Hi,

I'm having some trouble setting different keyboard layouts for certain groups

Servers are all running 2012R2.

Qwerty - US INternational is suitable for most users.
Some users need AZERTY lay out.This is what i did:

Logged in with test user.
Set proper keyboard layout.
Tested the configturation
From GP Management console ran the registry wizard.
Imported HKEY_USERS\<GUID of Test User>\Keyboard Layout.

Configured item level targeting for test user.
Removed test users profile

Logged in again.
Verified that the policy is applied.
Registry items are in place, but it defaults back to the QWERTY layout.

In some test it even displayed the AZERTY layout in Language/layout, but still it was QWERTY
It also adds the QWERTY layout codes to the registry.

Why can I make the change manually (keeps working forever)
But when I make a GPO it never works and defaults backup to QWERTY?

Is there a default / remote keyboard thing messing around??

Hope my issue is clear and some one knows how to handle it.

This is a shot in the dark, hoping someone ran into similar issue and figured out a fix.

Working with a client with sensitive data which it must be separate from others.  Setup a stand-alone RDS server so staff can only work on this project by remoting into this server.  Server roles include Connection Broker, Licensing, Session Host, Virtualization Host and Web Access.  Everything works great.

The problem I'm running into is that the RDS server must also meet CIS server standards, which I applied with GPO.  However, as soon as the GPO is applied, all RDS settings are gone including RD license and "deployment doesn't exist in the server pool"shows up in Server Manager\RDS\Overview.  No one is able to RDP in.  Per MS kb3014614, there seems to be an issue with RDS if there is a GPO with setting related to RD.  I disable every setting I can find that has anything to do with RD, and the problem persists as soon as I enable the GPO.

So far, I have narrowed it down to a setting in Computer Configuration and by changing settings back to default in (Computer Configuration\Admin Templates\Windows Components\Remote Desktop Services) didn't fix the problem.

The CIS standard contains 100s of GPO settings requirements, hoping someone knows which setting or settings that affects the RDS server.

Thanks in advance.

Roget Luo

I have set up a standard 3 node 2012 R2 RDS for testing. All virtualized on VMware ESXi 5.0. I have a connection Broker, session host, and web access server. I have published several applications and I can access them without a problem. Here is my issue:

When I try to log on to my session host server either locally or thru RDP, I am always logged in with a Temporary profile. It does not mater what user account I use. Even logging on locally as the administrator I get a temporary profile.

All windows updates are installed and current.

I have removed the server from the domain, deleted the account, and rejoined it to the domain.

I have deleted all .bak registry entries from here:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

There is a hotfix here for a similar issue on 2012 but it does not apply to 2012 R2

The only event viewer errors are:

1515 (Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.)

1511 (Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.)

Any suggestions to resolve would be greatly appreciated.

Russ

Hi,

I've been concerned with Remote Desktop Session Hosts and graphics intensive applications like videos (although I wouldn't call videos graphics intensive when I think about CAD or computer games) for quite a while now. I've started with Windows 2008 R2 RemoteFX and have moved on to Windows 2012 R2 and RDP 8 / 8.1 with adaptive encoding and H.264. And now I've come to Windows 2016 TP5 offering AVC 444 mode. In all versions I've experienced heavy problems when it comes to watching videos. Well, there was Multimedia Redirection, offering a smooth video experience. But it only worked with Media Player and e.g. not with videos on the internet like on YouTube or with third party video players. Now it is completely removed from RDP 10 (https://blogs.technet.microsoft.com/enterprisemobility/2016/01/11/remote-desktop-protocol-rdp-10-avch-264-improvements-in-windows-10-and-windows-server-2016-technical-preview/).

But why is that low performance the case? RDSH switched to server side rendering with original RemoteFX, didn't it? So the client can not limit the server performance anymore. Ok, I understand, If the client is not fast enough in decoding the content sent by the server, I will experience a bad video performance. But I've tried with the following setup:

• Server: Win 2016 TP5, 2 x Intel Xeon E5335 (each 4 cores, 2.0 GHz), 8 GByte of ram
  I'm not sure, wether it supports PREFETCHW (required by Win 2016). It doesn't support SLAT, but is that really necessary for RDSH? - I don't use Hyper-V or VDI.
• Client: mstsc.exe on Windows 10 (Version 1511 or later), modern Core i7 processor (8 cores? - at least 4 with HT)
• Gigabit network

I think the client's computing power is definitely high enough, mstsc shows maximum load of 12% (4k, fullscreen youtube video - OK, I don't expect that to work, but HD 1080p should at least be possible!). On the other hand, 12% is the magic load, assume mstsc.exe had no multithreading capabilities. Then 12.5% would be the maximum load (showed by Task-Manager) to achieve on a 8 core machine (100% load on only one core.)

