Tuesday, 31 May 2011

FPE and FOPE ?

Check out this webcast that describes what Exchange provides in terms of anti-spam and anti-virus and how Forefront Protection for Exchange (FPE) and Forefront Online Protection for Exchange (FOPE) improves things.

Click here! 

FPE homepage

FOPE homepage

Saturday, 28 May 2011

Don't put CAS in the Perimeter network!

The following link provides a good read on why Microsoft does not support putting your CAS servers in the DMZ. Well Done Exchange Team!

Thursday, 26 May 2011

Enable Anti-Spam Functionality on a Hub Transport Server

In some small organizations, it may make sense to run Microsoft Exchange Server 2010 anti-spam features on Hub Transport servers. For example, some organizations may not have enough e-mail volume to justify the cost of installing and maintaining a full perimeter network together with an Edge Transport server.
You can enable Exchange anti-spam functionality on Hub Transport servers.

Run the following command from the %system drive%/Program Files\Microsoft\Exchange Server\V14\Scripts folder:


After the script has run, restart the Microsoft Exchange Transport service by running the following command:

Restart-Service MSExchangeTransport.

You must specify all internal SMTP servers on the transport configuration object in Active Directory forest before you run connection filtering. Specify the internal SMTP
servers by using the InternalSMTPServers parameter on the Set-TransportConfig cmdlet.

Set-TransportConfig -InternalSMTPServers

Tuesday, 24 May 2011

Hyper-V Export Error: “Failed to Create Export Directory”

If you receive this error while trying to export your VMs in Hyper-V, don’t despair! Just rename the virtual machine name in the management console and it will work (as if by magic…)


Monday, 16 May 2011

Enable PowerShell Remoting While Running VMWare Workstation in a Domain

After trying to configure WinRM I received the following error:


To avoid this I found the following link very usefull

How to Build a VDI Infrastructure Using VM Pools

In previous posts I have detailed steps to create Remote Desktop Services application hosting. The flip side of hosting applications using RDS services on Windows Server  2008 R2, is to use RDS services to provide a pool of virtual machines (Windows 7 clients) that users can connect to and use as there own desktops In some of the training schools I attend, this provides a real benefit. Students can connect to a single virtual machine being hosted on Hyper-V. The VM connected to is a member of a pool of VMs. Once the session is over and the student logs off, the VM is returned to a saved Hyper-V snapshot ready to start over again.

This post will detail steps to create a VDI Infrastructure by using different RDS services including Remote
Desktop Virtualization Host Server. At its most basic, Virtual Desktop Infrastructure (VDI) is a deployment design that puts the user desktop on a virtual machine (VM) in the datacenter, rather than on the physical computer at someone’s desk. There are different types of VDI. These include:
  1. Users can connect to a Virtual Desktop (VD) that has specifically been assigned to that user by using the Remote Desktop Connection Client. The user does not have to know which VM the VD is actually on.
  2. A pool of desktops available to a set of users on a temporary basis. It is this that we will be trying to create.
Some terms that are often used when discussing VDI include the following:
  • The computer that is running the RDC client and that someone sits in front of is called the client.
  • The VM that this person is connecting to is the endpoint, or the guest (a guest of the RD Virtualization Host it’s running on).
  • Preparing a VM to be used (for example, bringing it out of hibernation) is called orchestration.
  • Moving a VM to a new RD Virtualization Host is called placement. Placement is not part of the basic RDS VDI solution but might be supported via a filter plug-in.
The following diagram hopes to expose how a typical VDI 'comes together', and shows you the different RDS services involved. Central to VDI is the role of the Connection Broker. Clients can make connection requests using a web interface, RDC client etc. 
vdi1  As you can see, clients can connect to the VDI in a number of different ways, some of which have been investigated in earlier posts. My personal favourite is by Remote Desktop Web Access! In all these cases, the request is brokered by the RD  Connection Broker. RD Connection Broker works with RDP clients back to RDP 5.2 (which was available for Windows XP SP2 and Windows Server 2003), so the vast majority of Microsoft RDP clients are supported.
To support Microsoft VDI, you’ll need to do the following.
  • Install the RD Virtualization Host.
  • Install and configure the RD Connection Broker (including the Remote Desktop Session Host in redirector mode on the same computer).
  • Install and configure RD Web Access to allow users to discover the VMs.
  • Configure the VMs to work with VDI.
  • Create pools (and assign personal desktops if required).
We will look at these in turn.

