Quantcast
Channel: Remote Desktop Services (Terminal Services) forum
Viewing all 21489 articles
Browse latest View live

Windows Server 2019 RDS Errors After Domain Controller Change

February 3, 2020, 9:45 am
$
0
0

We had an existing Windows Server 2019 with Remote Desktop Services connected to a Windows Small Business Server 2011 that was acting as a domain controller.  Everything worked fine.

The SBS 2011 was recently replaced by a new Windows Server 2019 domain controller.  The new domain controller has the same name an IP address, so the old domain controller (SBS 2011) was removed, and the new one put in its place (Windows Server 2019)  We rebuilt the trust relationship between the existing RDS server and the new domain controller by running the PowerShell command on the new RDS server

Reset-ComputerMachinePassword -Server {server name} -Credential {domain\Administrator}

That worked fine for connecting the RDS to the new domain server.  However, when users try to login to the RDS Server using Remote Desktop, they get the error:

"The requested session access is denied".

The server manager on the RDS Server reports the following errors when a user tries to login to the RDS Server using Remote Desktop.

Error # 1280  Source: Microsoft Windows Terminal Services SessionBroker Client: :: Remote Desktop Services failed to join the Connection Broker on server SERVERNNAME.domain.local. Error: Current async message was dropped by async dispatcher, because there is a new message which will override the current one.  
Error # 2056 Microsoft Windows Terminal Services Session Broker :::
The Remote Desktop Connection Broker server could not enumerate the targets for the provider named NULL from the database.
Pooled virtual desktop collection name: NULL Error: Logon to the database failed.
Error #226  Microsoft Windows TerminalServices ClientActiveXCore ::: RDPClient_SSL: An error was encountered when transitioning from TsSslStateDisconnected to TsSslStateDisconnected in response to TsSslEventInvalidState (error code 0x8000FFFF).

I researched these error codes but did not get too far.  Any help would be appreciated.

Michael

Search

Remote Desktop Services ( Terminal Services) change domain controller

February 24, 2020, 8:03 pm
$
0
0

Hi,

I have got the following scenario and would like to change the domain controller on the Remote Desktop Session host server.

1. 

Domain Name - xyz.local

SVR01 ( It is remote desktop session host and license server )

2. 

Domain Name - abc.local

Requirement

I would like to move users, groups, GPO from xyl.local to abc.local domain without losing the user profiles settings and apps configuration in SVRRDSH01. 

I will be decommissioning the domain xyl.local. 

What would be the best method to complete the migration?

Random disconnections from an RDS host and Remote Desktop Services Diagnostic Tool

February 24, 2020, 7:25 pm
$
0
0

Hi guys,

I have a Windows Server 2016 with RD Broker and RD Session Host roles. Users connect to this RD Session Host via another server with Remote Desktop Gateway role installed. In other words first users connect to a remote desktop gateway and then are redirected to a remote desktop session host (terminal server).

There are four users who work on that server and one of them sporadically gets disconnected from the server. 

When it happens that user can see this message. 

 

I checked local network connectivity as well as WAN link - all good and no dropouts.

I installed Remote Desktop Services Diagnostic Tool but struggling to interpret an output. 

What user failed to logon means if that users indeed logged in but just gets disconnected sporadically?

Thanks and Regards,

RDweb used to work but now says The user name or password is incorrect...

February 17, 2020, 7:26 am
$
0
0

Hello,

Serer 2012 R2 used to allow remote connections through RDweb via internet. I am still able to login to the server on the internal network via RDP. I have been through and checked all the deployment options and SSL certs within server manager. I can access the web page fine, but its not letting me login with this error

The user name or password is incorrect. Verify that CAPS LOCK is off, and then retype your user name and password. If you continue to experience problems, contact the person who manages your server.

I have tried both logging in using both credential formats domain\user user@domain.xx.xx.

I have been through the event logs and cant see anything related. 

I have no gateway server. 

I have checked the firewall rules so RDP is allowed. 

Has anyone got any suggestions on how I can track down the issue?

Thanks

Connection Broker SQL setup.

February 17, 2020, 6:49 am
$
0
0

Hi All,

So I understand that you cannot use SQL Express for HA connection broker back end because Express does not have any HA features native to the express version...but..

