Quantcast
Channel: Remote Desktop Services (Terminal Services) forum
Viewing all 21489 articles
Browse latest View live

Server 2012 R2 no longer serving Remote Connection web page after April 2016 update

April 25, 2016, 11:19 am
$
0
0

We have a Server 2012 install with Remote Web Desktop services enabled. Prior to the April 2016 update, users were able to go to the server's address on the internet, and were provided with a landing page where they could login, then either look at file shares, or connect to a desktop PC.

After the update, users are now presented with a dialog box that says 'The server is asking for your user name and password. The server reports that it is from Digest." The user name and password is accepted, but that's followed with "webpage cannot be found."

I've tried redeploying the remote desktop services, doublechecked the bindings in IIS, doublechecked the permissions in \Windows Server\bin\WebApps, and I can't quite figure out where to go from here.

Anybody else run into this? And how can I restore the old web desktop services?

Thanks

bkd

Search

Allow only connections through RDWeb servers from outside

April 25, 2016, 2:32 pm
$
0
0

Hi All, 

for a proof of concept i would like to Build an RDS Farm 2012 R2 that is accessible from the outside. But only when logging in on the RDSWeb. So to get access outside i installed a RD Gateway. But now it is possible to login through servers behind the gateway without loggin in to the RDWeb. Is it possible to disable this?.

Thanks in advance

Event ID 311 - remote computer does not support secure device redirection

April 26, 2016, 1:55 am
$
0
0

I'm seeing the following 311 Event ID in my Remote Desktop Services logs on a Windows 2012 R2 server when trying to connect to the RDGateway server using itself as an Remote Desktop Gateway server:

The user DOMAIN\User, on client computer "IPv4 IP Address", did not connect to the following network resource: "hostname" because the remote computer does not support secure device redirection. Try selecting another network resource or possibly lower RD Gateway security by modifying RD CAP to allow client connections to resources that do not enforce device redirection.

  • DOMAIN\User is a Domain Administrator account
  • IPv4 IP Address is the external IP address of the PC from which I'm attempting the connection
  • hostnamis the name of the server I'm trying to connect to (which is the RD Gateway Server itself)

I can RDP directly onto the server, so I don't believe it's a problem with the Remote Desktop client application on my PC.  I can also use the RDGateway server to connect to other machines on the same network and domain as the RDGateway server - it only fails when I attempt to connect to the RD Gateway server using the RD Gateway server.  All machines on the domain are Windows 2012 R2, but I can only surmise there's a difference somewhere between the working servers and the RDGateway server which is causing this error.

Looking through some articles the only suggestion is to remove the Only allow client connections to Remote Desktop Session Host servers that enforce RD Gateway device redirectionoption from the CAP, however that appears to make the connections less-secure, and also shouldn't be necessary being as it works for all the other PCs I'm connecting to.  To confuse matters further, I have another completely separate environment built from the same scripts where this works as expected!  Finally, to add insult to injury, this does appear to work following a reboot of the RDGateway server (not a practical solution for a production environment, obviously!).

Any ideas, assistance or thoughts would be greatly received.

RDS Login minimum time restriction?

April 26, 2016, 9:01 am
$
0
0

I know about Remote Desktop Session time limits for disconnected and idle sessions etc.

Is there a way to set a minimum time for users to log back in?

We just had an issue where a user logged out, then logged right back in. Their User Profile Disk did not have enough time to un-mount and the user got logged into a different Session Host with a temporary profile.

This is on a Server 2012 Standard RDS Farm.

We would like to force users to wait at least 60 seconds before they can log back into the RDS Collection.

Intial App Launch shows logon screen

April 26, 2016, 8:19 am
$
0
0

The initial launch of an app shows a logon screen with

title: Waiting for remoteapp programs to start
         Please review any messages that appear

Showing our logon banner, and then loading profile etc...is there a way to not show this to each user on the initial app launch?

Edit: We are using Windows 2012 R2 for the gateway and host

RDS 2012 R2 - errors 802, 1296 and 1306 - user cannot connect to remote computer

May 5, 2016, 9:13 am
$
0
0

Hello,

This is my first post, and it's more of a "this is what worked for us and I couldn't find this fix ANYWHERE" thing.

We have recently setup a new RDS environment to replace a pathetic wheezing old TS system.

