HomePosts tagged 'Windows Server 2012 R2'

Windows Server 2012 R2

Change Remote Desktop Gateway Port and Remote Web App Port

kommelsson Windows Server 2012, Windows Server 2012 R2 , ,

 

The default Remote Desktop (RD) Gateway encapsulates RDP in HTTPS packets listens on port 443 (for TCP) and port 3391 (for UDP). Many times you are limited to one public IP address and the port 443 is already occupied by some other service.

In that case you should change the port 443 to something else. Bellow is the procedure of doing it:

Open  Remote Desktop Gateway Manager (Start > Administrative Tools > Remote Desktop Services):

  1. Right-click the Remote Desktop Gateway server name and select Properties.
  2. Select the Transport Settings tab.
  3. Modify the HTTP and/or UDP port number and click OK.

 

2016_04_20_15_45_27_MAIL.MATJAZ.SI_2014_Remote_Desktop_Connection

Now, when accessing with the RDP client you have to specify the RD Gateway server name with the custom port  you have to specified before.

2016_04_20_15_59_13_

 

In case you are using also published Remote Web Apps you have to use a powershell trick to change the TCP port to your custom.  Remote Desktop Gateway Port. On your RD Connection Broker use powershell commands below to change the published gateway to include your custom port:

Import-Module RemoteDesktop

Set-RDSessionCollectionConfiguration -CollectionName “MySessionCollection” -CustomRdpProperty “gatewayhostname:s:my.gateway.server:4343”

 

Windows Server Remote Desktop Services grace period expoired

kommelsson Microsoft Windows Server, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2 , , , ,

Remove the RDS licensing time-bomb registry entry with the help of Sysinternals PSExec (Regedit alone couldn’t do it because it had to be run under highest privileges):

psexec -s -i regedit.exe:

Locate the registry key: HKLM\system\CurrentControlSet\Control\Terminal Server\RCM\GracePeriod

 

Remove the registry key GracePeriod and reboot the computer.

Force-removing the RDS licensing time-bomb

kommelsson Linux, Microsoft Windows Server, Windows Server 2012, Windows Server 2012 R2 ,

Force-removing the RDS licensing time-bomb registry entry:

HKLM\system\CurrentControlSet\Control\Terminal Server\RCM\GracePeriod

RegEdit alone couldn’t do it. It had to actually be run under highest privileges with the help of Sysinternals: psexec -s -i regedit.exe

After another reboot things seem to be working now.

How to change the Port of ADFS 3.0 (Windows server 2012 R2) to 444

kommelsson Windows Server 2008 R2, Windows Server 2012 R2 , ,

Thanx to: http://inogic.com/blog/2014/07/how-to-change-the-port-of-adfs-3-0-windows-server-2012-r2-to-444/

This worked also on Windows Server 2008 R2 with AD FS 2.0  installed for me.

 

 

There have been times when we need to configure IFD and both, ADFS and CRM are installed on same server.

In case of Windows server 2008, we need to install ADFS 2.0 and in Windows server 2012 standard, ADFS 2.1 comes by default as a part of windows features, we just need to install and configure ADFS. But in both cases, ADFS gets installed on Default website in IIS. Hence we used to change the port of ADFS to 444 directly from the IIS default website and CRM (https) remains on 443. So that we could easily browse CRM IFD URL as https://orgname.domainame.com without appending port to the URL.

But this is not the same with Windows server 2012 R2, as ADFS 3.0 on Windows server 2012 R2 does not depend on IIS. So in that case, as ADFS port cannot be changed we used to change CRM (https) port to 444. As a result of which the users need to browse CRM IFD URL ashttps://orgname.domainame.com:444.

But sometimes the requirement is that they should not be required to append the port in IFD URL. To achieve this we should have ADFS to use port 444 instead which can be done by some PowerShell commands.

We have outlined below our experience and learning during IFD configuration on such Windows server 2012 R2 having both ADFS 3.0 and CRM installed on same server.

1)      Firstly install ADFS 3.0 on Windows Server 2012 R2,

2)      Now after that configure ADFS 3.0. You can get the detailed steps of configuring ADFS 3.0 and IFD from here.

3)      During the configuration of ADFS 3.0, you will come across following screen where you can clearly see that, you can only configure the Federation Service Name and *not* the port which could be done with earlier ADFS versions and earlier windows server versions.

img1

1)      Hence after configuring ADFS 3.0 and IFD. You need to run some commands in PowerShell, but before that first you need to check how many URLs are reserved by ADFS already, so that for them you can run some PowerShell commands,

netsh http show urlacl

The above command will display the list of reserved URLs. As you can see below form the list, the highlighted 2 URLs are reserved by ADFS 3.0 on port 443 i.e. https://+:443/adfs/ andhttps://+:443/FederationMetadata/2007-06/

img2

5)      Now we need to first delete them using following PowerShell commands.

