Windows Server 2025 Preview (Build: Canary 26052)

I had some time to check out the new version of Server 2025.

For the full upcomming features check: https://ignite.microsoft.com/en-US/sessions/f3901190-1154-45e3-9726-d2498c26c2c9?source=sessions

Download Server 2025 Preview: https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewserver

Server 2025 will come with a lot of features (My Top 20+):

  • General – Server 2022 upgrade to .vNext (Controled bij GPO)
  • Hot Patching (Arc Enabled, Monthly Subscription)
  • Active Directory – 32k page
  • Active Directory – Numa
  • Active Directory – LDAP TLS 1.3
  • Active Directory – Improved Security for Confidential Attributes
  • Active Directory – Active Directory LDAP prefers Encryption bij Default
  • Active Directory – Kerberos Support for AES/SHA256/384
  • Active Directory – Changes to Default behavior of legacy SAM RPC Spassword change methods
  • Active Directory – Kerberos en KPINT Support cryptographic agility
  • Active Directory – New AD Forest en Domein Level (Minimal Server 2016 requirement)
  • Storage – NVME 70%/90% peformance increase
  • File Server – SMB over Internet (Quick Protocol)
  • File Server – More Control over SLTM
  • File Server – SMB Limitor (Enabeld bij Default)
  • File Server – Signing by Default
  • File Server – Minimum version SMB
  • File Server – More Secure Bij Default (Netbios disabled bij default)
  • RDS – M365 Apps stil supported for every Windows Server release 2-3 years
  • Finance – General support and Pay-as-you-go Support

Need to find some time to dig in

Handy link: https://techcommunity.microsoft.com/t5/windows-server-insiders/announcing-windows-server-preview-build-26040/m-p/4040858

VCF 5.0 running inside Nested ESXi server with only 64GB Memory

So I interested to trying to deploy latest release of VMware Cloud Foundation (VCF) 5.0 on my Windows 11 Home PC witch have 128GB and 16 core intel cpu.

William Lee wrote a nice artikel about VMware Cloud Foundation 5.0 running on Intel NUC

Disclaimer: This is not officially supported by VMware, please use at your own risk.

Requirements:

  • VMware Cloud Builder 5.0 OVA (Build 21822418)
  • VCF 5.0 Licenses Through VMUG ADVANTAGE
  • Home PC (Not Special Hardware)
    – 128GB Memory
    – Intel 12600 CPU
    – 4TB of NVME Storage
  • Windows 11 with VMware Workstation 17

Setup

Virtual Machines

  • DC02 (Domain Controller, DNS Server) (4GB 2vcpu)
  • VCF-M01-ESX01 (ESXi 8.0 Update 1a) (64GBGB 1x140GB 2x600NVME 2x NIC) (Every Thin Provisiond)
  • VCF-M01-CB01 (4GB and 4CPU) Only needed through First Deploment

Network settings on my PC

  • 1 IP In my home network
  • 172.16.12.1 (To Fool Cloudbuilder)
  • 172.16.13.1 (To Fool Cloudbuilder)

Procedure:

Install en Configure ESXi

Step 1 – Boot up the ESXi installer from de iso mount and then perform a standard ESXi installation.

Step 2 – Once ESXi is up and running, you will need to minimally configure networking along with an FQDN (ensure proper DNS resolution), NTP and specify which SSD should be used for the vSAN capacity drive. You can use the DCUI to setup the initial networking but recommend switching to ESXi Shell afterwards and finish the require preparations steps as demonstrated in the following ESXCLI commands:

esxcli system ntp set -e true -s pool.ntp.org
esxcli system hostname set –fqdn vcf-m01-esx01.wardvissers.nl

Note: Use vdq -q command to query for the available disks for use with vSAN and ensure there are no partitions residing on the 600GB disks.
Don’t change time server pool.ntp.org.

To ensure that the self-signed TLS certificate that ESXi generates matches that of the FQDN that you had configured, we will need to regenerate the certificate and restart hostd for the changes to go into effect by running the following commands within ESXi Shell:

/bin/generate-certificates
/etc/init.d/hostd restart

Cloudbuilder Config

Step 3 – Deploy the VMware Cloud builder in a separate environment and wait for it to be accessible over the browser. Once CB is online, download the setup_vmware_cloud_builder_for_one_node_management_domain.sh setup script and transfer that to the CB system using the admin user account (root is disabled by default).

Step 4 – Switch to the root user and set the script to have the executable permission and run the script as shown below

su –
chmod +x setup_vmware_cloud_builder_for_one_node_management_domain.sh
./setup_vmware_cloud_builder_for_one_node_management_domain.sh

The script will take some time, especially as it converts the NSX OVA->OVF->OVA and if everything was configured successfully, you should see the same output as the screenshot above.

A screenshot of a computer

Description automatically generated

Step 4 – Download the example JSON deployment file vcf50-management-domain-example.json and and adjust the values based on your environment. In addition to changing the hostname/IP Addresses you will also need to replace all the FILL_ME_IN_VCF_*_LICENSE_KEY with valid VCF 5.0 license keys.

Step 5 – The VMnic in the Cloud Builder VM will acked als a 10GB NIC so I started the deployment not through powershell but normal way in Cloud Builder GUI.

Your deployment time will vary based on your physical resources but it should eventually complete with everything show success as shown in the screenshot below. (I have one retry for finish)
A screenshot of a computer

Description automatically generated A screenshot of a cloud support

Description automatically generated
Here are some screenshots VCF 5.0 deployment running on my home PC.

A screenshot of a computer

Description automatically generated

A screenshot of a computer

Description automatically generated

Problems

Check this if you have problems logging in NSX:
https://www.wardvissers.nl/2023/07/26/nsx-endless-spinning-blue-cirle-after-login/

Next Steps.

1. Reploy with use of the Holo-Router https://core.vmware.com/resource/holo-toolkit-20-deploy-router#deploy-holo-router

2. Testing if can deploy Single Host VCF Workload Domain, on same way by following this blog post HERE! 😁
A screenshot of a computer

Description automatically generated

If I can start another 64GB ESXi Server.

Upcoming change (March 2020) – Microsoft to disable use of unsigned LDAP port 389

In March 2020, Microsoft is going to release a update which will essentially disable the use of unsigned LDAP which will be the default. This means that you can no longer use bindings or services which binds to domain controllers over unsigned ldap on port 389. You can either use LDAPS over port 636 or using StartTLS on port 389 but it still requires that you addd a certificate to your domain controllers. This hardening can be done manually until the release of the security update that will enable these settings by default.

How to add signed LDAPS to your domain controllers

You can read more about the specific change here –> https://support.microsoft.com/en-us/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirement-for-windows you can also read more here –> https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/ldap-channel-binding-and-ldap-signing-requirements-update-now/ba-p/921536

After the change the following features will be supported against Active Directory.

clipboard_image_0.png

How will this affect my enviroment?

Clients that rely on unsigned SASL (Negotiate, Kerberos, NTLM, or Digest) LDAP binds or on LDAP simple binds over a non-SSL/TLS connection stop working after you make this configuration change. This also applies for 3.party solutions which rely on LDAP such as Citrix NetScaler/ADC or other Network appliances, Vault and or authentication mechanisms also rely on LDAP. If you haven’t fixed this it will stop working. This update will apply for all versions.