Can you use SQL Express as instead of WID as an RDS Connection Broker back endwithout any HA setup?

I'm trying to figure out how to create an RDS farm that is TLS 1.2 capable so that it meets our strict security auditing requirements so as I understand I need an SQL connection broker database to achieve this but I don't need HA, I just want to run a SQL Express database locally on my  RDSCB server capable of allowing TLS1.2 level encryption in the RDS farm.

Anyone know if this is possible?

Thanks in advance...

durrie.

Server 2019 Standard Terminal Server, some older users need "larger" text and icons

February 12, 2020, 7:08 am
$
0
0

Just put in a brand new Windows Server 2019 Standard Terminal Server at a client. Some of the partners in the firm are of an advanced age and their eyesight is no good. However other's are in their 20's and can see very well.

I tried searching for and and it seems microsoft had a solution for 2008 R2 and then nothing after.

Any way to get that on Windows Server 2019?

Remote Desktop License Manager - Configuration issue (not a member of TSLS Group)

February 11, 2020, 12:16 pm
$
0
0

Hello,

I am trying to install the RD License manager on a member of computer in AD. The AD Schema is Windows Server 2016 and this member computer is Windows Server 2019.

I have successfully installed the role and activated the server, added the member computer in the BUILTIN "Terminal Services License Server" group but in the configuration page I get the message "the system cannot determine if the license server is member of tsls group".

All the required ports are also open as specified by : https://support.microsoft.com/en-us/help/832017/service-overview-and-network-port-requirements-for-windows#method53

Does anyone have a similar issue or know how to solve this? I dont want to install any CaLs if the service has any errors.

Regards,

Tony

antonis michael

RDS with Azure MFA fails for non-MFA-enabled users

February 20, 2020, 5:00 am
$
0
0

Windows Server 2019 1809 Build 17763,832 Win Defender Firewall disabled

 

I have a working publicly configured RDS-environment with RD GW and a trusted root certificate.

 

I have the NPS-extension installed ok.

 

I have configured

 

On the RD Gateway server:

 

RD CAP Store to 'use central server running NPS'

 

Remote Radius Server Group with ip of the central NPS Server, shared secret, recommended timeouts.

Radius Client with ip of the central NPS Server

 

 Conn Request Policies

 

Network Policy

 

 

On the Central server running NPS:

 

Remote Radius Server Group with ip of the RD GW Server, shared secret, recommended timeouts.

 

Radius Client with ip of the RD GW Server, shared secret, recommended timeouts.

 

 Conn Request Policies

 

The Network Policy on the central NPS Server was not created by me:

 

 

 

 

 

 

Search

RDS 2019 application proxy externally

February 14, 2020, 12:43 am
$
0
0

I have setup a RDS 2019 environment with the following roles.

- RDS Gateway and Web Access on one server

- Connection Broker

- 2 Remote Desktop session host servers

- RD licensing server on DC

- Application proxy on ADConnect

- Outbound ports are open to Azure AD

I followed this document.

https://docs.microsoft.com/bs-latn-ba/azure/active-directory/manage-apps/application-proxy-integrate-with-remote-desktop-services

When i log in internally to office 365 and open the On-premise application for remote desktop everything works fine

When i log in externally to office 365 and open the on-premise application for remote desktop i get the error "The computer can't connect with the external computer because authentication with the firewall is failed. Because the references from the firewall are missing".

There seems something is wrong in the firewall, but i configured the outbound ports. Do i configure more in the firewall for this ? Am i missing something else ?


Remote Desktop Services - Users prompted twice when launching remote App

February 25, 2020, 4:18 am
$
0
0

I am currently testing RDS in our environment on 2019 servers. I followed this guide to set this up.

https://www.anotherwindowsblog.com/2018/02/building-redundant-microsoft-2016-rds-farm-netscaler-part-1.html

I applied a wildcard certificate for all the services. 

When the user logs on to https://rds.mycompany.com/rdweb with domain credentials he is prompted for another login to the RD Gateway. 

 

The RDweb service is running on the same host as the RD Gateway. I have come across applying group policy, trusted sites etc. But my issue here is the users will be logging from a non-domain joined home PCs. Please help.

