Monday, September 22, 2014

Microsoft Azure RemoteApp, taking a closer look at the Hybrid Deployment

I’m sure you’ve all heard about Azure RemoteApp by now. If not, see for more details. Currently Azure RemoteApp is still in preview, so you can try it out for free.

Azure RemoteApp comes is two different deployments, a Cloud Deployment and a Hybrid Deployment. Cloud deployment means the RD Session Host servers that run your Azure Remote Apps are not connected to your on premises Active Directory Domain and can therefor only interact with application and data on the RD Session Hosts itself. Hybrid Deployment means the RD Session Host servers are connected to your on premises environment and are also members of your on premises Active Directory Domain, connected via Azure Active Directory. This means these RD Session Host servers and the users it serves, are able to access resources like file servers, application servers, SQL servers etc. that are hosted on premises.

The Cloud deployment is very straight forward to set up and you can have that up and running in no time. Previously the Cloud Deployment only supported using the RD Session Host template provided by Microsoft Azure. This has changed since August 2014 when Microsoft announced the support to use your own RD Session Host template for Cloud Deployments as well.

In the mean time, Microsoft has also provided two guides to help you set up both deployments.

How to create a cloud deployment of RemoteApp
How to create a hybrid deployment of RemoteApp

In this blog post we’re taking a closer look at what Azure RemoteApp Hybrid, what it means for your local environment and how the elastic growing of the RD Session Host farm is performed.

As there are already detailed guides out there, I won’t go into all the details of the step by step process to set up the Hybrid deployment, instead, we’ll do a quick high level overview to give you an overview of the required steps.

After signing up for the (free) preview, the first step is to actually create the Azure RemoteApp Hybrid deployment which in Microsoft Azure terms, is called a “with VPN” deployment.


After the creation is finished we’re presented with a wizard to guide us through the steps.


First step is to link the Virtual Network. I created the Virtual Network in advance, with the following details


After the linking the Virtual Network, an option Get Script becomes available which allows you to download a PowerShell script you can run on your on premises VPN device or server to be able to accomplish the site-to-site VPN with Microsoft Azure. In my case I use Microsoft RRAS on Windows Server 2012 R2.


If you run the script on your on premises RRAS server a VPN will be configured for you.


Make sure the VPN is enabled and connectedimage

The next step is to provide the credentials to connect to your local Active Directory domain to allow Azure RemoteApp to add new RD Session Host servers to your domain, in the OU you provided. Obviously the specified account needs the appropriate permissions.


Next, we link the RD Session Host image. In this case I re-used a previously uploaded image that I also used for a Cloud Deployment.


Shortly after you perform this step, Microsoft Azure will start to provision the deployment including the creation of your RD Session Host servers, based on the template. As the warning states, this can take up to 30 minutes.


In the mean time you can configure the Directory Synchronization between your on premises Active Directory and Azure Active Directory (AAD) which is needed to be able to assign users and groups to your published Remote Apps and allow users to authenticate to the Azure Remote App Client using their corporate credentials.

If not already in place, you need to create a new AAD in Azure and enable Activate Directory Sync on it. Microsoft Azure guides you through the process by outlining the required steps as shown below.


Again, I wont go over all steps in great details, please follow the Microsoft guides as referred to in the introduction of the blog post.

Once you have created the AAD, you download and run the directory sync tool on your on premises server.


A wizard which is launched right after the setup allows to you to configure the directory synchronization and perform the initial synchronization. You’ll need to provide your AAD credentials (a user with global admin permissions) and your on premises service account.

Once this wizard is finished an initial sync will take place and you should be able to see your users / groups in AAD become available.


Using PowerShell you can also manually trigger synchronization by running the command Start-OnlineCoexistenceSync


If synchronization does not correctly function, check the Application Event log for more details on the various synchronization steps.


In the mean time you Azure RemoteApp will probably be provisioned. This means we can now perform the final steps: publishing applications and configuring user access.


Publishing applications is very straight forward. Simply select the desired applications, notice that I also installed some custom test application in my RD Session Host template which I’m able to select here as well.


Or, add published applications by specifying a name and full path to the executable.


When you are done publishing Remote Apps, the final step is to configure who is allowed to connect and launch your remote apps.

You can add individual users, but it’s obviously more convenient to select a group of users. In my cased I provided the name of a group I created in my on premises environment which was synced to AAD. (note that you can only add Users & Groups here that are already synced).


We’re done. We can now use the Azure RemoteApp client on our endpoint device, and provide our corporate UPN and password. image

In this case I used the subdomain that comes with AAD (<yourAAD> but you can also link your corporate domain by adding it and running the domain verification process which is done via a TXT DNS value you need to configure.


