Wednesday, February 24, 2010

RemoteApp and Desktop Connections "update was unsuccessful"

When you configure RemoteApp and Desktop Connections applet to provide RemoteApps to users via the Start Menu you may run into this error:

This error in RemoteApp and Desktop Connections is due to a difference between what you specify in the control panel applet as the feed URL, and the subject name on the certificate on the RD Web page.

For instance, my name on my certificate is:  But my feed is set to a local URL instead: https://rdweb.ash.local/RDWeb/Feed/webfeed.aspx

These two places much match. 

So I change my web feed URL to:,

In order for my internal users to understand where to go for this external URL, I add a dns zone (  and DNS entry pointing to the internal IP address of the RD Web server (or do loopback through your firewall if it supports it).

Saturday, February 13, 2010

Customizing the default profile for use with RD Session Hosts

Microsoft has changed how the COPY TO function - used in the past to copy profiles - works. In 2008 R2 it can only be used to copy the DEFAULT profile. But what if you want to customize the default profile? Microsoft documentation now says that the only supported way to customize the default profile is to sysprep the machine, with the COPYPROFILE setting in a called XML file:

Here are the two articles I have found on this:

Each of those articles gives the command to run to do this. And they are both wrong. The correct command is:

sysprep.exe /oobe /reboot /generalize /unattend:unattend.xml

(the unattend.xml file for this command is located in the same root folder as the sysprep.exe file)

This causes the system to use the unattend file, reboot, sysprep, and then go into OOBE as opposed to audit mode.

I don't know about you but I really don't want to sysprep a RD Session Host if I want to customize the default profile in any way. There are other ways to do this (load the hive in regedit, customize it, unload it for example...).

But what if you are used to the COPY TO button and perhaps not so familiar with customizing a registry hive....If all you want to do is to customize the default profile in order to be able to copy a customized default profile to a network share (for example, to become a mandatory profile) then it benefits to have your RD Session Host virtualized. Then you can snap shot it, sysprep it using the steps from the articles listed above (but using the updated command I gave you), copy the default profile to a network share using the COPY TO button, reboot, then roll back the VM to its prior state. That way your default profile stays in tact and you end up with a customized profile.
Posted by Kristin L. Griffin at 7:36 PM

Wednesday, February 10, 2010

w32tm and VMs

Configuring Time synchronization on your servers is pretty easy. There are articles like this one that walk you through it like this one:;EN-US;816042

and this one for syncing clients on a domain to a DC:

But what if your DC's are virtual machines? Mine are. And yep, I ran into issues.

I could configure them until the cows came home, but my time on the PDCe would not change (and was off by about 20 minutes....VERY annoying!)

To fix, I had to set the HOST machine (a member of my domain) to synchronize to an external time source. (For me, here in Seattle the time source I use is: (CNAME

Then turned off the windows time source on the PDCe, and set hyperv integration on this VM to use the Integration time sync.

I ran the command: w32tm /resync and WHAMMO, all my clocks updated. immediately.
And stayed that way.

A friend of mine said he did the flip flop of this: he turned off the HyperV Time Synchonization service (under Integration services) and that worked for him.