Quantcast
Channel: Remote Desktop Services (Terminal Services) forum
Viewing all 5613 articles
Browse latest View live

2008 r2 RDP SSL NLA problem "Local Security Authority cannot be contacted"

February 25, 2014, 9:17 am
$
0
0

Hi!

I have run into an issue with RDP settings for 2008 R2 servers (all of them) whenever I enable NLA. That happens on user accounts that do NOT enforce password expiration (and so passwords are not expired) and MSTSC supporting NLA (client computers are win7 or win8).

In fact those same clients can use NLA just fine for connections to other win7/win8 workstations (domain members) using NLA, no probs!

SSL certificates are automatically issued by enterprise CA. All computers/servers have current and valid Computer certificates.

For some strange reason, I cannot enable NLA on RDP settings for any of 2008 R2 servers (various roles, ranging from physical DC running multiple roles, through dedicated virtual DC or dedicated virtual Print Servers up to dedicated Remote Desktop Services host), because all of them at once stop accepting RDP connections, always with same error message:

An authentication error has occurred.
The Local Security Authority cannot be contacted

Remote computer: server.domain.local
This could be due to an expired password.
Please update your password if it has expired.
For assistance, contact your administrator or technical support.
That same message also appears on DC (2008 R2) running the enterprise CA role ... irony ...

Please keep in mind that domain member computers running windows 7 x64 or windows 8.1 x64 can accept NLA enabled and SSL encrypted RDP traffic at same time without issues while using the same user accounts to connect.

To make it even funnier, I can set RDP on 2008 R2 acting as Remote Desktop Services server to accept only SSL RDP traffic and keep NLA disabled and all works just fine. So, it is strictly the NLA causing trouble here, but why? WS 2008 R2 unable to use Kerberos authentication for RDP?

WS 2012 R2 can accept NLA/SSL RDP connections without trouble, just as win7/win8 workstations can, so issue is narrowed down to only 2008 R2 servers (physical or virtual).

Is there a hotfix for this problem on 2008 R2? sounds to me like it is a bug in 2008 r2 regarding Kerberos authentication for RDP... is MS ever planning to fix it or we have to upgrade all servers to 2012R2 to "fix it" ...






Search

Java Web Start not working with per session virtual IP

April 14, 2011, 3:32 am
$
0
0

We are running RDS on 2008 R2, using per session virtual IP, and we are unable to run any applications that use Java Web Start (we've tried 3 so far).

The JNLP file downloads and javaws.exe launches to run this, but never gets any further. The process just drops to about 200K of memory and stays inactive.

I have run Wireshark to see what is happening from a network point of view and there is no traffic after the download of the JNLP file. This is in comparison to running from my PC, where javaws downloads the individual files referenced in the JNLP file and then launches javaw.exe to run the code.

I have turned off virtual IP on a test server and this allows things to work as expected, so it is definitely the interaction with virtual IP that is causing the problem. I suspect that the security sandboxing that Java Web Start does is causing it to attempt to use the main IP of the server and that RDS is preventing it from doing so (or something like that).

Has anyone else had the same issue? Any ideas on resolving this?

Remote Desktop show black screen and closed

January 3, 2016, 2:22 pm
$
0
0

Today, when I went to remote to my VPS (with Windows 2012 r2), remote desktop shows me black screen and closed after some seconds. I've tested remote from other client (with different OS) but again shows black screen and closes.
I checked all solutions for this problem in the net but none work in my case. Some solutions that I've checked:

  • remove some windows updates
  • check user access
  • add user to Interactive and Authenticated Users group
  • test with other user account
  • uninstall Anti Virus
  • change some configuration in remote desktop application
  • reinstall graphic card driver
  • commands: netsh int tcp set global rss=disabled and netsh int tcp set global chimney=disabled
  • check RD Gateway SSL certificate

When i check remote desktop event log, I'm found this error:

The RDP protocol component X.224 detected an error(0) in protocol stream and the client disconnected
with Event Id 97
what this Event Id means and how can remote my VPS with remote desktop?

