Quantcast
Channel: Remote Desktop Services (Terminal Services) forum
Viewing all 21489 articles
Browse latest View live

Update KB4534309 broke RDS over Web Application Proxy on 2012 R2 for iOS/Android clients

February 19, 2020, 8:46 am
$
0
0

We have Remote Desktop published through Web Application Proxy, both running on Server 2012 R2.

 

The RDS application in WAP is configured for pass-through authentication so users can connect from both Windows and non-Windows ("rich apps" on Android/iOS/Mac) devices. This has been working for the past few years without issue.

 

After installing recent update KB4534309 (or the rollup that contains it, KB4534297), the non-Windows clients are unable to connect. They show error 0x3000008 during the "initiating remote connection" phase:

We couldn't connect to the gateway because of an error. If this keeps happening, ask your admin or tech support for help.

Has anyone experienced this or figured out a way to fix it?

Search

Windows Search Index does not show more locations for me to choose

February 19, 2020, 8:34 am
$
0
0

OS: Windows Server 2019 Standard

Version: 1809

OS build: 17763.1039

Server is a VM installed on a Windows Server 2019 Standard Hyper-V physical server.

Server has terminal services installed and is being used as a RDP server.

It has the search services feature installed.

The problem is that I am unable to select any of the drives as locations for search indexing. There should be at least a C: D: and F: drive available for indexing, but none are available. I have already click the "Show all locations" button but that added nothing to the list. I have tried logging in as a new user, but that didn't help. I have tried uninstalling and re-installing the feature but that didn't change anything. Server has been rebooted multiple times with no change. I'm really at a loss at this point, any other server 2019 that I try the same process on works perfectly.

Your computer can't connect to the Remote Desktop Gateway server.

February 11, 2020, 3:59 am
$
0
0

Hi!

I've been testing out RDS for our company and have deployed all roles on a single Windows server 2012 R2 (version: 6.3 Build 9600) for testing. It worked for a couple of days but suddenly almost nobody can login in, the users get this error "Your computer can't connect to the Remote Desktop Gateway server. Contact your network administrator for assistance". In the windows log on the server this shows up: "The user "user@domain", on client computer "xx.xx.xx.xx:12345", has initiated an outbound connection. This connection may not be authenticated yet.".

4 different users have tried logging on at home at their home network without success. But somehow it works for me, both at the office and at home on a another computer and a completely different network. And the other user accounts work at my PC even tho none of the computers is connected to the domain that the RDS solution is running on. 

I've tried adding the registry keys LmCompatibility and EnforceChannelBinding but it doesn't work. 

Any thoughts on what i'm missing?

RDS 2016 disconnect in 60 minutes warning with NComputing L300 devices

January 20, 2020, 7:46 pm
$
0
0

We run Server 2016's only but get that same license message  since ~ January 2020 only. We have Ncomputing L300 terminals behind. We use CAL per device with Workgroup only and our RDL diagnosers says there are no issues. Each server is its own licensing server too.

Through gpedit.msc I switched off licensing messages but that has no effect.

Sometimes the terminals get disconnected for ~30 seconds but they come back in the last state, just irritating.

We don't want to give our students admin login rights.

Broker HA setup and DNS

February 20, 2020, 3:55 am
$
0
0

Hey guys,

I guess a simple (stupid) question for the RDS specialist. 
We have one broker and several Session Host servers. There is a DNS entry, lets say "RDS.Domain.local" which is setup for Round Robin. The A record is created multiple times for every RDSH server. So users will use this DNS name to connect to the farm.

When i want to make the broker HA i have to setup Round Robin also for the brokers. Lets say i create a record called "Broker.domain.com". How does a user connect to the farm after the broker HA setup? Will he/she still use "RDS.domain.local"? 
I will use an external CA given certificate for the broker setup, like for example *.domain.com. This will be setup during the 'Broker HA setup' for Single Signon and Publishing. Can i still use "RDS.Domain.local" to connect to the RDS farm from a user point of view? Or will i end up in conflicts because i use .Domain.local (RDSH) and .Domain.com (Brokers)?

Thanks for the answer.

Kr,
AJ


RDS with Azure MFA fails for non-MFA-enabled users

February 20, 2020, 5:00 am
$
0
0

Windows Server 2019 1809 Build 17763,832 Win Defender Firewall disabled

 

I have a working publicly configured RDS-environment with RD GW and a trusted root certificate.