We are running 9 session host servers in three pools hosting three collections - A, B and C. All the session host servers appear in the pools, accept new connections, and apps are configured and working. No problems here.

We have 2 web front end servers in our DMZ, Port 443 is open, things work fine.

We have 2 gateway servers, also in our DMZ in a gateway farm. Work great, no problem. Connectivity is excellent, internal firewalls on but the necessary configuration has been done so everything is talking and happy.

We have two connection broker servers in a high availability configuration and a different namespace for the front end than the domain (we can't use our internal domain name for our externally facing RDS farm).

However, we would get intermittent failures upon logging in, no matter what collection we were accessing.The web servers present the login page and we could successfully authenticate (using ADFS proxies in our DMZ back into the domain) against AD - I verified this in the logs on the broker servers. The user would still fail to connect to the remote computer. The error we received was a generic "unable to connect to remote computer. If problem persists, contact your System Administrator" and the connection broker would record the following 3 alerts:

Event 802: RD Connection Broker failed to process the connection request for user domain\username. Error: Element not found.

Event 1296: Remote Desktop Connection Broker Client failed while getting redirection packet from Connection Broker.
User : domain\username
Error: Element not found.

Event 1306: Remote Desktop Connection Broker Client failed to redirect the user domain\username. Error: NULL

The user can try again, but the same error would likely be thrown, although sometimes they can log in and connect.

I googled constantly. Some had success modifying GPO Default Domain Policy: Computer Configuration / Administrative Templates / Windows Components / Remote Desktop Services / Remote Desktop Session Host / RD Connection Broker / Use RD Connection Broker load balancing - ENABLED. Didn't help; backed it out.

Others had success modifying a registry key on the broker servers: HKLM – System – Current Control Set – Control – Terminal Server – WinStations – RDP-TCP – Security Layer changed from 1 to 0.I didn't like doing this (not fully aware of the security "feature(s)" this disabled). Made no difference - backed it out.

Deleting and recreating collections did not help. Tried adding the server farm to the "Windows Authorization Access Group" (really only helpful for systems that began as Win 2k boxes). No go.

Put in a call with Microsoft. They give me a hotfix (which makes me a bit dubious - I didn't install it), and about 7 patches to run (which had been - our servers were up to date). I wasn't feeling it.

So I fired up procmon and monitored tssdis.exe on the broker servers. According to procmon, everything was a success - except for two keys missing from the registry on both broker servers: HKLM\Software\Policies\Microsoft\System\DNSClient. Procmon showed that key could not be read. Googling was useless, so I decided to manually create the key. Failed - procmon showed the key name as "New Key #1" no matter what I called it. Deleted it and used the following powershell command to successfully create the key: New-Item -Path HKLM:\Software\Policies\Microsoft\System -Name DNSclient -Value "Default Value"

The key was created. YAY! I still didn't know what needed going in there, it was just an empty key. I ran procmon again, and got a clue: tssids was trying to read a value: "PrimaryDNSSuffix" and returning blank. OK - inside of the "DNSclients" new key I created a new string value containing our internal domain name, doing this on both connection broker clients. The end result looked like this:

HKLM:\Software\Policies\Microsoft\System\DNSClient - "PrimarydnsSuffix"  "yourdomainname.com"

INSTANTLY, everyone connected. I could access everything using my acct and my testing accounts. The errors cleared up in the event logs. The sun began shining and the IT gods were, for awhile, placated.

OK - if you are getting 802, 1296, and 1306 errors in RDS 2012 R2 - before lessening security, and before modifying global GPO settings, just check procmon against tssdis.exe on the broker service and see if that key is missing. It's the only thing that worked for us.


When launching an app from TS Web Service, I get one command prompt that quickly exits, however another one is present.

May 5, 2016, 10:29 am
$
0
0

When launching an app from TS Web Service, I get one command prompt that quickly exits, however another one is present. This one is appearing immediately and stay on screen with full rights. It dumps you right into System32 with full rights.

The file being ran is a BAT file with:

@echo off
powershell.exe c:\JUROR.ps1
start /I "Juror Menu" "c:\juror_practice\menu.exe"
exit

The powershell script runs correctly and the application launches correctly, but I cannot have the end user presented with a elevated command prompt.

Even if I add Microsoft Paint using the TS App Wizard, I still get the extra command prompt immediately when launching paint. It is like this is a global setting that got turned on somehow. It was not doing this until recently, possibly due to a windows patch maybe?

Any help is appreciated, this problem exhausted my searching skills looking for a reason.

RDS lockdown, GPO applying to users computers

April 22, 2016, 6:40 am
$
0
0

Hello,

I managed to lockdown a RDS server (Windows Server 2012r2), but the policy is also applying to users desktops. Loopback Policy has been set in the policy. Also removing the policy does not help.

I linked the GPO to an RDS-Server OU, removed authenticated users and added the RDS server and RDS-USERS security group. So I can see nothing wrong.

Any ideas?

Best Regards,

Robin

Search

Terminal Server Licensing with 2012 R2 Essentials

May 5, 2016, 1:08 am
$
0
0

Hi there,

We inherited a client configuration where they run Terminal Services with a 2012 Essentials DC. They are getting a error stating that the Terminal Server cannot contact the DC. Error ID 85. The license server is published in DC and I can ping the DC.

We suspect that the error is caused by the DC as it is currently running on 29 users the limit being 25. There is also issues with shares where it does not display and when you refresh this starts working again. Which indicates that there is a possible authentication error. These issues comes and goes, the terminal server issue appeared and has disappeared again.

When users login via RD they get the error The Remote Computer that you are trying to connect to requires NLA, but your domain controller cannot be contacted.

Has anyone experienced these kind of errors particularly the issue with TS and can this be related to the Essentials DC?

Regards,

Pierre Vermeulen

Redirected Printers and PendingFileRenameOperations

May 5, 2016, 9:04 am
$
0
0
I seem to be having an issue with redirected printers adding entries into the PendingFileRenameOperations registry value. This happens on all of our RDS servers. The symptom occurs when we disable using the Easy Print driver first and a user with a printer that we have explicitly installed drivers for logs off. Everytime one of these users logs off, the entries are added. Restarting the server clears up the value, but then the entires are added back in when a user logs off.

finding client's ip address or computer name when monitoring RDP sessions in RDS 2012R2

May 5, 2016, 8:52 am
$
0
0

hello

it is a common need that in our RDSH server 2012 R2, we want to see from which computers are now connected to our session collections

i verified both server manager and powershell Cmdlet such as Get-RDUsersession, but none of them shows from which IP address or computer client's computer name or ip address. both only shows server's IP address.

 i remember that tsadmin.msc in server 2008 had such ability.

any workaround ?

thanks in advanced

RemoteApp disconnects

May 4, 2016, 1:35 am
$
0
0

We encounter a reconnection problem to disconnected RDP sessions.
We have 9 users connecting to a RemoteApp this works.
All the 9 users close the app and leave a disconnected session, disconnected sessions are not logged off and is set to 'Never'.
When all the 9 users reconnect to the RemoteApp approx 6 to 8 users reconnect to their disconnected, we see on the broker it redirects them to their disconnected session on the terminal server.
But approx 1 to 3 users are redirected to their session by the broker to their session on the terminal server but they get almsot disconnected instant , the remoteapp does not start/open.
When we click for a second time on the remoteapp in the RDWeb it opens instant.

In eventvwr on the TS we see "The Desktop Window Manager has exited with code 0xd00002fe"

Problem: broker redirects user to their session on the TS but user gets disconnected.

What we tried:
- Use TCP only for RDP
- NTLM v2
- installed all updates on all TS servers
- installed all applicable recommended hotfixes on all TS and broker and RDweb server
- disabled NLA
- disable Receive Side Scaling 
- disable chimney
http://support.citrix.com/article/CTX117374


How to allow pooled vdi vm shared between different users?

May 6, 2016, 10:13 am
$
0
0

My scenario:

   Only one poole virtual desktop collection created with 3 windows 8.1 VMs (VDI-0, VDI-1 and VDI-2)

I have 5 users  (test1 to test5 )to use this VDI pool 1, and using automatic VM assignment.

test1 login  to VDI-0

test2 login  to VDI-1

test3 login to VDI-2

test 4 &5 are rejected (so far test was going well by this point)  

----------

I logged off test1 from VDI-0

I logged off test2 from VDI-1

I assume that VDI-0 and VDI-1 VMs were released and back to the VDI pool 1

When I tried to use test4 and test5 user account to login, I got no VM is available in the pool error message

I tried to use test1 and test2 account to login, it was working.

Look at the Collection management console, I found VDI-0 was assigned to user test1, VDI-1 was assigned to user test2 and  VDI-2 was assigned to user test3. 

My question:

Is there any way to create a collection without remembering User Assignment. each time when a user log off, VDI release the VM back to the pool and allow other user to use the VMs. Does anybody know MS VDI solution support this function or feature?

Any good ideas?

Note: I have 150 application users and only have 25 VMs (due to application licenses). I need a shared VDI VM pools

Thanks,

Robert


 

Can a TS client find their disconnected session?

April 29, 2016, 6:58 am
$
0
0

We use TS for our major software application.  We have 7 TS servers.  The TS environment/network can be a bit dodgy.  We have users getting kicked out of their TS sessions.  

What I would like to do is have the users who are booted from their TS sessions, reestablish their old session on the TS server which they were on previously.  This would allow them to go right back into the application and finish what they were working on.  

Is there a way to do this?

Miles

External Remote Desktop Works But RemoteApp Does Not

May 6, 2016, 5:38 pm
$
0
0

I can access RD sessions externally but only the domain admin can access RemoteApp.  Within LAN, all works fine.

What could allow an admin access to desktop and remote app, but a standard user access to only desktops?

Setup is Win 2012R2 Essentials with licensing and gateway servers setup.  Have not installed RDS CALs yet, but why would remote desktop access work and not remote app with no CALs?

Rich

Search

RDS 2012 R2 Implementation need Gateway server if using TMG

May 7, 2016, 1:24 pm
$
0
0
Do I need an RD Gateway server role if I'm going to be publishing my RDS services to the internet with a TMG server or does having TMG in place negate the need for the RD Gateway role?

Remote Desktop Print Redirection

May 7, 2016, 3:49 pm
$
0
0

Hello ,

I am using widows server 2008 R2 with windows Xp client print redirection works fine and printing speed is fine.

I recently upgraded to windows 10 pro but the speed of printing after print redirection is very very slow please all the setting are ok and with Xp the speed is still ok.

please help 

Move all RDS Services From Domain Controller to Virtual Machine in Windows Server 2012 r2 Environment

April 30, 2016, 8:29 pm
$
0
0

Hi Guys,

I am looking for any guideline as per subject line above.

Current Scenerio 

I have installed and Configured RDS and all its components on my Domain Controller running Windows Server 2012 r2. Everything runs ok, despite it is not recommended.

Current Issue

 1) Group Policy is not configured to secure Domain Controller

2) Leaves the DC Vunerable, as users can login and access resources directly on the Server

3) Might affect DC Performance when users access resources from it.

What I am trying to achieve

  •  To move all RDS and all its components to a Virtual Machine (Which is already prepared with Windows Server 2012 OS)
  • Isolate DC/AD and RDS Services

Questions

  • Can anyone give me a step by step guide to move current RDS and all its components from The DC (current host) to the new Virtual Machine (Hyper - V) running windows server 2012.
  • Good guide to create group policy to lock down users accessing the proposed RDS/Terminal Server

Otherwise - I will welcome other recommendations and option in solving my issues above.

Thank you guys.

IG

Application not running on the TS server

May 8, 2016, 11:14 am
$
0
0

Hello,

I have  a strange problem. everything was working fine yesterday for all the Ts users. No changes was made on the TS server (windows 2008R2).

When I log in to the TS server using my Admin Credential, I launched the Adobe Acrobat Pro and everything works fine.

But when I log in using a TS user, I receive the Messahe : The shortcut does not exist would you like to delete.

I really confused cause I'm the only one administring this TS server. I restarted the server the problem persist.

Any idea will help.

Thank you


unable to force desired screen resolution in VDI

May 8, 2016, 10:57 pm
$
0
0

Hello

in my RDVH server, have created a test "Virtual desktop collection" and a windows 8.1 VM in it.

when client clicks on collection icon in RD Web page, the RDP to that windows 8.1 VM is established in full screen mode.

how to force it be established with smaller resolution like 800*600 ?

even in that windows 8.1 VM i configured this policy setting but still no effect and again RDP is established in full screen.

any help please

Viewing all 21489 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>