Does anyone know what is going on with RDPing to a Windows 2008 R2 Ent server?  I have about 20 of them and majority of the time anymore, I cannot RDP to them.  The screen stays on the Welcome screen or the Applying users' settings screen.  I cannot use Terminal Services to connect to the box if it is having the RDP issue.

My servers are always a few weeks behing on updates and they are 64 bit.  As is mt workstation, 64 bit and currently up to date with patches, updates, etc.  Good thing I have the DRAC access, but rebooting a server everytime I want to RDP to it is NOT a solution for the issue.  Anyone?

Thanks!
Randy

Hello All.

I'm busy with an installation for a clien using "Server 2019" as the Hyper-V Host Server.

On the host I am running two (2) Hyper-V OSEs, also Server 2019 Standard. One acts as the AD Domain Controller, the other is acting as an APP Server for their Financial software on which they need remote access. Everything runs fine through the entire configuration right up to the point after I added the Remote Desktop Services Role. From there on the whole thing goes bonkers. 

When I log back in after a restart, the profiles under C:\Users are all messed up. "domain\Administrator" is gone and there are folders like "Administrator.000", a file that looks like a VHD, I'm guessing this is a Remote Desktop User Profile.

Sometimes it would all of a sudden block my login attempts saying: "To sign in remotely, you need the right to sign in through Remote Desktop Services. By default.... blah blah bla." So I am physically logging into that server "on" Hyper-V, but it is treating the login as a "Remote" login.

I thought it might be a bug in Server 2019, so I installed 2016, and it is doing exactly the same. I am doing the RDS configuration to the letter as per Microsoft, I am just not using the RD Gateway. 

Could someone "pleaaaase" tell me why this is happening? I have to deliver the server to site in two days.

Kind Regards and thank you in advance.

Hentie

We have setup a single RDS 2012 R2 running a few published apps via RD web

Because these apps are for remote users only, we have a seperate RDS gateway server (2012 R2) setup as well for that purpose.

All remote users are on Win10.

At random times during the day (really no pattern to it) the remote apps the user has open will start stealing focus.

For example they might be typing a new email in their outlook (which is installed locally on the PC), while the remote app program is sitting in the background open, and it will steal focus and come to the foreground.

Here is what I've checked so far:

• I cannot see any disconnections of the client on the event logs of the RD gateway or the RDS server.
• I have tried the following fix without any changes:
• HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client]
  "RDGClientTransport"=dword:00000001 
• This KB doesn't really apply to this problem: https://support.microsoft.com/en-us/kb/2964832
• This KB can't run on Windows 10: https://support.microsoft.com/en-us/kb/2862019
• The users have written down the exact times when this focus issue happens and I can't see any event logs on the PC or the servers that would explain this.
• With a full desktop RDS this problem doesn't happen
• Organising some downtime so I can install November Roll Up updates (last update was done in 02/11/2016)

I'm a bit at loss here, has anyone seen this one before?

I have a setup RDP setup that refuses to hand out cals. to be fair i didn't set this up and my other infrastructure deployment do not seem to have this issue.

Cals are not handed out and also in the RDS console its is displaying the error message 

The system can not determine if the Licensing server is a member of the TSLS group in Active Directory Domain Services ADDS as ADDS cannot be contacted.

I have followed an article thats confirm via ADSI edit that the permissions are correct and also confirmed permissions and group membership via the use of process explorer. Also i cvan confirm that the server is a member of the domain built in grp TSLS......

i have tested name resolution and also Firewall settings even comparing this to a working set of infrastructure  and it all seem to match. anyone have any ideas as i am not finding a deal on the web other than link that seem to remain un resolved.

I'm having a hard time figuring out what's going on here. I have a desktop machine running Windows 10 (which was working fine before updating to 1903 (which for some reason made me do a fresh install)) I have another machine running Windows Server 2019 which I used to be able to use remote desktop to connect to and for some reason when I go to connect I get a black screen, it looks like it's trying to connect then it's just a black screen. I have another desktop that I'm able to connect via RDP without issue from this same machine which is weird that I'm just not able to see anything when connecting to the Windows Server machine. 

Strangely enough... I AM able to connect via remote desktop to the Windows Server machine from my Surface Pro (which I also updated to 1903)

Any suggestions anyone? 

We have a RDS server which has been running for a few years now with no problems.

We are beginning to add a few more applications to this server now and providing access to users around the company who are using software that is not Windows 10 compatible.

