End of Support of Windows Client Operating Systems
End of Sales of Windows Client Operating Systems
Reference: Windows lifecycle fact sheet
End of Support of Windows Client Operating Systems
End of Sales of Windows Client Operating Systems
Reference: Windows lifecycle fact sheet
Remote Desktop Services is a server role consists of several role services. Remote Desktop Services (RDS) accelerates and securely extends desktop and applications to any device and anyplace for remote and roaming worker. Remote Desktop Services provide both a virtual desktop infrastructure (VDI) and session-based desktops.
In Windows Server 2012 R2, the following roles are available in Remote Desktop Services:
|Role service name||Role service description|
|RD Virtualization Host||RD Virtualization Host integrates with Hyper-V to deploy pooled or personal virtual desktop collections|
|RD Session Host||RD Session Host enables a server to host RemoteApp programs or session-based desktops.|
|RD Connection Broker||RD Connection Broker provides the following services
|RD Web Access||RD Web Access enables you the following services
|RD Licensing||RD Licensing manages the licenses for RD Session Host and VDI.|
|RD Gateway||RD Gateway enables you to authorized users to connect to VDI, RemoteApp|
For a RDS lab, you will need following servers.
This test lab consist of 192.168.1.1/24 subnets for internal network and a DHCP Client i.e. Client1 machine using Windows 8 operating system. A test domain called testdomain.com. You need a Shared folder hosted in File Server or SAN to Hyper-v Cluster as Virtualization Host server. All RD Virtualization Host computer accounts must have granted Read/Write permission to the shared folder. I assume you have a functional domain controller, DNS, DHCP and a Hyper-v cluster. Now you can follow the steps below.
Step1: Create a Server Group
1. Open Server Manager from Task bar. Click Dashboard, Click View, Click Show Welcome Tile, Click Create a Server Group, Type the name of the Group is RDS Servers
2. Click Active Directory , In the Name (CN): box, type RDS, then click Find Now.
3. Select RDSWEBSRV01, RDSSHSRV01, RDSCDSRV01, RDSVHSRV01 and then click the right arrow.
4. Click OK.
Step2: Deploy the VDI standard deployment
1. Log on to the Windows server by using the testdomain\Administrator account.
2. Open Server Manager from Taskbar, Click Manage, click Add roles and features.
3. On the Before You Begin page of the Add Roles and Features Wizard, click Next.
4. On the Select Installation Type page, click Remote Desktop Services scenario-based Installation, and then click Next.
5. On the Select deployment type page, click Standard deployment, and then click Next. A standard deployment allows you to deploy RDS on multiple servers splitting the roles and features among them. A quick start allows you to deploy RDS on to single servers and publish apps.
6. On the Select deployment scenario page, click Virtual Desktop Infrastructure, and then click Next.
7. On the role services page, review roles then click Next.
8. On the Specify RD Connection Broker server page, click RDSCBSRV01.Testdomain.com, click the right arrow, and then click Next.
9. On the Specify RD Web Access server page, click RDSWEBSRV01.Testdomain.com, click the right arrow, and then click Next.
10. On the Specify RD Virtualization Host server page, click RDSVHSRV01.Testdomain.com, click the right arrow, and then click Next. RDSVHSRV01 is a physical machine configured with Hyper-v. Check Create a New Virtual Switch on the selected server.
11. On the Confirm selections page, Check the Restart the destination server automatically if required check box, and then click Deploy.
12. After the installation is complete, click Close.
Step3: Test the VDI standard deployment connectivity
You can ensure that VDI standard deployment deployed successfully by using Server Manager to check the Remote Desktop Services deployment overview.
1. Log on to the DC1 server by using the testdomain\Administrator account.
2. click Server Manager, Click Remote Desktop Services, and then click Overview.
