We have Office 2007 modi installed on our servers along with office 2010.

We have on ocassion users connecting and they have a shortcut for office 2007 outlook for example on their own desktop.

The problem we have is they are clicking this link on their own profile on th term server this is forcing then an install of 2007 then this breaks 2010 installed  for all other users. We then have to log all users off and run a repair for 2010.

How can we stop this happening

Remove the registry entry for the install path - for the source for the 2007 package -

gpo to stop users installing?

Any ideas please?

thanks

John

JA

Hi,

I have a Domain server which takes a very long time while connecting to RDP using the domain users however for local admin it get connected within few minutes. There is another server connecting to same domain where do not see this issue. I checked the DC connectivity using the portquery tool however did not find any issue with it. All the necessary port for LDAP,GC etc have been opened between source and destination. PLease advice if there is anything else that needs to be checked.

Hello, 

I have a client who needs to disconnect/log out domain users from the Server. We are using the RemoteApp on our Windows Server 2012 R2. This server is only meant for the RemoteApp. I need to give her permission to only let her manage the remote connection. I had searched the internet but i don't get my answer. 

Any chance of doing it? Please let me know. 

Thanks.

Hi Technet

From a long term project we have developped a more or less RFC 2865 compliant RADIUS Server. It supports challenge/response in order to check an OTP sent by text message. For any RADIUS capable client (e.g. firewalls, SSL VPN, Direct Access) we may use our RADIUS Server to protect those appliances with a 2FA/MFA.

Now we would like to test our RADIUS Server with RDS 2012 R2.

We have set up a Demo LAB with a DC and a member server holding all the RDS roles (RD Web Access, Connection Brocker RD Session Host, RD Gateway). This setup works as expected.

There are a lot of partly documentations about NPS and RADIUS and RD Gateway Manager and RADIUS. But there is no how to implement a custom RADIUS Server.

So: which steps do we need to protect the RD Gateway with our RADIUS Server?

And it does look like our RADIUS Server does not respond correctly to the NPS request:

This is what we receive:

Code      : 1 Access-Request
Identifier: 28
Length    : 156
------------------------------------------
  1 User-Name                : lab\user1
  6 Service-Type             : 12
 26 Vendor-Specific          : Vendor-ID: 311 (Microsoft)
                               Data:      2F 06 00 00 00 01
 30 Called-Station-Id        : UserAuthType:PW
 33 Proxy-State              : ??      ?2??+??  
 61 NAS-Port-Type            : 5 Virtual
 80 Message-Authenticator    : 3F 13 3F 3F 3F 56 3F 01 3F 3F 25 2A
------------------------------------------

And what we respond:

Code      : 2 Access-Accept
Identifier: 28
Length    : 40
------------------------------------------
 18 Reply-Message            : Welcome lab\user1
------------------------------------------

For every Firewall, Appliance, Direct Access, Citrix NetScaler our response works. But why won't it work with RD Gateway? It is resending its Access-Request 5 times and we are responding always with Access-Accept. But no Access to the RDP.

BTW: We have no information about RADIUS Service Type 12. RFC 2865 has values from 1-11, but MS RD Gateway sends 12?

Any Ideas?

This question has been asked before, but so far I can't find an answer.

In a Remote Desktop environment with 4 servers (2008 R2) with a Session host and a NLB cluster, one of these servers is experiencing the problem that when a user logs off, not always the roaming profile is completely removed.
The folder path that stays is C:\Users\[user]\AppData\Roaming\Microsoft\SystemCertificates\My

When this happens, event 1533 is logged:

"Windows cannot delete the profile directory C:\Users\[user]. This error may be caused by files in this directory being used by another program. 

DETAIL - The directory is not empty."

Using 'Handle.exe' I found that the holding process is 'Print Spooler'. When this service is restarted, the folder can be deleted.

An event that might have a direct relation to this is 1530 during logon:

"Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.  

 DETAIL - 
 1 user registry handles leaked from \Registry\User\[user SID]:
Process 11324 (\Device\HarddiskVolume2\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\[user SID]\Software\Microsoft\SystemCertificates\SmartCardRoot"

Currently several GPO's settings are in effect:
Computer Configuration/Administrative Templates/System/User Profiles "Delete cached copies of roaming profiles" = Enabled
Computer Configuration/Administrative Templates/System/User Profiles "Do not detect slow network connections" = Enabled
Computer Configuration/Administrative Templates/System/Group Policy "Allow asynchronous user Group Policy processing when logging on through Terminal Services" = Enabled
Computer Configuration/Administrative Templates/Windows Components/Remote Desktop Services/Remote Desktop Session Host/Profiles "Set path for Remote Desktop Services Roaming User Profile" = Enabled and specified

These servers are virtual on 2 ESXi hosts, I know of the problem with the Shared Folders feature in the VMWare Tools, this software is installed in Typical mode as instructed.

All servers have the same set of printer drivers installed: HP universal v5.3, Kyocera universal 5.3.1025 and Kyocera Classic universal 2.42.909.0, all in Shared Isolation mode.

Does anyone have any further ideas?

We are making the RDP Connection using TCP Tunneling on the port 3389 in C#.  But the TCP Socket is disconnecting in 50 seconds. 

4145    213.992742000   source(my pc)   destination (remote server) TPKT    71  Continuation
4146    213.998031000   source(my pc)   destination (remote server) TPKT    981 [TCP Retransmission] Continuation
4167    219.778181000   source(my pc)   destination (remote server) TPKT    85  Continuation
4191    224.575355000   source(my pc)   destination (remote server) TPKT    1354    [TCP Retransmission] Continuation
4246    238.663506000   source(my pc)   destination (remote server) TCP 54  49322 > ms-wbt-server [RST, ACK] Seq=173138 Ack=27613 Win=0 Len=0

In addition to that, I have gone through following the solutions provided. But it not worked for me.

RDP connections might fail due to a problem with KB2621440 – MS12-020:

Actually i have tried  this patch in the windows 7. But it already deployed in the machine.

Socket.Disconnect Method (Boolean): 

We are not disconnecting socket through code Explicitly. But the socket connection to the end machine (on the port 3389) is disconnecting internally after couple seconds. We have monitor this one using the wireshark. Eventhough, we have send the Keepalive packet in every 10 seconds, but its disconnecting the Socket after the 50 seconds. Due to this we are not able to send the datapacket to the end machine socket which is received from the  Tunneling.

Please help me to resolve the issue.

I have the gone the RD Gateway manager and Remote desktop services. Since I am testing the feature the in the corporate the network, I don't how to setup the RD Gateway Manager in the Windows 7 Machine. 

Please forgive me for grammatically mistakes

Thanks

Thangamani

Hi,

I have the following RDS deployment:

On Windows Server 2012:

RD Gateway, RD Connection Broker, RD Webaccess on SRV1

On Windows Server 2012 R2:

2 RDS hosts in farm 

I have acquired at a CA a public certificate for our external FQDN abc.domain.com

However, my AD structure is domain.local.

Each time a user connects, he receives a pop up Windows due to the certificate mismatch (abc.domain.com =/= abc.domain.local).

What can I do to bypass the mismatch w/o changing my whole AD to .com?

Many thanks,

Roberto

I have set up a test Server 2012 RDS collection (Single Server for now) and implemented User Profile disks.

I have two problems.

First: My generic test user can connect and does successfully use the user profile disk as expected. However, atlogoff, the system event log contains these errors:

The error (NTFS 137) is: The default transaction resource manager on volume C:\Users\ts3.test encountered a non-retryable error and could not start.  The data contains the error code.

The warning (NTFS 50) that concerns me is:

It appears that the user profile disk is being "disabled" or "disconnected" before the profile data is completely written at logoff. What can I do to troubleshoot this?

Second:

Update: A post from Mike Connor on the following page: -LINK- solved the problem described below. 

My administrative user always logs on now with a temporary profile. At the beginning, the UPD was working and mounting. That stopped working. In attempting to troubleshoot, I logged the admin user off and deleted the UPD disk file from the share. I remember it working again after generating a new UPD disk file in the share. Soon, it quit working again. I deleted the UPD disk file again from the share and ever since, it has never regenerated a new UPD andalways logs on with a temporary profile.

I'm experiencing some temporary profile when user logon even if :

- The UPD VHDX is well closed on file server

- If there is no .bak in profilelist registry key

The only reason is that i have an existing SID in profilelist registry entry( like the user is still loged on , but is not !! )

We have had an ongoing problem affecting all of our terminal servers in a TS farm at random times and not all at once.  It doesn't seem to be a problem with the individual servers but a roaming issue that causes the entire farm to stop serving sessions. There are a couple event ID's that show up in the RDS on the server:

Error 36: Microsoft-Windows-TerminalServices-LocalSessionManager: An error occurred when transitioning from DisconnectedLoggedOn in response to EvConnected. (ErrorCode 0x80070102)

Error 1152: Microsoft-Windows-TerminalServices-RemoteConnectionManager: Failed to create KVP sessions string. Error Code 0x8007007A

The only way to allow the TS farm to start allowing connections is to reboot the problem server at that time.

Folks,

Just noticed this becoming an issue on a Windows 2012 R2 Terminal Server after the last round of Patch Tuesday updates stemming from August 9th, 2016.

Typically, I'm rebooting the server every 24 hours to over-correct the issue - rebooting not being the best option here.  

In previous discussions, it's advised to remove KB3002657 or KB3035132 from the server.  Is this still the best option to restore full functionality even with the last round of patches and updates? Just to confirm, we are not using webroot as an AV solution. 

Hi

I was able to connect to my RDS 2012R2 using the built-in win 10 remote desktop connection via the web interface without problems until the desktop was upgrade to built 14393.187. Now I receive the error message "Your Computer can't connect to the gateway server"

I can connection on a win7 desktop and can connect on a WIN10 desktop using theRemote Desktop preview app found on the windows store.

After the upgrade I browser to my RDS and click on the remote desktop connection icon as normal and then I receive a new window that asks for my password, I have double logon so this is not unexpected, the look of the window is new however.

Firstly, I was wondering is other people are experiencing the same problem and secondly if there is a work around.

The remote desk connection program on the client is version 10.0.14393 

Cheers

laurie

in my RDS deployment, I've got a connection broker and two session hosts.

The connection broker also has RDWeb roles installed, although I dont plan to use them.
I've configured the collection to loadbalance between the session host servers 50/50.

I can connect to each of the servers individually of course, however I can't seem to figure out how to connect to the farm and have my connection loadbalanced.

I read some documentation which said use round robin DNS, but this strikes me as being backwards as that would attempt to connect users to servers that were offline or otherwise unavailable etc.

It also occured to me that I could use NLB to do this, but again that seems silly when the RDS deployment clearly has some kind of mechanism for this built in; I mean it must have or why would it like me configure loadbalancing within the session collection?

Can someone point me in the right direction?

Hello everyone I'm hoping someone has ran into the same issue as I have and found a solution. Maybe this is a quick answer. So far my searches have yielded nothing.

The issue I am running into is with 2012 R2 Easy Print printer names. We have an application that stores specific printing preferences inside the application and whenever a user logs back they end up getting a new printer name because Easy Print does printer naming like "Fax (redirected nn)."

In other products we used like TriCerat ScrewDrivers you can set the default naming up to use something other than the session number; such as "Fax (%username%)." However I can't find any equivalent setting for Easy Print. Has anyone ran into this issue and what have you done to resolve it; short of telling the user to just deal with it.

Thank you.

Hi.

I'm trying to get the external IP Address of clients connected over Remote Desktop through a RD Gateway.

I can get the IP Address using WTSQuerySessionInformation if I'm not connected through the gateway, but I get nothing but 0's when I connects through the gateway.

Interesting moment that if I connects from Mac OS (Microsoft Remote Desktop for Mac OS),

WTSQuerySessionInformation gets client's IP normally.

Is there some other way to get client's IP? Or how to get Windows client's IP connected through RD Gateway with WTSQuerySessionInformation?

Hi,

on our RDS 2012 R2 farm, which exists of 4 session hosts at the moment, we regularly see empty sessions with State DOWN.

When I try to logoff such an empty session, I get the following error:

Could not logoff session ID 498, Error code 1753
Error [1753]:There are no more endpoints available from the endpoint mapper.

What I now do is I disallow logon to the specific session host and when there are no more active sessions, I reboot the session host and then the empty sessions disappear (of course).

Anyone any idea whys these empty sessions? Users do not always logoff there session, but we have a policy in place that logoffs disconnected sessions after a period of time.

Thanks in advance.

Mario

Initiating workstation = Windows 7 SP1 - RDP 8.1 (update it with 8.0 first)

Gateway server = Server 2012 R2

Target workstation = Windows 10

I am able to connect to the gateway server directly and then establish a RDP connection to the target workstation from there.

Issue started after TLS 1.0 was disabled on the gateway server.

I turned off UDP on the client and the target workstation but the issue persists.

The error I get: "This computer can't connect to the remote computer because Terminal Services Gateway server's certificate is expired or revoked."

Please advise. Thank you!

Hi,

We have set up redirection of a USB Symbol barcode scanner to a Remote Desktop and a RemoteApp using RemoteFx. Thus when connected to the remote desktop, the USB barcode scanner appears as a USB HID device and HID keyboard device in the Device Manager on the server and as a device in "Devices and Printers". Similarly the device appears as "redirected" in "Devices and Printers" on the client and it is no longer available as a device on the client.

However, when scanning a barcode with the device, not data (string/characters) appears on the server - for example when testing with Notepad. 

Are we missing any vital permissions/grants/registry values, etc. on either the server-side or the client-side in order for the barcode readings to be passed on to the Remote Desktop?

It should be noted that when not using RemoteFx, the scanned barcodes are transferred to the server as any other standard keyboard input. However, then the device is not available as "device" on the server or excluded from use on the client.

Best Regards,

Morten Klitgaard

Software Developer & Project Manager

Logimatic, Denmark

I cannot post any images, as my account isn't yet verified (first post)...

Hi Technet

I've added User Profile Disks and checked every tick for "Store only the following folders" on the RDS:

[Image of the RDS UPD SEttings]

Everything works as expected. But with tihs configuration most of the private data are stored within the UPDs. Therefor I want to redirect the "personal folders" to our NAS.

As in previous infrastructures I used the folder redirection policy. As a test, I tried only to redirect the "Music" folder:

[Image of the Music-Redirection-Folder-Properties

I linked and the filtered the policy as follow

Now, when I log in as any user the music folder isn't part of the UPD anymore: The "Music" folder is missing the link-arrow but still points to C:\Users\%username%\Music. But as in the first screenshot stated "all other folders are not preserved". And that's exactly what's happening. If I save something in the folder it's gone.

But I thought with the Folder Redirection Policy those folders are redirected to the designated root path - and that's exactly what's not happening.

I tried the following types of Root Folder for the policy:

• local path (on the RDS where the UPDs are as well) for "root Path" like: D:\Users
• Share \\NAS008\PersonalData\Users
• DFS \\ad.example.com\Personal Data\Users

I've added the RDS-Server and even the DCs to Security Filtering of the policy (I remembered something of Merge).

I gave full access to the Root Path to everyone, to authenticated users, to domain users

I have no clue, why my Music-Folder isn't redirected.

But I know the policy gets applied as I made a Test-Shortcut on the Desktop which gets created:

[Image of Shortcut Polcy with rresult on desktop]

What am I missing?

Many thanks!