Remote Desktop and VDI Printing – Product Comparison

From this post I’m trying to compare few products in the market for remote desktop printing. It is not deep technical comparison, only the overview comparison of products and its usefulness in remote desktop services.

Why the need of a Printing solution for Remote desktop services.

Remote desktop and VDI solutions are becoming popular because the ability to centrally manage an end user and it’s cheaper than managing an individual PC. These are session based solutions, which is a central server environment provide sessions or an OS Image presented to the client through the network. Because the sessions are in a remote location, accessing local resources such as printers, scanners and audio devices are challenging.

As I discussed in Remote desktop printer redirection article Microsoft Remote Desktop Terminal services use Printer redirection to run print jobs from the terminal sessions. But to get a real time accurate print jobs, you have to install the local printer driver to the session host or VDI host server. This will work on small organizations having only one or two printers. But with the companies that having many different printers, it’s a really difficult. Also as I explained in my previous blog post of Remote desktop printer spooler crash article, printer spoolers tend to crash with some printer drivers.

So if you are having these problems and need to find a permanent solution for printing, you have to go with a printing solution.

What options need to consider when selecting a Remote Printing Product

There are many products in the market to support remote printing. But not all are good for the job. I have organized few things that you may have to consider when selecting a product.

  1. Product should address the requirement
    First you have to identify why you need to use the Printing product. As an example If it’s only for remote desktop printing, selecting a product that have more features like mobile device printing, IOS printing are not relevant. Because these will cost you more. You only need to find product which can do remote printing on timely and accurately
  2. Ease of installation
    How easy to install, if the product have many roles and need planning, it will take long time not so easy.
  3. Ease of management
    Product should be easy to manage, if the product is having many roles that need to manage it will be another administrative task.
  4. Licensing Cost
    Cost is really important when selecting the product. In the market there are products that is having so many features. some are important but most of these features are nice to have or irrelevant. So paying big money for them will get no use. So select the worthy product that matches you requirement.
  5. Any additional hardware or software requirement.
    If the product need additional servers such as print servers it will cost you more, and you will have a complex environment.
  6. Availability of full feature trial
    Most of the time you will be using this kind of a product first time, so it’s nice if you can try it before purchasing.  Then you can get the idea of the product very well. Test the following features.
    Ease of installation
    Trying different types of print jobs
    How quick you get the printer output
    System resources utilization.

Feature comparison with Popular Remote Printing products.

This comparison is based on how the products support in remote desktop and VDI printing. Support of mobile devices and other solutions were not considered. Following table compare popular printing tools (TSPrint vs ThinPrint Vs Unirpint Vs ScrewDrivers) and all information for this comparison based on product articles found in product websites and this product features may be changed or updated over the time.

TSPrint vs ThinPrint Vs Unirpint Vs ScrewDrivers



I haven’t had chance to test all the products. But I have installed TSPrint from terminal works and see how it works. It was easy to download and no need to register myself. Also it is a straight forward installation. Only two clients, server client need to install in the Remote desktop session host, workstation client to install in each RDS client. And that’s it, no more configurations. I have tested with different print jobs from RDP Client, all are accurate and output was in real time.

Other products should also work fine but cannot give a comment without checking them first. So if you are going for a product just download the trial version and install to test it. Consider the product options that I have stated when selecting a remote print product.


Please note: I have used product web sites and Youtube videos which is free available in the internet to get information for this post. Some information such as pricing and features of the products may be updated or changed with the time.

Azure Remote app | Error | DNS server could not be reached

I have created Remote app Hybrid configurations in Azure, My remote app environment connecting with the azure VM network. So I have implemented VNET to VNET connection with my azure virtual network and remote app virtual network. And I have uploaded my Customize Template image to the remote app.

But the issue comes when I’m trying to create the remote app collection. It giving the following error.

ERROR – Could not provision the RemoteApp collection. Error: DNS server could not be reached.

Featured image

This is a common error to many remote app users, and there are many blogs saying to add google DNS to the Virtual network of remote app. I have tried this, and it make me to recreate the VNET to VNET. But it didn’t helped me.

So I started troubleshooting and found this Remote app machine is added to the Active directory, I used that computer account name and remote desktop to that using my DC in azure VM. After connected to this VM, I have added google DNS ( to this remote app VM by changing the network adapter properties.