Event ID 50 & 56

February 25, 2020, 5:08 am
$
0
0

Dear All,

I'm Receiving above error in Event Logs in every 1-2 Hrs,

I have tried all like below settings.
        1. Offload Receive IP Checksum
        2. Offload Receive TCP Checksum
        3. Offload TCP Segmentation
        4. Offload Transmit IP Checksum
        5. Offload Transmit TCP Checksum
        6. IPV4 Checksum Offload
        7. Large Send Offload v2 (IPV4)
        8. Large Send Offload v2 (IPV6)
        9. Receive-Side Scaling
        10. TCP Checksum Offload (IPV4)
        11. TCP Checksum Offload (IPV6)
        12. UDP Checksum Offload (IPV4)
        13. UDP Checksum Offload (IPV6)
Disabling Chimney / RSS
Netdma Disabled through registry,..  but still im receiving Event : 50 errors.

If any one having solution, please let me know. Thanks in Advance.

Regards
Ashfak


upgrade OS on connection broker

February 25, 2020, 5:39 am
$
0
0

Hi guys,

i have 2 connection broker server with 2012 R2 configured on ha mode. So i need to upgrade this server to 2019 because i will need to use 2019 as host server.

i have saw this document

https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/upgrade-to-rds#flow-for-deployment-upgrades 

but it's not clear, i need  remove the server from HA group, upgrade OS, after upgrade the second server without remove the HA group and finally add the first server to HA group again? it's the correct procedure? 

thanks

Andrea

Windows Server 2019 RDP license

February 25, 2020, 5:57 am
$
0
0
Hello,

 

We bought a license for 50 users, which works well as we can use tens of active ones, but still logs in the login error that it expires in 116 days because the rd server is not configured but on the license tab green it says that there is a license for 50 users. The License Management Test Module writes 0 user licenses ....
Has anyone ever encountered such a mistake?

 

Thanks in advance,
Zsolt

How to allow Terminal Server logon scripts to use PowerShell full language mode?

February 25, 2020, 8:50 am
$
0
0

Hello everybody,

At a customer's site there is a PowerShell logon script set for users via GPO. The users log on to Terminal (RDP) Servers. PowerShell seems to be in restricted language mode at least for normal users. However, the logon script must use features not available in PowerShell restricted language mode.

How can we have the logon scripts in full language mode please?

Best Regards, Stefan Falk

Point a 2008 TS to itself for licensing

February 14, 2020, 9:54 am
$
0
0

Hi

I have a 2008 R2 TS that I need to stay around for a few more weeks. Trouble is that is was pointing to a 2008 TS license server that was decommissioned recently. I have the license agreement info and I would like to point this TS server to itself for CALs. 

No users are getting denied right now, but I want to be sure that won't happen.

TYIA

Search

Broker HA setup and DNS

February 20, 2020, 3:55 am
$
0
0

Hey guys,

I guess a simple (stupid) question for the RDS specialist. 
We have one broker and several Session Host servers. There is a DNS entry, lets say "RDS.Domain.local" which is setup for Round Robin. The A record is created multiple times for every RDSH server. So users will use this DNS name to connect to the farm.

When i want to make the broker HA i have to setup Round Robin also for the brokers. Lets say i create a record called "Broker.domain.com". How does a user connect to the farm after the broker HA setup? Will he/she still use "RDS.domain.local"? 
I will use an external CA given certificate for the broker setup, like for example *.domain.com. This will be setup during the 'Broker HA setup' for Single Signon and Publishing. Can i still use "RDS.Domain.local" to connect to the RDS farm from a user point of view? Or will i end up in conflicts because i use .Domain.local (RDSH) and .Domain.com (Brokers)?

Thanks for the answer.

Kr,
AJ


Add-in is available, but not loaded. The managed add-in loader failed to initialize for MS Office Prof Plus 2016 on Windows 2019 Server Standard

February 25, 2020, 12:01 pm
$
0
0
Hi,

I need help.  I have a third party add-in and I have installed on Windows 2019 Server Standard with change user /install on cmd.   I even have Office Shared Features and Office Tools installed.  The third party add-in shows up on the add-in list, but not on the toolbar and it's not listed under the Active Application Add-ins under Add-ins, but it's showed in the Inactive Application Add-ins.  I also try to select COM, under Manage, and I can see the third party add-in, but when click OK, it stills won't show up on the toolbar.