3. In the DEPLOYMENT OVERVIEW section, ensure that the RD Web Access, RD Connection Broker, and RD Virtualization Host role services are installed. If there is an icon and not a green plus sign (+) next to the role service name, the role service is installed and part of the deployment
Step4: Configure FileSRV1
You must create a network share on a computer in the testdomain domain to store the user profile disks. Use the following procedures to connect to the virtual desktop collection:
Create the user profile disk network share
1. Log on to the FileSRV1 computer by using the TESTDOMAIN\Administrator user account.
2. Open Windows Explorer.
3. Click Computer, and then double-click Local Disk (C:).
4. Click Home, click New Folder, type RDSUserProfile and then press ENTER.
5. Right-click the RDSUSERPROFILE folder, and then click Properties.
6. Click Sharing, and then click Advanced Sharing.
7. Select the Share this folder check box.
8. Click Permissions, and then grant Full Control permissions to the Everyone group.
9. Click OK twice, and then click Close.
Setup permissions on the network share
1. Right-click the RDSUSERPROFILE folder, and then click Properties.
2. Click Security, and then click Edit.
3. Click Add.
4. Click Object Types, select the Computers check box, and then click OK.
5. In the Enter the object names to select box, type RDSVHSRV01.Testdomain.com, and then click OK.
6. Click RDSVHSRV01, and then select the Allow check box next to Modify.
7. Click OK two times.
Step5: Configure RDSVHSRV01
You must add the virtual desktop template to Hyper-V so you can assign it to the pooled virtual desktop collection.
Create Virtual Desktop Template in RDSVHSRV01
1. Log on to the RDSVHSRV01 computer as a Testdomain\Administrator user account.
2. Click Start, and then click Hyper-V Manager.
3. Right-click RDSVHSRV01, point to New, and then click Virtual Machine.
4. On the Before You Begin page, click Next.
5. On the Specify Name and Location page, in the Name box, type Virtual Desktop Template, and then click Next.
6. On the Assign Memory page, in the Startup memory box, type 1024, and then click Next.
7. On the Configure Networking page, in the Connection box, click RDS Virtual, and then click Next.
8. On the Connect Virtual Hard Disk page, click the Use an existing virtual hard disk option.
9. Click Browse, navigate to the virtual hard disk that should be used as the virtual desktop template, and then click Open. Click Next.
10. On the Summary page, click Finish.
Step6: Create the managed pooled virtual desktop collection in RDSVHSRV01
Create the managed pooled virtual desktop collection so that users can connect to desktops in the collection.
1. Log on to the RDSCBSRV01 server as a TESTDOMAIN\Administrator user account.
2. Server Manager will start automatically. If it does not automatically start, click Start, type servermanager.exe, and then click Server Manager.
3. In the left pane, click Remote Desktop Services, and then click Collections.
4. Click Tasks, and then click Create Virtual Desktop Collection.
5. On the Before you begin page, click Next.
6. On the Name the collection page, in the Name box, type Testdomain Managed Pool, and then click Next.
7. On the Specify the collection type page, click the Pooled virtual desktop collection option, ensure that the Automatically create and manage virtual desktops check box is selected, and then click Next.
8. On the Specify the virtual desktop template page, click Virtual Desktop Template, and then click Next.
9. On the Specify the virtual desktop settings page, click Provide unattended settings, and then click Next. In this step of the wizard, you can also choose to provide an answer file. A Simple Answer File can be obtained from URL1 and URL2
10. On the Specify the unattended settings page, enter the following information and retain the default settings for the options that are not specified, and then click Next.
§ In the Local Administrator account password and Confirm password boxes, type the same strong password.
§ In the Time zone box, click the time zone that is appropriate for your location.
11. On the Specify users and collection size page, accept the default selections, and then click Next.
12. On the Specify virtual desktop allocation page, accept the default selections, and then click Next.
13. On the Specify virtual desktop storage page, accept the default selections, and then click Next.
14. On the Specify user profile disks page, in the Location user profile disks box, type \\FileSRV01\RDSUserProfile, and then click Next. Make sure that the RD Virtualization Host computer accounts have read and write access to this location.
