Posts from November 2013

The Case of Remote Desktop Services Random Disconnections

If you are running Windows Server 2008 R2 servers and you find yourself randomly being disconnected from RDS (Remote Desktop Services) sessions on your servers, or sometimes find your servers completely inaccessible you could be impacted by an issue as a result of servicing order (AKA, the order in which you install Windows Updates). The issue effects servers running Windows Server 2008 R2 with Service Pack 1 and with KB2667402 (Update for Terminal Service Denial of Service Vulnerability).

This is something I thought I had written about already as it effected us in a big way at work due to the way in which our virtual machine images were compiled but it seems actually, I hadn’t.

In Windows Server 2008 R2 RTM, the file version of the rdpcorekmts.dll file in Windows Server 2008 R2 RTM is 6.1.7600.16952. In Windows Server 2008 R2 with Service Pack 1, the file version of the rdpcorekmts.dll file is 6.1.7601.17767 and the file version of the rdpcorekmts.dll file after installing KB2667402 is 6.1.7601.17828.

If as a result of servicing order, you installed the KB2667402 update prior to installing Windows Server 2008 R2 Service Pack 1, the file version of rdpcorekmts.dll is downgraded from the KB2667402 version number to the SP1 version number and the hotfix is in essence removed. This causes the Remote Desktop Services service to fail and terminate itself repeatedly as the service believes that there is an attempt to modify it’s files occurring and as a failsafe, shuts down remote access.

In order to resolve the issue, Microsoft re-released KB2667402 as KB2667402v2 which allows you to re-install the update after an installation of Service Pack 1 to bring the file version back up to 6.1.7601.17828 and to allow the Remote Desktop Services service to work again as normal. Trying to re-install the original release of KB2667402 will result in a message that the update is already installed and does not apply to this computer.

You can download the version 2 release of the update from the Microsoft Download Center at http://www.microsoft.com/en-us/download/details.aspx?id=29169. The update is 327KB and requests a reboot, however you can install the update and delay the restart by simply manually restarting the Remote Desktop Services service. You should still restart the server at some point in time though as the pending reboot will block operations such as installation of roles and features.

Deploying Windows Server 2012 Primary Computer Setting

For companies (or homes) using roaming profiles and folder redirection, Microsoft gave you are great new feature in Windows Server 2012 called Primary Computer. This feature hasn’t been talked about that much although it really should have been. The Primary Computer feature allows you to define the primary computer for a user in Active Directory on a user object. Once applied to a user account it prevents the distribution of their roaming profile on non-primary devices and for folder redirection, disables the ability to sync the folders with Offline Files for non-primary devices.

So What is the Benefit

This is ideal for several reasons. Firstly, it helps to reduce profile corruption for roaming profile users when roaming between machines which may be running different versions of Windows or different architectures. Also for roaming profile users, it greatly improves logon and logoff times for non-primary devices. If a user is logging on to a kiosk computer for example, they don’t need their roaming profile and they probably just want to access a service or application quickly so why wait for it? For users of folder redirection, this means that the user is able to access their files when the computer is on the network and can access the file share resource which hosts those redirected folders, but they are non cached using Offline Files. For the business, this is a great security benefit as it means that somebody logging on to a temporary machine isn’t going to be caching all of those files, files which they could potentially leave on the train or in an aeroplane overhead locker. For laptops which typically have small hard disk capacities this is useful for both roaming profile and folder redirection scenarios as it means that you aren’t pulling down potentially gigabytes of data to the local machine clogging up the disk.

Implementing Primary Devices Using Active Directory Administration Center

First, launch the Active Directory Administrative Center and navigate your OU structure to find the computer object for the computer that you want to make primary for a given user, or if you already know the machine name, use the search feature to locate it.

Primary Computer Finding Distinguished Name

From the computer account object, scroll down to the bottom of the view and select the Attribute Editor tab. Scroll through the list of attributes to find the distinguishedName attribute and select the View button to show the full DN.

Primary Computer Copy Distinguished Name

On the String Attribute Editor, right click the pre-highlighted text and select the Copy option from the context menu. Cancel out of the Attribute Editor and cancel out of the computer object view.