And here my are Remote Apps available and ready to launch, hosted by Azure RemoteApp Session Host servers, which are domain joined to my on premises domain!


Since this is a Hibrid Deployment, I’m able to access resources that are on premises. I can for example can create a drivemapping pointing to a server running on premises from within my published Remote App (cmd.exe).


Also note that my printers are being redirected using Easy Print. USB redirection is  however not supported at this moment.


Now that we have the hybrid deployment up and running, and are able to launch Remote Apps, let’s take a closer look at what happens in your on premises environment.

After the initial RemoteApp deployment has been provisioned, 2 RD Session Host servers have been provisioned and have been joined to the on premises AD domain. A random hostname prefix is selected followed by a number 0000, 0001 etc.


The IP-addresses are handled by Microsoft Azure, and based on the Virtual Network Address Space that we configured in Azure as part of the vNet, a DHCP server is used to supply IP-addresses starting by .20 and going up.


An IPconfig on one of the RD Session Host servers shows the DHCP server, apparently and also notice the DNS Suffix, which was the the original code name for Azure. :)


A check on port 3389 shows that both RD Session Host servers are available and shortly after the initial provisioning.


Shortly after that however, the 1st RD Session Host becomes unavailable.


I’m assuming the VM is being put in pause as part of the elastic growing and shrinking mechanism since no user is logged on to the deployment.

As soon as the first users are logging on, a 3rd RD Session Host server is provisioned and after that being put into pause.


Furthermore the 2nd RD Session Host server now becomes available again too.


To summarize, at this point we have:

- 1 provisioned RDSH server which is accessible and contains active sessions.
- 1 provisioned RDSH server which is accessible but does not accept new sessions (yet)
- 1 provisioned RDSH Server which is not accessible (in pause mode)

When we start hitting the deployment with more users we discover that the first 5 users are being send to the 1st RD Session Host, the 6th user is being redirected to the 2nd RD Session Host servers. So apparently the configuration is max 5 users per RD Session Host server. And, as soon as we logon the 6th user, the 3rd RD Session Host server becomes accessible (but does not get new sessions yet). Etc.

This is how the elastic growing and shrinking is configured at the moment. Obviously Azure Remote Apps is still in Preview so these variables might be changed after General Availability. Who knows, we might even be able to configure this variable in upcoming releases? :)


These are some of the thing I’ve tested in my hybrid deployment so far. In this blog post I tried to give you a more detailed look on how the Hybrid scenario works, specifically how the elastic growing & shrinking works. Obviously there is still a lot more to discuss like performance when accessing your on premises servers, support for GPU, desktop integration, etc.

Personally I really like the concept of Azure Remote Apps, compared to other DaaS offerings this much more of a “It’s all about the apps” solution. Over a decade ago people were already talking about how Windows applications would all be gone in the future, replaced by Web Applications. In 2014 this is still not the case, and it probably won’t be for many years to come. Azure Remote Apps can fill the gaps there, by offering your (corporate) Windows Applications side by side with web based applications or specific locally running applications, accessible from any device at any time. There is however a long way ahead, Azure RemoteApp is currently still into preview. At this point there are no details in pricing yet, good pricing will be crucial in making Azure RemoteApp a success. And, although the Cloud Deployment setup is relatively straight easy and forward, The hybrid Deployment takes a lot of different (sometimes unstructured) steps to set it up. Hopefully Azure RemoteApp will inherit the extremely fast updating speed used in other Azure services to help make it a success.

To finish this blog post, a funny screenshot….I’m sure any sys admin has seen this pop up before, but in this case apparently, the provisioned Azure RemoteApp RD Session Host servers are equipped with temp licenses that last 10 years :)


Wednesday, September 10, 2014

September 2014 RDS related KB articles

Several RDS related KB articles and patches have been made available this month. Below a summary containing links the various KB articles.

Connection is lost when you access an RD Session Host server by using RDP in Windows Server 2012

Error 0x800401f0 when you update RemoteApp and Desktop Connections feeds in Windows 7 or Windows Server 2008 R2

Performance issues when you use credential roaming on RD Session Host servers in Windows 7 or Windows Server 2008 R2

RDS client computer cannot connect to the RDS server by using a remote desktop connection in Windows

Updates to improve the compatibility of Azure RemoteApp in Windows 8.1 or Windows Server 2012 R2

Event 1043 when a RDP connection uses a Remote Desktop license server that is running non-English Windows Server 2012 R2

Remote Desktop client on iOS 8.1.0 is available

Microsoft has released a new update for the Remote Desktop Client for iOS. The new version is 8.1.0 and is available in the App Store for download!

The new version has a number of improvements and new features, including

  • Some improvements in performance and look and feel
  • Support for multiple sessions
  • Management of various RDP users per desktop, Remote Apps, or RD Gateways
  • Support for 15 different languages

The new look & feel looks great. Below two screenshots of connected RDP sessions and also a Azure RemoteApp signup.

foto 1 (4)

foto 2 (3)

The ability to manage multi user accounts is available from the settings menu


Switching between different RDP Sessions and RemoteApps also works very smooth.

foto 5

And as you might have noticed I switched to the Dutch language Smile

For more detailed info on the update, also see the RDS team blog post about it here:

You can get the new update here: Microsoft Remote Desktop Client in iTunes App Store

Wednesday, September 3, 2014

Microsoft Remote Desktop Preview V8.1.4 update for Windows Phone 8.1 available today for download

The Microsoft Remote Desktop Virtualization team just announced the availability of version 8.1.4 of the Remote Desktop Preview client for Windows Phone 8.1!

“…September brings another update to the Microsoft Remote Desktop Preview app as we continue focusing most of our efforts towards adding support for Microsoft Azure RemoteApp, Remote Resources (RemoteApp and Desktop Connections) and Gateway, all due later this year.

Keep the feedback coming on our feature requests site as it will help us focus on the right functionality to ensure the app meets your needs.

With that said, this blog highlights the changes we’ve made to the app which will be available from the Windows Phone Store later today.…”

Quick overview of the new features:

  • Fn keys are now available
  • Updated in-session experience
  • Link to the feature request site
  • New Cortana command

Source and more details:

Monday, August 25, 2014

Using Desired State Configuration (DSC) to maintain RDP settings

Ran into this cool blog post on Building Clouds by Tiander Turpijn (MSFT). It contains a practical example of the implementation of DCS. He describes a walk through to to use Desired State Configuration (DSC) to maintain RDP settings like Enabling RDP, configuring the Firewall and NLA settings.

Check it out here:
Writing a custom DSC resource for Remote Desktop (RDP) settings

Thursday, August 21, 2014

RDS / VDI related sessions and labs at TechEd Europe 2014 #TEE14

The content catalog for Microsoft TechEd Europe 2014 (which will be held in Barcelona) has been published online!

Below is a list of VDI and RDS related sessions and Hand-On-Labs that will be held there. The content catalog will continue to grow as the event gets closer. I’ll update this blog post accordingly.

EM-B213 Microsoft Desktop Virtualization Overview Session|
Speaker(s): Demi Albuz, Thomas Willingham
Track: Enterprise Mobility
Session Type: Breakout
Topic: Microsoft Enterprise Desktop Virtualization
This session provides an overview of Microsoft Desktop Virtualization solution and products under this solution, in Microsoft Azure and on-premises (personal, pooled Virtual Machine (VM)-based deployments, session-based deployments, RemoteApp and Azure IaaS solution). In this session, we talk about the key improvements and enhancements brought to the platform.

EM-B324 VDI Deployment Walkthrough
Speaker(s): Tiberiu Radu
Track: Enterprise Mobility
Session Type: Breakout
Topic: Microsoft Enterprise Desktop Virtualization
This session reviews what VDI is, how it is enabled and supported by the capabilities if Windows Server 2012 R2, options and alternatives for deployment (Remote App, Remote Desktop, pooled VMs versus dedicated), and the guidance needed to discuss remote hosted desktop solutions with customers, as well as how to successfully create and design basic VDI solutions. Topics include common deployment steps and gotchas including those related to networking setup, sysprep, storage, and other considerations.

CDP-B358 Windows Server Data Deduplication at Scale: Dedup Updates for Large-Scale VDI and Backup Scenarios
Speaker(s): John Loveall
Track: Cloud and Datacenter Platform
Session Type: Breakout
Topic: Windows Server
Come to this session to learn how Windows Server data deduplication can be used to support large-scale deployments of VDI (Virtual Desktop Infrastructure) and Microsoft System Center Data Protection Manager (DPM). Detailed configurations and workload performance analysis are shown for scenarios with hundreds of VMs supported by Windows Scale Out File Server on standard industry hardware. This session gives you all the information you need to start taking advantage of Windows data deduplication for these large-scale workloads.