15. On the Confirm selections page, click Create.
Step8: Test Remote Desktop Services connectivity
You can ensure the managed pooled virtual desktop collection was created successfully by connecting to the RD Web Access server and then connecting to the virtual desktop in the Testdomain Managed Pool collection.
1. Open Internet Explorer.
2. In the Internet Explorer address bar, type https://RDSWEBSRV01.Testdomain.com/RDWeb, and then press ENTER.
3. Click Continue to this website (not recommended).
4. In the Domain\user name box, type TESTDOMAIN\Administrator.
5. In the Password box, type the password for the TESTDOMAIN\Administrator user account, and then click Sign in.
6. Click Testdomain Managed Pool, and then click Connect.
Since the emergence of vSphere 6.0, I would like to write an article on vSphere 6.0 vs Windows Server 2012 R2. I collected vSphere 6.0 features from few blogs and VMware community forum. Note that vSphere 6.0 is in beta program which means VMware can amend anything before final release. New functionalities of vSphere 6.0 beta are already available in Windows Server 2012 R2. So let’s have a quick look on both virtualization products.
|Features||vSphere 6.0||Hyper-v Server 2012 R2|
|Certificate Authority||Active Directory Certificate Services|
|Certificate Store||Certificate Store in Windows OS|
|Single Sign on||VMware retained SSO 2.0 for vSphere 5.5||Active Directory Domain Services|
|Database||vPostgres database for VC Appliance up to 8 vCenter||Microsoft SQL Server
|Management Tools||Web Client & VI
VMware retained VI
|SCVMM Console & Hyper-v Manager|
|Installer||Combined single installer with all input upfront||Combined single installer with all input upfront|
|vMotion||Long distance Migration up to 100+ms RTTs||Multisite Hyper-v Cluster and Live Migration|
|Storage Migration||Storage vMotion with shared and unshared storage||Hyper-v Live Storage Migration between local and shared storage|
|Combined Cloud Products||Platform Services Controller (PSC) includes vCenter, vCOPs, vCloud Director, vCoud Automation||Microsoft System Center combined App Controller, Configuration Manager, Data Protection Manager, Operations Manager, Orchestrator, Service Manager, Virtual Machine Manager|
|Service Registration||View the services that are running in the system.||Windows Services|
|Licensing||Platform Services Controller (PSC) includes Licensing||Volume Activation Role in Windows Server 2012 R2|
|Virtual Datacenters||A Virtual Datacenter aggregates CPU, Memory, Storage and Network resources.||Provision CPU, Memory, Storage and network using create Cloud wizard|
Another key feature to be compared here that those who are planning to procure FC Tape library and maintain a virtual backup server note that vSphere doesn’t support FC Tape even with NPIV and Hyper-v support FC Tape using NPIV.
The SMB protocol follows the client-server model; the protocol level is negotiated by the client request and server response when establishing a new SMB connection. Windows Server 2012 introduces a feature called SMB 3.0 Multichannel. Multichannel provides link aggregation and fault tolerance.
SMB 3.0 introduces multipath I/O (MPIO) where multiple TCP connections can be established with given SMB session. Benefits include increase bandwidth, enable transparent network interface failover and load balancing per session.
Open following registry key
If you are looking fault tolerance and throughput then obvious choice is NIC teaming with RSS.
Switch(config)#Int PORT (a.e. Gi3/1)
Switch(config)#switchport mode access
Switch(config)#channel-group <40> mode active
Switch(config)#Int port (a.e. Gi3/1)
Switch(config)#switchport mode access
Switch(config)#channel-group <40> mode active
PROCURVE# trunk PORT1-PORT2 (a.e. C1/C2) Trk<ID> (a.e. Trk99) LACP
PROCURVE# vlan <VLANID>
PROCURVE# untagged Trk<ID> (a.e. Trk99)
PROCURVE# show lacp
PROCURVE# show log lacp
Get-SmbClientConfiguration | Select EnableMultichannel
Get-SmbServerConfiguration | Select EnableMultichannel
6. Enable Multichannel
Set-SmbServerConfiguration -EnableMultiChannel $true
Set-SmbClientConfiguration -EnableMultiChannel $true
7. Verify Multichannel
Deduplication in Windows Server: Data deduplication involves finding and removing duplication within data without compromising its fidelity or integrity. The goal is to store more data in less space by segmenting files into small variable-sized chunks (32–128 KB), identifying duplicate chunks, and maintaining a single copy of each chunk. Redundant copies of the chunk are replaced by a reference to the single copy. The chunks are compressed and then organized into special container files in the System Volume Information folder.
