RDCMan v2.7 Unknown disconnection reason 3848

RDCMan-logo

Last week Microsoft released Remote Desktop Connection Manager version 2.7 (aka RDCMan).  It has some really cool features and supports Windows 8.1 and Windows Server 2012 R2.  This tool is essential if you run a lot of virtual machines.  One of the new features allows the ability to connect directly to virtual machines (called virtual machine connect-to-console support).  Configuring a connection for this new feature is rather easy once you have the ID of the virtual machine.  The following PowerShell command should do the trick:

get-vm VMName | Select Id

Once you have this information, enter it on the Server Settings tab like in the following screen shot:

RDCMan

The Server name field is the name or IP address of the Hyper-V host and not the VM.

Once you have this setup, you should be all set…that is unless you get the following error like I did (BTW – I am running Windows 8.1 Enterprise x64 on my laptop as my Hyper-V host):

RDCMan2

Disconnected from VMNAME (192.168.1.243)
[Unknown disconnection reason 3848]

The reason for the error appears to be that the Credential Security Service Provider (CredSSP) policy on the Hyper-V host is not enabled to authenticate user credentials from a remote location.  Setting the following registry keys fixed part of the problem for me.

#Disclaimer:
#Your use of these example scripts or cmdlets is at your sole risk. This information is provided “as-is”, without any warranty, whether express or implied, of accuracy,
#completeness, fitness for a particular purpose, title or non-infringement. I shall not be liable for any damages you may sustain by using these examples, whether direct,
#indirect, special, incidental or consequential.

New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowDefaultCredentials -Name Hyper-V -PropertyType String -Value "Microsoft Virtual Console Service/*" -Force
New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowDefaultCredentialsDomain -Name Hyper-V -PropertyType String -Value "Microsoft Virtual Console Service/*" -Force
New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentials -Name Hyper-V -PropertyType String -Value "Microsoft Virtual Console Service/*" -Force
New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentialsDomain -Name Hyper-V -PropertyType String -Value "Microsoft Virtual Console Service/*" -Force
New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentialsWhenNTLMOnly -Name Hyper-V -PropertyType String -Value "Microsoft Virtual Console Service/*" -Force
New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentialsWhenNTLMOnlyDomain -Name Hyper-V -PropertyType String -Value "Microsoft Virtual Console Service/*" -Force
New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowSavedCredentials -Name Hyper-V -PropertyType String -Value "Microsoft Virtual Console Service/*" -Force
New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowSavedCredentialsDomain -Name Hyper-V -PropertyType String -Value "Microsoft Virtual Console Service/*" -Force
New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowSavedCredentialsWhenNTLMOnly -Name Hyper-V -PropertyType String -Value "Microsoft Virtual Console Service/*" -Force

One other thing that I had to do in order to get this to work was to add my account into the local Hyper-V Administrators group on my Hyper-V host (even though my account was already a local administrator).  Now when you connect to a VM and you are prompted for credentials, use your credentials for the Hyper-V host for the initial prompt.  These credentials can also be saved on the RDCMan Server Properties under the Logon Credentials tab.  Once connected, that will bring you to the logon screen of the VM where the credentials for the VM are entered.

More information about the CredSSP policy issue, as well as alternate configurations (i.e. GPO), can be found in the following knowledge base article:

When I use the Virtual Machine Connection tool to connect to a virtual machine on a Windows Server 2008 Hyper-V-based computer I receive an error message: “A connection will not be made because credentials may not be sent to the remote computer”

Originally posted on https://miketerrill.net/

My Sessions at the Midwest Management Summit

MMS180x150

I am really honored to have been a speaker at the first ever Midwest Management Summit (aka the new MMS), that took place November 10th – 12th in Minnesota.  This event was the who’s who of systems management and did not disappoint.  There were over 100 sessions delivered in three days by 50+ experts (which included 32 Microsoft MVPs).  This is one conference and training event that you will not want to miss next year.

