SQLServer parameter is required, otherwise the deployment will fail with error of missing argument of sqlserver.

The description implies it is only required for dedicated database, so for Azure SQL, it should not be required.

By providing sqlserver name, the deployment will complete but the script has errors loged for configuring the computer group for sql.

Should we check the sqlserver parameter is provided or not before running the SetupGroups in the SetupCB function?

From @mmarch on November 25, 2016 22:45

https://github.com/Azure/azure-quickstart-templates/tree/master/201-vm-domain-join
https://github.com/Azure/azure-quickstart-templates/tree/master/201-vm-domain-join-existing

this is said to work faster than domain join via dsc

Copied from original issue: mmarch/rds-templates#6

fix rds-update-certificate/Scripts/Script.ps1 rdgw wmi query for rap
script calling get-wmiobject with -computername but is logging 80040005
changing to invoke-command

From @mmarch on November 25, 2016 22:32

rds-deployment calls ad creation template which creates a loadbalancer, and then creates another one of its own

This is redundant and unnecessary.

Copied from original issue: mmarch/rds-templates#5

From @mmarch on November 25, 2016 22:14

rds-deployment has inboundNatRule in load balancer for RDP port 3389 open directly to gateway/rdweb vm

Copied from original issue: mmarch/rds-templates#3

From @mmarch on November 25, 2016 23:5

Need automated check-in validation and CI tests to prevent regressions.

Copied from original issue: mmarch/rds-templates#9

Existing vnet doesn't always work, since it assumes the vnet is in the same ResourceGroup as the current deployment, which isn't possible with Azure Marketplace deployment and doesn't work with typical ExpressRoute setups (where the ExpressRoute is all by itself in a resource group).

Behavior should model the one here:
https://github.com/Azure/azure-quickstart-templates/tree/master/101-vm-from-user-image
where...

• there is an "existingvnet.json" file
• there is a "newvnet.json" file
• the variable for which .json file to use is a concat of ["new/existing" in the variable] and "vnet.json"
• the network interface "dependsOn" this file
• the Subnet for the network interface is the output of this

From @mmarch on March 6, 2017 20:15

This always leads to validation errors - dns names and storage account names cannot have uppercase letters or dashes '-'.

See Azure/azure-quickstart-templates Issue #2990, and #12.

Per Best Practices guidelines for Resources: domainNameLabels should use uniquestring(resourceGroup().id) instead in all cases.

Copied from original issue: mmarch/rds-templates#35

documentation: RDS-Templates / rds-deployment-ha-gateway / azuredeploy.parameters.json

issue:
rds-deployment installs 1 rd gateway.

deploying rds-deployment-ha-gateway with default value of '2' for 'numberOfWebGwInstances' will deploy 2 additional instances of remote desktop gateway. this will give a total of 3 rd gateways.

setting value to '1' for numberOfWebGwInstances will deploy 1 additional rd gateway so that the total will be 2 rd gateways.

changing default value from 2 to 1

change from:
"numberOfWebGwInstances": {
"value": 2
},

change to:
"numberOfWebGwInstances": {
"value": 1
},

partial revert commit 4216303 that implements managed disk.

1. managed disks are breaking Azure Stack.
2. managed disks are breaking rds-deployment-ha-broker due to managed disks not being implemented in rds-deployment-ha-broker
3. issue #45 recommending tentative implementation for managed disks as part of 'p2'

add missing rds-deployment-ha-broker/azuredeploy.parameters.json parameter file for deployment

From @mmarch on March 15, 2017 21:53

Change all templates to use Azure Managed Disks, this will simplify things since there is no need to manage storage accounts anymore.

Copied from original issue: mmarch/rds-templates#37

I am running into an issue with Windows Virtual Desktop - Provision a host pool in Azure Resource Manager Marketplace

When you set Specify domain to join to yes the OU path I am entering is failing validation and I cannot continue. This same exact OU path worked about a month ago.

Domain to Join: adbyo.acexamplecompany.sandbox.ac

OU Path: OU=Win10Multi,OU=WVD,OU=Servers,OU=Endpoints,OU=AC Example Company,DC=adbyo,DC=acexamplecompany,DC=sandbox,DC=ac

It looks like it is because spaces are not supported for OU names because this DN passes validation.
OU=Win10Multi,OU=WVD,OU=Servers,OU=Endpoints,OU=ACExampleCompany,DC=adbyo,DC=acexamplecompany,DC=sandbox,DC=ac

From @mmarch on March 15, 2017 22:18

Need a parameter to specify which resource group the existing VNET belongs to.

