Tag Archives: Active Directory

Windows 8.1 and Macintosh: Remote Desktop Connection

After upgrading Windows to 8.1 remote connections from my Macintosh using Remote Desktop Connection seized to function. The symptom is, when trying to connect, it complains as follows: “Remote Desktop Connection cannot verify the identity of the computer that you want to connect to”.

There are two workarounds for this.

No. 1: Install the new Client from the Mac AppStore. It works, but I don’t like it because of two annoying flaws. First of all, it opens my present .rdp-Files but doesn’t understand them and throws an error. Second, if it’s in fullscreen mode, unlike with the old client, the Macintosh Dock is not accessible anymore.

No. 2: Set two group policies, as described here by VMware:

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2059786

This can be done locally or on the Active Directory Domain Controller (I’m successfully using the latter method). According to Microsoft, this is less secure, in theory.

possible Pitfall of Samba 4 AD Deployments

Once a new Active Directory Domain has been provisioned using Samba 4, it seems at least difficult to change the IP address of its Domain Controller. Samba 4 in AD DC mode does not automatically change its own address. Looking at the DNS data using Apache Directory Studio, I found the Resource Records to be encoded binary. Although still readable, Apache DS didn’t easily let me change them (one could do it, but it’s cumbersome).

I haven’t yet profoundly studied samba-tool, so there might in theory be a way to solve this kind of situation. For now, I have given up that testing domain, as in the meanwhile it had suffered from some challenges anyway, and nothing really depends on it. Provisioned again, joined a client, and I can continue my research on a new setup. Easy.

Conclusion: The question what to do when migrating your address scheme, say from using a CLASS-C net below 192.168.0.0/16 to something bigger below 10.0.0.0/8, seems quite important. Apart from the mere possibility to switch over with an S4 DC at all, it’s sensitivity for address scheme changes makes such migrations a lot more challenging. Might be good advise to migrate address wise first, if needed, before switching to production with an S4 DC.