Quantcast
Channel: Remote Desktop Services (Terminal Services) forum
Viewing all 21489 articles
Browse latest View live

Server Self Certificate not renewing and possibly stopping RDS working

May 11, 2019, 7:34 am
$
0
0

I am having issues with RDS 2016, I have just renewed the SSL certificate and imported in but it is erroring out saying

Your session ended because of an unexpected server authentication certificate was received from the remote pc

I have confirmed the new SSL certificate is correct and working, I have checked the local certificate store under personal and noticed the local server has expired and it will not let me renew it, it gives me an error of no certificate templates available.

Can anyone assist?

Regards

MattRose

Search

RDS 2012R2 Issue

April 29, 2019, 6:55 am
$
0
0

1.We have installed RDS (RDCB, RDSH, RDWeb) on one host. RDS service is working well without any errors. But if we open Server Manager->RDS we're getting "A Remote Desktop Services deployment does not exist in the server pool.
To create a deployment, run the Add Roles and Features Wizard and select the Remote Desktop Services installation option."

2. We get the same error after Get-RDServer - "The RD Connection Broker server is not available"

3. If we add Roles-> RDS Installation, the next error - "could not retrieve the deployment information from the rd connection broker"

4. If we add this server to Server Manager on another host we receive - "Kerberos Security Issue". All hosts was added to Trusted.

All RDS services are running (including WID). ServerManager and Posh running by Administrator.

How to resolve it?

Adding another icon/ rdp shortcut to the RDWEB Page

May 7, 2019, 5:13 am
$
0
0

Hi,

I have set up a Windows Server 2016 RDS environment which is as follows:

1 RD Gateway Server (RDGW1)

1 RD Web Server (RDWeb1)

5 RD Session Hosts (RDS1 to 5)

1 RD Broker (RDBroker1) - also does licensing.

gateway url is: gateway.domain.com which points internally and externally to the RDGW1 server.

The RD gateway and RD Web servers are in the DMZ.

We now want to implement Azure MFA using the NPS Extension as described here: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension-rdg  

To minimize impact, I set up another Gateway server in the DMZ called RDGW2, along with an NPS server in the LAN (NPS1). Following the documentation linked to above, I was able to successfully set this up.

To test, I have downloaded the RDP icon from the RDWeb page and edited it to direct via RDGW2 rather than RDGW1. I also created an External DNS entry for gateway2.domain.com pointing to the WAN IP for RDGW2.  This works fine from outside of the network and I get MFA prompts and can see connections going through RDGW2.

I now need to publish 2 RDP shortcuts. One would be using the old non MFA gateway (RDGW1)  - this is already there. The second would be the edited RDP Shortcut that uses the new MFA configured Gateway (RDGW2).

Is there any way I can publish the second RDP icon? Perhaps by editing the relevant web page or locating where the original icon is located? Publishing via RemoteApp is not an option. The reason for having both is to provide a transition environment and possible future DR environment (in case there are issues with Azure).

Thanks,

RemoteApp cant seem to write to Program Files (x86)

May 9, 2019, 1:30 am
$
0
0

I have a (old) ERP system setup as a RemoteApp.

When you go to spool invoices etc and display them, it goes to generate them, brings up WordPad but then comes up with the following message:


"\\ServerFQDN\c$\Program Files (x86)\Application Folder\Sub Folder\Filename.txt

Cannot find this file

Please verify the correct file name and path are given."

It has never written the file.

If I open WordPad as a RemoteApp and manually browse to that location I have full access and create and modify a file there so I dont believe its a permissions issue.

Any advice would be greatly appreciated.

Windows 2016 Terminal Server - Application Error in Explorer.exe

May 13, 2019, 4:02 am
$
0
0

I already posted this question in Server2016 section - they had no idea - but they suggested to try and find a solution at the RDS-Section

I have 3 Win2016 Terminal-Server - all show the same Problem:

Sometimes Windows Desktop is not responding - no Startmenu reaction, no right-click on taskbar. But i can double-click Desktop-Icons and the program starts. I also have this problem when i log on locally as admin.

