RD Session Host

Windows MultiPoint Server 2012 Beta Available

Some of you know I'm a huge fan of Windows MultiPoint Server, and the next release is due out "soon". I've been testing it here and I'm really excited about the new features, especially the built in VDI support for both Win7 and Win8 clients. This will solve issues around power users in business environments where WMS has been limited by the Remote Desktop Protocol (RDP). With direct support for virtual desktops using VDI, that should be a non-issue.

To learn more about Windows MultiPoint Server 2012, check out the official blog post here. To join the public beta, go to the Connect directory at https://connect.microsoft.com/directory/ and click on the Join link for Windows MultiPoint Server 2012 Public Beta. (It's right at the top, at least for the moment. )

Remote Desktop Protocol Vulnerability

I don’t usually bother to write about Microsoft patches. After all, they happen every month, and we all are in the habit of patching (updating) moderately regularly. However, the update in MS12-020, described in this post, is both serious, and very likely to be a target in the very near future, though there aren’t any known exploits. Yet.

First, download and install the patch. That’s the obvious fix. However, if there is some particular reason why you can’t install the patch immediately, then you should configure all clients and servers that have Remote Desktop enabled to require Network Level Authentication (NLA). Microsoft has even made it easy for you. At the bottom of the TechNet post are links to apply a registry change to enforce Network Level Authentication. If you’ve got Windows XP or Windows Server 2003 clients, there’s even a Fix-It to turn on CredSSP so that they can connect using NLA.

Finally, you can configure group policy to require NLA on your network (and really, isn’t it about time you did?) Instructions are here: http://technet.microsoft.com/en-us/library/cc732713.aspx.

I know I was lazy about it for a long time, even after pretty much all my downlevel clients were long gone. But now that GPO is set and enabled. And my SBS WSUS server is sending that patch to every computer in my network. No playing around with this one, folks.

RemoteFX and Windows MultiPoint Server 2011

Technorati Tags: WMS,RemoteFX,RDP,MultiPoint

Windows MultiPoint Server 2011 (WMS) has an option to “Enable RemoteFX” under Server SettingsRemoteFX_01.

But what does that option actually do? And what IS RemoteFX anyway?

RemoteFX is technology that was included in Windows Server 2008 R2 that is designed to make virtual machines and remote sessions work better. When used with Windows 7 VDI sessions, and with the appropriate graphical hardware, it can leverage that hardware to create a virtual GPU for the VDI session. However, that isn’t something that WMS can take advantage of. However, another piece of the RemoteFX story is an improved codec for RDP sessions, and that is something that WMS can use. The RemoteFX codec is designed to handle video and mixed video and text better across RDP sessions than the native NScodec. When you enable RemoteFX under Server Settings, WMS switches from using the NScodec to using the RemoteFX codec for encoding content that is rendered on the server and sent over the wire via RDP.

To take advantage of it, however, your WMS station needs to be running RDP version 7.1, which means your client needs to be running Windows 7 SP1, Windows ThinPC, Windows 7 Embedded, or one of the third party RDP clients that are 7.1 compliant. I’ve enabled this on my WMS, and it definitely helps with streaming video to an RDP session. It won’t help to a zero USB client, unfortunately, but works well with my repurposed old laptop that is running Windows ThinPC.

Finally, if you have a lot of multimedia needs for WMS, and your physical layout allows it, I suggest using directly connected video for your client stations. This is the best video solution, and with a couple of modern video cards in your WMS server you can easily get 8-10 stations directly connected. If you need more stations than that, using RemoteFX and a client running an version 7.1 compliant RDP client will provide a quite acceptable experience.

(Thanks to Dean Paron at Microsoft for clarifying some key points around RemoteFX. Any errors are my mine, not his.)

Charlie.

Configuring Applications for Windows MultiPoint Server, part II

As I said in my previous post on application compatibility in Windows MultiPoint Server 2011 (WMS), most applications run without any special configuration or changes. They see WMS as just another Windows Server 2008 R2 or Windows 7 computer. Or, if they’re fairly smart applications, as a Remote Desktop Session Host (aka, Terminal Server). But every once in a while, some aspect of a particular application doesn’t play well with WMS. Sometimes, as in the previous post, it’s really that it doesn’t play well with any terminal server because it doesn’t understand about multiple users. But other times, it’s strictly a WMS problem, and that usually makes me want to look at what is going on with networking and the application.

Why networking? Because WMS uses a bunch of “loop back adapters”(LBAs) to do some of the magic it does. And when an application sees that many network cards on a computer, sometimes it gets confused about which one to use. One such application is Amazon’s Kindle for PC (K4PC). On a normal Windows 7 or Windows Server 2008 R2 computer, it starts up fairly quickly and loads your current library, and if you’re currently reading a book, it opens to the latest page read on any device you might happen to be reading it on. Cool. But that means it needs to “phone home” to find out if you’ve read past the current point it knows about locally, and while it’s at it, it checks for a new version. Apparently, this phone home can get confused about which adapter to use and ends up taking what seems like forever to load. (It’s actually only about 30-40 seconds, but that’s a long time when you’re waiting for it.)

So, what to do about it? Two changes can make all the difference, and both are disabling automatic proxy checking. First, in K4PC, open Options from the Tools menu, and select Network in the left pane, as shown here:

 WMS_K4PC_01

Select No Proxy, or set the specific proxy settings that your network requires. Either is better than Auto-Detect. Next, change the settings on Internet Explorer to disable autodetect. (Depending on your IE version, this will be in the LAN Configuration settings, as shown below: )

WMS_K4PC_02

Again, disable Automatically Detect Settings.

Restart your WMS server to make sure there are no open IE windows and you should see a noticeable improvement in the speed of K4PC. And consider this a likely culprit for any application that has a very slow start in WMS.

Charlie.

Configuring Applications for Windows MultiPoint Server

Most applications install cleanly in Windows MultiPoint Server 2011 (WMS) without any special tricks. They’re smart enough to not attempt to write critical files that can’t be shared into locations where they shouldn’t be. But some applications simply aren’t Terminal Server aware, and those can be an issue. One we ran into recently is Audible Manager. If you’re using a Zune or Sansa or other non-Apple product to listen to your Audible books, you need Audible Manager to transfer your books to the device. Well, needless to say, as we’re moving users to WMS, one of their requirements is to be able to use Audible Manager.

The first problem was USB support so they can connect their device. That was easy, I just installed KernelPro for them. But that brought up a second issue. When two people try to run Audible Manager at the same time, the second person gets a “Can’t open Content.aud” error. Why? Because Audible Manager installs it into “C:\Program Files (x86)\Audible\bin”. That’s a really bad idea, and bad programming practice, to say the least. But I found a workaround, and it actually does what Audible should have already been doing.

  1. Close audible manager.
  2. Navigate to "C:\Program Files (x86)\Audible\Bin".  
  3. Cut "content.aud" and paste someplace you can find it and get to it.
  4. For EACH USER (this is the part that’s a pain!):
    1. Navigate to %userprofile%\AppData\Roaming
    2. Create a new folder "Audible"
    3. Drop a copy of "Content.aud" into the folder
    4. Start Audible Manager.
    5. When Audible Manager can’t find content.aud, it will prompt you to either “Create A New, Empty File" or "Browse For An Existing File".
    6. Choose Browse, and then point to the file you just dropped in Roaming for the user.
  5. Repeat the sub-steps for each user. (or, if you’re doing this on a new server, do this and then copy to the default profile, and it will happen automatically when you add a new user.)

You’ll probably want to start with an empty content.aud file to do this. And, yes, it shouldn’t be necessary. I’ve already filed a report with Audible.com, but don’t expect any fixes any time soon.

While this is just one application, it also points to a way that can work with other ill-behaved applications. No guarantees, of course. But worth a try.