netsh http del urlacl https://+:443/adfs/

netsh http del urlacl https://+:443/FederationMetadata/2007-06/

img3

6)      After deleting them you need to execute following commands to add them on port 444.

netsh http add urlacl https://+:444/adfs/ user=”NT SERVICE\adfssrv” delegate=yes

netsh http add urlacl https://+:444/FederationMetadata/2007-06/ user=”NT SERVICE\adfssrv” delegate=yes

img4

7)      Finally run following command

Set-ADFSProperties -HttpsPort 444

Note: If you change the Port of ADFS to 444 from default port then it will give following warning. It means, if you set ADFS on 444, then you will not be able to register mobile device in ADFS, hence you will not be able to develop Mobile device app for CRM.

img5

8)      After performing above step, you need to restart the “Active Directory Federation Services”.

img6

9)      Now if your FederationMetadata URL is shifted to port 444, then it will look likehttps://sts1.adventure25.com:444/federationmetadata/2007-06/federationmetadata.xmland if you browse this URL then it will not work, as shown in the below screen. So there seems to be some issue with ADFS 3.0 configuration

img7

10)      Microsoft says ADFS 3.0 does not depend on IIS i.e. not installed under default website of IIS, and this is true, because you will not find any ADFS related files under default website of IIS

11)      But still if you go to IIS and set the binding of Default Website to port 444, then it starts working as shown in below screen:

img8

12)      After completing above steps, first you need to change the CRM website port to 443, then you need to configure Web Address Properties, Claim Based, IFD from Deployment Manager to this new Federation Metadata URL, and then update the relying party in ADFS. Then IFD will start working and you just need to browse it like https://orgname.domainame.com

Step by Step : Deploy DFS in Windows Server 2012 R2

kommelsson Microsoft Windows Server, Windows Server 2012 R2 ,

Thanx to: https://mizitechinfo.wordpress.com/2013/08/21/step-by-step-deploy-dfs-in-windows-server-2012-r2/

What Is DFS?

Normally for domain users, to access a file share, they might use Universal Naming Convention (UNC) name to access the shared folder content.

Many large company have 100 of file servers that are dispersed geographically throughout an organization.

This is very challenging for users who are trying to find and access files efficiently.

So by using a namespace, DFS can simplify the UNC folder structure. In addition, DFS can replicate the virtual namespace and the shared folders to multiple servers within the organization. This can ensure that the shares are located as close as possible to users, thereby providing an additional benefit of fault tolerance for the network shares.

Orait, that’s a just a bit of DFS introduction, for more information, please do refer to http://technet.microsoft.com/en-us/library/jj127250.aspx, or for those who interested to “feel” the hands-on on the DFS, please do join my Server 2012 training, please refer to my website for more information : http://compextrg.com/

So, enough said, lets get started with our DFS deployment.

** as usual, for this DFS demo, I’m using 3 server 2012 (DC01, SVR01, COMSYS-RODC01) and Window Client (Surface01).

1

** I will install DFS into SVR01 and COMSYS-RODC01 Server

1 – Always be aware that to deploy DFS you need 2 Servers so that the Folder will replicate each other, so I will install DFS into SVR01 and COMSYS-RODC01 server, you can install DFS simultaneously.

To install DFS in Svr01 server, open Server Manager, on the Dashboard click Add Roles and Features

2

2 – In the Before you begin box, click Next

3

3 – On the Select installation type box, click Next to proceed (make sure Role-based or feature-based installation is selected)…

4

4 – On the Select destination server box, click Next to proceed…

5

5 – On the Select server roles page, expand File and Storage Services, expand File and iSCSI Services, and then select the DFS Namespaces check box, in the Add Roles and Features pop-up box, click Add Features…

6

6 – Next, make sure you select the DFS Replication check box, and then only click next to proceed…

7

7 – Next, on the Select features box, click Next

8

8 – On the Confirm installation selections box, click Install

9

9 – Wait for few minutes for the installation to complete and when the installation completes, click close…

10

11

** As I mentioned previously, you need to install DFS in another server also which is in my demo is a COMSYS-RODC01 server…

** Once you confirm both of the Server has been installed with DFS, please proceed with DFS namespace configuration.

10 – 1st, open DFS Management from Server Manager…

12

11 – Next, on the DFS console, right-click Namespaces, and then click New Namespace (A namespace is a virtual view of shared folders in your server)…

13

12 – In the New Namespace Wizard, on the Namespace Server page, under Server, type svr01, and then click Next…

14

13 – Next, on the Namespace Name and Settings box, under Name, type MarketingDocs, and then click Edit Settings…

15

14 – In the Edit Settings box, under Local Path of shared folder: type C:\DFSRoots\MarketingDocs and select Administrator have full access; other users have read and write permissions, then click OK…

16

15 – Next, on the Namespace Type box, verify that Domain-based namespace is selected. Take note that the namespace will be accessed by \\comsys.local\MarketingDocs, ensure also that the Enable Windows Server 2008 mode check box is selected, and then click Next…

17

16 – On the Review Settings and Create Namespace page, click Create

18

17 – On the Confirmation box, verify that the Create namespace task is successful, and then click Close…

19

18 – Next, you need to enable access-based enumeration for the MarketingDocs namespace.

To do so, under Namespaces, right-click \\comsys.local\MarketingDocs, and then click Properties…

20

19 – In the \\comsys.local\MarketingDocs Properties box, click the Advanced tab, then  select the Enable access-based enumeration for this namespace check box, and then click OK…

21

20 – Next, let’s add the Brochures folder to the MarketingDocs namespace…

To do that, right-click \\comsys.local\MarketingDocs , and then click New Folder

22

21 – In the New Folder box, under Name, type Brochures then click Add…

24

22 – In the Add Folder Target dialog box, type \\comsys-rodc01\Brochures, and then click OK…

25

23 – In the Warning box, click Yes

26

24 – In the Create Share box, in the Local path of shared folder box, type C:\MarketingDocs\Brochures, and select Administrator have full access; other users have read and write permissions, then click OK…

27

25 – In the Warning box, click Yes to proceed…

28

26 – Click OK again to close the New Folder dialog box…

29

27 – Next, I want to add the OnlineAdvert folder to the MarketingDocs namespace, so to do that, right-click \\comsys.local\MarketingDocs, and click New Folder, then In the New Folder box, under Name, type OnlineAdvert, and then, click Add…

30

28 – In the Add Folder Target box, type \\svr01\OnlineAdvert, and then click OK…

31

29 -In the Warning box, click Yes to create OnlineAdvert folder

32

30 – Next, in the Create Share box, in the Local path of shared folder box, type C:\MarketingDocs\OnlineAdvert, make sure also you select Administrator have full access; other users have read and write permissions, then click OK…

33

31 – In the Warning box, click Yes

34

 

32 – Click OK again to close the New Folder dialog box (verify that \\svr0\OnlineAdvert is listed) and also Brochures and OnlineAdvert folder is listed under \\comsys.local\MarketingDocs namespaces…

35

 

36

 

33 – Now lets verify our MarketingDocs namespace and its folder can be access using UNC, open RUN and type \\comsys.local\MarketingDocs, then in the MarketingDocs window, verify that both Brochures and OnlineAdvert is display.

37

 

34 – Now is the the second important task which is to configure DFS replication (DFS-R), but before that, why don’t we to create another folder target for Brochures…

Right-click Brochures, and then click Add Folder Target…

38

 

35 – In the New Folder Target box, under Path to folder target, type\\svr01\Brochures, and then click OK…

39

 

36 – In the Warning box, click Yes to create the shared folder on svr01 server…

40

37 – Next, in the Create Share box, under Local path of shared folder, type C:\MarketingDocs\Brochures, don’t forget to select  Administrator have full access; other users have read and write permissions, then click OK…

41

38 – In the Warning box, click Yes to create the folder on svr01 server…

42

39 – In the Replication box, click Yes. The Replicate Folder Wizard starts…

43

40 – Next, in the Replicate Folder Wizard, on both the Replication Group and Replicated Folder Name page, accept the default settings, and then click Next…

44

 

41 – On the Replication Eligibility page, click Next

45

 

42 – On the Primary Member box, I choose SVR01 server to be my Primary DFS server, and then click Next…

46

 

43 – On the Topology Selection box, select Full Mesh, and then click Next…

47

44 – On the Replication Group Schedule and Bandwidth, I choose Full and then click next…

48

 

45 – On the Review Settings and Create Replication Group box, click Create

49

 

46 – On the Confirmation box, click Close (verify that all status is Success)…

50

 

47 – In the Replication Delay box, click OK…

51

 

48 – Next, expand Replication, and then click comsys.local\marketingdocs\brochures, on the right pane, under Memberships tab, verify that both comsys-rodc01 and svr01 server is listed….

52

 

49 – To make sure all replication process is running without any issue and also to verify that our second server which is COMSYS-RODC01 server is having same function on DFS, log on into COMSYS-RODC01 server, open DFS and right click namespace and click Add Namespace to Display…

53

 

50 – In the Add Namespace to Display box, verify that domain is Comsys.local and under Namespace:, \\Comsys.local\MarketingDocs is listed and then click OK…

54

 

51 – Next, in the DFS console on the Comsys-RODC01 server, you should see that both Brochures and OnlineAdvert folder is listed…

55

 

52 – Lastly, log on into your client PC as any domain users, open RUN and type \\Comsys.local\MarketingDocs and press enter, and you should notice that marketingdocs folder is pop up with Brochures and OnlineAdvert folder is inside…

56

 

We done for now, as at this configuration, you now can start using DFS, but we still have few thing to verify especially on the High Availability.