Windows Server 2008 SP2,
Windows 7 SP1,
Windows Server 2008 R2 SP1,
Windows Server 2012,
Windows 8.1,
Windows Server 2012 R2,
Windows 10 1507,
Windows Server 2016,
Windows 10 1607,
Windows 10 1703,
Windows 10 1709,
Windows 10 1803,
Windows 10 1809,
Windows Server 2019,
Windows 10 1903,
Windows 10 1909

How to check if something is using unsigned LDAP?

If the directory server is configured to reject unsigned SASL LDAP binds or LDAP simple binds over a non-SSL/TLS connection, the directory server will log a summary under eventid 2888 one time every 24 hours when such bind attempts occur. Microsoft advises administrators to enable LDAP channel binding and LDAP signing as soon as possible before March 2020 to find and fix any operating systems, applications or intermediate device compatibility issues in their environment.

You can also use this article to troubleshoot https://docs.microsoft.com/en-us/archive/blogs/russellt/identifying-clear-text-ldap-binds-to-your-dcs

Credits: https://msandbu.org/upcoming-change-microsoft-to-disable-use-of-unsigned-ldap-port-389/

Ultimate Cross vCenter Script

Last year i attend the Dutch VMUG (NLVMUG) i followed session from

Michael Wilmsen that was: Migrate your datacenter without downtime.

I must also move al lot of VM’s from different datacenters to other datacenters.
I use the script from Michael Wilmsen to move the VM’s. But along the way I counter some problems with this script. So I begon tweaking and tweaking and tweaking this script to create for me the ultimate Cross vCenter PowerCLI Script.

Coolfeatures:
– Info through Whattsapp (Default not enabled)
– Dryrun (Test Run)
– Logging
– Selection through GUI
– Multiple Nic support maximum of 4.
– Datastore en Host selection based on Free space en Free Memory
– Check of Destination Host or Datastore in Maintance
– Destination Store exist in Destination Cluster

MoveVM.ps1:
#Filename: MoveVM.ps1
#Author: M. Wilmsen / W. Vissers
#Source: http://virtual-hike.com/nlvmug-2018/
#Version: 2.0
#Date: 21-10-2018
#ChangeLog:
# V0.9 – M. Wilmsen First Version
# V1.0 – Fixed Multiple Nics to maximium of 4 nics
#      – Logfile name VM name
# V1.1 – Destination Cluster not the first Host
# V1.2 – Selected Destination host based on memory used
# V1.3 – Fixed folder location and VirtualPortGroup
# V1.4 – Fixed Datastore in Maintance
# V1.5 – Using Get-VICredentialStoreItem + Logpath Fixt
# V1.6 – Fixed Log in Hours in 24 uurs
# V1.7 – Fixed Using DatastoreCluster name based on Cluster name!
# V1.8 – Check if Destination has the same datastore
#          – Ask know for input
#          – VM selection with VMhost
#          – Fixed Ping Check
# v1.9 – Added Destination Store exist in Destination Cluster
# v2.0 – Fixed Destination Store exist in Destination Cluster
<#
.SYNOPSIS
Script to migrate a virtual machine
.DESCRIPTION
Script to migrate compute and storage from cluster to cluster. Log will be in current dir [VM]-[-timestamp].log

.EXAMPLE
MoveVM.ps1
#>
################################## INIT #################################################
#Set WebOperation timeout
# set-PowerCLIConfiguration -WebOperationTimeoutSeconds 3600
#Define Global variables
$location = “D:\xmovewhattsapp”
$LogPath = “.\”
$DataStoreClusterPrefix = “SAN-“
$SourceVC = Read-Host “Give Source vCenter”
$DestinationVC = Read-Host “Give Destination vCenter”
$DRSRecommendation = $true
$Dryrun = $false
$SendWhatsApp = $false
$WhatsAppNumbers = “0123456789”
$WhatsAppGroup = “Namehireyourwhattsgroup”
$instanceId = “23” #chang this line
$clientId = “demo@demo.nl” #change this line
$clientSecret = “Puthiersecretid” #change this line
################################## PASSWORD STORE ##############################################
#Username
# Check if credentials exist in credential store if not ask for credentials and put them in credential store

If ((Get-VICredentialStoreItem).host -notcontains $SourceVC) {New-VICredentialStoreItem -Host $SourceVC -User $env:USERNAME -Password ((get-credential).GetNetworkCredential().Password)}
If ((Get-VICredentialStoreItem).host -notcontains $DestinationVC) {New-VICredentialStoreItem -Host $DestinationVC -User $env:USERNAME -Password ((get-credential).GetNetworkCredential().Password)}

# Remove-VICredentialStoreItem * -Confirm:$false

################################## END INIT #################################################
################################## FUNCTIONS #################################################
#Define log function
Function LogWrite
{
    Param ([string]$logstring)
    #Add logtime to entry
    $LogTime = Get-Date -Format “MM-dd-yyyy_HH-mm-ss”
    $logstring = $LogTime + ” : ” + $logstring
    #Write logstring
    Add-content $LogFile -value $logstring
    Write-Host $logstring
}
#Define SendWhatsApp function
Function SendWhatsApp
{
   Param ([string] $message)
  
   if ( $SendWhatsApp ) {
     $LogTime = Get-Date -Format “MM-dd-yyyy_hh-mm-ss”
     $message = $logtime + ” : ” + $message
    
     foreach ( $number in $WhatsAppNumbers )
     {
        $jsonObj = @{‘group_admin’=$number;
                     ‘group_name’=$WhatsAppGroup;
                     ‘message’=$message;}
       Try {
         $res = Invoke-WebRequest -Uri “http://api.whatsmate.net/v2/whatsapp/group/message/$instanceId” `
                           -Method Post   `
                           -Headers @{“X-WM-CLIENT-ID”=$clientId; “X-WM-CLIENT-SECRET”=$clientSecret;} `
                           -Body (ConvertTo-Json $jsonObj)
         LogWrite “WhatsMate Status Code: ”  $res.StatusCode
         LogWrite $res.Content
       }
       Catch {
         $result = $_.Exception.Response.GetResponseStream()
         $reader = New-Object System.IO.StreamReader($result)
         $reader.BaseStream.Position = 0
         $reader.DiscardBufferedData()
         $responseBody = $reader.ReadToEnd();