Does anyone encounter anything like this?  Please help!

TB

Query Logged In Users of remote RDS Servers

February 25, 2020, 2:00 pm
$
0
0

Hi All

A bit of a strange one. This function has worked in the past, but seems to have stopped. Server 2016 Datacenter. RDS servers set up in a farm, RDS1, RDS2, RDS3 and RDS4. I am able to log on to RDS1, and run the following command:

Query User /Server:RDS2

And I can get a list of all users logged on to the remote server. However, when I try to run the command asking about RDS4, I get the following result:

Error 0x000006BA enumerating sessionnames

Error [1722]:The RPC server is unavailable

I am able to log in to RDS4 and run query user, and it shows me the list of logged in users just fine. I am able to query the other servers from RDS4 successfully. The error seems to happen only when querying RDS4 from 1, 2 or 3. I have tried running the command with the NETBIOS name, as well as the IP and the FQDN. Still get the same result. I have disabled the firewall and AV (Symantec) and still fails. Tried disabling all the third party services and rebooting, but still fails. Tried running sfc /scannow and dism /online /cleanup-image /restorehealth. Both ran through fine and didn't say they fixed anything, but rebooted anyway and still failing. Looking online, there are a lot of references to a certain registry key that needs to be enabled:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\AllowRemoteRPC

This key is set to 1, and has been rebooted. I am logged in as domain admin on all endpoints. The servers will have been created from a single image that was sysprepped, so is it possible that there is a old NETBIOS name somewhere in the registry? Starting to run low on things that I can try to find out what is happening, so Im hoping that someone here has seen this before or has an idea on something we can try.

Thank you for looking, and for your help.

James

RDS Per User CALs usage in Azure AD environment

February 25, 2020, 2:27 pm
$
0
0

Hello RDS experts,

I have few confusions here regarding configuring RDS in Azure AD. I'm aware of complete configuration w.r.t on premise. How different is it configuring RDS in complete Azure AD environment?

Also regarding RDS CALs,

1. How different is it configuring and making RDS Per user CALs work in Azure AD set up?

2. How different is it tracking Per User CALs in Azure AD?

3. For Azure AD joined machines, 'Domain' specification is defined as 'Workgroup' when checked in system properties! Does this create any issues in configuration, usage or tracking of Per User CALs here?

Apologies and correct me if I have got into a lot of confusion.

Thanks in advance!

Thanks & Regards,

CSR.

Best Regards, Srujan C.

Server 2019 RDS administrative session shadowing works, but shows a black shadow window

February 12, 2020, 12:38 pm
$
0
0
Hi there !

On a Server 2019 properly set up as a domain member with activated RDP services ("quick access" method), the "collection" is displayed correctly in the server manager; including the registered non-administrators or the normal remote desktop users.

The server is currently in the evaluation phase and only runs for 7 days. Neither CAL's nor product keys are entered, but that shouldn't matter at the moment, right?

Click right Mouse click on a user provides the option "shadow". When triggered, the correct small dialog comes and the window also opens. But it is white and when you enlarge the window you see a black picture with a white square in the middle. => the shadwing works, but shows nothing reasonable.

There is an RDS tool from Lizard, which delivers the desired monitoring result perfectly on another server 2019, which is single, i.e. not a domain member. Of course, I also installed this on the domain member server and expected success. But this tool also led to the absolutely identical result as the session monitoring via collection: black screen with white square in the middle.

The domain has the 2008R2 level.

The additional test carried out on both servers with the installed RDS Manager 2008 (tsadmin, that's fine!) Led to the result that everything works perfectly except for the session seal: there it also works perfectly up to the short dialog window and then it says " Access denied! ".

Can someone - best of all from Microsoft perhaps? - tell me what's going on?

It makes no sense to start up a new terminal server whose sessions the administrator cannot monitor.

With regards
Chris
Viewing all 21489 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>