In the Eventlog i get:

Information: The Desktop Window Manager has registered the session port.(EventID 9027)

followed by

Error: Application Error - EventID 1000

Faulting application name: explorer.exe, version: 10.0.14393.2879, time stamp: 0x5c89ec44
Faulting module name: ntdll.dll, version: 10.0.14393.2608, time stamp: 0x5bd133d4
Exception code: 0xc000041d
Fault offset: 0x000000000002138e
Faulting process id: 0xf51c
Faulting application start time: 0x01d505941f3bf9c4
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: f943abdf-c7c2-4b2e-9906-e5ea5e358841
Faulting package full name: 
Faulting package-relative application ID: 

The faulting module name changes between: ntdll.dll and user32.dll

I have no idea why this happens - hope you can help me

Thanks

Arnold

User is logged on to a temporary profile

April 23, 2019, 10:02 pm
$
0
0

Hi All, 

A virtual server (with Terminal Server role) based on Windows Server 2016 was upgraded several times in attempts to rectify the issue with users logging on to temp profiles. The number of connected users roughly 30-35.

It now has 20vCPUs and 72GB or RAM and at the moment CPU usage is about 30% and RAM usage is about 70%. This means the server is not running out of resources.

Now that I can exclude the resources related factor what else might be the root cause of this issue which recur literally every day?

Regards

RWW via a Mac or IOS

May 6, 2019, 5:23 pm
$
0
0

Hello support,

I have Windows 2012 R2 standard server as a RDS clients on it.  it runs an applications on it called ACT! and 7 users login to it to access the Act! program and their individual email outlook. There are three users that have Apple devices that use RDP client for Mac that access the server.  I want to close port 3389 and use Remote Web Access (via a ssl certificate) and using essential experience to access the server instead of RDP.  But when I go to browser (Safari) and put in the remote link.  https://remote.domain.com/remote,     I am able to log in and the remote client is downloaded and when I click on it, it wants to open it with an app and it cannot find and goes to App Store but all the programs there are greyed out or not available.  

The same process for iPad and iPhone. How can safely access the server?  I appreciate your help.

Jamshid  

USB visible to all

May 13, 2019, 8:07 am
$
0
0

We have a RDS user whose local USB drives are visible to all RDS users.  I am new to RDS and I would like to know where to change the USB settings?

Thank you,
Mike

Search

Configure RDP Client to initiate communication on port 443

May 13, 2019, 8:09 am
$
0
0

I have setup an 2016 RDS farm and I am trying access RDSH servers from outside the internal network through an RD Gateway server. I currently have it configured where users are directed to a WAP server (on port 443) in the DMZ that does pass through to the RD Gateway server (on port 443) on the internal network (The RD Gateway server also has the RD Web Access role on it). When I test connecting to an internal server through RD Gateway from a Win10 client on the internal network I can successfully RDP to an internal server. When I try to RDP from a Win10 client outside of the internal network through the RD Gateway nothing happens. I performed a wireshark capture from the WAP server and found that the external client never even gets to the WAP server. The internal client initiates the RDP communication on port 3389 to the WAP server and from WAP to RD Gateway on port 443, when initiating internally port 3389 is not blocked to WAP which is why it seems to work. I have configured the RDP client to use a gateway server address both internall and externally but the client keeps trying to initiate communication on port 3389.

My question is how do I configure the RDP client on a Win10 computer to initiate an RDP connection on port 443?

Maximizing apps in RDS session.

May 13, 2019, 9:02 am
$
0
0
We run an app using "alternative shell" in RDS on a Windows 2016 server.  When the user starts the app there is no desktop.  This app opens documents using Office 2016.  Our problem is that the office apps always start behind the main app making it hard to see that the open document function was successful. 

There is no desktop and thus shortcut to edit.  I've tried opening, maximizing, and then closing Excel/Word but they always open windowed and behind everything else.  I assume without Explorer running, there is no memory of last position?  I've looked for command line options to force Word/Excel maximized to no avail.  My only workaround is to use alt-PageUp to bring them to the foreground.  That is more of a band-aid than a solution.

Is there any way for apps started by another app in an RDS session to start maximized?  

Albion

Ongoing cert mismatch error with RDS & Webclient on Server 2019

May 13, 2019, 10:37 am
$
0
0

Scenario....

Single server hosting all roles, RD Connection Broker, RD Session host, RD Gateway, RD Licensing, RD WebAccess.

All webclient pieces installed without error.

Cert is official SHA2 cert from InCommon. The cert has been imported into IIS. In the Deployment Properties, Under "Certificates", the cert is showing as "Trusted" and "OK" for all role services.

In the RD Gateway Manager mmc, on the SSL Certificate tab for the server properties, the cert is showing the certificate from InCommon as being installed. 

Problem....

The error is reproducible on Chrome or the new IE Dev (chromium) browser. I navigate to the page secured with SSL. I successfully authenticate. I select the calculator app. It shows "Opening Port"...."Establishing Connection", then in the browser I get...