Install the RD Virtualization Host

  • Install Hyper-V Server 2008 R2 on a suitable machine ( I am not adding Hyper-V as a role but as an operating system which can be downloaded from Microsoft HERE.
  • Once Hyper-V is installed configure it to have suitable NetBIOS name, IP domain membership etc.
  • Next enable PowerShell v2 on the system by following an earlier post
  • Next you will need to consider management of your Hyper-V server from say a Windows 7 machine. This machine needs to be domain joined and you need to be in as a Domain Administrator. The details can be found by following an earlier post and essentially involves adding the RSAT tools. Don’t forget to also add Server Manager as well because you will need to use this interface in the configuration of the Hyper-V server in addition to Hyper-V management!
  • The next big step is to Install Remote Desktop Virtualization Host on your Hyper-V server. An earlier post details how to do this and you will see how you benefit from installing PowerShell which you did in an above step.

Install and Configure the RD Connection Broker and RD Session Host Roles

On a separate server you will need to install the RD Connection Broker role and RD Session Host role. The RDCB is real brains behind the whole thing. The RDSH role is co-resident with RDCB but it doesn’t have to be.
  1. Log on to the computer as a member of the Domain Administrators group
  2. Select Start Administrative Tools Server Manager.
  3. In the Roles Summary section, click Add Roles.
  4. On the Before You Begin page, click Next.
  5. Select the Remote Desktop Services check box, and then click Next.
  6. Select the Remote Desktop Connection Broker and Remote Desktop Session Host role services check box and then click Next
  7. Click Next on the application compatibility warning
  8. Select ‘Require Network Level Authentication’ and click Next
  9. Select ‘Configure Later’ on the Licensing Mode and click Next
  10. Add Domain Users to allow your users access
  11. Click next on the Client Experience page.
  12. Click Install on the confirmation page.
  13. You will now have to restart the RDCB/RDSH server
Now the two roles have been installed on a server you should continue by configuring the roles.
  1. On the same server, select Admin Tools
  2. Select to Remote Desktop Services
  3. Select Remote Desktop Connection Manager (this is configuring RDCB)
  4. Select RD Virtualisation Host Servers (shown below) and right click


  5. Select Add RD Virtualisation Host Server and enter the name of your Hyper-V machine installed earlier
  6. You should then see the number of virtual machines created on your Hyper-V system. NB. That this works specifically with Hyper-V and no other Hypervisor. The number seen represents all Hyper-V hosted virtual machines be they on or off.
  7. Select Remote Desktop Connection Manager:ServerName  which can be found on the top left part of the window. Their are a number of different configuration settings here (shown below)


  8. You can change the Display Name. This name will appear in the Web Portal (on RD Web Access). This is shown below:


  9. On the RD Web Access tab enter the name of the RD Web Access server. If you don’t have one installed I will go though this later, but don’t forget this needs to be added here! The RDWA server account is made a member of the local TS Web Access Computer Group.
  10. You should see ‘1’ RD Virtualisation Host Server has been added (from step 5 above)
  11. You can now configure ‘RD Session Host server for redirection’. Select Configure. As this server is also running as a RDSH machine, the same server name should be present. See the diagram below:


  12. You can also enable redirection for earlier clients as shown above.
  13. Select Admin Tools
  14. Select Remote Desktop Services
  15. Select Remote Desktop Session Host Configuration (this is configuring the RDSH). Remember that both RDSH and RDCB are on the same machine but you could have them running on separate machines.
  16. Under Remote Desktop Connection Broker on the main page, select ‘Member of Farm in RD Connection Broker’.
  17. On the RD Connection Broker Tab, select Change Settings
  18. Ensure that the Virtual Machine Redirection button is selected
  19. Add the RDCB server name to the RD Connection Broker Server Name field:


  20. You may receive an error. Ensure that the RDSH computer account has been added to the local computer group ‘Session Broker Computers’ on the RDCB.
  21. On the Digital Signature tab, you are required to define a suitable certificate. The following post will describe how to create the certificate using Active Directory Certificate Services. The certificate can be shared (I mean it can be the same certificate) amongst all the RD servers. You do this by exporting the certificate. I have gone to some length to explain this in the referred post.