However we have now discaovere that these 'standard' users are able to RDP to the actual server itself as well as using the RDWeb link we provided them.  This is a bit of a security risk for us.

Is there a way of allowing these users to have access to the RDWeb sessions but not allow them to RDP to the server console?

I have set up my Server (2008 R2 Foundation) for remote desktop and RemoteApp as per the instructions provided by Microsoft.  I am using a single server for all functions.  When a user logs in to the Server through remote desktop, the remote desktop screen comes up and then the user immediately gets an 'Access is Denied' message.  If the user connects through RDWeb, the RemoteApps are displayed, but when the user clicks on an application, they are prompted again for their login credentials and then they get the remote desktop screen with an 'Access is Denied' screen as well.  This happens even for Administrators.

I am getting very frustrated with this as I have read many blogs and tried everything to no avail.  PLEASE help me.

Hello,

I can not beleive that we are the only one with this problem. I started a question about this issue a long time ago. (see https://social.technet.microsoft.com/Forums/windowsserver/en-US/03d614d5-5fb8-44ed-a2f7-3e439a62d265/web-passwords-not-saved-in-credential-manager?forum=winserverTS)

For now we had a workarround by using google chrome but because they will end the java and silverlight plugins we need to go back to Internet Explorer.

The problem:

When using Roaming Profiles in an RDS environment the Profiles are deleted at logoff (policy setting). The credential manager saves encrypted files in the directory "%USERPROFILE%\Appdata\Local\Microsoft\Vault . So when the profile is deleted at logoff the vault directory is lost and so are all the saved website passwords. So when we login to another server no saved website passwords are there.

So now we are testing with Universal Profile Disks. With UPD the localappdata folder is retained when logging into another server. BUT the credential manager is still not working properly.

When you save the passwords on server1 the passwords are saved in encrypted files in the users vault directory . When you login to server2 the files are still there but credential manager will not read them UNTIL you restart the credential manager service on that server.  When restarting the service then Credential manager will read the vault directory and show the saved passwords.

I think the solution is that when a user logs on to a server then credential manager will need to read the password files in the vault directory. But that is not the case.

I hope that someone can help because this is crazy. I also contacted MS support but had no luck finding a engineer that understands the problem.

So we have a customer with a Terminal server, and one (actually a few, but we started to work with one) user was expericening a few unrelated issues. So we tried to remove the user, as i ahve been thought a couple of years back the way to go would be:

Deleate user home folder from C:\users\USERNAME
Find SID in profile list in regedit, and deleate it
Remove user from HKEY_users

And then the user would get a clean login next time.
But as soon as the log-in is thorugh with "applying user settings", we return to log in screen.

Evenviewer gives: Disk 36 has the same disk identifiers as one or more disks connected to the system. Go to Microsoft's support website (http://support.microsoft.com) and search for KB2983588 to resolve the issue.

Disk 36 does not exist in disk management. 

I've been looking up and down, but i cant seem to find anything related, and i'm really tired, so sorry if this is somewhat short.
Is this method no longer usable to give a user a "new profile" on a terminal server with the same user account?
Or am i missing something i have to remove?

Any advice is greatly apriciated.

Hello,

I am currently working on a feature that programmatically(using Java) detects whether a system running Windows RDP has any active established connections. To make this distinction my current approach is to interrogate Windows Registry (HKey.CURRENT_USER\\Volatile Environment) for the environmental variable SESSIONNAME which has the value "Console" when the machine is not in sharing mode and "RDP-Tcp#0"when connected remotely from another machine.

However, I have only tested this solution using Windows 7 and Windows 10 and I would like to know if there could be possible issues in the case of other versions or other discrepancies that would make this solution not viable. Also, if the current solution is overly complicated, are there simpler alternatives that I could use?

Thank you for your time and best regards,
iulia_paniti

Hello,

I've been asked to replace teamviewer by the remote desktop services and set up the VPN. I've tried severals tutorials but they all seems different.

Do I need a licence for Remote desktop? How much is it?

Also, do you know any good tutoriak to replace the teamviewer vpn by the windows one.

Many Thanks,

Izak

I have a Windows Server 2012R2 Terminal Services server with over 100 users logging on (not all at the same time).
There is a GPO that sets the theme to a custom theme file (that must be used), which is stored in a directory that all users have access to.

If I log into that server as a user via the VMware console, the theme applies.
I can then log on via RDP and theme is still there.

However, if that user has never logged on before and I log in via RDP, without first logging on via the console, the theme will NOT load.  Multiple logon attempts do not help.  I can log on via the console and any point and the theme will apply, but this is not practical for 100+ users.

The GPO obviously works, otherwise I wouldn't get the theme when logging on via the console.

Why would a theme work fine if logged on locally (or via console), but not via RDP?

Hi All,

I have recently upgrade my server from 2012 to 2016. However, we encounter an issue regarding the default printer.

When my software calls for the default printer to print, it is printed to the server's default printer instead. But when i checked from the "Devices and Printers", the client's PC default is selected.

I have already disabled the easy print in the group policy setting.



Hi everybody,

I have stand-alone Windows Server 2012 configured as DC (for further scalability) with appropriate domain and valid SSL Certificate. The machine is VIRTUAL.

Therefore, it's the same machine for every role (RD Gateway, RD Licensing etc).

Logging on as remote desktop user takes a few seconds and is quite OK.

Logging on of the same user(s) as a remote app always adds 60 secs of extra time.

I talk about the time after password prompt pops up, which happens almost immediately.

The following minute after confirming the password the logon dialog presents the message

"configuring remote desktop".

Those 60 seconds are well documented in the Event Log and the sequence is always the same.

It looks like two consecutive time-outs of 30 seconds each.

Below is an example of events sequence:

Event 1:

Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:53:51
Event ID:      312
Task Category: (3)
Level:         Information
Keywords:      
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "user@domain", on client computer "xx.xxx.xx.xxx:58554", has initiated an outbound connection. This connection may not be authenticated yet.
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>312</EventID><Version>0</Version><Level>0</Level><Task>3</Task><Opcode>30</Opcode><Keywords>0x4000000000000000</Keywords><TimeCreated SystemTime="2019-06-02T06:53:51.283267000Z" /><EventRecordID>31003</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="15348" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>user@domain</Username><IpAddress>xx.xxx.xx.xxx:58554</IpAddress></EventInfo></UserData></Event>

Event 2:
Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:53:51
Event ID:      313
Task Category: (3)
Level:         Information
Keywords:      
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "user@domain", on client computer "xx.xxx.xx.xxx:58558", has initiated an inbound connection. This connection may not be authenticated yet.
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>313</EventID><Version>0</Version><Level>0</Level><Task>3</Task><Opcode>30</Opcode><Keywords>0x4000000000000000</Keywords><TimeCreated SystemTime="2019-06-02T06:53:51.971015500Z" /><EventRecordID>31004</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="3132" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>user@domain</Username><IpAddress>xx.xxx.xx.xxx:58558</IpAddress></EventInfo></UserData></Event>

Event 3:
Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:53:52
Event ID:      313
Task Category: (3)
Level:         Information
Keywords:      
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "user@domain", on client computer "xx.xxx.xx.xxx:58558", has initiated an inbound connection. This connection may not be authenticated yet.
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>313</EventID><Version>0</Version><Level>0</Level><Task>3</Task><Opcode>30</Opcode><Keywords>0x4000000000000000</Keywords><TimeCreated SystemTime="2019-06-02T06:53:52.033537700Z" /><EventRecordID>31005</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="15348" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>user@domain</Username><IpAddress>xx.xxx.xx.xxx:58558</IpAddress></EventInfo></UserData></Event>

Event 4:
Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:53:52
Event ID:      200
Task Category: (2)
Level:         Information
Keywords:      Audit Success,(16777216)
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "domain\user", on client computer "xx.xxx.xx.xxx", met connection authorization policy requirements and was therefore authorized to access the RD Gateway server. The authentication method used was: "NTLM" and connection protocol used: "HTTP".
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>200</EventID><Version>0</Version><Level>4</Level><Task>2</Task><Opcode>30</Opcode><Keywords>0x4020000001000000</Keywords><TimeCreated SystemTime="2019-06-02T06:53:52.174207400Z" /><EventRecordID>31006</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="3132" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>domain\user</Username><IpAddress>xx.xxx.xx.xxx</IpAddress><AuthType>NTLM</AuthType><Resource></Resource><ConnectionProtocol>HTTP</ConnectionProtocol><ErrorCode>0</ErrorCode></EventInfo></UserData></Event>

Event 5:
Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:53:52
Event ID:      300
Task Category: (5)
Level:         Information
Keywords:      Audit Success,(16777216)
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "domain\user", on client computer "xx.xxx.xx.xxx", met resource authorization policy requirements and was therefore authorized to connect to resource "computer_name.domain.example.com".
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>300</EventID><Version>0</Version><Level>4</Level><Task>5</Task><Opcode>30</Opcode><Keywords>0x4020000001000000</Keywords><TimeCreated SystemTime="2019-06-02T06:53:52.236734600Z" /><EventRecordID>31007</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="1984" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>domain\user</Username><IpAddress>xx.xxx.xx.xxx</IpAddress><AuthType></AuthType><Resource>computer_name.domain.example.com</Resource><ConnectionProtocol></ConnectionProtocol><ErrorCode>0</ErrorCode></EventInfo></UserData></Event>

Event 6:
Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:53:52
Event ID:      302
Task Category: (3)
Level:         Information
Keywords:      (16777216)
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "domain\user", on client computer "xx.xxx.xx.xxx", connected to resource "computer_name.domain.example.com". Connection protocol used: "HTTP".
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>302</EventID><Version>0</Version><Level>4</Level><Task>3</Task><Opcode>30</Opcode><Keywords>0x4000000001000000</Keywords><TimeCreated SystemTime="2019-06-02T06:53:52.252342300Z" /><EventRecordID>31008</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="1984" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>domain\user</Username><IpAddress>xx.xxx.xx.xxx</IpAddress><AuthType></AuthType><Resource>computer_name.domain.example.com</Resource><ConnectionProtocol>HTTP</ConnectionProtocol><ErrorCode>0</ErrorCode></EventInfo></UserData></Event>

Event 7:

Log Name:      Microsoft-Windows-TerminalServices-SessionBroker/Operational
Source:        Microsoft-Windows-TerminalServices-SessionBroker
Date:          02/06/2019 09:54:05
Event ID:      819
Task Category: RD Connection Broker processes connection request
Level:         Verbose
Keywords:      
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
This connection request has timed out. User could not log on to the end point within the alloted time. Remote Desktop Connection Broker will stop monitoring this connection request.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-SessionBroker" Guid="{D1737620-6A25-4BEF-B07B-AAC3DF44EFC9}" /><EventID>819</EventID><Version>0</Version><Level>5</Level><Task>101</Task><Opcode>11</Opcode><Keywords>0x2000000000000000</Keywords><TimeCreated SystemTime="2019-06-02T06:54:05.832911900Z" /><EventRecordID>534539</EventRecordID><Correlation ActivityID="{F420F4EE-0602-48B0-BB7C-BEDE86130000}" /><Execution ProcessID="4596" ThreadID="13724" /><Channel>Microsoft-Windows-TerminalServices-SessionBroker/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><EventData></EventData></Event>

Event 8:

Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:54:22
Event ID:      303
Task Category: (3)
Level:         Information
Keywords:      (16777216)
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "domain\user", on client computer "xx.xxx.xx.xxx", disconnected from the following network resource: "computer_name.domain.example.com". Before the user disconnected, the client transferred 229 bytes and received 156 bytes. The client session duration was 30 seconds. Connection protocol used: "HTTP".
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>303</EventID><Version>0</Version><Level>4</Level><Task>3</Task><Opcode>44</Opcode><Keywords>0x4000000001000000</Keywords><TimeCreated SystemTime="2019-06-02T06:54:22.319436200Z" /><EventRecordID>31009</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="15348" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>domain\user</Username><IpAddress>xx.xxx.xx.xxx</IpAddress><AuthType></AuthType><Resource>computer_name.domain.example.com</Resource><BytesReceived>156</BytesReceived><BytesTransfered>229</BytesTransfered><SessionDuration>30</SessionDuration><ConnectionProtocol>HTTP</ConnectionProtocol><ErrorCode>1226</ErrorCode></EventInfo></UserData></Event>

Event 9:

Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:54:22
Event ID:      300
Task Category: (5)
Level:         Information
Keywords:      Audit Success,(16777216)
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "domain\user", on client computer "xx.xxx.xx.xxx", met resource authorization policy requirements and was therefore authorized to connect to resource "computer_name.domain.example.com".
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>300</EventID><Version>0</Version><Level>4</Level><Task>5</Task><Opcode>30</Opcode><Keywords>0x4020000001000000</Keywords><TimeCreated SystemTime="2019-06-02T06:54:22.397561300Z" /><EventRecordID>31010</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="5640" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>domain\user</Username><IpAddress>xx.xxx.xx.xxx</IpAddress><AuthType></AuthType><Resource>computer_name.domain.example.com</Resource><ConnectionProtocol></ConnectionProtocol><ErrorCode>0</ErrorCode></EventInfo></UserData></Event>

