AzureAD Conditional Access and RDS Session Hosts

Standard

The last couple of weeks I was thinking about could a RDS environment be used together with Device Based Conditional Access (CA) provided by AzureAD and Microsoft Intune. With AzureAD CA you can configure this based on the user, the device of the user, the application and the risk of the request. This blogpost only covers Device Based Conditional Access. When Conditional Access for Devices is configured the devices either need to be domain joined (AD and AzureAD) or compliant to the configured compliance policies. These policies need to be configured within Microsoft Intune or System Center Configuration Manager. This blogpost will focus specific on the use of RDS 2016 Session Hosts together with Conditional Access.
Continue reading

Sizing the RDS 2016 Connection Broker DB to Azure SQL Database

Standard

With Remote Desktop Services 2016 we can use Azure SQL Database for hosting your RD Connection Broker Database (RDCB). Back in the RDS 2012 days we had to either build a SQL Mirroring or SQL Always On solution to provide High Availability to the RD Connection Broker database. Both SQL HA solutions were expensive especially on Azure. As a best-practice SQL needed to have premium storage for hosting the data and log files. Now with RDS 2016 we can use Azure SQL database for the RD Connection Broker database, but how about sizing the Azure SQL database service. In Azure SQL database you cannot simply chose the number of CPU cores and Memory which you want to use. On the Azure SQL database platform the performance is measured by Database Transaction Units (DTU’s). In this blogpost I want to explian how you can collect some performance metrics from your existing SQL Server and size your Azure SQL database.
Continue reading

How to Deploy your ‘Cloud-Only’ RDS environment – Part 5

Standard

After my visit of MVP Summit and speaking on ExpertsLive I’ve finally some time to produce some blogposts which were staying @ the backlog of my blog. Starting with the last part in the series ‘how to deploy your cloud-only RDS environment’. In part 1 till 4 the environment is described and also the instructions how to create the same environment in your own subscription. In this last blogpost I’m describing how to deploy the RDS environment with a Azure ARM template. In part 3 and 4 I already explained the scripts used by the template to deploy a Storage Spaces Direct cluster and the Remote Desktop Services environment. With a Azure ARM template we can deploy all the needed resources on Azure and also execute the scripts on these servers.
Continue reading

RDS 2016 User Profile Disk Configuration Error

Standard

A very short blogpost about an deployment error which I had this week:

This week I had an issue with configuring the User Profile Disk mechanism in a fresh Windows Server 2016 RDS environment. Every time when I try to enable the user profile disk mechanism it came back with the error: Could not create the template VHD. Error Message: -800391163. So the User Profile Disk mechanism was not activated and the template VHD was not created, however the NTFS rights where configured on the share. I tried several things but the solution was pretty easy. In my case this error came through a misconfiguration of the share permissions of the share. So the NTFS permissions were configured as needed but on a share level the RD Broker/Session Hosts didn’t had access. When I granted access to those servers the issue was fixed and I was able to configure the User Profile disk mechanism on the collection.

This week’s Remote Desktop Services news

Standard

This small blogpost is dedicated to inform you about an important hotfix and the release of the Remote Desktop Planning poster which is available for some weeks now.

KB3192404 (Preview of Monthly Rollup)

Within this Rollup update a hotfix for the User Profile Mechanism is included. In the article this is described as:

“Addressed issue where the user profile disk (UPD) does not get unmounted when a user logs off. Therefore, users get temporary profiles and are not able to work with their own profiles during their next logon. The Event ID 20491 with a description of “Remote Desktop Services could not disconnect a user disk for the user account with a SID of <SID>. The error code is 0xAA.93″ will be logged”

The preview of this Monthly Quality Rollup update can be found here: https://support.microsoft.com/en-us/kb/3192404.

Remote Desktop Service Planning Poster

The Remote Desktop Services Poster is already some weeks available but I never had the time to mention it in one of my blogposts. This poster covers Planning and Designing a Remote Desktop Services. Beside this phase the poster also covers the Build and Deploy phase as well the Run and Tune phase. This is a very complete overview of Remote Desktop Services 2016.