        Write-host “Status Code: ” $_.Exception.Response.StatusCode
         Write-host $message
         }
     }
   }
}

function Get-VmSize($vm)
{
     #Initialize variables
     $VmDirs =@()
     $VmSize = 0
     $searchSpec = New-Object VMware.Vim.HostDatastoreBrowserSearchSpec
     $searchSpec.details = New-Object VMware.Vim.FileQueryFlags
     $searchSpec.details.fileSize = $TRUE
     Get-View -VIObject $vm | % {
         #Create an array with the vm’s directories
         $VmDirs += $_.Config.Files.VmPathName.split(“/”)[0]
         $VmDirs += $_.Config.Files.SnapshotDirectory.split(“/”)[0]
         $VmDirs += $_.Config.Files.SuspendDirectory.split(“/”)[0]
         $VmDirs += $_.Config.Files.LogDirectory.split(“/”)[0]
         #Add directories of the vm’s virtual disk files
         foreach ($disk in $_.Layout.Disk) {
             foreach ($diskfile in $disk.diskfile){
                 $VmDirs += $diskfile.split(“/”)[0]
             }
         }
         #Only take unique array items
         $VmDirs = $VmDirs | Sort | Get-Unique
         foreach ($dir in $VmDirs){
             $ds = Get-Datastore ($dir.split(“[“)[1]).split(“]”)[0]
             $dsb = Get-View (($ds | get-view).Browser)
             $taskMoRef  = $dsb.SearchDatastoreSubFolders_Task($dir,$searchSpec)
             $task = Get-View $taskMoRef
             while($task.Info.State -eq “running” -or $task.Info.State -eq “queued”){$task = Get-View $taskMoRef }
             foreach ($result in $task.Info.Result){
                 foreach ($file in $result.File){
                     $VmSize += $file.FileSize
                 }
             }
         }
     }
     return $VmSize
}
################################## END FUNCTIONS #################################################
#Login to vCenter servers
if (($global:DefaultVIServers).Name -notcontains $SourceVC -or $DestinationVC) {

#SourceVC
$ConnectVC = Connect-VIServer $SourceVC
$Message = “Connecting to ” + $ConnectVC  + ” as ” + $env:USERNAME
#Logwrite $Message
#DestionationVC
$ConnectVC = Connect-VIServer $DestinationVC
$Message = “Connecting ” + $ConnectVC + ” as ” + $env:USERNAME
#Logwrite $Message

# Disconnect-VIServer * -Confirm:$false

}
Set-Location $location

$cluster=Get-Cluster -Server $SourceVC  | Out-GridView -OutputMode Single -Title “Select Source Cluster”
$vmtomigrate =Get-Cluster $cluster -Server $SourceVC | Get-VM | Out-GridView -OutputMode Single -Title “Select VM”
$DestinationCluster = Get-Cluster -Server $DestinationVC | Out-GridView -OutputMode Single -Title “Select Destination Cluster”
$vmfolder=Get-folder -Server $DestinationVC | Out-GridView -OutputMode Single -Title “Select Folder”

#Main Script

    #Set $MigError to false befor migration
     $MigError = $false
     #Get VM variables
     $vm = get-vm $vmtomigrate
    
     #Define LogFile with time stamp
     $LogTime = Get-Date -Format “MM-dd-yyyy_hh-mm-ss”
    
     if([IO.Directory]::Exists($LogPath))
     {
     #Do Nothing!!
     }
     else
     {
     New-Item -ItemType directory -Path $LogPath
     }
     $LogFile = $LogPath+$VM+”-“+$LogTime+”.log”
    
     # LogWrite Gebruiker
    
     Logwrite $env:USERNAME

    # Get-VM Info   
    
     $VMHDDSize = Get-VmSize($vm)
     $VMHDDSize = [Math]::Round(($VMHDDSize / 1GB),2)

    Logwrite “Start Virtual Machine Move”
     #If WhatsApp make notice
     if ( $SendWhatsApp ) { LogWrite “Notifications will be send using WhatsApp to WhatsApp Group: $WhatsAppGroup” }
     #If DryRun make Notice
     if ( $Dryrun ) {
     Logwrite “Start move virtual machines $vm Disksize $VMHDDSize GB (DryRun)”
     SendWhatsApp “Start move virtual machines $vm Disksize $VMHDDSize GB(DryRun)”
     }
     else {
     Logwrite “Start move virtual machines $vm Disksize $VMHDDSize GB”
     SendWhatsApp “Start move virtual machines $vm Disksize $VMHDDSize GB”
     }
     $SourceCluster = get-vm $vm | Get-Cluster | select name
     $vmip = $vm  | Select @{N=”IP Address”;E={@($_.guest.IPAddress[0])}}
     $vmip = $vmip.”ip address”
     $VMHDDSize = Get-VmSize($vm)
     $VMHDDSize = [Math]::Round(($VMHDDSize / 1GB),2)
     $NetworkAdapter = Get-NetworkAdapter -VM $vm -Server $SourceVC
     $SourceVMPortGroup = Get-NetworkAdapter -vm $vm | Select NetworkName
     $switchname = $DestinationCluster
    

     $Datastore = Get-VM $vm | Get-DataStore -Server $sourceVC | Select @{N=”Name”;E={@($_.Name)}}
     $Datastore = $Datastore.Name
     $DatastoreExistinOthervCenter = Get-Cluster $DestinationCluster | Get-DataStore -Server $DestinationVC | ? {$_.Name -like “*$Datastore*”}

     if ($DatastoreExistinOthervCenter )
      {
      LogWrite  “Datastore exsist $DestinationCluster in  destination vCenter $DestinationVC “
      $destinationDatastore = $DatastoreExistinOthervCenter }
      Else
      {
      LogWrite  “Datastore does not exsist in $DestinationCluster destination vCenter $DestinationVC”
      # Select DataStore with the most free space and not in maintance
      $DatastoreCluster = “$DataStoreClusterPrefix”+”$DestinationCluster”
      $destinationDatastore = Get-DatastoreCluster $DatastoreCluster | Get-Datastore | Where {$_.State -ne “Maintenance”} | Sort-Object -Property FreeSpaceGB -Descending | Select-Object -First 1
      }

     $destinationDatastoreFreeSpace = $destinationDatastore | Select Name,@{N=”FreeSpace”;E={$_.ExtensionData.Summary.FreeSpace}}
      $destinationDatastoreFreeSpace = [Math]::Round(($destinationDatastoreFreeSpace.”FreeSpace” / 1GB),2)

    # Select the host with the less used memory
   
     $DestinationHost = Get-Cluster –Name $DestinationCluster –Server $DestinationVC | Get-VMhost -State Connected | Sort-Object -Property MemoryUsageGB | Select-Object -First 1
            
     # Change Here if you have a vm with multiple Network Cards (Remove the # for the multiple nics)
    
     if ($NetworkAdapter.Count-eq 1) {
         $DestinationVMPortgroup =@()
         $DestinationVMPortgroup += Get-VirtualPortGroup -Server $DestinationVC -Vmhost $DestinationHost | Out-GridView -OutputMode Single -Title “Select Nic1”
      }
     elseif ($NetworkAdapter.Count-eq 2) {
         $DestinationVMPortgroup =@()
         $DestinationVMPortgroup += Get-VirtualPortGroup -Server $DestinationVC -Vmhost $DestinationHost | Out-GridView -OutputMode Single -Title “Select Nic1”
         $DestinationVMPortgroup += Get-VirtualPortGroup -Server $DestinationVC -Vmhost $DestinationHost | Out-GridView -OutputMode Single -Title “Select Nic2”
     }
     elseif ($NetworkAdapter.Count-eq 3) {
         $DestinationVMPortgroup =@()
         $DestinationVMPortgroup += Get-VirtualPortGroup -Server $DestinationVC -Vmhost $DestinationHost | Out-GridView -OutputMode Single -Title “Select Nic1”
         $DestinationVMPortgroup += Get-VirtualPortGroup -Server $DestinationVC -Vmhost $DestinationHost | Out-GridView -OutputMode Single -Title “Select Nic2”
         $DestinationVMPortgroup += Get-VirtualPortGroup -Server $DestinationVC -Vmhost $DestinationHost | Out-GridView -OutputMode Single -Title “Select Nic3”
     }
     elseif ($NetworkAdapter.Count-eq 4) {
         $DestinationVMPortgroup =@()
         $DestinationVMPortgroup += Get-VirtualPortGroup -Server $DestinationVC -Vmhost $DestinationHost | Out-GridView -OutputMode Single -Title “Select Nic1”
         $DestinationVMPortgroup += Get-VirtualPortGroup -Server $DestinationVC -Vmhost $DestinationHost | Out-GridView -OutputMode Single -Title “Select Nic2”
         $DestinationVMPortgroup += Get-VirtualPortGroup -Server $DestinationVC -Vmhost $DestinationHost | Out-GridView -OutputMode Single -Title “Select Nic3”
         $DestinationVMPortgroup += Get-VirtualPortGroup -Server $DestinationVC -Vmhost $DestinationHost | Out-GridView -OutputMode Single -Title “Select Nic4”
     }

