Hello, my name is Ismaël Limbada and I am a Support Escalation Engineer for Windows Core Team. This blog post is about file association configuration in Windows 10. After reading it, you will be able to configure file associations in Windows 10 and avoid this notification: An app default was reset.

All steps described in this blog post have been tested on following Windows 10 versions:

• Windows 10 1709
• Windows 10 1703
• Windows 10 1607

Configuring file association prior Windows 10

There were different ways and guidance to set default program prior to Windows 10 (see Managing Default Applications).

Before Windows 10, an application could check default apps, ask for user consent and set default app programmatically using Windows API.

But some programs skip the user consent and set the app defaults into the registry. The main requirement for default file association is often forgotten: the end-user is in control.

Now in Windows 10 checks if registry file extension keys have not been modified to prevent file association hijacking.

File association changes in Windows 10

The way that default file associations work changed in Windows 10.

There is a new UI for the end-user. This new way puts the user in control with a new file association notification.

This notification will be displayed:

• On the first launch of a file extension, if multiples programs are registered for handling that file extension.
• Each time a new application registers a file extension, except if the Always use this app to open .xxx files is checked.

If an application used Windows API to set default apps, the user will receive the following notification:

For more information about these changes : https://blogs.windows.com/windowsexperience/2015/05/20/announcing-windows-10-insider-preview-build-10122-for-pcs/

You will find some explanation on The Old New Thing blog: Why do my PDF file associations get reset every time I restart?

Windows 10: An app default was reset

But what happens if an application is not using Windows API and writes some stuff and hijacks user preferences?

Now,Windows 10 detects that the registry is corrupted and will reset the default program for this file extension. Additionally, the end-user will receive this notification: An App default was reset. These change is documented in KB4001770: Reset app default when a registry setting is deleted or corrupted and streamlined notification about the corruption.

In Windows 10, if you are using applications or scripts that tamper registry entries to configure default apps associations, you will get app reset notifications.

How to configure file association in Windows 10?

It's possible for IT Pro to configure or force default association using supported methods.

The best way to do it is to set up a reference computer, install applications, configure default programs and use Dism to export/import the custom default app associations or use a group policy.

1. Set up a reference computer
2. Install applications
3. Go to Control PanelAll Control Panel ItemsDefault Programs and configure default apps associations. In Windows 10 1709, this control panel item is now in Settings app.

   Let's try to configure Internet Explorer as the default browser

   Choose Internet Explorer

   Internet Explorer is now the default web browser

4. Export/import the custom default app association with dism.exe
   Note that you need administrator rights to use dism.exe. And to export properly the associations use the same account used in step 3, otherwise you will get a malformed XML file.

1. Dism.exe /online /export-defaultappassociations:C:tempCustomFileAssoc.xml

PS C:Windowssystem32> dism /online /export-defaultappassociations:"C:TempIE-DefaultBrowser.xml"

1. Open the xml file and check if everything looks good.

Usually at this step you will be tempted to delete other lines because you simply don't care about them and get a file like this:

FTA-IE-Only.xml

VERY IMPORTANT: If you want to import your file with DISM.exe, DO NOT delete any file associations entries!
A missing entry will trigger the App default reset notification and you will get a notification storm at the first logon.

Refresh your XML on a regular basis

As some recommended applications can manage more extensions with each new Windows 10 version available, it's a good practice to refresh your XML. For example, in Windows 10 1703, Microsoft Edge registers the epub extension. If you're using an XML file from Windows 10 1607, epub is missing. As a result, you will get an app reset notification for epub.

Tips for building your XML file

• Manually editing the file could result in a non-valid XML file. Ensure that your XML file is valid. Opening XML file in the old Internet Explorer is a good idea to check if the XML is valid. You can try XML Notepad to edit/validate XML files.
• If you do not see your file extension in XML file, go back to Control PanelAll Control Panel ItemsDefault Programs and configure default apps associations, select file extension, click on Change Program and confirm the program in the dialog box. Then, export again you're XML file.

Deploy your custom XML

Now it's time to apply your XML file. You have two options:

• Set up file association in your Windows 10 image. File associations will be configured for new users' profiles. Existing profiles are untouched. Users can change file associations.
• Configure a policy for your domain-joined computer: file association will be configured at each logon. User will be able to change file association, but at the next logon file association will be configured using XML file. This policy works only for domain-joined computer.

Configure the XML file for your Windows 10 reference image:

Dism.exe /online /import-defaultappassociations:c:tempCustomFileAssoc.xml

Your file will be copied in WindowsSystem32 with the following name OEMDefaultAssociations.xml

Configure the XML file for your domain-joined computer

Configure the following policy Set a default associations configuration file located in ComputerPoliciesAdministrative TemplatesWindows ComponentsFile Explorer.

If this group policy is enabled and the client machine is domain-joined, the file will be processed, and default associations will be applied at logon time.

Note: this policy will not prevent user to change the file association. But at each logon the default association configured in XML file will be applied.

How to force only a set of file associations?

Some IT Pros want to force only some file associations and let users in control for others file associations. For example, they want to configure Internet Explorer as default for HTTP/HTTPS only for HR people.

So, they removed everything in the XML file except Internet Explorer entries. As previously seen, removing entries in XML file could result in app reset notifications.

But don't panic, there is a solution to do it in your Windows 10 reference image.

You just need to have two XML files, one for configuring the defaults and another one to force file association.

The main XML, CustomDefaultAssoc.xml must contain all extensions. You need to import this file using:

Dism /online /import-defaultappassociations:C:CustomDefaultAssoc.xml

The second XML, FTA-IE-Only.xml will contain only a set of file extensions. You need to use this XML file with the group policy Set a default associations configuration file.

 At the first logon, Explorer.exe will apply both XML.

The end user will have this results without any app reset notifications:

• PDF files associated with Microsoft Reader.
• HTM/HTML files associated with Internet Explorer.

OEMDefaultAssociations.xml contains the following lines:

IEOnly.xml contains the following lines:

Why I'm getting an app reset notification?

Raymond Chen talked about this problem. If a program is trying to set some registry keys, Explorer will detect it and the file association will be reset.

Stop using script or other pre-Windows 10 ways for configuring file association.

You can check the Microsoft-Windows-Shell-Core/AppDefaults event log for clues about file associations reset.

If you want to troubleshoot this, keep calm and run Procmon

You should be able to track which application is hijacking your file associations. Once you identified the bad application, the best way to solve this, is to use a more recent version, or contact your vendor.

Why I'm getting the User Choice notification even if I used an XML file?

You could get the following notification starting Windows 10 1703 when you choose an application as the default viewer instead using Microsoft Edge.

These notification windows are displayed only once if you're clicking on OK. It's because Microsoft Edge is detected as a new application.

If a new app is installed and is registered to an existing file extension or protocol you will get this notification.

If you want to get rid of these notifications, there is a group policy to hide these notifications:

Do not show the 'new application installed' notification

This policy removes the end-user notification for new application associations. These associations are based on file types (e.g. *.txt) or protocols (e.g. http:) If this group policy is enabled, no notifications will be shown

Group Policy Settings related to File Associations settings

You can find in the table below some group policies related to default file associations settings:

Bonus for Adobe Reader XI users

If you are still using Adobe Reader XI, you should get a new application to open PDF, as Adobe Reader XI is out of support.

With Adobe XI installer, you can get an app reset notification for PDF extensions and it will be reset to Microsoft Edge.

