I came from the VM Ware remote desk top services so stumbling a little getting up and running. I have a windows 2019 farm built and working with published apps and 2 windows 10 pools one pooled and one personal. Everything is working across HTTPS including html 5 where I have an issue is with some thin clients I am running ( RDP protocol ) . I point them at my RD Connection Broker server and added the reg entry to redirect to my  windows 10pooled pool everything works great. With only one RD Connection Broker ( in this case 2 clustered ) how can I redirect some thin clients to the personal pool and others to the pooled pool. Thanks for any help you can give me here.

Hello

We purchased some per device RDS Cals. Now we find some user use two computers（a desktop and a laptop), We'd like to convert our Per Devcie RDS Cals to Per user RDS Cals.

Does microsoft provide a route to convert Per Device to Per User.

Hi,

We host around 4000+ RemoteApp connections in an RDS 2016 farm with 4 RDG, 2 RDCB and 28 RDSH servers.

All servers are Windows Server 2016.

Recently we are seeing that RDCBs stop tracking the number of connections on some RDSH servers and keeps redirecting new connections to them. As a result these servers start hosting a lot more connections than other servers.

Get-RDUserSession keeps reporting the same last known sessions and does not update irrespective of number of connections on the server or their state.

The workaround we have found is to disable new connections to affected RDSH servers, reboot them overnight and add them back on next day.

It will be great if someone can shed some light on this issue. I'm not sure how connection brokers get updated connection info from RDSH servers.

Thanks

Dinesh

Hi,

I have set up a Windows Server 2016 RDS environment which is as follows:

1 RD Gateway Server (RDGW1)

1 RD Web Server (RDWeb1)

5 RD Session Hosts (RDS1 to 5)

1 RD Broker (RDBroker1) - also does licensing.

gateway url is: gateway.domain.com which points internally and externally to the RDGW1 server.

The RD gateway and RD Web servers are in the DMZ.

We now want to implement Azure MFA using the NPS Extension as described here: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension-rdg  

To minimize impact, I set up another Gateway server in the DMZ called RDGW2, along with an NPS server in the LAN (NPS1). Following the documentation linked to above, I was able to successfully set this up.

To test, I have downloaded the RDP icon from the RDWeb page and edited it to direct via RDGW2 rather than RDGW1. I also created an External DNS entry for gateway2.domain.com pointing to the WAN IP for RDGW2.  This works fine from outside of the network and I get MFA prompts and can see connections going through RDGW2.

I now need to publish 2 RDP shortcuts. One would be using the old non MFA gateway (RDGW1)  - this is already there. The second would be the edited RDP Shortcut that uses the new MFA configured Gateway (RDGW2).

Is there any way I can publish the second RDP icon? Perhaps by editing the relevant web page or locating where the original icon is located? Publishing via RemoteApp is not an option. The reason for having both is to provide a transition environment and possible future DR environment (in case there are issues with Azure).

Thanks,

I already posted this question in Server2016 section - they had no idea - but they suggested to try and find a solution at the RDS-Section

I have 3 Win2016 Terminal-Server - all show the same Problem:

Sometimes Windows Desktop is not responding - no Startmenu reaction, no right-click on taskbar. But i can double-click Desktop-Icons and the program starts. I also have this problem when i log on locally as admin.

In the Eventlog i get:

Information: The Desktop Window Manager has registered the session port.(EventID 9027)

followed by

Error: Application Error - EventID 1000

Faulting application name: explorer.exe, version: 10.0.14393.2879, time stamp: 0x5c89ec44
Faulting module name: ntdll.dll, version: 10.0.14393.2608, time stamp: 0x5bd133d4
Exception code: 0xc000041d
Fault offset: 0x000000000002138e
Faulting process id: 0xf51c
Faulting application start time: 0x01d505941f3bf9c4
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: f943abdf-c7c2-4b2e-9906-e5ea5e358841
Faulting package full name: 
Faulting package-relative application ID: 

The faulting module name changes between: ntdll.dll and user32.dll

I have no idea why this happens - hope you can help me

Thanks

Arnold

Can you offer up some suggestions regarding the following System log events? We are seeing these errors frequently on the Windows Server 2012 R2 server which is hosting the Remote Desktop license server.