    LogWrite “Start move: $vm”
     Logwrite “VM IP: $vmip”
     Logwrite “VM Disk Used (GB): $VMHDDSize”
     Logwrite “VM Folder: $vmfolder”
     Logwrite “Source vCenter: $SourceVC”
     Logwrite “VM Source Cluster: $SourceCluster”
     Logwrite “Destination vCenter: $DestinationVC”
     Logwrite “VM Destination Cluster: $DestinationCluster”
     Logwrite “Destination host: $DestinationHost”
     LogWrite “VM Source PortGroup: $SourceVMPortGroup”
     LogWrite “VM Destination Portgroup: $DestinationVMPortgroup”
     Logwrite “VM Destination Datastore: $destinationDatastore”
     LogWrite “Destination Datastore FreeSpace GB: $destinationDatastoreFreeSpace “
     if ( $Dryrun ) {
       $FreespaceAfterMigration = $destinationDatastoreFreeSpace – $VMHDDSize
       if ( $FreespaceAfterMigration -lt 0 ) { Logwrite “ERROR: Datastore $destinationDatastore does not have sufficient freespace! Virtual Machine needs $VMHDDSize. Only $destinationDatastoreFreeSpace available.” }
       else { Logwrite “Virtual Machine will fit on datastore $destinationDatastore. Freespace after migration is: $FreespaceAfterMigration GB” }
     }
    #Test if VM responsed to ping
    if ($vmip -eq $null) {
     LogWrite “Virtual Machine ip address not known”
     Logwrite “No ping check will be performed after moving the Virtual Machine”
     }
    else {
         Test-Connection -comp $vmip -quiet
         LogWrite “Virtual Machine $vm response to ping before being moved. Virtual machine will be checked after being moved”
         $PingVM = $true
     }
      
     #if ( $VMHDDSize -eq
     if ( -NOT $Dryrun) {
       #Migrate VM to cluster
       LogWrite “Move $vm to vCenter $DestinationVC and datastore $DestinationDatastore”
       Try {
         $Result = Move-VM -VM $vm `
                            -Destination $DestinationHost `
                            -Datastore $DestinationDatastore `
                            -NetworkAdapter $NetworkAdapter `
                            -PortGroup $DestinationVMPortgroup `
                            -ErrorAction Stop
           }
       Catch {
         $ErrorMessage = $_.Exception.Message
         LogWrite “ERROR: Move of $vm to cluster $DestinationHost failed!!!”
         Logwrite “ERROR: Move Status Code:  $ErrorMessage”
         SendWhatsApp “ERROR: Move of $vm failed!!! $ErrorMessage”
         $MigError = $true   
       }
       #Migrate VM to folder
       LogWrite “Move $vm to vCenter $vmfolder”
       Try {
         $VMtemp = get-vm $vm
         $Result = Move-VM -VM $vmtemp -InventoryLocation $vmfolder -ErrorAction Stop
           }
       Catch {
         $ErrorMessage = $_.Exception.Message
         LogWrite “ERROR: Move of $vm to folder $vmfolder failed!!!”
         Logwrite “ERROR: Move Status Code:  $ErrorMessage”
         SendWhatsApp “ERROR: Move of $vm failed!!! $ErrorMessage”
         $MigError = $true   
         }
       }
    
     $MigError = $false
     #Test if VM is running on destination cluster
     if ( -NOT $MigError -AND -NOT $Dryrun ) {
       LogWrite “Check $vm is registered in $DestinationVC”
       try {
         $CheckVM = get-vm -name $vm -server $DestinationVC -ErrorAction Stop
 
         if ( $CheckVM ) {
           Logwrite “$vm registered in $DestinationVC”
         }
         else {
           Logwrite “ERROR: $vm not found in $DestinationVC”
         }
       }
       catch {
         $ErrorMessage = $_.Exception.Message
         Logwrite “ERROR: $vm not found in $DestinationVC”
         Logwrite “ERROR: $ErrorMessage”
         SendWhatsApp “ERROR move: $vm not found in $DestinationVC”
       }
     }
     #Test is VM response to ping, if $PingVM = $True
     if ($PingVM) {
       if (Test-Connection -comp $vmip -quiet) {
         LogWrite “Virtual Machine $vm response to ping after move”
         SendWhatsApp “Virtual Machine $vm response to ping after move”
       } 
     }
     sleep 1
     SendWhatsApp “Finished move action: $vm from $SourceVC to $DestinationVC”
     Logwrite “Finished move action: $vm from $SourceVC to $DestinationVC”

if ($DRSRecommendation)
  {
   Get-DrsRecommendation -Cluster $DestinationCluster -Server $DestinationVC | Apply-DrsRecommendation
   Logwrite “DRS Recommendatation applyed”
  }
Else
  {
  Logwrite “No DRS Recommendatation applyed”
  Write-Host “No DRS Recommendatation applyed”
  }  
 

#Disconnect from vCenter servers
Logwrite “Disconnect from vCenter servers $SourceVC $DestinationVC”
Disconnect-viserver $SourceVC -Confirm:$false
Disconnect-viserver $DestinationVC -Confirm:$false
Logwrite “Finished moving virtual machines, exiting…..”
SendWhatsApp “Finished moving virtual machines, exiting…..”

Deploy Multi VM’s based on Windows Template

I love powershell. I created a little script to deploy multi VM based on a Windows Template throug CSV file.

It’s create a computer account at the specfified ou. He greates also a Domain Local Group for management. (It used in the customization not specified here)

TempVMlist.csv

server,cpu,memory,DestinationCluster,OSCustomizationSpec,VMtemplate,adgroup

WARDTEST01,2,8,CLUSTER01,W2012R2_Demo,TPL_W2012R2_STD,ServerAdmin

MultiVM.ps1

#Filename: MultiVM.ps1

#Author: W. Vissers

#Source:

#Version: 1.1

#Date: 08-05-2018

#ChangeLog:

# V1.0 – Module Active Directory

#      – Module VMware PowerCli

#      – Active Directory Computer Account, Group

#      – Host Selected from Cluster with Least Memory

#      – Storage selection based on volume with most free space

# V1.1 – Added Harddisk 1&2

#      – Changed porte group other vlan

#

<#

.SYNOPSIS

Script to create a virtual machine from template

.DESCRIPTION

Script to create a virtual machine from template

.EXAMPLE

MultiVM.ps1

#>

################################## INIT #################################################

# LoadModule Active Directory

if (!(Get-Module “activedirectory”)) {Import-module activedirectory}

Else {Write-Host “Module Active Directory is al ready loaded”}

# LoadModule VMware PowerCLI

# if (!(Get-Module “VMware.PowerCLI”)) {

#    Find-Module VMware.PowerCLI

#    Install-Module -Name VMware.PowerCLI -Scope CurrentUser

#}

#Else

# {

# Write-Host “Module PowerCLI is al ready loaded”

# }

#Config

$ouservers=”OU=Servers,DC=wardvissers.nl,DC=nl”

$ougroup=”OU=GroepObjecten,DC=wardvissers,DC=nl”

$folder=”Applicatie Servers”

$DestinationVC =”vcenter01.wardvissers.nl

#Username

if (!$username ) { $username = Read-Host “Give vCenter username ‘wardvissers\admin'”}

#Password

if ( -NOT $Password ) {

$PasswordSec = Read-Host “Give vCenter password” -AsSecureString

$Password = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($PasswordSec))

}

#Connect vCenter

$ConnectVC = Connect-VIServer $DestinationVC -Username $Username -Password $Password -AllLinked

$AllVMs = @()

$AllVMs = Import-Csv “D:\TempVMlist.csv”

foreach ($vm in $AllVMs) {

#Haal De Gegevens op

$server=$($vm.server)

$memory=$($vm.memory)

$cpu=$($vm.cpu)

$DestinationCluster=$($vm.DestinationCluster)

$OSSpec=”$($vm.OSCustomizationSpec)”

$VMtemplate=$($vm.VMtemplate)

$group=$($vm.adgroup)

$harddisk1=$($vm.harddisk1)

$harddisk2=$($vm.harddisk2)

Write-Host “$server heeft $memory GB memory en $cpu cpu(‘s)”

if ($server.length -gt 15) {

Write-Output “Hostname cannot contain more than 15 characters.”

$server = Read-Host “Re-enter hostname for host $server”}

Else

{

Write-Host “Server is umc server”

#Maak AD Groep aan en Computer Account

New-ADComputer -Name $server -Path $ouservers -Enabled $true

New-ADGroup -Name “DLG.$server” -SamAccountName “DLG.$server” -GroupCategory Security -GroupScope DomainLocal -DisplayName “DLG.$server” -Path $ougroup

Add-ADGroupMember -Identity “DLG.$server” -Members $group

}

# Rol server uit van Template

# Select the host with the less used memory

$DestinationHost = Get-Cluster –Name $DestinationCluster –Server $DestinationVC | Get-VMhost -State Connected | Sort-Object -Property MemoryUsageGB | Select-Object -First1

# Select DataStore with the most free space and not in maintance

$destinationDatastore = Get-Cluster $DestinationCluster | Get-Datastore | Where {$_.State -ne “Maintenance”} | Sort-Object -Property FreeSpaceGB -Descending | Select-Object -First 1

# Finally, I deploy my VM with the New-VM cmdlet using my template and OS specs. I place the VM on the ESXi host and store the VM on the datastore.

New-VM -Name $server -Template $VMTemplate -OSCustomizationSpec $OSSpec -VMHost $DestinationHOST -Datastore $DestinationDatastore -Location $folder

Get-VM $server | Set-VM -NumCpu $cpu -MemoryGB $memory -Confirm:$false

if ($harddisk1 -gt 60){Get-HardDisk -vm $server | Where {$_.Name -eq “Hard disk 1”} | Set-HardDisk -CapacityGB $harddisk1 -Confirm:$false}

if ($harddisk2 -gt 20) {Get-HardDisk -vm $server | Where {$_.Name -eq “Hard disk 2”} | Set-HardDisk -CapacityGB $harddisk2 -Confirm:$false}

Get-VM $server | Start-VM -Confirm:$false

Get-VM $Server | Get-NetworkAdapter | Set-NetworkAdapter -Connected $true -Confirm:$false

}

Exchange 2016 CU8 15.1.1415.2 KB4035145

Exchange 2016 CU8 fixes:

  • 4056329 Can’t access EWS from Outlook/OWA add-ins via makeEwsRequestAsync in Exchange Server 2016 and Exchange Server 2013
  • 4054516 “Your request can’t” error when accessing an archive mailbox via OWA in Exchange Server 2016
  • 4055953 The recipient scope setting doesn’t work for sibling domains in Exchange Server 2016
  • 4055435 No MAPI network interface is found after you install Exchange Server 2016 CU7
  • 4056609 Event ID 4999 and mailbox transport delivery service does not start after you install Exchange Server 2016 CU7
  • 4045655 Description of the security update for Microsoft Exchange: December 12, 2017
  • 4057248 Many Watson reports for StoragePermanentException in Exchange Server 2016

Version

Build

KB Article

Download

UMLP

Schema Changes

Exchange 2016 CU8

15.1.1415.2

KB4035145

Download

UMLP

Yes

VMware Horizon 7.3.1 and Horizon Client 4.6 released

VMware has released VMware Horizon 7.3.1 and Horizon Client 4.6! With this new release, Horizon 7.3 enhances key platform features, including Horizon Virtualization Pack for Skype for Business, VMware Instant Clone Technology and the Horizon Help Desk Tool.

Many new items have been introduced, such as HTML5 video redirection support for the Chrome browser and the ability to configure Windows Start menu shortcuts for desktop and application pools using the Horizon Administrator console. As always, you can count on increased operating system support for virtual desktops and clients.

Here is an overview of the new features:

VMware Horizon 7.3 Server Enhancements

Horizon Help Desk Tool

  • Displays application process resources with reset control
  • Role-based access control for help desk staff
  • Activity logging for help desk staff
  • Displays Horizon Client information
  • Granular logon time metrics
  • Blast Extreme display protocol metrics

Instant Clone Technology

  • Instant-clone desktops can now use dedicated assignment to preserve the hostname, IP address and MAC address of a user’s desktop
  • Windows Server OS is now supported for desktop use
  • Instant clones are now compatible with Storage DRS (sDRS)
  • If there are no internal VMs in all four internal folders created in vSphere Web Client, these folders are unprotected, and you can delete them
  • IcUnprotect.cmd utility can now unprotect or delete template, replica or parent VMs or folders from vSphere hosts

Windows Start Menu Shortcuts Created Using the Admin Console

  • Create shortcuts to Horizon 7 resources:
    • Published applications
    • Desktops
    • Global entitlements

Cloud Pod Architecture Scale

  • Total session limit is increased to 140,000
  • The site limit is now seven

VMware Horizon Apps

  • This update makes Horizon Apps easier to use and allows the administrator to restrict entitlements
  • Restrict access to desktop and application pools from specific client machines

Resiliency for Monitoring

  • If the event database shuts down, Horizon administrator maintains an audit trail of the events that occur before and after the event database shutdown