Install and configure RD Web Access

  1. On a separate server add the RD Web Access Server Role: Log on to the computer as a member of the Domain Administrators group
  2. Select Start Administrative Tools Server Manager
  3. In the Roles Summary section, click Add Roles
  4. On the Before You Begin page, click Next
  5. Select the Remote Desktop Services check box, and then click Next.
  6. Select the Remote Desktop Web Access role service check box and then click Next.
  7. Continue on through the wizard and do not change any of the required components.
  8. Once the role has been installed, you should import the server certificate that you have used on the RDCB/RDSH server. If you have created this certificate correctly, you should have defined the right Subject Alternative names which will mean that when a user connects to the RDWA server using the web portal, no errors should occur.
  9. Once the certificate is in place reboot the server.
  10. Once restarted, select Admin Tools
  11. Select Remote Desktop Services
  12. Select Remote Desktop Web Access Configuration
  13. Sign in as Administrator and select configure. The interface is shown below:


  14. Select the RD Connection Broker and add the RDCB name as the Source Name.
  15. You should not receive any errors if you have added the RDWA computer account to the local TS Web Access Computer Group on the RDCB server (see step 9 of Install RDCB and RDSH above)

Configure the VMs to work with VDI

In my test infrastructure I have installed two Windows 7 virtual machines on Hyper-V. The following configuration is made on both of course.
  1. Each machine needs to be joined to the domain
  2. Click Start, Control Panel, System and Security, click on System, Advanced System Settings and select the Remote tab. Select the radio button that allows connections using Network Level Authentication. Also select the Select Users button. Define which users should have remote access. You will most likely add Domain Users.


  3. You will then need to enable RemoteRPC. Remote Procedure calls (RPCs) allow other processes to connect with the operating system. They’re required to allow the VM Host Agent to wake up the VM. To allow RPC connectivity,
    set the value of AllowRemoteRPC to 1 in the location HKLM/System/CurrentControlSet/Control/Terminal Server.

  4. We next should configure each Windows 7 machines firewall to allow for Remote Desktop. Select Start, type ‘Fire’ and from the list given select ‘Allow Program Through the Windows Firewall’. Select Change Settings and select ‘Remote Desktop’ on the Domain Profile

  5. You will next need to configure RD virtualization host RDP permissions. This is a little tricky. I have found that running a PowerShell script to be the easiest solution. The script can be found here. A copy can be found at the bottom of this post. Just copy the script to a text document and save as a file with a PS1 extension.
  6. Select Start and simply type ‘Power’ in the search field. Select the PowerShell icon that appears (you should run this as an Administrator).
  7. Type the cmdlet set-executionpolicy unrestricted
  8. Locate the directory  that your script is in (created in step 5) and type the following cmdlet: .\yourscript.ps1 –RDVHost yourdomain\RD Virtualisation Server replacing the script, domain and RD virtualisation server with your own

  9. Remember to do this on each Windows 7 machine!
  10. Your next move is to take snapshots of the virtual machines running on your Hyper-V system. Make sure you log off each Windows 7 system. Select each Windows 7 virtual machine and select snapshot as indicated below:

  11. Once each snapshot has been taken, ensure that each one is renamed with RDV_Rollback in the snapshot name:

  12. The above procedure will automatically roll the VM back to this snapshot after the user logs off.

Create VM Pools

Our next task is to create a VM Pool on the RD Connection Broker.
  1. Log on as Domain Admin on the RD Connection Broker.
  2. Open the RD Connection Manager from the RD Services in Admin Tools.
  3. Select RD Virtualisation Host Servers
  4. Under Actions on the right hand side, select ‘Create Virtual Desktop Pool’
  5. Click Next on the Welcome screen
  6. You should now see all of your virtual machines created on your Hyper-V system.
  7. Using CTRL key select each Windows 7 machine. Click Next
  8. Enter a name for the pool. Something like ‘Windows 7 Pool’.
  9. Enter the name for the Pool ID. Something like ‘Pool1’

How Does the User Connect?

A user can connect to the pool using the web portal hosted on the RD Web Access Server.
  1. Opens a browser and types the URL of the RDWA server followed by /owa (E.g. https://RDWAserver/rdweb)
  2. Sign in as an ordinary user
  3. You should now see the Windows 7 pool created above:

  4. Select the pool and provide the password