously this year, has now reached version 1.0.0 and with it, a new sign in experience and SSO to the applications. Below is how the now much improved login-screen looks like:

Web Client login screen

After logging in the apps are presented, and right away you can see the much improved design comparing to the old and very outdated default RDWeb page:

New updated application menu

The great thing about the HTML5 client is that it doesn’t require any software to run, just a browser that supports HTML5, which most browsers does these days. So this is good news for tablet and thin-client users.
The applications are contained within the browser window. You can only have one browser window open at a time, and opening multiple applications at the same time creates tabs within the browser window:

 

Applications running

Printing and copy/paste is available from within the session. Using print will download the job as a PDF file to your local computer.

Some features are still missing for making it a complete replacement for the old one, but Microsoft will be releasing updates in the future and adding more features as time goes by, so keep an eye out.



SCCM 1806 – News and features

Once more it was time to upgrade our SCCM environment to the newest release that is 1806. As it was not released for everyone yet, I had to run the Fast-Ring script to allow the update to present itself. I found this update very interesting as it comes with some exciting new features, and there are alot. These are the ones that I am most excited about.

  • Ability to PXE boot without WDS
  • CMTrace installed as default on clients
  • Ability to exclude Active Directory containers from discovery
  • High availability on Site Server
  • CMPivot
  • Boundary group for peer downloads
  • Enhanced HTTP site system
  • Improvements to OS deployment
  • Software Updates for third-party

…and much more. You can read about all the new features here on Microsoft docs.

Since there are a lot of news, I have chosen to cover the two that I am most excited about in this new release.

CMPivot

Configuration Manager is a very helpful tool when gathering information, CMPivot now allows you to take it to the next step by real-time querying clients. This allows you to gather a lot of information instantly. This feature uses Azure Analytics Language, .

CMPivot is located under Asset and Compliance > Overview > Device Collection, you can find this new feature in the top ribbon bar.

Location of CMPivot

An example is to find BIOS-information about the Dell computers that are currently online. From this output you easily create a collection (the members of the collection will be added as Direct Members) or export to both CSV and Clipboard.

 

PXE Without WDS

It is exciting to have a new way of deploying over PXE. Since Windows Deployment Services has been available for a long time, it feel suitable to have an updated way of deploying clients. By replacing WDS, the distribution point will create the service ConfigMgr PXE Responder. If you have plans of using Multi-Cast, you are for now stuck with WDS.

This setting can be found under Administration > Overview > Distribution Point, right click on the distribution point you would like to modify with the setting shown below.

After applying this setting, Windows Deployment Services will automatically be disabled. Be advised that if you are monitoring this service, it will be report as stopped. SCCM PXE Without WDS

If you have questions, thoughts or anything you would like discuss? Send an email to Johan.Nilsson@xenit.se and I will be more than glad to talk about these topics.



Automate tasks with use of XenServer Powershell Module

Working with backups of your virtual machines is obviously essential. Working with exports in XenServer can some times be time consuming, particularly with bigger virtual disks attached to your virtual machine. In this scenario I will show you an alternative to manually export via XenCenter, by doing it with Powershell to an remote server using XenServer Powershell module.



Flickering Desktop Icons and re-directed folders

This blog post will only cover a scenario with Microsoft Windows Server 2016 Remote Desktop Services (RDS) and re-directed folders where flickering icons appear. Other solutions may apply to different scenarios.
Since the release of Windows 10 / Server 2016 and their different releases 1607, 1703, 1709 and 1803 there has been several issues regarding flickering icons on the Start-menu, in File Explorer and taskbar.

SCENARIO

During the deployment of Citrix Virtual Apps and Desktops 7.15 on Windows Server 2016 with published Desktops and re-directed Desktop folder, users could experience that the desktop icons kept flickering continuously. The more shortcuts, folders or files on the Desktop the more prevalent the issue was. Constantly blinking icons on the desktop looked like refreshing the desktop with F5 or Ctrl+R and would also flash when browsing network shares.

