Official MS RDP 8.0 Update for Windows 7 SP1 Released

The official Microsoft RDP 8.0 client for windows 7 x86 and x64 and for server 2008 has been released.

Make sure you download and install update 2574819 (links below) before installing  the RDP 8.0 client.  Each of these updates prompts for a re-boot, though I skipped the re-boot and continued to the second install before re-booting and it installed fine.  

Instead of downloading each file below and running them individually check my blog here if you want to download my MS Windows 8 RDP all-in-one combo updater package that automates the below process into one installer.

Operating system Update
All supported x86-based versions of Windows 7
All supported x64-based versions of Windows 7
All supported x64-based versions of Windows Server 2008 R2

How to verify that RDP 8.0 is enabled

To verify that RDP 8.0 is enabled on a remote computer that is running Windows 7 SP1, connect to the computer from a computer that is running Windows 8 or that is running Windows 7 SP1 by using Remote Desktop Connection (RDC) 8.0. After you connect to the computer, follow these steps to verify that RDP 8.0 is enabled:

  1. If RDP 8.0 is enabled, the connection quality button will be displayed in the connection bar.
  2. Click the connection quality button to open an information dialog box that resembles the following.

     

The presence of the connection quality button and of the connection quality dialog box confirms the availability of RDP 8.0 for the remote connection.

Those who,  because of the  issues stated below,  want to keep their old client version can still download my version which retains you old rdp client. Check my blog here 

Known issues with the RDP 8.0 update

  1. Virtual desktops that have RemoteFX vGPU installed cannot use RDP 8.0.

    Issue

    After you install and enable RDP 8.0 by using Group Policy on a computer that has RemoteFX vGPU installed, RDP 8.0 is not available.

    Resolution

    This update does not enable RDP 8.0 for connections to computers that have RemoteFX vGPU installed. If you must have RDP 8.0 enabled, remove RemoteFX vGPU from the virtual desktop to enable RDP 8.0.

  2. The Shadow command cannot be used to remotely monitor another user’s remote connection.
    Issue

    Windows 7 SP1 supports the Shadow command (Remote Control). This command can be used by an administrator to view or control an active session of another user. After RDP 8.0 is enabled on a computer that is running Windows 7 SP1, an administrator user cannot use the Shadow command to view or control another user’s session.

    Resolution

    Administrators can use Remote Assistance or another product that provides similar capability to view or control another user’s session.

  3. Aero Glass support is unavailable.
    Issue

    The Aero Glass remoting feature in Windows 7 lets users who are running compatible Remote Desktop Connection clients use features such as a Flip-3D, the live task bar preview, and the translucent window border in a remote desktop connection when a compatible RDC 7.0 client is used. After RDP 8.0 is enabled, users cannot use the Aero Glass remoting feature.

    Resolution

    Administrators should not enable RDP 8.0 on remote computers that are running Windows 7 SP1 for users who must use the Aero Glass remoting feature.

  4. RDP 8.0 on remote computers that are running Windows 7 SP1 does not use the UDP protocol.
    Issue

    The RemoteFX for WAN feature in RDP 8.0 intelligently uses TCP and UDP protocols to optimize the user experience. After you install and enable RDP 8.0 on computers that are running Windows 7 SP1, RDP 8.0 is configured to use only the TCP protocol.

    Resolution

    To resolve this issue, configure RDP 8.0 to use both the TCP and UDP protocols. For more information, see the “How to enable RDP 8.0” section.

  5. Local administrators who are not a member of the Remote Desktop Users group cannot sign in by using a Remote Desktop Connection client.
    Issue

    After RDP 8.0 is enabled, local administrators who are not a member of the Remote Desktop Users group cannot sign in.

    Resolution

    To resolve this issue, add local administrator users to the Remote Desktop Users group.

  6. The firewall rule that allows UDP traffic is not enabled when you use a Group Policy Object (GPO) to enable RDP 8.0.
    Issue

    If you use a GPO to enable RDP 8.0, the UDP firewall rule that allows UDP traffic is not enabled sometimes.

    Resolution

    To resolve this issue, create a GPO to enable the Remote Desktop – User Mode (UDP-In) firewall.

  7. You experience slow performance when IPsec is deployed in the network.
    Issue

    When you connect to a computer by using the RDP 8.0 protocol in certain situations, you experience slow performance. This issue occurs when IPsec is deployed in the network.