I also got the opportunity to present again with my co-worker and good friend Troy Martin.  Troy and I presented the following two sessions:

Hacking the Task Sequence

We will go behind the scenes of the CM OSD Task Sequence engine to look at all of the Task Sequence variables.  Mike and Troy will show you:

  • Tips and tricks on how to pause, interact and resume a Task Sequence when developing your own custom steps.
  • How to overcome certain limitations like read only variables.
  • How to tweak your Boot Images so that they always contain the tools and utilities that are needed for ultimate success.
  • How the task sequence works “under the hood” and some cool tips for manipulating it.

MMS – Hacking the Task Sequence.pptx

PXE Booting in the Real World

This session will focus on how PXE works and what it takes to get it working in the real world using System Center 2012 R2 Configuration Manager.  In addition to the native PXE boot capabilities in CM, this session will also cover the benefits and capabilities of PXE Everywhere from 1E.

Having difficulty performing zero touch because of 3rd party disk encryption?  Come learn the possibilities that open up when using PXE in your environment. Learn about PXE and what it takes to get up and running.

MMS – PXE Booting in the Real World.pptx

I also got to present for the first time with my co-worker Shawn Cardamon.  For those of you that have not met him, he is full of energy and constantly cracking jokes.  It was a fun presentation and we announced our upcoming 1E Solution Accelerator called 1E Enforcement that we will be releasing for free in the near future.

Advanced Application Management

System Center 2012 Configuration Manager application policies are evaluated prior to content being transferred, so that it can be determined if it the software is actually needed in the first place. Applications make use of the re-evaluation cycle which is enabled by default for all required deployments. This can cause potential issues if a rigid software distribution process is not followed. Come join us in this session as we take a deep look inside Applications and demonstrate some of the pros and cons. Also learn how to do selective Application enforcement and only those Applications that always need to be installed. Learn about Applications and application enforcement.

MMS – Advanced Application Management.pptx

Since 1E was a MMS Platinum Sponsor, we also gave a session on all the cool things that we do at 1E and how we help our customers save money.  For that session, I was joined by Troy, Shawn and also Liam Morrison.

World Class Solutions for Real World Problems

At 1E, our sole mission is to reduce the costs of running IT for our customers and provide avenues to true business value.

Many demands are being placed on IT today to deliver products and services which keep up with the consumerization of IT, provide stronger automation, and at the same time lower overall cost to the business. This session will cover what we see as the true circle of influence systems management has on an organization and how these things may be achieved. For example:

  • Are you currently facing a software audit or need to reduce costs on software licenses?  AppClarity can help by identifying software installation and usage. It can even remove unused installations to prevent further license purchases or audit exposures.
  • Are your users asking about BYOD? Are you constantly providing laptops for contractors and consultants?  With MyWorkNow you can provide a secure virtual corporate Windows desktop at a fraction of the price to any Mac or PC.
  • Are your users looking for an easy way to request and install software?  Has it been challenging to manage and assure the right applications are being installed for your users during an OS deployment? Shopping is the App Store for the Enterprise that puts users and IT in control, each being able to focus on more strategic efforts.
  • Stuck managing a large SCCM infrastructure? Do you have multiple locations to manage with SCCM?  Regardless of size, with Nomad you can eliminate the need for 95%+ of servers from SCCM architectures and still be able to perform all of the functions of SCCM like SWD, OSD and SUM.

Come and learn about 1E’s world class solutions and how they address real world problems.

MMS – World Class Solutions for Real World Problems.pptx

This conference was a great way to end the year and I am already looking forward to the next one!

Originally posted on https://miketerrill.net/

Using PowerShell to Create a BCD File

Recently, I was curious to see if I could get 1E PXE Everywhere (included with 1E Nomad) to boot a MDT Lite Touch boot image.  Since PXE Everywhere integrates with System Center Configuration Manager, it automatically creates the necessary BCD files based on the ConfigMgr boot images.  So that left me with using the command line utility bcdedit to generate the BCD file that I needed for the MDT Boot Image.  Not that there is anything wrong with bcdedit, it just requires a bit of typing out long commands.  It returns a GUID when the OSLOADER is create that then needs to be used in some of the follow up commands.  This is where I thought it would be nice to have a simple PowerShell cmdlet to do it for me – the only problem is one does not currently exist.  So after a bit of playing around with the syntax, I came up with the following function below.  It still calls bcdedit, but because of the way PowerShell uses certain characters, it is necessary to use various escape techniques.

