Tag Archives: Windows Server Hosting

Hosted Remote Desktop Services RDS on Windows Server – Summary

RDS SUMMARY:

We get many questions about Remote Desktop Services on our hosted Windows Servers and below is a summary of many of our blog post, issues and links to helpful solutions and discussions.

Most clients that use Remote Desktop Services (RDS) use full “desktop sessions” where each user has their own desktop session to modify/customize the desktop, open their programs, save files, open MS Office documents (if Office is installed), etc.   User can share files with other users through the use of public folders.  Desktop sessions are the default method in RDS and are typically easy to use from any device with the Microsoft Remote Desktop Connection client which is built-in on Windows PCs and can be downloaded for MACs, iphone, android, etc. If you need to share and save files, interface with Office, install several applications, or have full desktop features, you will likely want to use regular/full desktop sessions without adding the advanced configurations and complexity of RemoteApp (see RemoteApp section below).  In 2012 R2, during the installation of RDS, “Session Virtualization” is akin to desktop session.

INSTALLING APPS and PRINTER/DRIVE REDIRECTION: install your application using the proper RD install mode via control panel instead of double-clicking on the exe file.

http://www.riptidehosting.com/blog/installing-programs-on-remote-desktop-terminal-server/

http://www.riptidehosting.com/blog/redirection-of-printers-and-local-drives-on-hosted-rdp-server/

RD CLIENT DOWNLOADS:  Links to download remote desktop clients for MAC/iphone/ipads and Android.  We recommend you look the for the most recent version if these links are out of date.

http://www.riptidehosting.com/blog/remote-desktop-connection-client-for-macs/

http://www.riptidehosting.com/blog/remote-desktop-connection-client-for-android/

LOGIN ISSUES:  Don’t check the box in user properties “change password upon login” and other items:

http://www.riptidehosting.com/blog/remote-desktop-connection-an-authentication-error-has-occurred-the-local-security-authority-cannot-be-contacted/

http://www.riptidehosting.com/blog/issue-in-windows-2012-r2-when-setting-rdp-users-to-change-password-upon-login/

LOGOFF DISCONNECTED SESSIONS: For Windows Server 2012R2 only.  Much easier to change these settings in 2008R2 via RDS GUI without following these steps.  We recommend you utilize these steps to logoff disconnected sessions.

http://www.riptidehosting.com/blog/how-to-set-time-limit-for-disconnected-sessions-windows-server-2012r2/

RDS LICENSING:  Is your hosting provider providing the RDS user licenses?  If you have your own licensing that you wish to use (Office, SQL Server, RDS, etc.), use our dedicated servers.

http://www.riptidehosting.com/blog/does-your-hosting-provider-offer-remote-desktop-services-licensing/

http://www.riptidehosting.com/blog/microsoft-licensing-volume-licensing-versus-spla-licensing-costs/

 

LAUNCH PROGRAM AUTOMATICALLY UPON LOGIN – to launch a single program without using RemoteApp

http://www.riptidehosting.com/blog/how-to-launch-a-program-automatically-when-logging-into-remote-desktop-server/

 

WINDOWS UPDATES TIMING: For Windows Server 2012R2 only, use link below to adjust timing of Windows Updates and reboots.

http://www.riptidehosting.com/blog/how-to-modify-timing-of-windows-updates-in-2012-2012-r2-to-control-timing-of-updates-and-restarts/

SHADOW SESSIONS: For Windows Server 2012R2 workgroup mode only, see link.  Shadowing sessions in 2008R2 is easy and doesn’t require steps below.

http://www.riptidehosting.com/blog/how-to-shadow-a-users-remote-desktop-session-on-windows-2012-r2-server-not-connected-to-a-domain/

REMOTEAPP:

Instead of a full desktop session for each user, RemoteApp is a feature in RDS where the user doesn’t get a desktop session but rather just an application as if it is running on the end-user’s desktop. While RemoteApp can be a great feature, there are some limitations as noted below (difficult use for MAC users, no desktop session to save/share Office and other files, etc.).  Setup and use of RemoteApp differs in Windows Server 2008R2 and 2012R2.  If you have MAC users, your only option if you want to use RemoteApp is Windows 2012R2 with the RDWeb role service installed as well as joining to a domain.   An alternative to RemoteApp in some situations is to configure user properities to have a program automatically start upon login or desktop sessions that have been configured via group policies to hide some desktop features or icons.

Regular/Full desktop sessions are typically much easier to use than RemoteApp especially if you wish to interface with MS Office, share documents with other users, customize shortcuts or your desktop, etc., but RemoteApp is beneficial in certain use cases where you don’t want the user to logon to the server desktop and wish to only provide access to a specific program.  In 2012R2, RemoteApp requires some advanced configurations such as requires joining to a domain and you’ll want to install certificates, etc.