Database Support

  • Always-On Availability Groups feature for Microsoft SQL Server 2014

ADMX Templates

  • Additional GPO settings for ThinPrint printer filtering, HTML5 redirection and enforcement of desktop wallpaper settings

Remote Experience

Horizon Virtualization Pack for Skype for Business

  • Multiparty audio and video conferencing
  • Horizon 7 RDSH support
    • Windows Server 2008 R2
    • Windows Server 2012 R2
  • Forward Error Correction (FEC)
  • Quality of Experience (QOE) metrics
  • Customized ringtones
  • Call park and pickup
  • E911 (Enhanced 911) support, to allow the location of the mobile caller to be known to the call receiver
  • USB desktop-tethering support
  • Horizon Client for Linux support for the following Linux distributions:
    • Ubuntu 12.04 (32-bit)
    • Ubuntu 14.04 (32 & 64-bit)
    • Ubuntu 16.04 (64-bit)
    • RHEL 6.9/CentOS 6.x (64-bit)
    • RHEL 7.3 (64-bit)
    • SLED12 SP2 (64-bit)

Additional NVIDIA GRID vGPU Support

  • Support for the Tesla P40 graphics card from NVIDIA

HTML5 Video Redirection

  • View HTML 5 video from a Chrome browser and have video redirected to the client endpoint for smoother and more efficient video playback

Performance Counter Improvements

  • Windows agent PerfMon counters improvements for Blast Extreme sessions: imaging, audio, client-drive redirection (CDR), USB and virtual printing

Linux Virtual Desktops

  • KDE support: Besides RHEL/CentOS 6.x, the KDE GUI is now supported on RHEL/CentOS 7.x, Ubuntu 14.04/16.04 and SUSE Linux Enterprise Desktop 11 SP4
  • MATE  interface is now supported on Ubuntu 14.04 and Ubuntu 16.04
  • Blast Extreme Adaptive Transport is now supported for Linux desktops
  • vGPU hardware H.264 encoder support has been added

USB Redirection

  • USB redirection is supported in nested mode

ThinPrint Filtering

  • Administrators can filter out printers that should not be redirected

Horizon Client 4.6 Updates

Security Update

  • All clients have been updated to use SHA-2 to prevent SHA-1 collision attacks

Session Pre-launch

  • Session pre-launch is now extended to both Horizon Client for macOS and Horizon Client for Windows

Apteligent

  • Integration of Apteligent crash log

Blast Extreme

  • Improvements in Blast Extreme Adaptive Transport mode for iOS and macOS
  • User can change Blast Extreme settings without having to disconnect

Horizon Client 4.6 for Windows

  • Support for UNC path with CDR

Horizon Client 4.6 for macOS

  • Support for macOS Sierra and macOS High Sierra
  • Selective monitor support
  • Norwegian keyboard support

Horizon Client 4.6 for iOS

  • CDR support with drag and drop of files in split view
  • iOS split keyboard enhancement
  • iOS UI updates

Horizon Client 4.6 for Android

  • Android Oreo support
  • Manage the Horizon server list with VMware AirWatch
  • Simple shortcuts
  • External mouse enhancements
  • Real-Time Audio-Video (RTAV) support for Android and Chrome OS

Horizon Client 4.6 for Linux

  • Blast Extreme Adaptive Transport support

Horizon Client 4.6 for Windows 10 UWP

  • Network recovery improvements

Horizon HTML Access 4.6

  • HTML Access for Android with a revised UI
  • Customization of HTML Access page

Horizon Help Desk Tool

The Horizon Help Desk Tool provides a troubleshooting interface for the help desk that is installed by default on Connection Servers. To access the Horizon Help Desk Tool, navigate to https://<CS_FQDN>/helpdesk, where <CS_FQDN> is the fully qualified domain name of the Connection Server, or click the Help Desk button in the Horizon Administrator console.

The Help Desk Tool was introduced in Horizon 7.2 and has been greatly expanded upon in the Horizon 7.3 release.

Help Desktop Tool features with Horizon 7.2:

  • Virtual machine metrics
  • Remote assistance
  • Session control (restart, logoff, reset, and disconnect)
  • Sending messages

Additional features with Horizon 7.3:

  • Display application process resources with reset control
  • Role-based access control for help desk staff
  • Activity logging for help desk staff
  • Granular login time metrics
  • Display Horizon Client information

User Session Details

The user session details appear on the Details tab when you click a user name in the Computer Name option on the Sessions tab. You can view details for Horizon Client, the VDI desktop or RDSH-published desktop, CPU and memory stats, and many other details.

  • Client version
  • Unified Access Gateway name and IP address
  • Logon breakdown (client to broker):
    • Brokering
    • GPO load
    • Profile load
    • Interactive
    • Authentication

Blast Extreme Metrics

Blast extreme metrics that have been added include estimated bandwidth (uplink), packet loss, and transmitted and received traffic counters for imaging, audio, and CDR.

Note the following behavior:

  • The text-based counters do not auto-update in the dashboard. Close and reopen the session details to refresh the information.
  • The counters for transmitted and received traffic counters are accumulative from the point the session is queried/polled.

Blast Extreme Metrics for a Windows 10 Virtual Desktop Session

Display and Reset Application Processes and Resources

This new feature provides help desk staff with a granular option to resolve problematic processes without affecting the entire user session, similar to Windows Task Manager. The session processes appear on the Processes tab when you click a user name in the Computer Name option on the Sessions tab. For each user session, you can view additional details about CPU- and memory-related processes to diagnose issues.

Role-based Access Control and Custom Roles

You can assign the following predefined administrator roles to Horizon Help Desk Tool administrators to delegate the troubleshooting tasks between administrator users:

  • Help Desk Administrator
  • Help Desk Administrator (Read Only)

You can also create custom roles by assigning the Manage Help Desk (Read Only) privilege along with any other privileges based on the Help Desk Administrator role or Help Desk Administrator (Read Only) role.

Members of the Help Desk Administrators (Read Only) role do not have access to following controls; in fact, functions such as Log Off and Reset are not presented in the user interface.

Watch this brief demonstration video of the Horizon Help Desk Tool to see it in action:

Horizon Virtualization Pack for Skype for Business

You can now make optimized audio and video calls with Skype for Business inside a virtual desktop without negatively affecting the virtual infrastructure and overloading the network.

All media processing takes place on the client machine instead of in the virtual desktop during a Skype audio and video call.

New support with many expanded features for the Horizon Virtualization Pack for Skype for Business can be found in Horizon 7.3 and Client 4.6.

New Features

Horizon Virtualization Pack for Skype for Business offers the following supported features:

System Requirements

The following table outlines the system requirements for the new release:

Supported Clients

The following table provides the list of support Horizon clients:

Start Menu Shortcuts Configured Through the Admin Console

This feature improves the user experience by adding desktop and application shortcuts to the Start menu of Windows client devices.

You can use Horizon Administrator to create shortcuts for the following types of Horizon 7 resources:

  • Published applications
  • Desktops
  • Global entitlements

Shortcuts appear in the Windows Start menu and are configured by IT. Shortcuts can be categorized into folders.

Users can choose at login whether to have shortcuts added to the Start menu on their Windows endpoint device.

Watch this brief demonstration video of the new Desktop and Apps Shortcuts feature to see it in action:

Dedicated Desktop Support for Instant Clones

Upon the initial release of instant clones in Horizon 7, we supported floating desktop pools and assignments only. Further investments have been made to Instant Clone Technology that add support for dedicated desktop pools. Fixed assignments and entitlements of users to instant-clone machines is now provided as part of Horizon 7.3.

Dedicated instant-clone desktop assignment means that there is a 1:1 relationship between users and desktops. Once an end user is assigned to a desktop, they will consistently receive access to the same desktop and corresponding virtual machine. This feature is important for apps that require a consistent hostname, IP address, or MAC address to function properly.

Note: Persistent disks are not supported. Fixed assignments to desktops does not mean persistence for changes. Any changes that the user makes to the desktop while in-session will not be preserved after logoff, which is similar to how a floating desktop pool works. With dedicated assignment, when the user logs out, a resync operation on the master image retains the VM name, IP address, and MAC address.

Support for the Tesla P40 Graphics Card from NVIDIA

VMware has expanded NVIDIA GRID support with Tesla P40 GPU cards in Horizon 7.3.

HTML5 Video Redirection

This feature provides the ability to take the HTML5 video from a Chrome (version 58 or higher) browser inside a Windows VDI or RDSH system and redirect it to Windows clients. This feature uses Blast Extreme or PCoIP side channels along with a Chrome extension.

The redirected video is overlaid on the client and is enabled as well as managed using GPO settings.

Benefits include:

  • Supports generic sites such as YouTube, without requiring a server-side plugin.
  • Provides smooth video playback comparable to the native experience of playing video inside a browser on the local client system.
  • Reduces data center network traffic and CPU utilization on the vSphere infrastructure hosts.

Improved USB Redirection with User Environment Manager

The default User Environment Manager timeout value has been increased. This change ensures that the USB redirection Smart Policy takes effect even when the login process takes longer than expected.

With Horizon Client 4.6, the User Environment Manager timeout value is configured only on the agent and is sent from the agent to the client.

You can now bypass User Environment Manager control of USB redirection by setting a registry key on the agent machine (VDI desktop or RDSH server). This change ensures that smart card SSO works on Teradici zero clients. Note: Requires a restart.

HKLM\Software\VMware, Inc.\VMware VDM\Agent\USB uemFlags (REG_DWORD 1)

Blast Extreme Performance Counter Improvements

The Windows Agent PerfMon counters for the Blast Extreme protocol have been improved to update at a constant rate and to be even more accurate.

Counters include:

  • Imaging
  • Audio
  • CDR
  • USB
  • Virtual printing

Linux Virtual Desktops

Features and functions for Horizon 7 for Linux virtual desktops have been expanded:

  • KDE support – Besides RHEL/CentOS 6.x, the KDE GUI is now supported on RHEL/CentOS 7.x, Ubuntu 14.04/16.04, SUSE Linux Enterprise Desktop 11 SP4.
  • Support for the MATE interface on Ubuntu 14.04, Ubuntu 16.04.
  • Blast Extreme Adaptive Transport support.
  • vGPU hardware H.264 encoder support.

USB Redirection Support in Nested Mode

The USB redirection feature is now supported when you use Horizon Client in nested mode. When using nesting–for example, when opening RDSH applications from a VDI desktop–you can now redirect USB devices from the client device to the first virtualization layer and then redirect the same USB device to the second virtualization layer (that is, nested session).

Filtering Redirected Printers

You can now create a filter to specify the printers that should not be redirected with ThinPrint. A new GPO ADMX template (vmd_printing_agent.admx) has been added to enable this functionality.

By default, the rule permits all client printers to be redirected.

  • Supported attributes:
    • PrinterName
    • DriverName
    • VendorName
  • Supported operators:
    • AND
    • OR
    • NOT
  • Supported searching pattern is a regular expression.

Blast Extreme Improvements in CPU Usage

Now even lower CPU usage is achieved with adaptive Forward Error Correction algorithms. This clever mechanism decides how to handle error correction, lowering CPU usage within virtual desktop machines as well as on client endpoint devices.

Blast Extreme Adaptive Transport Side Channel

New support has been added for Blast Extreme Adaptive Transport side channels for USB and CDR communications. Once enabled, TCP port 32111 for USB traffic does not need to be opened, and USB traffic uses a side channel. This feature is supported for both virtual desktops and RDS hosts.

  • Feature is turned off by default.
  • Enable the feature through a registry key: HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware Blast\Config\UdpAuxiliaryFlowsEnabled 1

Entitlement Restrictions Based on Machine Name

This feature allows IT administrators to restrict access to published applications and desktops based on both client computer and user. With client restrictions for RDSH, it is now possible to check AD security groups for specific computer names. Users only have access to desktops and apps when both the user and the client machine are entitled. For this release, the feature is supported only for Windows clients and works with global entitlements.

Pre-Launch Improvements

Pre-launch provides the ability to launch an empty (application-less) session when connecting to the Connection Server. The feature is now also available to Windows clients, in addition to macOS.

Also, it is no longer necessary to manually make changes to the client settings. You can configure automatic reconnection.

Blast Extreme Adaptive Transport Mode for iOS and macOS

With prior client releases, users were required to configure their Blast Extreme settings before they connected to the Connection Server. After a connection was established, the options to change the Blast Extreme setting—which included H.264, Poor, Typical, and Excellent—were unavailable.

With this release, users can change the network condition setting from Excellent to Typical or the reverse while inflight to sessions. Doing so also changes the protocol connection type between TCP (for Excellent) and UDP (for Typical).

Note: End users will not be able to change the network condition setting if Poor is selected before establishing a session connection.

Horizon Client for Windows

Horizon Client 4.6 updates include:

  • Additional command-line options for the new client installer – When silently installing the Windows client, using the /s flag, you can now also set:
    • REMOVE-SerialPort,Scanner – Removes the serial port, scanner, or both.
    • DESKTOP_SHORTCUT-0 – Installs without a desktop shortcut.
    • STARTMENU_SHORTCUT-0 – Installs without a Start menu shortcut.

  • Support for UNC paths with client drive redirection (CDR):
    • Allows remote applications to access files from a network location on the client machine. Each location gets its own drive letter inside the remote application or VDI desktop.
    • Folders residing on UNC paths can now be redirected with CDR, and get their own drive letter inside the session, just as any other shared folder.

Horizon Client for macOS

Horizon Client 4.6 updates include:

  • Apple macOS High Sierra day 0 support.
  • Users can select which monitors to use for VDI sessions and which to use for the local system.
  • Norwegian keyboard support and mappings are now available

Horizon Client for iOS

Horizon Client 4.6 updates include:

  • iOS 11 support
  • iOS split keyboard update – Removes the middle area in the split keyboard for a better view of the desktop
  • New dialog box for easy connection to a Swiftpoint Mouse

Horizon Client for Android

Horizon Client 4.6 updates include:

  • Android 8.0 Oreo support.
  • Server URL configuration – Allows administrators to configure a list of Connection Servers and a default Connection Server on Android devices managed by VMware AirWatch.