 

I have the NPS-extension installed ok.

 

I have configured

 

On the RD Gateway server:

 

RD CAP Store to 'use central server running NPS'

 

Remote Radius Server Group with ip of the central NPS Server, shared secret, recommended timeouts.

Radius Client with ip of the central NPS Server

 

 Conn Request Policies

 

Network Policy

 

 

On the Central server running NPS:

 

Remote Radius Server Group with ip of the RD GW Server, shared secret, recommended timeouts.

 

Radius Client with ip of the RD GW Server, shared secret, recommended timeouts.

 

 Conn Request Policies

 

The Network Policy on the central NPS Server was not created by me:

 

 

 

 

 

 

Connection Broker SQL setup.

February 17, 2020, 6:49 am
$
0
0

Hi All,

So I understand that you cannot use SQL Express for HA connection broker back end because Express does not have any HA features native to the express version...but..

Can you use SQL Express as instead of WID as an RDS Connection Broker back endwithout any HA setup?

I'm trying to figure out how to create an RDS farm that is TLS 1.2 capable so that it meets our strict security auditing requirements so as I understand I need an SQL connection broker database to achieve this but I don't need HA, I just want to run a SQL Express database locally on my  RDSCB server capable of allowing TLS1.2 level encryption in the RDS farm.

Anyone know if this is possible?

Thanks in advance...

durrie.

File Share Cluster for UPD

February 20, 2020, 7:29 am
$
0
0

Hello everyone,

So im stuck for days on a problem, I have an RDS farm and the file share for upd (single node).

I want to file share cluster for the high availability on the UPD profiles.

So I started creating the cluster on azure.

Each node has 2 hdd for data for the cluster, I have enable ClusterS2D create the disk on CSVFS_REFS format and everything until now is fine. Then I installed the Scale-Out File Server role so the upd will be always available.

Configured a load balancer so can point to the file share role ip, I can connect now with the file share from the RDCB but when I try to add the shared path to  the user profile disk I got this error.

I have set the static ports for RPC on regedit.

#Set RPC dynamic ports to static range setting

 

New-Item "HKLM:\Software\Microsoft\RPC\Internet"

New-ItemProperty "HKLM:\Software\Microsoft\RPC\Internet" -Name "Ports" -Value '50001-51024' -PropertyType MultiString -Force

New-ItemProperty "HKLM:\SOFTWARE\Microsoft\Rpc\Internet" -Name "PortsInternetAvailable" -Value Y -PropertyType "String"

New-ItemProperty "HKLM:\SOFTWARE\Microsoft\Rpc\Internet" -Name "UseInternetPorts" -Value Y -PropertyType "StringDo I need to configure anything on the load balancer?

when i add to the load balancer the rule for port 135 i give me another error.

for the configuration of the cluster i have follow the microsoft documentation.

https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/rds-storage-spaces-direct-deployment

Sorry maybe I didn’t expanding it very good as im new to this things.

Thank you 




Search

Unsolicited Remote Assistance (msra.exe /offera) windows 7 to windows 7

April 4, 2014, 2:54 am
$
0
0

Hello,

I have used group policy to enable Unsolicited Remote Assistance to Domain Computers:

... & set Windows Firewall to allow Remote Assistance:

Logged on to a domain computer, in lusrmgr.msc I can see that the appropriate groups are added to the Offer Remote Assistance group and can telnet "computer name" 135 to that domain computer - group policy as been applied correctly. All PC's are fully up to date with Windows Update.

When I initiate msra.exe /offera to the domain computer I have confirmed *should* work I get:

Image

(There was a problem interacting with COM object 833E4010-AFF7-4AC3-AAC2-9F24C1457BCE.  An outdated version might be installed, or the component might not be installed at all.)

This is in eventvwr.msc of the computer initiating the Remote Assistance session.

How can I resolve this?

Thanks

how to give limited RDP access to application team

February 8, 2020, 11:14 pm
$
0
0

Hi,

I want to create different AD groups and assign RDP with limited permissions e.g. for application team to run different application services etc. similarly to DBAs to to check DB related things. but they should not be able to install anything or restart servers.

please guide

Regards

Ali

W2k16 RDP fails. Event Log RemoteDesktopServices-RdpCoreTS shows error 227 'Failed to create Input devices'

February 20, 2020, 12:54 pm
$
0
0

After the server has been up for a number of days we can no longer login with Remote desktop.

