House of cards – new WSUS Option in ConfigMgr 1511

In the past we used the guide from Kent Agerlund (MVP) for cleaning up the WSUS Database in ConfigMgr, also called the house of cards! This guide is still very popular and of course necessary for having a correct configured WSUS Server. As Kent mentioned, you should do the cleanup task every Monday morning before you start any other work :-)!

But now we got a new option in ConfigMgr 1511 when we setup the Software Update Point. This will allow ConfigMgr to cleanup the WSUS Database and remove any obsolet updates from the WSUS DB.

1

To enable and run the WSUS cleanup job

  1. In the Configuration Manager console, navigate to Administration > Overview > Site Configuration > Sites.

  2. Click Configure Site Components in the Settings group, and then click Software Update Point to open Software Update Point Component Properties.

  3. Click the Supersedence Rules tab, select Run WSUS cleanup wizard, and then click OK.

Thanks to the MS Product Team to integrate this feature in future ConfigMgr versions!

 

 

Error connecting truogh RD Gateway 2012 R2

In some cases you recieve an error when you try to connect trough the RD Gateway using a RDP Connection. The error is a generic error for the user and does not help you to find out the reason.

“Remote Desktop can’t connect to the remote computer “computername” for one of these reasons: …”

1

The Event Viewer on the RD Gateway server shows errors in the Microsoft\Windows\TerminalServices-Gateway\Operational log like this:

The user “domain\username”, on client computer “remote-ip”, did not meet connection authorization policy requirements and was therefore not authorized to access the RD Gateway server.
The following authentication method was attempted: “NTLM”. The following error occurred: “”

Also under the security logs you will find the Event 6274 Audit Failure. Error message: “The authentication or accounting record could not be written to the configured accounting datastore. Ensure that the logfile location is available, has available space, can be written to, and that the directory on the SQL server is available.”

2

Solution

Open up the Server Manager on your RD Gateway Server and expand Roles > Network Policy Server > NPS (Local) > Accounting. In the main section, click the “Change Log File Properties”.

3

 

Uncheck the checkbox “If logging fails, discard connection requests”. If you have a Server Farm for Gateways in use, make sure you configure all the Gateway Server the same way. After that try again to connect.

 

 

 

Redirect RDWeb in Windows Server 2016 TP4

tp4_rdweb1

The way how to redirect the RDS Webinterface in TP4 of Windows Server 2016 didn’t really change. But from time to time it make sense to put things back on a blogpost.

There are two options to redirect your RDWeb straight to your personal URL.

First you can use the IIS redirection. The feature will be installed when you install the RDWeb Role.

Anyway, make sure the role is installed. Use the easy way of powershell to confirm – run following command:

Get-WindowsFeature -Name *Web-HTTP-Redirect*

tp4_rdweb2

After that start your IIS management console and navigate to the Default Website. Open “HTTP Redirect” and enter the URL you want to redirect to. For examlple https://rds.alschneiter.com/RDweb/Pages. This will redirect the user from http to https and also to the right place of the RDWeb.

Second option: You can use the application.Host.config file from IIS. Open the file with notepad or notepad++ in admin mode and navigate to the code:
<system.webServer> <httpRedirect enabled=“false” />

First enable the httpRedirect by changing “false” to “true” and add the rest of the code like this:

<httpRedirect enabled=”true” destination “https://rds.alschneiter.com/RDweb/Pages&#8221; />

Example:
tp4_rdweb3

For more details of the application.Host.config file visit https://www.iis.net/configreference/system.webserver/httpredirect

Microsoft Partner of the Year, fifth time in a row!

I would like to repost the blog entry from marcelzehner.ch

“Today, during their annual “Connection Days” event, Microsoft Switzerland announced their “Partners of the Year” for different competencies. itnetX has been awarded “Partner of the Year 2015 – Cloud Platform”! This award underlines our commitment to helping customers transform their business into cloud-first scenarios. It also highlights the huge changes to our company over the last months: transitioning to a modern cloud platform partner.

The latest award joins an impressive list:

  • Microsoft Partner of the Year 2011 – Datacenter (itnetX)
  • Microsoft Partner of the Year 2012 – Datacenter (itnetX)
  • Microsoft Partner of the Year 2013 – Datacenter (itnetX)
  • Microsoft Partner of the Year 2014 – Datacenter (Syliance IT Services, since merged with itnetX)
  • Microsoft Partner of the Year 2015 – Cloud Platform (itnetX)

We’d like to thank all our ever-trusting customers who continue to allow us to design, build and operate solutions based on the very latest Microsoft products and technologies. Myself, I am super proud that we received this award again! Being part of the itnetX family and to work with highly skilled and motivated people day by day is really a privilege! Go go go!”

I totally agree, Marcel!

Cheers,
Al

 

RDS – RD Gateway Ports

It seems to be a need to know the used ports by the Remote Desktop RD Gateway. Find a short overview bellow:

Internet –> Gateway WAN NIC:

TCP: 443
UDP: 3391 (You have to enable UDP on the RD Gateway)

Gateway LAN NIC –> Session Host Servers:

TCP / UDP: 3389

Gateway LAN NIC –> Connection Broker Servers:

TCP / UDP: 3389
TCP: 5504
TCP: 5985

Gateway LAN NIC –> Domain Controllers:

TCP / UDP: 88
TCP: 135
UDP: 123
UDP 137
TCP: 139
TCP / UDP: 389
TCP: 3268
TCP / UDP: 53
TCP / UDP: 445
TCP: 5985
TCP Dynamic Ports (NTDS RPC service )

Connection Broker Servers –> Gateway LAN NIC

TCP 5985 (WS-Management and PowerShell Remoting)
TCP: 3389 (Remote Desktop)

Let me know if this helps.
Cheers,

Al