Oops, we couldn't connect to "Calculator"
Your session ended because an unexpected server authentication certificate was received from the remote PC. Ask your admin or tech support for help.
Certificate information:
Server Name: myserver name blah blah blah.

The thumbprint is showing the same as the cert I have installed.

If I run a browser in dev mode....I can see the error as...

2019-05-13T17:22:25.555Z Connection(ERR): The connection generated an internal exception with disconnect code=CertMismatch(7), extended code=<null>, reason=The cert from the remote server did not match the expected certificate (length mismatch).
Thrown in thread 396952 at:
tls/ossltransport.cpp(511)
Call Stack:
at Rjb
at Ojb
at Ip
at Vgd

Where is the mismatch error coming from? I have read so many articles on this and have re-installed the server so many times, I can't figure out for the life of me what I am doing wrong.

Please help!

I'm Micahel

Azure RDS HTML5 Web Client Unable to Access Gateway

May 3, 2019, 3:49 pm
$
0
0

We have a RDS (Remote Desktop Services) deployment, and recently went through the process of installing the HTML5 web client as per the directions at:

https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/remote-desktop-web-client-admin

Our deployment is hosted on domain A, which has an active directory instance. There is also domain B with its own active directory instance, there is a two way trust between the two.

The problem we are having is that the traditional RD Web Access works fine for all users, but when users from domain B log on to the HTML 5 web client and try to open an app they get a message "We couldn't connect to the gateway because of an error". At the same time the browser console shows the following error:

Connection(ERR): The connection generated an internal exception with disconnect code=GatewayProtocolError(52), extended code=, reason=Gateway tunnel authorization failed with error code=2147965403

During troubleshooting we’ve tried:

  • Verified that required ports are opened.
  • Disabling all firewalls between gateways, brokers, and session hosts – same error.
  • Re-applied the publicly trusted cert to the HTML5 client (via Import-RDWebClientBrokerCert) – same error
  • Verified that the proper cert was bound to the HTML5 client – same error.
  • Enabled NTLM by setting the GPO: Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> Network Security: Restrict NTLM: NTLM Authentication in this domain. To “Disable” (within same domain as RDP) – same error.
  • Ran regsvr32 wksprtps.dll (dll was already registered, but tried it anyway)
  • Verified that the required KB4025334 from July of last year was installed or not necessary (OS was up to date)

Any ideas on other areas we can look at?

Local printer only prints intermittently through remote desktop

May 10, 2019, 9:39 am
$
0
0

Hi,

We have a very odd issue with our RD setup, and I have searched high and low for a solution, but no luck so far.

So, here's the problem.

We have a local domain with a local server running win server 2016, 5 workstations with win 10 pro and a shared network printer. Locally everything works fine and as expected. Every user also have a remote desktop into an off site server running win server 2012 to access a specific application.

Printing to our locally shared network printer through this RD session works fine sometimes, and sometimes nothing happens at all. Sometimes restarting RD helps, sometimes not. Sometimes restarting the local workstation helps, sometimes not...

The same thing happens even if we set the workstations up with locally installed printer drivers, and not run it through our local print server.

What gives me the headache is that it sometimes work, and sometimes not. There doesn't seem to be any particular pattern either. It can work well for a whole week, and then fail 3 times in a day. All the users fail to print independent of each other, meaning that even if two users can't print, the other three still can...

 

I hope some of you may have an idea of what the underlying problem may be or where to start troubleshooting.

Thanks a lot!


Thomas

VPN to access Remote Desktop Services

May 8, 2019, 2:42 pm
$
0
0

Hello,

Which VPN software are you using to access Remote Desktop?

Many Thanks,

Using Remote Desktop Services instead Teamviewer

May 8, 2019, 2:41 pm
$
0
0

Hello,

I would like to access the server without Teamviewer. I`ve been told that we need to set up terminal services and that I need a licence. Are there any tutorial on this?

Many Thanks,

Search

Need to Move 2016 RDS Roles from one Server to Another

May 8, 2019, 1:33 pm
$
0
0

Have a functional Server 2016 RDS Deployment consisting of RD Web Access (not using), RD Gateway, RD Connection Broker, RD Session Host on TS-01, RD Licensing on DC-01, and a 2nd Session Host on TS-02.  There is one existing Collection serving up one RemoteApp program to both Session Hosts.

The TS-01 server needs to be redeployed from scratch due to an OS issue so I need to move the RD Web, RD Gateway, RD CB roles to the DC-01 server first, leaving the Session Host role in place on TS-01 for now.

I've seen articles about migration which I don't think apply here.  I do not want to enable HA on this since I know you can't go back to non-HA.  Can each role be deployed on the other server and then removed from the TS-01 server?  Or is this a deploy from scratch scenario?

cant launch remote app

May 8, 2019, 1:08 pm
$
0
0

Hello i have everything on single server 2016

rdweb, rd gateway, session host

i am forwarding 443 thru my firewall to my server

when i go to launch a remote app i get the following, working internally, just not externally.




Windows Server 2012 R2 Remote Desktop Services - RDP client gets black screen, System Event ID 4005, TerminalServices Event ID 36

May 7, 2019, 12:26 pm
$
0
0

RDP users (Citrix XenApp) are getting connections refused/dropped and a black screen. This is Citrix MCS spawned terminal services on Windows Server 2012 R2. On the server seeing these messages:

Log Name:      Microsoft-Windows-TerminalServices-LocalSessionManager/Operational
Source:        Microsoft-Windows-TerminalServices-LocalSessionManager
Date:          5/7/2019 12:08:15 PM
Event ID:      36
Task Category: None
Level:         Error
Keywords:      
User:          SYSTEM
Computer:      CTXIAHYP004.mydomain.com
Description:
An error occurred when transitioning from CsrConnected in response to EvCsrInitialized. (ErrorCode 0x80004005)

Log Name:      Application
Source:        Microsoft-Windows-Winlogon
Date:          5/7/2019 12:08:15 PM
Event ID:      4005
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      CTXIAHYP004.mydomain.com
Description:
The Windows logon process has unexpectedly terminated.

After extensive Internet search with these symptoms I am coming up empty.

I reviewed EventTracker and related MicrosoftHelp but these recommendations do not seem to apply in this case or are too vague to be useful. Those articles suggest a server resource constraint (we do not see this, unless it was temporary and is no longer present when the system event occurs), registry corruption (this seems very unlikely, but even if true, how do we determine which registry hive or key is corrupt?) or a service that needs restarting (which service? we do not see any errors showing failed or stopped services).

Any other tips?

Sign in option

May 7, 2019, 12:04 pm
$
0
0

Can i add custom sign in option in addition to already available sign in options (password, smart Card) ?

Custom sign in option is related to smart card but without reading certificate on smart card. Rather it will perform sign in on other attributes fetched through smart card and comparing them againstemployee ID attribute of AD?

Rox_Star

RDS design limitations ?

May 9, 2019, 5:53 am
$
0
0

Hi

I am doing a POC on RDS and I am currently running into some limitations that I hope someone here on the forum can help answer if those are indeed limitations or if what I try to do can be achieved in another way.

Explanation of environment.

1 datacenter site (6 RDS hosts)
11 large branch sites (2-3 RDS hosts in each branch)

Datacenter is publishing applications from central systems running in the datacenter

Branches are publishing applications from system running locally on the branches. Most of these local systems for several reasons have to run locally in the branches and it is mission critical for thin clients and computers running at the same local branch to have access to those local published applications 24/7. That means also when the WAN link to the datacenter should go down.

Published applications must be able to be launched from computers and mobile devices, from the internet. This should be archived with gateways and web access servers placed only in the Datacenter. We don't want to have internet facing servers running on our branch sites. Of course those local published apps on branches can only be launched from internet when the WAN link to the datacenter is up, but this is ok. Critical part is for local clients on the same site as the RDS hosts to be able to launch them if WAN should be down.

Design considerations

Since we don't want an individual deployment for each branch, where we would need internet facing gateway and web access servers on each branch, those should be placed in the datacenter, so the best fitting design here would be the below.

Datacenter: 2 x RDS gateway/Web access servers, 2 x connection broker, license server and 6 RDS hosts.
Branches: 2-3 RDS hosts
Collections: 1 for datacenter and 1 for each of the 11 branches.

This setup however would not allow clients to start locally published applications if the WAN link is down to that branch, since users in that branch cannot reach the Web access and broker in the datacenter.

Questions:

Is there any way around this or any way it could be designed to allow users to start local published apps (not desktops) when users cannot reach the broker and web access servers.

Can you setup that if a broker is not available, the remote apps will still launch, just without load balancing and the feature to reconnect to disconnected sessions. So it should just launch directly against RDS host servers (You could probably use DNS RR to then still get some kind of client distribution across the hosts) ?

When setting up remote desktop clients on phones and computers, they require a URL feed. This is pointed to the Web access server "https://server.domain/rdweb/feed/webfeed/xxxxxx.aspx" does this mean that the web access server is mandatory to even be able to launch remote apps or is there another way to launch them that doesn't rely on the Web access server ?

Thanks

Martin

Viewing all 21489 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>