Initially after entering the logon/password an RDP window would open with all of teh video region black.  After about 20 seconds an error dialog box would open:  "Failed to reconnect to your remote session.  Please try to connect again."

Repeated attempts to connect all fail.

I am able to mount the servers C: drive and view files.

I tries restarting any service that looked related to RDP.

I no longer get the black screen and the logon fails silently.

I compared the Event Log messages from a working system and a failing system.

The 1st divergence is the 36th event (out of 106 in the working case).

The error event is ID-227

'Failed to create Input devices in CUMRDPConnection::NotifySessionId ' at 1976 err=[0x80070102]

This error in Visual Studio "Error Lookup" translates to "The wait operation timed out."

In the working case the 36th event is ID=66 "The connection RDP_Tcp#27 was assigned to session 2."

A reboot always recovers, butt hat is not acceptable.  I see that many others have posted similar problems with RDP.

Please advise.

RD Connection Broker 2012 R2 -> 2016 Upgrade

February 20, 2020, 2:13 pm
$
0
0

Hello, I've been searching high and low for an answer to this with no luck... it seems to me, that the only published and supported way to do this upgrade is via an in-place OS upgrade.  That's not an option for us.

Short of completely rebuilding new Connection Brokers and re-creating all the Deployment related settings, is there any way to do the upgrade of my brokers using new servers, and not using in-place OS upgrade to get it done?

Thanks!

Mark

Remote app: hide server local drives & map client drives with drive letter

February 21, 2020, 2:24 am
$
0
0
Hello all,

We've setup an RDS farm with 6 RDS host servers on server 2016.

The application itself cannot see network drives, only mapped drives (aka with a specific drive letter). 
Passing through a users drive to the remote host works fine, but I'm looking for a way to automatically map this drive to a drive letter for the specific user.
Can this be done? And how?

Also, I would like to hide the servers physiscal hard drives, so users don't get confused and to keep things lean.

What are the best practices to accomplish this? 

Many thanks!
Alex

Could not create the template VHD. Error Message: 800391115

December 21, 2017, 2:44 am
$
0
0

I am trying to enable user profile disks on a Remote Desktop Services collection (Windows Server 2016). I created a share on a cluster of two Windows 2016 servers as a Scaled Out File Server. (Both servers in the cluster are fully patched and the validation report doesn't return any errors.)

The share is accessible from the RD broker, and all the relevant servers have permissions to write to the share. (I've even tried giving Everyone full control). But I get this error when I try to enable the user profile disks on that share:

I saw this thread, but as you can see, there are no dashes in the share name.

I've also tried adding the user profile disks in Powershell, but I get the same error.

Any ideas?

Thanks,

David


RDweb used to work but now says The user name or password is incorrect...

February 17, 2020, 7:26 am
$
0
0

Hello,

Serer 2012 R2 used to allow remote connections through RDweb via internet. I am still able to login to the server on the internal network via RDP. I have been through and checked all the deployment options and SSL certs within server manager. I can access the web page fine, but its not letting me login with this error

The user name or password is incorrect. Verify that CAPS LOCK is off, and then retype your user name and password. If you continue to experience problems, contact the person who manages your server.

I have tried both logging in using both credential formats domain\user user@domain.xx.xx.

I have been through the event logs and cant see anything related. 

I have no gateway server. 

I have checked the firewall rules so RDP is allowed. 

Has anyone got any suggestions on how I can track down the issue?

Thanks

Search

Remote Desktop License Manager - Configuration issue (not a member of TSLS Group)

February 11, 2020, 12:16 pm
$
0
0

Hello,

I am trying to install the RD License manager on a member of computer in AD. The AD Schema is Windows Server 2016 and this member computer is Windows Server 2019.

I have successfully installed the role and activated the server, added the member computer in the BUILTIN "Terminal Services License Server" group but in the configuration page I get the message "the system cannot determine if the license server is member of tsls group".

All the required ports are also open as specified by : https://support.microsoft.com/en-us/help/832017/service-overview-and-network-port-requirements-for-windows#method53

Does anyone have a similar issue or know how to solve this? I dont want to install any CaLs if the service has any errors.