My first thought was to activate ”Always show icons, never thumbnails” in Folder Options since there seemed to be a constant query to network shares where the re-directed Desktop folder resided.

File Explorer - Options

File Explorer – Options

File Explorer - Always show icons

File Explorer – Always show icons

INVESTIGATION

The moment I clicked on View in Folder Options the desktop icons ceased flashing in my session. Dwelling deeper with Procmon investigating what actually happens when opening View tab in Folder Options I found out that explorer.exe queries a registry key in the users HKEY_CURRENT_USER registry. If the registry entry does not exist it will be created.

  • HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}
Explorer query and creation of registry key

ProcMon – Explorer.exe query and creation of registry key

SOLUTION

With the knowledge that the registry key was missing and creating they key would stop the icons from flashing for users on Windows Server 2016 RDS, the appropriate solution was to use Group Policy Preferences (GPP) that created the registry key for users during logon (run in logged-on users’s security context) and apply it to Windows 2016 RDS servers.
Gorup Policy Preferences - User Configuration - Registry

Gorup Policy Preferences – User Configuration – Registry

Apply to Current User

Apply to HKEY_CURRENT_USER and set Key Path

Run in logged-on users security context

Run in logged-on users security context

Step 1: Create a USER GPP that will be applied to affected targets

Step 2: Create a Registry Item

Step 3: Add registry key

  • Hive: HKEY_CURRENT_USER
  • Key Path: SOFTWARE\Classes\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}
  • Tab Common: [v] Run in logged-on user’s security context (user policy option)

If you have any questions regarding above solution, or ideas on how to handle above in a better way, please contact me at viktor.glinski@xenit.se or post a comment below.



Palo Alto introduces new feature to support Terminal Service (TS) Agent on Windows Server 2016

In the latest release of Palo Alto Networks Terminal Service Agent 8.1.1, we were introduced to a new feature where it is now supported to install the agent on Windows Server 2016.

This is a very welcome feature that a lot of us have been waiting for. There are no other features added to this version or the one before.

This release is also compatible with all the PAN-OS versions that Palo Alto Networks still support.

For more information see:

Where Can I Install the Terminal Service (TS) Agent?

Release Notes – Terminal Service Agent 8.1



Windows Server 2019 Preview is now available

It’s finally here – the preview of Windows Server 2019!

Windows has release the first preview of the completely new Windows Server 2019. In this article I will summarize the main news and tell you a little about them. The final version of Windows Server 2019 are planned to be released in the second half of the calendar year 2018.

 

Hybrid cloud scenarios

  • Windows Server 2019 will come with the previously announced Project Honolulu (which is a modern server management interface). This will help you to more easily integrate Azure services (like Azure Backup, Azure File Sync disaster recovery) so you can use these services in a more convenient way.

Security

  • Shielded VMs was first introduced in Windows Server 2016 and was only available for Windows Server. In Windows Server 2019, support are added for Shielded VMs for Linux. VMConnect will be improved for troubleshooting of Shielded VMs for both Windows Server and Linux. Another new feature is called Encrypted Networks which will let admins encrypt network segments to protect the network layer between servers. Microsoft is also embedding Windows Defender Advanced Threat Protection (ATP) feature in the operating system which provides preventative protection, detects attacks and zero-day exploits.

Application Platform

  • Microsofts Goal is to reduce the Server Core base container image to a third if its current size of 5 GB. That will reduce the download time for an image by up to 72 % which will be a significant performance boost. Also, in Windows Server 2019 the choices available when it comes to orchestrating Windows Server container deployments are event better. Another new feature is the ability to run Linux containers side-by-side with Windows containers on a Windows Server.

Hyper-converged infrastructure (HCI)

  • Windows Server 2019 are adding adding scale, performance and reliability to HCI environments. With Project Honolulu (mentioned above) you will have the ability to manage HCI deployments which are a great new feature. This will help you simplify the management and day-to-day activities on HCI environments.

 

Read more about the preview here.

