Staying up-to-date with Windows Server updates for Remote Desktop Services (RDS)

Microsoft Remote Desktop Team get customer enquiries asking which RDS updates are available for a particular Windows Server platform; or when providing support we need to verify if certain hotfixes and servicing rollups are installed on the customers’ servers. To make it easier for customers and ourselves, we regularly revise KB articles that list all of the available updates specific to Remote Desktop services for each Windows Server release:

Important notice about certificate expiration for Exchange 2013 Hybrid customers

If you’re running Exchange 2013 and you’ve configured a hybrid deployment with Office 365, this post contains important information that might impact you. Please evaluate this information and take any necessary action before April 15, 2016.

On April 15 2016, the Office 365 TLS certificate will be renewed. This certificate is used by Office 365 to provide TLS encryption between Office 365 and external SMTP servers. The new certificate, which will help improve the security of mail sent to and from Office 365, will be issued by a new Certificate Authority and it will have a new Issuer and Subject.

This change has the potential to stop hybrid mailflow between Office 365 and your on-premises Exchange servers if one of the following conditions applies to you:

  • Your on-premises Exchange servers are running Exchange 2013 Cumulative Update 8 (CU8) or lower.
  • You’ve upgraded the Exchange 2013 servers that handle hybrid mailflow to Exchange 2013 CU9 or higher. However, since upgrading to CU9, you HAVE NOTre-run the Hybrid Configuration wizard (either from the Exchange Admin Center or via the direct download link).

If one of the previous conditions applies to your organization, hybrid mailflow between Office 365 and your organization will stop working after April 15, 2016unless you complete the steps below.

Note: This only affects hybrid mailflow. Regular mailflow and TLS encryption is NOT affected.

How to keep hybrid mail flowing (MUST be completed before 4/15/2016)
Let the new Hybrid Configuration wizard do it for you

You can use the latest Hybrid Configuration wizard (HCW) to configure your Exchange 2013 servers to work with the new TLS certificate. Just follow these steps:

  1. If the Exchange 2013 servers handling hybrid mailflow are running Exchange 2013 CU8 or lower, follow the instructions in Updates for Exchange 2013 to install the latest cumulative update on at least one server.
  2. After you install the latest cumulative update, download the new HCW application and run the wizard following the instructions here .

Note: For information on which releases of Exchange are supported with Office 365, see Hybrid deployment prerequisites.

Manual update

If you can’t upgrade Exchange 2013 to latest cumulative update right now (although we would like to remind you of our support policy), you can manually configure your servers to work with the new TLS certificate. On each Exchange 2013 server that’s used for hybrid mailflow, open the Exchange Management Shell, and run the following commands:

$rc=Get-ReceiveConnector |where {$_.TlsDomainCapabilities -like “*<I>*”}

Set-ReceiveConnector -Identity $rc.Identity -TlsDomainCapabilities “mail.protection.outlook.com:AcceptCloudServicesMail

http://blogs.technet.com/b/exchange/archive/2016/02/19/important-notice-about-certificate-expiration-for-exchange-2013-hybrid-customers.aspx

Microsoft Exchange Server User Monitor For Exchange 2013 and 2016

        Use the Microsoft Exchange Server User Monitor to gather real-time data to better understand current client usage patterns, and to plan for future work.
        Administrators can view details on server resource utilization as reported through server-side tracing. This tool works with Microsoft Exchange Server 2013 and 2016.
        The tool is provided as-is. At this time, there are no updates or patches planned for future release. No formal support is provided for the tool. Some minimal support may be provided by Microsoft but not all reported issues will be able to be addressed or resolved.

        Exchange Server User Monitor

      DNS Best Practise

      I thing i see at many client’s where i come is. Enable Automatic scavenging of stale records is forget to enable. This is a best practise. See: https://technet.microsoft.com/nl-nl/library/ff807390(v=ws.10).aspx

      DC01

      Use the Microsoft Best Practice Analyzer Winking smile

      Powershell Smile

      Set-DnsServerScavenging –ScavengingState $True –RefreshInterval  7:00:00:00 –NoRefreshInterval  7:00:00:00 –ScavengingInterval 7:00:00:00 –ApplyOnAllZones –Verbose

      On .NET Framework 4.6.1 and Exchange Skype4B Lync compatibility

      We wanted to post a quick note to call out that since yesterday, the .NET Framework 4.6.1 has been made a recommended update on WU (Windows Update).

      As we have already stated in the Exchange Supportability Matrix, at this time, this version of .NET framework is not supported by Exchange. In fact, we know of some issues if it is installed.

      We are working with the .NET team to ensure that Exchange customers have a smooth transition to .NET Framework 4.6.1, but in the meantime, delay this particular .NET update on your Exchange servers (information on how this can be accomplished can be found in the KB article 3133990, How to temporarily block the installation of the .NET Framework 4.6.1).

      http://blogs.technet.com/b/exchange/archive/2016/02/10/on-net-framework-4-6-1-and-exchange-compatibility.aspx.