"... the VNET is expected to be in the same RG as the other resources. In most of deployments this is not the case. "

"... current requirement of the Basic RDS Template with Existing AD, is that the VNET resides in the same Resource Group. This limitation came up in earlier discussion and we already identified this as something that we need to change going forward."

Copied from original issue: mmarch/rds-templates#38

From @mmarch on November 25, 2016 23:3

Currently we create WS2012R2 domain controller with rds-deployment.

https://github.com/Azure/azure-quickstart-templates/blob/master/active-directory-new-domain/azuredeploy.json has storageProfile/imageReference/sku hardcoded to '2012-R2-Datacenter'

Copied from original issue: mmarch/rds-templates#8

From @cnicholson on January 30, 2017 19:47

AD template uses "adLoadBalancer" . rdgwLoadBalancer is consistent.

Copied from original issue: mmarch/rds-templates#22

documentation: add additional documentation for Azure sql db creation and odbc connection string

will update readme.md and odbcstring and examples to create azure sql db

From @fberson on December 1, 2016 15:1

For most of the resources that these templates create a variable, parameter of function is used to construct the name of the resources. This makes sense and I usually do that too, however is does have a small negative effect on the readability in for example Visual Studio. Objects names are not resolved at this point.
An easy way to accomplish this is by adding a tag in the resource

    {
      "apiVersion": "[variables('apiVersion')]",
      "type": "Microsoft.Compute/virtualMachines",
      "name": "[concat(parameters('RDGWHostNamePrefix'),'0', copyindex(1))]",
      "tags": {
        "displayName": "RD Gateway Virtual Machines"
      },

This improves readability in Visual Studio, as per example below. Again, this is in no way critical but it helps to interpret resources in Visual Studio by others

Copied from original issue: mmarch/rds-templates#20

rds-update-certificate / Scripts / Script.ps1 issues with trusted cert.
not able to rdp due to gateway config in rdp file.
'gatewayhostname' not set to cert subject name in rdp file.

• testing self-signed
• trusted
• wildcard trusted

cert subject jagilber.com

bad rdp file:

drivestoredirect:s:*
redirectdrives:i:1
session bpp:i:32
prompt for credentials on client:i:1
server port:i:3389
allow font smoothing:i:1
promptcredentialonce:i:1
videoplaybackmode:i:1
audiocapturemode:i:1
gatewayusagemethod:i:1
gatewayprofileusagemethod:i:1
gatewaycredentialssource:i:0
full address:s:broker.eastus.cloudapp.azure.com
gatewayhostname:s:rdsdepha3.eastus.cloudapp.azure.com
workspace id:s:broker.rdsdepha3.lab
use redirection server name:i:1
loadbalanceinfo:s:tsv://MS Terminal Services Plugin.1.Desktop_Collecti
use multimon:i:1
alternate full address:s:broker.eastus.cloudapp.azure.com

good rdp file: (manually modified)

redirectclipboard:i:1
redirectprinters:i:1
redirectcomports:i:0
redirectsmartcards:i:1
devicestoredirect:s:*
drivestoredirect:s:*
redirectdrives:i:1
session bpp:i:32
prompt for credentials on client:i:1
server port:i:3389
allow font smoothing:i:1
promptcredentialonce:i:1
videoplaybackmode:i:1
audiocapturemode:i:1
gatewayusagemethod:i:1
gatewayprofileusagemethod:i:1
gatewaycredentialssource:i:0
full address:s:broker.rdsdepha3.lab
gatewayhostname:s:gateway.jagilber.com
workspace id:s:broker.rdsdepha3.lab
use redirection server name:i:1
loadbalanceinfo:s:tsv://MS Terminal Services Plugin.1.Desktop_Collecti
use multimon:i:1
alternate full address:s:broker.rdsdepha3.lab

testing fixes

From @mmarch on November 25, 2016 22:9

https://github.com/Azure/azure-quickstart-templates/blob/master/rds-deployment/azuredeploy.json has its adAssetLocation set to https://raw.githubusercontent.com/Azure/AzureStack-QuickStart-Templates/master/ad-non-ha, which is a cross-repo reference

Copied from original issue: mmarch/rds-templates#2

From @mmarch on March 8, 2017 19:45

From: Dharmesh Chauhan
Sent: Tuesday, March 7, 2017 6:38 AM
Subject: RE: [REG:117013115250952] Re ticket 117012615231936 FAO Azure AD Domain Ser

Hi All,
Thanks for your help, after much trial and error I have managed to deploy a set of servers using the template, when I was expecting it to work “straight out of the box” with it being a quickstart template. Below is some feedback which I hope helps you with making the templating more user friendly, and more applicable to customer environment set ups.