1. Are these warnings and errors concerning and require action to correct? If so what steps?

2. What end user experience symptoms (other than the posted messages to System log) would we expect to see?

Log Name:      System
Source:        Microsoft-Windows-TerminalServices-Licensing
Date:          4/29/2019 11:12:28 AM
Event ID:      4105
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      MSRDSLIC.mydomain.com
Description:
The Remote Desktop license server cannot update the license attributes for user "useraccountname" in the Active Directory Domain "mydomain.com". Ensure that the computer account for the license server is a member of Terminal Server License Servers group in Active Directory domain "mydomain.com".
If the license server is installed on a domain controller, the Network Service account also needs to be a member of the Terminal Server License Servers group.
If the license server is installed on a domain controller, after you have added the appropriate accounts to the Terminal Server License Servers group, you must restart the Remote Desktop Licensing service to track or report the usage of RDS Per User CALs.
Win32 error code: 0x80070005

Log Name:      System
Source:        Microsoft-Windows-TerminalServices-Licensing
Date:          4/30/2019 5:51:17 AM
Event ID:      44
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      MSRDSLIC.mydomain.com
Description:
The following general database error has occurred: "ESE error -1003 JET_errInvalidParameter, Invalid API parameter."

Log Name:      System
Source:        Microsoft-Windows-TerminalServices-Licensing
Date:          5/1/2019 11:46:41 AM
Event ID:      4106
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      MSRDSLIC.mydomain.com
Description:
CAL reporting: Windows Server 2012 : RDS Per User CAL - Installed: 850, Issued: 881

In addition, I can confirm that, per instructions in event 4105, the license server is not a domain controller and the computer account is a member of the built-in "Terminal Server License Servers" group.

A similar question TechNetForumTopic, TechNetForumQuestion, SysAdminTipBlog, and MsITprosBlog refers to a solution involving old accounts for long-term employees who are appearing in event 4105. I have validated that many of them are old enough that they likely existed back when this domain was at the 2003 functional level (it is now at the 2012 level). However, these users are not reporting any symptoms, so the event 4105 seems to not cause any downside other than logging the event. (Which goes back to my original questions, what symptom effect should we be seeing?)

Thanks in advance for your assistance.

Hello to All!

We have a problem with RDS feature on 2016 Server.

Server was deployed with no CALs installed and worked some time in a trial mode. Then owners of this server bought 30 Per User licenses trough SPLA programm and I was asked to activate and install licenses in it.

Before I connect to server I saw that owners are now in procces of deleting grace period registry entry (because grace period has ended and they was in big hurry to make it work again).

After all this and mine (standart activation and installing licenses proccess) manipulations server now did not want to see legal licenses and continuing working in trial mode (grace period still ticking). Last manipulations was to delete grace registry again and reboot the sever (I found similar situation https://www.360ict.nl/blog/no-remote-desktop-licence-server-availible-on-rd-session-host-server-2012/) but it did not helped and now grace period start ticking from beginnig (120 days).

I found info that 2016 server is still can issue Per User CALs to local users in Workgroup environment and made all manipulations with local group policies https://digitalbamboo.wordpress.com/2017/04/05/deploy-remote-desktop-services-in-a-workgroup-easily/ and other stuff and now in diagnostics there have no warning and all green.

Maybe some one faced similar problem or have any suggestions I would be very graceful. I'm desperate already.

Hello, I've got a question regarding the use of VDI and RDS at the same time.

We managed hotels and most of our front desk computers will be required to use VDI and not RDS due to software that has to be installed at each front desk pc for credit card and room keys and it won't work on RDS since each reader is independent.