(if you want to compare this release with the previous release of Windows Server 2016, read this article)



HOW-TO IMPORT DHCP-LEASES TO WINDOWS SERVER FROM PALO ALTO

In some cases you will come across DHCP-scopes that are configured on the edge-device or similar and wanting to move it to your dedicated Windows Server instead.
Below is an example where you can export DHCP-leases from your Palo Alto Networks device and add them to your dedicated Windows Server.

In this example I will be using Putty.

Step 1.
Start Putty and connect to your Palo Alto Networks firewall. Then go to the Putty Reconfiguration page, Session > Logging and select ”All Session output”.
Choose your filename and where to save it. Select Apply.

Step 2.
Log in to your Palo Alto Networks firewall and issue one of the below commands. Choose the second one if you need to specify an interface. For example if you have several DHCP-scopes configured on your firewall.

Close your session when the output has been printed.

Step 3.
Inactivate the DHCP-scope on your Palo Alto Netoworks firewall so there are no new leases being added.

Step 4.

Open the file where the output has been pasted and remove any unnecessary information.

Import the values to Excel and it should look something like this: (We are only importing IP, MAC and Hostname in this example)

Step 5.
Now we need to add the information to the command that we will be using in Powershell on the new DHCP-server.

Go to a new column on the same sheet and add the below:

This will get the information for the IP on column A and row 2, MAC-adress on column B and row 2 and the Hostname on column C and row 2.

Go the new cell and hover to the right corner. Drag down to fill in the rest of the rows.

Step 6.
If you have not already created the new DHCP-scope this is the time to do it.

Step 7.
Start Powershell on your DHCP-server and paste the below commands.

Step 8.
Activate the new scope and remember to configure DHCP-relay on your Palo Alto Networks firewall if needed.



Nyheter på väg till RDS 2016

Microsoft presenterade tidigare i höstas nyheter som är på väg till Remote Desktop Services (RDS) 2016. Det är några stora förändringar på gång som är viktiga att känna till, och detta inlägg sammanfattar några av de nyheter som ska komma inom kort.

Infrastruktur

I en traditionell RDS infrastruktur måste alla servrar i uppsättningen vara med i domänen. Det innebär att RD Gateway och Webaccess servrarna både är med i domänen och har direkt kontakt mot internet, vilket gör dem sårbara för attack.

Med den nya infrastruktur design som Microsoft presenterar så är Gateway, Webaccess och de övriga rollerna ej längre med i domänen. Kontakten från domänen till infrastrukturen görs endast genom utgående trafik på port 443. Förutom att detta ökar säkerheten, så möjliggör det för organisationer att drifta flera olika miljöer med samma RDS infrastruktur. Inte längre behövs den en RDS miljö för varje domän, utan nu kan infrastrukturen sättas upp en gång för att drifta flera olika miljöer och låta användare ansluta till deras respektive domän och Sessionhosts.

Microsoft presenterar även en ny roll inom Remote Desktop Services; Diagnostics, vilket har som uppgift att samla in information om uppsättningen och kan användas för att felsöka anslutningsproblem.

Azure

Integration med Azure Active Directory (AAD) är snart här. Med hjälp av AAD så kan Multi-Factor Authentication, Intelligent Security Graph och övriga Azure tjänster nyttjas i RDS miljön. Azure AD är något som många organisationer redan nyttjar, om de använder sig av Office 365 tjänster.

 

Om RDS miljön sätts upp i Azure så kan organisationer installera RDS rollerna som Platform as a Service (Paas) tjänster. Det innebär att det inte längre krävs ett VM för varje roll i infrastrukturen, Administratörer slipper alltså managera varje VM individuellt, samt de får tillgång till den smidiga skalbarheten som Azure erbjuder. Denna uppsättning stödjer även hybrid-lösningar, Sessionhosts kan alltså ligga on-premise och resten av infrastrukturen i Azure.

Det finns fortfarande ingen ETA på när dessa nyheter görs tillgängliga. För mer information och demo på några av dessa funktioner, se inlägget från Microsoft.