Tuesday, April 21, 2015

RDS On Windows Server 2012 R2

RDS in Server 2012 R2

RDS in Server 2012 R2 is cake wake walk, but I didn't need all the fancy features. I just needed a simple RDS server with Per User licensing for running Windows specific application from a Debian Linux.


To solve the Licensing issue, I found a TechNet blog with the fix.


Configuring License server manually

There might be situation when you want to configure License server on the RD Session Host or on the RD Virtualization Host manually since you do not have any RD Connection Broker in your environment. You have already configured RD Session Host server or Virtualization Host Server as required and now you want to configure the License server which is already installed and configured with licenses. All you are left to do is configure the License Server and the Licensing mode on the corresponding RD session Host or Virtualization Host servers.

Note The following commands must be ran from an Administrative PowerShell prompt.

To configure the license server on RDSH/RDVH:
$obj = gwmi -namespace "Root/CIMV2/TerminalServices" Win32_TerminalServiceSetting
Note “License” is the name of the License Server in the environment

To verify the license server configuration on RDSH/RDVH:
$obj = gwmi -namespace "Root/CIMV2/TerminalServices" Win32_TerminalServiceSetting
To change the licensing mode on RDSH/RDVH:
$obj = gwmi -namespace "Root/CIMV2/TerminalServices" Win32_TerminalServiceSetting
$obj.ChangeMode(value) - Value can be 2 - per Device, 4 - Per user
To validate the licensing mode:
$obj = gwmi -namespace "Root/CIMV2/TerminalServices" Win32_TerminalServiceSetting
$obj. LicensingType
* To add the license server to the 'Terminal Server License Servers' group in AD, you need to be a domain admin or have the domain admin add the computer account to the group ahead of time. I ended up doing it after and it worked, but kept reporting an error in the licensing diagnostic.


rdesktop stable version 1.8.3 appears to correct the issues I was seeing with graphics and the drive redirection, but it is having issues with spanning dual monitors if they are not the same resolution.

downloaded and compiled the latest version and using the following connection parameters, things are looking better
>rdesktop -u <username> -d <domain> -r disk:home=$HOME [-g <% or WxH> | -f <fullscreen>] rdshost.fqdn

I am not using credssp, but you need to choose during the compile to have the option

Wednesday, April 1, 2015

Broken domain trust when reverting VM to old checkpoint

I keep setting up test virtual machines for various projects, get it perfect, then set a checkpoint. Weeks go by and I finally get around to testing. Then when everything is done, revert to the last checkpoint. The VM boots and will not log on due to broken domain trust, the Machine Password has changed.

This is probably better documented else where, but this is documentation for myself with a preamble rant.

To prevent this issue, disable the machine password change in the registry. Here is a rough powershell script to run on your test lab VM's. This will be added to a configure VM master script that will do multiple functions, but I'm starting here because you have to start somewhere. 

    Disables machine password changes for virtual machines
    This script disables machine password changes for Windows 7 Guest VMs
    allowing the restoration of older snapshots without losing domain trust.
    Note : Elevated permissions are required to execute this script.
           Cross-domain scenarios are supported by this script.

    Name     : Set-DisablePasswordChange.ps1

$result = Get-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters' -Name DisablePasswordChange -ErrorAction SilentlyContinue
if ($result.DisablePasswordChange -eq 0)
    $result = Set-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters' -Name DisablePasswordChange -Value 1 -PassThru
    Write-Host "Successfully Disabled Machine Password Change"
elseif ($result.DisablePasswordChange -eq 1)
    Write-Host "Machine Password Change is already Disabled"