Enhanced Dedupe features in Windows Server 2012 R2
When using the Data Deduplication feature for the first time or migrating from a previous version of Windows Server, be sure to consider the following related technologies and issues:
Install and Configure Data Deduplication using GUI
1. Open Server Manager, From the Add Roles and Features Wizard, under Server Roles, select File and Storage Services.
2. Select the File Services check box, and then select the Data Deduplication check box.
3. Click Next until the Install button is active, and then click Install.
4. From the Server Manager dashboard, right-click a data volume and choose Configure Data Deduplication. The Deduplication Settings page appears.
5. In the Data deduplication box, select the workload you want to host on the volume. Select General purpose file server for general data files or Virtual Desktop Infrastructure (VDI) server when configuring storage for running virtual machines.
6. Enter the number of days that should elapse from the date of file creation until files are deduplicated, enter the extensions of any file types that should not be deduplicated, and then click Add to browse to any folders with files that should not be deduplicated.
7. Click Apply to apply these settings and return to the Server Manager dashboard, or click the Set Deduplication Schedule button to continue to set up a schedule for deduplication.
Install and Configure Data Deduplication using Windows PowerShell
Start Windows PowerShell. Right-click the Windows PowerShell icon on the taskbar, and then click Run as Administrator.
Import-Module ServerManager | Add-WindowsFeature -name FS-Data-Deduplication
Enable-DedupVolume E: -UsageType HyperV
Enable-DedupVolume E: -UsageType Default
Set-Dedupvolume E: -MinimumFileAgeDays 20
Get-DedupVolume | fl
Start-DedupJob E: –Type Optimization –Wait
This article provides actionable advice about how to manage patches to reduce downtime while still maintaining the security of software services through the proactive reduction of dependencies and the use of workaround solutions.
Windows Server patches, hotfixes and service pack is critical for compliance, service level agreement and security purposes. Keeping an operating systems and application up to date is the key to align your infrastructure with latest software. Patches and hotfixes also enable you to prevent any security breaches and malware infection.
Windows Patch Classification
The following are strongly recommended patches:
Windows Product Classification
It is highly recommended that you patch Windows Servers, Windows Clients, Office, Applications (Silverlight, .Net Framework, SQL, Exchange, SharePoint, FF TMG).
Consultants should take time to test the patches in a non-production environment prior to being deployed to production. This will help to gauge the impact of such changes. Ideally you will have the following patching groups:
1. UAT (UAT1, UAT2, etc)
2. Test Environment (Test1, Test2, etc)
3. Development Environment (Dev1, Dev2 etc)
4. Production (Prod1, Prod2, etc)
If you have clustered environment like SQL, Exchange and SharePoint then create Prod1, prod2 group and place each node on each group.
System administrators should maintain a log, written or electronic, of all changes to the operating environment, to include hardware, system security software, operating system, and applications. Prior to any changes being implemented on a system, the system administrator should receive approval of stakeholders.
Why am I discussing backup with patching best practice? In case of emergency you can rollback completely and restore a server to its original state if necessary. It is very important that servers be backed up on a regular basis. Depending on the use of the server, it may be adequate to backup the server once per week. A backup of a more critical environment may be needed daily, and possibly continuously. The backup program provided with Windows is capable of backing up to virtually any writable media, which can include network drives provided by a server in another physical location. This program is also capable of scheduling backups which can ensure backups occur on a regular interval.
Microsoft strongly recommends that you create the following backups before you install an update rollup, service pack and patch on Exchange and SQL:
Read release notes of each hotfixes you are going to apply so that you are compliant with the application installed on the server. Consult with application vendor before applying service pack to any server if the server is hosting specific business application. Consult with application engineer about the importance of server patching. Inform and educate application engineer as much as possible to avoid conflict of interest.
Documentation released with the updates is usually in the form of web pages, attached Word documents and README.TXT files. These should be printed off and attached to change control procedures as supporting documentation.
Back out Plan
A back-out plan will allow the system and enterprise to return to their original state, prior to the failed implementation. It is important that these procedures are clear, and that contingency management has tested them, because in the worst case a faulty implementation can make it necessary to activate contingency options. Historically, service packs have allowed for uninstalling, so verify there is enough free hard disk space to create the uninstall folder. Create a back out plan electronically and attach with change management software.
You need to notify helpdesk staff and support agencies of the pending changes so they may be ready for arising issues or outages.
Consistency across Servers
Always install the same service packs or hotfixes to each SQL server node, Exchange DAG member and Domain Controller.
Routine Maintenance Window
A scheduled maintenance window must be agreed with business so that application outage and server reboot can maintain a respectable Service Level Agreement (SLA). If you have a large infrastructure with thousands of servers and many regions working round the clock then you must consider application dependencies. A patching schedule can be considered in between every Friday of every month at 6:00 P.M. Friday to 6:00 A.M Monday. Setup maintenance window in system center or deadline for WSUS to make sure patches are applied when you want instead of when patch is available. In this way you will have a complete control over change windows approved by change advisory board (CAB). Do not allow end users to update patches on their client machine according to their wishes and happiness! then user will never install any patch.
I strongly recommend that you spend few $$$ to buy Microsoft System Center 2012 to manage and deploy Windows patches, service pack and hotfixes. However you can use Windows Server Update Services (WSUS) as poor man’s patching solutions.
Patching DMZ server can be accomplished using WSUS offline patching solutions available for free to download from http://download.wsusoffline.net/.
Automate, Automate and Automate!
Automated patch management using System Center could enable a single IT administrator to access a pre-populated patch policy. He then could execute the command and with the press of a single button, download the patches from Microsoft’s website, install them on a test machine and test for compatibility issues. Meanwhile, an automatic inventory check could search for systems with the affected software, wake them up, check their readiness and push the verified patches out to waiting machines. The patches would then be automatically installed on each system, and they’d reboot as necessary. The final step is an automated report on the status of the remediated devices.
Standardized patch management processes could allow for daily assessment and remediation of client devices and weekly assessment and remediation for servers. Reports can then be generated to validate system status on a weekly or bi-weekly schedule. A systems monitoring task that used to take days now takes minutes, and patches are deployed more completely and consistently across the entire IT environment. A single IT administrator can proactively manage thousands of systems tasks in the same amount of time it took an entire team to do the tasks manually.
Reboot Windows Computer
Some application may require reboot of server before patching such as RSA Secure Console. However most of the server must be rebooted after patching. Do not suppress reboot after patching in any circumstances or you will have a messy environment and broken clusters.
X86 and X64 Windows Systems
The most prominent 32-bit application you’re likely to see on a 64-bit Windows system is Office. In this sort of situation System Center benefits most because you can adjust and make decision based on architecture and compliance as well. You can approve patches based on “Needed and Not Installed”. If a server or client need update it will install if not then it will not installed. It’s safe to do so.
Antivirus and Antispyware
Servers are vulnerable to many forms of attack. Implementation and standardization of security methods should be developed to allow early and rapid deployment on servers. It’s important that a Windows server be equipped with a latest centrally managed Antivirus program. Antivirus update must be scheduled with the same maintenance window to update antivirus with latest definition.
Servers have a powerful auditing feature built in. Typically, server managers would want the auditing system to capture logins, attempted logins, logouts, administrative activities, and perhaps attempts to access or delete critical system files. Auditing should be limited to gathering just the information that is needed, as it does require CPU and disk time for auditing to gather information. Log Management software should be used, if possible, for ease of managing and analysing information. Report can be generated from Systems Center and WSUS as proof of patching cycle.
Servers keep multiple logs and, by default, may not be set to reuse log file entries. It is a good practice to expand the size of the allowed log file and to set it to reuse space as needed. This allows logging to continue uninterrupted. How far back your log entries go will depend on the size of the log file and how quickly you are accumulating log data. If your server environment is critical, you may wish to ensure that the log file size is sufficient to store about 30 days of logging information, and then rotate log files once per month.
Installing Updates on a single Exchange Server
Download Exchange Update from Microsoft Download Center. Record Current Exchange Version information
Check for publisher’s certificate revocation
1. Start Internet Explorer.
2. On the Tools menu, click Internet Options.
3. Click the Advanced tab, and then locate the Security section.
4. Clear the Check for publisher’s certificate revocation check box, and then click OK.
5. After the update rollup installation is complete, select the Check for publisher’s certificate revocation option.
Pre-check before installing
1. Determine which update rollup packages are installed on your Exchange server roles
2. Determine whether any interim updates are installed
3. Review interim updates
4. Obtain the latest update rollup package
5. Apply on a Test Exchange Server
Install Exchange Update
1. Ensure that you have downloaded the appropriate rollup to a local drive on your Exchange servers, or on a remote network share.
2. Run the Windows Installer *.msp Setup file that you downloaded in step 1.
Install Exchange Update on DAG Member
To update all DAG members, perform the following procedures on each DAG member, one at a time. Set the member server in maintenance mode using this PowerShell Command.
Install the update rollup
1. Close all Exchange management tools.
2. Right-click the Exchange update rollup file (.msp file) you downloaded, and then select Apply.
3. On the Welcome page, click Next.
4. On the License Terms page, review the license terms, select I accept the License Terms, and then click Next.
5. On the Completion page, click Finish.
Once installed exit from maintenance mode run the StopDagServerMaintenance.ps1 script. Run the following command to re-balance the DAG, as needed
.RedistributeActiveDatabases.ps1 -DagName <DAGName> -BalanceDbsByActivationPreference -ShowFinalDatabaseDistribution
When the installation is finished, complete the following tasks:
Patching Microsoft Failover Cluster
You can install Windows service packs on Windows Server Failover Cluster nodes using the following procedure. Administrative privilege is required to perform the following tasks.
Procedure to install Windows service pack or hotfixes in Windows Server 2003:
Procedure to install Windows service pack or hotfixes in Windows Server 2008 and Windows Server 2012:
You can use the following PowerShell Cmdlet to accomplish the same.
1. Load the module with the command: Import-Module FailoverClusters
2. Suspend (Pause) activity on a failover cluster nodeA: Suspend-ClusterNode nodeA
3. Move a clustered service or application (a resource group) from one node to another: Get-ClusterNode NodeA | Get-ClusterGroup | Move-Cluster Group
4. Resume activity on nodeA that was suspended in step 5: Resume-ClusterNode nodeA
5. Move a clustered service or application (a resource group) from one node to another: Get-ClusterNode NodeB | Get-ClusterGroup | Move-Cluster Group
6. Suspend (Pause) activity on other failover cluster node: Suspend-ClusterNode nodeB
7. Resume activity on nodeB that was suspended in step 10 above: Resume-ClusterNode nodeB
It is critical that when service packs, hotfixes, and security patches are required to be installed, that these best practices be followed.
1. Read all related documents.
2. Use a change control process.
3. Apply updates that are needed.
4. Test patches and hotfixes on test environment.
5. Don’t get more than 2 service packs behind.
6. Target non-critical servers first.
7. Service Pack (SP) level consistency.
8. Latest SP instead of multiple hotfixes.
9. Apply only on exact match.
10. Subscribe to Microsoft email notification.
11. Always have a back-out plan.
12. Have a working Backup and schedule production downtime.
13. Consistency across Domain Controllers and application servers.