How to enable RDP access to Microsoft UAG 2010

Some time ago we found that the Microsoft UAG installation in our lab does not allow RDP access. The server itself was fine and the RDP service inside worked as expected – it was clearly visible on the VM console, – but the RDP connections were silently ignored. It looked strange and we spent the significant amount of time looking for the reason of this behavior over the internet, until we realized that the UAG server does allow us to connect via RDP from one of the remote computers – the one it was installed from. This gave us a clue on what’s going on and finally led us to the right direction.

The solution is simple and well-documented – but only if you know what to look for, as usual. It appears that Microsoft TMG (the product that Microsoft UAG is based on) allows remote access from predefined set of computers only. In order be allowed to open RDP to UAG server, the computer should be added to the list of Forefront TMG Remote Management Computers. The detailed instructions can be found at the bottom of this TechNet article, and I’ll quote the relevant part here also for future reference:

«Open the Forefront TMG Management console from the Start menu. In the console tree, click the Firewall Policy node. On the Toolbox tab, click Network Objects. Click Add, and then click Computer. Specify the details of the computer from which you will remotely manage Forefront UAG. … After adding the computer to the set, activate the changes in the Forefront TMG Management console.»

How to install RDP 6.1 on Windows Server 2003

Microsoft RDP client (aka “Remote Desktop Connection” or “Terminal Services Client”)  allows you to connect from your Windows station to other Windows servers. Version 6.1 was released in 2008 and nowadays many popular tools (such as mRemoteNG) state it as a requirement. Unfortunately, this version is available for Windows XP/Vista and Windows Server 2008, but not for Windows Server 2003.

So, how can you install RDP client 6.1 on Windows Server 2003?

It appears that in March 2011 Microsoft released security update for RDP client 6.0 and 6.1 – which can be installed on Windows Server, since the original RDP client 6.0 is supported there. Now, pay attention to this note in the “more information” section:

Bottom line? Take the official RDP client 6.0, download KB 2481109 for Windows Server 2003 (the security update mentioned above) – and you are ready to run with RDP client 6.1 on your Windows Server 2003!

How to install Admin Pack for Windows 2003 on Virtual Machine

The internet is full of complains that Admin Pack for Windows 2003 cannot be installed due to protected Windows files. I guess that this can happen for various reasons, but I have found a solution for at least one of the cases – when the server where the installation of Windows 2003 Admin Pack fails is virtualized.

So, we have two servers – Windows 2003 Server with Active Directory installed as Domain Controller (server #1) and VM with Windows 2003 Server that is a member of this domain (server #2). The need – administer DNS and DHCP settings of AD remotely, but corresponding MMC snap-ins are not available by default on non-DC machines. The correct way is to install ADMINPACK.MSI, available from Windows 2003 installation CD-ROM or from Microsoft Download Center. (Of course, you can always open an RDP session to a DC – but this does not address the real need.)

However, the installation suddenly shows a message “The Windows Installer service cannot update one or more protected windows files” and rolls back everything that was already installed. The Event Viewer reveals error numbers (“Error 1933. … SPF Error: 1223.”) and the list of protected files – but this does not really help. So, what can we do about that?

In fact, the solution is really simple. Running the same installation via the console RDP session (or in the vSphere console) reveals the real cause for the failure – the Admin Pack install needs Windows 2003 installation CD-ROM, but for some reason does not tell that on non-console sessions. After the requested CD is provided (for VMs, this can be done by mounting the CD image in vSphere or via DaemonTools), the installation was able to complete successfully. Continue reading “How to install Admin Pack for Windows 2003 on Virtual Machine”