Friday, January 27, 2012

Quest releases vWorkspace 7.5 !

Today Quest Software has officially released vWorkspace version 7.5! I personally had the honor to test-drive the beta and RC releases. I’m really excited about version 7.5, it contains a great set of new features and changes! In this blog post, I’ll discuss some of the features introduced in the new release.

First, let’s quickly highlight the key features:

“…Lowest Cost Desktop Virtualization using Hyper-V
vWorkspace 7.5 introduces direct support for Microsoft Hyper-V, including free Hyper-V Server. This deep integration provides full virtual desktop lifecycle management and lets you take full advantage of Hyper-V functions such as Dynamic Memory and RemoteFX. And by allowing seamless use of local storage (DAS) and eliminating the need for expensive SAN storage, vWorkspace 7.5 provides additional cost-savings for desktop virtualization…”

“…Huge Scalability and Speed Improvements for Virtual Desktops
vWorkspace 7.5 introduces the Hyper-V Catalyst Components to deliver breakthrough scalability improvements for virtual desktops hosted on this Microsoft platform. Two key components are HyperCache and HyperDeploy which dramatically improve the density of Hyper-V. In addition, these components allow you to provision a fully functional virtual desktop every four seconds on commodity hardware, right out of the box…”


“…The Power and Simplicity of Desktop Clouds for SMBs and EnterprisesvWorkspace 7.5 now comes with Desktop Clouds that make desktop virtualization even easier. Desktop Clouds deliver the best possible performance of virtual desktops with advanced load balancing schemes. Plus, they allow you to add capacity in seconds for unparalleled elasticity. Maintenance of desktops in a vWorkspace Desktop Cloud is also fast and easy; you can update hundreds or thousands of desktops in minutes. All you need to set up a Desktop Cloud is Microsoft Hyper-V (free)…”

Furthermore:

“…Two-Factor Authentication for all vWorkspace Connectors – Adds an extra layer of security by leveraging two-factor authentication at the broker…”

Moving the two-factor authentication from Web Access to the Broker is a great move! It results in being able to also use two-factor authentication with the vWorkspace client. So in scenarios where you needed two-factor authentication and could not use (or did not want to use) Web Access you can now also use the vWorkspace client with two-factor! It also solves an issue that I posted on the Quest Forum a while ago; http://communities.quest.com/message/50617

“…New vWorkspace Web Access – Provides greater performance and scalability, is integrated with the vWorkspace Management Console, and offers a sleek new look…”

The configuration of Web Access is now fully integrated in the vWorkspace console, which works much better than the previous separate admin webpage you had to use. In addition, the look & feel of the Web Access site itself has greatly improved!

“…Advanced Targets – Allows administrators to assign vWorkspace applications, desktops, and other resources in a context-aware fashion with designations such as “two-factor authenticated” or “trusted entry point.”…”

This is great! The way it has been set up reminds me of Microsoft’s Item Level Targeting inside Group Policy Preferences. It works really well and introduces a lot of flexibility.

General info about the release:
http://www.quest.com/vworkspace/new-release.aspx

The whitepaper:
http://www.quest.com/whitepaper/desktop-virtualization-a-cost-and-performance-comparison816379.aspx

The datasheet:
http://www.quest.com/Quest_Site_Assets/PDF/_DSV-vWorkspace2011-US-EH_2.pdf

Tuesday, January 17, 2012

My new article on VirtualizationAdmin about RDS in Windows 8

My new article on VirtualizationAdmin has been published today. See the introduction chapter below or click here to read the complete article

"...Introduction
The developer preview edition of Windows Server 8 has been around for a few months now. The Beta Release and Release Candidate still have to be released of course, but in this article, we will take a closer look at what Windows Server 8 is going to offer concerning management of Remote Desktop Services..."


Full link to complete article on VirtualizationAdmin:
http://www.virtualizationadmin.com/articles-tutorials/vdi-articles/general/taking-closer-look-what-windows-8-will-bring-regarding-management-rds.html

Wednesday, January 11, 2012

You cannot change an expired user account password in a remote desktop session that connects to a Windows Server 2008 R2-based RD Session Host server in a VDI environment

Two new hotfixes (one client, one server) were released today regarding the ability to change a expired password in a VDI environment based on Windows Server 2008 R2.


Client hotfix:
Article ID: 2648397 - Last Review: January 11, 2012 - Revision: 1.0
You cannot change an expired user account password in a Remote Desktop session from a client computer that is running Windows 7 or Windows Server 2008 R2

Consider the following scenario:
  • A Remote Desktop Session Host (RD Session Host) server that is running Windows Server 2008 R2 is deployed in a Virtual Desktop Infrastructure (VDI) environment.
  • The Allow connections only from computers running Remote Desktop with Network Level Authentication option is enabled on the RD Session Host server.
  • You establish a Remote Desktop session to the server from a client computer that is running Windows 7 or Windows Server 2008 R2 by using a user account that is granted Remote Desktop access.

    Note The client computer could be a computer inside the VDI environment, or a stand-alone computer outside the VDI environment.
  • The password of the user account is expired.
  • You receive the following message:
    You must change your password before logging on the first time. For assistance, contact your system administrator or technical support.
In this scenario, a dialog box that prompts you to change the password is not displayed. Therefore, you cannot change the password of the user account.

Note This issue also occurs in RDP environments that have Network Level Authentication (NLA) and Credential Security Support Provider (CredSSP) enabled.

After you install this hotfix, you will receive an error message that states your password is expired. However, the hotfix does not provide a dialog box that prompts you to change your password.

Source and hotfix: http://support.microsoft.com/kb/2648397/en-us?sd=rss&spid=14134

Server hotfix:
Article ID: 2648402 - Last Review: January 11, 2012 - Revision: 1.0
You cannot change an expired user account password in a remote desktop session that connects to a Windows Server 2008 R2-based RD Session Host server in a VDI environment

Consider the following scenario:
  • You have a Remote Desktop Session Host (RD Session Host) server that is running Windows Server 2008 R2 in a Virtual Desktop Infrastructure (VDI) environment.
  • You enable the Allow connections only from computers running Remote Desktop with Network Level Authentication option in the RDP-Tcp Properties dialog box by using the Remote Desktop Session Host Configuration tool (Tsconfig.msc).
  • You establish a remote desktop session to the server from a client computer by using a user account that is granted Remote Desktop access.
  • The password of the user account is expired.
  • You receive the following message:
    You must change your password before logging on the first time. For assistance, contact your system administrator or technical support.
In this scenario, a prompt to change the password is not displayed. Therefore, you cannot change the password of the user account.

Note This issue also occurs in any RDP environment where Network Level Authentication (NLA) and the Credential Security Support Provider (CredSSP) are enabled.


Source and hotfix: http://support.microsoft.com/kb/2648402/en-us?sd=rss&spid=14134

External users cannot connect to RDS that are published on a Windows Server 2008 R2-based RD Gateway server through Forefront UAG

A new hotfix was released today regarding running Remote Desktop Services (RDS) on a Remote Desktop Gateway (RD Gateway) server that is running Windows Server 2008 R2 through Forefront Unified Access Gateway (UAG) in a network environment.

Article ID: 2649422 - Last Review: January 11, 2012 - Revision: 1.0
External users cannot connect to RDS that are published on a Windows Server 2008 R2-based RD Gateway server through Forefront UAG

Remote Desktop Services (RDS) are published on a Remote Desktop Gateway (RD Gateway) server that is running Windows Server 2008 R2 through Forefront Unified Access Gateway (UAG) in a network environment. Sometimes, external users cannot connect to the published RDS, and they receive the following error message:

Additionally, an event that resembles the following is logged on the RD Gateway server:

Event ID: 203
Source: Microsoft-Windows-TerminalServices-Gateway
Symbolic Name: AAG_EVENT_MAX_CONNECTIONS_REACHED
Message: The number of simultaneous connections to the RD Gateway server has reached the maximum number that was configured by the administrator. The server is therefore not accepting any new connections. The connection attempt by user "%1" on client computer "%2", using the authentication method "%3" has been denied. For information about how to modify the maximum connection limit, see the "Specify the Maximum Number of Allowable Connections for RD Gateway" topic in the RD Gateway Help.

Cause:This issue occurs because user connections are not closed correctly. Therefore, some Forefront Network (Edge) tunnels are leaked. When the number of concurrent connections to the RD Gateway server has reached the maximum number, all new connection requests are denied. 

You cannot install RDS CALs automatically by using Windows PowerShell in Windows Server 2008 R2

A new KB article related to installing RDS CALs using Powershell was launched today.
Article ID: 2648662 - Last Review: January 11, 2012 - Revision: 1.0
You cannot install RDS CALs automatically by using Windows PowerShell in Windows Server 2008 R2

Consider the following scenario:
  • You install the Remote Desktop Licensing (RD Licensing) role service on a computer that is running Windows Server 2008 R2.
  • You install hotfix package 2618115 on the computer.
  • You try to install Remote Desktop Services client access licenses (RDS CALs) automatically by using Windows PowerShell.
  • You select Telephone or Web Browser as the connection method.
  • The RD Licensing server does not have an active Internet connection.
In this scenario, you cannot install RDS CALs and you receive the following message:
Access to the object at RDS:\LicenseServer\LicenseKeyPacks\LicenseKeyPack is denied for the cmdlet New-Item. A license key pack could not be created because the input was not valid or permissions were insufficient.

At line:1 char:9

+ New-Item <<<< -path RDS:\LicenseServer\LicenseKeyPacks -ConnectionMethod PW

+ CategoryInfo : PermissionDenied: (:) [New-Item], AccessViolationException + FullyQualifiedErrorId : PermissionDenied,Microsoft.PowerShell.Commands.NewItemCommand
 
Cause
This issue occurs because the RD Licensing server unnecessarily checks whether it is authenticated or not. This behavior requires Internet access. Therefore, the authentication check fails if the RD Licensing server does not have an active Internet connection.