New blog

After blogging on I finally started my own blog – I’m focused on all the new and rising Microsoft Windows Client technologies. This includes stuff like, Windows 10, Configuration Manager (ConfigMgr), EMS, Office365, Azure RemoteApps, Remote Desktop Services (RDS), MDOP and much more! Just the modern workplace. Any questions to me? Feel free to contact me using this blog or twitter!

And, don’t miss all the technical deep dives, technical news and also some fun stuff. Subscribe right now!



Replace RD Web Certificate


In some cases (DNS changes, expired certificate, etc.) you have to renew a certificate on your RD Webservers. I hat to do this today on a environment wit two RD Web Servers load balanced by a F5 Loadbalancer. But just replacing the web certificate on the RD Connection broker was not enough.

For some reason the cert was not valid after the replacement.


  1. Delete all the old certificates in the personal store of the RD Webservers
  2. Reboot the Webservers
  3. Request a new certificate by using certlm.msc of one of the RD Webservers
  4. Export the .pfx file for the Connection Broker
  5. Redeploy the certificate using the Server Manger / Remote Desktop Services / Deployment Overview / Tasks / Edit Deployment Settings

This should allow you to access the RD Websites without having any certificates warnings.



Deploy Skype for Business using Click-to-Run Tool and ConfigMgr 2012 R2

Hi folks,

Today I had to deploy Skype for Business for a Office 365 Business Premium Plan using ConfigMgr 2012 R2. This is a special O365 plan for a maximum of 300 users.

Normally with an E3 plan you can use a config.XML file with the lync product code entry called “LyncRetail”.

This is not working for all other plans like E1, E2, Business, BusinessPremium etc.! You have to change the product code to “LyncEntryRetail” otherwise you won’t be able to activate your Skype for Business installation.

This is how my config file now looks like:


<Add OfficeClientEdition=”32″>
<Product ID=”O365BusinessRetail”>
<Language ID=”en-us” />
<Product ID=”LyncEntryRetail”>
<Language ID=”en-us” />
<Update Enabled=”TRUE” />
<Display Level=”None” AcceptEULA=”TRUE” />
<Logging Name=”OfficeSetup.txt” Path=”%temp%” />


Here you can find a list of all supported products:


Maybe this helps.


ADFS 3 login issues 8004789A after rebuilding the farm – Office 365 relaying trust missing

Hi Folks,

One of our customer had an issue with the ADFS farm running on Windows Server 2012 R2. There was a problem with the ADFS proxy which was domain joined. This is not a recommended configuration so we changed that to a workgroup machine.

The https://adfs.DOMAIN.COM/adfs/ls/IdpInitiatedSignon.aspx could be contacted after that and a Login was possible. Hovever, an enrollemnt of devices using Microsoft Intune was still not working. We recoginized that the realying trust to Office 365 was missing on the ADFS Server:

Using powershell to create the trust worked but didn’t allow the user to Login to or the comany portal and enroll devices.

Connect-MsolService –Credential $cred
Set-MsolAdfscontext -Computer “FQDN of Server”
Convert-MsolDomainToFederated –DomainName “Your Domain Name”

The error 8004789A occured on the Login page.

You have to use the powershell command
Update-MsolFederatedDomain –DomainName “Your Domain Name”

This did the trick.


Maybe this helps someone.


Merger of itnetx gmbh and Syliance IT Services GmbH


BERN/ZÜRICH. Two of the most important companies in the field of Microsoft Workplace, Cloud and Management Solutions, Syliance IT Services GmbH and itnetx gmbh, will merge as of 1st July 2015 to form the new company, itnetX AG.

A situation of market collaboration will prove to be fruitful: „This fusion makes sense and is important”, says Markus Erlacher, CEO of itnetx gmbh, „we will combine our energies, create synergy and send a clear signal of intent that we are committed to growth and business expansion”. The merger of the two companies will strengthen the market leadership and enable more customers more intensive treatment from the company offices in Bern and Glattbrugg, Zürich.

„The ability to offer integrated solutions and services in the rapidly-evolving IT markets is essential for our success”, says Dieter Gasser, CEO of Syliance IT Services GmbH. „With this merger we are consolidating and expanding our range of services; we can offer our customers proprietary software solutions and architecture and process consulting, in addition to systems integration and managed services”.

The newly-formed itnetX AG is aiming at changes in the IT market and the Microsoft Cloud First, Mobile First strategy lies at the heart of the business model. The new organization comprises 5 strategic business units: Modern Workplace Solutions, Management Solutions, Cloud and Datacenter Solutions, and Software Solutions, all of which are complemented by Managed Services.

With focus on Microsoft-based solutions, the future portfolio will include SaaS offerings and services such as Office 365, Microsoft Azure, Microsoft Intune and System Center, Windows Client and Windows Server. The whole package is rounded off with a range of software products targeted at Private and Public Cloud environments. This allows itnetX AG to advise customers much more comprehensively and bring added value to their business.

The work of itnetX AG also includes a continued active participation in the community with various blogs, book publications, 5 highly qualified MVPs (Most Valuable Professional) and private events such as the annual System Center Universe Europe (

More information available upon request via Email: or visit

Markus Erlacher Dieter Gasser

CEO itnetx gmbh CEO Syliance IT Services GmbH

Use DISM to change the product key

Hi it’s me Al,

This is a quick post how to use DISM Online to change the product key of a Windows Server 2012 R2. Sometimes you’re not able to change the key using the GUI. This is how to do this using DISM:

1. Run powershell or a cmd as Administrator

Use DISM /online /Get-TargetEditions to list available editions for upgrade. To upgrade from evaluation to standard use DISM /online /Set-Edition:ServerStandard /ProductKey:XXXXX-XXXXX-XXXXX-XXXXX-XXXXX /AcceptEula

2. Use the command DISM /online /Set-Edition:ServerDatacenter /ProductKey:XXXX-XXXXX-XXXXX-XXXXX-XXXXX/AcceptEula


3. Reboot the Server


Windows 10 Technical Preview not offering the new Build 10041

Hi, When you check for new builds of Windows 10 Technical Preview, you’re not offered with the new Build 10041. You already tried to change the settings here: Settings > Update & Recovery > Advanced options, and setting Choose how preview builds are installed to Fast.   Solutions: Option 1:  Install the Windows Update that will reset your Flight Registry Settings You can download the update directly from the Microsoft Update Catalog:

Option 2:  Edit your registry If you’re not able to install the update, you can instead edit the registry yourself.  A word of warning:  these instructions ONLY apply to devices on Build 9926 that have set Choose how preview builds are installed to Fast: Continue reading “Windows 10 Technical Preview not offering the new Build 10041”

RD Connection Broker Config sync failed. Following error occurred: 0x88250001

Hi all,

During a VDI deployment by one of our customer we ran into an issue with the RDS Connection Broker in HA mode. The user were unable to login to the pool.
The error in the RD Management Server Event Log showed up with Config sync failed. Following error occurred: 0x88250001


One of the reason causes this issue was the Licenensing Server which did not have a User or Device selection. So we changed that to “User” for our case.

But after this, users where still unable to login.

To get rid of this error, change the active Connection Broker Server using the Remote Desktop Management Admin Console:
Deployment Overview – Tasks – Set Active Remote Desktop Connection Broker server


This solved the logon problems to the VDI Pool.

Hope this helps someone.



Publish a legacy application on RDS 2012 R2 as RemoteApp

Hi geeks out there,

Today I was running into an issue publishing an old legacy application as a RemoteApp. The application is located on a network share with several parameters. A network drive also has to be mounted.

On the first RD SH I created a shortcut with all the parameters pointing to the application and tried to publish this using powershell. But the application did not start. After that I tried several other powershell command with no luck.

Finally I created a .cmd file on the local RD SH with the the command:

start \serverc$sourcesyourInk.lnk

On the Connection Broker I used following PowerShell Command to implement the application as RemoteApp:

Import-Module Remotedesktopservices

New-RDRemoteApp -Alias “AliasName” -CollectionName “CollectionName” -DisplayName “DisplayName of the App” -FilePath “C:Sourcestoyourcmd.cmd” -IconPath “C:SourcesyourICO.ICO”

Make sure you create all the source files on all the session host in the collection.

Hope this helps!



How to deploy Remote Desktop Services 2012 R2 Certificates using internal CA #RDS

Hi –  It’s me, Al

Blog post updated: July 19th 2017

Remote Desktop Services (RDS) on Windows Server 2012 R2 is now on market since a while. Let’s have a look at the 2012 R2 Certificate configuration (for a Lab).

First we have to create a template on the internal Certificate Authority (CA). We use a Workstation Authentication Template for that. Open your CA Manager – Cartificate Templates – Manage

Duplicate the “Workstation Authentication” Template.
Continue reading “How to deploy Remote Desktop Services 2012 R2 Certificates using internal CA #RDS”