With the DN of the computer now in the clipboard, find the user that you want to make this the primary computer for either by searching or again, navigating your OU structure.

Primary Computer Set User msDS-PrimaryComputer

On the user account, do as we did with the computer account a moment ago, scroll down and select the Attribute Editor tab. Scroll through the list of attributes until you locate the msDS-PrimaryComputer attribute then click the Edit button. Right-click in Value to Add box and select Paste from the context menu to paste in the DN of the computer then select the Add button.

Click OK to close the Multi-Valued String Editor dialog then click OK to exit out of the user account properties. Your work here is done.

Implementing Primary Devices Using PowerShell

Out of the box, there is actually no neat way of implementing Primary Devices using PowerShell. To do it, we have to plug a few Cmdlets together. Firstly, get the attributes for the computer and store them in an object. $Computer = Get-ADComputer Computer1 (where Computer1 is the name of the computer). Next, we map the computer that we just stored in the $Computer object to the user. Set-ADUser User1 -Add @{‘msDS-PrimaryComputer’ = “$Computer”} (where User1 is the name of the user). With those two Cmdlets out of the way, the partnership between the user and the computer should now be done, but we can verify this with the following Cmdlet. Get-ADUser User1 -Properties msDS-PrimaryComputer

Configuring Folder Redirection and Roaming Profiles

Now that we’ve setup Primary Computer attributes for some users, it would probably be a good idea if our Group Policy settings for Roaming Profile and Folder Redirection actually honoured these settings and only transferred out the data to the users’ primary computers. The setting for Folder Redirection is available as both a User Setting and a Computer Setting in Group Policy whereas the Roaming Profile setting is only available as a Computer Setting. Because of the fact you can’t apply both of these policy settings from a single policy if you decide to use user targeting, my advice is to apply this as a computer policy. It makes good sense to keep these two settings together as it means you can see that you are applying the Primary Computer setting to both roaming profiles and folder redirection in one view and it means you can give your Group Policy Object a meaningful name like Primary Computer Roaming Settings or the like.

From the Group Policy Management Console, navigate to the Computer Configuration > Administrative Templates > System. From the System node, you will find the Folder Redirection and User Profiles nodes.

Inside the Folder Redirection node, enable the Redirect folders on primary computers only policy setting. Inside the User Profiles node, enable the Download roaming profiles on primary computers only setting.

Storage Spaces Inaccessible After Windows Server 2012 R2 Upgrade

Windows Server 2012 R2 has some nice new features and improvements on existing features for users of Storage Spaces so there is a definite appeal for users of Windows Server 2012 to want to upgrade to Windows Server 2012 R2.  If you opt to do an in-place upgrade to preserve your existing Storage Spaces so that you can get your service up and running with the hope of being able to use them straight off the bat in Windows Server 2012 R2, you may encounter an error Read-only by user action and you need to perform some corrective steps to use them again.

Storage Space Read-Only User Action

This is what your Storage Spaces may look like if you open the Storage Spaces control panel item after the upgrade. As you can see, the spaces are in-tact and will report all of the space names and capacity from prior to the upgrade but instead of being online as you are used to seeing, you instead have this information icon and a message alongside the pool capacity indicator Read-only by user action. This is a built in protection feature of Windows Server 2012 R2 which takes your Storage Spaces offline by default after an upgrade. We just simply need to bring them online to use them. This is very similar to how in Windows Server 2003, a disk connected from an external system from a software RAID set could be marked as Foreign and the configuration of the disk needs to be imported first.

Changing the Storage Pool Status to Read/Write

To do this, open an administrative PowerShell prompt. At PowerShell, enter the two Cmdlets as follows:

Get-StoragePool | Where-Object {$_.IsReadOnly -eq $True} | Set-StoragePool -IsReadOnly $False
Get-VirtualDisk | Where-Object {$_.IsManualAttach -eq $True} | Set-VirtualDisk -IsManualAttach $False

If you forget to elevate the PowerShell prompt by running it as an administrator you will get access denied responses to the two Cmdlets as you aren’t running the Cmdlets with your administrative rights. Simply close PowerShell and re-open it by right-clicking and using the Run as Administrator option.

