Quantcast
Channel: Remote Desktop Services (Terminal Services) forum
Viewing all 5613 articles
Browse latest View live

RDS cal License Migration Partially

June 29, 2018, 3:20 am
$
0
0
We have few hundred RDS CAL license in server 1 and New Server 2 having 0 licenses in server 2 . Both are at different locations but in same network with different scope of IP. 

We want to move some(about 250) of the RDS CAL License from server 1 to server 2.
Is this technically possible ? ==> Please advise steps
Does it needs microsoft involvement(Such as change in license agreement /Authorization numbers) etc ?  ==> Please advise the process..
Scenerio is like that :

Current 
Server 1 ==> 500+ Licenses
Expected

Server 1 (OS 2K12) ==> 250

Server 2(OS 2K12) ==> 250



Thanks & Regards
 Sach Dev Thakur

Search

Switching from Device to User CALS

July 17, 2018, 5:54 am
$
0
0

Hi,

We use a single RDS license 2012R2 server with our Citrix XenDesktop setup. We wish to switch from Device to User Cals. How would this be achieved? Just a single GP with the setting enabled and User selected and then applied to the RDS license server or is their more to it than that?

regards,


RemoteApp fails to connect on a single PC

May 2, 2018, 11:56 am
$
0
0

I have 2 different customers that both have 1 PC each that will not run RemoteApps from their terminal server.  This started on about 4/15/2018 for the first customer, and the second customer had the issue since at least 4/23/2018.  These are established Remote Desktop Services installations with other PCs able to run the apps fine, and these PCs were able to successfully run the RemoteApps previously.

When they attempt to run the RemoteApps, it immediately pops up an error message stating "Your computer was unable to connect to the remote computer.  Try to reconnect. If the problem continues, contact the owner of the remote computer or your network administrator."  However, both workstations can still successfully open a Remote Desktop Session to their respective terminal servers.

I have gone through Event Viewer on the Remote Desktop Services servers and could not find any correlating events. I searched through Application, System, Security, and all of the Remote-Desktop*, RemoteApp*, RemoteDesktop*, and TerminalServices* logs in Applications and Services Logs/Microsoft/Windows/.

On the client PCs, I do find a correlating event in Microsoft-Windows-RemoteApp and Desktop Connections/Operational. Example:

Log Name:      Microsoft-Windows-RemoteApp and Desktop Connections/Operational
Source:        Microsoft-Windows-RemoteApp and Desktop Connections
Date:          5/2/2018 11:19:04 AM
Event ID:      1041
Task Category: Connection
Level:         Warning
Keywords:      
User:          LOCAL\dustins
Computer:      ICE64803.****.com
Description:
Remote application (IQWin32) is launched on RemoteApp and Desktop connection (SRV-TS.****.com) but no stored credentials are used for single sign on. (Reason - RemoteApp and Desktop connection does not exist)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-RemoteApp and Desktop Connections" Guid="{1B8B402D-78DC-46FB-BF71-46E64AEDF165}" />
    <EventID>1041</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>102</Task>
    <Opcode>0</Opcode>
    <Keywords>0x2000000000000000</Keywords>
    <TimeCreated SystemTime="2018-05-02T18:19:04.696115700Z" />
    <EventRecordID>5420</EventRecordID>
    <Correlation />
    <Execution ProcessID="7192" ThreadID="6584" />
    <Channel>Microsoft-Windows-RemoteApp and Desktop Connections/Operational</Channel>
    <Computer>ICE64803.local.innovativecomposite.com</Computer>
    <Security UserID="S-1-5-21-****-****-****-3621" />
  </System>
  <UserData>
    <EventXML xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="Event_NS">
      <RemoteAppName>IQWin32</RemoteAppName>
      <ConnectionName>SRV-TS.****.com</ConnectionName>
      <Reason>RemoteApp and Desktop connection does not exist</Reason>
    </EventXML>
  </UserData>
</Event>

At the first client, the Remote Desktop Services server is Windows Server 2016 and the workstation is Win 10 Pro.

At the second client, the Remote Desktop Services server is Windows Server 2012r2 and the workstation is Win 7 Pro.

Any and all help would be appreciated.

Thanks,

jeff


Windows 2016 RDS Deployment

July 21, 2018, 5:31 am
$
0
0

Dear All,

I am new to RDS.

my queries as follows

1. how to give access to our on-premise servers from the internet? (connect to remote PC).

2. I would like to add 2-factor authentication when the user tries to access through the internet

3. only group of users should have access to the group of servers

4. does it require RDSH for above requirements?

5. does it require RDCB for above requirements? 

Thanks,

Shashidhar




2012 RDP / RDS Remote Desktop Terminal Server incompatible with Windows 2016 Domain Controllers? Access Denied

July 7, 2018, 11:11 pm
$
0
0

So we have a few 2012 R2 Terminal Servers at my company that were working fine until we started the process of replacing our Domain Controllers with new Windows 2016 Servers.

Since then our users are getting intermittent "Access Denied" errors when they try to RDP to these terminal servers.

Generally the "Access Denied" error occurs when a terminal servers starts to use one of the newly added 2016 domain controllers. We can workaround the problem by sending an command telling the terminal server to use one of the older 2012 R2 domain controllers instead. Then things work again.

So the question:

Is there a misconfiguration with the new 2016 domain controllers or can an adjustment be made with the 2012 Terminal Servers?

Is the problem that Windows 2016 Domain Controllers are not compatible with 2012 R2 Remote Desktop Services servers?

We are having problems finding documentation on this.

What we do know is that if we decide to start upgrading to new 2016 Terminal Servers we will have to purchase new 2016 RDS Cals (not sure if we are budgeted for that...)

For those interested, you can find out the domain controller you are using by running the following elevated PowerShell command (this assumes the command is run remotely as you might be locked out due to the RDP access denied error):

nltest /Server:<your-terminal-server> /DSGETDC:<ad domain>

to specify the domain controller you want to be on (in our case we want to switch to back to a 2012 R2 domain controller), the command is:

nltest /Server:<your-terminal-server> /SC_RESET:<ad domain>\<specific domain controller>

RDWeb - Password complexity error

July 25, 2018, 5:23 pm
$
0
0

I just configured RDWeb-access on the server by setting the PasswordChangeEnable as true (IIS -> Pages -> Application settings)

Page shows up, Users can login..all good.


The problem is, when they try to change their password, it says: 

Your new password does not meet the length, complexity, or history requirements of your domain. Try choosing a different new password.

No matter what password you put it, it would not take the password. I even tried something like A19G8fczAe!!W

** I have disabled password complexity in Group policy. ** still no hope.

BUT - when i go to AD and set the user to : Must change password at next login.

Then I go to RDWeb and try. It successfully changes the password..


So it only works when i set the user up to MUST CHANGE PASSWORD NEXT LOGIN..


is it how it should work?


Users want to change their passwords whenever they want..but it doesnt work.

am I missing something?




An authentication error has occured (Code: 0x607)

December 3, 2012, 6:30 pm
$
0
0

Hi all,

This one is driving me NUTS! The problem itself is when I go to connect to a session host using a web access server I get the error in the title.  This is only happening to some of my session hosts and not all.  I have compared them and can't find a single difference.  I also cant find anything useful in the event logs about this.  Below is my setup.

A full RDS environment using all Windows Server 2012 Data Center.  Nothing 2008 R2.  All Clean installs.

I have 6 servers a VM's split evenly between 2 ESXi 5.1 Hosts.
1. MP-RDP-CB1.inucoda.net (Connection Broker 1)
2. MP-RDP-CB2.inucoda.net (Connection Broker 2)
3. MP-RDP-GW1.inucoda.net (Gateway Server 1)
4. MP-RDP-GW2.inucoda.net (Gateway Server 2)
5. MP-RDP-WA1.inucoda.net (Web Access Server 1)
6. MP-RDP-WA2.inucoda.net (Web Access Server 2)

inucoda.net is an network that is the Domain that all servers are joined to via 2 Domain Controllers splits between each ESXi Host.
My outside domain that you can get to from the web is ucoda.net

The connection brokers have all servers used including session hosts added to the server pool and are configured in HA mode. They use a SQL Server 2012 Fail-over cluster that is on a separate set of VMs for their database and the DNS is configured as round robin. MP-RDP-CB.inucoda.net.  There are two entries of this each with one of the two IPs of the CB1 and CB2 servers.

On each CB server there is a RDS License server role installed with CALs installed and activated/registered. Both LIC servers have been added to the RDS deployment properties.

The GW servers each have the NLB role installed with an extra network adepter for NLB use. There is a DNS name of MP-RDP-GW.inucoda.net that points to the NLB IP of the GW Cluster.  Also both GW servers were added to the GW Server Farm part of the the GW properties.  

The WA servers are also in a NLB Cluster with an extra adapter and a DNS of MP-RDP-WA.inucoda.net pointing to the NLB IP.

Up steam from our inside Windows Domain at our ISP level there is a DNS entry of MP-RDP-WA.ucdoa.net and it points to the NLB IP of the WA NLB Cluster.  (This is not a public IP, we require you be on our VPN to be able to access the IP).

For certificates we have a Comodo issued wildcard of *.ucoda.net with the corresponding Comodo Root Trust and Intermediate Certs. We also have a wildcard *.inucoda.net created by our inside CA.

The *.inucoda.net cert is used for the CB SSO, CB Publishing, and GW while the *.ucoda.net cert is used for the WA.

All session hosts have been configured to use the *.inucoda.net for their RDP sessions.

I can confirm that the *ucoda.net cert is used for the WA part and all other parts are reporting the *inucoda.net, all with no errors or warnings.

For each session collection only one session host is used with no apps, (just RDP).  Security is set to only use NLA, SSL 1.0, High.

On each session host I have verified that the *inucoda and *ucoda certs are installed and the internal CA and Comodo CA/Intermediate CA is installed in the correct stores.  I have also verified that COM Security has the domain\TS Web Access group set with full perms for the Access and Launch/Activation. Also for WMI  Root\CMIV2\TermicalServcies Security has the domain\Ts Web Access group set with full perms. Lastly each group/user that has access to RDS is listed in the Remote Desktop users.

I've checked that both WA servers are listed in the TS Web Access group.

The GW servers RAS/RAP policies are set to be pretty open for testing with using any port, any network resource, and Domain Users and Domain Admins listed.

I have been trying to connect with Windows 8 and Windows 7 clients as the domain\administrator account.  Some of my session hosts connect fine and other don't .  It's always the same ones that connect and don't connect.  I can't find any difference  between the.   I've also blown away my entire RDS and started over with just a 3 server single node model with no NLB or RR DNS and the same exact error happens on certain servers.  I have sense gone back to the 6 server setup described here and again the same error on the same session hosts.

I have also tried Negotiate and RDS Compatible and disabling NLA only for security.  No change.  Now here is the interesting part. If I remove GW servers from RDS by just saying not to use them (not actually uninstalling them or anything), all session hosts connect just fine every time.  When I first did my RDS setup I got he same error with code 0x607 for every connection attempt and found i had to set the RAS/RAP to use any network resource instead of Domain Computers.  However, it is currently set like that and some still don't connect.   So it works with out the GW servers just fine.  It also works without them in the 6 node setup as well as the 3 node setup. 

I don't want to use it without the GW servers because since I am using all inside subnets with a VPN I have to add the CB IP/Name to my host file or it will not resolve and give an error about reaching the Connection Broker. Because I want to use a HA setup this is no good as there are two servers for it.  That's why I use the NLB IP of the WA and publish it with outside DNS with our ISP. 

Any ideas at all??

Thanks,
Chris

SQL express 2017 on Connection Broker server

July 19, 2018, 3:42 am
$
0
0

Dear All,

i have installed SQL express 2017 on Connection broker server. when tried to configure Connection broker high availability its showing SQL server connectivity issue. 

ran the following powershell query

Set-RDConnectionBrokerHighAvailability -ConnectionBroker "RDCB.Contoso.com" -DatabaseConnectionString "DRIVER=SQL Server Native Client 10.0;SERVER=sqlserver.contoso.com;Trusted_Connection=Yes;APP=Remote Desktop Services Connection Broker;Database=RemoteDesktopDeployment" -DatabaseFilePath "C:\RDFiles\RemoteDesktopDeployment.mdf" -ClientAccessName "RemoteResources.Contoso.com"

Thanks,

Shashidhar

Search

RDS apps hangs with error 0xe0464645

July 19, 2018, 11:37 pm
$
0
0

RDS apps hangs with error 0xe0464645 in unexpected moments.
I can see above behaviour on basic Windows apps like explorer or taskmgr, third party apps like totalcmd and java apps on jdk 1.8.  Amazingly Chrome browser seems to not fail with this error maybe because lack of user interactions like in apps above.

Error occurs for clients on Win7 and Win 10.
Error details from windows server 2016 log is always the same:

Faulting application name: dwm.exe, version: 10.0.10240.16384, time stamp: 0x559f3907
Faulting module name: KERNELBASE.dll, version: 10.0.10240.17394, time stamp: 0x590285b4
Exception code: 0xe0464645
Fault offset: 0x000000000002a1c8
Faulting process id: 0x1180
Faulting application start time: 0x01d41f5858025678
Faulting application path: C:\Windows\system32\dwm.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 176068bc-37fb-47f6-8bbb-8a8ee6b801d0
Faulting package full name:
Faulting package-relative application ID:
Event ID:1000

Other apps hangs with detials "Top level window is idle"


<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System><Provider Name="Application Error" /> <EventID Qualifiers="0">1000</EventID> <Level>2</Level> <Task>100</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2018-07-19T13:34:46.000000000Z" /> <EventRecordID>4580</EventRecordID> <Channel>Application</Channel> <Computer>RDS.int</Computer> <Security /> </System>
- <EventData><Data>dwm.exe</Data> <Data>10.0.10240.16384</Data> <Data>559f3907</Data> <Data>KERNELBASE.dll</Data> <Data>10.0.10240.17394</Data> <Data>590285b4</Data> <Data>e0464645</Data> <Data>000000000002a1c8</Data> <Data>1180</Data> <Data>01d41f5858025678</Data> <Data>C:\Windows\system32\dwm.exe</Data> <Data>C:\Windows\system32\KERNELBASE.dll</Data> <Data>176068bc-37fb-47f6-8bbb-8a8ee6b801d0</Data> <Data /> <Data /> </EventData></Event>


Clients logon to Metro screen on RDP to WS2012 server

July 20, 2018, 1:54 am
$
0
0

Hi, 

I have several clients using handheld devices that RDP to WS2012, but on logon they see the WS2012 Start screen (Metro). I need them to logon straight to desktop. I have a .bat script that starts an erp program which does happen, but is obscured by the Metro screen and from their devices it is difficult to minimise to desktop.

In WS2012(R2) on task bar properties there is a navigation tab where this can be configured but this is not available on WS2012.

I've read that RDP should go straight to desktop on login but it's not the case for these users.


Remote Desktop Fails

July 19, 2018, 8:11 am
$
0
0
I have a Windows 2012 server where the Remote Desktop Connection fails after some random time.  Rebooting the server brings back the function.  I would like help is solving this issue or create a fix that does not bring down the entire server which interrupts the business.

Multiple RDP Sessions?

July 20, 2018, 4:04 am
$
0
0

Hi All,

Currently running a RDS setup, via the remote app multiple connections can be established however while using RDP only 2 connections can be established at a time. 

Is this feature by design or is this due to configuration/licensing?

Why does RDP try to use a MicrosoftAccount when using RDP, WHAT is the use-case for this?????

July 20, 2018, 8:11 pm
$
0
0

Hi there, 

All in the subject really, dont want to get ranty but why is windows 10 such a UI mess of things that just dont work 

Anyway, I'm on a domain, trying to RPD to the DC and this crappy MicrosoftAccount. It dosent work, is it a live account?

It has my domain credentials, but entering the correct password, just fails?



Server 2016 End Disconnected Session for particular account not working

July 20, 2018, 3:09 am
$
0
0

I am using a remote Server 2016 VPS from a provider and wish to configure a  user account Test to terminate after 1 hour of being disconnected. From the server Admin account I have accessed Computer Management -> Local Users and Groups-> Users -> Test and in the Sessions tab of account properties set Ends a Disconnected Session to 1 hr. However, the disconnected Test session does not close after 1 hr of disconnection. (As shown by Task Manager-> Users which shows the Test account in a disconnected state after more than 1 hr of disconnection.)  I have restarted the server and disconnection still does not occur after 1 hr. Is there something else I need to do?

Remote Desktop Connection wont connect from external networks port 3389 IS OPEN by my ISP

July 22, 2018, 9:13 pm
$
0
0

Trying to connect from my laptop to desktop.. I can connect fine on the network but off the network I get the following message:

Your computer can't connect to the remote computer because the remote desktop gateway  server address requested and the certificate subject name do not match. Contact your network administrator for assistance.

At first I got the error that the certificate was not trusted so I figured out how to import the certificate to the trusted certificates and then I thought it was fixed but I got the error message above..

Please help


Search

Azure NPS extension

July 23, 2018, 2:03 am
$
0
0

Dear all,

we have configured RDS gateway integration with Azure NPS Extension.

when user tries to access RDS its showing initiating

RD Gateway NPS Error

An Access-Request message was received from RADIUS client 10.0.1.5 with a Message-Authenticator attribute that is not valid.

 


Script to test ability to logon and use terminal services

July 23, 2018, 9:17 am
$
0
0

Right now we are seeing an issue with RDP were the user profile service hangs on logging in.  Port 3389 is showing up fine.

I wanted to see if anyone has a script or tool that would try to login all the way to multiple servers and make sure they get a desktop.  That way I could check on those servers.

I have SCOM 2016 Available if that can be used to do this as well.

IMsRdpDeviceV2 interface is not available in MsTscAx.dll

July 23, 2018, 11:54 pm
$
0
0
IMsRdpDeviceV2 interface is not available in MsTscAx.dll 
https://stackoverflow.com/questions/51491313/is-imsrdpdevicev2-documented-in-msdn-but-not-available-in-mstscax-dll
  • 10.0.17134
  • 10.0.16299
  • 10.0.15063
  • 10.0.14393
  • 10.0.10290
  • 6.1.7601

are there any code sample for redirecting devices using IMsRdpDevice?

Migration of User Profile in Windows Terminal Server

July 24, 2018, 1:28 am
$
0
0

Guys,

I want to migrate user profile from 2008 r2 Terminal server to 2012 r2 Terminal server.... How I can I do this without any problem? 

Thanks  

my remote destop is very slow

July 24, 2018, 3:05 am
$
0
0
please i need help on why my remote desktop protocol is very slow and tutorials on what to do. any assistance will be greatly appreciated
Viewing all 5613 articles
Browse latest View live
Search