• When completing the template BASICS section, there is an option to select New or existing resource group, however this contradicts with the fact that I was only able to complete the deployment without failure if I chose the RG the VNet was a part of.
  Hand in hand with that, I had to modify the template variables to use specific values for dns labels, storage account and container, dns server etc as some of these values had concatenated resource group values, and with the VNet RG had a hyphen and mixed upper and lower case, this was causing issues with limitations in naming conventions of some resources therefore failing deploying, e.g. storage accounts can only be in lower case.

• Also some of the parameter name and descriptions on https://azure.microsoft.com/en-gb/resources/templates/rds-deployment-existing-ad/ are not clear enough:
  adVnetName – I was able to use the ARM Vnet and did not have to use the classic Vnet where AAD is hosted.
  adSubnetName - The subnet name of AD domain. I found this to be incorrect as was able to set the VMs to in in a subnet where the AD is not located, i.e. subnet BTApp
  adminUsername – From trial and error I realised this has to be a domain account with admin permissions, as from reading the description I interpreted this as declaring a username for a local admin account to be created.

• Also there are the limitations that all VMs have to be in one subnet, and all resources in one resource group however I understand there is probably a way to split this out.

Kind Regards,

Daz Chauhan | Senior Technical Analyst

Copied from original issue: mmarch/rds-templates#36

From @fberson on December 1, 2016 14:49

The naming os computer hostnames and azure VM names is not very consistent and does not allow customers to add a custom prefix. I would like to suggest introduce 3 new variables to be able to provide the prefix for each of the three roles, as an example for RD Gateway:

       "gatewayHostNamePrefix": {
         "type": "string",
          "defaultValue": "RDGW-",
          "metadata": {
          "description": "Hostname prefix for RD Gateway Servers"
         }

Use those to construct the computername like below

       "osProfile": {
  "computerName": "[concat(parameters(' gatewayHostNamePrefix'),'0', copyindex(1))]",

And use the same convention for the VM names in Azure as well to make things consistent

"type": "Microsoft.Compute/virtualMachines",
"name": "[concat(parameters(gatewayHostNamePrefix'),'0', copyindex(1))]",

Copied from original issue: mmarch/rds-templates#13

rds-deployment/rds-update-certificate/scripts/Script.ps1 removing external dependency on gallery script
set-rdpublishedname.ps1

reasons:

• external dependency url link could be inadvertently changed due to gallery design
• logic in gallery script is small (determines if HA and runs single command)
• no commit history in gallery
• can easily be incorporated to potentially improve resiliency

submitting PR after final testing

From @fberson on December 1, 2016 14:59

The RD Session Collection High availability adds additional VM’s with the RD Gateway and RD Web Access role, if I specify 2 as the numberOfWebGwInstances it creates 2 additional VM’s. I think this will confuse users as they would probably expect that 1 additional VM would be created because there already is 1 VM with those roles created using the RDS farm deployment template.

I would suggest to change the name of the first RD Gateway server to have that created with a postfix -01 and that this templates adds an RD Gateway server with postfix -02, also see #13

Copied from original issue: mmarch/rds-templates#19

From @cnicholson on January 30, 2017 19:52

1. This reduces attack surface (there are currently 2 open ports to the RDGW VM)
2. is consistent with the HA GW template which will need to set the FQDN to the LB's DNS name

deployment FQDN is the one that is set in "Deployment Properties" dialog and is what is used in the published RDP file to connect to the RDGW.

Also noticed that the SSL certificate on the RDGW VM has the wrong name. It is currently the name of the public IP address connected directly to the VM rather than the name on the RDGWLB public IP.

Copied from original issue: mmarch/rds-templates#23

modify rds-deployment/scripts/art-rds-deployment-test.ps1 validation script for changes from commit 4216303 where parameter names were modified.

when testing script in session nuget dialog is being displayed
changing from:

	#  verify NuGet package
	$nuget = get-packageprovider nuget
	if (-not $nuget -or ($nuget.Version -lt 2.8.5.22))
	{
		log "installing nuget package..."
		install-packageprovider -name NuGet -minimumversion 2.8.5.201 -force
	}

changing to:

	#  verify NuGet package
	$nuget = get-packageprovider nuget -Force
	if (-not $nuget -or ($nuget.Version -lt 2.8.5.22))
	{
		log "installing nuget package..."
		install-packageprovider -name NuGet -minimumversion 2.8.5.201 -force
	}

parameter file for deployment rds-deployment-uber/azuredeploy.parameters.json missing.

This repository misses the license file.
The severity of that varies from project to project, but my goal here is to attract some attention.

If it's not a problem, this issue can be closed.