    Resolution

    To resolve this issue, install hotfix 2570170 on the server.

    For more information about hotfix 2570170, click the following article number to view the article in the Microsoft Knowledge Base:

    2570170 Performance issue when you enable the AuthNoEncap policy to handle large payloads in a network environment in Windows 7 or in Windows Server 2008 R2
  8. You cannot use the multi-touch and gestures functionalities when you connect to a computer remotely.
    Issue

    You cannot use the multi-touch and gestures functionalities when you use Remote Desktop Connection Client 8.0 on a computer that is running Windows 7 SP1.

    Resolution

    The RemoteFX multi-touch feature is supported only when both the client and server computers are running Windows 8 or Windows Server 2012.

Using Windows PowerShell to fix a broken Secure Channel and reset the computer account

When a computer joins a domain, a computer account is created in AD. The computer account gets its own password that will expire after 30 days (default). When the password expires, the computer itself will initiate a password change with a DC in its domain.

When the computer starts up, it uses this password to create a secure channel (SC) with a DC. The computer will request to sign all traffic that passes the SC. If a DC says “go ahead”, all traffic that is signed passes through this channel.

Traffic like NTLM pass through authentication is typically signed traffic.

So what happens if there is a mismatch between the computer account password? The computer tries to authenticate, but the DC says this is not the correct password.

The SC is down.

To reset the SC between a computer and a DC:

Open PowerShell on the local computer with the broken SC and run the cmdlet:

Test-ComputerSecureChannel -repair

*The cmdlet requires PowerShell 2.0  (which is pre-installed on Win7/2008R2) or greater

Restart Windows 8 or server 2012 in a remote desktop session

Restarting  Windows 8 or Server 2012 when in a remote desktop session

When you’re in a remote desktop connection in Windows 8 or Server 2012 the quickest way to restart the PC is to go to the desktop and  press ALT-F4.   Pressing Alt-F4  inside an application will close that application, so make sure you are on the desktop.

The below Shut Down Windows screen will appear. Choose Restart to restart the system.

Installation and Configuration of the Windows Server 2008 SMTP Server Feature

Installing the SMTP Server Feature on Windows 2008 is an easy process requiring only few steps to complete. In this article I will describe the step by step configuration and installation of the SMTP Server feature and how to enable the smtp to relay from the local server.

Step 1:
Opening Server Manager Console and under Features select Add Features

Step 2:
Selecting SMTP Server option

Step 3:
Click on Install wait until finish and click close

Step 4:
Waiting for installation to finish and clicking on Close

Step 5:
Opening IIS 6.0 Manager under Administrative Tools -> Internet Information Services 6.0

Step 6:
Under [SMTP Virtual Server] second mouse click and properties

Step 7:
Select Relay under Access Tab

Step 8:
Select Only the list below and click on Add button

Step 9:
Enter IP Address 127.0.0.1 for relay

Step 10:
Sending a manual email through telnet to confirm everything working successfully.Telnet localhost 25 or telnet yourpublicip 25 and make sure you open the specific port on your firewall to be available to public. To end message hit ENTER then a period then hit ENTER again

GPEdit.MSC – Doesn’t show changes made to the registry?

GPEdit.MSC – Doesn’t show changes made to the registry?

That’s a question that came up a couple of times in the past, so I thought I’d write a few words about it. The question is:

“When I make changes to the registry that correspond to a Group Policy Setting, why doesn’t show GPEdit.msc (the GPEditor) the changed setting?”

That is due to how Windows applies GP settings to the registry.

What GPEdit writes and reads is not the registry directly but a intermediate file, called the Registry.POL. The POL file stores the changes and registry values that get incorporated by the Registry CSE (well, there’s some involvement with the ntuser.dat but that’s a different story). The point is that GPEdit reads/writes Registry.POL and the CSE is using that Registry.POL file to read the registry configuration off the the file to put it into the registry.

When making changes to the registry, the Registry CSE doesn’t care about the current state of the registry keys and values it changes – it just applies the settings governed by the POL file. In fact, it does wipe all values in the “four” special POLICY-hives and re-creates them according to the POL file. So – changes you make to the Registry are not carried out back to the POL file and therefore, GPEdit won’t look find them there.

What you will always see in GPEdit is what is configured in the Registry.POL file.