Hello.
I have a Broker that is configured to use a default Collection (HKLM\SYSTEM\CurrentControlSet\Control\TerminalServer\ClusterSettings - DefaultTsvUrl).
Just to be sure, can a broker with this setting also be made HA with an active-active configuration as described in the below article?
https://blogs.msdn.microsoft.com/rds/2012/06/27/rd-connection-broker-high-availability-in-windows-server-2012/
Hi
We have recently replaced an old Win2003 Terminal Server machine with a new Win2008 server. The old Win2003 Terminal Server has 2TSCAL. We activated the new Win2008 Terminal server and installed the new RDSCAL client licenses from our purchased 'Windows Server 2012 RDS CALEmb 5Devic'. Everything went fine with the new Win 2008 Terminal Server.
However, when we asked Microsoft for assistance to migrate the 2TSCAL from the old Win 2003 to the new Win2008 server, Microsoft requested for the “Microsoft Open License Purchase Order Confirmation” of the new RDSCAL we have purchased. I told microsoft that we did not receive any“Microsoft Open License Purchase Order Confirmation” when we received the RDSCAL license. We recieved only the a paper "Client Access License" agreement showing the OEM Sofware sticker with Product Key.
I was not asked by Microsoft for “Microsoft Open License Purchase Order Confirmation” when I installed the RDSCAL license to the new server. They only asked the “Microsoft Open License Purchase Order Confirmation” when I am about to migrate the 2TSCAL from old server to the new Win2008 server.
Has anyone has experienced this situation?
May I know how I can resolved this issue.
Thanks,
Victor
Dear Team,
I am facing error in server 2012 when i am going to take remote the show error is access denied i am in garte problem please help me
Reagrds,
Harinder
We have an RDS setup, where everything is configured as HA
Only issue is the User Profile Discs, which up to now haven't been an issue. However we now have a Collection, where the application breaks if it Looses connection to the UPD, so we need to make it Highly Available.
So far we have tried using our primary DFS but the function where the Sessionhosts need full control permissions on the Top level, does that this isn't a solution.
What is the Recommended solution to make the UPD higly available?
Kind Regards
Ivan Vejsgaard
RDVDiag (http://support.microsoft.com/kb/2692470) looked promising as a resource gathering tool, but it fails to start on our RDCB.
Here are the details:
Problem signature:Any thoughts?
Cheers
Lea
Is it possible to have multiple RDS servers and have users redirected to the correct server when using the basic remote desktop client?
To expand on this, let's say we have ts1.domain.local and ts2.domain.local. I have some users setup on ts1 and some users setup on ts2. Is there a way to have either of those FQDN's or some other FQDN that we designate (RDS.domain.local for instance), automatically route the user to the appropriate server that their supposed to be on? Hope that makes sense. Thanks!
Hi,
The question I have is based on a scenario for DR I am looking at. I'll describe the scenario first then ask a very specific question.
I have 2 sites, with a RD Session Host on each. The primary site's RDS Host has Licensing installed with some Per User CALs.
The secondary site's RD Host is using the licensing on the primary site.
In my testing of the DR scenario I can turn off the primary site (so no licenses are available) and can still log on to the secondary site server.
Both servers are still in the grace period.
Question------- After the grace period is over, and during a DR event where the primary site's licensing server is not available, what happens when a user tries to connect to the secondary RD Session Host?
I've looked all over and can't find a straight answer to this. My apologies if my searches weren't vigilant enough.
Thanks,
Tim.
Hi,
Can we assign physical desktops to RDS 2012 R2 unmanaged desktops pool, not the VM residing in hyper-v server.
For example, end user desktop to be assigned in unmanaged pool of virtual desktops.
Regards
Ramesh
We have this issue on many 2012 RDS session hosts. The issue has been seen at different clients with different set ups, some have a simple 1 session host RDS server, some have 4 or 5 session hosts in a load balanced farm with RD gateway, connection brokers, RDWeb, ect. The problem in simplest explanation:
A user will call the help desk saying they cannot access the server. They will get an error when RDP is trying to connect.
We check the session hosts, and will find many errors:
"Event ID 4005 - The Windows logon process has unexpectedly terminated"
At that point in time, users who are currently logged in may be able to still work, or their session may lock up (it is not consistent).
Regardless of the current users logged; after the logon process crashes, it continues to crash upon every user attempt to log on. It will happen indefinitely until the server is rebooted. We can not log in, not even via console until the server is rebooted.
Then, everything works fine for some amount of time (not consistent) it may be a couple of days, or it may be weeks, or a month even.
We have had the case open with Microsoft for about two months and they cannot determine what is wrong.
I believe I may have found a possible cause; Webroot Secure Anywhere antivirus. Since we have tried everything from moving from roaming profiles to local profiles, removing all printers, blocking inheritance of GP, fresh server builds with minimal software, ect - it has to be something that is consistent across the board on all servers.
The only thing I can find consistent across the board is the Antivirus; Webroot.
I am curious if anyone else is having this issue? I would like to pin point this to something but it is so intermittent and we cannot force replicate the problem.
First here is some background information, hopefully someone can help me understand what is going on that the elevation prompt is still appearing. This may get confusing and sound ridiculous, but bear with me as it is what I have to work with.
This is the chain Windows 7 PC (admin) remoting into Windows Server 2008 R2 server then offering assistance through Windows Remote Assistance to another Windows 7 PC (user) through the server. I am remoting into the server because my Workstation is offsite
and outside of the LAN, but is part of the domain via VPN.
Here is the actual problem. I offer remote assistance to the user. The user accepts. I request control. The user checks the box to allow me to interact with the UAC prompts and accepts. The screen goes black for me and has a pause symbol on it. The user has
received a UAC prompt requesting elevation. He is not an admin. We get stuck here.
Here is what I have tried:
I've enabled "User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop."
I've disabled "User Account Control: Switch to the secure desktop when prompting for elevation."
I've tried in both enabled and disabled states "Only elevate UIAccess applications that are installed in secure locations."
I've installed the hotfix described in this KB post: https://support.microsoft.com/en-us/kb/2614066
After each of these changes I have had the user restart and when appropriate I've done gpupdate /force or logged off per requests from Group Policy notifications.
I'm at a loss for why the prompts are not appearing in the Windows Remote Assistance window. Any ideas?
I'm trying to set up an RD Connection Broker for RemoteApp, but I'm getting an error when I try to create a self signed cert for the RD Gateway:
The self-signed certificate has been successfully created, but RD Gateway cannot store the certificate in the directory C:\Users\myuserid\Documents. Please specify a different directory, and try again."
I tried other directories, all of which I have full rights to, but still no dice. I can't find anything with this error. Any idea how I can get past it?
FWIW, I have no problem logging into this server through RDP.
Thanks.
I'm configuring smartcard logon via RDP on domain controllers and have everything working from inside the network but as soon as I try from a VPN connection it fails with the NLA error
“The remote computer that you are trying to connect to requires Network Level Authentication (NLA), but your Windows domain controller cannot be contacted to perform NLA. If you are an administrator on the remote computer, you can disable NLA by using the options on the Remote tab of the System Properties dialog box.”
From the VPN connection:
This is a test domain so it’s not resolvable by our normal DNS servers (the ones that are assigned to my VPN adapter). However, if I change my VPN adapter’s DNS to those of the test domain then smart card authentication works.
It’s weird because NLA should be enabled for both username/password and smartcard but when I’m using a foreign DNS server only username/password authenticates.
I’m pretty sure I have the certificates and smartcard configured correctly but a second set of eyes are welcome.
Any ideas?
Thanks!!
Hi all,
we have a server 2012 R2, and created a VM of win7(enable remotefx) with rdp8.0 and rdp8.1 udpates.
when we connect to win7, we see the button of Shut down with Start menu, and the aero flip 3D works,
but there is no remotefx event 1000 or 1001 in RemoteDesktopServices-RemoteDesktopSession Manager.
we refer to this website https://technet.microsoft.com/en-us/library/ff817580(v=ws.10).aspx.
How do we check which protocol we are running when we establish the connect to win7?(rdp7.0, rdp7.1 or rdp8?)
Thanks,
Derek
Hi
We have an RDS farm with the following set-up (using Windows Server 2012 R2) to serve RemoteApps to our clients:
The problem we are facing is that it seems like there's a "magic number" of about 450 connections (fluctuating between 445 and 455) per each Session Host.
Once this number is reached users start to report:
When the issue happens, based on performance counters, the CPU is in range of 30%, RAM has about 200 GB free.
Processor Queue length during the day is mostly within "<2 range", with ~30% of the time going higher up to 6 intermittently (not consistently), and with ~1.5% of the time being more than 10. (There's no continuous queue build-up) So our understanding that this is not a CPU/RAM limitation.
There were no limits on concurrent number of sessions set on Session Hosts as of SW side to my knowledge. Review of Application/System/RdpCoreTs Logs does not show anything really suspicious at the time the limit is hit, the errors/warnings in event logs do not correlate with timing of the problem.
We've been investigating this issue for a several weeks now and it's still absolutely unclear what could cause such limitation. Maybe someone experienced similar issues.
Any suggestions are welcome.
Hello everybody,
I started to create a test lab for vdi environment. I installed a physical machine with hyper-v 2012 (with the role of RD Virtual Host) and a Windows Server 2012 R2 (with the role of RD Connection Broker and RD Web Access).
Then I created a collection from a windows 7 template but I am facing a very annoying issue:
when I log in to every VM into the collection via the Remote desktop web access the VM ask me to restart. As mentioned on the title it is a vdi pooled connection and I have enabled the "RollBack feature".
I temporary found a workaround removing the rollback checkpoint, restarting the VM and then re-creating it but every time I recreate the VM on the collection I need to apply this workaround. Because I am planning to work with 30/40 VM, It is not a solution.
To notice that if I remote desktop to the VM without using the the Remote desktop web access the VM doesn't ask me nothing.
The template has been created on the same hardware and as a further try I even created a new template starting from a VM (after apply the workaround) but I am still facing the same issue.
There is a way to understand for what reason the VM ask to be restarted? From the registry I didn't find nothing useful.
Thanks.
Denis
Hi,
First, sorry for my english
It seems that I have a bad configuration, perhaps on my citrix farm or on licence server.
I've many per device Cals issued to same (citrix) server name.
To my mind, CAL should be issued to client device and associate to hardwareid/client_device_name but it appears that when a client connect to a citrix the presented couple si hardwareid_of_client_device/citrix_server_name.
Because of that too many CALs are issued.
I also have client name FR1-PRD-MS-SXX and I don't know where they come from.
When I read Cal report I see that there are many CAL delivred to the same couple FR1-PRD-MS-SXX/hardwareId
Is there anybody with idea to resolve this?
Thanks.
Alain
Our company just set up a new Windows 2008R2 RDS environment (Gateway/Broker/Host all 2k8R2) and we ran into "cannot change expired or first login passwords" issue.
We have 400+ users who run our app over remoteapp and our "old" environment was a straightforward remoteapp to a single server and changing expired passwords was allowed. Now, with the RDS Gateway in between the client and the host server, changing passwords is disabled.
Is there an option, group policy setting or something that can be adjusted to allow password changing??
I know about the RDWeb hot fix and i'm aware of the 3rd party solutions but i would like to know is there anything that can be done without those workarounds?
Thank you very much.
Hi All
Today I've noted the following when a Collection is renamed through RDS Server Manager:
1. Is there a way to synchronise these?
2. Can PowerShell be used to rename a session Collection?
I spotted this cmdlet: Set-RDSessionCollectionConfiguration however there appears no way of entering both old and new Collection names should you wish to rename a Collection, so it implies only the properties can be modified, not its name.
3. Can a Collection and all attributes and applications be copied to another new Collection?
Custom Icons
I'm unsure how the IconPath variable is used within the cmd: Set-RDRemoteApp -CollectionName "<MyCollectionName>" -Alias "MyAppAlias" -IconPath""
Specifies the path to a file containing the icon to display for the RemoteApp program identified by the Alias parameter. This path must not contain any environment variables. For session collections, the path must be a valid local path on all RD Session Host servers in the collection. For virtual desktop collections, the path must be a valid local path on all virtual desktops in the collection.
The reason I'm confused is that if I point -IconPath to an icon which doesn't have the same name as the App Alias, PowerShell will copy this icon to C:\Windows\RemotePackages\CPubFarms\<CollectionName> and rename it such it does. However Get-RDRemoteApp -alias "<MyAppAlias>" | fl shows IconPath reflecting the original icon file, not the one which RDS has created using the same name as the App's alias.
RD Web displays the icon correctly and I can confirm that the icon RDS creates using the same name as the App Alias is the one being used (not the one pointed to by IconPath) by simply renaming it and watching it disappear from RDWeb.
1. If IconPath doesn't actually match the icon RDS is now using to display, what (if any) are the consequences?
2. What's the actual purpose of IconPath?
3. To align IconPath with the actual .ico RDS is using to display (which to me sounds logical), should I simply create multiple icons from the original source named using each app alias, store here: C:\Windows\RemotePackages\CPubFarms\<CollectionName>\MyAppAlias.ico and register IconPath with C:\Windows\RemotePackages\CPubFarms\<CollectionName>\MyAppAlias.ico
4. Is IconPath used just once when the PowerShell script is run - therefore maybe has no relevance after?
Questions question I know!
Thanks for any pointers...
Lea
We are migrating our applications from server 2003 to 2012 and 2008, We are facing some issues with our legacy applications that use Com, com+ and dcom architecture.
DCOM settings
a) Identity - Interactive User
b) Remote Access - Allowed to all users
When we connect to server using remote desktop services, DCOM components can be successfully invoked. However, if we close the remote desktop session, and the server is in disconnected mode the client applications can't invoke the DCOM.
Can someone tell me what setting I should change so the component can be initiated while it is in disconnected mode?
Thanks very much!
Al