Microsoft Remote Desktop Team get customer enquiries asking which RDS updates are available for a particular Windows Server platform; or when providing support we need to verify if certain hotfixes and servicing rollups are installed on the customers’ servers. To make it easier for customers and ourselves, we regularly revise KB articles that list all of the available updates specific to Remote Desktop services for each Windows Server release:
I thing i see at many client’s where i come is. Enable Automatic scavenging of stale records is forget to enable. This is a best practise. See: https://technet.microsoft.com/nl-nl/library/ff807390(v=ws.10).aspx
Use the Microsoft Best Practice Analyzer
Set-DnsServerScavenging –ScavengingState $True –RefreshInterval 7:00:00:00 –NoRefreshInterval 7:00:00:00 –ScavengingInterval 7:00:00:00 –ApplyOnAllZones –Verbose
This security update resolves a security feature bypass in Microsoft Windows. An attacker could bypass Kerberos authentication on a target machine and decrypt drives protected by BitLocker. The bypass can be exploited only if the target system has BitLocker enabled without a PIN or USB key, the computer is domain-joined, and the attacker has physical access to the computer.
This security update is rated Important for all supported editions of Windows. For more information, see the Affected Software section.
The update addresses the bypass by adding an additional authentication check that will run prior to a password change. For more information about the vulnerability, see theVulnerability Information section.
For more information about this update, see Microsoft Knowledge Base Article 3105256.
Windows 10 will be available on July 29th 2015. Microsoft has prepared for this by already making an Update(KB3058168) that enables Windows 8.1, Windows Server 2012 R2, Windows 8, and Windows Server 2012 Key Management Service (KMS) hosts to activate a “later version of Windows”. This must means Windows 10. I do not know if this means that is even for Windows Server 2016. Windows 10 will be activated by a KMS server running this update but it might.
Select the version you need for the KMS server or servers you use and install them.
Microsoft released a new KB article about a performance issue with Exchange 2013
When you connect to a Microsoft Exchange Server 2013 server that is installed in Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, or Windows Server 2008 in which Microsoft .NET Framework 4.5 is included, you may experience delays to access email messages or disconnections to the Exchange server. When this issue occurs, the CPU or memory usage on the server is high for some services that include one or more of the W3wp.exe processes.
This issue occurs because too many objects are pinned on the .NET Framework 4.5 garbage collector heap. It causes heap fragmentation in addition to an increase in CPU and memory usage by the garbage collector.
Important Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.
For Exchange Server 2013 that is installed in Windows Server 2012
Apply hotfix 2803755 that needs a restart, and then use one of the following methods to enable the hotfix:
Then, restart the computer.
For Exchange Server 2013 that is installed in Windows Server 2012 R2
Create a DWORDvalue of the DisableRetStructPinning entry at the following registry subkey, and set the DWORD value to1:
Then, restart the computer.
For Exchange Server 2013 that is installed in Windows Server 2008 R2 or Windows Server 2008
Apply hotfix 2803754 that needs a restart, and then use one of the following methods to enable the hotfix:
Windows 2012 (R2) have both a automatic Maintaince Schedule.
This can impact the performance on your server..
Windows Server 2012’s System Preparation Tool (sysprep.exe) contains a new switch that allows system administrators to generalize the OS (remove any installation specific configuration) faster than previous versions of the tool that were designed for use on physical hardware.
What’s New in Sysprep for Windows Server 2012?
The new VM-mode method for generalizing a Windows 8 or Server 2012 installation only works from inside a virtual machine. Once sysprep has completed the generalization and shutdown the VM, you can copy the VM’s .vhd file and attach it to a new VM in any system that uses the same hypervisor technology.
Use Sysprep to Generalize Windows Server 2012 Running in a VM
You will need to use sysprep from the command line, as there is no option to enable VM mode in the GUI.
- Install Windows 8 or Windows Server 2012 (or later editions) in a virtual machine.
- Customize the operating system as required.
- Switch to the Start screen and type cmd. Make sure that Command Prompt is highlighted in the search results and press CTRL+SHIFT+ENTER to launch the process with administrative privileges. Give consent or enter credentials if prompted.
- Change the working directory to System32 by typing cd c:\windows\system32\sysprep and pressing Enter.
- To run sysprep with the standard GUI options, but also the /mode:vm switch, type sysprep.exe /oobe /generalize /shutdown /mode:vm and press Enter.
There is a update that adds new Best Practices Analyzer (BPA) rules. The rules are for DirectAccess on the servers that are running Windows Server 2012.
The following rules are added:
- Checks whether the Domain Name System (DNS) address that is used for internal network resources is correct. If the internal interface of the DirectAccess server has only an IPv4 address, the DNS server that is configured in the Name Resolution Policy Table (NRPT) must be the DNS64 address.
- Gives a warning if the option that enables DirectAccess for Windows 7 clients is not selected.
- Returns an error if the DirectAccess server is also a domain controller.
- Returns an error if both force tunneling and Kerberos authorization are configured on the DirectAccess server.
- Returns an error if the AcceptInterface parameter for DNS64 does not use the same IP address as the one that is used for DNS64.
- If DirectAccess is configured by using the Remote Access Management user interface, checks whether DirectAccess policies are configured on the server.
- Gives a warning if any certificate that can be used on the DirectAccess server has subject alternative names (SANs) but no subject name.
- Provides information if the order of the Internal network interface is below the Internet network interface in Adapters and Bindings.
- Gives a warning if the private key of the IP-HTTPS certificate does not exist on the server when the certificate is used.
- Gives a warning if the DirectAccess client security group includes desktop computers.
- Sends an HTTP request to test whether the certificate revocation list (CRL) field in the IP-HTTPS certificate that is configured on the DirectAccess server is valid. If the request fails, a warning is displayed. This test is only required when Windows 7 clients are configured for DirectAccess.
- Sends an HTTP request to test whether the CRL field in the network location server certificate that is configured on the DirectAccess server is valid. If the request fails, a warning is displayed. This test is only required when Windows 7 clients are configured for DirectAccess, and when NLS is deployed on the DirectAccess server.
- Checks whether an Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) router or load balancing is configured on the network. If this is the case, checks the DNS records for ISATAP. The DNS server should have the records for the internal dynamic IP (DIP) of the server and for the internal virtual IP of the load balancer.
- Checks whether the email address field is configured for Network Connectivity Assistant.
- Checks whether the default gateway is configured on the Internet interface instead of on the Internal interface. If the check fails, a warning is displayed.
- Gives a warning if NRPT exemptions are configured when force tunneling is deployed.
- Makes sure that probes other than Internet Control Message Protocol (ICMP) probes are configured in NCA.
Download the update here: HERE
Roaming user profiles on Windows 8-based or Windows Server 2012-based computers are incompatible with roaming user profiles in other versions of Windows.
Profiles are compatible only between the following client and server operating system pairs:
- Windows 8.1 and Windows Server 2012 R2
- Windows 8 and Windows Server 2012
- Windows 7 and Windows Server 2008 R2
- Windows Vista and Windows Server 2008
Note In this article, when the client operating system is referenced, the same issue applies to its corollary server operating system.
For example, if you try to deploy Windows 8 in an environment that uses roaming, mandatory, super-mandatory, or domain default profiles in Windows 7, you experience the following:
- After you use a user account that has an existing Windows 7 profile to log on to a Windows 8-based computer for the first time, the components from Windows 8 read and modify the profile state.
- Certain Windows 8.1 features may not work as expected because the expected profile state is not present.
- When you try to use the same user account to log on to a Windows 7-based computer, the user profile modification that was performed in Windows 8 may not work as expected in Windows 7.
The issues occur because the profile will contain values that are used differently between the versions of Windows. The user profile will be missing default profile configuration information that is expected by the operating system, and could contain unexpected values that are set by a different operating system version. Therefore, the operating system will not behave as expected. Additionally, profile corruption may occur.