Then went back to azure portal – Remote app – Remote app collection – Update

And it worked 🙂

Use this method if you got in to this trouble.

Hope this was useful

Azure Automation | Start | Stop | Virtual machines.

Azure automation is a cool feature that can use to automate the creation, monitoring, deployment and management of cloud resources in your Microsoft Azure subscription using a highly-available workflow execution engine.

It’s a really cool feature, but when it’s first released, all the PowerShell run books have to use the certificate based authentication. And there should be a separate run book required to publish to access this certificate based authentication. But with new updated azure automation, its support PowerShell credential based authentication, which will enable to write PowerShell run books much easier.

This article describe how to automate the VM start and stop (deallocation) using PowerShell run books by credential level authentication.


  1. Create an Azure Administrator account in the Azure active directory to run Azure automation run books.
    1. Create a Azure Active Directory User
      1. Select Active Directory on right side panel
      2. Select the Azure active directory
      3. Create new user (Automation user)
    2. Make this user as a Co-Administrator
      1. Select Settings from panel
      2. Select administrators
      3. Click ADD user and give the email address of the user account that created. (Automation user)


  2. Create Automation Account
    1. Click the automation tab
    2. Click the plus sign to create a new automation account.


  3. Define credential for azure automation account
    1. Click the newly created automation account
    2. Go to assets tab
    3. Click add settings and select ADD credentials.
    4. In define credentials page select PowerShell credentials for credential type


  4. Create VM start Run Book.
    1. Click the run book tab
    2. Click new (plus sign)
    3. Automation – runbook – quick create, give the runbook name as VM start.
    4. Click edit runbook or click on the Run book – Autor – Draft
    5. Type the following powershell script

      workflow Get-VMStart


      $Cred = Get-AutomationPSCredential –Name

      Add-AzureAccount -Credential $Cred

      Select-AzureSubscription -SubscriptionName “Visual Studio Premium with MSDN”

      Start-AzureVM -ServiceName “VM01” -Name “VM01” -force



      • In automation ps credential name, type the account name that defined earlier.
      • Subscription name, you can find out from the portal – settings – subscription
      • AzureVM – Service name, is the cloud service name for the VM
      • AzureVM – name , is the VM name.
  5. Create a VM Stop runbook
    1. Use the same steps with the following script (use a new runbook)
      workflow Get-VMStop


      $Cred = Get-AutomationPSCredential –Name

      Add-AzureAccount -Credential $Cred

      Select-AzureSubscription -SubscriptionName “Visual Studio Premium with MSDN”

      Stop-AzureVM -ServiceName “VM01” -Name “VM01”


  6. Click Test to run the Runbook.

you can schedule this runbooks to run any preferred time

Hope this is helpful


SCCM 2012 R2 using Multiple Task Sequences via PXE

In SCCM 2007 if you advertise multiple OSD task sequences to a collection, we can select the required task sequences in Win PE boot mode. This helps us to select required windows version when installing (Ex -Windows 7 32bit or 64bit).

But in SCCM 2012 R2 this is rather different. We have to do few changes and these changes are really make some sense. Good thinking by Microsoft.

  1. Create the Task Sequence
    This can be built in task sequence or custom task sequence.2
  2. Deploy the Task Sequence, when deploying select available in purpose.1
  3. When client start the network boot, you are required to press F12. If F12 is not pressed Client computer will go to the next boot device and boot. This make sense because this Task sequence is deployed as available not required. so when windows PE boots, the multiple task sequences will be desplyed and you can select the required task sequence.

    These new changes are really valuable, using these we can deploy the OS upgrade or OS deployments to every computer, and because the F12 press requirement to deploy the task sequence, normal Client boot up will not be interrupted. Also we can deploy multiple task sequences to different Operating system versions.

    These are small things but might give high impact on automation.

    Hope this post is helpful.

Windows server 2003 Clients cannot Remote Desktop to Windows Server 2012 Session Hosts

Recently I have faced a Problem that all of the Windows Server 2003 Clients cannot Remote Desktop to Windows server 2012 Session host server. They have prompted with following error.

“The remote session was disconnected because the remote computer received an invalid licensing message from this computer”


I have two Windows server 2012 session host servers and this issue only occur to one of the servers. I have tried to solve this by adding different settings that have suggested in blogs and articles but nothing helps. After getting Microsoft support, they have suggest a solution that helps to resolve the issue.

Please use following steps to resolve this issue.