I'm leaving it here just in case: https://help.github.com/articles/adding-a-license-to-a-repository/.

Thanks.

add test scripts to rds-templates/scripts to test / validate all rds-deployments

From @mmarch on November 25, 2016 22:57

Predefined list with A- and D-series only (v1)

Copied from original issue: mmarch/rds-templates#7

template is invalid. hardcoded resource name "loadbalancer" in the template, should be based on the parameter parameter("loadbalancer")

From @mmarch on November 23, 2016 18:12

Copied from original issue: mmarch/rds-templates#1

From @cnicholson on January 30, 2017 20:42

Apparently this was added for Azure Stack test automation. This should be added outside of the template.

Copied from original issue: mmarch/rds-templates#24

From @cnicholson on January 30, 2017 20:43

and perhaps other things that are on the ToDo list after the deployment is done.

Copied from original issue: mmarch/rds-templates#25

From @cnicholson on March 16, 2017 0:45

1. The GW load balancer (“name” : “loadBalancer”) has a probe (“tcpProbe01”) for TCP/3391, which is not used. Load balancer probes can use TCP or HTTP. It looks like someone wanted to probe on UDP/3391, realized that UDP is not supported for probes, but didn’t delete the unused probe.

Copied from original issue: mmarch/rds-templates#39

From @ChristianMontoya on February 2, 2017 23:14

We might be relying on a separate .json file for NIC creation, but we just need to ensure that we don't set any dnsProperties for the NICs so that they will be set to inherit DNS servers from the VNET.

Copied from original issue: mmarch/rds-templates#27

From @Haley-Rowland on February 23, 2017 19:3

Allow resources to be deployed in a different region than the resource group in which they're deployed. Default should be resourcegroup().location, but give users ability to change this.

RE Quickstart template behavior questions.txt

Copied from original issue: mmarch/rds-templates#32

the Deploy to Azure points the wrong url, and it doesn't contain any resources.

when deploying template, azurerm module always installs.
changing from:
# install AzureRM module # if (-not (get-module AzureRM)) { log "installing AzureRm powershell module..." install-module AzureRM -force }
changing to:
# install AzureRM module # if (-not (get-module AzureRM*)) { log "installing AzureRm powershell module..." install-module AzureRM -force }

even provided invalid connection string, the deployment still reports successful, but the actual HA connection broker configuration failed. Should it throw errors to show deployment failed?

rds-deployment-ha-broker/scripts/RdcbHaPostConfig.ps1 calling Get-ADDomain which is not installed by default on windows 2012.

27 $domainNetbios = (Get-ADDomain -Current LocalComputer).NetBIOSName

is it possible to get the templates updated for server 2019 deployments?

From @mmarch on February 2, 2017 23:29

rds-update-rdsh-collection template should be copying the source image (the template VHD) to the new storage account (currently when it creates new RDSH VMs it places cloned VHDs in the same storage account where the source VHD is).

This template: 201-vm-custom-image-new-storage-account - does that. It's a matter of running the ImageTransfer.ps1 script in a VM (and we do have infra VMs available, e.g. broker VM, where this can run).

Copied from original issue: mmarch/rds-templates#29

From @mmarch on November 28, 2016 17:16

for ease of use

Copied from original issue: mmarch/rds-templates#10

From @mmarch on November 25, 2016 22:9

https://github.com/Azure/azure-quickstart-templates/blob/master/rds-deployment/azuredeploy.json has its adAssetLocation set to https://raw.githubusercontent.com/Azure/AzureStack-QuickStart-Templates/master/ad-non-ha, which is a cross-repo reference

Copied from original issue: mmarch/rds-templates#2

From @mmarch on February 2, 2017 23:21

It makes sense to deploy RDSH servers in their own separate RG, so that they can be created, managed, and deleted all together (including their associated resources, like NICs, disks, etc.).

Copied from original issue: mmarch/rds-templates#28

From @mmarch on November 25, 2016 22:26

External AD-creation templates that we use from our templates (Azure/active-directory-new-domain, and AzureStack/ad-non-ha) create their own loadbalancer and open RDP 3389 to domain controller vm

Copied from original issue: mmarch/rds-templates#4

Missing the following parameters:

• UserLogoffTimeoutInMinutes
• UserNotificationMessage
• DeallocateVMs

rds-deployment/rds-update-certificate/scripts/Script.ps1 removing external dependency on gallery script
new-impersonateuser.ps1

reasons:

• external dependency url link could be inadvertently changed due to gallery design
• logic in gallery script is small (calls win32 advapi32 LogonUser)
• no commit history in gallery
• can easily be incorporated to potentially improve resiliency

submitting PR after final testing