You should look at Adobe Reader documentation and launch the Adobe Reader 11 installation with the following command line:

AdbeRdr11010_en_US.exe /rs /sAll /msi EULA_ACCEPT=YES OWNERSHIP_STATE=0

With OWNERSHIP_STATE=0 Adobe Reader stops to change file association for PDF with an unsupported way.

Resources:

• http://www.adobe.com/devnet-docs/acrobatetk/tools/AdminGuide/pdfviewer.html
• https://www.adobe.com/devnet-docs/acrobatetk/tools/AdminGuide/properties.html#props

With Windows Server 2012 we got the SmbShare Module. But since it's a CDXML module that just defines the mapping between PowerShell cmdlets and CIM class operations or methods, it's bound to the OS having the relevant CIM Classes. So it's not portable to older operating systems.

For Windows Server 2012 and above, there's no problem using the native New-SmbShare and Grant-SmbShareAccess cmdlets.
But for Windows Server 2008, I needed something else.

I ended up creating two functions that would replace the New-SmbShare and Grant-SmbShareAccess.

For creating a new share with specific permissions:

function New-Share {
    param(
        [string] $ComputerName = $env:COMPUTERNAME,
        [string] $Path = 'C:Temp',
        [string] $ShareName = 'Temp',
        [string] $AccountName = 'Domain Users',
        [ValidateSet('FullControl', 'Change','Read')] $AccessPermissions = 'Read',
        [string] $ShareDescription
    )

    # Convert the AccessPermissions
    $accessFlags = @{
        FullControl = 2032127
        Change = 1245631
        Read = 1179817
    }; $access = $accessFlags[$AccessPermissions]

    # Extract Domain and User account
    $Domain, $Identity = if($AccountName -match '\') {
        $AccountName -split '\'
    } else {
        $env:USERDOMAIN, $AccountName
    }

    # Build the Security Descriptor and Trustee objects
    $sd = ([wmiclass] "\$ComputerNamerootcimv2:Win32_SecurityDescriptor").CreateInstance()
    $trustee = ([wmiclass] "\$ComputerNamerootcimv2:Win32_Trustee").CreateInstance()
    $trustee.Name = $Identity
    $trustee.Domain = $Domain

        # Build the Access Control Entry object
    $ace = ([wmiclass] "\$ComputerNamerootcimv2:Win32_ACE").CreateInstance()
    $ace.AccessMask = $access
    $ace.AceFlags = 3
    $ace.AceType = 0 # 0 Allow, 1 = Deny
    $ace.Trustee = $trustee
    $sd.DACL = $ace.psObject.BaseObject

    # Create the share with the required permissions
    $mc = [wmiclass]"\$ComputerNamerootcimv2:Win32_Share"
    $inParams = $mc.psbase.GetMethodParameters('Create')
    $inParams.Access = $sd
    $inParams.Description = $ShareDescription
    $inParams.MaximumAllowed = $null
    $inParams.Name = $ShareName
    $inParams.Password = $null
    $inParams.Path = $Path
    $inParams.Type = [uint32]0
    $ret = $mc.psbase.InvokeMethod('Create',$inParams, $null)

    # Determine the return value from the WMI method
    Switch ($ret.ReturnValue){
        0  { Write-Verbose 'Share created successfully'; break }
        2  { Write-Error 'Access denied (2)'; break }
        8  { Write-Error 'Unknown failure (8)'; break }
        9  { Write-Error 'Invalid name (9)'; break }
        10 { Write-Error 'Invalid level (10)'; break }
        21 { Write-Error 'Invalid parameter (21)'; break }
        22 { Write-Error 'Duplicate share (22)'; break }
        23 { Write-Error 'Redirected path (23)'; break }
        24 { Write-Error 'Unknown device or directory (24)'; break }
        25 { Write-Error 'Net name not found (25)'; break }
        default { Write-Error 'Other Error (26–4294967295)' }
    }
}

Then, to create a new share:

$params = @{
    ComputerName      = 'myWebServer'
    Path              = 'C:inetpublogsLogFiles'
    ShareName         = 'IISLogFiles'
    AccountName       = 'CONTOSOWebOperators'
    AccessPermissions = 'Read'
    ShareDescription  = 'IIS Websites Logs'
}
New-Share @params

For adding permissions on an existing share:

function Add-ShareAccess {
    param(
        [string] $ComputerName = $env:COMPUTERNAME,
        [string] $ShareName = 'Temp',
        [string] $AccountName = 'Domain Users',
        [ValidateSet('FullControl', 'Change','Read')] $AccessPermissions = 'Read'
    )

    # Convert the AccessPermissions
    $accessFlags = @{
        FullControl = 2032127
        Change = 1245631
        Read = 1179817
    }; $access = $accessFlags[$AccessPermissions]

    # Extract Domain and User account
    $Domain, $Identity = if($AccountName -match '\') {
        $AccountName -split '\'
    } else {
        $env:USERDOMAIN, $AccountName
    }

    # Build the Security Descriptor and Trustee objects
    $sd = ([wmiclass] "\$ComputerNamerootcimv2:Win32_SecurityDescriptor").CreateInstance()
    $trustee = ([wmiclass] "\$ComputerNamerootcimv2:Win32_Trustee").CreateInstance()
    $trustee.Name = $Identity
    $trustee.Domain = $Domain

    # Build the Access Control Entry object
    $ace = ([wmiclass] "\$ComputerNamerootcimv2:Win32_ACE").CreateInstance()
    $ace.AccessMask = $access
    $ace.AceFlags = 3
    $ace.AceType = 0 # 0 Allow, 1 = Deny
    $ace.Trustee = $trustee

    # Get the current permissions on the share
    $current = Get-WmiObject -ComputerName $computerName -Class Win32_LogicalShareSecuritySetting -Filter "Name='$ShareName'"
    [System.Management.ManagementBaseObject[]]$newACE = $current.GetSecurityDescriptor().Descriptor.DACL

    # Add the access control entry to the list
    [array]::Resize([ref]$newACE, $newACE.Count + 1)
    $newACE[$newACE.Count-1] = $ace
    $sd.DACL = $newACE

    # Set the permissions on the share
    $mc = Get-WmiObject -ComputerName $computerName -Class Win32_Share -Filter "Name='$ShareName'"
    $ret = $mc.SetShareInfo($null, $mc.Description, $sd)

    # Determine the return value from the WMI method
    Switch ($ret.ReturnValue){
        0  { Write-Verbose 'Share updated successfully'; break }
        2  { Write-Error 'Access denied (2)'; break }
        8  { Write-Error 'Unknown failure (8)'; break }
        9  { Write-Error 'Invalid name (9)'; break }
        10 { Write-Error 'Invalid level (10)'; break }
        21 { Write-Error 'Invalid parameter (21)'; break }
        22 { Write-Error 'Duplicate share (22)'; break }
        23 { Write-Error 'Redirected path (23)'; break }
        24 { Write-Error 'Unknown device or directory (24)'; break }
        25 { Write-Error 'Net name not found (25)'; break }
        default { Write-Error 'Other Error (26–4294967295)' }
    }
}

Then, to update a share's permissions:

$params = @{
    ComputerName      = 'myWebServer'
    ShareName         = 'IISLogFiles'
    AccountName       = 'CONTOSOWebAdmins'
    AccessPermissions = 'FullControl'
}
Add-ShareAccess @params

For further reading, see:

Create method of the Win32_Share class: https://msdn.microsoft.com/en-us/library/aa389393

SetShareInfo method of the Win32_Share class: https://msdn.microsoft.com/en-us/library/aa393598

Win32_SecurityDescriptor class: https://msdn.microsoft.com/en-us/library/aa394402

Win32_LogicalShareSecuritySetting class: https://msdn.microsoft.com/en-us/library/aa394188

HTH,

Martin

Disclaimer:
The scenario described in this post and covered by the attached Add-on MPs is most likely only relevant for large enterprise customers. The MPs described in this post are not a Microsoft product and thus not covered by any Microsoft support or warranty! They should be carefully analyzed and tested in your test environment before using them in any productive SCOM Management Group.

Last week a customer pointed me to a blog post called "Managing RID Issuance in Windows Server 2012" that describes new features in Windows 2012 and onwards regarding new RID pool events created by these OS.  That blog post later made it into our official Windows Server documentation.
He asked me, if these events were covered (monitored) in our current AD Management Packs. But a quick search in our former (v6) and new (v10) AD MP revealed, that we collect only the “AD RID Pool Free Performance Collection” Perfcounter (amount of free % in the AD RID pool) and some counters that monitor the RID Master latency. But the new events described in the post are not covered by our current AD MPs.

I tried to talk my way out by saying it is highly unlikely that a customer will ever come into a situation where a RID pool gets depleted (Who has ever created one billion objects?). But unfortunately the recommendation of the blog post is unambigous:
“Automated AD health tracking systems, such as System Center Operations Manager, should monitor for these events; all are notable, and some are indicators of critical domain issues.”

So I created a little Add-On MP that contains six simple alert rules based on event collection for the Events 16653-16658. The rules are targeted against the Domain Controller role.

The MP does not contain any classes, folders or views and will work with SCOM2012R2 and SCOM2016. The contained rules will simply generate an descriptive alert if one of the critical RID events will occur on one of your targeted DC.

Because Windows 2012 DC are currently covered by either our old v6 AD MP or our new v10 MP I created three different versions of the MP:

• Community Add-On RID issuance Monitoring for AD 2008-2012 MP v6
  Needed if you still use our v6 AD MP
• Community Add-On RID issuance Monitoring for AD 2012 MP v10
  Needed, if you use our new v10 AD MP with Windows 2012(R2)
• Community Add-On RID issuance Monitoring for AD 2016 MP v10
  Needed, if you use our new v10 AD MP with Windows 2016

If you use Windows 2012 and Windows 2016 on your DCs, simply import both MPs.

You can download the MPs from Technet Gallery.

The October 2017 Cloud Adoption Advisory Board (CAAB) webinar is a Skype meeting that opens at 7:45 AM Pacific Daylight Time (PDT) on Wednesday, October 31. It will begin promptly at 8:00 AM and run to 9:00 AM. There will be time for discussion during the session and the speakers will be available for a few minutes after the session for additional questions.

Webinar agenda:

• Secure and modern desktop - Jason Whitmarsh describes how Windows 10 and Office 365 ProPlus combine to create Microsoft’s modern and secure desktop and key deployment and update scenarios. See the new Deploy a modern and secure desktop with Microsoft poster, available from http://aka.ms/deploymsd.
• Microsoft security guidance for political campaigns, nonprofits, and other agile organizations - Brenda Carter steps you through deploying a secure end-to-end configuration of Office 365 and Enterprise Mobility + Security (EMS) for organizations. See the new poster at http://aka.ms/securecampaign.
• Introduction to General Data Protection Regulation (GDPR) - David Bjurman-Birr provides an overview of the new set of requirements for how European organizations must handle personal data. See Microsoft resources at http://microsoft.com/gdpr.
• Adoption path navigation and utilization content - Joe Davies and Denise Vangel demonstrate a new way of stepping you through the adoption of an Office feature and advice on how to make sure you are realizing its value.

By joining the session, you agreed to be recorded and you consent to have the recording publicly posted in the CAAB Microsoft Technical Community.

We hope to see you on the 31st!

To receive an invitation to a CAAB Webinar, you must be a CAAB member. If you are a CAAB member, you should have received an invitation to this webinar.

To join the CAAB, become a member of the CAAB group of the Office 365 Yammer network and send a quick email to CAAB@microsoft.com to introduce yourself. Please feel free to include any information you want about your experience in creating cloud-based solutions with Microsoft products or areas of interest. Join now and add your voice to the cloud adoption discussion that is happening across Microsoft and the industry.

Hey all,  I haven't posted for a while,  so here goes.

A colleague of mine mentioned to me that the  Microsoft Exam 70-744 "Securing Windows Server" (https://www.microsoft.com/en-us/learning/exam-70-744.aspx) has the following in the Manage Privilege Identities objectives:

• Implement an Enhanced Security Administrative Environment (ESAE) administrative forest design approach;
• Determine usage scenarios and requirements for implementing ESAE forest design architecture to create a dedicated administrative forest.

Since this is a Microsoft Services solution designed, built and delivered by Microsoft Architects and consultants, there's not a lot of public IP available for this.

Put simply - ESAE is a well protected bastion forest that is used to manage a production forest/domain domain administration functions.  It uses publicly available resources as its design foundation (Pass The Hash whitepapers - see https://www.microsoft.com/pth) and of course - this: https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material#ESAE_BM.

The solution we deliver to our customers is highly automated and scripted to try ensure that each delivery that we do is as consistent and repeatable as possible - there are design elements that can be changed, such as smartcards, virtualization platform, number of domains we protect, how we monitor, use of hardware security modules (HSMs) and a few other things.

All of the ESAE solution is based on Microsoft technologies - Windows Server 2016 and Windows 10 Enterprise Edition.  We also use some of the following features/concepts:  (I'm not listing everything here...) Hyper V, Credential Guard, Applocker, Bitlocker, Gym Locker, Hurtlocker - if we've got a locker in it, it's in the solution....I'm not sure how well humour comes across in black and white...so don't go hunting for the last two "lockers" on TechNet, ok?

And that's as much as I can really post about it for now.

Thanks

Jon

Compliance organizations (like PCI) are mandating that customers use TLS 1.2 for all encrypted communications and disable all other protocols in their environments. SSL and early TLS are not considered strong cryptography and cannot be used as a security control after June 30, 2016. Microsoft has added official support for TLS1.2 security protocols in System Center 2016. This protocol is now supported in the following products

• System Center Operations Manager (SCOM)
• System Center Virtual Machine Manager (SCVMM)
• System Center Data Protection Manager (SCDPM)
• System Center Orchestrator (SCO)
• Service Management Automation (SMA)
• Service Provider Foundation (SPF)
• System Center Service Manager (SM)

The 3-step process of enabling TLS1.2 involves:

1. Installing the updates for Windows Server Security, .NET 4.6, SQL Server & System Center 2016 UR4. For System Center Virtual Machine Manage (SCVMM), Service Management Automation (SMA) and Service Provider Foundation (SPF), make sure that you upgrade to Update Rollup 3for System Center 2016. For SMA also update the SMA 2016 MP from here.
2. Changing the configuration settings to enable TLS1.2 in the Windows Environment and System Center across all components.
3. Making additional System Center component specific settings.

You can find more details in the System Center 2016 TLS1.2 Configuration article.

Compliance organizations (like PCI) are mandating that customers use TLS 1.2 for all encrypted communications and disable all other protocols in their environments. SSL and early TLS are not considered strong cryptography and cannot be used as a security control after June 30, 2016. Microsoft has added official support for TLS1.2 security protocols in System Center 2016. This protocol is now supported in the following products

• System Center Operations Manager (SCOM)
• System Center Virtual Machine Manager (SCVMM)
• System Center Data Protection Manager (SCDPM)
• System Center Orchestrator (SCO)
• Service Management Automation (SMA)
• Service Provider Foundation (SPF)
• System Center Service Manager (SM)

The 3-step process of enabling TLS1.2 involves:

1. Installing the updates for Windows Server Security, .NET 4.6, SQL Server & System Center 2016 UR4. For System Center Virtual Machine Manage (SCVMM), Service Management Automation (SMA) and Service Provider Foundation (SPF), make sure that you upgrade to Update Rollup 3for System Center 2016. For SMA also update the SMA 2016 MP from here.
2. Changing the configuration settings to enable TLS1.2 in the Windows Environment and System Center across all components.
3. Making additional System Center component specific settings.

You can find more details in the System Center 2016 TLS1.2 Configuration article.

Compliance organizations (like PCI) are mandating that customers use TLS 1.2 for all encrypted communications and disable all other protocols in their environments. SSL and early TLS are not considered strong cryptography and cannot be used as a security control after June 30, 2016. Microsoft has added official support for TLS1.2 security protocols in System Center 2016. This protocol is now supported in the following products

• System Center Operations Manager (SCOM)
• System Center Virtual Machine Manager (SCVMM)
• System Center Data Protection Manager (SCDPM)
• System Center Orchestrator (SCO)
• Service Management Automation (SMA)
• Service Provider Foundation (SPF)
• System Center Service Manager (SM)

The 3-step process of enabling TLS1.2 involves:

1. Installing the updates for Windows Server Security, .NET 4.6, SQL Server & System Center 2016 UR4. For System Center Virtual Machine Manage (SCVMM), Service Management Automation (SMA) and Service Provider Foundation (SPF), make sure that you upgrade to Update Rollup 3for System Center 2016. For SMA also update the SMA 2016 MP from here.
2. Changing the configuration settings to enable TLS1.2 in the Windows Environment and System Center across all components.
3. Making additional System Center component specific settings.

You can find more details in the System Center 2016 TLS1.2 Configuration article.

Compliance organizations (like PCI) are mandating that customers use TLS 1.2 for all encrypted communications and disable all other protocols in their environments. SSL and early TLS are not considered strong cryptography and cannot be used as a security control after June 30, 2016. Microsoft has added official support for TLS1.2 security protocols in System Center 2016. This protocol is now supported in the following products

• System Center Operations Manager (SCOM)
• System Center Virtual Machine Manager (SCVMM)
• System Center Data Protection Manager (SCDPM)
• System Center Orchestrator (SCO)
• Service Management Automation (SMA)
• Service Provider Foundation (SPF)
• System Center Service Manager (SM)

The 3-step process of enabling TLS1.2 involves:

1. Installing the updates for Windows Server Security, .NET 4.6, SQL Server & System Center 2016 UR4. For System Center Virtual Machine Manage (SCVMM), Service Management Automation (SMA) and Service Provider Foundation (SPF), make sure that you upgrade to Update Rollup 3for System Center 2016. For SMA also update the SMA 2016 MP from here.
2. Changing the configuration settings to enable TLS1.2 in the Windows Environment and System Center across all components.
3. Making additional System Center component specific settings.

You can find more details in the System Center 2016 TLS1.2 Configuration article.

11/28 (火）限定イベントMicrosoft Azure 徹底活用フェスを開催！
AI, IoT, ビッグデータ活用からSAPクラウド化まで、
国内インテグレーターが一堂に！
＜大好評につき第二弾の開催決定＞

Surface Hub takes advantage of all the automatic configuration options Microsoft's Productivity tools has to offer; it will use Exchange's autodiscover to find the Room Mailbox's account and policies, and will use Skype for Business' Lyncdiscover to locate the Conference Room's registrar.
Due to the nature of Surface Hub's, Windows 10 Team Edition, and to due to the fact that it's a locked-down, secured, communal device, it will not show you any popups during the step-by-step configuration (OOBE) or later when it attempts to connect to services and servers. This makes the environment preparation task even more critical: When physically installing them, Surface Hubs can be installed individually by the installer if they have the required information, or using a PPKG file for mass deployments. In any case, having all the required information is critical - as the installation will not complete if it hits an issue at any step.
One of the most common issues with Surface Hub installation and Skype for Business is the Trusted Domain List. What is the Trusted Domain List and how do we make sure we get it right?
The Trusted Domain List, also referred to as the "TrustModelData" is a List of the trusted domains that don't match the prefix of the your SIP domain.
When a user (or a device, in this case) connects to the Skype for Business server, the client validates the connections against a list of trusted servers.
Who are the trusted servers?

1. The users' SIP URI domain
2. Any server that the client connected to in the past, and that was added to the Trusted Domain List (More on this below)
3. The domain of the server that the client last connected to

Let's break these down:

Number 1 is pretty straight forward; if  the users' SIP URI domain and the servers' domain are the same, there's an automated trust and the client will sign in immediately;

皆さん、こんにちは。セッション一覧からご自身の興味やニーズに合ったセッションだけ選択して、オリジナルのスケジュールを作成することができます。公式イベント アプリまたは Tech Summit公式ウェブサイトの [ マイ ページ ] より、ご利用いただけます。

▼ 公式イベント アプリ

アプリを起動し [ スケジュール確認 ] 画面でご利用いただけます。他のコンテンツをご覧の際は、左上メニューより [ スケジュール ビルダー ] を選択ください。

 ▼ Tech Summit 2017 公式サイト

[ マイ ページ ]よりご確認ください。

※注意：各セッションの参加やお席の確保を予約する機能ではございませんので、ご注意ください。

All the votes are FINALLY in! 

And below are the results for the TechNet Guru Awards, September 2017 !!!!

The TechNet Guru Awards celebrate the technical articles on TechNet, contributed from valued wiki authors like YOU!

Each month, the contributions are scored by a panel of judges (5 per category, 2-3 in each are MS experts), and the winners of each category are showered with love and attention from all corners of TechNet.

See the links at the bottom, to find out more about the competition and how to enter.

We have picked the top three highest scored contributions for each category to bestow our awards upon.

The awards are in gold, silver and bronze, the gold obviously being the top winner of the category.

The last column is just a few of the comments judges made during the judging process.

In some cases, we have not obtained permission to use the judges names, so they have been reduced to initials.

My fellow wiki ninjas will be digging deeper into some of these articles in this blog series, so watch out for those.

A big thank you also to the other authors who did not make the top three of each category.

Some articles only just missed out, so we may be returning to discuss those too, in future blogs.

	SYED SHANU	Getting Started With ASP.NET Core And Angular 4 Using WEB API	Gaurav Kumar Arora: "Good article, images visualized the write-up" Sabah Shariq: "Good work! with very details in step by step to get start. Everyone can understand easily." Khanna Gaurav: "Great article" Jeff Fritz: "You're missing some important parts with distributing the Angular application to the wwwroot folder in the ASP.NET Core application. This article doesn't feel like it shows a production scenario or a good development practice for building an Angular app with ASP.NET Core"
	M.Vignesh	Serve Static files in ASP.NET Core Using Visual Studio 2017	Khanna Gaurav: "Great explanation for use of static files." Jeff Fritz: "Your sample code should make it very easy for the reader to identify the code that has changed." Gaurav Kumar Arora: "Nice write-up to show how static files get rendered. Adding more description will make this write-up best." Sabah Shariq: "Nice. But a something new on this topic would make this great."
	João Sousa	ASP.NET CosmoDB	Sabah Shariq: "Great article! with explanation step by step for readers to get start on something new." Gaurav Kumar Arora: "One more good article on CosmoDB." Jeff Fritz: "There is a section missing that shows where to store the CosmosDb connection information in web.config" Khanna Gaurav: "Interesting article"

Also worth a mention were the other entries this month:

• Handling secrets in ASP.Net Core by Chilberto
  Sabah Shariq: "Nice explanation using an example. Gives the reader an idea how they can implement."
  Gaurav Kumar Arora: "Short but worth to read write-up"

	Colin Dijkgraaf	BizTalk 2013 R2 known bugs, issues & quirks	Abhishek Kumar: "Great work Colin .This is very useful information for any BizTalk Developer or Administrator. I can see some the listed item in this TechNet wiki is already in BizTalk User voice . Keep these wonderful article coming !!"
	Mandar Dharmadhikari	BizTalk: Making BizTalk WCF Publishing Wizard Remember Previously Exposed Operations while Republishing The WCF Service	Abhishek Kumar: "Thanks Mandar for this article . Old topic but nicely explained its been used by every developer and nice to be well documented ."

	Mandar Dharmadhikari	Logic Apps: Face Verification Using Microsoft Cognitive Services Face Api and Logic Apps	Dileepa Kariyawasam: "Excellent article. Nicely written and well structured." Lasse Wedø: "Useful and structured, an interesting read" Eric Berg: "good article. Thanks" Anton Staykov: "Good showcase on how to use Logic Apps" Kia Zhi Tang: "Great knowledge sharing. Thank you for your contribution."
	Mahindra Morar	Enforcing Ordered Delivery using Azure Logic Apps and Service Bus	Eric Berg: "Thank you" Anton Staykov: "Nice article showing a bit more complicated workflows with Azure Logic Apps" Dileepa Kariyawasam: "Nice article and well written." Lasse Wedø: "A summary in the end would improve the post" Kia Zhi Tang: "Thank you for sharing a good walkthrough but external links should be in the Reference section instead of See Also section"
	Bhushan Gawale	Essentials of Azure AD Application Roles	Anton Staykov: "Good article, showing us how to achieve what we want and not relay on Security Groups in Azure AD." Kia Zhi Tang: "Thank you for sharing and having great reference source links in Reference section" Dileepa Kariyawasam: "Useful Article. Nicely executed." Eric Berg: "great work. Thank you" Lasse Wedø: "A lot of information, could use a better introduction. The structure of the text needs revision."

Also worth a mention were the other entries this month:

• Mailing Logic App Run History Using Azure PowerShell Module by Mandar Dharmadhikari
  Dileepa Kariyawasam: "Excellent article. Well written."
  Eric Berg: "Well done"
  Lasse Wedø: "Useful and structured"
  Anton Staykov: "Good, but we can also have the OMS integration ;)"
  Kia Zhi Tang: "Thank you for sharing your powershell cmdlet. It will be best to reference non-wiki links in Reference section instead of See Also section."
• SQL Pagination for bulk data transfer with Logic Apps by Abhishek Kumar
  Lasse Wedø: "Useful and structured"
  Kia Zhi Tang: "Nice walkthrough with explanations on Pagination."
  Eric Berg: "Thank you."
  Dileepa Kariyawasam: "Good Article."
  Anton Staykov: "The essential is missing - how exactly you configure the logic app and manage paging variable."
• Configure Azure NSG – Network Security Group by Mustafa Toroman
  Kia Zhi Tang: "Good walkthrough with screenshot. It will be good to have some Reference links about Azure NSG and See Also links to other Azure networking Wiki"
  Dileepa Kariyawasam: "Good Article. However, there are a lot of areas for improvement."
  Anton Staykov: "nice and easy - step by step."
  Eric Berg: "Thank you for this article. It would be great if you could add some more content on NSG --> they are not only available at VM Level"
  Lasse Wedø: "I would like to see TN articles bring new content and ideas."
• How to attach data disk to existing Azure virtual machine using Windows Powershell by  Kapil Kumawat
  Anton Staykov: "Can't we use the AzureRM module for PowerShell?"
  Dileepa Kariyawasam: "Good Article."
  Eric Berg: "Thank you! Would be great of you could add difference for StorageAccount and ManagedDisk"
  Lasse Wedø: "Information was ok, Creating sections and structure would improve the post"
  Kia Zhi Tang: "Thank you for sharing a powershell command snippet to attach additional new Azure VHD Disk on existing VM. It will be good to have some Reference links about the Azure/AzureRM PowerShell Module or Cmdlet"
• Microsoft Azure Nested Virtualization Hyper-V Replica by Pantelis Apostolidis
  Afzaal Ahmad Zeeshan: "This one is a good topic to cover in VM section."
  Lasse Wedø: "Good information, may I suggest adding sections and reducing the number of images for readability."
  Eric Berg: "Thank you for your work. Please check formatting...headlines are not really visible and code is inline..."
  Anton Staykov: "Although a nice article, it is more about Hyper-V Replica than Azrue. There is nothing specific to Azure, just the fact mentioned in 1 sentence - it works also on Azure with these specific VM Sizes."
  Dileepa Kariyawasam: "Great article. However, there are room for improvements with regards to the article structure."
  Kia Zhi Tang: "Thank you for sharing nested virtualization proof-of-concept."
• How to check the available extensions for a virtual machine using Windows Powershell by Kapil Kumawat
  Anton Staykov: "short and easy."
  Eric Berg: "Nice article. Would be great to have some link to MSDN for further description"
  Lasse Wedø: "Information was ok, Creating sections and structure would improve the post"
  Kia Zhi Tang: "Thank you for sharing a powershell command snippet to check Azure VM installed extensions. It will be good to have some Reference links about the Azure/AzureRM PowerShell Module or Cmdlet"
  Dileepa Kariyawasam: "Good informative article."

Simple Samples

Managed C++ Wrapper For Unmanaged Code

Ronen Ariely (aka pituach): "Great article. A very useful topic, and well written. I see questions regarding this in the forums all the time, and I am sure that I will refer people to read the article in the future. With that being said, there was place to spend a little more on adjusting the format of the article to the wiki system. For example: Clean the HTML/CSS code which came from the original article, Code format, etc'."

	Priyaranjan KS	Exploring the Development of Client Side Webparts in SharePoint Server 2016 using Angular,Knockout,React JS and Kendo UI	John Naguib: "Thanks a lot for this wiki, nice work"
	Maruthachalam Krishnamurthy	SharePoint Online Modern Team Sites	John Naguib: "Thanks for highlighting this, nice"
	get2pallav	Localization in SharePoint Online	John Naguib: "Very good topic"

Also worth a mention were the other entries this month:

• SPFx for SharePoint Server 2016 by M.Qassas
  John Naguib: "Thanks a lot, nice read"
• Enable SharePoint 'Personal Site' on demand using JavaScript by get2pallav
  John Naguib: "Thanks a lot, good tip"
• Retrieve Unique column values in SharePoint List using JavaScript by get2pallav
  John Naguib: "Thanks a lot, another nice tip"
• Project Server 2016: Missing 'Manage Delegates' Option In PWA Setting by M.Qassas
  John Naguib: "Thanks a lot, interesting"
• SharePoint Online Differences between Communication and Modern Team Sites by Maruthachalam Krishnamurthy
  John Naguib: "Thanks a lot, good comparison"
• SharePoint Online/ SharePoint 2013: JSLink property - Custom Rendering for Views by Rakhi Jain
  John Naguib: "Thanks a lot, good article"
• SharePoint 2016 - Legacy Site detected by Rahul Dagar
  John Naguib: "Thanks a lot, nice"
• HTML Rendering in Calculated Columns - SharePoint Online/2016/2013 by Jaydeep Mungalpara
  John Naguib: "Thanks a lot, very useful"

	Nonki Takahashi	SmallBasic.Workbook 1.2.0: Known Issues	DEVA: "Wonderful" SYEDSHANU: "One more useful post and thanks for sharing."
	Nonki Takahashi	Small Basic: Interactive Learning with Xamarin Workbooks	SYEDSHANU: "This is great post Nonki and thanks for sharing." DEVA: "Very nice"

M.Qassas

Power BI: Determine The Project Status Based on the Project Start & Finish Date Using Calculated Column

Visakh16: "Simple illustration of using Project Server as the source for Power BI. Use of GIFs are awesome. Could have been more elaborate had the article contained few other types of reports explaining analysis of few other aspects of Project Server. On the whole a good level 100 article for someone starting on Power BI with Project Server" Afzaal Ahmad Zeeshan: "Images are a bit over, could have been a great writeup." Tomaž Kaštrun: "Nice demo on building calculated columns with defining new states and reusing them for further analysis and visualization."

M.Qassas

SQL Server 2016: Getting the Current Cumulative Update / Service Pack installed

Visakh16: "Different ways to find out cumulative update installed on server explained well. Use of screenshots,GIFs looks good. Would be good read for beginners" Tomaž Kaštrun: "Overview of ways to check the current Cumulative Update and which service pack in installed for SQL Server instance." Ronen Ariely (aka pituach): "Very nice article. It is well written and very easy to follow. I love the images and the article is well formatted. Well done!"

C Sharp Conner

SCSM Data Warehouse - Fact Groom Retention - Prevent Relationships Getting Marked As Deleted

Eric Berg: "Thank you for this very interesting article. Well done" Joseph Moody: "I appreciate the humour. :)"

	M.Qassas	T-SQL: Query The Enterprise Custom Fields In Project Server 2016 /2013	Visakh16: "Simple article giving details on catalog objects in Project Server database and getting custom field values from it." Tomaž Kaštrun: "Querying custom fields in Project Server. A quick overview." Diederik Krols: "Very useful, thanks."
	M.Qassas	T-SQL: Get SQL Server Instance Information Using SERVERPROPERTY	Diederik Krols: "Nice reference article." Tomaž Kaštrun: "Wiki type of an article with explanation of SERVERPROPERTY function and usage of the property names." Visakh16: "Article looks like straight lift from MSDN documentation. Just a very simple article explaining various properties returned by SERVERPROPERTY function." Afzaal Ahmad Zeeshan: "A great reference, good job compiling it into one post."

M.Qassas

SSOM C#: Get and Set a SPLookup Field Values Using

Diederik Krols: "Well done." Khanna Gaurav: "Nice article"

Stoyan Chalakov

Automating SQL operations with Service Management Automation (SMA) and Invoke-Sqlcmd – challenges and solutions

Kia Zhi Tang: "Great share with code examples. It can be even better if you also include those SQL Cmdlet documentation source links into a Reference section for readers."

	Kelly Bush	Active Directory Domain Deployment Checklist	Afzaal Ahmad Zeeshan: "You can remove the list style and consider section based style with some extra content." Dileepa Kariyawasam: "Good Article and is also very valuable for the sys admins to have." Mark Parris: "Good checklist for DC deployment - now to link an article to every bullet point." Kia Zhi Tang: "Nice Checklist. Thank you for sharing." Eric Berg: "Nice. Thanks" Joseph Moody: "Great list!!" JM: "This is a good article. Suggestion: define all of the acronyms. Lots of readers won't know what they mean."
	M.Qassas	Windows Server 2012: The Boot Configuration Data for your PC is missing or contains errors	Eric Berg: "Well done. Very good advice. Thank you" Joseph Moody: "Great write up! The pictures and media really brought this article together." JM: "This is a very good article, thanks for your contribution." Dileepa Kariyawasam: "Good article." Mark Parris: "Good recovery knowledge." Kia Zhi Tang: "Interesting Fix using Windows RE's tool. Thank you for sharing this Proof-of-Concept. Do you know you can repair by booting into WindowsPE and using BCDboot?"

A huge thank you to EVERYONE who contributed an article to September's competition.

Hopefully we will see you ALL again in October's listings?

If you haven't contributed an article for this month, and you think you can create a more useful, clever and better presented wiki article than the winners above, here's your chance!

Best regards,
Pete Laker

More about the TechNet Guru Awards:

• TechNet Guru Competitions
  

執筆者: Xiaochen Wu (Senior Program Manager)

このポストは、10 月 23 日に投稿された Transactional replication to Azure SQL Database is now generally available の翻訳です。

このたび、Azure SQL Database へのトランザクション レプリケーションの一般提供が開始されました。この機能を使用すると、ダウンタイムを最小限に抑えながらオンプレミスの SQL Server データベースを Azure SQL Database に移行できます。

この機能では、移行元のオンプレミスの SQL Server データベースをパブリッシャーとして構成し、Azure SQL Database を SQL Server インスタンスへのプッシュ サブスクライバーとして構成します。トランザクション レプリケーションのディストリビューターは、パブリッシャーからサブスクライバーにデータを同期します。データやスキーマの変更はすべて Azure SQL Database に反映されます。同期が完了し移行準備が整ったら、アプリケーションの接続文字列を Azure SQL Database を指定する接続文字列に変更します。

移行元のデータベースの一部を移行する場合にもトランザクション レプリケーションを利用でき、Azure SQL Database へのレプリケーションを、移行元データベース内のテーブルの一部についてのみ発行するように制限することができます。移行するテーブルごとに、一部の行や一部の列に限定してデータを移行できます。

詳細については、クラウドの SQL Database への SQL Server データベースの移行に関するドキュメントを参照してください。

トランザクション レプリケーションは、オンプレミスの SQL Server から Azure SQL Database への一方向のデータ同期にも使用できます。双方向のデータ同期や Azure SQL Database からの同期については、複数のクラウドとオンプレミス データベースにまたがるデータの同期に関するドキュメントを参照してください。

執筆者: Corey Sanders (Director of Compute, Azure)

このポストは、10 月 23 日に投稿された Fv2 VMs are now available, the fastest VMs on Azure の翻訳です。

このたびマイクロソフトは、新たな VM ファミリである「Fv2」の一般提供開始を発表しました。この VM ファミリは、コードネーム Skylake で知られる最速の Intel® Xeon® スケーラブル プロセッサをパブリック クラウドで提供するものです。Azure に対しては、金融モデルの構築、科学的分析、ゲノム解析、地熱分布の視覚化、ディープ ラーニングなどを行うお客様から、大規模なコンピューティングに対応できることが期待されており、マイクロソフトは Azure のイノベーションを継続的に進めることで、こうした世界を変革するワークロード向けのコスト効率の高い業界最高レベルのハードウェアを提供することを目指しています。以前発表したもののうち、パブリック クラウドで初めて Tesla P40 を搭載した ND シリーズと、Tesla P100 を搭載した NCv2 シリーズでは InfiniBand 接続がサポートされており、GPU を利用した驚異的かつ圧倒的な演算処理を可能にしています。今回提供が開始される Fv2 では Intel® Xeon® スケーラブル プロセッサを搭載し、CPU による演算処理としては最速の性能を実現しています。

Fv2 シリーズはハイパースレッド対応の Intel® Xeon® Platinum 8168 プロセッサで実行されます。プロセッサのベース クロック周波数は 2.7 GHz、シングル コアでのターボ ブースト時の最大クロック周波数は 3.7 GHz です。最新の Intel スケーラブル プロセッサである Intel® AVX-512 のユーザー ガイドには、単精度浮動小数点演算と倍精度浮動小数点演算のいずれの場合でも、ベクトル処理ワークロードのパフォーマンスが 2 倍に向上すると記載されています。従って、あらゆるコンピューティング ワークロードをきわめて高速に実行できます。現時点では、Skylake を提供している競合他社のクラウドでは、クロック周波数は最高でも 2.0 GHz に留まっています。このため Azure はコンピューティング集中型ワークロードにとって、最新かつ優れたツールが用意された最高の環境となっています。

Fv2 VM には 7 種類のサイズが用意されており、最上位の VM には 72 コアの vCPU、144 GiB の RAM が搭載されています。これらのサイズでは、Azure Premium Storage のディスクが既定でサポートされます。また、クラウド最高クラスのスループットを誇る高速ネットワーク機能を利用でき、VM 間のレイテンシも非常に低く抑えられます。Fv2 VM は Azure で最もコスト パフォーマンスに優れており、コンピューティング集中型ワークロードに最適です。

新たに追加された Fv2 VM サイズの詳細は以下のとおりです。

これらの VM サイズは、米国西部 2、西ヨーロッパ、米国東部の各リージョンで本日より提供されます。東南アジアでも近日中に提供を開始する予定です。新たに追加された VM サイズの活用事例を皆様からお聞かせいただけることを期待しています。

次回もどうぞお楽しみに。

Corey Sanders

こんにちは。Azure サポートの宇田です。
今回はロードバランサー経由の通信が偏る場合のチェックポイントをご紹介します。

Azure におけるロードバランサーの挙動については、以下の投稿もあわせてご確認ください。

• ロードバランサー経由での通信ができない場合のチェックポイント
  https://blogs.technet.microsoft.com/jpaztech/2016/11/23/loadbalancer-troubleshooting/
• Azure のロードバランサーは pre-warming も監視も不要です
  https://blogs.technet.microsoft.com/jpaztech/2017/02/07/azure-lb-pre-warming-and-monitoring/

ロードバランサーの負荷分散方式について

過去の投稿でも紹介している通り、Azure では様々な種類の負荷分散機能を用意しています。

• クラウド サービス (クラシック環境での呼称): リソース マネージャー環境での外部ロードバランサーと同等
• 外部ロードバランサー (ALB / Azure Load Balancer): フロントエンドに Public IP を持つ L4 のロードバランサー
• 内部ロードバランサー (ILB / Internal Load Balancer): フロントエンドに Private IP を持つ L4 のロードバランサー
• アプリケーション ゲートウェイ (Application Gateway): HTTP / HTTPS の負荷分散を行う L7 のロードバランサー
• トラフィック マネージャー (Traffic Manager): 複数のリージョンをまたぎ、DNS レベルでの負荷分散を行うロードバランサー

今回も前者 3 点 (クラウドサービス、ALB、ILB)について扱いますが、これらはいずれもハッシュベースの分散アルゴリズム、つまり各パラメーターから算出されたハッシュ値に基づいて分散先を決める方式を使用しています。ラウンドロビンの方式ではありませんので、2 台のクライアント端末からロードバランサー経由でアクセスを行っても、ハッシュの計算結果によっては同一のサーバーに対して振り分けられる可能性があることに注意が必要です。

ロードバランサー経由の通信が偏る際の確認ポイント

ロードバランサーの "セッション永続化" の設定に応じて、以下の要素がハッシュの計算に利用されます。

• なし: ソース IP / ソース Port / 宛先 IP / 宛先 Port / プロトコル
• クライアント IP: ソース IP / 宛先 IP
• クライアント IP とプロトコル: ソース IP / 宛先 IP / プロトコル

これを踏まえ、ロードバランサー経由の通信が偏る一般的な要因をご紹介していきます。

1. 同一拠点から接続している場合

以下の図のようにオンプレミスの拠点にある複数のクライアント端末から接続を行った場合を考えます。

Azure のロードバランサーに届くパケットの観点では、複数のクライアント端末からの通信はいずれも というソース IP からの通信として認識されます。

この結果、"クライアント IP" や "クライアント IP とプロトコル" の負荷分散方式を利用している場合には、ソース IP が同一な通信となってしまうことに起因して、すべての通信が同一のサーバーへ振り分けられてしまいます。

この場合にはロードバランサーの "セッション永続化" を "なし" として対処しましょう。

(オンプレミスのゲートウェイで NAT に使用しているグローバル IP を複数とすることでも対処可能ですが、こうした方法は通常容易ではありません)

2. リバースプロキシなどが介在する場合

続いて、Web サーバーの手前に Application Gateway などのリバースプロキシが存在する場合を考えます。

上図のように Application Gateway など L7 で動作するリバースプロキシが介在する場合、ロードバランサーには Application Gateway の IP アドレスがソースとなったパケットとして届きます。

この結果、先の例と同様に "クライアント IP" や "クライアント IP とプロトコル" の設定ではハッシュの計算結果に偏りが生じ、通信がきれいに振り分けられないといったことが発生します。(上図の 2 台ずつの構成では、綺麗に 50% ずつに分かれることもあれば、100 % と 0 % といった偏りが生じることも起こりえます。)

Application Gateway などのリバース プロキシと、バックエンドのサーバー台数が多い場合にはハッシュの計算結果が極端に偏ることは起きませんが、上図のような小規模な構成では一方に偏ってしまうことがあることに留意のうえ、必要に応じて "セッション永続化" は "なし" と設定しましょう。

3. "セッション永続化" を "なし" としているのに偏る場合

最後に、"セッション永続化" は "なし" と設定し、かつ何度もブラウザでページを更新しているのに振り分け先が異なるという例をご紹介します。

ページを何度リロードしても一方のサーバーを参照してしまう場合、パケットを採取して見てみましょう。以下のように、ページをリロードした際も同一のソース Port から通信が発生していないでしょうか。

ページをリロードをした際に同一の Port を使いまわすか否かはブラウザの実装に依存するため、全てのブラウザがこのような挙動をするとは限りませんが、Azure のロードバランサーはあくまでも L4 で通信を振り分けるため、同一の値をもとにハッシュを計算すれば、当然振り分け先も同一となります。ブラウザを完全に閉じて再起動するか、複数の端末やブラウザを併用するなどして、正しくアクセスが振り分けられていることを確認しましょう。

[参考情報]

• Load Balancer の分散モードを構成する
  https://docs.microsoft.com/ja-jp/azure/load-balancer/load-balancer-distribution-mode

以上、ご参考になれば幸いです。

※ 本情報の内容（添付文書、リンク先などを含む）は、作成日時点でのものであり、予告なく変更される場合があります。

ビッグデータ管理と分析のための最先端のプラットフォームを提供するCloudera が主催するパートナーおよびユーザーイベントです。今年は、“ビジネスを成功させる「データの力」”をテーマに、拡張性が高くセキュアな情報基盤の構築からデータ分析・活用におけるソリューションや、データの力を最大限に活用するための方法についてご紹介します。

【Cloudera World Tokyo 2017 開催概要】

◆ 開催日時：2017年11月７日（火）
◆ 会場：ANAインターコンチネンタルホテル東京　〒107-0052 東京都港区赤坂1-12-33
◆ テーマ：ビジネスを成功させる「データの力」
◆ お申込みURL：http://clouderaworldtokyo.com/

3 世代にもおよぶゲームが 1 つのゲーム機でプレイできるようになります。『クリムゾンスカイ: High Road To Revenge』 や『NINJA GAIDEN Black』などをはじめとした初代 Xbox で人気のクラッシック タイトルが Xbox One でプレイできるようになりました。

また、 11 月 7 日 に発売される Xbox One X では一部の Xbox 360 用ゲームがオリジナルと比較して 9 倍ものピクセル数で描かれ画質も向上します。Xbox One X で描画が向上するタイトルには『Halo 3』や『Fallout 3』などの人気タイトルが含まれます。

初代 Xbox ゲームの下位互換機能対応について

下位互換機能に対応した初代 Xbox ゲームは Xbox One および Xbox One S では従来の 4 倍のピクセル数で描画されます。また、Xbox One X では 16 倍のピクセル数で描画されます。すでに初代 Xbox のゲーム ディスクを所有していれば、Xbox One にそのディスクを挿入していただくだけでプレイ可能です。また、Microsoft Store で購入することもできます。

初代 Xbox ゲームの下位互換機能対応は、リマスターではなくオリジナルのまま提供されるため、初代 Xboxのオンライン マルチプレイは Xbox One 上の Xbox Live サービスでは提供されません。ただし、分割プレイやシステムリンクを用いたオフライン マルチプレイは初代 Xbox と同様に動作します。また、初代 Xbox にはなかった実績も Xbox One でプレイしても獲得できません。

以下のゲームが Xbox One 下位互換機能に対応した日本語版初代 Xbox ゲームです。また来年春には、新たな対応ゲームを追加予定です。

• クリムゾンスカイ: High Road To Revenge
• デッド トゥ ライツ (ディスク起動のみ対応)
• グーリーズ - Grabbed by the Ghoulies
• THE KING OF FIGHTERS ネオウェイブ
• Ninja Gaiden Black
• Red Faction 2

一部の Xbox 360 ゲームが Xbox One X 上での高解像度化に対応

一部の Xbox 360 ゲームが 11 月 7 日に発売される Xbox One X で 9 倍の高解像度化と広色域に対応します。Xbox One X では “Heutchy Method” と呼ばれる方法により、ゲームのコードを修正することなく既存のデータを用いて Xbox 360 エミュレーター上で美しい描画を実現しています。また、同様の方法を用いて Xbox One および Xbox One S でも画質が向上します。

以下の Xbox 360 ゲームが 11 月 7 日に Xbox One X Enhanced タイトルとして追加されます。

• Assassin's Creed
• Fallout 3
• Halo 3
• The Elder Scrolls IV: Oblivion

Kaum zu glauben: Microsoft Surface gibt es bereits fünf Jahre. Am 26. Oktober 2012 kam das erste Gerät auf den Markt, das Surface RT.

 Wenn man es heute in der Hand hält, erscheint es etwas schwerfällig und der breite Rand irritiert. Der Gedanke entsteht: Wo werden wir in fünf Jahren sein? Um es noch mal auf den Punkt zu bringen: Surface ist Innovation und Design. Es bringt Windows und Office zum Leuchten. Surface hat neue Impulse im Hardware-Markt gesetzt und dem PC erstmalig Glanz und Glamour verliehen.

Auf einmal war da ein Gerät: leicht, funktional, farbig und schön. Es fühlt sich gut an, man kann damit Sachen machen, die man vorher nicht machen konnte. Schreiben und Zeichnen auf dem Display wie auf einem Stück Papier. Das Display abnehmen und damit auf der Couch Videos schauen. Sich einloggen ohne Passwort und vieles mehr.

In Deutschland war das erste Surface zum ersten Mal live auf dem Launch-Event von Windows 8 in Berlin zu sehen. Damals noch geschützt hinter Glas, was die Gäste nicht so lustig fanden, denn sie wollten das neue Device ja schließlich ausprobieren.

Danach hatte Surface viele Auftritte. 2015 auf der großen Bühne in New York als Panos Panay völlig unerwartet das Surface Book hervorholte – einer der größeren Momente der letzten Jahre.

Gerade bei Kreativen wurde Surface über die Zeit immer beliebter. Ob beim Design, in der Mode oder der Kunst – Surface inspiriert Köpfe aus den unterschiedlichsten Bereichen.

<iframe width="760px" height="500px" src="https://sway.com/s/qRJK8afQsKvVk2Rp/embed" frameborder="0" marginheight="0" marginwidth="0" max-width="100%" sandbox="allow-forms allow-modals allow-orientation-lock allow-popups allow-same-origin allow-scripts" scrolling="no" style="border: none; max-width: 100%; max-height: 100vh" allowfullscreen mozallowfullscreen msallowfullscreen webkitallowfullscreen />

Mehr spannende Geschichten und Bilder rund um Surface gibt es in meiner Feature Story und in diesem Content-Paket.

Abschließend bin ich mir sicher: In den nächsten Jahren wird Surface noch viele interessante Geschichten schreiben, Menschen begeistern und schöne Momente hervorbringen. Darauf freue ich mich schon heute!

Ein Beitrag von Irene Nadler
Communications Manager Windows & Devices

Mehr spannende Geschichten und Bilder rund um Surface gibt es in meiner Feature Story und in diesem Content-Paket.

Abschließend bin ich mir sicher: In den nächsten Jahren wird Surface noch viele interessante Geschichten schreiben, Menschen begeistern und schöne Momente hervorbringen. Darauf freue ich mich schon heute!

Ein Beitrag von Irene Nadler
Communications Manager Windows & Devices

If you created an amazing 1:1 bot that you feel that you can share it with your colleagues or that can help them in daily activity, here is a way to add it Channels of different teams.

This article assumes that you created a bot with the Azure Bot Service and you added the bot for 1:1 chat in Teams.

The next step to enable the use of the newly created bot in Teams channels is easy.

You only need to sideload the bot's manifest.

But before that we will need the bot's App ID that you can gather after you login to portal.azure.com -> Dashboard -> Choose your bot -> Settings -> Application Settings -> Open

The bot's App ID will be under MicrosftAppID:

In order to sideload the bot app, you will need the bot's manifest.

Download our sample Simple Bot Package or Full App Package to get started. Each package contains a template manifest with fake data and sample icons suitable for sideloading. These sample packages will not load as-is; you must customize them.

In our example we will be modifying the Simple Bot Package.

After you download it, for a quick utilization, you will need to extract the package and modify the "id", "botId", "name" within the manifest.json file and the thumbnail pictures of your bot if you like.

Of course every other detail can be modified. And after you finished the modifications, save this file with the same name (manifest.json), select all 3 objects (the manifest and the two thumbnail pictures) and add them to a .zip archive.

Note that it's important to save them as a .zip and not a .rar file, because the this is how the sideload app algorithm works in Teams.

Afterwards, go in the Team you want to add the bot, click on Manage Team -> Apps -> Sideload an app.

In the window that appears, browse for the .zip file that you created and let the algorithm do its job:

You will see that the new bot is added:

To use the bot just mention it in any channel conversation from that team:

To remove the bot, just go back in Manage Team -> Apps -> Sideload an app and trash it.

Hope this is useful.

Have a great one! Cheers!