  1. Login to the Session Host server (Server 2012)
  2. Backup the registry
  3. Find the following registry key
  4. Delete following registry keys
  • X509 Certificate
  • X509 Certificate ID
  • X509 Certificate2
  • rds1
    5. Restart the server

If the issue is on this, deleting these registry entries will make windows server 2003 clients successfully login to windows server 2012 session hosts.

Hope this information is useful.

Window server 2012 | Remote Desktop Connection Broker high available with SQL Server Mirror


In my previous post I have described how to create high available connection broker set up. But that setup depend on one SQL server, so SQL server became single point of failure. To address this I have checked HA for SQL server and found SQL server mirror is supported with RD broker HA. I have implemented this in test and production environment and its works really fine.


Deployment prerequisites

  1. Install the same SQL server version in the new server, use the same accounts as in mirror server.
  2. Witness server – this is for automatic fail over purpose. It can be another SQL server or Install SQL Express version on a server. No need of a dedicated server this can be a server that uses for other purpose.
  3. Added firewall exceptions to all SQL servers.

Step 01 – Configure SQL mirror

  1. Please refer the following technet articles when crating the mirror


  2. Login to principle SQL server and connect to mirror database and witness database server from that management consol. Perform this step to identify the connectivity to all principle, witness and mirror database servers.
  3. Change the principle server’s RD database to full recovery mode.
  4. Please refer the technet article, I’m just only giving the steps that you have to perform.


  5. Backup the principle database and restore it in mirror server using NO RECOVERY mode
  6. Backup the transactions and restore it in mirror server using NO RECOVERY mode
  7. Note – all SQL servers SQL service should run as a domain user. And check in mirror server side, Database should have sysadmin, owner, public right to the security group of RD brokers.
  8. Expand Databases, and select the database to be mirrored. Right-click the database, select Tasks, and then click Mirror. This opens the Mirroring Page of the Database Properties dialog box.
  9. Click Configure Security.

If the mirror successful, check the failover

Step 02 – Configure RD brokers to support SQL mirror.

When configuring HA broker you have to provide the Database connection string, this connection string is configured to point to the RD database and its SQL server. Please refer the previous blog post on this. But to support SQL mirror this connection string have to be changed. And it cannot edit in GUI mode, only PowerShell support this.

Use following PowerShell commands to edit Connection string

  1. Login to a Broker server and open PowerShell in run as a administrator.
  2. Type following commands

Import-Module remotedesktop

To check the current configurations type following command –


Set the connection string –

Set- RDDatabaseConnectionString -DatabaseConnectionString “DRIVER=SQL Server Native Client 10.0;SERVER=<Principle server name>;Failover_Partner=<Mirror Server>;Trusted_Connection=Yes;APP=Remote Desktop Services Connection Broker;Database=<DatabaseName>;

If the command succeeds, confirm it in GUI mode.


To test the configurations, fail over the principle database to mirror using SQL management consol. And refresh the connections from Server manager – Remote desktop services- collections – connections and refresh. If mirror successful this connection remain as same. J.

If connections are empty, that means broker servers are not connecting to the mirror server database, most common problem is database security in mirror server. So check all brokers have full access to the mirror database and mirror database saved folder.


Hope this is helpful, cheers.

Remote Desktop Services 2012 | Remote desktop Connection broker High availability 2012

RD Connection Broker:

Remote Desktop Connection Broker (RD Connection Broker), formerly TS Session Broker, supports session load balancing and session reconnection in a load-balanced RD Session Host server farm. RD Connection Broker is also used to provide users access to RemoteApp programs and virtual desktops through RemoteApp and Desktop Connection. If the RD Connection Broker Load Balancing feature is enabled, RD Connection Broker also tracks the number of user sessions on each RD Session Host server in the farm, and redirects users who do not have an existing session to the server with the fewest sessions. This functionality enables you to evenly distribute the session load between servers in a load-balanced RD Session Host server farm.

High available Connection Broker Design


The Active/Active Broker feature in Windows Server 2012 is a full high availability deployment where every RD Connection Broker server is active and sharing the load. It provides high availability and high scalability benefits for medium to larger deployments. SQL Server is used for storing RD Connection Broker server runtime and configuration data thereby allowing admins to use SQL HA features for data high availability and scalability. This Active/Active Broker provides the administrator with an easily deployable high availability and scalability solution for RD Connection Broker servers

Deployment Prerequisites.

