Skip to content

Recent Articles


RDS 2012 Deployment and Configuration Guides

I thought it would help to collate all my current RDS posts onto one to make it easier for you tech’s to find things. I will add new links to this post when i publish new articles.

  1. Deploying RDS 2012 Single Server – Session Based deployment
  2. Deploying RDS 2012 using Standard Deployment
  3. Creating a Remote Desktop Session Collection RDS 2012
  4. RDS 2012 Publishing a RemoteApp
  5. Create Server Groups for RDS 2012
  6. Deploying Remote Desktop Gateway RDS 2012
  7. How to assign a RDWorkspace Name in RDS 2012
  8. Configuring RDS 2012 Certificates and SSO
  9. Creating a SAN Certificate for use with RDS 2012
  10. Connection Broker Redirection – RDS 2012
  11. Configuring DNS for RDS 2012 RDWeb Feed
  12. Add Password Reset feature to Remote Desktop Web Access 2012
  13. Change the Icon on RDWEB – RDS 2012
  14. Configure SQL for RDS 2012
  15. MSSQL Firewall Script - useful for the RDS HA Connection Broker configuration
  16. Create a RDSH FARM RDS 2012 using DNS Round Robin
  17. Configure RDSH Farm using a Load balancer (KEMP Virtual LoadMaster VLM-1000)
  18. Create A RDWEB Farm Using a Kemp Load Balancer
  19. RDS 2012 – Configuring a RD Gateway Farm
  20. Deploying RD Connection Broker High Availability in Windows Server 2012
  21. Creating a Windows ThinPC Thin Client
  22. Remote Desktop Community Verified Application Compatibility Center
  23. Windows 8 VDI optimization script
  24. RDP 8.0 : What you need to know when connecting to Windows 7
  25. RemoteFX vGPU Setup and Configuration Guide for RDS 2012
  26. RDS 2012 RD licensing Role
  27. Troubles with Removing RD Connection Broker High Availability
  28. Useful Group Policies for RDS 2012
  29. RDS 2012 Connection Broker Role not supported on DC
  30. Configuring RDS 2012 on Windows Azure
  31. Load Balance RDS2012 RDWA and RDGW Using Sub Interfaces on KEMP’s LoadMaster 
  32. Redirect RDS 2012 Web HTTP Traffic to HTTPS using KEMP’s LoadMaster
  33. Configure “Connect to a Remote Computer” in RDWeb 2012
  34. Whats new in RDS 2012 R2
  35. Enabling RDMS UI Tracing RDS 2012 for troubleshooting
  36. RDS Session Deployment Powershell Script for RDS 2012
  37. Clarification on the use of Office 365 Pro Plus in VDI environments
  38. RDS 2012 Licensing Brief
  39. Microsoft Publish Windows Desktop Hosting Reference
  40. VDI Infrastructure qualified for Microsoft Lync
  41. RDSH Install Mode for adding Applications
  42. Two factor authentication for RDS 2012
  43. Microsoft Remote Desktop Client For Mac, Android and iOS
  44. RDS 2012 – Changing the Connection Broker DNS Alias
  45. RDS 2012 to 2012 R2 in-place upgrade
  46. Deploy VDI Pools Faster in Server 2012 R2
  47. Deploying a RDSH Server in a Workgroup – RDS 2012 R2
  48. RDS 2012 –  Remote Desktop Services Diagnosis Tool
  49. Migrate Remote Desktop Services 2012 to Windows Server 2012 R2
  50. Publish Remote Desktop Session in a Remote App Session Collection
  51. Deploying A RDSH 2008 R2 Server to a RDS 2012 R2 Environment
  52. Publish RDS 2008R2 Desktop on RDS 2012
  53. Configure RDS 2012 RDWeb for Access via Email (UPN)
  54. RDS 2012 Licencing Server – Users cannot connect when licencing is applied
  55. Shadowing RDS 2012 R2 Sessions
  56. RDS 2012 SQL AlwaysOn Considerations
  57. Remote Connection Profiles in SCCM 2012 R2
  58. Customisation of RDSH 2012 Start Screen
  59. RDS 2012 R2 Apps and Session’s using UPD Issue
  60. Load Balancing the RD Connection Brokers with KEMP
  61. RemoteApp POC/LAB RDS 2012 Single Server Deployment Script
  62. RDS 2012 RDSH Certificate deployment script
  63. Performance Tuning for Remote Desktop Services 2012 R2
  64. Deploying RDS 2012 Wild Card Certificate using PowerShell
  65. RDS 2012 Security Hardening Guide
  66. Capacity planning for a RDS 2012 pooled 2,000-seat VDI Collection