Android and Chrome OS Client Updates

Horizon Client 4.6 for Android and Horizon Client 4.6 for Chrome OS updates include:

  • Simple shortcuts – Users can right-click any application or desktop to add a shortcut to the home screen.
  • Webcam redirection – Integrated webcams on an Android device or a Chromebook are now available for redirection using the Real-Time Audio-Video (RTAV) feature.

HTML Access

HTML Access 4.6 updates include:

  • HTML Access on Android devices – Though HTML Access has fewer features than the native Horizon Client, it allows you to use remote desktops and published applications without installing software.
  • HTML Access page customization – Administrators can customize graphics and text and have those customizations persist through future upgrades.

Horizon Client for Linux

Horizon Client 4.6 updates include:

  • Support for Raspberry Pi 3 Model B devices:
    • ThinLinx operating system (TLXOS) or Stratodesk NoTouch operating system
    • Supported Horizon Client features include:
  • Blast Extreme
  • USB redirection
  • 264 decoding
  • 8000Hz and 16000Hz audio-in sample rate
  • RHEL/CentOS 7.4 support

Horizon Client for Windows 10 UWP

Horizon Client 4.6 updates include:

  • Network recovery improvements – Clients can recover from temporary network loss (up to 2 minutes). This feature was already available for Windows, macOS, Linux, iOS, and Android, and is now available for Windows 10 UWP.
    • Automatically reconnects Blast Extreme sessions
    • Reduces re-authentication prompts

We are excited about these new features in Horizon 7.3.1 and the Horizon Client 4.6.  We hope that you will give them a try.

You can download it here.

Exchange 2010-2016 Security Fixes

Microsoft released security updates to fix a remote code execution vulnerability in
Exchange Server. The related knowledge base article is KB4018588.

More information is contained in the following Common Vulnerabilities and Exposures articles:

  • CVE-2017-8521 – Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-8559 – Microsoft Exchange Cross-Site Scripting Vulnerability
  • CVE-2017-8560 – Microsoft Exchange Cross-Site Scripting Vulnerability

Depending on the lifecycle status of the product, fixes are made available either through a Rollup or as a security fix for the following product levels:

As you might notice, the security fix is made available for the N-1 builds of Exchange 2013 and Exchange 2016. This could imply the issue was addressed in the latest builds of those products. I hope to receive official confirmation on this soon.

The issue is deemed Important, which means organizations are advised to apply these updates at the earliest opportunity. However, as with any update, it is recommended to thoroughly test updates and fixes prior to deploying them in a production environment.

Source

Exchange 2016/2013/2010 Updates March 2017

Today, the Exchange Team released the March updates for Exchange Server 2013 and 2016, as well as Exchange Server 2010 and 2007. The latter will receive its last update, as Exchange 2007 will reach end-of-life April 11, 2017.

As announced in December updates, Exchange 2013 CU16 and Exchange 2016 CU5 require .NET 4.6.2. The recommended upgrade paths:

  • If you are still on .NET 4.6.1, you can upgrade to .NET 4.6.2 prior of after installing the latest Cumulative Update.
  • If you are on .NET 4.52, upgrade to Exchange 2016 CU4 or Exchange 2013 CU15 if you are not already on that level, then upgrade to .NET 4.6.2, and finally upgrade to the the latest Cumulative Update.

The Cumulative Updates also include DST changes, which is also contained in the latest Rollups published for Exchange 2010 and 2007.

For a list of fixes in these updates, see below.

Exchange 2016 CU5

15.1.845.34

KB4012106

Download

UMLP

Exchange 2013 CU16

15.0.1293.2

KB4012112

Download

UMLP

Exchange 2010 SP3 Rollup 17

14.3.352.0

KB4011326

Download

 

Exchange 2007 SP3 Rollup 23

8.3.517.0

KB4011325

Download

 

Exchange 2016 CU5 fixes:

  • KB4015665 SyncDelivery logging folders and files are created in wrong location in Exchange Server 2016
  • KB4015664 A category name that has different case-sensitivity than an existing name is not created in Exchange Server 2016
  • KB4015663 “The message content has become corrupted” exception when email contains a UUE-encoded attachment in Exchange Server 2016
  • KB4015662 Deleted inline picture is displayed as attachment after you switch the message to plain text in Exchange Server 2016
  • KB4015213 Email is still sent to Inbox when the sender is deleted from the Trusted Contacts list in Exchange Server 2016
  • KB4013606 Search fails on Exchange Server 2016 or Exchange Server 2013
  • KB4012994 PostalAddressIndex element isn’t returning the correct value in Exchange Server 2016

Exchange 2013 CU16 fixes:

  • KB4013606 Search fails on Exchange Server 2016 or Exchange Server 2013

Notes:

Exchange 2016 CU5 doesn’t include schema changes, however, Exchange 2016 CU5 as well as Exchange 2013 CU16 may introduce RBAC changes in your environment. Where applicable, use setup /PrepareSchema to update the schema or /PrepareAD to apply RBAC changes, before deploying or updating Exchange servers. To verify this step has been performed, consult the Exchange schema overview.

When upgrading your Exchange 2013 or 2016 installation, don’t forget to put the server in maintenance mode when required. Do note that upgrading, before installing the Exchange binaries, setup will put the server in server-wide offline-mode.

Using Windows Management Framework (WMF)/PowerShell version 5 on anything earlier than Windows Server 2016 is not supported. Don’t install WMF5 on your Exchange servers running on Windows Server 2012 R2 or earlier.

When using Exchange hybrid deployments or Exchange Online Archiving (EOA), you are allowed to stay at least one version behind (n-1).

  • If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
  • Cumulative Updates can be installed directly, i.e. no need to install RTM prior to installing Cumulative Updates.
  • Once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles.
  • The order of upgrading servers with Cumulative Updates is irrelevant.

Caution: As for any update, I recommend to thoroughly test updates in a test environment prior to implementing them in production. When you lack such facilities, hold out a few days and monitor the comments on the original publication or forums for any issues.

Source

Microsoft Deployment Toolkit (MDT) build 8443

The Microsoft Deployment Toolkit (MDT), build 8443, is now available on the Microsoft Download Center. This update requires the Windows Assessment and Deployment Kit (ADK) for Windows 10, version 1607, available on the Microsoft Hardware Dev Center (adksetup.exe file version 10.1.14393.0).

You may notice that we are not tagging this release with a year or update version. To better align with the current branches of Windows 10 and Configuration Manager, and to simplify the branding and release process, we are now just referring to it as the “Microsoft Deployment Toolkit”, using the build number to distinguish each release. This is not necessarily a “current branch” of MDT; we are committed to updating MDT as needed with revisions to Windows, the Windows ADK, and Configuration Manager.

Here is a summary of the significant changes in this build of MDT:

  • Supported configuration updates
    • Windows ADK for Windows 10, version 1607
    • Windows 10, version 1607
    • Windows Server 2016
    • Configuration Manager, version 1606
  • Quality updates
    • Deployment Wizard scaling on high DPI devices
    • Johan’s “uber bug” for computer replace scenario
    • Multiple fixes for the Windows 10 in-place upgrade scenario
    • Several fixes to Configure ADDS step
    • Removed imagex/ocsetup dependencies, rely solely on DISM
    • Includes the latest Configuration Manager task sequence binaries (version 1606)
Translate »