  • At least 2 servers required for connection broker high availability, (windows server 2012)
  • Specific database server or Sql database instance. SQL server 2008 R2 Standard or higher
  • Download and install SQL native client on all connection broker servers.
  • RD broker server have full permission to the SQL database and SQL installation folder.
  • Minimum one server required as session host server.
  • Firewall exemptions for SQL server should be defined before the implementations.

Connection broker Deployment.

Step 01

  • Add two connection broker servers, SQL server and session host servers to the domain
  • Create a DNS A record to represent both Connection broker servers with a single DNS. When using RDP, clients can connect to this DNS
  •  Image
  • Create a Security Group in the DC and add both Connection Broker servers to it.
  • Install SQL server 2008 R2 or SQL 2012 in Database server,
  • Create a folder in SQL server, both RD connection brokers servers should be have access to this folder, add the previously created security group to the folder security permissions and provide full access. This is where the database should be saved and both RD broker servers should have access to it.
  • Install SQL native client on both RD connection broker servers. If your SQL server is SQL server 2008 R2 then use SQL native client 10 and if its SQL server 2012, use SQL Native client 11.

Step 02

  • Login to a one Connection broker server and add all other servers to server manager,
  • Server Manager – Dashboard – Add role and Features
  • Select Remote desktop service installation

cb3 cb4

  • Select one connection broker servers


  • Select RD web access as the same Connection broker server
  • Select RD session host server


  • Select restart the destination server if required and Deploy
  • All 3 roles should complete as successful



Step 03

  • Go to server manager – remote desktop – Overview


  • Use previously created security group and give this group sysadmin, full permission to the SQL Server by using SQL Server Management Studio’s “Security” configuration.
    1. This security group also should have full permission to the SQL installation folder as mentioned in Step 01

cb9 cb10

  • Right click the connection broker and select connection broker high availability.



  • Enter the following three settings:
    1. The connection string to the SQL database containing the name of the database to be created for the RD Connection Broker server. This is the string that RD Connection Broker servers will use to connect to the RD Connection Broker database on the SQL Server.
      Example: DRIVER=SQL Server Native Client 10.0;SERVER=<SQL Server Name>;Trusted_Connection=Yes;APP=Remote Desktop Services Connection Broker;DATABASE=<DB Name>

(If you are using SQL 2012 use native client version as 11.0)

    1. The folder in which the database file is to be stored. If a local path is used, that folder should be on the SQL Server computer. This is the folder that previously created and added the broker security group as full permissions
      Example: C:\DbFiles
    2. The DNS Round Robin entry name containing IP addresses of all the RD Connection Broker servers. This will be used by RDP clients to connect to the RD Connection Broker servers.





  • Open SQL server manager in database server, the RD database is now created. Go to the security tab, Select the security group that previously added– right click properties, set default database as RDS database, and go to user mapping – tick the RD database and tick db_owner, public.


  • Right click the connection broker and select add connection broker server


Select the server and click next




This is the exact method that you can High available the RD connection broker servers. Now you can check this by using RD connection to Connection broker round robin DNS name. You can check the high availability by shutting down a one server or set active connection broker from remote desktop overview.



This article is only cover how to high available RD connection broker in windows server 2012 using one SQL server. But this scenario SQL server is became a single point of failure. So on my next blog post I will cover how to high available SQL server for RD broker using SQL mirroring.

Please create session collection and other configurations (User group adding to remote desktop security group) before use this setup because its only cover the RD broker HA.

Windows server 2012 Remote desktop services | Terminal server Printing without Easy Print

With Windows 2008 Microsoft introduce new way of printer mapping called Easy print, as the name implies this makes terminal session printing really easy. It will map clients locally installed printer to the terminal server session and the terminal session user only have to do is click print, printed document will receive in client site printers.
That is the success story of the easy print but there are far worst side, That is the slowness of printing, Easy print use XPS document that will download to the client computer, and this is some times very larger than the printing document, if your client session is connected from a remote low bandwidth location, definitely it’s going to make client life miserable with the slowness of printing.

I have faced this and I found the solution is to move to old conventional way of printing with Remote desktop services, this is how you do it using Windows server 2012 Remote desktop services.