Bring the Storage Spaces Online

Once you’ve entered the Cmdlets above, returning to the Storage Spaces control panel applet now, you will see the information shown has updated.

Storage Space Offline by Policy

As you can see, the Storage Spaces are now reporting their status as OK but they are marked as Offline by Policy. To change this and to bring the Storage Spaces online, simply click the Bring Online option next to each Storage Space and it will be brought online and granted a drive letter.

Check, Verify and Reminder

It’s important to note here that the drive letter assigned will be the next free letter and not perhaps, the drive letter that you used on the previous installation of Windows Server 2012. If you have a requirement for the Storage Space to be on a particular letter then you will need to go into the Properties of the individual spaces after it has been brought online and change the letter.

It’s also good to remember that any file shares you had on these Storage Spaces may be un-shared through the upgrade process so you should check the existence of your shares either by using the Properties on the drive or folder which you needed to be shared or by using the Share and Storage Management administrative console.

Once you’ve got your Storage Spaces all brought online after the actions above, you should be looking like normality again as shown below.

Storage Space Online Normal

Hopefully someone out there finds this useful and it saves at least a few hair extractions from taking place after a Windows Server 2012 to Windows Server 2012 R2 in-place upgrade. Now it’s time to go and enjoy those new features.

KMS Activating Windows 8.1 and Server 2012 R2

With each new release of Windows client and server operating systems nowadays, comes an update required to allow your on premise KMS host to activate those new operating system servers and clients using volume license activation.

After the general availability on Windows 8.1 Enterprise client and Windows Server 2012 R2, Microsoft released the update for KMS host for Windows Server 2008, 2008 R2 and 2012 to allow these down level operating systems to activate the latest and greatest.

You can get the download for the update from http://support.microsoft.com/kb/2885698. Installation of the update requires a KMS Host restart and you will need to obtain a new KMS Host key from your Microsoft Volume License Center account. Instructions for applying the new key with slmgr.vbs is given on the link above.

Windows 8.1 and Windows Server 2012 R2 use the KMS Client key by default after installation so you shouldn’t need to change anything to get your clients activated, but in case you need them, the KMS Client keys for all operating systems supporting KMS are available from http://technet.microsoft.com/en-us/library/jj612867.aspx.

Windows Server 2012 Essentials PPP RAS Adapter Registration in DNS

Today, I was looking at an issue where one of my clients at home was reporting that the server was unavailable yet other clients were working perfectly fine. The client in question was a Surface Pro tablet running Windows 8.1. This issue turned out to be the Routing and Remote Access PPP RAS Adapter registering in my Windows Server 2012 Essentials domains’ DNS in addition to my local network adapter. Here’s how to spot the issue and to resolve it.

My server is named BGWSE1 and lives on a static IP Address of 10.10.10.201 in a 255.255.255.0 /24 subnet.

On the client I pinged the server by IP address to verify that it was indeed online and was able to be returned by the client which it was. I then tried to ping the server by name which returned a response also, but it wasn’t on the first pass that I noticed that the IP Address was different. The IP Address returned was 10.10.10.30. Strange I thought to myself as this is an IP Address inside my DHCP scope which I run on the server using the start address of 10.10.10.10 and an end address of 10.10.10.50.

I logged on to the server and looked in the DNS Management Console and sure enough, there was a second DNS A record registered for the server with the IP Address of 10.10.10.30 but where had this come from as the timestamp on the record was static and not a date and time stamp as seen on most records. I deleted the record as I knew I didn’t want it there and I refreshed the console and no sooner as I had refreshed the console, the record re-appeared.

Running ipconfig from the server, I saw a second network adapter for the PPP RAS connection with, you guessed it, 10.10.10.30 as it’s IP Address.

I Bing search later and the problem now appears to be resolved thanks to a Microsoft Support KB Article which dated back to Windows Server 2003 entitled Name resolution and connectivity issues on a Routing and Remote Access Server that also runs DNS or WINS (http://support.microsoft.com/kb/292822). I have only actually followed step one which is to add the record to the DNS service parameters to instruct the DNS service to only publish a given IP Address for the server. I’ve restarted the DNS and Routing and Remote Access services multiple times since making the change and the secondary DNS A record for my server BGWSE1 has not re-appeared.

 

Windows Server 2012 Essentials Folder Redirection on Windows 8.1

As all good IT Pros have done, I’ve upgraded my home client computers from Windows 8 to Windows 8.1. You have upgraded your machines to Windows 8.1 right?

As I frequently proclaim and preach on here, I run Windows Server 2012 Essentials on my home network, acting as my DNS Server, DHCP Server in addition to the out of the box features that you can get from Windows Server 2012 Essentials like roaming profiles, folder redirection, automated computer backups and network file sharing (all of which I use).

When I was building out a test environment this week to practice how I might migrate from Windows Server 2012 Essentials to Windows Server 2012 R2 Essentials without the benefit of a second server with 19TB of available storage to hand (how many homes do have 19TB of storage let alone a spare 19TB) I was experiencing an issue.

As part of my testing, I built a Windows 8.1 Pro virtual machine to simulate a desktop or laptop client computer. I built a Windows Server 2012 Essentials server as a second virtual machine on which I recreated my group policy settings and a mock up of my Storage Pool and Storage Spaces on my production server. After installing the Windows Server 2012 Essentials Connector on the Windows 8.1 client and logging in for the first time as a user configured to use roaming profile and folder redirection, I noticed that the roaming profile was working but the folder redirection was not.

I spent a while pouring through event logs on the client wondering why folder redirection wasn’t working, looking at GPMC (Group Policy Management Console) wondering if I’d done something silly like moved a link on a GPO preventing it from working until the penny dropped. Windows Server 2012 Essentials applies a WMI Filter named SBS Group Policy WMI Filter to the SBS Group Policy Folder Redirection GPO which is created when you implement Group Policy via the Server Dashboard.

Windows Server 2012 Essentials Original WMI Filter

This WMI Filter is setup as SELECT * FROM Win32_OperatingSystem WHERE (Version LIKE “6.1%” or Version LIKE “6.2%”) AND ProductType = “1”. For those who are now also dropping the penny or those who can’t make head nor tail of a WMI Filter, Windows 8.1 increments the operating system version number from 6.2 (Windows 8) to 6.3 (Windows 8.1), therefore the GPO isn’t applying to any of the Windows 8.1 machines on my network because this filter limits the scope of the Group Policy Object to explicitly Windows 7 and Windows 8 operating systems.

The solution to making this work is pretty simple in that we just need to update the WMI Filter so that it includes Windows 8.1 as we know that basic features like roaming profiles and folder redirection are going to work so I’m not worried about something breaking here.

I’ve decided to change my WMI Filter to include operating systems greater than or equal to Windows 7 rather than add another or statement to include Windows 8.1 For me, the WMI Filter now reads SELECT * FROM Win32_OperatingSystem WHERE (Version >= “6.1%”) AND ProductType = “1”.

Windows Server 2012 Essentials New WMI Filter

 

After making the changes and running a gpupdate command on a Windows 8.1 client computer, the group policy magically springs back into life and things start working. Firstly, I’m amazed that I haven’t noticed this being a problem on my home clients which I guess is a testament to my gigabit throughout home network pushing the files directly back to the server rather than caching them locally with Offline Folders first. Secondly, I’m surprised that this hasn’t been updated with a patch or update to Windows Server 2012 Essentials but perhaps this is a cattle prod for customers to upgrade to Windows Server 2012 R2 Essentials?

Windows Azure to Overtake Amazon as Cloud Computing Leader

My attention was brought to a greenbutton.com (http://www.greenbutton.com/blog/index.php/2013/10/30/why-windows-azure/) today when it was tweeted by @WindowsAzure (https://twitter.com/WindowsAzure/status/400669888823697408) in which the author, Dave Fellows speaks of how they believe Windows Azure is going to overtake Amazon as the leader in cloud computing within two to three years.

My personal feeling is that I agree with what Dave is saying. Windows Azure has been gaining steam and momentum significantly over the last year as Microsoft has increased the amount of work and effort it’s putting into virtualisation and cloud for the on premise private, mash-up hybrid and all out public cloud software architectures.

Microsoft are traditionally late to a party but when they arrive, they do it well and they do it big. As I’ve made public knowledge recently on my blog here, I worked on a Windows Azure project recently to deliver my companies public website on the Platform as a Service public cloud infrastructure using a CMS product called Sitecore. The experience was really good both when dealing with pre-sales to engage with Microsoft and discuss the opportunity of Windows Azure, and also with Premier Support Services who were really good at helping us get to where we needed to be on the couple of occasions we ran into issues. For clarity, we ran into issues because of soft limits imposed on Azure subscriptions to prevent customers from inflicting giant bills on themselves by provisioning lots of service without considering the ramifications, not because of any practical issues such as performance or loss of service.

As the integration with products and services like System Center Data Protection Manager, System Center Virtual Machine Manager and AppController all improve as I’m sure they will beyond the 2012 R2 releases, this story is only going to get better. The Azure VPN feature already allows customers to expand their on premise networks and private clouds into Azure and future services of this nature, allowing customers to adopt public cloud but in a private and secure manner will promote adoption for those customers who aren’t quite ready to take the leap of faith into public-public.

 

November 2013 Rollup Update for Windows 8.1 and Windows Server 2012 R2

Microsoft have today released KB2887595 which is a 199.7 MB rollup update for Windows 8.1, Windows 8.1 RT and Windows Server 2012 R2.

You can see the release notes for the update and the updates included within it at http://support.microsoft.com/kb/2887595. The update looks tasty including one update which sounds of interest for users of roaming profiles which addresses incompatibility issues between profiles initially created on earlier versions of Windows (KB 2890783 http://support.microsoft.com/kb/2890783).

Although not explicitly mentioned in the notes, it will be interesting to see if the hang issues some people (including myself) have been experiencing with Internet Explorer 11 are resolved?

Configuring the Windows Azure Alerts Preview Feature

As part of the project I’ve been working on for the last six months to deliver a new public website (hint www.primark.com) using Windows Azure we needed to be able to monitor the site performance and alert on warning and critical thresholds for certain counters. At the start of the project, our intention was to use SCOM (System Center Operations Manager) as the cleanest way to get data out of Windows Azure but by the time we went live two weeks’ ago, Microsoft had made available the Windows Azure Alerts feature preview.

Under normal circumstances, SCOM would’ve been a no brainer decision for us as our operational teams use and rely on SCOM already so they are familiar and comfortable using it however with the website, we had a challenge – the third-party.

Setting up SCOM 2007 R2 to monitor Windows Azure sounds really complicated when you read the TechNet article for it at http://technet.microsoft.com/en-us/library/gg276377.aspx however it’s actually pretty simple, something which I’ll cover in a later post on the subject, however as I mentioned, our project involved a third-party development partner who needed to receive the alerts also once we went live. In SCOM, you configure this using an SMTP Subscription to email the alerts raised by the management pack to those who need it, but this would result in our Exchange platform joining the critical path for the monitoring of the website, something which I didn’t want ideally as the architect for the project. Imagine the conversation explaining how you missed a website outage or performance degradation because Exchange was down 😮

Fortunately for me, Microsoft came up trumps with the Windows Azure Alerts preview feature just weeks before I was about to go live with the SCOM management pack configuration for production although I had already configured it for our staging environment by this point.

Windows Azure Alerts allows you to configure SCOM like thresholds and evaluation periods for usage counters and metrics from your Azure services and in turn, generate email alerts for them. This has allowed me to remove Exchange from our critical path for website monitoring because the email alerts are generated directly at source in Windows Azure.

To get started with Windows Azure Alerts, firstly, open your Cloud Service, Web Site, SQL Azure Database or whatever you’d like to monitor in the Windows Azure Management Portal. Once open, select the Monitor tab from the Windows Azure Dashboard.

Azure Cloud Service Monitor

Once you’re on the Monitor tab, select the monitor that you would like to generate alerts for. If the monitor you want to use is not listed then you need to update, amend or possibly even start the configuration of diagnostics. Look at the MSDN page, Collect Logging Data by Using Windows Azure Diagnostics to get started.

Azure Cloud Service Add Rule

With the monitor highlighted, the contextual bottom navigation now shows an option Add Rule. Click this to open the rule definition wizard.

Azure Alert Define Rule

In this rule, I’m configuring monitoring for high CPU utilization on a Cloud Service. Give the rule a name and a description. These are included in the email alert you are sent in the event that the rule is triggered so make sure that it’s something you or people receiving the alert can relate to. Once entered, click the arrow to go to page two.

Azure Alert Define Conditions

On page two as shown above, you configure the conditions for the rule. In the case of CPU usage, I’m going to monitor on CPU usage over 80%. Rules are evaluated over a time period before they breach. This is ideal for CPU and memory counters as it means that you won’t be alerted for momentary peaks in demand due to activity occurring in the service but will be alerted for sustained period of high draw. Here, I am setting the evaluation period to the default option of five minutes.

Under the sub-heading Actions, you define whether a single email address (which could be a distribution list) or all of your Azure administrators and co-administrators receive the email alert from the rule. As we have a number of people such as project deployment engineers and developers accessing Azure and the only people who need to receive the alerts are the operational teams, I elected to enter an email address for a distribution list and not all of the subscription administrators and co-administrators.

The last option is the tick box to enable the rule which is checked by default. Click the success tick button to complete the two step wizard and the rule will be created.

Azure Management Services View Alerts

Switching context to the Management Services pane in Azure allows you to see a list of all of the alerts configured for the subscription be they for Web Sites, Cloud Services, SQL Azure Databases or more. Here, I only have one configured but in our production subscription we currently have 10.

There is currently an imposed limit of 10 alert rules per subscription while the feature is in preview. I’ve been meaning to call Microsoft Azure PSS (Premier Support Services) for a week now to see if we can get this limit raised as we would like to create a few additional rules but I haven’t got round to it yet. If I manage to do this, I’ll be sure to let you all know.

So there you have it. How to create email alerts for performance thresholds as you would do with SCOM, directly in Windows Azure removing the need to configure an extra management pack in your SCOM environment and removing critical path dependencies from your internal systems to receive alerts for Windows Azure services. I’m looking forward to this feature coming out of preview and into production service hopefully with a few extra bells and whistles.

Windows Phone is Best for Business

In this post, I’m going to cover the contentious topic of smartphone selection and why I think that Windows Phone is best for business. For the purposes of this test, I’m going to pretend that Android doesn’t exist and compare Windows Phone against the Apple iPhone and to level the playing field, I’m going to pit the Nokia Lumia 925 against the Apple iPhone 5S 16GB.

Handset and Tariff Pricing

First thing first, I’m going to look at price as money is what makes businesses work. Using an O2 Business plan price, the cheapest way to get the Apple iPhone 5S 16GB handset free is on a 24 month contract at £39.17 per month giving you unlimited UK landline and mobile calls, 1GB mobile data and unlimited text messages. A plan over the same 24 month term with the same entitlement to unlimited calls and text with 1GB data for a free Nokia Lumia 925 handset is £30.83 a month, a saving of £8.34 per month per handset issued in the business. Over the 24 month term, that’s a saving of £200.16 per handset issued.

Some businesses don’t like leasing the handsets as part of the network contract and like to buy them SIM free so that they own the asset outright from day one which I can understand. Using consumer prices from Expansys, the iPhone 5S 16GB retails for £599.99 and the Nokia Lumia 925 for £399.99, a saving of £200 making it the same as the saving over the 24 month contract. For some business who like higher ROI (Return on Investment) and to sweat their assets, you could run either handset for 36 months or longer if you wanted.

Handset Specifications

Not such a point for the accountant but for the consumer of the device is specification. I carefully chose the iPhone 5S 16GB against the Lumia 925 because they both have 16GB of internal mass storage making them balanced on this point. The Nokia Lumia is slightly heavier than the iPhone at 139g verses the 112g of the iPhone but both of these phones are super light. I use a Nokia Lumia 820 currently which weighs in at 160g and is a smaller phone than the both of these two up for review.

The Nokia Lumia 925 has a 4.5″ screen with a 1280×768 resolution whilst the iPhone has just 4″ at 1136×640 resolution. This amounts to a 326 ppi (Pixels Per Inch) DPI on the iPhone whilst the Nokia Lumia has 334ppi making the Nokia better than even the much touted Retina display on the iPhone. The Nokia Lumia 925 uses an AMOLED screen which produces super vibrant colours and is easy to view in sunlight too whilst the iPhone uses an IPS LCD which does reproduce colour marginally more accurately than the Nokia but also consumes more power to run making the 2000 mAh (Milli Amp Hour) in the Lumia 925 even more desirable and the somewhat lacklustre 1570 mAh battery in the iPhone 5S less appealing. For consumer and business, this effectively means less electricity consumed charging the phone as you’ll need to charge it less often in the case of the Nokia Lumia.

The Nokia Lumia 925 can be upgraded with an official Nokia Qi wireless charging shell for £17 plus £32 for the Nokia desktop wireless charger. The iPhone 5S still doesn’t feature wireless charging and if you wanted it, you need to go down the third-party route which results in about the same cost to implement as the Nokia but is still third-party so don’t expect friendly support from Apple if something goes wrong with your battery as a result of using it with a Qi solution.

Business Use

As we’re comparing these handsets for their corporate and enterprise value, this is the main selling point. Firstly, Windows Phone is a great, simple and easy to operate interface. The interface is so great, that Apple event took some of the design cues in the latest iOS 7 from Windows Phone, flattening the interface, de-cluttering it’s previous 3D everywhere effects. Apple fans haven’t exactly been in love with the new style but us Windows Phone users have been enjoying it for several years now already.

For business users, Windows Phone gives you what I think is the best, least complicated to use email apps out there. You get conversation view, the ability to turn off, on and customize your out of office message (something that you cannot do with the iPhone as Apple don’t license this feature of Exchange ActiveSync) all making you life, triaging your inbox easier and faster to achieve. If your company makes used of Information Rights Management and users are sending and receiving RMS protected email messages and you use Exchange Server 2010 then you can read the protected messages on your phone too.

If you work in a Windows office environment then you will no doubt already be using Office and even if you are in a Mac environment then you will potentially be using Office for Mac 2011. Windows Phone gives you the full suite of Office applications including Word, Excel, PowerPoint and OneNote built-in allowing you to not only receive and read documents but in the cases of Word, Excel and OneNote, you can also author documents on the move.

If your company uses SharePoint Server for an intranet or document version control and storage solution then this can be published securely to the internet and accessible through the Office hub on Windows Phone. When configured correctly, Windows Phone can automatically translate internal document links sent to you via IM or email into the published address so that you can still access those documents while you are mobile and great quality Lync, Yammer and Skype apps allow you to stay in touch and collaborate and communicate with people in your company. All of this works perfectly whether you are an on-premise customer or an Office 365 tenant customer.

When it comes to apps, Windows Phone is based on the same code development languages as Windows 8. This means that if you have internal or contracted software development teams working to write apps for the desktop or even Windows RT tablets in your environment, modifying the code of those apps for a mobile experience is super quick, saving huge amounts of time and potential re-education compared with re-writing or converting apps into Objective C for Apple iOS. Instead of having to re-write the inter functions of the application, you only need to modify the interface to suit the mobile experience.

By registering your Windows Phone handsets with a company account under the settings menu, you can access a Windows Phone company app store that the company can publish to install available Windows Phone company apps too.

The Windows Phone Start screen is 100% customisable, not just moving standard, lifeless squares around like the iOS home screen. Windows Phone apps can have Live Tiles, icons that represent the apps showing highlight or latest information right there on your home screen, you can re-arrange and re-size those tiles to build an interface and style that suits your working needs giving you access to the apps you need faster and more informed before you even enter the app with the information from the Live Tile. Some apps, you don’t even need to launch because the information on the Live Tile could be all you need, like the weather or calendar apps or it could be a line of business app showing you daily sales or some other kind of important data or metric.

You can configure your most important apps to appear on your lock screen so that you can see notifications or even full data from your apps so you can decide if you even need to unlock your phone to dig deeper. A new feature added in the last update allows you to use the Glance feature so those of you using your smartphone as a watch don’t need to evenness the power button to see the time as it will appear on the screen automatically as you withdraw the phone from your pocket or bag.

