Quantcast
Channel: Remote Desktop Services (Terminal Services) forum
Viewing all 5613 articles
Browse latest View live

RD Gateway NPS issue (error occurred: "23003")

February 19, 2019, 4:01 pm
$
0
0

I setup a RD Gateway on both Windows server 2016 and Windows server 2019. That should be a strainght forward process following Microsoft doc and multiple other website (https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/rds-deploy-infrastructure).

When I try to connect I received that error message Event Log Windows->TermainServices-Gateway

The user "DOMAIN\Username", on client computer "IP", did not meet connection authorization policy requirements and was therefore not authorized to access the RD Gateway server. The authentication method used was: "NTLM" and connection protocol used: "HTTP". The following error occurred: "23003".

I found many documentation that claim that registering the NPS server (https://docs.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-manage-register) should fix that issue, I register the server. Both are now in the "RAS and IAS Servers" Domain Security Group. But We still received the same error. Can in the past we broke that group effect?

I continue investigating and found the Failed Audit log in the security event log:

Network Policy Server denied access to a user.
Contact the Network Policy Server administrator for more information.
User:
 Security ID:   NULL SID
 Account Name:   DOMAIN\Username
 Account Domain:   DOMAIN
 Fully Qualified Account Name: DOMAIN\Username
Client Machine:
 Security ID:   NULL SID
 Account Name:   LM-G710-8.0.0
 Fully Qualified Account Name: -
 Called Station Identifier:  UserAuthType:PW
 Calling Station Identifier:  -
NAS:
 NAS IPv4 Address:  -
 NAS IPv6 Address:  -
 NAS Identifier:   -
 NAS Port-Type:   Virtual
 NAS Port:   -
RADIUS Client:
 Client Friendly Name:  -
 Client IP Address:   -

Authentication Details:
 Connection Request Policy Name: TS GATEWAY AUTHORIZATION POLICY
 Network Policy Name:  -
 Authentication Provider:  Windows
 Authentication Server:  SERVER.FQDN.com

Authentication Type:  Unauthenticated
 EAP Type:   -
 Account Session Identifier:  -
 Logging Results:   Accounting information was written to the local log file.
 Reason Code:   7
 Reason:    The specified domain does not exist.

I have then found that thread which claim that I should disabled NPS authentifaction

https://social.technet.microsoft.com/Forums/windowsserver/en-US/f49fe666-ac4b-4bf9-a332-928a547cff77/remote-desktop-gateway-denying-connections

I try it but disabling the NPS authentification leave me a bad impression...

Did anyone have a clue why I cannot resolve the domain.

For the testing/debuging purpose and I install The RD Gateway on a AD member server in main network, no other firewall than the windows one.

The only thing I can suspect is that we broke the "RAS and IAS Servers" AD Group in the past.


Search

RDS 2016 - Priorize a RDSH server for a specific app

February 4, 2019, 2:58 am
$
0
0

Hello,

I have a RDS farm running on Windows Server 2016 with 1 RDCB and 2 RDSH.

I would like to add a new RDSH on a branch office to use a local application, and priorize this app on the local RDSH.

As the local RDSH has an issue, connections will be automatically go the headquarters RDSH servers.

Is it possible to do this ?

Thanks in advance.

rdVH deployment FAIL

February 3, 2019, 3:09 am
$
0
0

I had 3 VM collections, were working all right! All of a sudden, If I try to create another Virtual collection i get this error with empty reason for failure. (with any Windows version)

If I choose the option to create Profile disks it says it failed to create Profile disks, but when I go in the collection to reconfigure it a red error appears saying there are no rdVH or rdSH. ...but the VMs appear when I create a collection.

The collection is created with no machines in it. If I try to add a machine I get failure again and similar event log.

I have Sql HA, but I don't notice any errors there.

The connection Brokers services are usually crashing, and I need start them manually before I can access the RD server manager... maybe for another ticket.

---------

Log Name:      Microsoft-Rdms-UI/Admin
Source:        Microsoft-Windows-Rdms-UI
Date:          2/3/2019 12:56:33 PM
Event ID:      8224
Task Category: VDI Add VMs
Level:         Error
Keywords:      
User:          domain\private
Computer:      Flex.domain

Description:
win7-8: Adding virtual desktop Win8 failed. Reason: 
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Rdms-UI" Guid="{FB750AD9-8544-427F-B284-8ED9C6C221AE}" />
    <EventID>8224</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>9</Task>
    <Opcode>0</Opcode>
    <Keywords>0x2000000000000000</Keywords>
    <TimeCreated SystemTime="2019-02-03T10:56:33.596682200Z" />
    <EventRecordID>24</EventRecordID>
    <Correlation ActivityID="{7988E50D-BB27-0002-5720-8B7927BBD401}" />
    <Execution ProcessID="7392" ThreadID="7912" />
    <Channel>Microsoft-Rdms-UI/Admin</Channel>
    <Computer>Flex.domain</Computer>
    <Security UserID="S-1-5-21-224794525-14269677-1679037050-1105" />
  </System>
  <EventData>
    <Data Name="arg1">win7-8</Data>
    <Data Name="arg2">Win8</Data>
    <Data Name="arg3">
    </Data>
  </EventData>
</Event>

---------

And if I try to restart the rdVH service on the hyperv host the service fails to restart. A reboot will fix. The following error appears for every VM.

--------

Failed to set value of the '0x80070002' Data Exchange integration service item for virtual machine 'tenpro-n': 쾴쮎翶 (The system cannot find the file specified.) (Virtual machine ID 椏d)

---------

If I destroy the collection, remove and reinsert the server,  I see errors on Server manager:

RD Virtualization Host Configuration Failed on hypernest.domain With Error: VmHostAgent on 'hypernest.lab.lonblu.pro' could not sync the VM objects to CB:'Scom18.domain'. Exception: System.ArgumentException
   at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)
   at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
   at System.Management.ManagementObjectCollection.get_Count()
   at Microsoft.RemoteDesktopServices.Management.Cmdlets.VM.NumberOfObjectsInNamespace(String namespacePath, String query)
   at Microsoft.RemoteDesktopServices.Management.Cmdlets.AddRDVirtualizationHostCommand.AddRDVH()

------------------

I tried to remove all collections, reinsert the 2 HyperV hosts, and now I don't see any VM appearing in the list for creating a new collection.


Change Date format for all RDS users as dd/mm/yyyy

February 3, 2019, 1:38 am
$
0
0
I have a RDS running 2008 r2. Does anyone know how to change the date format for all users asdd/MM/yyyy.  I have tried the Administrative tab under region but it was not successful. 

RDMS not working with Windows Server 2019

February 1, 2019, 9:02 am
$
0
0

The error I get after installing the DC and RDMS :

"The server pool does not match the RD Connection Brokers that are in in. Errors: 1.Cannot connect to any of the specific RD connection Brokers servers. Ensure that at least one server is available and that the Remote Desktop Management (RDMS), RD Connection Broker (tssdis), or RemoteApp and Desktop Connection (tscpubrpcs) service are running.

Tried to restart the RD Connection Broker service from services.msc and it failed. reboot did not work.

I just want to know if there were any changes made or updates from Microsoft themselves regarding this or am I missing something?


Not able to login with locally created users in win2k8 r2 server after jan,2019 month patches.while using in built local user able to login.

February 2, 2019, 11:36 pm
$
0
0

Hi Team,

i am getting error while taking RDP in server ussing local admin id . getting below error:
but in vm console login is working ...during rdp coming below error.

an authentications error has occured.
local security authority cannot be contacted
this could be due to an expired password 
please update your password if it has expired.

server details: win2k8 r2, no other applications running, only dhcp roles,symentic av.

Note1: this is happening only with local users only which created by us. even i have created new users and added in NLB ,rdp,administrators but same error coming.
 Note 2:  While i am able to login with inbuilt user " administrator" id. and doamin id is also working.

some log evnt 1:

An account failed to log on.