      As a result of this recommendation from the Exchange team, the Skype for Business team is recommending the same course of action for Lync/Skype for Business servers.

      Please follow the guidance located here to block the installation: 3133990, How to temporarily block the installation of the .NET Framework 4.6.1).

      Don’t use DHCP Option 60/66/67 when you want to use UEFI & Legacy PXE Boot with MDT

      If you want to use EUFI Boot with MDT 2013 Update X.
      Don’t use DHCP Option 60/66/67!!!

      DC01 = Windows Server 2008 R2 SP1
      DC02 = Windows Server 2012
      MDT01 = Windows Server 2012 R2

      UEFI Client: Dell Laptop E5450
      BIOS Client: HyperV Virtual machine with Legacy network adapert

      DC1; MDT01 and DHCPServer all in Subnet1.
      (IP Helper is set for DHCPServer for DHCP and for DC01 & MDT01 for DHCP and BootP – I checked serveral times if everything is right here)
      UEFI Client and BIOS Client in Subnet2.

      Situation1 — Using no DHCP Options and WDS running (IP HELPER-ADDRESS):
      UEFI Client – Boots perfectly (contacting Server MDT01)
      BIOS Client – Boots perfectly (contacting Server MDT01)

      Situaion2 — Using no DHCP Options and WDS just running on MDT01:
      UEFI Client – Does not boot (no error information is provided)
      BIOS Client – Does not boot (no Bootfilename recieved)

      Situation3 — Using DHCP Options(Option 66=”IP of MDT01″ Option 67=”\x86\wdsnbp.com”) and WDS just running on MDT01:
      UEFI Client – Does not boot (no error information is provided)
      BIOS Client – Boots perfectly (contacting Server DP1)

      Situation4 — Using DHCP Options(Option 60=”PXEClient” Option 66=”IP of MDT01″ Option 67=”\x86\wdsnbp.com”) and WDS just running on MDT01:
      UEFI Client – Boots perfectly (contacting Server DP1)
      BIOS Client – Does not boot (taking hours to recieve dhcp options..)

      Solution:

      On most switches you can configure ip helper-addresses. This is most time al ready configured for the use of DHCP.

      Add the IP of the MDT server als ip helper-address:

      Example:

      interface Vlan100
      description GEBRUIKERS VLAN
      ip address 192.168.101.254 255.255.254.0 show
      ip helper-address 192.168.25.6   (DC01)
      ip helper-address 192.168.25.7   (DC02)
      ip helper-address 192.168.25.30 (MDT01)
      end

      MDT Display The Task Sequence Name

      I While ago i blogd about MDT Displaying The Task Sequence Name

      This is still ongoing issue in MDT 2013 Update 2

      Sow:
      oEnvironment.Item(“_SMSTSPackageName”) = “Lite Touch Installation”

      And change it like so:
      oEnvironment.Item(“_SMSTSPackageName”) = oEnvironment.Item(“TaskSequenceName”)

      Change this please Microsoft Winking smile

      Download here the changed litetouch.swf

      Exchange Analyzer is a great tool for every Exchange Admin

      Exchange Analyzer is a PowerShell tool that scans an Exchange Server 2013 or 2016 organization and reports on compliance with best practices.

      Exchange Analyzer is a community project, and is currently a beta release seeking feedback and results from real world environments.

      To read the latest information about Exchange Analyzer click here to visit the project’s ReadMe on Github. More information can also be found in the Exchange Analyzer Wiki.

      Installation Instructions

      1. Download the latest Zip file

      2. Extract or copy the following files and folders to a computer that has the Exchange 2013 or 2016 management shell installed. For example, place all of the files and folders in a C:\Scripts\ExchangeAnalyzer folder.

        • Run-ExchangeAnalyzer.ps1
        • \Data
        • \Modules
        • \Tests

        3. Copy the folders in the \Modules folder to C:\Windows\System32\WindowsPowerShell\v1.0\Modules\

        4. Open a new Exchange Management Shell

        Important Note: if you are updating your copy of Exchange Analyzer please make sure you copy the updated module in step 3.

        Running Exchange Analyzer

        To run the Exchange Analyzer open an Exchange management shell, navigate to the folder with the script files (e.g. C:\Scripts\ExchangeAnalyzer) and run:

        Interpreting Results

        Exchange Analyzer produces a HTML report with a simple “Passed/Failed” indicator and a list of passed and/or failed objects. Links to more info are provided to assist you with further interpretation of the report.

        Feedback and Questions

        Before submitting feedback or questions please review the Exchange Analyzer FAQ.

        You can help with bug fixes by submitting issues on Github. If you would like to contribute fixes or other code please review theExchange Analyzer Wiki.

        You can also send email to feedback@exchangeanalyzer.com.

        Change Log

        14/01/2016 – v0.1.0-Beta.1

        • First public beta release

        28/01/2016 – v0.1.1-Beta.2

        • Second beta release. Details of changes are here.

        image