Quantcast
Channel: Remote Desktop Services (Terminal Services) forum
Viewing all 21489 articles
Browse latest View live

RDWEB [Error] 10 Error starting filtering: Could not initialize context from SID

June 11, 2015, 6:40 am
$
0
0

Hi,

I'm asking some help, i have problem with the filtering with RDWEB. We try many things but we can't find the problem. We got always this error, we are using RDS 2012 R2, but we have have 2 domains 2008 R2.


w3wp.exeError02015/06/11 09:20:23 [Error] 10 Error starting filtering: Could not initialize context from SID. SID: ............................................., Error: 0x8007054b
w3wp.exeError02015/06/11 09:20:23 [Error] 10 Error calling NativeMethod to start filtering: Error: 0x80040302

Event viewer:

An account failed to log on.

Subject:
Security ID: IIS APPPOOL\RDWebAccess
Account Name: RDWebAccess
Account Domain:IIS APPPOOL
Logon ID: 0x94331

Logon Type:3

Account For Which Logon Failed:
Security ID: NULL SID
Account Name:
Account Domain:

Failure Information:
Failure Reason:An Error occured during Logon.
Status: 0xC000018B
Sub Status: 0x0

Process Information:
Caller Process ID:0x1250
Caller Process Name:C:\Windows\System32\inetsrv\w3wp.exe

Network Information:
Workstation Name:....................
Source Network Address:-
Source Port: -

Detailed Authentication Information:
Logon Process:Authz   
Authentication Package:Kerberos
Transited Services:-
Package Name (NTLM only):-
Key Length: 0

This event is generated when a logon request fails. It is generated on the computer where access was attempted.

The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).

The Process Information fields indicate which account and process on the system requested the logon.

The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Search

applications availability on RDSHs

June 11, 2015, 9:59 am
$
0
0
in my recent post (yesterday June 10) "isolate" access to RDSH hosts in RDS farm I created kind of abracadabra question by involving RemoteApp and Appv for explanation of my needs.

I want to ask just the basic question about Apps installation on RDSHs and functionnality of connections redirection in RDS 2012 R2 environment.

So...

in evironment with 2 RDSH hosts and 2 brokers (load balancing configured) the same apps are installed on both RDSHs.
What will happen  if third RDSH will be added to the farm but will not have any applications installed?

Would all connections be distributed between 2 RDSHs having the apps and the trird one will not be involved because it doesn`t have any apps.?

or broker will do:
first user will be connected to RDSH1, second to RDSH2 and 3 to RDSH 3 that doesn`t have any application and connection will fail?

--- When you hit a wrong note its the next note that makes it good or bad. --- Miles Davis

Environment Variables

June 11, 2015, 10:28 am
$
0
0

I am trying to set certain environment variables on a Windows 2012 R2 Remote Session Host based on the client machine. I have configured a login script to set the variable, and it does work, but not when set a a login script.

Here is the vb script:

Set objShell = CreateObject("WScript.Shell")
Set objEnv = objShell.Environment("USER")
client=objShell.ExpandEnvironmentStrings("%ClientName%")

Select Case client
Case "Workstation1"
	objEnv("Variable") = "Variable Data1"
Case "Workstation2"
	objEnv("Variable") = "Variable Data2"
End Select

If I run this script, the variable gets set correctly. But if it is set as a logon script, it is not retrieving the client name. I assume this is due to the fact that the terminal session hasn't fully initialized when the script is executed.

I have made sure that 'Run logon scripts synchronously' is disabled and even set a delay in the script, but it still won't work.

Any suggestions would be appreciated.

unable to open an application from the external site

June 11, 2015, 10:59 am
$
0
0

when I clicked the application on rdweb and asks me to type my credentials then an error message comes up "your computer can't connect to the remote computer because the remote desktop gateway server's certificate has expired or has been revoked.  contact your administrator".  it seems communicating to RD server but when the 2nd authentication, it rejects.

this problem only occur from the external site.

i tried to use 2 working public certs but neither one works.  any suggestion.


RDS Applications Opening in Background

June 11, 2015, 1:39 pm
$
0
0

Good Afternoon All,

Session Hosts - Server 2012 R2 STD

I am currently experiencing an issues where all pop up windows that are launched from within a remote application is opened in the background instead of the foreground causing users to believe that the pop up has not opened for the application is not responding.

After some digging I found this to be a known issue with a hotfix available to resolve the issue. I downloaded the hotfix KB2964832, however, the update states that it is not applicable for this server. I verified that the prerequisite update 2919355 is installed.

Any Ideas?

Article documenting issue and hotfix.

https://support.microsoft.com/en-us/kb/2964832

Change location of TS users data folder

June 9, 2015, 5:28 am
$
0
0

Guys, Gals,

I have a Terminal Server 2012 service running, and I would like the default location of authenticated users to change from C: to say E: drive in our server. Right now when users connect, their Home Folders are assigned at C:, I would like all their data to be stored in a bigger partition E:

I know that I have to do it thru the DC server, but I can't seem to find the right Policy location.

Any help is greatly appreciated.

TIA.


Printed PDF files will not leave the print queue

June 11, 2015, 7:21 am
$
0
0

Hi,

I have aproblem thatis presentfor some time. When we print PDF files within a Terminal Server the print job will stuck in the queue and the document name in the queue will change to "Print Document" and is not printed. Other documents like .doc, .xlsx, .txt will print normally.

Is there anybody that can help me to solve this orcan help mein the right direction?

Additional information:
Terminal Server
Guest OS: Microsoft Windows Server 2012 (64-bit)


ThinClient Licensing

June 12, 2015, 12:38 am
$
0
0

We need advisory on ThinClient licensing for the below scenario.

Scenario:

We need to install Linux based thin client set up at our premises and following services will be installed on server:

  1. Remote Desktop Gateway
  2. Remote Desktop Licensing
  3. Remote Desktop Session Host

So what will be our licensing needs whether we required an RDS CAL with Windows Server CAL only or we need VDA rights (for thin client) with RDS & Win Svr CAL ?

Since we also have N numbers of RDS CAL available and installed in Citrix Server to access the Application. So, can we use these CAL and install them in “Remote Desktop Licensing Server” simultaneously.

Search

Remote Desktop

June 10, 2015, 5:57 am
$
0
0
When connecting to Server 2012 as the domain Administrator the desktop constantly refreshes making it unusable. Other users are unaffected. Is there a recent update that's causing this?

Slow outlook 2013 using large office 365 mailbox in terminal server environment - Windows search edb file size

May 20, 2015, 7:43 am
$
0
0

Hi all, i am asking a question because we have this issue on multiple servers so far:

Customers with their own local terminal servers (15 users, RDP to a server session) that have office 365 mailboxes are having issues with the windows search EDB file where it becomes HUGE (80+gbs).

Reason for this is because all these users have large ost files in which they share the same shared mailboxes (site specific for example) and there goes something wrong with the windows search index database file.

Temporarly we solve this by deleting and rebuilding the search index but in mere weeks the database edb file itself is back consuming a lot of space.

We CAN NOT AFFORD to work in ONLINE mode of outlook: the whole experience for end user is horrible. the outlook clients just react real slow because you're constantly working in mailboxes of sizes larger than 20gbs combined. So we managed to cache it for one month, this is plenty for our customer. With result that the OST files are easily using up this space locally per month.

is there any permanent fix to tihs, how can we make our outlook mailboxes work fine on this terminal server without caching? the experience is horrible if we don't cache.

edit: we tried a lot of stuff, archiving, hardware accelerations, ...

Thin Clients, Expired Passwords, RDS OH MY! Failed sign-on when password is forced to change or expired from thin client

November 16, 2014, 1:11 am
$
0
0

Hello everyone... looking for a spat of advice...

(All servers 2012 r2 unless otherwise specified)

(All terminals are Dell Wyse T10D using Connection Broker = Microsoft)

Environment:

3 HA Connection Brokers

3 Session Hosts

2x Domain Controllers (1 Server 2008 R2)

So, my thin client prompts for creds and takes those and passes them using NTLM to /RDWeb/FeedLogin/WebFeedlogin.aspx

I found this after using Message Analyzer and decrypting the TLS packets

When a user's password is expired or forced to change on next logon, i get "RD Sign-on Failed" on the thin client.

Session Collection:

Security Layer: Negotiate

Encryption Level: Client Compatible

No NLA

Any thoughts or help are much much much appreciated!

Computer Solutions Group Lead Engineer www.csgsupport.net

Changing RDS FQDN doesn't seem to work

June 12, 2015, 9:03 am
$
0
0

Hi,

Our users access RDS via rds.company.com, but the connection broker's FQDN is broker.company.local.

I therefore ran the PowerShell script here: https://gallery.technet.microsoft.com/Change-published-FQDN-for-2a029b80 to change the internal FQDN to broker.company.com (and it changed it successfully). But then, instead of the warning message shown in the TechNet article, 2 things happen when the application is clicked, 

1) An NTLM window pops up asking for credentials to log on to broker.company.local, and,

2) After supplying credentials, it *still* comes up with the warning message in the TechNet article.

I don't see any errors in the event log. I also needed to create a HOSTS file entry on the gateway resolving broker.company.com, since it couldn't resolve that FQDN otherwise.

Any suggestions as to why it's still coming up with company.local?

Thanks!

Sam



Can't add user groups to Session Collection

June 2, 2015, 8:52 am
$
0
0

I have recently setup a Windows Server 2012 R2 VM with Remote Desktop Services with the goal of allowing certain colleagues to access remote apps from home.  I've followed install and configuration instructions via Technet and everything seems to be running as expected with one major exception.  When I go to Server Manager > Remote Desktop Services > Collections > Collection > Properties > User Groups and try to add a group from the same domain that the server is joined to I get this error.

"The security identifier could not be resolved.  Ensure that a two-way trust exists for the domain of the selected users.

Exception: The network path could not be found."

This is puzzling to me since the User Group I'm trying to add and the server that Remote Desktop Services is installed on are both in the same domain.

Any help with this would be greatly appreciated as people are waiting on this to be able to access specific programs from home or when mobile.

Configure Server 2012 to automatically start RDS at server start up

June 12, 2015, 9:07 am
$
0
0

At the present time if my terminal server is shut down or reboots for any reason RDS will not restart until I have logged in.  

My SQL server on the other hand does not have this issue and whether I log in or not, the SQL processes restart and my local users are able to access the Db.  My offsite users cannot until I log into the RDS server until I log in therefore we are loosing productivity.

I'm sure I'm overlooking something, how can we fix this. 

Terminal Server 2003 unexpected shutdown afd.sys

June 12, 2015, 1:27 pm
$
0
0

Hi, how are you?

nowI havea TerminalServer 2003 SP2.

inthelast few monthsfrom January toJune, theserverwillrestartunexpectedly7 times.

in thedumpfile,reads as follows:

………………………………………………………………………………………………………………………………………………………

Use !analyze -v to get detailed debugging information.

BugCheck 3B, {80000003, fffff80001026cd0, fffffade57542d50, 0}

Probably caused by : afd.sys ( afd!AfdIssueDeviceControl+1a8 )

Followup: MachineOwner

---------

1: kd> !analyze -v

*******************************************************************************

*                                                                            *

*                       Bugcheck Analysis                                   *

*                                                                            *

*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)

An exception happened while executing a system service routine.

Arguments:

Arg1: 0000000080000003, Exception code that caused the bugcheck

Arg2: fffff80001026cd0, Address of the instruction which caused the bugcheck

Arg3: fffffade57542d50, Address of the context record for the exception that caused the bugcheck

Arg4: 0000000000000000, zero.

Debugging Details:

------------------

EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid

FAULTING_IP:

nt!DbgBreakPoint+0

fffff800`01026cd0 cc             int     3

CONTEXT:  fffffade57542d50 -- (.cxr 0xfffffade57542d50)

rax=0000000000000001 rbx=0000000000000000 rcx=2e41deab04500000

rdx=00000000ffff0031 rsi=fffffade6e6956e0 rdi=0000000000000000

rip=fffff80001026cd0 rsp=fffffade57543568 rbp=fffffade6ed11040

 r8=00000000ffffffff  r9=0000000000000000 r10=0000000000000000

r11=0000000000000000 r12=fffffade6cbc5050 r13=0000000000000018

r14=fffffade575437d8 r15=fffffade6daede40

iopl=0        nv up ei ng nz na pe nc

cs=0010  ss=0018  ds=002b es=002b  fs=0053  gs=002b            efl=00000282

nt!DbgBreakPoint:

fffff800`01026cd0 cc             int     3

Resetting default scope

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0x3B

PROCESS_NAME:  McScript_InUse.

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffffade58fdb0c7 to fffff80001026cd0

STACK_TEXT: 

fffffade`57543568 fffffade`58fdb0c7 : fffffade`58fe4ba0 00000000`ffff0068 00000000`ffffffff 00000000`00000000 : nt!DbgBreakPoint

fffffade`57543570 fffffade`58fd759e : fffffade`6e5dd5e0 fffffade`00000000 00000000`00000001 00000000`0012ca98 : afd!AfdIssueDeviceControl+0x1a8

fffffade`57543630 fffff800`0127f131 : fffffade`6c9e9ca0 fffffade`6c9e9e48 00000000`00000001 00000000`00000000 : afd!AfdBind+0x8a0

fffffade`57543a70 fffff800`0127ec36 : fffffade`57543c30 00000000`0000026c 00000000`00000001 00000000`00000000 : nt!IopXxxControlFile+0xa79

fffffade`57543b90 fffff800`0102e33d : fffffade`57543c30 00000000`00000102 fffffade`57543c30 00000000`00000000 : nt!NtDeviceIoControlFile+0x56

fffffade`57543c00 00000000`78b83e48 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x3

00000000`0016ed98 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x78b83e48

FOLLOWUP_IP:

afd!AfdIssueDeviceControl+1a8

fffffade`58fdb0c7 90             nop

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  afd!AfdIssueDeviceControl+1a8

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: afd

IMAGE_NAME:  afd.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  5387e09d

STACK_COMMAND:  .cxr 0xfffffade57542d50 ; kb

FAILURE_BUCKET_ID:  X64_0x3B_afd!AfdIssueDeviceControl+1a8

BUCKET_ID:  X64_0x3B_afd!AfdIssueDeviceControl+1a8

Followup: MachineOwner

---------

1: kd> lmvm afd

start            end                module name

fffffade`58fa2000 fffffade`58fef000   afd        (pdb symbols)         c:\symcache\afd.pdb\8EC469380B394601B4FC867017344EFE2\afd.pdb

    Loaded symbol image file: afd.sys

    Image path: \SystemRoot\System32\drivers\afd.sys

    Image name: afd.sys

    Timestamp:       Thu May 29 19:36:29 2014 (5387E09D)

    CheckSum:        00053FDF

    ImageSize:       0004D000

    Translations:    0000.04b0 0000.04e4 0409.04b0 0409.04e4

1: kd> lmvm afd

I canindicate that it canbe?
It isafd.sys?

Search

2012 RDWeb - disable storing of credentials

June 12, 2015, 1:55 pm
$
0
0
I have a 2012 RDS environment, where users connect via RDWeb. 
Many users connect from personal devices. When they navigate to remote.domain.com, they are presented with the RDWeb page, and when they enter credentials, IE (or other browser) obviously asks them if they would like to store the password. 

HIPAA requirements say we can not store credentials. We can disable this through group policy on domain computers, but I am looking for a way of disabling the storing of credentials on other non-company devices. I found this article: 

http://stackoverflow.com/questions/32369/disable-browser-save-password-functionality

They suggest adding autocomplete=off, but this is already set in the login page file. I'm wondering how other organizations deal with this same issue.

"isolate" access to RDSH hosts in RDS farm

June 10, 2015, 12:31 pm
$
0
0

RDS 2012 R2 - 2 Brokers 2 RDSHs and SQL in deployment. Using RemoteApp.

I have couple of non standard apps.

I would like to add  one more RDSH for the beginning and install on it just non standard apps. Then I want to publish them as RemoteApps.

1. Let say User1 accessing apps available for him from RDSH1 and RDSH2 in current situation. I add RDSH3 with published Remote App and provide access to User1. If he will access apps published on RDSH1 and 2 I will see one connection in RDS manager to server 1 or 2 and if he will access app that is published from RDSH3 I will see one more connection of this user to server 3.

I guess it will work without any trouble.  Correct?

2. Then I add 10 more users with the same access rights.

Connections to RDSH1 and 2 will be split between both as it is now (by load balancing) because they have the same apps availabel. But the connections opened by the app published from RDSH3 will all made to this machine

In other word can I have different apps on different RDSHs and would it affect brokers? Or everything should be smooth from connection distribution perspectives. Sure Servers load is taking into consideration.

The reason that I want to go this way is to not pollute clean hosts that don't have any installed apps. I deliver Virtual Apps on them and then publish by RemoteApp. Only those Virtual Apps that could not be published as RemoteApp must be isolated in my approach.

Am I on right way by thinking of Apps isolation by RDSHs?

Thanks.

--- When you hit a wrong note its the next note that makes it good or bad. --- Miles Davis

applications availability on RDSHs

June 11, 2015, 9:59 am
$
0
0
in my recent post (yesterday June 10) "isolate" access to RDSH hosts in RDS farm I created kind of abracadabra question by involving RemoteApp and Appv for explanation of my needs.

I want to ask just the basic question about Apps installation on RDSHs and functionnality of connections redirection in RDS 2012 R2 environment.

So...

in evironment with 2 RDSH hosts and 2 brokers (load balancing configured) the same apps are installed on both RDSHs.
What will happen  if third RDSH will be added to the farm but will not have any applications installed?

Would all connections be distributed between 2 RDSHs having the apps and the trird one will not be involved because it doesn`t have any apps.?

or broker will do:
first user will be connected to RDSH1, second to RDSH2 and 3 to RDSH 3 that doesn`t have any application and connection will fail?

--- When you hit a wrong note its the next note that makes it good or bad. --- Miles Davis

unable to open an application from the external site

June 11, 2015, 10:59 am
$
0
0

when I clicked the application on rdweb and asks me to type my credentials then an error message comes up "your computer can't connect to the remote computer because the remote desktop gateway server's certificate has expired or has been revoked.  contact your administrator".  it seems communicating to RD server but when the 2nd authentication, it rejects.

this problem only occur from the external site.

i tried to use 2 working public certs but neither one works.  any suggestion.


RDP to the Windows Server 2012 RDS serve

June 11, 2015, 4:28 am
$
0
0

Hi,

Upon connecting via RDP to the Windows Server 2012 RDS server, we get just a black screen, and after 5-10 seconds it says can’t connect to the computer.

We’ve tried removing and re-adding the RDS Roles, and also changing the security to RDP security layer instead of SSL. This does make a difference in that instead of a black screen, it just doesn’t let you login at all.

I’ve made sure windows is upto date, and rebooted the server and tried from different PC’s, servers etc with the same result incase the RDP connector was somehow not working. Thanks


Viewing all 21489 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>