Subject:
Security ID: NULL SID
Account Name: -
Account Domain:-
Logon ID: 0x0

Logon Type:3

Account For Which Logon Failed:
Security ID: NULL SID
Account Name: Cheehito
Account Domain:INBENEHINOCJH2

Failure Information:
Failure Reason:An Error occured during Logon.
Status: 0xc0000008
Sub Status: 0x0

Process Information:
Caller Process ID:0x0
Caller Process Name:-

Network Information:
Workstation Name:INBENEHINOCJH2
Source Network Address:-
Source Port: -

Detailed Authentication Information:
Logon Process:NtLmSsp 
Authentication Package:NTLM
Transited Services:-
Package Name (NTLM only):-
Key Length: 0

This event is generated when a logon request fails. It is generated on the computer where access was attempted.

The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

event log 2:

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.  

 DETAIL - 
 1 user registry handles leaked from \Registry\User\S-1-5-21-1476518630-2164716994-4173766908-500:
Process 1080 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1476518630-2164716994-4173766908-500\Printers\DevModePerUser

Kindly help on


RDP fails over a Windows VPN

February 5, 2019, 1:55 am
$
0
0

Using Windows 10, trying to RDP to Win2008 Server. 
When on a static IP, I can connect.
When on a VPN, set up through Windows, I cannot connect to the server.

I can Ping the server, but not Telnet on 3389 to the server, or RDP to its IP address (or its name)
Colleagues are able to RDP to the server, using same VPN set up.

Have tried turning off Windows Defender Firewall, without any success.
Maybe I need to add the IP address to the Hosts configuration ?

I know there are lots of questions about RDP over VPN, I am struggling to find a match to my situation.

Hoping someone can help!

Can't RDP / Network Share Across Subnet

February 19, 2019, 8:37 am
$
0
0

I have 1 Server that can't RDP or be RDP'd, access file shares or have its file shares accessed from other servers on a different subnet. 

I can access the file shares and RDP to and from it from other servers in the same subnet. 

Windows Firewalls are off, no I cannot change the IP address for testing because web and application services are dependent upon it. 

Other servers can access shares and RDP across the subnets just fine. It's literally just this 1 server that's having the issue.

Search

Easiest way to enable more than 2 concurrent RDP sessions on Windows Server 2016

June 5, 2018, 3:54 pm
$
0
0

Hello everyone,

I am trying to figure out the easiest way to allow more than 2 RDP sessions at a time on my Windows 2016 Server Standard. I have tried using the google to help, but there are so many suggestions and 90% of them result in the original poster disappearing so I don't know the best way to accomplish this. I don't need anything extravagant setup, I just need more than 2 people to be able to rdp into the server at the same time.

Any help would be appreciated.

Thanks,

RD session connections windows server 2016 - two computers couldn't connect in the amount of time allotted

August 13, 2018, 6:39 am
$
0
0

we have RDS installed in Windows 2016 standard edition and use session-base desktop deployment.

It was working fine for about one year. About two weeks ago, we started to have the following issue:

This computer can't connect to the remote computer.
The two computers couldn't connect in the amount of time allotted. Try connecting again. If the problem continues, contact your network administrator or technical support. 

When this issue happens, we find some users are disconnected in the RDS-Collections-QuickSessionCollection. But we cannot log/sign off those users, they are always showing there.

BTW, we can sign of those users in the Task Manager-Users. 

We can solve this issue by restarting the server. How to fix it without restarting the server?

Thanks!

Recovering Remote Desktop Services after installing AD

February 14, 2019, 9:34 am
$
0
0

We have two servers here. a 2008r2 domain controller, and a 2012r2 file/print/rds server.

I installed AD onto the 2012r2 server in the hopes that it could work as a backup dc, not realizing that doing so would kill Remote Desktop services.

So I removed AD from the 2012r2 in the hopes that would bring back RDMS, but it doesn't. Every time I try to start the service it says "The Remote Desktop Management service failed to start. Error code: 0x88250001"

Did installing the AD role change something that did not get reverted when I removed the role? Is there a way to get this server to accept RDP connections again?

As an aside, I am also getting this error message. "RD Connection Broker service denied the remote procedure call (RPC) from an unauthorized computer ::1."

Gateway RAP Network Resource Policy and AD groups

February 14, 2019, 8:19 am
$
0
0

I have been having difficulties getting the computer permissions to work by group in the RA Network Resource policy for remote desktop farms in HA mode.  Published app's fail to connect because I cannot find a way to add the HA gateway name to an AD group.  The AD group needs a computer account with the alias name of the connection broker.

I am always forced to use a RD Gateway-managed group or allow users to connect to any network resource in the RA policy.  Either of these are not desirable, we'd like to use a single AD group for this across multiple RDS servers in our farm.

Does anyone know a simple way to add an AD alias "computer" account for the HA Gateway name so I add it to an AD group and use that group in the RA Gateway policy to allow users to connect to published apps on the RDS servers themselves?

Microsoft Azure RemoteApp API

February 24, 2019, 10:41 pm
$
0
0

Is there or will Microsoft announce some kind of the API for the Microsoft Azure RemoteApp? 

Thanks.

RemoteAPP after windows 10 update 1803 are slow and right mouse button is not responding (it reacts only sometimes)

May 2, 2018, 7:30 am
$
0
0

Hi,

our workstations with Windows 10 pro are in this weekend updated to version 1803. For main system we use RemoteAPP aplications on Windows server 2012R2 (Windows server 2012R2 is full updated). After update on client station are RemoteAPP slower, and  right mouse button is unresponsive, or react verly long time... 

It is a big problem for us.

PS: after replace mstsc.exe and mstscax.dll from older version Windows 10 is all OK. but this is not a solution.

Thanks.


Maintenance mode on RDS collection

February 21, 2019, 4:06 pm
$
0
0

Hi All,

Just wanted to check with you all on is there a possibility to provide a maintenance window on RemoteApp collection level.

We have Production collection and Test Collection in an event we need to take down the production collection. For this purpose, we send emails to our client saying that that environment will not be available. Is there a way that we can let them know when they launch the RemoteApp?

We have 400+ end users that we need to notify when there is a maintenance window. 

BTW we have Window server 2012 R2 for all RDS servers.

I really appreciate your help.

Shekar-Technet

Search

Remote Desktop Services

February 17, 2019, 6:19 am
$
0
0
as per the company policy we disabled the printer redirection within group policy. Now i want the users to print from Remote session is there any alternate way?

Remote Desktop Services

February 17, 2019, 6:20 am
$
0
0

I placed a web server in DMZ zone by removing it from domain and tried to access the url but unable to access it?

Is it mandatory that web server should be in domain?

Remote Assistance to a workgroup computer

February 15, 2019, 9:30 am
$
0
0

Hello Microsoft Community,

We are deploying a fleet of HP t630 Thin Clients into our environment. These machines are running Windows 10 and will not be joined to the domain (just workgroup with two local users an admin one and a user one with the user one logging in automatically.) Since these are thin clients we do not want them to be domain joined. Our help desk is already using the Microsoft Remote Assistance product to remotely offer assistance to regular desktop users. We would like to come up with a way to also connect to these thin clients. Any idea how that can be done? Remote Assistance seems to only work when connecting to a domain joined computer. Thank You!

RDS Server in Azure is very slow...........

January 17, 2019, 2:23 pm
$
0
0

  We have deployed a RDS server D series V3 VM and a domain controller. which is B series. It is being used by 6 users only so its not a big environemnt. Just to add we are using Premium Disk and RDS server configuration is pretty beefy. The problem is:

1. RDS connection is very slow. Application takes long time to load up.

2. CPU usage on RDS server shows 100 %. 

Any help will be appreciated..

  

Remote desktop connection is crashing with an orange screen

February 21, 2019, 8:37 am
$
0
0
Until yesterday everything worked fine. Now the Remote Desktop displays the two screen shots of the 2 computers I am trying to connect to. However, when I click on the images the second window opens with an all orange screen and then both windows crash in a few seconds.
My desktop is running Win10 pro Version 1803, build 17134.590
The main server I am trying to connect to is Win Server Essentials 2016, Version 1607, build 14393.2724
The other computer I am trying to connect is a Win7 Pro, version 6.1, build 7601, with Service Pack 1.
All of the computers are up to date with their Windows updates. They have all been restarted.
I checked the services and all of the automatic ones are running.
Viewing all 5613 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>