Hi,

We change the listening port for a particular server from 3389 to 4000.  However, we find that we are not able to connect to that server via RDWeb Gateway when we try servername.domainname:4000.

Is there any work around ?

Thanks

Hi there,

I created a VM to test out RDS. I installed windows server 2012 R2, put it in the domain, logged in with my domain admin account, used Enable-ServerManagerStandardUserRemoting domain\domain_admin , and tried a simple add roles and features to install a session based RDS. 

I get the error : Online - Cannot get role and feature data .

I haven't found anything related to this on the internet. Its a clean install, why won't it work?

Any ideas?

I have users already created in Active Directory (AD2012) and I would like create the same user in windows2012 r2 as windows user (so that I can log into windows with that user, RDS purpose).  We could able to achieve this using Windows Domain Controller but we are looking for other options.

Is there any other way to automatic user provisioning to windows from AD?

Hi,

We have a 2012R2 RDS Farm deployment consisting of the following:

1x AD ,1x RD Broker / RD Web Access,1x RDGW,3x RDSH,1x File Server for UPD.

All of the servers are running on 2012R2. We're having an issue with UPD's not dismounting when a user is logging off.

So when this happens the load balancing wont take effect. The user can only login to the same server as before and if it login to another server it will get a temp profile because the VHDx is still attached to the the former server. There is not much on the internet and we have tried deleting the VHDx and also cleaning the registry of all the temp SID values in the ProfileList section. And also We have checked network settings and there is no loss of network connectivity between any of servers.

The UPDs are stored on a 2012R2 SMB File Server and the notable  error we can see is the one below:

Log Name:      Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin
Source:        Microsoft-Windows-TerminalServices-RemoteConnectionManager

Event ID:      20491
Task Category: None
Level:         Error
Keywords:     
User:          SYSTEM
Computer:  <Computer>   
Description:
Remote Desktop Services could not disconnect a user disk for the user account with a SID of <SID>. The error code is 0xAA.93

Any help on this one would be highly appreciated.

nimz

I have published 2 applications on server to use as remote application 

lets say App 1 and App 2. Now  i open the RD Web Access page and download the RDP files for both the applications(Am using chrome so files are getting downloaded). I try to launch the file for App1 , i get a popup asking for credentials, i provide the credentials and the application launches. I try to launch the app 2 , it opens directly and i am not asked for credentials. I have a scenario where i want to ask for credentials every time the file is launched. How this can be achieved? 

Also i may have to open app 1 and app 2 with different credentials. how this can be done?

--

Hey Guys,

My Setup
2 x Windows Server 2012 R2 with RDS. Both of them are in the same farm and on both is the broker installed in high availability mode.

My Problem
When the User is logging in to farmname.domain.ch he enters the password and normally it's fine. But if the broker is changing the terminalserver because the other one has less load, the have to enter the password again.

Solution with Problem
Configuring Single Sign-On (http://social.technet.microsoft.com/wiki/contents/articles/5466.deploying-rd-session-host-servers-or-farms.aspx).
I Configured the part in the GPO. Then I should create a kerberos identity for the farmname, but there is also written that this is not supportet if the connection broker runs as a node in a failover cluster and that's my main problem..

Question
What ist the solution if my connection broker(s) run as a node in a failover cluster?

Please help me :-)
If you need some more information or you don't understand my english, just ask.

Thank you
Dominik

Hi,

I don't know if this is the right place for this, but here it is...

I'm trying to add a application to my RemoteApp program list.

Here is what I did :

In "Publish RemoteApp Programs" I clicked "Add..."

In the "File Name" I put "\\SERVER.DOMAIN.local\d$\FOLDER\FILE.exe"

and I get this error:

<Quote>

you must specify a file from the rd session host server

SERVER.DOMAIN.local by using the UNC path; for example

\\SERVER.DOMAIN.local\c$\path\filename.exe.

If the problem persists, ensure that the following Windows Firewall exceptions are enabled:

1. File and Printer Sharing (SMB-Out).

2. File and Printer Sharing (SMB-In).

</Quote>

This is AFTER I:

1. opened the Firewall on BOTH servers (the RemoteApp AND the server where the file is located)

2. Mapped the foler to "Z" on the RemoteApp server

So I did a Bath file pointing to it, now it is working, but it is not 100% a RemoteApp!

explanation :

I'm running a program that needs Pervasive, so I installed it on the server, but not on my PC (for the test)

When I run the RemoteApp for the web on my PC, the program is looking for the DLL files for the Pervasive on MY PC, and not on the server...

Please help, Thanks

Hi

I tried to install the RDP 8.1 protocol and clients on two of my workstations to try out the new 'dynamic resolution update' feature of RDP 8.1. But I didn't succeed.

Should this feature work between two W7 PCs? Or does it only work with W7 -> W2008 R2 Server?

If it should work, I'd be glad to hear how to make it work.

I'm not talking of 'smart scaling', I'd like the RDP Session to change the screen resolution automatically when I dock my notebook and connect an external screen.

Thanks

Jan

Hello all,

we have set up a RemoteApp deployment in Windows Server 2012 R2 with smart card authentication.

This works as expected on Windows PCs: Starting a RemoteApp prompts for the Smart Card and only after Smart Card authentication succeeded the RemoteApp will start.

Then we tried the Microsoft RD Client Android App and expected the logon to fail (as there is no smart card connected).
However, we found the Android RD Client to just start the RemoteApp without prompting for a smart card.

We feel this to be a security issue as it defeats the purpose of setting the RemoteApp deployment to smart card authentication in the first place. 

Did we miss some setting where App clients are allowed to connect without smart card authentication?

Is there a workaround to disallow App clients?

Thanks for your help!

Christian

Hello all,

My client is experiencing slow performance to their Terminal Server.  When working with a consultant, who is at least 3000 miles away, they connected to the consultant via a screen share application (Teamviewer, WebCentral, etc) and the consultant then RDP'd back into my client's RDS server.  Even with the double trip, the responsiveness of the consultant's RDS session was blazing fast compared to local clients on the network.

This is very confusing to me given that the local network should have the fastest connection to the server.  All clients are experiencing the slower response time (thus why it wasn't identified until screen sharing a distantly remote user).  While the local response times are not unworkably slow, they are slow enough that now seeing how fast an external user can use the RDS server, they want it fixed.

Not that it should matter, but here are the details on the rest of the network:

-1 virtual host, 2 processors, 128GB RAM, SAN

-9 virtual servers hosted on it.

My biggest confusion comes from the fact that internal and external users are hitting the same RDS server, so the experience should be the same, if not the external users being a little slower due to the distance.  It seems like external users are getting higher priority to resources, but I wouldn't even know how that would be set up and I built the RDS server.

Please let me know where I should look and if you require any further information.  I rarely post on forums but this one has got my brain twisted.  :)

Greg

We are having problems using the Azure MFA server for securing Radius authentication with RDGateway. Things work as expected for some users but others are having massive problems and we think we have narrowed it down to being related to where the user is trying to connect from. If you connect from a computer joined to the same domain as the RDS farm or from a workgroup/Azure AD joined computer things works great. If you however try to connect from a computer joined to another domain (any other domain) you will receive a timeout most of the time.

We have increased the timeouts on the Load Balancing tab of the radius server pointing to the MFA server in the NPS on the RD Gateway so that’s not the problem. When I look through the log files the Radius request is sent to the MFA server which in turn pass it on to the target Radius server for authentication.

This is what I have in the MFA server log MultiFactorAuthRadiusSvc:
2015-11-26T17:25:36.427939Z|0|3860|4088|prfad|Event 3.
2015-11-26T17:25:36.427939Z|0|3860|4088|prfad|Sock 0x0000000000000110
2015-11-26T17:25:36.427939Z|0|3860|4088|pfrad|Code 1 - ACCESS_REQUEST.
2015-11-26T17:25:36.427939Z|i|3860|4088|pfrad|old id: 8, new id: 123
2015-11-26T17:25:36.427939Z|i|3860|4088|pfrad|Creating a new request_state for client x.x.243.196, port 62151, ID 8
2015-11-26T17:25:41.459265Z|w|3860|4088|pfrad|Timeout expired waiting for response from radius servers for client x.x.243.196, id 123

And then a little later
2015-11-26T17:25:51.428086Z|0|3860|4088|prfad|Event 3.
2015-11-26T17:25:51.428086Z|0|3860|4088|prfad|Sock 0x0000000000000110
2015-11-26T17:25:51.428086Z|0|3860|4088|pfrad|Code 2 - ACCESS_ACCEPT.
2015-11-26T17:25:51.428086Z|w|3860|4088|pfrad|Got response without a pending request.  Dropping packet.
2015-11-26T17:25:51.428086Z|e|3860|4088|pfrad|processIncomingPacket failed.

So the request is actually granted it just took some time and the MFA gave up. The timeout is 5 seconds according to the log. According to the Security log on the NPS server it granted the request and the timeline is spot on.

The interesting thing is that looking through the security log at the RD Gateway, where the actual authentication will take place all of the requests that end up with I find 6278 Network Policy Server events where the Client Machine/Account Name is a FQDN. Connecting with an Azure AD joined computer I get just the machine name.

I ran Wire Shark and it seems that the Radius server is trying to resolve the FQDN name of the computer or connect to an authority and of course it will not be able to do so and after some 10-20 seconds it times out and grants the request. The problem with this is that the MFA server times out after 5 seconds and this doesn’t seem to be configurable.

The strange thing is that for the FQDN name it works sometimes but fails like 80% of the times. The workgroup computer always succeeds.

We had a ticket with MS in early 2012 about computers from another domain beeing slow connecting to RDS in another domain and they said this is “by design” and that the timeoutvalue in NPS is 20 seconds. Ideealy it would be nice to be able to turn this sort of nonsense off but I would settle for being able to increase the timeout value on the MFA server. 

The setup is all 2012R2

Here's what's going on towards ADDS:

Hi forum members, I have a weird issue going on with a high availability Server 2012 R2 setup. 

The users of this company are connecting trough Remote Desktop Connection in- and outside the organization. All the inbound connection inside the organization goes perfect, the servers are load-balancing the sessions and uses the two session hosts to connect. The users are connecting with the rds using round robin with hostname remote.customer.com

If I check the eventviewer on server 2 it shows me the following error: "Failed to create KVP sessions string. Error Code 0x8007007A"

Current setup: 

Server 1 Roles:
- RDS Connection Broker
- RDS License Manager/Server (Per device cal)
- RDS Gateway
- Session Host

Server 2 Roles:
- Session Host

Server 3 Roles:
- SQL Connection Broker

The customer uses a per device cal. All the calls are stored on Server 1. I've also forced the License server on Server 2 with a group policy.

Could someone please advise what settings to check and change? Many thanks in advance.

Hi Everyone,

I am having windows service running on the Terminal server - windows 2008R2. whenever any user logs in the terminal server, it starts an user specific instance of the service. So, it consumes memory for each instance. Please let me know is there any way to restrict this to a single instance only for all users?

Thanks,

Thanks, Ujwala

Hi there,

Just wondering if someone can shed some lights here.

A lot of the articles out there shows you how to install RDS Gateway but it doesn't tell how do user use it.  Through the RDWeb? Through the MSTSC RDP?

Here are my setup:

Internal Domain:  ABC.LOCAL

RDSWebGate01.ABC.LOCAL (IP: 192.168.1.2) - Web Access, Gateway
RDSBroker01.ABC.LOCAL  (IP: 192.168.1.3) - Connection Broker
RDSHost01.ABC.LOCAL    (IP: 192.168.1.4) - RDSH Hosts

Wildcard certificate  (*.XYZ.COM)  Loaded and trusted.

External IP Address :  Y.Y.Y.Y
Internal IP Address :  192.168.1.X

Everything works fine internally..    https://RDSBroker01.ABC.LOCAL/RDWEB.

I want to extend the RDWEB to the internet so that users can use the RemoteApp from home computers.

So this is what I thought I should setup and it should work... 

   ------>     Firewall   ---->   RDSWebGate01.ABC.LOCAL   --->  RDSBroker01.ABC.LOCAL  --->  RDSHost01.ABC.LOCAL 
   Y.Y.Y.Y      NAT                      192.168.1.2                                192.168.1.3                              192.168.1.4
   (Ext IP)    HTTPS 443
                   UDP 3391

I have External Routable IP Address Y.Y.Y.Y points to RDGWEB.XYZ.COM which will get NATed to the RDSWebGate01.ABC.LOCAL
I setup the RDS Gateway Services through the Deployment Overview.

So, by right When I browse externally through URL  htpps://RDSWEB.XYZ.COM/RDWEB, I should get my RemoteApp login page. Which I did...  Cool.  All good, when I login, I see all those published Apps.  All Good...  This is where I get confused.  When I click on the published app, let say notepad.exe.  I was not able to launch the app.  I get error messages like the following:

Is that how people setup the GW in the infrastructure?  What is wrong here?

Any help would be appreciated.

Hey Guys, 

I have a Problem. I am using a Windows Server 2008 R2 with Terminal Services. Some Days ago, my Certificate expired. I creates a new one, self signed, via IIS on the Server. Afterwords I chose this certificate in My Remotedesktop Host Server and also in the digital Signature in the Remote App. But my Problem is, that the Remote Apps still seem to use the old certificate. While creating the RDP File for the remote app I made sure to use the new Certificate. But it still says that the certificate is expires. When i had a closer look at the certificate used, I realised it is still using the old certificate.

So I had the idea to remove the old certificate. Now it is not going at all. 

Can anybody help?

Cheers,

Niklas

Hi,

A couple of weeks ago I had the need to rebuild a Windows Server 2012 machine. It was/ is a VM hosted in vmware so I created a new server on there, renamed the old box and turned it off. I then named the new box with the correct name.

I have the new box have a remote desktop connection drop last week and I have now had it drop today with Remote Desktop Protocol error 0x10ec. - I keep a remote desktop connection open to my servers all the time.

I have a few Server 2012 boxes setup the same and have not had rdp connection issues before, and the box is fully patched.

Can you please help?

I am trying to prevent my users from being able to bypass an RD Gateway for internal addresses, I can achieve this by changing the "gatewayusagemethod" to 1, in the default.rdp file located in \my documents.

I would like to modify this "gatewayusagemethod" attribute in the Default.rdp file for all users on my network.

Is there a way to achieve this via GPO or a startup script such that each unique user's Default.rdp file has the attribute(gatewayusagemethod) set to a certain value.

Hi,

We have a very strange issue with one of our server 2008 R2 RDS server.

our network is behind a UTM firewall and one of our RDS server that our customer accessing by RDP genarating really high network usage. 10GB in office hours. we did not have such problem before!!

I did run the Resource monitor on the RDS server and I can see that one one of the users of our cutomer access the RDS server and the Termsrv from his IP shows very high network usage.I did comper his connection to my connection to the same RDS server and it is not comparable.

I did check the procmon and also take over the RDP session of that user and can see his doing nothin on the server.

why when this user access the RDS server the network usage goes through the roof?

Any idea on how to find out what genrating this much net usage?

Thanks

Shahin

Hi forum members, I have a weird issue going on with a high availability Server 2012 R2 setup. 

The users of this company are connecting trough Remote Desktop Connection in- and outside the organization. All the inbound connection inside the organization goes perfect, the servers are load-balancing the sessions and uses the two session hosts to connect. The users are connecting with the rds using round robin with hostname remote.customer.com

3389 is open and forwarded to Server 1. The users are able to connected when the connection broker starts a session on Server 1, but when the connection broker starts a session on server 2 we are receiving this error message.

So it's not possible to start a remote desktop connection from external location when the broker is trying to connect with server 2. 

If I check the eventviewer on server 2 it shows me the following error: "Failed to create KVP sessions string. Error Code 0x8007007A"

Current setup: 

Server 1 Roles:
- RDS Connection Broker
- RDS License Manager/Server (Per device cal)
- RDS Gateway
- Session Host

Server 2 Roles:
- Session Host

Server 3 Roles:
- SQL Connection Broker

The customer uses a per device cal. All the calls are stored on Server 1. I've also forced the License server on Server 2 with a group policy.

Could someone please advise what settings to check and change? Many thanks in advance.