On a Windows 2008 R2 workgroup server, no domain involved, get this error every few days, no one can log in to Remote Desktop, get the Waiting For Group Policy Client error, there are NO custom Group Policies either:
Faulting application name: svchost.exe_SessionEnv, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: TSVIPSrv.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ca09
Anyone know of a fix?
Thanks in advance!
Hi,
I am using handheld with Windows CE 5.0 as thin clients to connect to Terminal Services server. Everything works fine with Windows Server 2008R2, but I'm not able to connect to Windows Sever 2012. Terminal server is Windows Server 2012 Standard whit session-based Remote Desktop Services role installed. On Remote Desktop Host configuration NLA is disabled. While connection following error appears: "Because of a security error, the client could not connect to the remote computer”.
Thanks
Dominik
I have majority of my users using laptops (Win 10) through wifi connection to logon to the server (2012 R2), most of them face issues with temp profile being used but when same user logon on a desktop computer they get their profiles and shared drives working.
What could be this reason and how can I resolve this.
Thank you
Hello
We recently did a migration of our RDS Server to a brand new Windows 2012 R2 server.
All was working fine but we started to have this messages in the RemoteConnectionManager event log:
Log Name: Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin
Source: Microsoft-Windows-TerminalServices-RemoteConnectionManager
Date: 9/14/2016 8:42:53 AM
Event ID: 20499
Task Category: None
Level: Warning
Keywords:
User: NETWORK SERVICE
Computer: XXXXX.com
Description:
Remote Desktop Services has taken too long to load the user configuration from server\\xxxxx for user xxxx
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-TerminalServices-RemoteConnectionManager" Guid="{C76BAA63-AE81-421C-B425-340B4B24157F}" />
<EventID>20499</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2016-09-14T15:42:53.300353800Z" />
<EventRecordID>388</EventRecordID>
<Correlation />
<Execution ProcessID="28452" ThreadID="50892" />
<Channel>Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin</Channel>
<Computer>XXXX.com</Computer>
<Security UserID="S-1-5-20" />
</System>
<UserData>
<EventXML xmlns="Event_NS">
<ServerName>\\XXXXX</ServerName>
<UserName>agranados</UserName>
</EventXML>
</UserData>
</Event>
Everytime this error message is logged the user gets disconnected from their RDS session.
So far we tried the following:
- Validate AD health (sites,subnet,replication, sysvol)
- We changed the DisableTaskOffload option as suggested in other posts
- We verified the group policy settings applied
Unfortunately we still haven't found what the root cause of this issue is.
Any suggestion of similar previous experience is welcome.
Thanks in advance!
Cristian
Regards. Cristian V.
Folks,
Just noticed this becoming an issue on a Windows 2012 R2 Terminal Server after the last round of Patch Tuesday updates stemming from August 9th, 2016.
Typically, I'm rebooting the server every 24 hours to over-correct the issue - rebooting not being the best option here.
In previous discussions, it's advised to remove KB3002657 or KB3035132 from the server. Is this still the best option to restore full functionality even with the last round of patches and updates? Just to confirm, we are not using webroot as an AV solution.
Good morning,
Looking on TerminalServices-LocalSessionManager\Operational i found strange messages. That i would like to understand to be sure to have no security issues.
About every time the machine is switched on and sometimes during is working time i see this messages: (oldest to newest)
time:10/12/2016 9:49:16 AM
Event Id:41
Message:
Begin session arbitration:
User: CURRENTUSERNAME
Session ID: 27
User: CURRENTUSERNAME
Session ID: 27
time:10/12/2016 9:49:17 AM
Event Id:21
Message:
Remote Desktop Services: Session logon succeeded:
User: CURRENTUSERNAME
Session ID: 27
Source Network Address: LOCALE
I see this messages when remote desktop was not used.
This is a Win10 pc with anniversary update. Does it should be somethin related to the new "remote assistance functionality"?
Is there anyone that can help me to better understand what's the reason of this messages?
thank you very much.
WS2012 RDS infrastructure, domain member W10 clients, domain users.