My question is if we setup VDI for the front desk computers which will use Dell Wyse ThinOS and then all the other computers in the Hotel are RDS on Dell Wyse ThinOS can we set it up so that if a user logs into a front desk computer it goes to the VDI machine and then if they sign into a back office terminal it goes to the RDS server?

If that's possible do you just have the wyse terminal set to sign into the VDI machine using the vdi hostname or would you still point it to the Broker?

For RDS I've went into the DNS and put in a A record since we have multiple RDS servers. How would this work with VDI? 

The other question is what is the difference between buying a VDI license vs just buying a Windows 10 license and putting that on a Hyper-V VM?

Thanks

We have two W2019 Servers running both with the Server RD Session Host role installed. Lets call them Server A and Server B.

• Server A is used as a RD Desktop Environment
• Server B is used for Shared Applications like Word, Excel etc.

Our idea is that the user does logon on Server A, accessing the Applications from Server B.

Basically this does work well however file type association seems not to be working in this environment. We are getting the following event on Server A:

Event ID: 1026

Source: RemoteApp and Desktop Connections

 "The installation of the default connection has been cancelled. A default connection cannot be used on a system that is part of a Remote Desktop Services deployment."

Default connection to webfeed.aspx has be configured via GPO and has been applied successful, file type association is configured for the shared Application also.

On Server A the file type association is not working so the user can not open a file from Windows Explorer directly.

As the Event Log Warning does it say really clear is it not possible to use shared Applications on a Desktop Environment with working file type association ?

Scope of this is that out of dozens of accounts that work fine for rdwc sessions, there are two that do not.  The connection starts but within a few seconds fails with, user facing side, 'we couldn't connect to gateway because of an error.'  When running a capture, the key error appears to be:

Any pointers in the right direction, or if anyone else has seen these errors, would be much appreciated!

Hello Everyone,

I have a RDS implementation working with 2012r2 in a domain A.
Users from domain B (With an external two-way non-transitive trust with A) can access, log-in, use remoteapps, rds sessions, etc..

The problem is when I enable the RDWeb password reset feature. For example, taking 2 users with the "User must change password at next logon" option enabled:
If the user is from domain A, I get prompted to change the password and it works great.
If the user is from domain B, I get prompted to change the password, but after writing the new password it says that the user name or password is not valid.

Any clues?

I found this issue that I don't know if it's somehow related
http://social.technet.microsoft.com/Forums/en-US/cf14fc3e-2a4a-4f4e-8dd6-fed2ecdf7d7b/cross-forest-password-reset?forum=ilm2

Thanks

A user (AA) in the main site is allowed an RDP connection through an RDS Broker. When user AA goes to another site and initiate an RDP connection thought the same RDS Broker, he gets "logon attempt failed" for three times then the account locks. On the forth time (when an account it locked) the Broker opens a connection but shows error "The referenced account is currently locked out and may not be logged on to". When a user clicks ok on this message and wait for his account to be unlocked in AD, he is able to login to the RDS.

This is affecting all users in this site. They have accessed the RDS servers through the Broker in the past (till early April)

All other sites are able to access the RDS servers thought the Broker with no issues. Can you help me narrowing this issue and fine a resolution please

YRK

Hello,

We currently have a setup where we have a server with the web access and RD gateway roles installed.  They point back to a broker that has multiple applications defined that users can use through a browser (using the web access URL.)  The issue we are having is that the user will click the application, it will establish a connection, but hang until you click show details.  Once that has happened it will show the domain page and load the application.  Does anyone know how to make the application automatically display instead of having to click show details?

Thanks

Can i add custom sign in option in addition to already available sign in options (password, smart Card) ?

Custom sign in option is related to smart card but without reading certificate on smart card. Rather it will perform sign in on other attributes fetched through smart card and comparing them againstemployee ID attribute of AD?

Rox_Star

Hi,

as suggested on my previous topic (https://social.technet.microsoft.com/Forums/windowsserver/en-US/b1b0cc9e-461f-4bb3-b497-ef139093f195/cannot-rdp-from-domainmachine-to-workgroup-win2k12?forum=winserver8gen), I'm here to ask about my problem in a more dedicated forum.

My computer is part of a domain. I want to RDP on a server hosted in datacenter (Win2K12, part of workgroup, standalone server). When I try to connect, I enter the remote server administrator credentials and I have the error message (translated from french) :

"Your system administrator is refusing connection to this remote computer. Contact your system administrator or technical support for assistance".

- All domain joined computer can RDP on the domain but they can't RDP this remote server.

- A non-domain-joined computer in my LAN is able to connect to the remote server.

- My user is member of "Domain User" & "RemoteDesktop User".

What's wrong ? 

Thanks for help.

Vincent

I created a VM in vCenter 6.5 for "development" that I want to test RDS with on a Win2016 server. I needed to add it to my domain to get the correct options for installing RDS.

We already have Citrix XenApp etc. I don't want to accidentally push out any clients or rules or steal any cals or break any current functionality.

Is it safe to setup RDS services, standard, session based, with Remote Desktop Connection Broker, Remote Desktop Web Access and Remote Desktop Session Host and whatever is needed to test with that (temp or MSDN cals) without breaking any current functionality I have with Citrix?

I've seen plenty of RDS setup guides but nothing about installing into my type of environment.

Thanks everyone.

We have around 15~ Remote Desktop Session Host servers of varying versions (2012 R2, 2016 and 2019) which are experiencing freezing and flickering issues with "Not Responding" appearing in the top bar and the program being unresponsive when switching between tabs. Other symptoms include screen flickering and, when in Task Manager, the tabs sometimes disappear until you roll the mouse over them. These issues started appearing after the weekend of 23rd March 2019 (23/03/19).

I have been scouring forums looking for other people with the same issue but can't find anyone with similar symptoms except someone called Chris_UKDE and his questions haven't been answered either.

At first, we thought that this was caused by a Windows Update but we have been through all of the updates and cannot find any consistent update or lack of update across the servers that seems to have caused the problem. We thought it might have been KB4489889 but after uninstalling this, the problem still remains.

We have opened a case with Microsoft and we are waiting for them to analyse some logs that they gathered on Friday and they have advised various registry fixes and disabling hardware acceleration but none of these have worked. I am taking to the forums to see if anyone else is a. having any luck with their diagnosis and b. having these issues at all(!) and c. if we manage to fix it, to share it with you so you don't have to experience the same pain we have.

The issue does NOT appear to happen in Safe Mode BUT when running a Selective Startup from MSConfig, these issues still happen, eluding that it's still a Microsoft element causing the problem. We are mainly seeing the problems in Microsoft Office programs but we do get a few issues in other Microsoft programs, such as Internet Explorer/Task Manager and also Chrome.

Most of the servers are running on VMWare ESXi 6.0-6.5 but we do have one native Windows Server with the problem. We have tried updating/uninstalling VMWare tools but this does not seem to fix anything. We also thought this might have been related to the video driver, so we booted the server with "Base Video" options in MSConfig but this still didn't fix the problems.

I am hoping that there are others in the same position as me, looking for an answer but having no forum to discuss it on, hence this post. Any advice greatly appreciated.

Lewis

Hello support,

I have Windows 2012 R2 standard server as a RDS clients on it.  it runs an applications on it called ACT! and 7 users login to it to access the Act! program and their individual email outlook. There are three users that have Apple devices that use RDP client for Mac that access the server.  I want to close port 3389 and use Remote Web Access (via a ssl certificate) and using essential experience to access the server instead of RDP.  But when I go to browser (Safari) and put in the remote link.  https://remote.domain.com/remote,     I am able to log in and the remote client is downloaded and when I click on it, it wants to open it with an app and it cannot find and goes to App Store but all the programs there are greyed out or not available.  

The same process for iPad and iPhone. How can safely access the server?  I appreciate your help.

Jamshid