EM-B311 An Insider's Guide to Desktop Virtualization
Speaker(s): Benny Tritsch, Ruben Spruijt
Track: Enterprise Mobility
Session Type: Breakout
Topic: Microsoft Enterprise Desktop Virtualization
Ready to drink from a fire hose? Benny Tritsch and Ruben Spruijt, two thought-leaders and fellow MVPs, share their insights, best practices, and unfiltered thoughts about Desktop Virtualization, VDI, vendors, and solutions. Topics in this highly energized session are: VDwhy, VDCry, VDI Smackdown, build and design a Microsoft VDI solution, and 3D graphics. Also, experience the Microsoft and Citrix Virtual Desktop solution with a huge amount of videos and demos. With unique content and insights, this session is fun and packed with great content for everyone interested in Desktop Virtualization—and some nice giveaways. A session you don’t want to miss.

EM-B315 Deploying Remote Desktop Services (RDS) Roles in Microsoft Azure and Private Cloud
Speaker(s): Clark Nicholson
Track: Enterprise Mobility
Session Type: Breakout
Topic: Remote Desktop Services
This session walks through the architecture of Remote Desktop Solutions (RDS) hosted in Azure, public, and private clouds. The discussion includes high availability considerations and capacity planning, as well as connectivity to corporate Active Directory and network resources.

EM-B323 User Experience in Virtual Desktop Environments: When Is It "Good Enough"?
Speaker(s): Benny Tritsch
Track: Enterprise Mobility
Session Type: Breakout
Topic: Remote Desktop Services
When planning to deploy Windows desktops and applications in modern cloud and mobility environments, acceptable user experience is an important success factor. Unfortunately, traditional benchmarking parameters—such as frame rates and system performance counters—do not entirely represent the perceived user experience on a remote client. Aspects like client capabilities, media redirection, changing network conditions, compression artefacts, media asynchronity or UI response time delays introduce significant new challenges. Join RDS MVP Benny Tritsch in his session about benchmarking remote user session and virtual desktop performance. He introduces you to a working set of acceptance criteria and test methodology best practices he derived from real customer projects and by evaluating dozends of reference environments in his test lab. Examples from an archive of several thousand videos with recorded test sessions collected over the last years show you the difference between good and bad user experience in VDI and cloud environments. In this session, get expert guidance on how to build your own remote UX test lab and what your test criteria should be.

WIN-B311 Non-persistent VDI: Optimize your environment with App-V and UE-V
Speaker(s): Aaron Ruckman, Dave Gappmayer
Track: Windows, Phone and Devices
Session Type: Breakout
Virtual environments can offer huge advantages in cost savings, maintenance etc. How can you realize these advantages using App-V and UE-V? Come on a deep dive journey into best practices for leveraging App-V and UE-V to maintain an even smaller and more agile Golden Image, to simplify application management and improve VDI performance, while not sacrificing the user's application and personalization experience.

EM-H319 Windows Server 2012 R2 Remote Application Publishing: Enterprise and Beyond
Track: Enterprise Mobility
Session Type: Hands-on Lab
This lab focuses on Windows Server 2012 R2 Remote App publishing new features. Learn how to create and configure a remote app hosting environment using Windows Server 2012 R2. Experience how to publish multiple apps for users who will access them from within a controlled IT environment as well as from personal workstations and terminals. Learn how to manage, categorize and arrange various user applications.

EM-H308 Enabling Secure Remote Users with RemoteApp, DirectAccess, and Dynamic Access Control|
Track: Enterprise Mobility
Session Type: Hands-on Lab
Topic: Direct Access, Dynamic Access Control, Virtual Desktop Infrastructure
In this lab, learn how to implement a secure remote access and user security solution which allows users in remote locations to leverage session based VDI for Microsoft Office 2013, and gain access to share folders which are protected with Dynamic Access Control and RMS classification. Deploy Session VDI with RemoteApp. Provision a computer for DirectAccess with offline Domain Join. Connect via DirectAccess and launch remote Office applications. Create new DAC rules and new RMS rules, and auto-protect a document share with rules. User save a document in share, and have document auto-protected.

Wednesday, August 13, 2014

KB: A network printer is deleted unexpectedly in Windows

KB article related to network printers being unexpectedly deleted in scenario’s where multiple users a logged on via RDP or fast user switching.

“…Consider the following scenario:

  • Multiple users use Remote Desktop Protocol (RDP) to connect to a Remote Desktop Services (RDS) server that is running Windows Server 2012. Multiple RDP sessions are then established.
  • Multiple users log on to the same computer that is running Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, or Windows Server 2012 by using Fast User Switching, and then local sessions establish.
  • They install the same network printer in the RDP or local sessions.
  • One user deletes the printer in a RDP or local session.

In this scenario, other users who installed the printer previously also see that the printer is deleted from their session…”

more info & download: