- Dell introduces the First Multi-User 2U Rack Workstation for Virtualized 3D Applications on Citrix XenDesktop on
- smsPasscode 6.1 released with new enhancements
- Citrix and NVIDIA team up on GPU hardware virtualization
- Igel announces new ARM-based System on Chip (SoC) thin client
- NComputing introduces new cheap HDX thin Clients for Citrix Desktop and App Virtualization Deployments
Windows Server 2008 R2
How to configure Single Sign-On for Remote Desktop Services
Single Sign-On is an authentication mechanism that makes it possible to automatically log on to servers and web pages within a Windows domain with the username and password to log on to Windows with.
This article describes how this is configured on both the client and server-side.
Single sign-on (hereinafter "SSO") is an authentication mechanism that makes it possible to automatically log on to servers and web pages within a Windows domain with the username and password to log on to Windows with. When you are logged on a domain client with a domain user, you get issued a so-called Kerberos ticket. When SSO is enabled it is used to log on to internal resources such as a Sharepoint portal, or Remote Desktop sessions to a server configured with Remote Desktop Services. Remote Desktop Services was introduced in Windows Server 2008 R2, which was launched along with Windows 7 The earlier and more familiar name of a server set up as a so-called Remote Desktop Session Host's "terminal server". A Remote Desktop Session Host server can accept logins from many simultaneous users, where users can access published applications.
Read more about SSO for Windows Server 2008 and Windows Server 2008 R2 .
On the client side is SSO available for Windows XP with SP3, Windows Vista and Windows 7
Configuring SSO on the server side
To configure SSO on the server side (Windows Server 2008 Terminal Services or Windows Server 2008 R2 Remote Desktop Services), set the "security layer" on "RDP-tcp" list successor to either "Negotiate" or "SSL (TLS 1.0) ":
Best practice is to configure this in a single Group Policy setting for all Remote Desktop Session Host servers in the domain:
Group Policy setting for this is found under Computer Configuration-> Policies-> Administrative templates-> Windows Components> Terminal Services-> Terminal Server> Security.
Configuring SSO on the client side
Using a common Group Policy setting is also best practice to set up the necessary SSO settings on the client side.
The setting must be set up called "Allow Delegating Default Credentials" and located under Computer Configuration-> Policies-> System-> Credentials Delegation:
Enable "Allow Delegating Default Credentials", press the "Show" button and Specify whether the domain name in the format TERMSRV / *. domainname.local, or specify specific servers SSO shall be permitted to:
The next step is to create an RDP file (configuration file for Remote Desktop client mstsc.exe). Start the client from Start-> Run-> mstsc.exe and configure the server name and other settings for the connection, such as mapping of local printers and disks.
Once this is done, open the RDP file in Notepad and add the following line at the bottom of the RDP file:
enablecredsspsupport: i: 1
This will enable SSO for this RDP file.
It is also recommended to add a digital signature to the RDP file to prove who the RDP file is made of, and prevent file can be used if it made unauthorized changes to the signing must be done with a so-called "Code Signing" certificate that the clients trust. This can be done with the built-in tool rdpsign.exe :
Example of signing:
When the RDP file is signed, the following line is added to the bottom of the RDP file:
Signature: s: AXQBAAEAAADBCgAAMIIKvQ ... ... ....
Made the changes to the RDP file after signing the signature must be performed again.
For Windows Vista and Windows 7 client setup and deployment will now be finished when RDP file is published to the clients. This may be done manually, using login scripts or Group Policy (see further down the article).
For Windows XP clients, the following must be in place before the SSO can be used:
- Service Pack 3 must be installed
- The minimum version 6.0 of Remote Desktop client to be installed
- CredSSP Security Provider must be enabled
How CredSSP Security Provider is activated is described in this Knowledge Base article .
It's recommended to deploy the appropriate registry settings with Group Policy Preferences:
RDP file can also be rolled out in the same way:
SSO can also be combined with the Remote Desktop Services Web Access . Remote Desktop Services team has written a blog post that describes setting up SSO in the RDS Web Access.
For those clients who are not members of the domain, such as home office / remote clients, the RDS Web Access, a possible solution. Users then log on the website for RD Web Access, and can log in on to a Remote Desktop Session Host with the same Kerberos ticket that was issued when they logged on the website with username and password.
Microsoft Hyper-V Server 2008 R2 SP1 released for download
Microsoft announced the release of Service Pack 1 for Microsoft Hyper-V Server 2008 R2.
Hyper-V Server 2008 R2 Service Pack 1 (SP1) contains the same virtualization feature set as the Hyper-V role in Windows Server 2008 R2 SP1.
Some of the features included in Hyper-V Server 2008 R2 SP1 are:
- Dynamic Memory: Hyper-V Server 2008 R2 SP1 introduces Dynamic Memory as a new feature to help use physical host memory more efficiently to potentially achieve higher virtual machine densities.
- RemoteFX: Hyper-V Server 2008 R2 SP1 includes RemoteFX as a new feature to deliver a rich desktop environment within virtual machines. It provides a 3D virtual adapter as well as the ability to redirect USB devices in virtual machines.
- Live migration: Hyper-V Server 2008 R2 includes support for live migration. Live migration enables customers to move running virtual machines from one host to another without service interruptions.
- Failover clustering: Hyper-V Server 2008 R2 includes host clustering technology to enable support for unplanned downtime. With live migration and failover clustering, customers receive high availability and dynamic migration capabilities for planned and unplanned downtimes.
- Processor and memory support: Hyper-V Server 2008 R2 supports up to 8-socket physical systems and provides support for up to 64 cores. In addition, Hyper-V Server 2008 R2 supports up to 1 TB of RAM on a physical system.
- Updated Server Configuration tool: The Server Configuration tool is designed to simplify the most common configuration tasks. It helps you configure the initial settings without having to type command-line strings. In Hyper-V Server 2008, this utility is called Hyper-V Configuration Utility (HVConfig). In Hyper-V Server 2008 R2, this tool is called the Server Configuration tool (SConfig.cmd). It is included in Hyper-V Server 2008 R2 and in the Server Core installation option of Windows Server 2008 R2. Two configuration options are available only when you run the Server Configuration tool on a server running Hyper-V Server 2008 R2:
- An option to have the Server Configuration tool start automatically every time you log on to a computer running Hyper-V Server with the Administrator account
- An option to configure failover clustering
For a detailed feature and support comparison between Hyper-V Server 2008, Hyper-V Server 2008 R2, and Windows Server 2008 R2, see the Virtualization Platform Comparison section.
In order to configure the new Hyper-V Server 2008 R2 SP1 feature settings (RemoteFX, Dynamic Memory), make sure to use the the latest Windows 7 SP1 Remote Server Administration Tool(RSAT) for the client or use Windows Server 2008 R2 SP1. The Windows 7 SP1 RSAT tool can be downloaded from here
Microsoft iSCSI Software Target available as a free download
Microsoft has made their Microsoft iSCSI Software Target publicly available to all users of Windows Server 2008 R2.
The Microsoft iSCSI Software Target has been available for production use as part of Windows Storage Server since early 2007. It has also been available for development and test use by MSDN and TechNet subscribers starting in May 2009. However, until now, there was no way to use the Microsoft iSCSI Software Target in production on a regular server running Windows Server 2008 R2. This new download offers exactly that.
Now available as a public download, the software is essentially the same software that ships with Windows Storage Server 2008 R2. Windows Storage Server 2008 R2 and the public download package will be refreshed (kept in sync) with any software fixes and updates. Those updates are described at http://technet.microsoft.com/en-us/library/gg232597.aspx.
This release was preceded by intense testing by the Microsoft iSCSI Target team, especially in scenarios where the iSCSI Target is used with Hyper-V and with Windows Server Failover Clusters. We do imagine these to be amongst the most commons deployment scenarios.
Testing included running the Microsoft iSCSI Software Target in a two-node Failover Cluster and configuring 92 individual Hyper-V VMs, each running a data intensive application and storing data on a single node of that iSCSI Target cluster. The exciting part of the test was to force an unplanned failure of the iSCSI Target node being used by all the VMs and verify that we had a successful failover to the other node with all 92 VMs continuing to run the application without any interruption.
How to download and install
To download the Microsoft iSCSI Software Target 3.3 for Windows Server 2008 R2, go to http://www.microsoft.com/downloads/en/details.aspx?FamilyID=45105d7f-8c6c-4666-a305-c8189062a0d0 and download a single file called “iSCSITargetDLC.EXE”.
To learn more and download click here
Microsoft RemoteFX for Virtual Desktop Infrastructure Architectural Overview Whitepaper
This white paper provides an architectural overview of RemoteFX in the context of VDI by using a new role service called Remote Desktop Virtualization Host designed specifically for VDI, using Windows Server 2008 R2 with SP1 in a Hyper-V role.
Remote Desktop Services in Windows Server 2008 R2 with Service Pack 1 (SP1) includes a new set of user experience technologies called Microsoft RemoteFX. RemoteFX delivers a full-fidelity user experience for Virtual Desktop Infrastructure (VDI) by providing a 3D virtual adapter, intelligent CODECs, and the ability to redirect USB devices on virtual machines. As part of the Windows Server 2008 R2 with SP1 platform, RemoteFX is integrated with the RDP protocol, which enables shared encryption, authentication, management, and device support.
Microsoft announces the availability of Windows 7 and Windows Server 2008 R2 SP1
Microsoft officially handed off the final release (RTM) of Windows 7 and Windows Server 2008 R2 Service Pack 1 (SP1) to their OEM partners. On February 16th Windows 7 and Windows Server 2008 R2 SP1 will be available for MSDN and TechNet Subscribers as well as Volume License customers. On February 22nd, Windows 7 and Windows Server 2008 R2 SP1 will become generally available for folks to download via the Microsoft Download Center and available on Windows Update.
For Windows 7, SP1 will help keep your PCs well supported by delivering ongoing updates, many of which have been made previously available through Windows Update. It also includes client-side support for RemoteFX and Dynamic Memory which are two new virtualization features enabled in Windows Server 2008 R2 SP1. Read more about those updates here from the Windows Server Team.
More Articles...
Connect on Twitter
Become a Ervik.as Partner
Find us around the web