Capacity planning for a RDS 2012 pooled 2,000-seat VDI Collection

For all thoses looking to deploy Pooled VDI Collections, have a look at the following capacity management Document.

This will assist with scoping the correct required capacitys when creating VDI Solutions.

Cappacity Planning Guide 



Deploying RDS 2012 Wild Card Certificate using PowerShell

For all those using wild card certificates for RDS installations, I have written a script that allows you to import and configure the wild card certificate on all RDS Roles.

It is advised that the script is run on the RD Connection Broker.

Ensure the Certificate is in PFX format and stored locally in a directory like c:\Cert\RDS\. You will need to specify the location of the certificate when running the script.

When specifying the connection broker ensure you use the FQDN not the server or HA name.

Click Here to download the script


RDS 2012 Security Hardening Guide

I recently came across the server 2012 Secuity guide apart of the “Secuirty Compliance Manager” which covers the Secuity Hardening of RDS 2012.

This document provides the best practices when securing server 2012 and RDS 2012.
Please see the link below:

Windows Server 2012 Security Baseline

Microsoft Security Compliance Manager

To access the Windows Server 2012 Security Guide, you will need to download the Security Compliance Manager.

Open the Security Compliance Manager , navigate to Guides \ Attachments and then open the “Windows Server 2012 Security Guide.docx


Upgrading VMware Tools in Batch using PowerCLI

I have written a PowerCLI script that simplifies the process when upgrading VMware tools on all Servers in a Virtual Environment after a VMware version / patching version update.

Whist running the script, you will need to fill in the blanks with regards to vCenter name, Cluster name, and Email details.

Ensure you have the required version of PowerCLI installed before attempting to run this script.


# Upgrade of VMTools
# Notes: Script to update VMtools by batch using a CSV file
# By Ryan Mangan 03/06/2014
# Connect to vcenter server  
Write-host "******  VMware Tools Upgrade Script ******" -foregroundcolor green
add-pssnapin VMware.Vimautomation.core
$vcenter = read-host "Enter the vCenter Instance" 
connect-viserver -Server $vcenter -WarningAction SilentlyContinue 
#Import vm name from csv file
$CSVLoc = read-host "enter CSV File location e.g c:\temp\deploy.csv"
Import-Csv $CSVLoc |  
foreach {  
    $strNewVMName = $  
    #Update VMtools without reboot  
$Clustername = Read-host "enter cluster name"
    Get-Cluster $Clustername | Get-VM $strNewVMName | Update-Tools –NoReboot  
   write-host "Updated $strNewVMName ------ "  
    $report += $strNewVMName  
write-host "Sleeping ..."  
Sleep 120  
#Send out an email with the names  
$SenderID = Read-host "enter email from address"
$RecipEmailID = Read-host "enter repcipient email id"
$EMAILSRV = Read-host "enter Email Server Name"
$emailFrom = $SenderID  
$emailTo = $RecipEmailID 
$subject = "VMware Tools Updated"  
$smtpServer = $EMAILSRV  
$smtp = new-object Net.Mail.SmtpClient($smtpServer)  
$smtp.Send($emailFrom, $emailTo, $subject, $Report)

Performance Tuning for Remote Desktop Services 2012 R2

Microsoft produced  “Performance Tuning Guidelines for Windows Server 2012 in April 12 2013 which contains information on performance tuning in RDS 2012. Pages 123 to 141 for RDS 2012

Performance Tuning Guidelines for Windows Server 2012




RDS 2012 RDSH Certificate deployment script

Over the last couple of months i have been asked a number of questions with regards to certificate warnings relating to the session host server. To simplify the process of deploying/replacing the default RDP certificate on the Session host, i have written a PowerShell Script that takes care of the installation of a trusted certificate.

This script prompts for the following Inputs:

  • The location of the PFX Certificate ( I recommend you use a local Path)
  • The Certificate Password
  • The Certificate Thumbprint ( you can copy & paste this during the process of running the script)

Follow the steps and the requested inputs from the script and you should not go wrong.

Questions and feedback is welcome

Download the Script Here




RemoteApp POC/LAB RDS 2012 Single Server Deployment Script

I have written a Powershell Script to deploy RDS 2012 Single Server RemoteApp Proof of concept or lab deployment.

This script deploys a fully functional/preconfigured RDS deployment for use in a Proof of concept or Lab environment. The script deploys all the roles required for RDS and configures self assigned certificates for all roles.

The script asks a series of questions before the deployment:

  1. Servername: use the FQDN
  2. Session Collection Name: give the collection a name
  3. Collection Description: Give the collection a name
  4. Domain: enter the Domain
  5. Certificate Password: This is for the self assigned certificates
  6. RD Gateway FQDN: provide a external FQDN for the Gateway Role.

RDS Deployment Powershell Script

You can Download the script here


VMware ESXi 5.x host experiences a purple diagnostic screen Workarounds

VMware issued a Knowledge base article detailing a known issue with ESXI Hypervisors failing due to virtual machines using the Virtual Network Adapter (KB2059053).

The ESXI host will show the following symptoms:

Through the DCUI you will see a Purple Diagnostic Screen showing the following information:

@BlueScreen: #PF Exception 14 in world wwww:WorldName IP 0xnnnnnnnn addr 0×0 PTEs:0xnnnnnnnn;0xnnnnnnnn;0×0; - This indicates the virtual machine via WorldName 0xnnnnnnnn:[0xnnnnnnnn]E1000PollRxRing@vmkernel#nover+0xdb9 - This indicates the issue with E1000 Virtual Network Adapter

0xnnnnnnnn:[0xnnnnnnnn]E1000DevRx@vmkernel#nover+0x18a - This indicates the issue with E1000 Virtual Network Adapter 0xnnnnnnnn:[0xnnnnnnnn]IOChain_Resume@vmkernel#nover+0×247 - This indicates the issue with E1000 Virtual Network Adapter 0xnnnnnnnn:[0xnnnnnnnn]PortOutput@vmkernel#nover+0xe3 - This indicates the issue with E1000 Virtual Network Adapter 0xnnnnnnnn:[0xnnnnnnnn]EtherswitchForwardLeafPortsQuick@#+0xd6 0xnnnnnnnn:[0xnnnnnnnn]EtherswitchPortDispatch@#+0x13bb 0xnnnnnnnn:[0xnnnnnnnn]Port_InputResume@vmkernel#nover+0×146 0xnnnnnnnn:[0xnnnnnnnn]Port_Input_Committed@vmkernel#nover+0×29 0xnnnnnnnn:[0xnnnnnnnn]E1000DevAsyncTx@vmkernel#nover+0×190 0xnnnnnnnn:[0xnnnnnnnn]NetWorldletPerVMCB@vmkernel#nover+0xae 0xnnnnnnnn:[0xnnnnnnnn]WorldletProcessQueue@vmkernel#nover+0×486

The Current workaround provided by VMware:

  • Use the VMXNET3 virtual adapter
  • Disable (Receive-Side Scaling State) on the Windows OS

Disabling (Receive-Side Scaling State) on Windows OS

Use the following Command to check to see if “Receive-Side Scaling State” (RSS) is enabled (usually enabled by default)

Netsh interface tcp show global

Netsh showglobal

To Disable (RSS) use the following Command in (CMD):

Netsh interface tcp set global rss= disabled

Netsh setglobal

Locating affected Virtual Machines:

To locate the effected Virtual Machines you would need to use the following PowerCLI script I have written.

