Hello everyone,
I'm looking for some guidance on how to disable SSL 3 and TLS 1.0 on a 2012 R2 box acting as a RD Gateway, Connection Broker & Licensing Server. I have disabled SSL V2 successfully via IIS Crypto. When I disable SSL V3 though my Remote Apps stop working - specifically the connection to the remote desktop host server fails. I didn't try disabling TLS 1.0 yet, as I haven't conquered SSL3. We are using a 3rd party signed SSL cert.
Any have specific experience doing this?
Hello,
We are currently using office 2010 on server 2012 r2 demote desktop
Any time someone tries to open an attachment from inside outlook they get a file corrupted error, but if they are in the office, using outlook and try to open the same attachment it works. This includes administrators on remote desktop
On top of this users are unable to open some files in remote desktop, either excel or word, but when in the office and using their own computer all files open correctly.
We recently moved our remote desktop to a different, more powerful/better server and everything was set up the same in terms of the remote services, but this server does have a couple of additional services running that weren't on the old one.
Any ideas, everything I have found here before has had no affect on this problem.
Thanks
I cannot connect to my PC via Remote Desktop. Seems the reason for this is that 3389 port is not listened by anyone (as reported by netstat -a -o), and the Remote Desktop Services is not started - which seems to be the problem.
When I try to start the service, I get "Access denied" Error #5.
The Remote Desktop Service settings list NetworkService account as the one to be used to launch the service. I tried to "update" it in the settings (with no password entered) - however the result is the same.
Please let me know what is the correct way to setup the RemoteDesktop Services service wrt credentials used by it, or what could be other issues with this error.
Thank you!
Hi I have licensed win2012 terminal server how ever server showing not license server not configured & licensed issued to user from Windows 2000 Server - Built-in TS pool .
any way to force to server to server issue license from license terminal server pool
Continuous plan Do review is key to success.
Please mark as answer \Helpful if its . My Linkedin Profile
Hello All,
We are planning to configure one session host server with 16 GB RAM with 4 core processor. We need to publish only MS office basic APPS like word, excel, power point, out look etc. Please help us calculate the session host capacity
Thanks in Advance
Regards,
Austin Jose
Today I tried to login to my dedicated server (Windows Server 2016) via Remote Desktop and it tells me that my password has expired. However it doesn't allow me to change the password.
The dedicated server is hosted in Canada (Kimsufi/OVH) and I'm in Argentina.
I cannot change the password locally. Also the server seems to be using NLA as I get an error if I try to login with NLA disabled in my client.
Besides RDP the other way I can access the server is through rescue mode (linux).
Is there any way to disable NLA or change my password remotely or from Linux rescue?
Thank you
We have a hosted Remote Desktop Services environment running on Server 2016 Standard, and have had no end to issues seemingly caused by the search indexing service. The customer has about 1.8 TB of data that they need indexed (I'm not sure if the amount of data is playing a role in the issues we're having). We are using User Profile Disks for the end users. There are several issues the end users are experiencing when opening/disconnecting sessions:
At any given time, the above issues are "fixed" if we restart the search indexing service (for a short while until another end user runs into one of the problems again). We are also unable to get the search indexing service to restart gracefully through the Services list, and are almost always forced to use the command line and taskkill to forcefully end the service and let it restart afterward.
We've already made some tweaks to the directories that are included in the indexing, and have excluded most user data from the index except for Outlook data. I can provide additional details if necessary.
Any help with this would be greatly appreciated, these issues are starting to drive me up the wall.
We have an issue that just started happening today on our standalone Windows Server 2008 R2. There is no domain it's just using local users and groups when a particular user tries to login it goes through the process and then immediately logs them off before the desktop is reached.
The following errors are logged in the event viewer:
Event ID 5: source: Kernel General{Registry Hive Recovered} Registry hive (file): '\??\C:\Users\username\ntuser.dat' was corrupted and it has been recovered. Some data might have been lost. followed by a event id 7002: User Logoff Notification for Customer Experience Improvement Program
If I setup a brand new user they have the same issue, if I then add the existing user or newly created user to the administrator group they can both logon, remove them from the group and they can no longer logon anymore.
I have run a scandisk, sfc /scannow, rebooted the server, disabled customer experience improvement, If I try to run gpedit.msc I get "Administrative templates encountered an error while parsing incorrect document syntax" I get a half dozen of these
before it allows me in. I tried to delete the users profiles and copy over another working users ntuser.dat but that doesn't help. All terminal server licensing is correct and working.
Leaving these users as admins is not a solution for obvious reasons, any ideas?
I am looking for a way to use a single RD Web Access page to connect to different Collections. Here is what I have.
Session Collection 1 - Application published using farm webapp.domain.com (Five servers)
Session Collection 2 - Remote Desktop published using farm rds01.domain.com (Five servers)
Session Collection 3 - Remote Desktop published using farm rds02.domain.com (Five servers)
Each farm has a different use case and applications, hence the three farms. But I would like users to access any of them by logging into https://web.domain.com/RDWeb.
The farms are using round robin DNS, which could be part of the problem. I did this so if you use mstsc, the computer name points to rds01 which has an A record to all five servers.
The other potential problem could be that I used Set-RDPublishedName on the Connection Broker and changed the name to webapp.domain.com. I did this so the wildcard SSL certificate didn't issue any warnings.
It appears that the published name on the Connection Broker is what the Web Access server uses to launch everything. So instead of Remote Desktop going to RDS01 or RDS02, everything redirects to webapp. If what I am trying to do is possible, what do I need to change?
Hello,
i have a problem with my RDS.
I have installed my environmnet and i it works ok.
When i want to provide a second collection and want that only users from group A see the Apps from Collection1 and Users from group B the Apps from Collection2 it doesn't work.
Everybody can see every APP over both collections.
What i am doing wrong?
I have 2 Brokers in HA
one RDWEB Server
20 RD Session Hosts (18 for collection1 and 2 for collection2)
2 Collections
Regards
Sven
Hi,
Our production environment is RDSH windows server 2016. I just want to know how RDSH server worked with RDS broken server. does they communicate with any service? How I can troubleshooting it if one of them broken.
By the way, if one of the server broken. does the RDS console still can be used? from my testing if one of them broken is impossible to lauch the RDS console.
Best Regards,
Apollo Ye
Hello, I have this problem and I have no idea how to solve it. Windows server 2016 has been installed for several months. Now for about a month there is a problem that for no reason during work it disconnects the remote desktopsand you can initially connect again until the end of the day but the next day, you can no longer connect through the remote desktop and the only thing that will help is the server restart. What can be done with it, had someone such a problem that after disconnect and after some time you can not reconnected?
All users connect from outside to this server. It has license for 4 users (and exactly 4 users are connecting to this server). And all four users has the same problem.
Hi,
Connection to a RemoteApp program from within an RDP session does not work if the user has a startup program defined in the user profile.
I'm using Windows Server 2012 R2. I used calculator as the RemoteApp program to verify that it's not a problem in my custom program.
1st scenario - works:
1. Connect to the server using RDP (no RemoteApp) --> Desktop opens
2. From the RDP session, try to make an RDP connection using RemoteApp. I'm using a pre-configured RDP file with remoteapplicationmode and remoteapplicationprogram parameters and I'm connecting to the same server in this example --> The RemoteApp screen
appears and after entering credentials the RemoteApp program opens
2nd scenario - does not work:
1. Using an admin account, on the server, go to local user management and set a startup program for the user that is used for the test, cmd.exe for example (Environment tab --> Starting program --> Start the following... --> Program file name ="cmd.exe").
2. Connect to server with the test user --> cmd.exe opens
3. Try to connect with RemoteApp like step 2 in the previous scenario --> the RemoteApp screen appear but the program does not start, after a while the session closes.
I checked using ProcMon and the Event Viewer and I see that a connection is established, but for some reason the program does not start (rdpinit.exe should start the program, but it doesn't - I don't see any call for CreateProcess).
Is this a bug in Windows?
Thanks,
Gabriel
Hi,
I'm trying to setup a 2008r2 session host full desktop, with a 2016 RDS gateway and RDWeb.
On the 2008r2 session host, 3389 is currently open to the world, and putting this in front of a gateway is a stopgap before we migrate fully to 2016.
I have followed this guide, and have managed to get the 2008r2 session host appearing in RDWeb, but cannot figure out how to get the RDP file to include the gateway address.
https://ryanmangansitblog.com/2014/01/05/deploying-a-rdsh-2008-r2-server-to-a-rds-2012-r2-environment/
Steve
Hello,
A couple of my users want to use RDP to do their work, but recently they have been getting this error.
This is simply trying to get onto a workstation. So in my use case the user is just trying to RDP onto a Windows 10 Enterprise Edition (they are trying to log onto their computer from home), not a Windows Server or anything like that.
https://support.microsoft.com/en-us/help/4295591/credssp-encryption-oracle-remediation-error-when-to-rdp-to-azure-vm
In my research I've found that I can get around this by going into the the group policy editor and going toComputer Configuration > Administrative Templates > System > Credentials Delegation,and then trying to change the Encryption Oracle Remediation policyto Enabled and then change the Protection level to Vulnerable.
But when I go into the group policy editor the Encryption Oracle Remediation policyis not there.
So I am not sure what I can do to fix this, all I want is the ability to remote into a Windows 10 machine, I have tried from multiple computers that reside on my network (and on a VPN as well) can RDP into other computers, except for my user's one workstation. Is there something I can reinstall on my user's workstation or repair to let computers RDP connect to it?
-Thanks
Hi, I've a 2012 R2 server in cloud, due to costs fees the server is a DC and have a RDS role on it. About 20 RDS licenses installed. The server is working fine since about 1 year. Simple rdp sessions not Remoteapps.
Yesterday i find a message "grace period of rds ts 2008 licenses is expired"...there aren't 2008 licenses...it is a 2012...all is working actually but this message make me a bit in alarm...
have you had that problem before? have i to check something??
thank you.
Gian
Hi!
Quite a strange question ...
It is necessary on RD Gateway to check the computer name for correspondence in advance known.(Or any other marker, the easiest to install on third-party PCs and tablets)
If there are no problems with domain machines (On the NPS simply specify the rule in the CAP with the domain group of the PC), then with non-domain machines the problem.
Ships on logs, they send the following information about themselves:
Client Machine: Security ID: NULL SID Account Name: Notebook Fully Qualified Account Name: - Called Station Identifier: UserAuthType:PW Calling Station Identifier: -
As an example of logs with the connection of a domain machine:
Client Machine: Security ID: Domain\pc1$ Account Name: pc1.Domain Fully Qualified Account Name: Domain\pc1$ Called Station Identifier: UserAuthType:PW Calling Station Identifier:Actually check on Account name somehow it is possible?
I have 3 2016 servers.
Server1.domain.local is the gateway/broker/rdweb server
Server2.domain.local is a rd session host
Server3.domain.local is a rd session host.
The problem is I have a wildcard cert, in dns the clients connect to rds2016.domain.com (which points to server1.domain.local/the gateway) but when the gateway redirects the cilents to either server 2 or 3 the .local name shows up and prompts them with cert errors.
I found this post that allowed me to change the certificate on the session host servers to the wild card cert using wmi
https://social.technet.microsoft.com/Forums/windowsserver/en-US/cfa7d283-4b1b-4da6-8589-82059b31d258/local-fqdn-shown-when-connecting-to-session-host-through-rdgateway?forum=winserverTS#d2db4606-ee08-4e8d-ad1f-44ba16b0eceb
Get certificate thumbprint using powershell:Get-Childitem Cert:\LocalMachine\My
Set new thumbprint on server:wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="Thumbprint"
But the problem after running that the rdweb published apps show an error 0x607 and the .local servername again when trying to connect. Since the wildcard cert does not match the .local name it won't let the client open the rdweb published app. Basically running the wmi command fixed the cert errors for the full remote desktop session but broke rdweb.
Anyway to change the name the session hosts are exposing to the clients from (ie from server2.domain.local to server2.domain.com)?