Thursday, October 20, 2016

RD Gateway Port Change

I recently had to set up a Remote Desktop Services deployment at a client who only had a single external IP, and utilising port 443 for their on premise Exchange server, for OWA.

Once the deployment process had finished, I launched RD Gateway Manager from the Server Manager. Went to the properties of the server, and selected Transport Settings. Changed the default port to whatever, I'm using 8443 in this example.

Once changed, I loaded IIS and checked the Default Web Site to ensure that the port had been correctly bound to RDWeb, which it had automatically.

Quick test ensured internal and remote access to RDWeb via the new port.

Testing any of the Published Apps, or the Remote Desktop, failed with the following.

When editing the .RDP icons, I found that there was no port.

 There are 2 methods of fixing this. One is in the registry, and the other is the correct way of doing it, which is using Powershell.
Run Powershell as Administrator, and use the following command "Set-RDSessionCollectionConfiguration -CollectionName "CollectionName" -CustomRdpProperty "gatwayhostname:s:<YOUR HOST NAME>:<PORT NUMBER>"

Confirm this has taken effect by using Get-RDSessionCollectionConfiguration.

Once you've run that, refresh your RDWeb page (if it's still open) and download the .RDP file again, and you will find upon editing, that it will have the port under the RD Gateway Server settings.

Thursday, October 13, 2016

Security Group Membership Export

A while back, I posted about email address auditing, and a way to export all members of distributioun groups from powershell. I found this incredibly useful, and use it quite often. I've always talked to my colleagues about looking into a similar script for

I've just created a nice little script that deals with that in a manner that I think is appropriate.
Import-Module ActiveDirectory
$ou = Read-Host -Prompt 'Specify Organizational Unit here'
Get-ADGroup -filter {GroupCategory -eq "Security"} -SearchBase $ou |  ForEach-Object {
$group = $_.SamAccountName
$saveto = $("C:\temp\" + $_.Name + ".csv")
Get-ADGroupMember -identity $group -recursive | select Name | Export-Csv $saveto
I've specify the OU where my custom security groups are, otherwise I would be exporting groups like Domain Computers.

This creates a CSV file for each individual security group, with the same name as the security group.

Hope this helps someone who is looking for the same solution.

Thursday, October 6, 2016

AD / SYSVOL Version Mismatch

I recently had a call from a client, advising they were unable to RDP to a server.
After basic troubleshooting, I discovered that the Windows Firewall was blocking port 3389 from all sources, which was set by server.

I checked the Group Policy in question, and confirmed that Allow inbound Remote Desktop exceptions was configured.

I then confirmed that I could RDP to other servers in the same security groups and OUs.
I ran GPRESULT /R GPreport.html, which returned the following results.

Labtech is in use on this site, and the firewall rules are set from within the Default Domain Policy.

A quick look around advised me that this error for Windows 8/Server 2012 had this hotfix available. Windows 8.1/Server 2012 R2 has this issue fixed with this update

After installing this hotfix, and rebooting the server, I had one rather happy client.