Nokia Lumia phones include the fantastic Nokia Drive satellite navigation software which has really good mapping and directions so those road warriors in your corporations no longer need to worry about using and charging a separate device for getting around. Based in London? The excellent Bing Get Me There app allows you to get notifications of problems on the tubes and you can even get recommended alternate routes to avoid network issues.

Personal Use

Okay, I’ll admit it, this is where Windows Phone suffers slightly. The app eco-system for Windows Phone is continuously improving as Windows Phone develops more market share and software app writers start to take more notice of it and develop applications for it, but right now, it’s not where it should be really. I’m not a huge app user on my phone so this doesn’t bother me, but it may bother some people. Core essentials like Facebook, Twitter (although I’d recommend Rowi instead), Instagram and Angry Birds exist but some of the other apps you may be used to on iOS won’t exist. If you like games then Windows Phone is certainly great for you because of the integration with Xbox Live and you can even earn Xbox Live gamer points by playing a large number of the titles available via the Windows Phone Store.

This section is short not because I’m trying to avoid the topic but because this is a Windows Phone for Business post so the point of personal use, whilst important for companies that allow users of company mobile devices to do this, isn’t the point of the article. I’ll summarise here with Windows Phone has a lot of great apps; just not as may as Apple in their App Store right now.

Whilst this may not sound like a truly personal thing to say, but with the slightly lagging nature of the Windows Phone Store verses the Apple App Store, it actually means that you can use your business smartphone for business without the continual distraction of time-wasting apps that you’ve probably got installed on your iPhone if you have one right now. Yes, it’s nice to break up that work time sometimes, but if you pull out your phone to do something for work, you should stay on doing that something for work and not distracting yourself with a quick blast on Candy Crush or Farmville.

IT Management and Policy Enforcement

If you aren’t using anything in your business to manage mobile devices such as an MDM (Mobile Device Management) solution then you should probably take a look at one. If you are using Exchange ActiveSync device policies to manage your devices currently then Windows Phone is defiantly for you. Windows Phone is the only platform which truly honours a number of the device policies which you can apply as an administrator .

If you are using a full MDM solution such as Good Technology then you’re in luck as they provide their mobile app for Windows Phone too. If you are using Configuration Manager to manage your on premise device estate (the Gartner leader for Client Management may I add) then you would be wise to look into Windows Intune, a cloud based service, providing MDM for your BYOD (Bring Your Own Device) personal devices or even non-domain joined company owned CYOD (Choose Your Own Device) devices. Configuration Manager 2012 SP1 or even 2012 R2 combined with Intune give you a single pane of glass management viewport for your desktop and mobile devices and allow you to manage policies on both device types simultaneously. Whilst Intune does support Apple iPhones and iPads, to get the best from it right now, you want to be on Windows Phone.

Software Updates

Both Microsoft, the makers of Windows Phone and Apple, the makers of the iPhone release regular software updates. Both devices are able to download their updates OTA (Over the Air) without the need for a physical connection back to a PC with the relevant software installed. If I had to call it, I would say that Microsoft are generally more responsive at releasing security fixes for vulnerabilities found in the operating system but with this said, Apple have defiantly upped their game with respect to security so the two could become equal on this point before we know it.

Wrap up

I hope that this post has been informative in helping companies large or small who may be on the fence right now as to which direction to take their corporate mobile strategy. It’s been a whistle stop tour of comparing the cost of ownership of an iPhone (a 5S 16GB in this case) verses a Windows Phone (a Nokia Lumia 925), the specifications of the handsets and some of the many benefits for business of using Windows Phone with an existing Windows and Microsoft stack based environment.

Windows Phone is still fairly in it’s infancy compared with Apple’s story and I think that as time passes and the Windows Phone story will get better, stronger, more compelling, there will be even more benefits to using Windows Phone. With the recent purchase of Nokia by Microsoft, pending regulatory approval, there may even be some great new things to look forward to as the two companies become one hopefully harmonising the Windows, Surface and Windows Phone brands.

References

Just in the event that any of my maths over pricing or over specifications come under scrutiny here, here’s a list of links and sites I used for my fact finding: