Hi,

We have two AD forests and I'm moving users from one domain to another. Domain A have 100 users and two terminal servers 2012 r2 (TSSRVR1 is session host, connection broker, RD web, license server and TSSRVR2 is session host only). I have migrated all users to new Domain B using ADMT, so they keep the same passwords. Now I am really confused what is the best way to move terminal servers to new domain, should I just disjoin and join to new domain or should I use ADMT to migrate them? what is the good working approach?

I did try to test migrating them in my lab using ADMT and when I open TSSRVR1 I get error following servers (TSSRVR1.DomainA, TSSRVR2.DomainA) are not part of deployment and add them into server pool. Which means rds deployment still searching for servers on old domain, I added TS servers from new domain using Add Servers but no luck.

Before I do migration in production, I really need to know if disjoin and re-join is better than ADMT? If I go with this approach what are steps involved to make TS servers functional again?

There are no profiles to migrate or to worry about, they will have new profiles from Domain B because they only use one published app on terminal servers.

Thank you and your expert help will be highly appreciated.

Hi All

This is a request for pearls of wisdom from anyone who has migrated a Windows 2012 TS RDS environment from internally hosted, dedicated infrastructure to a shared cloud in a datacentre.

We have bravely made the leap but are now experiencing VHD disconnect/unavailable issues as well as severe lag for all users. These issues happen regularly during the least active hours so we suspect it is to do with jobs running in the background. Since everything was working fine before the migration it seems likely these issues are occurring at layer 4 or below.

Without going into too much detail, has anybody experienced this type of behaviour from an RDS migration before?

Thanks

Roley

Hi all, our Windows 2012R2 RDS system was just handed over to me to support. With little knowledge I was tasked with setting up the following and am wondering if this even possible.

Task: Set up a Windows7 32bit session host so that some very old software can be loaded on it and it would be accessed by only one person. The user is working remotely and can only get to an internet accessible RDS gateway that would provide access to the Windows 7 Session Host inside our network.

The windows7 Hyper-V virtual machine was created and then I get on our Windows 2012R2 server where RDS is managed and I open up Server Manager and add the new Windows7 PC. The Server Manager shows a Manageability status of "Online - Cannot manage a client-based operating system'.

Can I still add this Windows 7 vm as a Session Host in RDS? Is Windows 7 even a supported operating system to function as an RDS Session Host? Can I create a session collection such that the win7 session host will be used for Remote Desktop sessions?

Any feedback will help me understand RDS better and would be much appreciated.

Dear concern,

I am using 200 RDS Device CALs. I am using 2 RDS server in workgroup environment. I installed RDS host and licensing role in my one server and installed 200 RDS CALs in this server. Also installed RDS host role in another server and map of the first one server as it's licensing server via local policy. Users randomly connect to these two server via Remote Desktop. Licensing server shown the 200 device CAL in console but when user connect to RDS server via thin client (non Microsoft endpoint) they can establish connection only for one hour and got a warning message"There is a problem with your license for Remote Desktop and the session will end in 60 minutes. Contact your system administrator to resolve this issue"then user forcibly disconnected. I had seen two things that RDS server didn't assign temporary license for thin client user and RDS license not count down, it fixed on 200.

Please response me ASAP.

Thanks,

Babu

Babu

I'm having problems with one Username, I get this error in Event Viewer:

Windows could not load your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you log off. Windows could not load your profile because a server copy of the profile folder already exists that does not have the correct security. Either the current user or the Administrators group must be the owner of the folder.

1. The profile path exists: \\ts-srv\Profiles$\Username

2. The folder Username.V2 exists too.

3. The user has Full access Username folder.

What I did once is gave full rigths to Administrators for the Username.V2 folder, I wanted to see something and I did not have access so I've change the permission.

How to fix this issue ?

Thank you.

Dear Microsoft,

We are getting error on rdp services and in task bar users there are User4 Disconnected cant log off.

The task you are trying to do can't be completed because remote desktop services is currently busy. Please try again in a few minutes. Other users should still be able to log on.

Please help on this support.

Hello everybody,

We got a problem in our company about strategy group to mount printers for users in RDS 2012 R2.

We need to set printers for user. We use Security Group for this. The user belongs to a security group, and in the strategy group, we configure a printer for a security group (with common targeting).

So we add a user to a group like that he gets printers. The user log in to the RDS, and he sees the good printers.

The problem is, when we remove the user from the security group, printers stay in the session.

In the RDS, we use roaming profile, and I think the problem come from here. When we delete the profile on the file server, to get a new one, the user does not have anymore the printer.

I also tried to create a GPO to delete all shared printers in order 1, before to mount the printers. This is working the first time, but after this, when you add the user to a group, and remove him again, he also sees the printer.

It's a big problem, because a user which doesn't belong anymore to a security group, can use the printer.

Please, could you help me to solve this problem ?

Thanks by advance

Hello!

We have two Connection Broker servers using DNS round robin. Yesterday i saw that our RD host servers have alot of Audit Failure events (4625) in the Security log.

It looks like our CB servers are trying to logon with it's computer account to the RD Host. This happend multiple times per day and when it does it's looks like it's spamming login attempts, up to 10 times per second. Please take a look at the following look example:

Any suggestions?

Kind Regards,

Anthon

Hi All

We are encountering a rather strange issue on a few of our VMs. We are running a Hyper-V environment on 30 physical hosts. The hosts are made up of 4 different models, from 2 different manufacturers (Dell and Cisco). All our VMs are Server 2008 R2, 2012 R2 or 2016. They are either Enterprise or Datacentre edition and full desktop installs, nothing running core edition. We run Symantec Endpoint Protection on all physical and virtual servers.

The issues we are having seem to manifest themselves in 2 main ways, although both seem to be connected. The first thing we notice is issues with resource redirection. We run an RDS environment for clients. With some of the VMs, the clients are unable to see their locally connected printers. On some of these machines, restarting the spooler seems to sort this. On the rest, a full server reboot is required. Following the reboot, it seems to work fine for that day, then it drops off again requiring another reboot. No errors or warnings in the event logs. It just doesn’t seem to work. We tested the drive redirection, and this also seems to drop off when the printers fail to connect. However, if the printers failing to work is fixed by the restarting of the spooler alone, the drive redirection is not affected and always stays working. This seems to happen on all 3 releases of Windows Server. It happens on different physical hosts from different manufacturers and ranging from 4-year-old hosts to 2-month-old hosts.

The other issues we have noticed is in the Server Manager. When you select the All Servers tab, you get a box in the middle showing the list of the servers that are online or offline, and deeper details if its online but cannot talk. Some servers seem to show up as “Online – Cannot get role and feature data”. These servers we cannot manage properly remotely or indeed locally for things such as RDS Broker that requires the Server Manager. We are unable to change any of the roles or features, to remove or add new ones. We are unable to install or uninstall any applications or Windows Updates. We are also unable to access Disk Management, the VDS being unavailable. We reboot the affected server and that will bring it back online, but the issue will come back, it may be an hour, or it may be a few days.

I have taken copies of VMs that are struggling and removed the AV, and removed all updates installed in the last month. The issue persisted. What is interesting, I took another copy of the same VM and popped it into an isolated network (Private Network) and it didn’t seem to be affected by the issue. I am running this test again and will update this with the results to confirm, but that does seem to be hugely out of the pattern, purely by isolating it. Now this may be due to another VM causing issues, or a lack of WAN access but I am pretty much out of ideas. I have tried as many iterations of this as I can think of, removed and tried various versions of it. I cannot see what is causing this. It seemed to start badly 3-4 weeks ago. It is not affecting all servers, and it is affecting different clients with their environments ranging from Workgroups to Domains, each client having their own space on the hosts. However, the network is one large subnet, so it is possible that something is passing across the LAN. As I say, I have tried everything that I normally would and done lots of digging online and found nothing.

Many Thanks

James

Hi Everyone,

I have been working on a problem with our single RDS server for a while now and hope some of u are able to help me out. (just remote app, no desktop sessions)

Alot of users are reporting that their sessions are getting stuck/frozen and need to reopen the application from the RDweb/RDP file to continue working. I saw that once a user experienced this i could take over the session with shadowing and permission could be given from the user while the session is frozen. So i'm guessing it has to be something about the graphics? There is no black screen however. Just a still image of the last frame. If i take over i can move it around and do stuf but stil not visible to the user.

The problem usually starts when they lock their workstation and come back from a short break 5/15 minutes later. Unlocking the workplace would then show the stuck session. Idle times and disconnection times are not to worry about. All above 6+ hours.

I could post lots of logs. But if u would like to see any in specific i would post them.

Specifications:

• Windows server 2016 with latest updates from March. (KB4489889) & (KB4485447)
• All roles are on one server. Broker, Gateway, Session host, RDWEB
• Licening is on another server. And shows no problems with diagnoser. (Just to be sure)
• Clients work on windows 10 1803. RDP version is: 10.5 using HP thin clients.
• 80+ users in terminal.
• It's a fysical server with enough space, memmory and CPU. Speed 10gb.
• The problem usualy happens once a day er person. Good weeks show only once a few days

Hello,

On my remote desktop server, I have an app that my users can access on their computers as a remote apps. I have a user that have dual monitor on his computer and he cannot move the app from his main monitor to the second one.

Any help from you would be appreciated.

Thanks in advance.

P Jacques

Hello

Can a Windows Server 2012 (R2) sessionhost be added to a Windows Server 2019 Gateway, and is this supported?

The Microsoft documentation has not yet been updated for Server 2019.
(https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/rds-supported-config)

I would like to migrate existing SH's to a newer Gateway to make use of a broader set of security ciphers.

Kind Regards

D.

Hi guys,

On a random base (daily, weekly) we're experiencing major log-in problems on our Windows Server 2012 R2 Remote Desktop Services farm. The VM's are hosted on Hyper-V 2008 hosts and we're not using Citrix techniques etc.

Users are reporting that they cannot log-in, the log-in sessions hangs with a blank screen when loading their user profile (e.g. Please Wait For The User Profile Service).

In the System event log of the server on which the user is logging on the following errors are shown:

Source:        Service Control Manager 
Date:          23-12-2014 7:28:01
Event ID:      7011 
Task Category: None 
Level:         Error
Keywords:      Classic
User:          N/A 
Description: 

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UmRdpService service.

…and after 30 (or sometimes 60) seconds, the same error only another service (in random order):

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UmRdpService service.

…and after exactly 30 seconds, the same error only another service:

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UxmSms service.

etcetera, with the following errors:

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndPointBuilder service.

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WPDBusEnum service.

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.

The Portable Device Enumerator Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UmRdpService service.

These errors are logged continuously.

An administrator cannot solve this since he isn't able to login in as well (console or remotely), only a hard reset of the VM is possible to use the affected server again.

I took different steps to solve this problem without any success, like:

- Installing the latest Windows updates
- Removed unnecessary printer drivers, print monitors and print processors (no local printers/drivers are installed, only Remote Desktop Easy Printer driver is used)
- Searched different forum posts, but found only hotfixes for Windows Server 2008 R2.

Can someone please help me with this annoying problem?

Many thanks!!

EDIT:
Of course is increasing the time-out not really an option here... http://social.technet.microsoft.com/wiki/contents/articles/13765.event-id-7011-service-timeout.aspx

I'm looking an email hosting environment that wants to expand to also offer RDS to the existing email customers.  There is an existing AD environment already.  Each customer already has their own UPN domain that distinguishes them from each other customer. Theoretically, each customer would have their own segmented subnet that would contain an RD Session Host and file/application server that is managed by a central set of redundant RD Gateway and Connection Broker servers.  Group policies for things like folder redirection and computer lock down policies would have to work.  Of course no access from the individual customer subnets directly to the existing AD domain servers with all the user accounts would be wanted.  I can not decide if making a subdomain of the existing user accounts domain and joining customer servers to the subdomain or setting up a resource and authentication forest set up would be best.

Any input would be greatly appreciated.

Hello Team,

I have the below issue:

Here is my RDS environment:

I have only one server 2012 R2 standard with the below roles installed 

• RD connection broker,
• RDSH,
• RD Licensing and
• RD web access

I have published few remote apps and I was able to access them using RD web feed till yesterday. 

Example :https://contoso.com/RDWeb/Feed/webfeed.aspx

I do have installed the SSL certificate on my server and provided the same to RD web. 

But today while I use the same url to access the remote apps I get the below error message 

"The remote computer cannot be authenticated due to problems with its security certificate. security certificate problems might indicate an attempt to fool you or intercept any data you send to the remote computer"

Error code - 0x80072f8f,0x20

Now I can only access the remote apps through RD web access ( https://FQDN/RDWeb)

Please help me in fixing this issue. 

Any help would be much appreciated.

Thanks

SM

Hello,

We've search several solutions over the network but in our enviroment nothing helps.

in the company we have a problem with freezing RDS Hosts. Usually looks like:

- Someone is calling to us end tell that some software is crashed and he cannot run it again / Cannot logout/login.

At First we thought that is a software problem (very often we saw that excel has 100% cpu), we've update office 365.

at the Begining of the creash we see error in event log:

"A timeout was reached (30000 milliseconds) while waiting for the ServiceName service to connect."

Usually it stars with UmRdpService but we recieve it in several another services.

What's more we found strange behavior during this problem - we see that number of active sessions is going down... but total session are growing very fast (example we have 20 sessions on the host, total session ~30, during our crash we have 5 active session but 100 total sessions).

During this crash we usually cannot log into domain accounts, very often we cannot log in local account.

We tried to reset services, disable priter redirection, try to update OS system with Office 365 - no luck.

What's more in the event log we have many errors like:

-20499 "Remote Desktop Services has taken too long to load the user configuration from server \\XXXXXXXXXXXX for user XXXXX

-1152 "Failed to create KVP sessions string. Error Code 0x8007007A"

I have an odd issue whereby I have configured an RDS Collection (1 CB/Gaetweay/RDWeb and 3 RDS Session Hosts) where when a user connects and uses Webcam Redirection, it works perfectly for admins, but non privileged users even though the device is passed through, it doesn't work in any app.

I have used GPO to force enabled the camera redirection feature and force enable the camera for all apps too.

In the Camera settings app, everything is set to On as forced by organisation.

The camera is detected and availible to apps, the Windows Camera Frame Server service starts when the user attempts to load the camera in any app, but nothing is displayed and the camera doesn't kick in.

I have users wanting to use Teams inside the RDS (company policy allows only for company stuff to be inside the RDS) and cannot get them access other than granting Admin rights!

Any ideas?

Hi Folks,

I was testing out the solution provided by MS in one artciles to configure RDGW/WEb access server behind Azure LB but was confused with step3.https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/rds-rdweb-gateway-ha

ManeeshB