RemoteApp in Windows Server 2008R2:

Works in workgroup mode (doesn’t require joined to domain controller like 2012R2). Managed through the RemoteApp Manager in administrative tools. Use the RemoteApp wizard to publish an application as a Remote App. There are several methods to distribute Remote Apps in 2008R2 of which two are:

  1. Distribute a RDP file to the user (no longer available in 2012R2). Create a .rdp file in the Remote App Manager (click on the Remote App and click on “create .rdp file) then manually distribute to user(s) as needed.
  2. RDWeb website where users access the specified program via a URL. You need to install the RDWeb access role service which installs IIS too. RDWeb Access website on 2008R2 requires client browser to have ActiveX enabled and therefore doesn’t work on Chrome, Firefox or any browser other than Internet Explorer (which may require adding URL to compatibility settings or trusted sites to avoid “browser not support” error message) and therefore basically excludes MAC users.  https://technet.microsoft.com/en-us/library/cc731508.aspx

RemoteApp in Windows Server 2012R2:

Remote App Manager doesn’t exist in 2012R2 and in order to view the RDS section in Server Manager, the server must be joined to a domain. Distribution methods: the ability to create a RDP file to distributed via the RemoteApp wizard is NO longer available. Use the RDWeb method or other methods such as Web Feed URL method via control panel on end-user’s local PC are still available.

  1. RDWeb URL – 2012R2 no longer requires ActiveX and therefore should be much more accessible from other browser types. When enabled, you can access the RD Web Access Web site at https://IPADDRESS/rdweb.
  2. However, in 2012R2, to distribute Remote App programs via the RD Web page, the RDWeb server role must be installed which requires the server be joined to a domain first, or the Active Directory Domain Controller role installed on the server first which is usually not recommended to do on the same server (and won’t even load on 2012 but will on 2012R2).

 

Links to some of our blog posts on RemoteApp:

http://www.riptidehosting.com/blog/remoteapp-and-options-for-mac-users/

http://www.riptidehosting.com/blog/how-to-set-up-remoteapp-on-server-2012-r2/

http://www.riptidehosting.com/blog/how-to-launch-a-program-automatically-when-logging-into-remote-desktop-server/

http://www.riptidehosting.com/blog/how-to-create-group-policies-in-server-2012r2-that-only-affect-specified-users/

http://www.riptidehosting.com/blog/remoteapp-rdweb-website-hosted-on-windows-server-2008r2-does-not-work-with-windows-10-edge-browser/

Microsoft Licensing – Volume Licensing versus SPLA Licensing costs

We can provide most Microsoft software licensing on a monthly basis through the SPLA program.  These licenses are provided on a monthly basis and are easily provisioned.  In some situations, you can use your own valid Microsoft volume licenses but there are numerous restrictions.  For example, Microsoft Office does not have license mobility rights and can therefore not be used in a shared platform cloud environment.  If you want to use your own Microsoft Licensing (Office, SQL Server, etc.), you should use our Dedicated Server Hosting offering. We get many questions about Microsoft per user licenses (i.e. Remote Desktop Services CALs/SALs) and whether they are for concurrently users or named users – Microsoft only licenses RDS user licenses on a per unique end-user basis so every user that is defined on the server needs a license.

On a Dedicated Server (where the hardware is fully dedicated to you and the outsourcing language within the Microsoft Product Terms applies), you could use our licenses provided on a monthly basis via the SPLA program or install your own licensing.  (The SPLA pricing below also applies to both our cloud virtual servers and our dedicated server environments).  Here is some comparison of pricing as of January 2016.  Windows Server 2016 (coming out later this year) will be licensed “per core” instead of “per processor” which is how Windows Server has been licensed historically (SQL Server licensing changed from proc to core a few years back).

SPLA licensing:

  • Monthly basis with no commitment.
  • Windows Server CALs and SA not needed
  • Our SPLA pricing:
    • Windows Server Standard – typically included in our server costs.
    • RDS user license – $7.75/user
    • SQL Server Standard – $275 per 4 cores (sold at $137.50 per 2 cores with 4 cores minimum)
    • UPDATE – SQL Server 2016 is now available – same pricing of $275/month for 4 cores using our SPLA monthly licensing or purchase your own (retail pricing SQL Standard 2016 is approx. $7,500 – see link here).  https://www.microsoft.com/en-us/server-cloud/products/sql-server/purchasing.aspx

Volume Licensing:

  • Higher upfront cost with benefit of owning the licenses (does not include upgrades without SA)
  • SA (Software Assurance) recommended (comes in 2 year increments)
  • Additional cost and requirements of Windows Server CALs required for each user
  • Windows Server licensing minimum 2 proc/16 cores per server
  • Some Volume Licensing programs require a minimum purchase or minimum points

 

FOR EXAMPLE, if you are looking for a server licensed with Windows Server and 5 Remote Desktop users:

  1. Using our SPLA licensing:
    • Windows Server Standard licensing included in our hosting pricing
    • 5 RDS SALs (remote desktop services user licenses) – $7.75 each user
  1. Purchase Volume Licensing:
    • Windows Server License for 2 Processors (minimum) $1,171.55 with SA
    • Windows Server User CAL (per user) $52.03 with SA
    • Remote Desktop Services CAL (per user) $181.72 with SA
    • Plus cost of server ?

 

SAMPLE VOLUME LICENSING FROM LARGE RESELLER:

Windows Server: 2012R2 (each covers 2 physical Processors) plus 2yr SA included.  Windows Server 2016 licenses will be more expensive and core based.  Need to purchase Proc/Core license + CALs.

P73-05758 / Windows Server Standard / $1,171.55

R18-00143 / *Windows Server User CAL / $52.03

 

 

SQL Server Standard – pricing below is per 2 cores but minimum purchase is 4 cores – so total approx $6,571 without SA or $9,895 with SA.

7NQ-00563/ SQLSvrStdCore 2014 SNGL OLP 2Lic NL CoreLic Qlfd / $3,285.66  — Total of $6,571 for 4 cores without Software Assurance meaning no free upgrade to next version.

7NQ-00215/ SQLSvrStdCore SNGL LicSAPk OLP 2Lic NL CoreLic Qlfd / $4,947.81 – Total of $9,895 for 4 cores with Software Assurance

UPDATE: SQL Server 2016 is now available – retail pricing from Microsoft (see link below) for 4 cores SQL Server Standard is $7,434 or you can use our licensing via SPLA on a monthly basis with no long term commitment at $275/month for 4 cores.   https://www.microsoft.com/en-us/server-cloud/products/sql-server/purchasing.aspx

Remote Desktop Services CALs – required per unique end-user.  Per CAL price below with 2 yr SA

6VC-01152/ WinRmtDsktpSrvcsCAL SNGL LicSAPk OLP NL UsrCAL / $181.72

 

After the initial 2 years, you can purchase Software Assurance for additional 2 year terms (a rough estimate is 20% per year).

RemoteApp and options for MAC users

REMOTEAPP

 

For remote desktop (terminal server) application hosting where the user is logging into a full desktop session, MAC users should have a good experience and there are Remote Desktop Connection Clients that can be downloaded for MACs, iphone, and ipad. (The Remote Desktop Connection Client is preloaded on all Windows machines and doesn’t require a download to use it).  The Clients for MACs/Apple can be found here:  http://www.RiptideHosting.com/blog/remote-desktop-connection-client-for-macs/

 

RemoteApp is an optional feature of Remote Desktop Services where users are not provided a desktop session but rather can only open a specified application.  This feature doesn’t work well with MAC users in Windows 2008R2 due to the limitations below.  It should work better in Windows 2012R2 for MAC users but only if using the RDweb login option.   We have many MAC users using our Remote Desktop hosting although most are using full desktop sessions instead of RemoteApp.  There are other options instead of RemoteApp as described toward the end of this post.

 

With RemoteApp, you can distribute a RDP file to a user (Windows 2008R2 only – “RDP distributable file” – this option is not available in Windows 2012R2) or you can set it up for users to access the specified program  via a URL.  The user can open the specified application but does not get a full desktop session to save/share files, etc.

  1. RD Web URL – When enabled, you can access the RD Web Access Web site at https://IPaddress/rdweb .  In 2008R2, the website requires that the client browser has ActiveX enabled which basically limits usage to Internet Explorer and therefore excludes MAC users.  (as noted here — https://technet.microsoft.com/en-us/library/cc731508.aspx).  In 2012R2, the RD Web Access website no longer requires ActiveX  and is supposed to work with many more browser options.  However, Server 2012R2 does require that the Active Directory Domain Controller role be installed to use RemoteApp whereas it is not required in Windows 2008R2.
  2. Create RDP file via the RemoteApp Wizard to distribute to users.  This works easily to create the file and other PC users should be able to open it easily.  MAC users generally have issues when they try to open the file where the system doesn’t recognize it.  Note: Windows Server 2012R2 no longer has this option to create the RemoteApp distributable file.

If you are going to use RemoteApp in 2008R2, contact us for additional instructions and tips that we can provide.

 

 

OTHER OPTIONS

 

  • User full desktop sessions but configure group policies to limit access to certain things, remove icons, prevent access to drives, etc.

How to create group policies in Server 2012R2 that only affect specified users

You can create group policies that affect non-administrators only. This can be useful to keep non administrator users from doing things such as:

  • Power off the server
  • See or access certain files
  • Run or not run certain programs
  • See icons
  • And much more….

Modifying group policies via gpedit.msc will affect all users including the administrator. If you want to create an individual group policy that can be applied to a specific user or group, such as all non-administrators, you can do that via mmc.exe as follows:

Create a group policy that affects only certain users:  (don’t change policies via gpedit.msc)

  1. Run mmc.exe when logged in as the administrator
  2. It will open screen below and then click File -> Add/Remove snap-in

mmc.exe_and_snap-in

  1. Select Group Policy Object Editor and click Add
  2. Then click BROWSE and can select non-administrators group **** make sure to click browse and change it from just “local computer” to list specific group/users instead.  The click finish.

add_snap-in

 

  1. Click OK on the Add/Remove Snap-in window
  2. Then you can expand on the Local Computer Policy header and go to User Configuration to make changes that should then apply only to non-administrators. – See some examples below of group policy you could user – there are a lot of them and this is just a sample.
  3. When finished, go File -> Save As and name it.  You can open this group policy from File -> Open in the future if you need to continue making modifications for this group later (open this file in the future instead of creating a new one)

 

Example of some group policies to consider

Many of these group policies will hide icons or remove access to a program/icon through one method but not necessarily all methods. Enabling some group polices is a good way to limit users’ ability to perform undesired actions but doesn’t result in complete lockdown.  You should always test the actions modified via group policy to verify that the desired result has been obtained.  If you don’t want to provide a desktop session to users (and don’t need shared folders between users), you could look at having your application automatically start upon login (http://www.RiptideHosting.com/blog/how-to-launch-a-program-automatically-when-logging-into-remote-desktop-server/) or RemoteApp / RDWeb.  Group policies vary between Windows Server editions so you may not see all of these.  This is just a small sample of the many group policies available.  There are usually many methods and policies available that could be enabled to get the result you are trying to get.  You should do some research and try various methods.

 

  • User Configuration\Administrative Templates\Control Panel\Hide specified control panel items – to hide control panel items in the control panel window. User canonical names such as Microsoft.WindowsFirewall, etc. Here is a list of canonical names for 2008 R2 which should be similar in 2012 R2: https://msdn.microsoft.com/en-us/library/windows/desktop/ee330741(v=vs.85).aspx
  • User Configuration\Administrative Templates\Control Panel\Prohibit access to control panel and PC settings – user can’t open control panel from start button
  • User Configuration\Administrative Templates\Windows Components\File Explorer\Hide these specified drives in my computer – hides drives in my computer and file explorer. Remember that similar to many other policies, this hides the drives but doesn’t restrict access to them, but see below.
  • User Configuration\Administrative Templates\Windows Components\File Explorer\Prevent access to drives from my computer – will still show contents of drives but should prevent access if double click on c: drive or other drive(s) specified.
  • User Configuration\Administrative Templates\Windows Components\Microsoft Management Console\Restrict users to the explicitly permitted list of snap-ins – enable to prohibit snap-ins
  • User Configuration\Administrative Templates\System\Prevent access to registry editing tools – removes access to regedit.exe (windows registry editor)
  • User Configuration\Administrative Templates\System\Prevent access to the command prompt – removes access to the command prompt
  • User Configuration\Administrative Templates\System\Don’t run specified Windows applications – to specify programs that can’t be run – for example, if you don’t want Internet Explorer to run, you can type in iexplore.exe in the field.
  • User Configuration\Administrative Templates\Windows Components\Windows Installer – prevent users from using Windows Installer to install updates and upgrades
  • User Configuration\Administrative Templates\Start Menu and Taskbar\Remove the action center icon – will remove the action center icon. There are many other polices listed in this same area to remove various icons, etc. that you can review.
  • User Configuration\Administrative Templates\Windows Components\Windows Updates\Remove access to use all Windows Update features – removes access to Windows Update. You will want to confirm that the Administrator account still has access to Windows Updates and that automatic settings are still enabled and working.
  • User Configuration\Administrative Templates\Start Menu and Taskbar\Remove pinned programs from the taskbar – Hides icons for Server Manager, Powershell and File Explorer

 

Other Comments

  • Although not a group policy, you may want to modify Task Scheduler to disable the Server Manager pop-up at logon. Open Task Scheduler and navigate to below and disable the task. Library\Microsoft\Windows\ServerManager
  • There are also items in gpedit.msc under Computer Configuration (unlike User Configuration which were the items listed above) that you may want to enable that would affect all users such as Remote Desktop Session Time Limits, especially those for disconnected sessions – to prevent disconnection sessions from consuming server resources – http://www.RiptideHosting.com/blog/how-to-set-time-limit-for-disconnected-sessions-windows-server-2012r2/
  • Under gpedit.msc, under Computer Configuration, Administrative Templates, Windows Components, Remote Desktop Services, Remote Desktop Session Host…there are many policies you can review.  These would affect all users including the administrator user.  Under Device & Resource Redirection, you can change settings on audio/video playback, clipboard redirection, drive redirection, port redirection, etc.

If you want to remove the shortcuts/icons available to a particular user when they right click on the start button, you can remove them by going to c:\users\[username]\appdata\local\microsoft\windows\winx and deleting the shortcuts showing for that particular user. See link here: https://social.technet.microsoft.com/Forums/windowsserver/en-US/a6bfa211-f5fe-461d-8e09-f6ef3adb8b17/remove-right-click-option-in-ts-2012-r2-start-button?forum=winserverTS

 

Make sure to test your changes to verify that actual results are what you intended!

Issue in Windows 2012 R2 when setting RDP users to change password upon login

We have had issues where RDP users haven’t been able to login on a remote desktop terminal server when the “user much change password at next logon” button has been checked in user properties – see screenshot #1 below. Various comments and posts online indicate that changes in the windows authentication process in recent OS versions don’t allow this change if Network Level Authentication or Credential Security Support Provider (CredSSP)  is enabled.  This is only an issue trying to force users to change their password on a RDP session – it works fine from a console session if you are local to the machine.  Here is a workaround as well as alternatives you may consider:

 

  1. Don’t use this option to force users to change their password. Instead, have them manually change it upon logon by pressing control-alt-end and following the change password prompts. Another option is to create a complex, strong password for them without having them change it upon first logon (may be safest route in certain situations) or have them select their own password but enter it with the Administrator while on the admin session and not select the change at next logon option.
  2. NOT RECOMMENDED IN GENERAL – If you still want to use this option to force password change, you could turn off NLA and change RDP security layer to the RDP native security. See screenshot #2 below on turning off NLA. See screenshot #3 below on enabling a group policy to select the RDP security layer instead of negotiate (typically the default) or SSL/TLS. Using NLA and the higher security layers are usually recommended on your server for security reasons.
  3. Note: if you are having issues logging in to the server from RDP and getting errors about domain validation (when in workgroup mode and there is no domain) and often from the MAC remote desktop client, make sure you are logging in with the full name which is “machinename\username” instead of just username. Machinename is the name given to the server, which you can see under computer properties.

 

SCREENSHOT #1

User_Properties_General_Tab

SCREENSHOT #2

Turn_off_NLA

SCREENSHOT #3

Change_RDP_Security_Layer

How to Shadow a user’s remote desktop session on Windows 2012 R2 server not connected to a domain

This post is about how to shadow a session if the server is not connected to a domain. If the server is connected to a domain, you can go to server manager, RDS Manager, and right click on current sessions to shadow and connect. When the server is in Workgroup mode (not connected to domain) the Remote Desktop Services Manager page is not accessible in Server Manager. To shadow another user’s sessions in Windows Server 2012 R2 in Workgroup mode, use the following steps:

1) Open command window by clicking start, CMD. You must be using an account with administrative privileges. If you are using an account with administrative privileges that isn’t the named Administrator account, you must run in administrator mode (right click on cmd and click run as administrator)

2) Type quser.exe to determine the session number of the user session you want to shadow.
C:\Users\administrator.computer>quser.exe (note: typing “>qwinsta” without .exe will show similar information)
USERNAME SESSIONNAME ID STATE
administrator rdp-tcp#0 1 Active
user1 rdp-tcp#1 3 Active

3) In this example, the Administrator is going to shadow the user1 session which is session 3. You need to know the session number (“3”) for the next step.

4) Start shadow session by typing “mstsc /shadow:# /control” where # is the session number to shadow and /control allows you to control the session.
C:\Users\administrator.computer>mstsc /shadow:3 /control

5) The other user (user1 in this example) will get a popup called “remote control request” and must press Yes before shadow session will open.

6) The shadow session will open and you’ll be able to view the user1 session desktop screen.

How to modify timing of Windows Updates in 2012 / 2012 R2 to control timing of updates and restarts

Issue:
Windows Server 2012 or 2012 R2 reboots after installing Windows Updates during inconvenient times that don’t make sense and you would like to modify settings in a more similar way as with Windows Server 2008 R2. Windows 2012 by default restarts 3 days after the installation of Windows Updates instead of 15 minutes which was used in 2008 R2, BUT the restart counter only begins counting down when a user can see it (see Microsoft Technet link below). In addition, it appears that in some situations the restart counter is temporarily disabled when you logoff/disconnect. According to the MSDN blog post below, if after 3 days it is detected that critical applications are open or running in the background or the PC is locked, etc., Windows Update will wait to automatically restart the next time a user logs on with a warning that the machine will be rebooted within 15 minutes.

Although these changes are meant to minimize data loss by providing additional time and warnings prior to reboots, this change in logic can cause confusing timing of reboots of the server and you may wish to have more control over the timing.

Resolution:
If using Windows 2012, make sure KB2885694 (included in update rollup KB2883201 which is what you will see in installed updates) is installed on your server which should already be there since it was released in year 2013. Windows 2012 R2 already includes these new group policy settings.

Modify the group policy settings located here. Open Local Group Policy Editor by typing Gpedit.msc. Go to: Computer Configuration / Administrative Templates / Windows Components / Windows Update.

1. Enable the “Configure Automatic Updates” group policy. Use value of 4. If you want to select a schedule day & time, do NOT check the automatic maintenance box.

2. Enable the “Always automatically restart at the schedule time” group policy. This will allow reboots/restarts approximately 15 minutes after the updates are installed instead of 3 days later. The restart timer can’t be postponed once started and a restart will occur even if users are signed on.

These changes should make automatic updates act similar to the behavior experienced in Windows Server 2008.

 

Scenario Recommended configuration
Force updates and restarts at a specific time. For example:

  • Install updates on Friday nights at 11PM
  • Force a restart soon after installation
Use the Configure Automatic Updates policy:

  • Enable the policy
  • Use option #4 – Auto download and schedule the install
  • Deselect “Install during automatic maintenance”
  • Set “6 – Every Friday” for the scheduled install day
  • Set “23:00” for the scheduled install time

Use the Always automatically restart at the scheduled time policy:

  • Enable the policy
  • Configure the timer to the desired value (default is 15 minutes)

 

See links below from Microsoft for information that was used in the above post:

http://blogs.technet.com/b/wsus/archive/2013/10/08/enabling-a-more-predictable-windows-update-experience-for-windows-8-and-windows-server-2012-kb-2885694.aspx?pi47623=2#pi47623=1

https://support.microsoft.com/en-us/kb/2885694

http://blogs.msdn.com/b/b8/archive/2011/11/14/minimizing-restarts-after-automatic-updating-in-windows-update.aspx

How to create a Bootable USB to install Windows Server iso image to fix the error BOOTMGR missing

The most recent Windows Server 2016 Technical Preview iso is so large that only some DVDs readers can read it.  Example try loading it on a Dell PowerEdge server.  The iso was greater than 4.7GB and therefore was not burnable on the single layer DVDs we had.  Simply copying the iso to a USB thumb drive will error when trying to boot because it is not a bootable device it is missing the boot loader so you will get the error message that boot file or bootmgr is missing.  Note: to boot from USB on a Dell PowerEdge Server you much change settings in Dell bios to boot from USB.  To work around this issue and properly boot a Windows Server Iso Image from a USB drive, we followed these steps for a windows machine:

  1. Have the .iso image on your local desktop/laptop or on a readable DVD.
  2. Download this Microsoft tool, “Windows USB/DVD Download Tool” (http://www.microsoft.com/en-us/download/windows-usb-dvd-download-tool), to your local desktop/laptop.  We used this tool on a Windows 7 machine.  We have seen posts where users says it works on a Windows 8 PC but have not verified it.
  3. Open the tool and follow prompts to copy the iso image from local machine to USB thumb driveInsert thumb drive in server and change bios boot options to boot from USB.

Extending volume size in Windows 2012 R2 error “the parameter is incorrect”

Recently while expanding the disk size on a Windows Server 2012 R2 VM, we received an error message pop-up saying “the parameter is incorrect”. We noticed that Disk Management was now showing the correct updated disk size but the incorrect original (smaller) size was still showing in windows explorer properties and in server manager.