How to Deploy your ‘Cloud-Only’ RDS environment – Part 3

Standard

In this series of blogposts I’m showing you how you can deploy your ‘Cloud-Only’ RDS environment. This environment consists of as much PaaS services as possible and all components are hosted on Microsoft Azure. In the first blogpost I’ve explained how to create and prepare Azure AD Domain Services together with the corresponding Virtual Networks. In the second post I described the deployment of all Remote Desktop Services resources and roles through an Azure ARM template and explained how the initial configuration can be done from this template. In this blogpost I want to focus on providing high-available storage for hosting the User Profile disks. Since the GA of Windows Server 2016 we can use Storage Spaces Direct for this. So this blogpost describes the deployment and configuration of a Storage Spaces Direct Cluster from an Azure ARM template.

Continue reading

My Personal ‘EMS / RDS’ Ignite Recap

Standard

Unfortunately this year It was not possible for me to attend the ignite conference. So the news came through the social media platforms to me. One week later I want to summarize some important announcements and news presented on Ignite. Of course the most important announcement was about the General Availability of Windows Server 2016 and System Center 2016. Windows Server can be download as evaluation from this location and become available on MSDN later this month. But what about other announcements about Remote Desktop Services presented in several sessions on Ignite.
Continue reading

How to Deploy your ‘Cloud-Only’ RDS environment – Part 2

Standard

In this second blogpost of the series deploying a ‘Cloud-Only’ RDS environment I want to focus on deploying all needed roles on Azure by using an Azure Resource Manager Template. After the deployment of the resources I also want to show how the deployment of the RDS environment itself can be initiated from an ARM template. Part 1 of the series contained the creation of a AzureAD with Domain Services and the VNET peering configuration between the Classic VNET (Needed for AzureAD Domain Services) and the ARM VNET used within the ARM template for the RDS Resources. The steps described in this first blogpost are required to execute the steps in this blogpost.
Continue reading

Publish your RDS environment with Azure AD Application Proxy – Part 1

Standard

In the coming series of blogposts, I want to focus on publishing your RDS environment through the Azure AD Application Proxy. Publishing your RDS environment with the Azure AD Application Proxy has several advantages compared to publishing it without the Azure AD Application Proxy. This blogpost will cover the advantages and disadvantages of publishing your environment through the Azure AD application Proxy and this part will also cover the configuration of Azure AD Application Proxy with pass-through authentication. In the next blogpost I want to focus on pre-authentication with Azure AD and in the last part I want to focus on making all components high-available. All blogposts are based on Windows Server 2016 TP5 which is in public preview at this moment.
Continue reading

Retirement of Azure RemoteApp

Standard

During my summer holiday Microsoft has announced the retirement of Azure RemoteApp. You can find the information in this blogpost of the RDS team. Citrix announced their replacement product ‘XenApp Express’, in their words they call it ‘Azure RemoteApp v2.0’. You can find more information about Citrix XenApp Express here, here and here. So based on all information the following timelines will apply to the retirement of Azure RemoteApp and the release of XenApp Express:

  • [Microsoft RemoteApp] –> Retirement announcement made on 12th of August
  • [Microsoft RemoteApp] –> New purchases of Azure RemoteApp will end as of October 1st, 2016
  • [Citrix XenApp “express”] –> Tech Preview of Citrix XenApp Express in Q4 2016
  • [Citrix XenApp “express”] –> General Availability of Citrix XenApp Express in early 2017
  • [Microsoft RemoteApp] –> End of service on August 31st, 2017

Citrix will host an event where more information will be provided about the strategy of both Citrix and Microsoft. You can register here.

The last 2 years I’ve blogged and presented a lot of information about Azure RemoteApp. I really liked the product and the future of the product(roadmap). Of course based on the announcement blogging about Azure RemoteApp will end and I will focus more on Remote Desktop Services. With the release of Windows Server 2016 a lot of improvements are made to Remote Desktop Services. I will also focus on building RDS environment on Microsoft Azure. Next week I should present together with Maarten Goet on Monitoring Azure RemoteApp with OMS at System Center Universe Europe. This session will change so that it will include Remote Desktop Services 2016 instead of Azure RemoteApp. In this session I will discuss all new things in RDS 2016 but also the migration steps needed to migrate to RDS 2016. You can find the session here.