Regards,

Tony

antonis michael

Users fail mostly connecting to load-balancing farm, but only when going through a VPN

February 6, 2020, 8:50 am
$
0
0

Hello everybody,

A customer runs Windows Server 2019 terminal server farms. From the local network, everything is fine. Users get perfectly connected and load-balanced to the RD servers. However, if the log on to the domain through a VPN (TMG 2010) which does not block any traffic, they can only only sometimes connect to the farm. When they fail, their Windows 10 RDP client just yields an "internal error" without being more specific.

We checked already:

* TMG does not block anything coming from the VPN to the inner servers or vice-versa. We also tried temporary firewall rules allowing any traffic in both directions.

* DNS resolution and contact to the domain controllers is fine from the LAN and through the VPN. There are DNS A records for each RD server, and for each RD server there is a DNS A record with the farm name, pointing to each of the RD servers, for DNS round-robin.

* The RD broker (a separate server) load-balances the users just fine.

* The clients get a DHCP address for their VPN connection from VPN, also just fine.

* The clients CAN connect every time to the old 2008 R2 server farm which did not load balance. When they try to connect to a 2019 farm (with each farm consisting of 4 RD servers and its own broker and licensing server), the only connect sometimes, the other time failing with the "internal error".

* The clients connect (locally and through VPN) using the same .rdp file pointing to the farm name. The do not use RDWeb currently, nor a RD gateway.

We have the suspicion (although not proved 100% yet) that the users can connect when a RD redirection is not needed/requested by the RD server that they initially contact via DNS round-robin.

Is such a symptom known? Does anyone have a clue what is happening here?

Best Regards, Stefan Falk

Impact of Remote Desktop Services on Network Throughput

February 21, 2020, 12:18 pm
$
0
0

Impact of Remote Desktop Services on Network Throughput

Environment:

VMware vSphere 6.7.0.40000

Windows Server 2016 v.1607 Build 14393.3504

     VMXNET3

Ubuntu 

     VMXNET3

iperf3 3.1.3

     16 streams

Test results:

Before RDS:  25.1 Gbits/sec send & receive

After RDS:      8.25 Gbits/sec send & receive

Is this reduction a function of RDS or the network. I have been unable to find any documentation that lays out the relationship between the two. What I have found "Performance Tuning Remote Desktop Session Hosts" is thin on details. This is a "session-based" implementation to alow large data sets (~4TB) to duplicated and distributed to targed file servers. The number of clients would never exceed 8. Is it possible to effect the throughput?

Mapping SharePoint on Windows Server 2016

February 11, 2020, 4:58 pm
$
0
0

Ran into a couple of issues getting SharePoint mapped for our users but was able to get those resolved once I installed the WebDAV svc on the server. I was able to the map the drive for each user and verified it was working properly. 

Fast forward a few days, and I had a handful of users reach out to me saying that they couldn't access the mapped SharePoint drive. I checked each of their profiles, and all of them were getting the error that access was denied and they needed to reach out to their network admin. I remapped the drive for each user, and they were able to access it fine. The last user I decided to dig a little further on. I disconnected and remapped the drive, verified that it was working properly, logged off and back on to see if the drive would hold. If you are familiar with SharePoint and mapping it as a local drive, you are aware that every restart/shutdown/log off event will force you to reauthenticate to SP on the drive. However, this did not occur. The drive icon was still green as if the session never closed properly and when you went to launch the drive the document library was empty. No force to reauthenticate and no docs. Close File Explorer and attempt to get back on the drive, "access is denied, contact network admin" error.

Very odd behavior, even for SharePoint. I'm curious if anybody else has ran into this? We previously used a Citrix platform and never ran into this issue. To summarize the issue again; User can access mapped drive to SharePoint, ends session, begins another session, can't access the drive.

Any help would be awesome!

roaming remote desktop profiles

February 12, 2020, 2:42 am
$
0
0
tell the users and computers in the active directory in the rest, I indicate the user the path to the roaming profile of the remote desktop, but this does not work, the profile was local and remains when connected to the terminal server. terminal server 2008. found an article that this path does not work since Windows 2012 and younger and you need to edit the registry and specify the key fQueryUserConfigFromDC. but I have a terminal server 2008, why doesn’t this path work?
Viewing all 21489 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>