I've set the "Specify default connection URL" policy to the full path to the RemoteApp feed. Clients are not adding the feed, and log this event:
-----------------------
Log Name: Microsoft-Windows-RemoteApp and Desktop Connections/Admin
Source: Microsoft-Windows-RemoteApp and Desktop Connections
Date: 10/6/2016 10:20:44 AM
Event ID: 1004
Task Category: Setup
Level: Error
Keywords:
User: DOMAIN\Username
Computer: COMPUTER.DOMAIN
Description:
The URL you typed does not have a connection.
Connection name:
Connection URL: https://remote.domainname.com/rdweb/feed/webfeed/aspx
Error code: 0x80072EFC, 0x194
-----------------------
The path is correct.
Split DNS is set up. The server is named remote.domainname.com whether on the LAN or WAN. Certs are *.domainname.com. So it's not a cert name mismatch as seen here: https://social.technet.microsoft.com/Forums/en-US/023bbb37-94e7-4ea2-a3b7-f885bb0f02e3/remoteapp-desktop-connection-deployment-in-2012-error-1004?forum=winserverTS.
When I manually enter the URL in RemoteApp and Desktop Connections, it works. I am prompted for credentials to add the feed, but not when running the resulting RemoteApps (IOW, CredSSP is working when running the RemoteApps). Is auth during setup what's tripping me up here? The GPO help text says default Windows credentials are passed.
[edit]
Oops...wait...the URL ISN'T right. "/aspx" should be ".aspx". You know how you look at something 1000 times and it looks right, and then on the 1001st time after posting to Technet, you see it?
After changing it, it worked perfectly.
Never mind!
Hi,
We have purchased
6VC-02071- winRemDsktpSrvcs CAL 2012SNGL OLP NL DVCR CAL 5nos
End customer : Iten Soft Solutions Pvt.LTd.
When we have downgrade to win 2008 r2 and activated the cals we are able to visualize only 2 users(i think i.e default one)whereas we require 5users.
When the 3<sup>rd</sup> user is logging in we get the error msg Error:a user to disconnect server so we that may login
When the CALS are activated also it shows in – issued as 0
Pls resolve this issue on High-priority.
Limit Number of Connections setting default 2 is there when i change to 7 not apply unlimited connection are disabled.
We currently use Dell vWorkspace to publish internal applications to internal and external users, including our customers. The architecture includes web servers to publish the URL entry point, connection brokers to distribute RDP sessions and terminal servers to allow our users to RDP and run their published app(s).
The problem we have is that we are predominately running Solomon, which we can only get to run on Windows 2008 x86 terminal servers so implementing RDS is not an option as this only supports Windows 2008 R2 terminal servers.
Is there a solution to this considering we want to get rid of Windows 2003 Server?
| +-- JDMils |
Hi,
I have a question about a setting in the session collection properties in an RDS farm.
why is the memory Column showing 0 MB as you can see in the screenshot when both servers have 48GB internal memory?
Thanks in advance
Hi Technet
From a long term project we have developped a more or less RFC 2865 compliant RADIUS Server. It supports challenge/response in order to check an OTP sent by text message. For any RADIUS capable client (e.g. firewalls, SSL VPN, Direct Access) we may use our RADIUS Server to protect those appliances with a 2FA/MFA.
Now we would like to test our RADIUS Server with RDS 2012 R2.
We have set up a Demo LAB with a DC and a member server holding all the RDS roles (RD Web Access, Connection Brocker RD Session Host, RD Gateway). This setup works as expected.
There are a lot of partly documentations about NPS and RADIUS and RD Gateway Manager and RADIUS. But there is no how to implement a custom RADIUS Server.
So: which steps do we need to protect the RD Gateway with our RADIUS Server?
And it does look like our RADIUS Server does not respond correctly to the NPS request:
This is what we receive:
Code : 1 Access-Request
Identifier: 28
Length : 156
------------------------------------------
1 User-Name : lab\user1
6 Service-Type : 12
26 Vendor-Specific : Vendor-ID: 311 (Microsoft)
Data: 2F 06 00 00 00 01
30 Called-Station-Id : UserAuthType:PW
33 Proxy-State : ?? ?2??+??
61 NAS-Port-Type : 5 Virtual
80 Message-Authenticator : 3F 13 3F 3F 3F 56 3F 01 3F 3F 25 2A
------------------------------------------
And what we respond:
Code : 2 Access-Accept
Identifier: 28
Length : 40
------------------------------------------
18 Reply-Message : Welcome lab\user1
------------------------------------------
For every Firewall, Appliance, Direct Access, Citrix NetScaler our response works. But why won't it work with RD Gateway? It is resending its Access-Request 5 times and we are responding always with Access-Accept. But no Access to the RDP.
BTW: We have no information about RADIUS Service Type 12. RFC 2865 has values from 1-11, but MS RD Gateway sends 12?
Any Ideas?
I'm unable to connect to Bluetooth ...I found a media library corrupt ..and now I'm wondering should I be connected to my remote desktop connection
I cannot post any images, as my account isn't yet verified (first post)...
Hi Technet
I've added User Profile Disks and checked every tick for "Store only the following folders" on the RDS:
Everything works as expected. But with tihs configuration most of the private data are stored within the UPDs. Therefor I want to redirect the "personal folders" to our NAS.
As in previous infrastructures I used the folder redirection policy. As a test, I tried only to redirect the "Music" folder (unchecked from list above (see screenshot):
I linked and the filtered the policy as follow
(for testing purpose I even added the RDS-Server to the filtering)
Now, when I log in as any user the music folder isn't part of the UPD anymore: The "Music" folder is missing the link-arrow but still points to C:\Users\%username%\Music. But as in the first screenshot stated "all other folders are not preserved". And that's exactly what's happening. If I save something in the folder it's gone.
But I thought with the Folder Redirection Policy those folders are redirected to the designated root path - and that's exactly what's not happening.
I tried the following types of Root Folder for the policy:
I've added the RDS-Server and even the DCs to Security Filtering of the policy (I remembered something of Merge).
I gave full access to the Root Path to everyone, to authenticated users, to domain users
I have no clue, why my Music-Folder isn't redirected.
But I know the policy gets applied as I made a Test-Shortcut on the Desktop which gets created:
What am I missing?
Many thanks!
Hi.
I've made a VM (win7) on server A, exported it and imported on server B.
It starts and everything looks fine. So I sysprepped it and tried to use as the template for Personal Virtual Desktop collection.
The Integration services are the latest bun adding vm to Collection stops with an error:
Failed: the Integration Components in the virtual desktop template are not the correct version
What is the reason of such error and how to get rid of it?
Planning to enroll a few RDS servers:
2x 2012R2 Server with the session host role installed, placed in a collection (internal lan)
1X 2012R2 Server with the Gateway, Web Access, Connection Broker role installed (DMZ).
Is is supported to deploy the connection broker in the DMZ? Or is it best to move all servers to the internal LAN because it isn't supported?
Scenario:
Gateway, Web Access, Connection Broker (DMZ) | firewal | 2x session host servers (internal
I have a server 2012 R2 set up with RDS. With most of my Win 10 clients, I can remote into the server via RDP/RDC or RDWeb. However, I have one Win 10 machine that logs in with RDWeb, shows the app icons, but when I try to run one of the apps by clicking the icon, I get an error message that the Remote Desktop Gateway server is temporarily unavailable. It is not since other Win 10 machines can connect to it. In fact there are a number of Win 7 machines that can also connect to apps successfully.
The Gatway server is the same as the RDS host. I do have the FQDN set in the gateway setup. I have looked at dozens of posts and articles but so far cant seem to find a solution. I thought it might be a bad RDP version so I updated the problem Win 10 machine. Still, I get this message. Any thoughts?
Thanks,
Jeff King
Hi There
A very quick on this.
I'm wondering if its possible to resync a server after its lost connection with the primary DC without having to restart the terminal server?
We encountered an issue where the DC froze and needed to be rebooted. Then as a result the terminal servers attached to the domain took a performance hit (users were unable to login, grinding to a halt on the welcome screen, performance slow etc) I'm hoping there's a command available to force a re-synchronisation with the DC so 80 users on both don't have to struggle to log off their RDP servers?
Many thanks for all your time
Jon
Kind Regards, Jon
Hi
I have such RDS farm configuration
I want to move all roles from sev2 and sev3 to sev1
To move WEB Access role I want to add Web Access role to sev1 and then remove sev3 from RDS farm (I have tested this and its worked)
For License server there is migration wizard so it should not be problem.
But how to move RD Connection Broker to serv1 server and remove old? I can not find any solution to do this ?
Any tips would be very helpfully ?
Thanks in advance