# VMware ESXI Script to show Virtual Machines using E1000/e Virtual Network Adapters

# Created by Ryan Mangan on the 17/04/2014

param (

[Parameter(Mandatory=$TRUE, HelpMessage="Enter the name of the ESXI Host FQDN")]



[Parameter(Mandatory=$TRUE, HelpMessage="Host Root Password Dual control")]



[Parameter(Mandatory=$TRUE, HelpMessage="Location of exported .txt output file")]




Add-PSSnapin VMware.VimAutomation.Core

ForEach( $VM in (Get-VM) ) { $VM|Where{ $VM|Get-NetworkAdapter|Where{ $_.ExtensionData -like “*e1000*” } } }

Out-File $exportfile


This script would need to be run on a client or vCenter server which has PowerCLI installed.

The issue is resolved in the following updates:

Knowledge articles:

VMware ESXi 5.x host experiences a purple diagnostic screen mentioning E1000PollRxRing and E1000DevRx (2059053)

Poor network performance or high network latency on Windows virtual machines (2008925)



Create Domain Admins group on ESXI5.1 Host

For all those wanting to access the local host of ESXI with Domain credentials rather than root account, have a look at this script.

I have written a script that creates a domain group on the root of ESXI 5.1 so that admins can access ESXI hosts locally with domain credentials. For this to work, the ESXI host will need to be domain joined before running the script.



# VMware ESXI Script to create Domain group on Root of ESXI Host
# Created by Ryan Mangan on the 16/04/2014

param (
[Parameter(Mandatory=$TRUE, HelpMessage="Enter the name of the ESXI Host FQDN")]

[Parameter(Mandatory=$TRUE, HelpMessage="Host Root Password Dual control")]

$DomainAdmin   = “Domain Account”
$DomainPW      = “Password”
$ADGroup       = “Domain\group”
$Domain        = “Domain FQDN”

Add-PSSnapin VMware.VimAutomation.Core
Connect-VIServer SVMHost -User root -Password $HostPW
Get-VMHostAuthentication -VMHost $VMHost | Set-VMHostAuthentication -Domain $Domain -Username $DomainAdmin -Password $DomainPW -JoinDomain -Confirm:$false
Get-VMHost $VMHost | New-VIPermission -Principal $ADGroup -Role “Admin”
Disconnect-VIServer $VMHost -Confirm:$false

(Download here)


Load Balancing the RD Connection Brokers with KEMP

This post will show you how to configure the load balancing of RDS 2012 Connection brokers. For the configuration of RD Connection broker high Availability please see the following article (here)

Before we get started with the configuration of the KEMP LoadMaster, I have included some information on other load balancing solutions and why its important to use a Hardware/Software load balancers.

Why you should not use DNS Round Robin

Round Robin DNS (RRDNS) distributes workload among multiple servers but does not provide a mechanism for server availability. If a server within the host fails, RRDNS, unlike Hardware Load Balancing,  will continue to send traffic until a network administrator detects the failure and removes the server from the DNS address list. This results in service disruption for clients.

Why you should not use Network Load Balancing (NLB)

  • Windows Network Load Balancing is limited to a maximum number of 32 possible hosts in any one cluster
  • Load calculations are only based on the network load and Server response time
  • All hosts must be in the same subnet
  • Each Server Shares the same IP address
  • offers basic layer 4 load balancing functionality

Configuring Remote Desktop Connection broker High Availability with KEMP

If you Haven’t already implemented RDCB HA, I would suggest that you configure the KEMP Loadmaster first.

If you are migrating from DNS Round Robin over to KEMP, I would recommend that you add an additional DNS record for the KEMP Loadmaster (run parallel) and once configured remove the old records.

The Connection broker communicates with other connection brokers using the service port 3389.

Create the virtual Service and Set the port to 3389.

Virtual Service


RDS Connection Broker Load Balancing

Enter in the Service Name, select the service type “Remote Terminal”

Under standard options, you will need to ensure that transparency is turned off and that persistence settings are set to “Session Broker” and a time out of “6 minutes”.

Set the Scheduling Method to “Least Connection” and the Idle connection timeout to “91″ seconds

Health Checking

Set the Real Server check parameters to “Remote Terminal Protocol” Checked Port “3389″

“Ensure that you have added the KEMP Virtual Service A Record to DNS and if using DNSRR, ensure you have removed the old records”

There you have it ! RDS Connection Broker High Availability Load Balanced with  a KEMP Loadmaster.






Get every new post delivered to your Inbox.

Join 336 other followers

%d bloggers like this: