I have a group policy in place that among other things, it has enabled User configuration\Policies\administrative templates\Windows components\Windows explorer: "No computers Near Me in Network Locations" AND "No Entire Network in Network Locations" enabled.

We have placed a shortcut in our Point of Sale software that opens a folder mapped to the X drive.

I have Windows explorer locked down so they don't get a navigation pane. In the address bar is "computer>Folder(servername\folder)

They can click on the computer and they get "this folder is empty". OK so far. If they click the "up" arrow it takes them to the desktop where you have the user system folder, libraries, the shortcut we put on the desktop to access the Point of Sale software and the network locations "system folder" where they can browse out and see all the computers on the network! I even have the policy enabled that hides network locations on the desktop, but it still appears here.

Looking at the users desktop, there is only the shortcut we placed there.

I have set permissions to prevent access to all the shares I've found so far. The former admin had a bad habit of using the everyone group. Is there a way to prevent access to the "desktop" when hitting the "up arrow" in Windows explorer? Maybe a way to remove the "up Arrow"?

TIA

DDS

Hi

I have a questions:

With using a DNS round robin and a broker. Where is the fault detection? everywhere I look for best practices for setting up a broker it always talks of using DNS RR with Broker load balancing.

So if I have 4 records for RDSFarm (10.0.0.1 / 10.0.0.2 / 10.0.0.3 / 10.0.0.4)

If 10.0.0.1 is down and my client resolves 10.0.0.1, whether there are 3 other clients and an active broker........

How is this HA? or even a viable load balancing solution at all?

RGS

We have a 2012 server with RDWeb, RDGateway, and RDCB roles installed:  rds.domain.LOCAL

We then have another 2012 server that is a RDSH: rd1.domain.LOCAL

The gateway server has a wildcard cert installed for *.domain.COM and I have installed RDCB HA and set the HA name to rd.tvotech.COM which is the same hostname being externally used by clients to connect to RDweb/RDGateway.

So now if I log in from a Windows 8 machine, or from my Surface RT, it is seamless and opens without issue...

But if I log in from a Windows 7 machine, after clicking Connect I get prompted to authenticate again (despite having already authenticated via RDWeb) and then I get a warning popup letting me know that there is a certificate mismatch and the computer name is rd1.domain.LOCAL...  Why is the name of the actual RDSH server getting shown to the client at all, shouldn't that be hidden?

Going to test from an XP machine and a Mac now, but any ideas on why the Win7 box can't seamlessly connect would be great...

Thanks!

Wes

I understand RDS is not recommended on DC due to security consideration.  However since I want to play it at home, it is not much a concern.  Such scenario works fine on Windows 2008 R2.  But on Windows 2012, the RDS (session-based, have not tried VDI, but expect same result) installation always fails and is incomplete on DC. 

In \Administrative Tools\Terminal Services, I only have RD Licensing Diagnoser and RD licensing manager.  The remote desktop service management service cannot be started (Error code: 0x88250001).  Is there any extra configuration needed for RDS working on Server 2012 DC or before the installation?  Thanks.

hi,

can i use a 2008r2 remote desktop license server for my new windows server 2012 remote desktop session host?
or must the license server also by a 2012?

thx + kind regards
schtebo

I have two Win 2K8 R2 Domain Controllers and a Win 2K3 sp3 DC in my test domain. I also have setup a one-way trust with an account domain.

If I connect to a memberserver in my test domain with RDP I can use an account from the trusted domain. It takes a long time but after two minutes I get the desktop. In this way I can only use the allowed two administrative connections.

Because I need more connections I installed the role Remote Desktop Services on a member server. I also installed a RD License server and added 5 user CAL's to it.

Unfortunately I cannot logon to this RDP server with an account from the trusted domain. It fails with a message "The specified domain either does not exist or could not be contacted". I checked the DNS on my test domain controllers. The Win 2K8 R2 DC's have conditional forwarders defined to the account domain and the Win 2K3 SP3 DC also has forwarders defined for the account domain. The RD server has two DNS configured (only the Win 2K8 R2 DC's). I also disabled NetBios over TCP-IP.

The production domain consist of three Win 2K3 DC's and one W2K3 terminal server. This domain has a one-way trust to the same account domain. I don't have the same problem there.

Two questions:

1: why is RDP logon so slow if I use a trusted domain account?

2: why is it impossible to logon with a trusted account when RD services are installed?

Thanks in Advance.

Hylke

Hello guys,

I'm wondering, because we are struggling a bit with this one: how do you guys (in thin client environments) on RDS 2012 (or 2008) publish applications in a Terminal Server full desktop environment?

So let's assume this scenario:

• We have 15 users who use Publisher
• We have 35 users who use Outlook

With Citrix, this scenario is straightforward. With RDS however, it is a bit more complicated, so we are wondering how you guys tackle this one.

Or is Windows Server RD  these days only viable for Remoteapp (web published scenario's?)

With kind regards,

Sven

Hi All,

Remote Users are unable to change the settings for zones it is grayed-out, I turned off the IE ESC for users and admin but no luck. I saw the below link but not sure because it is applying on current user not for all user, am I right?

http://windowsxp.mvps.org/ie/flags.htm

Thanks

Agha

We build turn-key solutions for customers, and for years, we have been doing this. What I am looking for is a script-based method of performing the following actions:

1. Install Remote Desktop Services Session Host
2. Configure some "standard" settings: IdleTimeOut, Disconnected session behavior, temporary folders, encryption levels and such

My understanding, with w2k12, is all of this must be done to a Session Collection.  I have a PowerShell script that performs the install of Remote Desktop Services - Session Host, Connection Broker, and Web Access (Add-WindowsFeature RDS-RD-Server, RDS-Connection-Broker, RDS-Web-Access) while NOT on a domain, and now I am stuck trying to configure it.

When testing with this server on my production domain, I can get the following command to run: ($strFQDN is populated in the script)

New-RDSessionDeployment -ConnectionBroker $strFQDN -WebAccessServer $strFQDN -SessionHost $strFQDN

Once off of the domain (which is a requirement for customer server builds, not allowed to be on my domain, or any until it is at the customer site) I cannot get this command to function as expected. I am presented with the following output:

New-RDSessionDeployment : Validation failed for the "RD Connection Broker" parameter.
<ServerName> Unable to connect to the server by using Windows PowerShell remoting. Verify that you can
connect to the server.
At C:\scripts\ConfigureRDS.ps1:23 char:1
+ New-RDSessionDeployment -ConnectionBroker $strFQDN -WebAccessServer $strFQDN -Se ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,New-RDSessionDeployment

The answer provided here (http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/cbffb2d4-ff9d-49ee-a9ce-a60db2262422) is simply a cop-out, as to why this was so poorly designed. Yes, more people are moving to the AD world. Why in the world could that be used a justification to just completely bend over your smaller customers? Or, customers that provide a value-add on your products? But, I digress...

Thoughts? How can I accomplish this VERY simple task WITHOUT putting this system on a Domain? (Well, very simple in Windows Server 2003/8/8R2)

Hi Everyone,

I have a big problem with me RemoteApps on TS Web Access:( I added some aplication like  calculator ,wordpad and others. They only works  when i use admin user with full rights, and when i use a test user with minimal rights they don't work ;/ I click on the icon of a aplication and on preview  i see that serwer logs on the user but in the same seconds he logs out form server.I can't give all users admin rights, i need help;/ Sry for me English;/ 

Somebody can help me for fix this problem?

Thanks.

Hi,  I'm currently building a Windows 2008 R2 Remote Desktop Session Host Farm. One of the business requirements is to allow audio and video playback and I've followed all the steps outlined in the following article to the letter:

http://technet.microsoft.com/en-us/library/dd759165.aspx

When I - and my pilot users - log on to the RDSH Farm we get the speaker showing as avalable in the taskbar and to all intents and purposes everything looks fine.  I can play wav files in Windows Media Player but not much else, which unfortunately is not a lot of good for my users.

If anyone has any thoughts or recommendations, I'd appreciate them.

Hello,

I have a machine running Server 2012 Standard with RDS enabled and Win7 Pooled Desktops.  The Virtual Desktops work fine, but noticed that they aren't activated. 

What is the process for activation? 

What key should I use? 

Do I have to purchase a Win7 key for each Virtual Desktop?

My Boss spearheaded this type of setup and said that our RDS CALs should be enough for them to activate, but I'm not sure how that is suppose to happen.  I have 3 RDS CALs in installed in the RD Licensing server, but no change to activation status to the Pooled Desktops.  I have read of some people saying that we need a KMS server, but I would rather not go that router if I don't have to.  All the other physical machines use MAK keys provided by the OEM.

And forgive me if this is hard to understand - there are likely better words to use, but I'm new to Server 2012 & RDS & VDI, etc., so I hope you understand.

Thanks!

I have a Windows 2012 Standard server (Dell T620) running as a workgroup server for 8 people with some file shares and Remote desktop installed. Server specs are a single 6 Core Processor, 1.5TB of HD space RAID 10, 32GB of RAM. Users have access to Office 2013 and old access based utility billing software (Caselle) Qbooks 2013 for a single user, Adobe Reader and Acrobat, Chrome. Installed Desktop experience on the system and use Classic Shell so that users will not have to commit seppuku by trying to use metro on a non touch environment.

Users are reporting that throughout the day while they work on the system there are pauses in performance. They may last a few seconds, 30 seconds or a couple of minutes. For example the user could be typing a document in Word, or Outlook and there would be a pause and then the characters would come up at once.

Troubleshooting steps:

Looked at the logs for the times the users reported issues and I cannot see a smoking gun.

Server has the latest possible drivers and updates.

Performance meters: Did not notice any issues with network bandwidth or memory usage issues or CPU usage.

Made sure caching on controller was enabled to eliminate any possibility of performance issues when a user logs on or off the terminal session. That issue affected Windows 2008, but did not know if it applied to Windows 2012.

Tried disabling numerous Microsoft office maintenance Tasks that would occur during normal operating hours.

Disabled search indexing.

Checked Antivirus settings. We Use ESET File security that automatically creates exclusions for server operating systems and added our own exclusions as well. Disabled any advanced heuristics on ESET.

Verified that the licensing heartbeat task for Office executes correctly every morning at 12:00am. What I am seeing in the logs quite a bit is Security-SPP source events (on the Application Log) every time a user runs an office app. The office had been activated and working fine. In the licensing option for Remote desktop I see only 1 license assigned and 7 available.

The only other log of concern is the Event 17890 Source MSSQL$MICROSOFT##WID We do not have SQL server installed on this machine so I assume it is the windows internal database. The error is a significant part of SQL server process memory has been paged out. This may result in a performance degradation. Duration 7243 seconds. Working set: KB 90044, Committed KB: 359960. Memory Utilization 25%%. the figures may vary a bit. Some events are spread out over an hour others one after the other.

Updated the drivers on all the machines (some Windows XP SP3 running the latest terminal services client) and some Windows 7 32-bit and 64-bit SP1.

Made sure that user log off their sessions at the end of the day.

Any suggestions would be appreciated.

Hi

We are having issues with login into 2012 servers via RDP sessions.

  There is a fix for Windows 2008

• The scenario you described is because of the enhanced security system in Windows Server 2008 and R2 Terminal Services (RDS). TheNetwork Level Authentication let the user authentication occurs earlier than connecting to the target server. To support this feature, the CredSSP must be enabled on the client sides. (The Windows Vista and Windows 7 have already enabled the feature by default.)

If this feature impact the new user to logon in your terminal environment, there is a workaround I find based on some tests:

1.     On the Terminal Server, openTerminal Server Configuration.
2.     Open RDP-Tcp configuration page.
3.     InGeneral tab, low down the Security Layer to RDP Security Layer.
4.     ClickOK to save the setting.

By these steps the client user can logon to the Terminal Server firstly and then finish the authentication. The Winlogon page will allow the user to change the password.

However, please note that this workaround will make the security lower and lose the protection brought by Network Level Authentication. For more information on Windows Server 2008 NLA, please refer to:

Configure Network Level Authentication for Remote Desktop Services Connections

http://technet.microsoft.com/en-us/library/cc732713.aspx

But I cannot find this setting on the 2012 Servers..  Please assist and let us know where this setting is now in 2012 SERVER.

Thanks

Alex

all done

Hi,

today we have too many sales people connecting (externally) to our TS server, since we need fire some IT people and sales people also, there is a way to restrict the connections by a PC name, Windows-ID or something like that?

Maybe we don't have option and then need to choose smart-card authentication solution??

Anyone have ideas to share?

tks,

Renato P

I would like to see the interface of the new Windows Server 2012 Terminal Session via RDP.  Reason being, is that users are resistant to change - and if there is no start button like in windows 8, that is a big concern when considering upgrading our server to 2012.  Anyone know what it looks like?  Screenshots of being logged in as a user via RDP would be much appreciated!

Thanks

I have been using RDS 2008 R2 since last 2 years. In all those years the RDS reboots automatically giving a blue screen and generating a memory.dmp file.

I have got a single RD Gateway server and a single RD Session Host server (both running Windows Server 2008 R2). I have published only couple of business applications using the RDS. No printers drivers are installed on the RDS and RDS uses its default RDS easy print driver. At any point of time 35-40 people work on RDS simultaneously and RDS has been assigned 5 cores and 10 GB of memory. At any time I can see 3-4 GB of free memory.

In spite of such a simple setup I fail to understand why RDS throws the blue dump error. It says the computer has recovered from bugcheck.  Can someone help here please? I have attached the blue dump error. Can someone please guide how to resolve the issue?

dump . 

MPS

Hi There,

I have a windows small business 2008 server. the all other computers can access it remotely through the browser or from remote desktop connection app. But whenever I try to connect the server from Windows 8 it tells me that  'your computer cant connect to the remote computer because the remote desktop gateway server's certificate has expired or has been revoked'

I have checked all the certificates and everything seems fine. Apart from this windows 8 , all other windows 7 machines can connect to the servcer..  When I try to connect through IE 10 browser this time the error says to use this service your rdp need to be 6.0 or over. as far as I know is that windows 8 has rdp 7 or rdp 8.

Hi there !

I am working on setting up an entire 2012 RDS system, with TMG Server as reverse proxy in back Firewall mode, 2 RDG, 2 Brokers HA attached to a 2012 SQL server holding the DB, and of course, collections with multiple RDSH servers. After some headaches, everything is working ok and I am about to be done.

I just have a little (last) issue with certificates. I have been able to handle most of them with the 2012 RDS cert manager through topologie builder but the problem is on the end of the chain, on the RDSH.

We bought a public domain wildcard cert *.externaldomain.com and applied it to RDGs and Brokers. Then I also applied it on RDSH servers, and I am having "Code: 0x607" issues from RDC8/Windows8 or simply still a mismatch prompt from older RDC, telling that I am trying to access RDS1.internaldomain.lan and the cert applied to the RDP-TCP connector (using powershell or WMI commands just fine) is *.externaldomain.com and of course, doesn't match.

I am 99% sure that changing the FQDN collection to farm1.externaldomain.com would fix the problem. On 2008 R2 it is something you can do pretty easy from the RDS properties of each RDSH servers, but not on 2012 anymore.

Is there a way to change the FQDN of a collection to be used by remoteApps? Do you think it is something 2012 R2 will bring ?
If no, is the only way to proceed is to buy a *.internaldomain.lan wildcard cert?

Note that when using a Full desktop connection with RDC (through the Gateway), with farm1.externaldomain.com as host, it works just fine and the certificate is approved. (I also managed externaldomain.com domain on my internal DNS serveur to resolv internal IPs)

I would really appreciate your advises on that one !

Thanks !

David