Hello,

We have a Windows Server 2016 box that is being used for users to remote in to their computers by way of RDWeb. Every time someone goes to the website to login we we get the following Warning logged in events:

Event code: 3005 
Event message: An unhandled exception has occurred. 
Event time: 10/26/2018 10:49:47 AM 
Event time (UTC): 10/26/2018 2:49:47 PM 
Event ID: 00f90daa62f94580925cf71413f5874d 
Event sequence: 5 
Event occurrence: 1 
Event detail code: 0 
Application information: 
    Application domain: /LM/W3SVC/1/ROOT/RDWeb/Pages-6-131850389869549350 
    Trust level: Full 
    Application Virtual Path: /RDWeb/Pages 
    Application Path: C:\WINDOWS\Web\RDWeb\Pages\ 
    Machine name: XXXXXX 
Process information: 
    Process ID: 5096 
    Process name: w3wp.exe 
    Account name: IIS APPPOOL\RDWebAccess 
Exception information: 
    Exception type: NullReferenceException 
    Exception message: Object reference not set to an instance of an object.
   at Microsoft.TerminalServices.Publishing.Portal.FormAuthentication.TSFormAuthTicketInfo..ctor(HttpContext objHttpContext)
   at ASP.en_us_default_aspx.<GetAppsAsync>d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Web.UI.PageAsyncTaskManager.<ExecuteTasksAsync>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Web.UI.Page.<ProcessRequestAsync>d__554.MoveNext()

 
 
Request information: 
    Request URL: https://XXXXXXXXX:443/RDWeb/Pages/en-US/Default.aspx 
    Request path: /RDWeb/Pages/en-US/Default.aspx 
    User host address: XXXXXXXX 
    User:  
    Is authenticated: False 
    Authentication Type:  
    Thread account name: IIS APPPOOL\RDWebAccess 
 
Thread information: 
    Thread ID: 115 
    Thread account name: IIS APPPOOL\RDWebAccess 
    Is impersonating: False 
    Stack trace:    at Microsoft.TerminalServices.Publishing.Portal.FormAuthentication.TSFormAuthTicketInfo..ctor(HttpContext objHttpContext)
   at ASP.en_us_default_aspx.<GetAppsAsync>d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Web.UI.PageAsyncTaskManager.<ExecuteTasksAsync>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Web.UI.Page.<ProcessRequestAsync>d__554.MoveNext()
Custom event details: 

Hi,

I have special circumstances where I need to connect (RDP using MSTSC) to a Windows server that enforces RDP over TLS, but without NLA (enablecredsspsupport:i:0 in the RDP file, the server allow this).

On some clients (I saw this only with Windows Server 2012 R2 clients) I'm getting the following error: "The connection cannot proceed because authentication is not enabled . . .".

The only thing I found online was to change the authentication level, which didn't help.

I analyzed the traffic using Wireshark and I believe the problem is with the RDP negotiation, where the client sends a list of it's supported security protocols. If I connect from the same client with NLA (enablecredsspsupport:i:1) I get this:

requestedProtocols:
    .... .... .... .... .... .... .... ...1 = TLS security supported: True
    .... .... .... .... .... .... .... ..1. = CredSSP supported: True
    .... .... .... .... .... .... .... 1... = Early User Authorization Result PDU supported: True

But if I connect with enablecredsspsupport:i:0 I get this:

requestedProtocols:
    .... .... .... .... .... .... .... ...0 = TLS security supported: False
    .... .... .... .... .... .... .... ..0. = CredSSP supported: False
    .... .... .... .... .... .... .... 0... = Early User Authorization Result PDU supported: False

Where I would expect this (I do get this with some clients):

requestedProtocols:
    .... .... .... .... .... .... .... ...1 = TLS security supported: True
    .... .... .... .... .... .... .... ..0. = CredSSP supported: False
    .... .... .... .... .... .... .... 0... = Early User Authorization Result PDU supported: False

It seems like for some reason disabling CredSSP on the client also disables TLS.

I would appreciate if someone could help me figure out what's happening.

Thanks,
Gabriel

Hi,

I have a Windows Server 2012 R2 there i have installed:

RD Web Access

RD Connection Broker

RD Session Host

But RD Connection Broker service will not starta I get this 3 errors:

Event ID: 833 Source: TerminalServices-SessionBroker

The VMResource plugin failed to load. Error: VMResource is not a valid Win32 application. 

Event ID: 833 Source: TerminalServices-SessionBroker

The MS Default Provisioning Plugin plugin failed to load. Error: The group or resource is not in the correct state to perform the requested operation. 

Event ID: 898 Source: TerminalServices-SessionBroker

RD Connection Broker service failed to start. HRESULT = 0x8007139F.

I have checked VMResource in register in it´s look fine.

Regards Pierre

We have a single forest, single domain AD environment. A password policy has been set through 'Default Domain Policy'. 

We would like to implement second password policy with different complexity requirements. As per the official Microsoft document thus can be achieved through Fine Grain Password policy. 

Please confirm that there is no such system limitations and another password policy can be configured for application administrator's.

Kindly respond at your earliest.

Side note. this all works fine using the legacy reweb and rds client.

When trying to connect using the web client, we get the usual "Oops, we couldnt connect".

When i look in the dev view, I see websocket connection to the gateway failed, 404:

WebSocket connection to 'wss://gateway.testcloud.co.uk/remoteDesktopGateway?CorId=%7B334da63a-1571-428b-903f-b23d4a860000%7D&ConId=%7B32369577-63bd-4dee-a4bc-dd8f08495d4e%7D&ClGen=HTML%3D1&ClBld=Type%3DRdClient%3B%20Build%3Dprivate&AuthS=SSPI_NTLM' failed: Error during WebSocket handshake: Unexpected response code: 404

Any ideas?

Hello, I am trying to access an EMR system for a new client and have been able to access it from my personal computer and from other computers, but not from my work laptop. I keep getting the error message " You're computer can't connect to the Remote Desktop Gateway server. Please contact your system administrator for assistance." when I try to connect. I have spoken to as many system administrators as I could, have worked with two different IT teams, and no one can seem to figure out what is wrong! If anyone has any ideas of how to fix this I would greatly appreciate it! Thank you!

Hi

I have set up RDS on Win 2019 server, but when trying to connect to the I keep getting that the Gateway in unavailable.

I can connect to there server with RDP fine, but not RDWeb. Could someone point me in the right direction.

I am using Azure

Hi all,

We have made a RDS Farm to deploy a Virtual App. After configuring the roles, we have this structure:

• server1 - RDBroker/RDGateway/RDWeb access
• server2 - RDBroker/RDGateway/RDWeb access
• server3 - RDLicensing/RDSH
• server4 - RDLicensing/RDSH
• server5 - RDSH

server 1 and 2 are in DMZ VLAN, and server 3, 4 and 5 in midd VLAN. To publish our public DNS, we use a pool into VIP F5 that balance the connections with Round Robin mode and assign a static public IP to this DNS.

All roles are in HA: RD bróker have a DNS RR register with the server 1 and 2 IP, RDGateway is duplicated on both servers, RD Web Access and IIS is installed on both servers and the RDSH role is blanacing via RDBokrer service.

The question is: Is possible to check the health status of every role (RD Gateway, RD Bróker and RD Web Access) to remove of the F5 pool the machine when some role is out of service in a server1 or 2 ?

Thanks!

Gerardo,

Hi

We have a problem with logon times on our RDP 2012R2 servers. It must be related to the roaming profile.

The problem:

The users logon on via RDP. The profile gets loaded, applying group policy settings and so on, and then the "black screen" starts. I can take up to 15 minutes before the users desktop is visible and ready to work.

While there are black screen I can press CTRL+ALT+DEL and go to the task manager. The only process that is working is explorer.exe.

If we create a new profile the users are logged in less than a minute, but the logon process and the time for the black screen increases over time. It happens for all our users on our 30 RDS servers.

Any suggestions?

Hi

I have set up RDS on Win 2019 server, but when trying to connect to the I keep getting that the Gateway in unavailable.

I can connect to there server with RDP fine, but not RDWeb. Could someone point me in the right direction.

I am using Azure

Hi,

I'm sure this has been asked many times before, and I'm probably just missing something simple but we've built a new RDS 2016 system consisting of 2 Connection Brokers and a few RDS Hosts which will be used for plain Remote Desktops. 

Clients are getting certificate warnings when connecting as the DNS name for the farm (RDSFARM.domain.com) is different to the host name on the self-signed certificate which is presented. We have a wildcard cert which we could use, in place of a SAN certificate, but I'm unsure where we configure this. 

In the RDS Server Manager, you can configure the RD Conncection Broker for SSO, Publishing, Web Access and RD Gateway but these aren't related to what I'am talking about are they? 

I've also tried putting this wildcard cert into the RDS system certificate store and removing the self signed cert, but no luck doing that. So what is the right way to configure this? 

Thanks in advance, 

Dave

Hi, 

We've been rolling out FSlogix and so far have been loving it. We came from roaming profiles.

When we migrated I left the 'Profile Path' field set on the AD object as there are app servers and various others that users may logon to without FSlogix - so keeping roaming for these seemed ideal.

For two users, whenever they login to the RDS Farm with FSLogix, the roaming folder in their VHDX gets overwritten (*profile*\appdata\roaming) Weirdly the local folder is unaffected. If I restore the VHDX and remove the Profile Path field this stops happening.

Only happens for these users and I cannot find any documentation related to this.

Anyone have any ideas?

Thanks,

Andrew

Hi everyone

We have recently renewed our SSL wildcard (GoDaddy) certificate and have successfully installed it.  However we now have a problem where some users are unable to connect and I suspect its an issue with SSL and possibly something I've not done correctly.  Below is a brief overview of the RDS deployment

7 Servers - 1xGateway/web access, 1xConnection broker/licensing, 4xdesktop hosts and 1xapplication host.
SSL Wildcard purchased from GoDaddy and assigned to each server.  CN *.abcd.co.uk

Server FQDN (as seen from connection broker) is server.ad.domain.com (I think this has changed since adding the new SSL from server.abcd.co.uk but can't be certain).
Forward looking DNS A record abcd.co.uk set to private IP for gateway and connection broker servers.

We have a mixture of W7 & W10 Pro clients, a large number of HP thin clients and a few Apple Mac's.

Connecting internal seems to work for Windows user and some thin clients but the Apple users and some of the HP clients cannot get on.  If we change the Gateway settings from defined to automatically detect on on the connection broker, the Apple clients work but not some of the thin clients.

I am convinced the root cause is the way we have configured our Wildcard SSL which has effected the gateway and other settings.

Unfortunately, I cannot find any literature which gives in depth instructions on how to configure and assign SSL certificates from start to finish for an RDS deployment.  

Prior to us renewing the certificates, everything was working fine.

If there is anyone who can advise, then I would be grateful.

Regards

Thackers

Hello,

I am currently evaluating RemoteApp to deliver applications to our roaming users. It is working well.

However, whenever user reconnects, it creates a new session rather than hooking up to a disconnected session. My requirement is that till the time a disconnected session does not end, user must reconnect to their corresponding disconnected sessions only.

I have tried configuring following Group Policy Settings on the Session Host Server, but could not achieve the objective:

• Automatic reconnection = Enabled
• Configure keep-alive connection interval = 30 mins
• Restrict Remote Desktop Services users to a single Remote Desktop Service session = Enabled

Request if someone can guide me about some missing configuration to achieve the objective.

Thanks,

Amit Jogi

I have the following:

RDS Gateway = Windows 2016

TS server = Windows 2008 R2

TS Server2 = Windows 2016

I get into the RD webpage without issue, there lies 2 RDP published apps pointing to 2 different servers.

When the icons are launched and authentication box appears, domain credentials are put in, and the error stated below comes up.

End users can access the gateway without issue, when they select the TS Server RDP icons they get the following error:

RemoteApp Disconnected - Your computer can't connect to the Remote Desktop Gateway server. Contact your network administrator for assistance.

The TS connection is set to maximum, everything else is set correctly to. I have read all the articles I can find and it has not resolved the issue, is there something I am missing?

Hi everyone,

This is my first post in this website ! :)

I try to deploy an RDS solution with 3 RDS Server (Windows Server 2016) and 1 RDS Broker (Windows Server 2016).

All servers are in VMWARE Environment 

My RDS servers have RemoteApp (1 per server) and I have an issue with one.

First I deploy my RemoteApp, no problems, no errors messages.

Next, I connect to my Web RemoteApp Work Ressources and I download the RemoteApp file (.rdp file)

Now Impossible to open it because the application can't find the remote computer. When I edit the rdp file I have some missing arguments :

• videoplaybackmode:i:1
• audiocapturemode:i:1
• gatewayprofileusagemethod:i:1
• full address:s:MYBROKER.mydomain
• gatewayhostname:s:mygateway.mydomain

I try to remove my RDS server VM and create new one with the same name, but same problem.

In this example I tried to deploy calc32 in RemoteApp.

When I go in regedit I see that arguments are missing but I don't know why.

If y ou have ideas to repair, Thanks for your future answers!

Sincerely, :)

hello all,

I appreciate any feedback on this question. we are trying to have six users work remotely from outside the office. We have an server 2012 r2 in a workgroup environment. No RDS licenses.

are we able to set up VPN through the router for six users to log in to the server at same time if there are no RDS licenses? Or can we set up VPN directly to six computers desktops using the router.

Thank you

We're running a single RDS setup with Windows Server 2016 Standard and about 2 weeks back we started to experience Windows Start Menu and Taskbar issues where these functions would suddenly stop working for all of the RDS users.  We are not using profile disks and each user connects to the RDS via our gateway server and their profile is stored locally on the RDS server.  No desktop or Start Menu redirection is setup.  We have 25 RDS CALs and there's normally about 20 users logged into the RDS server.  The server is a physical server running a 12core Intel CPU with 32Gb of RAM and an NVME SSD Intel disk.

The desktop apps like Microsoft Office will continue to function fine but if you minimize the running apps, the user can not click on the minimized apps as the Taskbar doesn't respond along with the Start Menu.  The only thing that currently works is to logout the user session using Task Manager or to reboot the server.  When the user reconnects and gets a new session, the Start Menu and Taskbar will work for several hours before it goes back to the locked state.

I have read quite a few posts and I have re-installed the Windows apps with the following PS script:

Get-AppXPackage -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\AppXManifest.xml”}

I have run a full sfc /scannow and checked the health of the windows image.  These all complete fine without issue.

Tonight I have found some older posts from 2017 about Server 2016 RDS black screens that are caused by duplicate Windows firewall rules getting created for each user every time they login.  While we don't have the black screen issue, I'm wondering if our issues with the Start Menu and Taskbar could be related to this same duplicate firewall rules for each user.  When I checkedHKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System on our RDS, I am seeing thousands of entries.

Does anyone know if these duplicate firewall rules can cause the Start Menu and Taskbar issues?  If so, what's the proper way to delete them?

Thanks for any input.

Ken 

We have installed Server 2016 and installed Remote desktop services and license activated on the server.

When we connect to the server 2016 from windows PC and its connecting without any issue.

But when when we connect through Ncomputing Vspace session thin client and we are getting the below error message.

Please help on this issue.

Thanks

Krishna