This is a quick script to get the job done, so there is not any type of error handling or logging.  Also, I follow the PXE Everywhere naming convention of boot.xxxxx.bcd, so feel free to modify the script to your needs or preferences.

#Create-BCD
#Author: Mike Terrill
#Version 1.0

#Disclaimer:
#Your use of these example scripts or cmdlets is at your sole risk. This information is provided “as-is”, without any warranty, whether express or implied, of accuracy,
#completeness, fitness for a particular purpose, title or non-infringement. I shall not be liable for any damages you may sustain by using these examples, whether direct,
#indirect, special, incidental or consequential.

#Usages:
#Create-BCD Name Platform TFTPBlockSize
#Example:
#Create-BCD LiteTouchPE x64 8192
#Will create a BCD file called boot.LiteTouchPE_x64.bcd with a TFTPBlockSize of 8192

function Create-BCD {
    [CmdletBinding()]
    param (
    [Parameter(Mandatory=$true,ValueFromPipeline=$true)][string]$Name,
    [Parameter(Mandatory=$true,ValueFromPipeline=$true)][string]$Platform,
    [Parameter(Mandatory=$true,ValueFromPipeline=$true)][int]$TFTPBlockSize
    )

    $ImageName = $Name + "_" + $Platform
    $BCDFileName = "boot.$ImageName.bcd"
    bcdedit /createstore $BCDFileName
    bcdedit /store $BCDFileName /create "{bootmgr}"
    bcdedit /store $BCDFileName /set --%{bootmgr} description "Boot Manager"
    bcdedit /store $BCDFileName /set --%{bootmgr} fontpath \Boot\Fonts
    bcdedit /store $BCDFileName /create --%{ramdiskoptions} /d "Windows PE"
    bcdedit /store $BCDFileName /set --%{ramdiskoptions} ramdisksdidevice boot
    bcdedit /store $BCDFileName /set --%{ramdiskoptions} ramdisksdipath \boot.sdi
    #Grab the output that contains the GUID
    $x = bcdedit /store $BCDFileName /create /d "$ImageName" /application OSLOADER
    $GUID = $x|%{$_.split(' ')[2]}
    bcdedit /store $BCDFileName /default $GUID
    cmd /c "bcdedit /store $BCDFileName /set {default} device ramdisk=[boot]\Images\$ImageName\boot.$ImageName.wim,{ramdiskoptions}"
    cmd /c "bcdedit /store $BCDFileName /set {default} osdevice ramdisk=[boot]\Images\$ImageName\boot.$ImageName.wim,{ramdiskoptions}"
    bcdedit /store $BCDFileName /set --%{default} systemroot \WINDOWS
    bcdedit /store $BCDFileName /set --%{default} winpe Yes
    bcdedit /store $BCDFileName /set --%{default} detecthal Yes
    cmd /c "bcdedit /store $BCDFileName /set {ramdiskoptions} ramdisktftpblocksize $TFTPBlockSize"
    }

Using the example inputs will generate the following output (bcdedit /store boot.LiteTouchPE_x64.bcd /enum all):

Windows Boot Manager
--------------------
identifier              {bootmgr}
description             Boot Manager
fontpath                \Boot\Fonts
default                 {default}

Windows Boot Loader
-------------------
identifier              {default}
device                  ramdisk=[boot]\Images\LiteTouchPE_x64\boot.LiteTouchPE_x64.wim,{ramdiskoptions}
description             LiteTouchPE_x64
osdevice                ramdisk=[boot]\Images\LiteTouchPE_x64\boot.LiteTouchPE_x64.wim,{ramdiskoptions}
systemroot              \WINDOWS
detecthal               Yes
winpe                   Yes

Setup Ramdisk Options
---------------------
identifier              {ramdiskoptions}
description             Windows PE
ramdisksdidevice        boot
ramdisksdipath          \boot.sdi
ramdisktftpblocksize    8192

And if you were wondering if I got 1E PXE Everywhere to boot a MDT LiteTouch boot image – the answer is absolutely!

Originally posted on https://miketerrill.net/