(of Course i can access to VPS with VNC)

Edit:

Also I found this event in Event Viewer:

The Desktop Window Manager has exited with code (0xd00002fe)    Event Id:9009



RDS from Internet with MFA/RADIUS with exceptions from specific external IP-adresses

January 8, 2016, 8:12 am
$
0
0

Hi all,

I'm trying to set up an RDS environment where users who are connecting from the internet are provided with Multi-factor authentication, but with the possibility to bypass MFA when connecting from specific IP-addresses.

The MFA-part is working, however, I can't seem to figure out how to bypass MFA for specific IP-addresses.Does any of you have experience with this?

Regards,

Sebastiaan

WS2012 R2 VDI Shadow W10 Desktops

January 7, 2016, 6:05 am
$
0
0

Hello,

My last small problem is that I cannot shadow a simple VDI session.

I always get the same message: The computer name is invald.

More than that when I start the shadow, the computer name looks weird!

Idea??

TS 2008 server per cpu licensing

January 4, 2016, 9:24 am
$
0
0
we have Terminal server 2008 running on vmware 5.5.  It is currently running one cpu socket with one core per socket.  If i increase to two virtual sockets with one core per socket(essentially running two cpu's)are we going to need to spend more money on licensing with microsoft for the second cpu?

RD Gateway certificate issue with a different ssl port

January 4, 2016, 12:54 pm
$
0
0

I have had RD Gateway working with self generated certificates every 6 months on our 2008 r2 server allowing windows 7 clients to connect from home to their windows 7 machines at work. Now I have had to add another website (forwarded to another machine - still just the default site in IIS on the rd gateway machine) and they want that one to use the defaults of 80 and 443. I changed the ssl bindings in IIS Manager to 82 and 444. This required me to update the home windows 7 clients rdp to v8 so they could specify a port. I thought I had all working fine but over Christmas break I could not remote in from home to check on things. I figured the server probably wasn't happy about something and a reboot would fix it but I wasn't that lucky. I have been trying all day to get it to work again.

I can connect to the home computers from work but trying to connect to work computers from home generates the error: "Your computer can't connect to the remote computer because an error occurred on the remote computer that you want to connect to." Looking in the IIS Manager settings in the Server Manager I see the only site (default) is not running. Clicking Start fails with: "The process cannot access the file because it is being used by another process". Checking SSL bindings I see https / 443 is back in the list. I remove it and now I can start the website okay. But I still get the same client error.

Checking the RD Gateway Manager I now see a red flag "A server certificate is not yet installed or selected". So I generate and import another 6 month certificate and install it on a client as well. That resolves that error and everything looks fine with the RD Gateway again. But the client still gets the same error.

Looking back in the IIS manager I see the default web site is again stopped and https port 443 is again listed at the end of the list of bindings. So, it's a neverending loop. As soon as I remove 443 from the bindings  and start the site, the RD Gateway says there is no certificate installed. As soon as I re-import the certificate (or make a new one.. it doesn't matter) 443 is listed again in the IIS manager and the site won't run.

Transfering files bigger than 2G via Remote Desktop Services

January 9, 2016, 11:41 am
$
0
0

Hello,

I have an environment which has a server running Remote Desktop Services server (Windows Server 2012 R2) which is the only Gateway into that network. Remote Desktop Services seems to have a limit of file transfers up to 2G. However that is not big enough. I have tons of files which need to be transferred and are bigger than that.

MS states it is simply not supported. See https://support.microsoft.com/en-us/kb/2258090

However, does anybody know about a fix for this issue even if it is not supported by MS?

Thank you

  

Search

RDS Server 2012

January 9, 2016, 7:36 am
$
0
0

Hi 

I have a question addressing Server 2012 R2 - RDS , I am Installing a server for a medium sized Charity that will require 10-12 users at maximum at any one time, some of which will be working remotely and some of which will be working on Client PCs that are located on the same site as the server, 

I have been out of touch since server 2003 when things where pretty straight forward a consultant at a IT firm advised me to Install Server 2012 and HyperV with 2 virtual servers one domain controller and one RDS server is this really necessary and is this the best way to roll out the installation??? all users will require roaming profiles and may log on remotely or on site. 

If so ill follow up with another question. 

Thanks 

James 

No connection to remote web workplace with my windows 10 computer.

January 14, 2016, 12:58 pm
$
0
0

Cannot connect to my remote web workplace with my windows 10 computer after receiving the message must update the client computer to version RDP 6.0 or later.

Any ideas?

What licenses for VDI do we need in our case?

January 6, 2016, 7:15 am
$
0
0

We plan to implement VDI. There will be two RD virtualization hosts running Hyper-V Server 2012 R2 and two Windows Server 2012 R2 Standard hosts with Hyper-V role installed running infrastructure services (AD DS, DHCP, DNS, etc.) in virtual machines. We plan to create 120 pooled desktops running Windows 8.1. Our users use Linux based thin clients to access VDI. So what licenses do we need to purchase?

As far as I understand, we need:

  • 2 x Windows Server 2012 R2 Standard licenses
  • 120 VDA licenses
  • 120 RDS CAL
  • 120 Server CAL
  • 120 Windows 8.1 licenses

Is that right? That looks way too expensive in compare with Session-based RDS (old terminal server). 

RDCMan Remote desktop connectionmanager - constant scrollbars since new version

January 16, 2015, 12:27 am
$
0
0


Hi all, i've downloaded RDCMan v2.7 build 1406.0

(I have no idea where I can place this forum post..)

I had an older version on my previous desktop and now since this new version, running on Windows 7, I constantly get scrollbars and cannot see the full screen of the remote desktop. Is this a bug or a setting?

Access is Denied - Remote Desktop

March 19, 2010, 8:11 am
$
0
0

I have set up my Server (2008 R2 Foundation) for remote desktop and RemoteApp as per the instructions provided by Microsoft.  I am using a single server for all functions.  When a user logs in to the Server through remote desktop, the remote desktop screen comes up and then the user immediately gets an 'Access is Denied' message.  If the user connects through RDWeb, the RemoteApps are displayed, but when the user clicks on an application, they are prompted again for their login credentials and then they get the remote desktop screen with an 'Access is Denied' screen as well.  This happens even for Administrators.

I am getting very frustrated with this as I have read many blogs and tried everything to no avail.  PLEASE help me.

RDS 2008R2 Mandatory Profiles Recycle.BIN

January 15, 2016, 1:46 am
$
0
0

Hello,

i had few weeks ago started an topic, but it seems it was not clear formulated.

https://social.technet.microsoft.com/Forums/windowsserver/en-US/be0b00f5-5782-470b-a928-a6d294da76b6/recycle-bin-on-redirected-folders-show-no-files-when-delete-some-files-but-they-are-in-there

So i have an RDS 2008R2 enviroment with mandatory profiles. User folders a simple redirected with GPO, not a special thing i think.

Like: AppData, Pictures and so on to \\domain.internal\dfs\users\%USERNAME%\[...Foldername...]

So when the RDS user deletes files in "My documents", they are moved to Recycle.BIN. But they are for the user not visible. the Folder icon also changes if the Recycle.Bin folder is empty or not.

When i take a look into the Recycle.Bin folder(s) as an Administrator with "dir /s W:\users\USERNAME\$RECYCLE.BIN" it shows items in the folder.

To make it clear: I DON'T want to clean up the folder or something else, i want access to the delete files in the dumpster.

Thanks in advance,

best regards,

Henry

Multiple Certificate Prompts when not using RDWeb

January 5, 2016, 1:17 pm
$
0
0

I have a 2012 R2 RDS environment with 1 server holding the roles: RDWeb Access, Connection Broker, RD Gateway, and 3 session hosts. 