We resolved this by extending the filesystem using the DISKPART utility – See Microsoft KB on this (note this was for Server 2003 but same method in 2012 R2 and probably 2008 R2) https://support.microsoft.com/en-us/kb/832316 The partition size is extended, but the file system remains the original size when you extend an NTFS volume

Open command prompt

Type “diskpart”

Type “list volume”

Type “select volume #”

Type “extend filesystem”

Exit

Redirection of printers and local drives on hosted RDP server

REDIRECTION OF PRINTERS / HARD DRIVES / CLIPBOARD FROM YOUR LAPTOP OR DESKTOP

On client laptop/desktop prior to connecting to server:

Local Printing (and redirection of DVD drive, local hard drive, enable copy and paste between client an server, etc.)— When you open the Remote Desktop Connection program on your local laptop/desktop, before pressing “Connect”, click on “Show Options” in the lower left bottom corner.  Then go to the local resources tab and make sure that printers is selected (this is also where you can click “more” and share your hard drive so you can easily move files between your PC and sever).  Then once you connect and open a document, go file->print, you will see your printer with a label like this:redirected printer #.

You can check “clipboard” and “drives” (under more) which will allow you to cut and paste from you local desktop to the server (clipboard) or see the redirected drives in windows explorer (drives) to move files on to the server.

Using Task Scheduler to schedule recurring automatic reboot of Windows Server 2008R2

Use the steps below to schedule a task which can automatically reboot your Windows 2008 R2 server on a recurring basis.  Please beware that users that are logged on will be kicked off when the server reboots.

  1. Go to administrative tools, task scheduler.  
  2. Then right click on Task Scheduler and select Create Task
  3. Name the task, possibly something like “Reboot Weekly Saturday midnight”
  4. Change settings to run whether user is logged in or not.  Change User/Group and type in SYSTEM.
  5. On the Triggers tab, select New and fill in your schedule and make sure to check Enabled at bottom of screen
  6. On the Actions tab, select New, Start a program, and browse to “c:windowssystem32shutdown.exe” and add “/r” in the arguments box
     

If users are logged on when the server is about to reboot, it will show a message “you are about to be logged off, windows will shut down in less than a minute”.  It reboots in about 30 seconds from our experience.  If you do this, you’ll want to schedule this when users are not in the server so unsaved data is not lost. 
 

Dedicated Server and RDP remote desktop server backup options

Riptide Hosting offers the following backup options for Dedicated servers and Remote Desktop RDP hosted servers.

BACKUPS IN OUR VMWARE VM ENVIRONMENT for Virtual Servers VMs

VEEAM: In our virtual server environment, we offer and recommend using Veeam backup which provides full server image backup.  The backup can be restored on a different host/server if needed.  Veeam provides image-based backup that allows for recovery of an entire VM and also individual file restore.  Our default schedule is nightly backup with retention of 14 restore points and we backup the virtual server to a backup repository in the datacenter that is separate from the VMware cluster.

MANUAL BACKUP: Depending on the size of data you need to backup, you could also make a copy of the data/files to your local office.  This is not a full server image backup rather only the files you choose to backup.

THIRD PARTY ONLINE BACKUP: Online-based backup solutions: Carbonite, Mozy and others which offer a relatively low monthly cost depending on # of machines and amount of data.  This is not a full server image backup.

You can also use a combination of the above methods.

 

BACKUPS ON A DEDICATED SERVER

DELL APPASSURE: We offer Dell AppAssure backup to our dedicated server clients.  Dell AppAssure backs up the entire server to a separate dedicated server which allows for full server restore.  This is the most robust backup offering on a dedicated server and allows complete customization on retention time, frequency of backups and many other settings.  It is a great offering but it is more expensive than other options because it requires a second server that is completely dedicated to you with large drives (not a shared repository) & Dell licensing.  This option can work with more than one dedicated server.

LOCAL BACKUPS TO SECOND RAID ARRAY – We can add a second raid array of 2TB drives to your server for as low as $30/month and you can backup to this manually, via a backup program you install or Windows Server Backup.  You can also do this to an external USB drive.

THIRD PARTY ONLINE BACKUP: Online-based backup solutions: Carbonite, Mozy and others which offer a relatively low monthly cost depending on # of machines and amount of data.  This is not a full server image backup rather only the files you choose to backup.

VEEAM ENDPOINT PROTECTION – Veeam Endpoint Protection FREE is a free solution for backing up Windows-based machines.  You can backup the machine to an external drive and perform a bare-metal restore or file level restore if needed.  Although it is not a full enterprise backup tools, it can be used on Windows Server 2008R2 or later.  To use Veeam Endpoint Protection Free, download and install the application.  During install, it will find the USB drive if its already plugged in.  The first full backup will take several hours.  During install, you will need to create the recovery media image and burn the iso to a DVD that you should keep a copy of.

WINDOWS SERVER BACKUP – The Microsoft Windows Server OS (2008 R2 and 2012 R2) has an included feature called Windows Server Backup that can be installed on our Dedicated Hosted servers (server manager -> add roles & features -> install).   Windows server Backup can be used to backup specific files or folders, full volumes or the full server for a bare metals restore.  It can be setup to schedule backups to run automatically, and can be performed to internal disk, external disk or remote shared folder.   You’ll want to store the backup on a separate drive/array.  Recommended backup drive size is at last 2.5x the amount of data to be copied.  Also, the drive will be reformatted by Windows Server Backup during the prep stage.

You can also use the Windows Server Backup feature to create a full system image (including OS, applications, settings, users, etc.) backup to a second drive.  Another option is to copy/back-up files to a second hard drive on the same server using the windows backup utility (can set up a schedule) or perform manually.

Links to Windows Server Backup articles on Microsoft Technet:

http://technet.microsoft.com/en-us/library/cc770757.aspx

http://technet.microsoft.com/en-us/library/cc772523.aspx

You may also want to consider a combination of the above methods – i.e. local backup to separate drive on the server along with periodic backups to the cloud or local office.

Reducing size of WinSxS directory on Windows Server 2008 R2

UPDATE FOR 2012 R2: The Desktop Experience feature is still required to be installed for Disk Cleanup to be available.  The Desktop Experience feature is listed under “User Interfaces and Infrastructure” when installing the feature – see Microsoft TechNet link here:      http://blogs.technet.com/b/rmilne/archive/2013/07/11/install-desktop-experience-on-windows-server-2012.aspx    Disk Cleanup can then be found on the Tools menu in Server Manager.

————————————————————————————————————-

 

As noted on the Microsoft technet link below, a Disk Cleanup option on Windows Server 2008 R2 is available to clean up the WinSxS directory which will reduce its size by cleaning up previous versions of Windows Update files.

 http://blogs.technet.com/b/askpfeplat/archive/2014/05/13/how-to-clean-up-the-winsxs-directory-and-free-up-disk-space-on-windows-server-2008-r2-with-new-update.aspx

Disk Cleanup is a component of the Desktop Experience feature which is not installed by default on Windows Server 2008 R2 so if you haven’t installed it already, you are generally required to do so (see alternative below although MS recommends installing Desktop Experience).

Here is a link to an overview of Desktop Experience on Windows Server 2008 R2 https://technet.microsoft.com/en-us/library/dd759187.aspx

(Note:  You can run cleanmgr.exe by following the steps in this article without installing Desktop Experience. https://technet.microsoft.com/en-us/library/ff630161%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396
SEE LINK – Cleanmgr.exe should go in c:WindowsSystem32.
SEE LINK – Cleanmgr.exe.mui should go in c:WindowsSystem32en-US.
After copying files, you can run cleanmgr.exe by typing it into the start box. This may be a good option to get Disk Cleanup without all the other components of Desktop Experience.)

To Cleanup WinSxS directory:
Run Disk Cleanup
Select c: and click on Clean Up System Files
You should see a row labeled “Windows Update Cleanup” with potential space savings of X GB.
Run – takes several minutes to clean up files.
Then on reboot (which was not forced immediately), it reboots to a Windows screen message “cleaning up” for several minutes

From our experience,

  • We have seen it reboot twice on occasion during the process.
  • This often reduces the WinSxS folder by 3 GB to 5GB.
  • For us, the reboot process at “cleaning up” screen has taken anywhere from 5-15+ minutes
  • One time while performing this, we noticed that the DNS fields on the network connection were changed back to default and internet access didn’t work properly until it was updated.

Outlook file corruption for one user on remote desktop server

We had a user who was having issues sending email in an older version of outlook on their remote desktop terminal server hosted with Riptide Hosting.  The error message upon pressing the send button in Outlook was errors have been detected in the user’s outlook.pst file.  This issue was only affecting one user on the terminal server.   We ran the Inbox repair tool (scanpst.exe) which took almost 30 minutes to run the scan, after which we pressed repair (which also took a long time and sometimes said “not responding” but eventually completed with the message “Repair Complete”).  This repair tool fixed the issue but also erased the smtp account settings in outlook which then needed to be re-entered prior to being able to send/receive email.

FTP service on remote desktop server or 2008 r2 windows server

Generally we don’t recommend installing FTP on a server unless it is necessary.  In some cases, it can be easier to transfer files through RDP.  If installing FTP on a remote desktop terminal server and after installation it seems like it is still blocked even though the ports were open on the Windows firewall, try restarting the FTP service.    Restarting the FTP service solved this issue.  If you are having a similar situation, checks to see that the FTP service is started/running and try restarting it.    Also, you should check that the required ports are open on any firewalls used which may be internal and external to the server.

If you are using a remote desktop terminal server, you can transfer files through RDP, by redirecting your local hard drive or via clipboard (cut & paste from local machine to server) without having to install FTP, etc.