Well, the server's hardware is pretty outdated. But no 100% cpu load there. If the hardware was the limiting factor, I would expect such a high load to appear in Task-Manager. I known, this doesn't need to be right, but I've also tried on modern machines with Xeon E5-2600 (v2/v3 ? - I don't remember) processors. Ok, I've used Windows 2012 R2 there, without 2016 improvements. Anyway, the video performance was bad.

One thing I've never tried was putting an aditional graphics card into the RDSH. Some people say, Win 2012 (R2 ??) and newer (?) would support this. I know, there's theRemote Session Environment - Use the hardware default graphics adapter for all Remote Desktop Services sessionsgpo, but I've actually never tried it. Again, I'm mostly talking about videos like HTML5 content, Adobe Flash Player or another (locally installed) video player.

To clarify this, with 'bad performance' I'm talking about stocking videos, artifacts, low fps and such things.

Additionally, video games (unfortunately I've tried with OpenGL ones only) are with ~1 fps completely unplayable. But I understand that games use the gpu which is not available in RDSH sessions. Those might not be the target application of RDSH, too. One thing I've realized is that the highest cpu load is with the game itself and not with the RDSH service (svchost.exe instance ?!). The same behaviour is true for videos - the highest load is with the browser, e.g..

But why is that the case? I just can't get it, because my fairly old Core2 Duo system can decode 1280x1024 HTML5 and Flash Content fluently without using the hardware decoder. In an RDSH session that is impossible. Well, it improved over the last few years with RemoteFX etc., but it is not as good as if I open the browser on the RDP client computer and go with this. - What am I doing wrong?

I would be really happy about any advice or explanation! Please correct me at any point if I'm wrong!

Yours,
T. Erbesdobler

Hello, in an rdp file I can put: use redirection server name:i:1

When I use the TS client active x control, this setting is no where to be found. 

Could someone set some lights here? I am able to do the following:

.MsRdpClientShell.SetRdpProperty "use redirection server name", 1

But I have to use Launch instead of the Active x "Connect" , making all my remote desktop events no longer work. How do I achieve this? 

My Question is WHY and HOW does a disconnected terminal server session (likely using cached credentials or expired key/session) cause a bad password event (ID:529).

I had an account locking out, and SOLVED the problem. I have read the technet topic "Troubleshooting Account Lockout":
http://technet.microsoft.com/en-us/library/cc773155(v=ws.10).aspx

I have read Abhijit Waikar's answer to "Windows 2008 R2/User account locked out numerous times a day":
http://social.technet.microsoft.com/Forums/windowsserver/en-US/ab1b8429-2cd1-4a1f-b276-950e5f41f23e/windows-2008-r2-user-account-locked-out-numerous-times-a-day

I have read and used the tools presented at:
use Account Lockout and Management Tool.
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=18465

Also Netwrix has got good tool to find out account lockout.
http://www.netwrix.com/account_lockout_troubleshooting.html

Troubleshooting Account Lockouts the PSS way
http://blogs.technet.com/b/instan/archive/2009/09/01/troubleshooting-account-lockout-the-pss-way.aspx

I have either missed or the information was not presented to exactly WHY and HOW a disconnected terminal session locks out an account.

We had purchased about 60 RD CAL's through MPSA Agreement.

We already had a licensing server with these CAL's installed.

There was a need to take 10 licenses from this licensing pool and install it on 2 other servers.

However we installed the RD licensing, Gateway and Connection Broker server on these two new servers and installed the 10 licenses each respectively instead of pointing them to the existing licensing server.

We tried to remove the RD licensing role from these two new servers but are unable to do it as it is grayed out 

The 2 new servers are showing the following on the RD Licensing Diagnoser 

* the licensing mode for the Remote Desktop Session Host server is not configured 

* the remote desktop session host server is within its grace period but the RD session host server has not been configured with any license server

We need to do the following and would appreciate any help in this matter 

* Remove the Licensing Server role from these two new servers 

* point the RD Connection broker on these two new servers to the existing Licensing server (not sure how to do this)

Hi,

Simple question: what would be best practises to reboot a RDS 2012 server (in a 4 server farm with broker) on which lots of applications and users are. I guess a daily reboot would be best, right?

Please advise.
J

Jan Hoedt

I have a domain controller with Windows server 2008 standard(not R2).

Few days ago, I need to update it with windows update from SP1 to SP2 and latest updates.

After some updates applied before apply the SP2 and reboot the server, I cannot remote in that server anymore.

I think it was some update bugs and will fix after apply latest updates.

But the problem still exist after I apply SP2 and all the latest updates.

I have checked the server still using port 3389 for remote desktop, checked port 3389 is listening, remote desktop enabled, windows firewall disable, confirm no other equipment between the host and client using trace route.

But still cannot remote in that server except I change the port to others like 3390. I can remote in successfully with port 3390.

I found the server have SYN received from the client when I telnet this port or remote in. But just didn't build the connection.

I have search about few days with google, still find nothing about this problem.

I have reboot this server few times before without problem, so I think some updates cause this problem.

Please let me know how to make the port 3389 can be use again.

Thanks!

Hi,

I´m using Windows Server 2008 R2 with RDS.

The users have roaming profiles with a redirected start menu.

However the redirection of the users start menu brakes the Jump List feature for the Windows Explorer.

The feature is surely turned on in this case (start menu properties....)

Other Applications like MS Word still save the files and folders the user worked with.

As I could troubleshoot the file 1b4dd67f29cb1962.automaticDestinations-ms won't be created since the start menu is redirected with a GPO.

If I turn off the redirection for the a user (with same roaming profile) the Recent Places are working immediately.

Has anyone experience with this or similar issue?

Cheers

Eddy

Hi,

When you define AD groups which should have access on an  RDS farm (2008/2012/, should you only define them on hosts or also on the broker itself (which is only forwarding to hosts)?

J.

Jan Hoedt

hi there,

We'd like to deploy a 2 server RDS solution as far as I can see we'll need

2x session hosts

1x connection broker

1x gateway

However we only have budget for 3 windows servers. Therefore could the connection broker go on the same server as the getway, or would it be better to put the connection broker service on another server (i.e.  rather than using a dedicated server).

Thanks for any advice on this.

Al

I have RDS working on Server 2012 R2 Workgroup mode. Is there a manual way to configure single session logon restriction? I cant do it through the GUI management tools when in Workgroup mode.

Excuse my ignorance as I am new to Microsoft RDS.

I used Microsoft RDS to setup a pool of virtual desktops in VMWARE. It works fine but I want to ramp things up as we will be taking on 50 remote resources who will need VDI access.

So, I am going to go with RDS and Hyper-V. 

My question is, what is the best option to allow for 30 concurrent connections to the same desktop setup. They will be Developer workstations so they will be kid of beefy. Lets say 2CPU 8GB RAM and 100GB HD.

So, do I go with Session based or VDI based? I was going to go with a single host, 4 CORE, 256GB RAM and 3TB disk space.

I figured I would spin up 5 VMs in Hyper-V with the above desktop configuration using Session based.  

Would this facilitate the 30 concurrent connections I need to support or should I be going in a different direction?

Thanks in advance.

hi there,

Several years ago, the previous IT setup a single server RDS solution (Connection Broker, Session Host, Gateway, Licensing etc on one box). We have experienced performance issue using this setup. When users connect to the RDP during peak time, we are getting disconnections. 

What is the best way to move the core services to a new server, leaving the old server as a second RD Session Host so I don't have to recreate the user profiles there?

I have a 2012 R2 standard server hosting RD Licensing.  I have installed two sets of licenses (100 & 75) for a total of 175.  Of the group of 100, all have been issued with no remaining.  There is another group of 75 that remains available but unused.  All of these are per-user cals. They are Volume License program cals. 

When I open licensing diagnoser from another server it correctly shows that I have 75 available cals.  However, none are being issued.  Existing cals are being renewed correctly.  

running the powershell command: Get-RDLicenseConfiguration returns: Not Configured (I don't know if that is relevant).   I don't think this is a new issue,  but something that has recently become noticeable. 

Are multiple groups of licenses supported in Server 2012 r2? How can I enable the other 75 cals for issuance? 

Hi,

I have a question for making my first steps in my investigations.

We have an applicaiton that is quite often used on Terminal services, and there is a behavior where I need some idea to go on.

Precondition: the CPU and all of it's core are idle, Hyperthreading is shut off.

The workflow is as follows

- start our application which has a WPF GUI and some C++2010 core DLL used for that calculation.

- application does some CPU / memory intense calculation for about a minute. This calculation requires about 2 MB of memory being allocated and doesn't touch any infrastructure

- at the end there is a message box like "job completed"

What we observe:

with a latency of 10 ms the processing takes 70 seconds. Time (supposed to be the clock time obtained by QueryPerformanceCounter) and the ProcessTime are the same, the job is purely single threaded and shows 100% CPU load on core in task manager. 

With a latency of 250 ms the processing takes 100 seconds. Time is 100 sec, the ProcessTime is 70 seconds. It just looks like the time slices given to that task have longer delays between them... the task manager is just flattening that down to about 65 % of CPU core load, but on a granular view there seems to be a gap of 10 ms between a 10 ms time slice

And my question is:

which policies or registry keys could influence the time slice distribution or are there any dependencies between the "scheduler" in the OS and the latency, which an RDP client has?

IT architect - Terminal servers, virtualizations, SQL servers, file servers, WAN networks and closely related to software devleopment (8 years + experience in VB, C++ and script langugaes), MCP for SQL server and CCAA for Xenapp 6.5

If I Remote Desktop to a Windows Server 2012 R2 server, and then Ctrl+Alt+End and choose Lock to lock the RD session, I don't see a way to Unlock the session.  I try Ctrl+Alt+End and it does nothing.  I see no buttons, and have tried several shortcuts (Winkey+<any key>) and have had no luck.  I ensured that for Remote Desktop (mstsc.exe), I clicked Show Options, went to the Local Resources tab, and ensured that Keyboard is set to Apply Windows key combinations On the remote computer.  When I attempt Ctrl+Alt+Del, my desktop presents me the menu (to lock, etc).  The Remote session does not receive that key combination.   My desktop is Windows 7 Enterprise.

Is there a key combination I am missing?  or is there a setting on the server that is required/missing?  Or could a group policy be causing this issue?

Note if I have a Remote Desktop to a Windows Server 2008 R2, I can easily unlock the screen. by the way, we are using RSA with a token to login.

I cannot post any images, as my account isn't yet verified (first post)...

Hi Technet

I've added User Profile Disks and checked every tick for "Store only the following folders" on the RDS:

[Image of the RDS UPD SEttings]

Everything works as expected. But with tihs configuration most of the private data are stored within the UPDs. Therefor I want to redirect the "personal folders" to our NAS.

As in previous infrastructures I used the folder redirection policy. As a test, I tried only to redirect the "Music" folder:

[Image of the Music-Redirection-Folder-Properties

I linked and the filtered the policy as follow

Now, when I log in as any user the music folder isn't part of the UPD anymore: The "Music" folder is missing the link-arrow but still points to C:\Users\%username%\Music. But as in the first screenshot stated "all other folders are not preserved". And that's exactly what's happening. If I save something in the folder it's gone.

But I thought with the Folder Redirection Policy those folders are redirected to the designated root path - and that's exactly what's not happening.

I tried the following types of Root Folder for the policy:

• local path (on the RDS where the UPDs are as well) for "root Path" like: D:\Users
• Share \\NAS008\PersonalData\Users
• DFS \\ad.example.com\Personal Data\Users

I've added the RDS-Server and even the DCs to Security Filtering of the policy (I remembered something of Merge).

I gave full access to the Root Path to everyone, to authenticated users, to domain users

I have no clue, why my Music-Folder isn't redirected.

But I know the policy gets applied as I made a Test-Shortcut on the Desktop which gets created:

[Image of Shortcut Polcy with rresult on desktop]

What am I missing?

Many thanks!

Hi,

I am looking for a way to limit resolution and color depth on a RDP session to RD Session Host, in case that only one (single) monitor is allowed for client session.

Due to some old (from 2012) articles, it seems that, if only one monitor is allowed on a remote session, setting limit on resolution and color depth is meaningless. 

Anyway, what I want is following: on Win2012 R2 RDS host, limit remote session to be of max 1280x768 on a single monitor, for every client. I want that to be restricted on RDS host, not be dependent on any client-based configuration. 

Any help would be appreciated

Milan