Quantcast
Channel: Remote Desktop Services (Terminal Services) forum
Viewing all 21489 articles
Browse latest View live

Firewall ports for Remote Desktop Services deployment

March 19, 2018, 10:22 am
$
0
0

Hi guys,

I have a Microsoft Remote Desktop Services deployment in my company that is now configured, however I am still struggling with the firewall ports to open, and there seems to be no documentation on the web talking about it. (At least no up-to-date documentation)

My servers are all running on Windows Server 2016 Datacenter, and my clients are on Windows 10 Professional.

I have a server that acts as the Web Access, Licensing and Broker server (Let's call it RDWLB), another server that acts as the AD DC (Let's call it DC), and another as the RD session host. (Let's call it RDSH) NLA authentication is also enforced.

I have checked this link: https://social.technet.microsoft.com/wiki/contents/articles/16164.rds-2012-which-ports-are-used-during-deployment.aspx but not all ports I monitored are mentioned here.

Here are the ports I have identified as potentially being used when a client tries to login to a remote desktop. (X -> Y : TCP 123 means that the host X sends a packet to host Y on port 123)

RDWLB -> RDSH : TCP 135, 1317, 1322, 1535, 1537

            -> DC : TCP 88, 135 & UDP 53, 389

Client -> RDSH : TCP 3389 & UDP 3389

         -> RDWLB : TCP 3389 & UDP 3389

         -> DC : TCP 88 & UDP 53, 389

DC -> RDSH : TCP 1025, 1036to1039, 1041to1046, 3035

RDSH -> DC : TCP 88, 389, 3389 & UDP 53, 389, 3389

I am OK with the ports not in bold, but would someone please be able to explain to me what the ports in bold are?

If I block some of them, it slows down the connection process, in particular the 1535 & 1537 ones, where it gets stuck on "Securing Remote Connection..." for some time.

Thanks in advance!

Search

High mouse delay between RDPSession and RDPVierer

March 30, 2019, 9:22 pm
$
0
0

hi,

I want to share a fix rectangle area of my desktop(sharer) to my viewer, and the viewer can control(mouse and keyboard) this fixed shared area. i have finished it by using RDPSession an RDPViewer, that is supplied by AxInterop.RDPCOMAPILib. 

But, when the viewer try to control the sharer, the delay of operations(both mouse and keyboard) is very high. when i try to use mstc.exe to do this directly,  no delay of operations.

1、How can i fix the high delay of operation by using RDPSession or RDPViewer? 

2、If the delay between the RDPSession and RDPViewer can't be reduce, is there some other way to share and control a fix rectangle area of my desktop?

the following is my code:

        private void shareButton_Click(object sender, EventArgs e)
        {
            Rectangle rect = Screen.GetBounds(this);
            m_rdpSession = new RDPSession();
            m_rdpSession.OnAttendeeConnected += m_rdpSession_OnAttendeeConnected;

            Rectangle shareArea = new Rectangle(axRDPViewer1.Location.X, axRDPViewer1.Location.Y, axRDPViewer1.ClientRectangle.Width, axRDPViewer1.ClientRectangle.Height);
            m_rdpSession.SetDesktopSharedRect(shareArea.Left, shareArea.Top, shareArea.Right, shareArea.Bottom);
            m_rdpSession.Open();

            IRDPSRAPIInvitation invitation = m_rdpSession.Invitations.CreateInvitation("baseAuth", "groupName", "", 64); 
            textBox2.Text = invitation.ConnectionString;
        }

        void m_rdpSession_OnAttendeeConnected(object pAttendee)
        {
            //viewer can contorl sharing area
            IRDPSRAPIAttendee att = pAttendee as IRDPSRAPIAttendee;
            att.ControlLevel = CTRL_LEVEL.CTRL_LEVEL_INTERACTIVE;
        }

and the viewer:

        private void button1_Click(object sender, EventArgs e)
        {
            axRDPViewer1.Connect(textBox1.Text.Trim(), Environment.UserName, "");
        }

How to active RDS user cal - Win SRV2016

March 28, 2019, 3:02 am
$
0
0

Hi guys,

I bought MS license WinSRV2019  with User CAL x8; RDS User Cal x4and I installed WinSRV2016.

after installed and Activated window, I checked on the RD Licensing manager -> the total license of RDS per User Cal still appear "0".

so that please help how to activate RDS service to appear as I bought- 4 x RDS User Cal.


Many Thanks


Cumulative Updates breaks RDP since November.

March 11, 2019, 5:04 am
$
0
0

We have an RDS server (2016).  Since November or October, every cumulative update (well until Jan, haven't applied latest yet), breaks RDP. We can connect to the gateway fine, but accessing the RD desktop just fails with a warning about not being able to connect.  If I uninstall the Cumulative update, then all works again.

Event log shows hundreds of Schannel events (A fatal error occurred while creating a TLS client credential. The internal error state is 10013.)  The remote desktop management service fails to start and the server manager shows this issue:

the server pool does not match the rd connection broker that are in it. errors

Any ideas on how to fix?

 

RDS USER CALS

March 11, 2019, 7:42 am
$
0
0

Hi,

I would want to install RDS Licences User CALs for a windows server 2012 r2. 

Is it a must to have Active Directory to effect this or I can  install without the need for the AD?

Much appreciate the assistance/advise.

2012 Server RDSWEB - Certificate mismatch error

March 12, 2019, 11:13 pm
$
0
0

I've seen this error discussed, but need little more detail. I want to understand how to create RDS Farms with correct initial settings to avoid this.

When clicking on a Remote Desktop Icon for a remote collection (Sage_Sales). I enter my credentials and see this dialog.

Then I see this warning about the certificate mismatch.

Then I see this error if I click [Yes]

Can someone explain why each dialog/error is displayed?

I want to be able to look back at this thread, and correct my configurations.

Regards

2012 RDS Collections and Domain Groups

March 13, 2019, 12:21 am
$
0
0

I have an rds farm with three rds_host servers. I have defined three domain user groups for sage_sales, sage_admin and sage_outside.

I have three collections pointing to the three rds host servers; sage_sales, sage_admin and sage_outside.

In my tests:

When I setup a user Joe in the Domain user manager, and make him a member of the sage_admin group, he can log into the RDWEB portal by entering his domain.user/password and clicking sign in. He is presented with the collection icon as shown below.

Clicking on the Sage_Admin icon takes the user to a successful remote session on the correct rds host configured for sage_admin users.

When my test user Joe is a member of two groups (sales_group and admin_group), he is presented with two collection icons after signing into the rdweb portal as shown below:

However Joe can only connect using the Sage_Admin icon. When clicking the Sage_Sales icon, the following error dialog is displayed.

What is happening here? I can't find any difference in the group rights.

Does the Set Primary Group in the Domain User settings effect which icons are available in an rdweb session?

Comments on these configuration options would help. What a battle!!

The logon attempt failed when connecting to multiple RDP sessions

March 13, 2019, 8:48 am
$
0
0

Whenever I connect to more than one RDP session that is through a gateway, some of them will not allow me to log on.  I get the error "The logon attempt failed" and that is all.  If I disconnect from some of the other sessions and reboot my computer, I can then connect to the server that was given me said error.

I can also connect to the server giving me said error without closing down other sessions or rebooting by connecting through a Hyper-V virtual machine on my computer. 

None of this makes any sense.  Has anyone else seen this behavior?

James

Search

Auto logon and run Remote App

March 13, 2019, 11:04 am
$
0
0

I am looking for a way to allow domain users click the .rdp file and it can auto automatically logon the remote desktop server and run remote app with their AD credential. I currently published the remote app and downloaded the remote app .rdp file to the workstation. But it still requires users to type username and password to logon, then the remote app run.

Thanks,

Hanson

UAC page wont shown to admin to enter credentials

March 14, 2019, 1:26 am
$
0
0
Hi. I configured BitLocker on my host machines. It worked perfectly. But some users forget their password .So I have to reset it using recovery key. When windows open ,now it is time to change pin. I connected to remotely to host using MSRA(remote connection software) and clicked  "Reset a forgotten pin" UAC opens to enter admin credentials. I see nothing only black screen but my host sees that UAC opend and require admin credentials. Could you please tell me how could I see same UAC page that host sees. Without seeing that page I coudnt enter admin and password.It is so urgent please help me to solve this issue.

RDWeb shortcut not working

March 18, 2019, 4:33 am
$
0
0

We recently setup a Windows 2016 RDS collection. This consists of the following servers:

 - Server 1 (RDS Broker, RDS Licensing)
 - Server 2 (RDSH)
 - Server 3 (RDSH)
 - Server 4 (RDS Web Access & RDS Gateway) (server 4 is located in our dmz)

We have an external dns record "apps.somedomain.co.uk" which points to server 4. 
We have an internal dns record "rds.somedomain.local" which points to server 1.

We can successfully browse and log into https://apps.somedomain.co.uk\rdweb, however, when we attempt to connect to the RDSH farm, using the RDP shortcut within the RDWeb portal, it attempts to log us directly onto the gateway/web access server (server 4) rather than query the broker and direct the session onto one of the RDSH servers!

Internally, if we RDP to rds.somedomain.local we are successfully redirected to one of the RDSH servers and we can see user session are being load balanced.

We have deleted and recreated the rds collection but we get the same issue. Below is a screen shot of what we see when using the RDP shortcut within the RDWeb portal. It appears both the 'remote computer' and the 'gateway' are pointing to the same dns record which resolves to the gateway/web access servers. How can we update the collection settings so the RDP shortcut has the correct dns address for both remote computer (ie: rds.somedomain.local) and gateway server (apps.somedomain.co.uk)?



Hide integrated Apps from start menu list

March 18, 2019, 6:56 am
$
0
0

Hello everybody,

I'm planning to install a new RDS farm with Server 2019. I'm customizing everything I need, but got stuck at the start menu.
How can I hide/remove the integrated Apps from start menu like Settings, Search and Windows-Security.
I'm ok with Settings and Search, but Windows-Security must be hidden before I can deploy this new farm.

Thanks for your help.

Diagnoser shows Host Server Version Server 2016 When Running 2019

March 19, 2019, 12:30 pm
$
0
0

When I originally Activated the server licensing via Licenses Wizard using our schools Enrollment ID I may have used an older Enrollment ID number.

I think maybe that was the issue. All I know is when I when into the RD licensing Diagnoser it showed that the Remote Desktop Version Host Server Version is:  Windows Server 2016.

... AND I AM RUNNING WINDOWS 2019 ...

After trying everything i know DE-activating, then re-activating with a more current Enrollment ID for our high school. Did not change anything.

So, removed ALL the remote desktop services and then reinstalled and reactivated. Still did nothing to change the information in the Diagnoser.

The information still shows in the Diagnoser:  Windows Server 2016

HOW CAN I GET RID OF THIS PROBLEM? 

Thanks,

Dave


Remove users from Remote Desktop users

March 21, 2019, 12:22 am
$
0
0

hi

for past months , every time we created a new PC we added some users in the Remote desktop users ( including user himself ) , now we have a new security policy that avoid the user to be in RDU list , how can i remove the users and keep others through GP ? i know how to add , but remove its not work for me.

in simple word i need to create policy , and put name in it , then deploy that policy to over wright the current names.

Osma Othman

RDS farm and HP Thin Cients

March 21, 2019, 1:32 pm
$
0
0

Hi we have a mix of new and old HP thin clients. 

I have 2 RDS session Hosts (server 2016) and one of them is the Broker. 

Some of the thin clients do not have a setting for broker address or load balance URL 

should i just use DNS round robin to load balance between the 2 hosts ?

I would like to use User Profile Disks. - Is this supported with DNS round robin?


Search

RDP to Azure AD joined computer

March 24, 2019, 1:05 pm
$
0
0

I am trying to connect to a remote computer that is Azure AD joined. Both the client and host computer are running Windows 10 version 1809. Currently I am connecting without NLA to be able to authentication myself, but I would like to connect with NLA.

According to this article: https://docs.microsoft.com/en-us/windows/client-management/connect-to-remote-aadj-pc this should be possible, providing you use the username format "AzureAD\JeroenDeWit" to connect. However, this results in an error stating "Your credential did not work. Remote machine is AAD joined. If you are signing in to you work account, try using your work email address." I can't post a screenshot because my account is not verified yet.

Other guides like https://cloudbuilder.io/documentation/Windows10Pro-RDP-AzureADJoined/ also suggest authenticating without NLA.

Am I doing something wrong or is Microsoft doing something wrong? :)

User printing settings not saved on RDS services 2016

March 24, 2019, 2:08 pm
$
0
0

Hi All,

We have a RDS farm with 2 RDS Hosts and 1 RDS Broker, the user profiles saved on a shared folder.  we installed a print server on both RDS Hosts.

Everything works fine until when users tried to edit a xerox workcentre 5945 settings (set print password, print on one side ..).

we found that the settings not saved after print process lunch and everytime user must change the settings.

im trying to fix it, thanks for your help.


RDS 2016 - Disabling TLS v1.0

March 25, 2019, 8:53 am
$
0
0

We have the following RDS 2016 configuration:

Server 1 - RDC Broker 
Server 2 - RDSH 
Server 3 - RDSH
Server 4 - RD Web Access & RD Gateway (sits in a DMZ)

To comply with PCI standards we would like to disable TLS v1.0 on our internet facing servers (ie: Server 4). If we disable TLS1.0, either manually through regedit or by using IIS Crypto, the shortcut within RD Web Access no longer works.

Has anyone managed to successfully disable TLS1.0 on their RD Web Access/RD Gateway server without breaking it? Any documention or guides on how to achieve this?

Black Screen after login to Server 2012 via RDP or VMWare console

March 26, 2019, 2:07 am
$
0
0

Hi Guys,

From last 3 months i am having issue with my Windows Server 2012, that after login it (RDP or VMWare Console), screen goes black with a cursor. I tried use Alt+Ctrl+End trick to get the task manager but that is also not appearing. I am using vSphere Client version 6.

Also i want to add, that if i login to Safe mode, i can see the display. (No issues)

Many Thanks.

Areeb Hassan


RDS 2016 Documentation

March 8, 2019, 5:49 am
$
0
0

Hello!

I am looking for explicit information about Disconnect option in Remote Desktop Services for Windows Server 2016.

Til now, I not found an official Microsoft doc talking about whats is the correct group that allow the non-admin group to disconnect an user for RDS Windows Server 2016. Could someone help me?

“Vote As Helpful” and/or “Mark As Answered” - MCSA - MCSE - http://www.ucsteps.com/

Viewing all 21489 articles
Browse latest View live
Search