Step 01
Edit the following group policy objects to make Easy printing as the second priority.
Computer Configuration\Policies\Administrative Templates\Windows Components\Terminal Services\Terminal Server\Printer Redirection\Use Terminal Services Easy Print printer driver first
– Disable
User Configuration\Policies\Administrative Templates\Windows Components\Terminal Services\Terminal Server\Printer Redirection\Use Terminal Services Easy Print printer driver first
– Disable
You have to do this on all remote desktop host servers if you have a farm. This will make Easy printer driver use as the second option, it will not going to disable easy printing.

Step 02
To work with the conventional printing, you have to install the exact same client’s printer driver on the Session host Server.
Easiest way to install the clients same printer driver to server is share the printer in client side , and access it from the server, when accessing the driver will be copied to windows server 2012 session host server. Then using the add printer add the correct printer driver to the server.
Check the printer drivers from Printer server properties and drivers tab


Note – Remember, Client computer and session host server should have same exact printer driver

Step 03
1. Log off all existing sessions and initiate a new Remote desktop session,
2. Go to devices and printers – redirected printer should be available here,
3. right click and select printer properties – select advance tab
4. Printer driver should be set to real printer device driver not as Easy Print Driver.

Printer set to Easy print driver

Mapped printer with client’s printer driver, your redirect printer should look like this.

5. Check with printing.

If you have installed correct drivers, printer driver will be mapped in advance view of printer properties. If the client computers is having different printer drivers, all of those drivers required to add in to the session host server. If the client is having 32 bit drivers, those drivers also required to be in the windows server 2012 or 2008R2 server.

Hope this is useful … cheers.

FEP Clients not reporting to SCCM console

Recently I have faced a problem that FEP clients not reporting to SCCM console. They are placed in not reporting Collection in FEP collections.
I have drilled down the problem and found out FEP clients are reporting to the SCCM server by Desired Configuration management. For that client should have .NET Framework 2.0 or Later version.
This was not mention in FEP 2010 client prerequisites by Microsoft TechNet. 🙂 🙂 🙂
So I have created a package for Dot Net Framework 3.5 and advertise it to none reporting computers. All started to report back to SCCM Console.

NOTE – when creating .NET Framework 3.5 package use program command line – dotnetfx35.exe /qb and silent install.


Monitor Virus guard definition level from SCCM 2012 compliance management ( Symantec End point protection )


Compliance settings in SCCM are really important feature when you customize it to meet organizational requirements. When managing compliances, SCCM 2012 is having direct methods of alert subscriptions and better reporting’s than SCCM 2007. It also supports PowerShell scripts.

In this post I will introduce a method to monitor the compliances of install virus guards and its definition levels.


I will take Symantec End point protection as my virus guard. If my virus guard application did not receive an update within seven days, it will be a none-compliant computer. We can monitor this from alerts, alert subscription and reporting.  

First of all you have to find the location of your virus guard’s definition file location.

Symantec Endpoint protection

  • C:\ProgramData\Symantec\Definitions\VirusDefs\definfo.dat

Avast virus guard

  • C:\Program Files\Alwil Software\Avast5\defs\aswdefs.ini

Then use the following script, change the file location according to your virus program.

Option Explicit

Dim VirusDefCfg, FileSys, FSO, LastModified, DateDifference, noSymantecPresent
VirusDefCfg = “C:\ProgramData\Symantec\Definitions\VirusDefs\definfo.dat”
noSymantecPresent = 9999

Set FileSys = CreateObject(“Scripting.FileSystemObject”)
Set FSO = CreateObject(“Scripting.FileSystemObject”)

If FileSys.FileExists(VirusDefCfg) <> True Then

WScript.Echo noSymantecPresent

End If


LastModified = FSO.GetFile(VirusDefCfg).DateLastModified

DateDifference = DateDiff(“d”, LastModified, Now())

WScript.Echo DateDifference


  • SCCM create new configuration Item

Fill the details and add the script. Make sure to select Script, data type Integer and VB script.




  • Go to compliance rules, New rule , rule type value, Less than – 7, this will make sure if value return more than 7 days , computer will be none compliant.


  • Create a compliance baseline and add this configuration item for that. Then deploy that compliance baseline to your desired collection.
  • After schedule time reached you can view the compliance from
    • Monitoring – Deployment – Compliance baseline
    • Reporting – compliance and settings management – summery compliance by configuration baseline.

This script can be used on any virus guard program, you have to find the location of the definition file location and add it to the VirusDefCfg variable.

Hope this is useful ,