I have a wildcard SSL cert configured in deployment properties for all roles. This works properly when users connect via RDWeb. They connect to RDWeb, and open their Remote Desktop session when goes through the broker, in to one of the 3 session hosts. They are not prompted with certificate errors.

I know that this is how 2012 RDS is supposed to work, through RDWeb. However, we have a large amount of older thin clients that do not support RDWeb access, so instead they are configured to RDP to an A record of thinclient.domain.local. I have round robin set up with three thinclient A records pointing to the 3 IPs of the session hosts. When a thin client connects they are presented with a prompt "The identity of the remote computer cannot be verified. Do you want to connect anyway?". It is presenting them with the local session host computer name cert, for example they connect via RDP to thinclient, and get a certificate prompt for RDS-SessionHost01.company.local. After clicking yes, they may be redirected to another session host and get the prompt again.

What is the best way to suppress these prompts? Is it possible to publish the wildcart to each session host? Or possible disable these prompts? Thanks in advance. 

Search

2012 R2 RDS Temporary Profile issue

December 30, 2013, 12:40 pm
$
0
0

I have set up a standard 3 node 2012 R2 RDS for testing. All virtualized on VMware ESXi 5.0. I have a connection Broker, session host, and web access server. I have published several applications and I can access them without a problem. Here is my issue:

When I try to log on to my session host server either locally or thru RDP, I am always logged in with a Temporary profile. It does not mater what user account I use. Even logging on locally as the administrator I get a temporary profile.

All windows updates are installed and current.

I have removed the server from the domain, deleted the account, and rejoined it to the domain.

I have deleted all .bak registry entries from here:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

There is a hotfix here for a similar issue on 2012 but it does not apply to 2012 R2

The only event viewer errors are:

1515 (Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.)

1511 (Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.)

Any suggestions to resolve would be greatly appreciated.

Russ

Outlook 2010 ask for password when Windows Password change on RDS 2012 R2

January 8, 2016, 5:09 pm
$
0
0

Every time on of my users change the Domain Password they need to enter their Outlook 2010 password, we are using hosted exchange (Outlook Anywhere with Basic Authentication). Every single user is login with a domain account using Home Folder Redirection and Roaming Profile on our Session Host Servers with Server 2012 R2.

Any ideas why is Outlook 2010 asking for password??

[TERMIAL SERVER SRV 2012 R2] Apply/Active License

January 6, 2016, 8:03 pm
$
0
0

Dear all friend, and expert.

i bought 10 license for termial services, but i cannot active them :(. I dont know why after 120days, my termial server has expired, all users cannot access PRODUCTION SYSTEM.

Plz help me active license for termial service on window 2012 R2.

Thank you so much!!

Disappearing RDWeb Icons

January 6, 2016, 6:32 am
$
0
0

I have and RDS 2012 deployment with one RDWeb Gateway server, 2 brokers and many hosts. Today we have had an issue where a few users from one particular child domain are not able to see any RemoteApp Icons when they log into RDweb.

Other users in the same domain (and same physical LAN) are able to see everything just fine. I logged into RDWeb on one of the users machines and was not able to see any icons either. From another machine, it worked just fine.

I have restarted the Web Gateway server and  have the affected users using the remote apps through their start menu (no issues there). My steps are to have the users try from another known working PC and I am going to start RDWeb Tracing on the web gateway.

I did check the WMI security permissions on their terminal server and I see the RDS Remote Access Servers, RDS Endpoint Servers and RDS Management Servers in there as they should be. Any ideas?

Remoteapp does not support Microsoft /Windows store apps

January 23, 2016, 10:52 am
$
0
0

In Windows 8.1,  Notepad.exe worked fine through remoteapp , but windows/Microsoft store apps such as Money.exe or Netflix.exe does not work as expected.

The error message:  Couldn't open this program or file. Either there was a problem with the Netflix or the file you are trying to open couldn't be accessed.

Appreciate so much for any helping in advance!

Julaine

Viewing all 5613 articles
Browse latest View live
Search