Hi,

I have received a question from a customer that I can't seem to find an answer to.

The customer is currently running af PoC on a new RDS 2016. All Windows 10 (v1709 or 1803) endpoints. They are using the RemoteApp and Desktop Connections client to present shortcuts to various RemoteApps in the users Start Menu on the Windows 10 endpoint.

Is it possible to change the name of these shortcuts? More specifically remove the appended RDS workspace name from the RemoteApp shotcut.

We are running MS VDI on a server 2016. Periodically we are not able to log into the personal Virtual PC's (VPC) and get the error RD Connection broker sign-on failed. Rebooting the server or the Wyse 3040 boxes do not fix the issue.  We can log into the VPC's with remote desktop from a different PC. Today I got this fixed by re-installing the same cert over again in RDS certificates for RD Connection Broker -Enable Single Sign on, RD Connection Broker - Publishing, RD Web Access, and RD Gateway.

What could be causing this I'm not seeing any errors related to it in the event viewer ad restarting the services or rebooting does not work.  We were down once for 6 hours until I stumbled across doing this and it came up, luckily this time it was a few minutes.

We have an application which our clients run via Remote App. We would like to give the app restricted access to a specific folder on the clients local drive. Is there anyway to do that? As far as I can tell, you can give access to an entire drive, but but a folder in that drive.

For example, we would like our application to have access to an application specific folder in the users "My Documents" folder, but not to any of the other folders. The reason we want to do this is that we are providing our application to clients who are not part of our organization. We would like our app to be able to save files to their local drives, but do not want to ask them to give our application access to their entire C: drive.

Are there solutions to this problem that we haven't thought of? Right now, the way we deal with it is to have our application send them files via email, which isn't ideal.

Hi all!

There is an rd farm on 2012 R2 servers. I've switched on a feature that allows users to change their passwords. I did a small customization of the password.aspx - just added a tab for users navigation.

Problem is: sometimes I can change my password, but sometimes I get a warning: "The user name or password that you entered is not valid. Try typing it again." (of course I type  correct password because I can login with it to the rdweb site)

I didnot find anything in the logs... What could be a problem? How can I find a cause of such behavior and solve it?

thanks in adv.

Hi,

I have disk space issues on some RDS hosts and notice that users tend to have huge temp and cache files from their browsers. Disk Cleanup does not pick that us and neither do apps like CCleaner from my admin account. Is there a best practice to clean those user profiles and recuperate disk space in general for RDS hosts?

Thanks for the tips in advance,

PMD

Hello!

After windows update last weekend our user complains about freezing RDS sessions. After some investigation in the application logs on the RDS session host (windows 2016 server standard) i can see that the Windows Desktop Manager restarts for the users repeatedly. Sometimes as often as every 5 minutes.

The windows update was KB4343884. I have tried rolling back, but the problem remains.

I have checked the version of the local dwmcore.dll and its 10.0.14393.1715.

On the other servers that are patched the version is 10.0.14393.2457

Its really annoying for the users, anyone had this problem? Any ideas what to do?

Keywords: dwmcore.dll dwm.exe windows server 2016 rds connection freeze flicker

Here is copy of application logs:

Log Name:      Application
Source:        Application Error
Date:          2018-09-13 08:27:22
Event ID:      1000
Task Category: (100)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      XX
Description:
Faulting application name: dwm.exe, version: 10.0.14393.0, time stamp: 0x578999ab
Faulting module name: dwmcore.dll, version: 10.0.14393.1715, time stamp: 0x59b0d15f
Exception code: 0xc0000225
Fault offset: 0x0000000000045fec
Faulting process id: 0x2c50
Faulting application start time: 0x01d44b2a8598084b
Faulting application path: C:\Windows\system32\dwm.exe
Faulting module path: C:\Windows\system32\dwmcore.dll
Report Id: 609bd1cf-1c2e-4ad6-ba08-7f21f2a1786d
Faulting package full name: 
Faulting package-relative application ID: 
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Application Error" />
    <EventID Qualifiers="0">1000</EventID>
    <Level>2</Level>
    <Task>100</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2018-09-13T06:27:22.409448600Z" />
    <EventRecordID>67809</EventRecordID>
    <Channel>Application</Channel>
    <Computer>XXXXX</Computer>
    <Security />
  </System>
  <EventData>
    <Data>dwm.exe</Data>
    <Data>10.0.14393.0</Data>
    <Data>578999ab</Data>
    <Data>dwmcore.dll</Data>
    <Data>10.0.14393.1715</Data>
    <Data>59b0d15f</Data>
    <Data>c0000225</Data>
    <Data>0000000000045fec</Data>
    <Data>2c50</Data>
    <Data>01d44b2a8598084b</Data>
    <Data>C:\Windows\system32\dwm.exe</Data>
    <Data>C:\Windows\system32\dwmcore.dll</Data>
    <Data>609bd1cf-1c2e-4ad6-ba08-7f21f2a1786d</Data>
    <Data>
    </Data>
    <Data>
    </Data>
  </EventData>
</Event>

Fault bucket , type 0
Event Name: APPCRASH
Response: Not available
Cab Id: 0

Problem signature:
P1: dwm.exe
P2: 10.0.14393.0
P3: 578999ab
P4: dwmcore.dll
P5: 10.0.14393.2273
P6: 5ae409d5
P7: c0000225
P8: 0000000000045fec
P9: 
P10: 

Attached files:

These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_dwm.exe_4fd69b8d2b46a52b527b3b87e68145f26d420ac_e69b2600_1448af53

Analysis symbol: 
Rechecking for solution: 0
Report Id: 802acf33-3a79-49d9-8475-4630a1686a75
Report Status: 4
Hashed bucket: 

The Desktop Window Manager process has exited. (Process exit code: 0x000000ff, Restart count: 1, Primary display device ID: RDPUDD Chained DD)

The Desktop Window Manager has registered the session port.

Team,

Thanks in advance, I've configured RDS environment with session host, web access, connection broker and a RD gateway server.

I've enabled MFA calling through Azure MFA Server using the below link which Microsoft suggests. But I wanted MFA calling for external users and not when users coming from internal IPs.

In MFA console we have trusted IPs tab where we have to put in the users IP or IP range, but here as the authentication is sent by the RD gateway server everything is ignored by the MFA server and for internal users as well I'm getting MFA Calling.

Has anybody tried it before? This cannot be achieved through Azure MFA but can be achieved through NPS policies but unable to achieve it.

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfaserver-nps-rdg

Hi all,

We're currently experiencing issues at a random interval with regards to freezing start menu's on Server 2016 RDS Hosts.
When the freeze happens we can see the following items in the eventlog: Event ID 5973

Seems to be related on a per user base, as multiple users can connect to the RDS server but only a few of them are experiencing issues.

We are using User Profile Disks and Start Menu redirection. Any thoughts?

Hi all, just curious if there is something obvious -- 

We have 3 similar systems and this is only an issue on 1 of them.

All 3 systems are configured with 2 domain controllers and 30ish vms

We have one machine we (a crew of 2) can connect to via RDP in each system. (All kinds of ACLs, firewalls, ect since we are in a process environment)

The system in question always drops my RDP session before connecting to it.

Example - 

I can be in my RDP session at my desk, walk across the room and attempt to connect back to my session and I can see Windows stating "Signing Out" and then my RDP session is dropped.

I have to reconnect to get back into my session.

This is a pain since sometimes I have files and applications open I am trying to access from the other PC I am attempting to connect to.

I have reviewed all the GPO options for Remote Services and they are all set to default in all 3 systems, although the one system is giving me troubles.

Anyone have a quick tip for something obvious I should look at?

Any input helps

Edit-

I have an odd problem.  Everywhere I read, it seems remote apps that are started from the same client should start in the same session if I haven't logged off from that session.  My apps are starting in separate sessions.

I have apps installed on Server 2016 and published through RemoteApp. I also have a 15 minute session idle timeout enabled.  When that 15 minutes is about to be reached, each app individually gives a 2 minute logout warning.  So if I have 3 apps idling, I get that warning 3 times.  In the server manager, under Connections, I can also see 3 individual connections.   I don't remember changing anything to set them to open up as separate sessions. Does anyone know how to reverse this? Thank you.

Why is it by default possible for Standard Users to plant files on other users (and admins!) desktops thatlog on for the first time !? 

C:\Windows\system32>icacls c:\Users\Default\Desktop
c:\Users\Default\Desktop BUILTIN\Administrators:(OI)(CI)(F)
                         NT AUTHORITY\SYSTEM:(OI)(CI)(F)
                         NT AUTHORITY\SYSTEM:(F)
                         CREATOR OWNER:(I)(OI)(CI)(IO)(F)
                         BUILTIN\Users:(OI)(CI)(RX)
                         BUILTIN\Users:(CI)(AD)
                         BUILTIN\Users:(CI)(WD)

Successfully processed 1 files; Failed processing 0 files

Powershell PoC:

'@ECHO Evil code ran and you were owned !!! & pause' | Out-File -LiteralPath "$([System.Environment]::GetFolderPath([System.Environment+SpecialFolder]::CommonDesktopDirectory))\Hello World.cmd" -Encoding ascii

Hi Everyone,

In an education setting where users are split 1,000 staff to 10,000 students can we enable azure MFA for staff only?  Pricing becomes an issue as it's £4.18 per user for Premium P1 plan.

I assume it's simply a case of adding the P1 licence to staff users, and in the radius policy only have it apply to the staff user group?  Unless I am mistaken

Just don't want to install the plugins only to find students are unable to login

Thanks

Hi,

Connection to a RemoteApp program from within an RDP session does not work if the user has a startup program defined in the user profile.

I'm using Windows Server 2012 R2. I used calculator as the RemoteApp program to verify that it's not a problem in my custom program.

1st scenario - works:

1. Connect to the server using RDP (no RemoteApp) --> Desktop opens
2. From the RDP session, try to make an RDP connection using RemoteApp. I'm using a pre-configured RDP file with remoteapplicationmode and remoteapplicationprogram parameters and I'm connecting to the same server in this example --> The RemoteApp screen appears and after entering credentials the RemoteApp program opens

2nd scenario - does not work:

1. Using an admin account, on the server, go to local user management and set a startup program for the user that is used for the test, cmd.exe for example (Environment tab --> Starting program --> Start the following... --> Program file name ="cmd.exe").

2. Connect to server with the test user --> cmd.exe opens

3. Try to connect with RemoteApp like step 2 in the previous scenario --> the RemoteApp screen appear but the program does not start, after a while the session closes.

I checked using ProcMon and the Event Viewer and I see that a connection is established, but for some reason the program does not start (rdpinit.exe should start the program, but it doesn't - I don't see any call for CreateProcess).

Is this a bug in Windows?

Thanks,
Gabriel

I have a Windows 2012r2 server that is not issuing CAL licenses but still running remote desktop sessions. Meanwhile the memory usage of the svchost (termsvcs) steadily increases over 4-6 weeks until it needs rebooting.

Has anyone seen this?

Here is a picture of the server in question.

Here is a picture of another server that is similar that is issuing licenses and not suffering with the same memory issues.

OK this one is driving me crazy

We have a number of RDS 2012R2 Session hosts.  and a few clients with webcams .  When the webcam is not connected through the over supported RFX usb deviceson the client. the mics on the web cams work perfectly

 When the webcam is  connected through the over supported RFX usb devices . the mics on the web cams don't work but the video works perfectly

How do I get the mic to work on the web cams , tried it with both Microsoft LifeCam and Logitech C930's 

Clients are window 10 pro (Build 1803)  

Tried all of the usual GPO and reg setting as suggested in other post 

TIA

We have over 300 inactive ts ports on our 2012R2 printserver. The performance of the terminalservers , also 2012R2servers, is terrible.

How can i delete the inactive TS ports, can i do that with a script ore something. Do i have to delete this bij hand in the register?

When i look on the internet, i cannot find anything for a 2012R2 server

We have a RDP server where we publish Microsoft Dynamics AX 2012 R3 via remote app. When a user uses the remote app Dyanamics AX it will spawn a PDF file which will open with Adobe Acrobat reader that is installed on the RDP server with the DAX client. Microsoft Office 2016 is also isntalled on the RDP server. When the PDF file is open the user will click the Mail icon in Adobe Reader that looks for the users Outlook Profile and will tell the user they need to configure their Outlook profile in order to send the PDF via e-mail. We have configured Group Policy to auto configure each users outlook profile on the RDP server. The problem is that the Outlook profile isn't actually created until Outlook is opened under the user profile. Remember this is a published app they are using not a full RDP session so they do not have access to launch the Outlook Client. We don't need them to have access to Outlook, we just need the Outlook profile created so that the Adobe reader app will detect it and use that profile to send e-mail.

 Is there any way we can establish the Outlook profile, transparently to the user? Logon script, or any other technology?

I know that once the profile is established by opening Outlook then the mailing function of Adobe Reader works. I tested this out by trying to mail from adobe only using the Published App, DAX. Adobe wouldn't detect the Outlook profile. I then logged onto the RDP server using a full RDP session as the same user, opened Outlook, the profile autoconfigured as expected, then closed Outlook. Kicked my remote app session, and logged off. I relaunched the Published app DAX and when the PDF spawned Adobe was able to detect the Outlook profile.

RDP Server is WS2012 Datacenter

Hi,

I have received a question from a customer that I can't seem to find an answer to.

The customer is currently running af PoC on a new RDS 2016. All Windows 10 (v1709 or 1803) endpoints. They are using the RemoteApp and Desktop Connections client to present shortcuts to various RemoteApps in the users Start Menu on the Windows 10 endpoint.

Is it possible to change the name of these shortcuts? More specifically remove the appended RDS workspace name from the RemoteApp shotcut.

Odd issue here that I don't think is really causing any issues, but would like to figure out what's going on.  I've got a DC and a TS that are on separate domains, no trust between the two, not a child/parent domain. 

Domain controller - Win2k8R2, company.com domain, IP address 192.168.105.10

Terminal Server - Win2k8R2, production.com domain, IP addresses 192.168.0.8 (production network 1), 10.5.0.8 (production network 2), 192.168.105.142 (office/company.com domain network).  Three separate NICs.

Every night at about 2:00 AM, the TS generates 6 errors:

1:58:26 AM - Event ID 56, TermDD,  The Terminal Server security layer detected an error in the protocol stream and has disconnected the client:  Client IP: 192.168.105.10

1:58:26 AM - Event ID 56 again, same as previous message

1:59:35 AM - Event ID 36888, Schannel, The following fatal alert was generated: 10.  The internal error state is 1203.

1:59:42 AM - Event ID 36888 again, same as previous message

1:59:57 AM - Event ID 36888 again, same as previous message

1:59:57 AM - Event ID 56 again, same as first two messages

I'm less concerned with the errors themselves vs. how they're being generated.  Nobody is using the DC to connect to the TS.  What is the DC doing?  Why/how is it trying to connect to a machine that's not even on the same domain?  I can't find any correlating Event Log entries on the DC to explain what it's doing.  There are no scheduled tasks, backups, etc. running or scheduled to be run at that time.

Thanks in advance.

Getting Local Security Authority cannot be contacted when trying to RDP to server part of domain trust.

I have two separate domains (domain A and domain B)

I went through Microsoft best practices for setting up one way domain trust. When I open active directory in domain B I can add users/groups from domain A with no issue. I created a security group in domain B that contains users from domain A. I then added that security group to the local administrators group of a server in domain B, so those users could RDP to the server from domain A.

When I try to RDP to the server in domain I receive error “The Local Security Authority cannot be contacted"

Its not a permissions issue that I am sure of.  I did follow best practices for seeing up domain trust, and on the surface the trust looks to be configured successfully as I can add users / groups from domain A in active directory of domain B. I am just not sure what is being missed.

Any thoughts or suggestion would be appreciated.