Event 10:

Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:54:22
Event ID:      302
Task Category: (3)
Level:         Information
Keywords:      (16777216)
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "domain\user", on client computer "xx.xxx.xx.xxx", connected to resource "computer_name.domain.example.com". Connection protocol used: "HTTP".
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>302</EventID><Version>0</Version><Level>4</Level><Task>3</Task><Opcode>30</Opcode><Keywords>0x4000000001000000</Keywords><TimeCreated SystemTime="2019-06-02T06:54:22.397561300Z" /><EventRecordID>31011</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="5640" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>domain\user</Username><IpAddress>xx.xxx.xx.xxx</IpAddress><AuthType></AuthType><Resource>computer_name.domain.example.com</Resource><ConnectionProtocol>HTTP</ConnectionProtocol><ErrorCode>0</ErrorCode></EventInfo></UserData></Event>

Event 11:

Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:54:54
Event ID:      302
Task Category: (3)
Level:         Information
Keywords:      (16777216)
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "domain\user", on client computer "xx.xxx.xx.xxx", connected to resource "computer_name.domain.example.com". Connection protocol used: "UDP".
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>302</EventID><Version>0</Version><Level>4</Level><Task>3</Task><Opcode>30</Opcode><Keywords>0x4000000001000000</Keywords><TimeCreated SystemTime="2019-06-02T06:54:54.123103000Z" /><EventRecordID>31012</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="3132" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>domain\user</Username><IpAddress>xx.xxx.xx.xxx</IpAddress><AuthType></AuthType><Resource>computer_name.domain.example.com</Resource><ConnectionProtocol>UDP</ConnectionProtocol><ErrorCode>0</ErrorCode></EventInfo></UserData></Event>

Event 12:

Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:54:54
Event ID:      205
Task Category: (2)
Level:         Information
Keywords:      (16777216)
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "domain\user", on client computer "xx.xxx.xx.xxx", successfully connected to the remote server "computer_name.domain.example.com" using UDP proxy. The authentication method used was: "Cookie".
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>205</EventID><Version>0</Version><Level>4</Level><Task>2</Task><Opcode>30</Opcode><Keywords>0x4000000001000000</Keywords><TimeCreated SystemTime="2019-06-02T06:54:54.123103000Z" /><EventRecordID>31013</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="15808" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>domain\user</Username><IpAddress>xx.xxx.xx.xxx</IpAddress><AuthType>Cookie</AuthType><Resource>computer_name.domain.example.com</Resource><BytesReceived></BytesReceived><BytesTransfered></BytesTransfered><SessionDuration></SessionDuration><ConnectionProtocol></ConnectionProtocol><ErrorCode>0</ErrorCode></EventInfo></UserData></Event>

Event 13:

Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:54:54
Event ID:      302
Task Category: (3)
Level:         Information
Keywords:      (16777216)
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "domain\user", on client computer "xx.xxx.xx.xxx", connected to resource "computer_name.domain.example.com". Connection protocol used: "UDP".
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>302</EventID><Version>0</Version><Level>4</Level><Task>3</Task><Opcode>30</Opcode><Keywords>0x4000000001000000</Keywords><TimeCreated SystemTime="2019-06-02T06:54:54.123103000Z" /><EventRecordID>31014</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="3132" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>domain\user</Username><IpAddress>xx.xxx.xx.xxx</IpAddress><AuthType></AuthType><Resource>computer_name.domain.example.com</Resource><ConnectionProtocol>UDP</ConnectionProtocol><ErrorCode>0</ErrorCode></EventInfo></UserData></Event>

Event 14:

Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:54:54
Event ID:      205
Task Category: (2)
Level:         Information
Keywords:      (16777216)
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "domain\user", on client computer "xx.xxx.xx.xxx", successfully connected to the remote server "computer_name.domain.example.com" using UDP proxy. The authentication method used was: "Cookie".
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>205</EventID><Version>0</Version><Level>4</Level><Task>2</Task><Opcode>30</Opcode><Keywords>0x4000000001000000</Keywords><TimeCreated SystemTime="2019-06-02T06:54:54.123103000Z" /><EventRecordID>31015</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="12344" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>domain\user</Username><IpAddress>xx.xxx.xx.xxx</IpAddress><AuthType>Cookie</AuthType><Resource>computer_name.domain.example.com</Resource><BytesReceived></BytesReceived><BytesTransfered></BytesTransfered><SessionDuration></SessionDuration><ConnectionProtocol></ConnectionProtocol><ErrorCode>0</ErrorCode></EventInfo></UserData></Event>

Event 15:

Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:54:54
Event ID:      303
Task Category: (3)
Level:         Information
Keywords:      (16777216)
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "domain\user", on client computer "xx.xxx.xx.xxx", disconnected from the following network resource: "computer_name.domain.example.com". Before the user disconnected, the client transferred 637 bytes and received 4567 bytes. The client session duration was 0 seconds. Connection protocol used: "UDP".
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>303</EventID><Version>0</Version><Level>4</Level><Task>3</Task><Opcode>44</Opcode><Keywords>0x4000000001000000</Keywords><TimeCreated SystemTime="2019-06-02T06:54:54.466828900Z" /><EventRecordID>31016</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="3132" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>domain\user</Username><IpAddress>xx.xxx.xx.xxx</IpAddress><AuthType></AuthType><Resource>computer_name.domain.example.com</Resource><BytesReceived>4567</BytesReceived><BytesTransfered>637</BytesTransfered><SessionDuration>0</SessionDuration><ConnectionProtocol>UDP</ConnectionProtocol><ErrorCode>1226</ErrorCode></EventInfo></UserData></Event>

Event 16:

Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:54:54
Event ID:      303
Task Category: (3)
Level:         Information
Keywords:      (16777216)
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "domain\user", on client computer "xx.xxx.xx.xxx", disconnected from the following network resource: "computer_name.domain.example.com". Before the user disconnected, the client transferred 1641 bytes and received 7160 bytes. The client session duration was 0 seconds. Connection protocol used: "UDP".
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>303</EventID><Version>0</Version><Level>4</Level><Task>3</Task><Opcode>44</Opcode><Keywords>0x4000000001000000</Keywords><TimeCreated SystemTime="2019-06-02T06:54:54.529322500Z" /><EventRecordID>31017</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="15808" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>domain\user</Username><IpAddress>xx.xxx.xx.xxx</IpAddress><AuthType></AuthType><Resource>computer_name.domain.example.com</Resource><BytesReceived>7160</BytesReceived><BytesTransfered>1641</BytesTransfered><SessionDuration>0</SessionDuration><ConnectionProtocol>UDP</ConnectionProtocol><ErrorCode>1226</ErrorCode></EventInfo></UserData></Event>

Event 17:

Log Name:      Microsoft-Windows-TerminalServices-SessionBroker/Operational
Source:        Microsoft-Windows-TerminalServices-SessionBroker
Date:          02/06/2019 09:54:54
Event ID:      800
Task Category: RD Connection Broker processes connection request
Level:         Verbose
Keywords:      
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
RD Connection Broker received connection request for user domain\user. 
Hints in the RDP file (TSV URL) = tsv://MS Terminal Services Plugin.1.RemoteApps 
Initial Application = rdpinit.exe 
Call came from Redirector Server = computer_name.domain.example.com 
Redirector is configured as Virtual machine redirector
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-SessionBroker" Guid="{D1737620-6A25-4BEF-B07B-AAC3DF44EFC9}" /><EventID>800</EventID><Version>0</Version><Level>5</Level><Task>101</Task><Opcode>11</Opcode><Keywords>0x2000000000000000</Keywords><TimeCreated SystemTime="2019-06-02T06:54:54.669933800Z" /><EventRecordID>534540</EventRecordID><Correlation ActivityID="{F420EE10-A030-485A-8B06-EFE8C1E30000}" /><Execution ProcessID="4596" ThreadID="13724" /><Channel>Microsoft-Windows-TerminalServices-SessionBroker/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventXML xmlns="Event_NS"><param1>domain\user</param1><param2>tsv://MS Terminal Services Plugin.1.RemoteApps</param2><param3>rdpinit.exe</param3><param4>computer_name.domain.example.com</param4><param5>Virtual machine redirector</param5></EventXML></UserData></Event>

Event 18:
Log Name:      Microsoft-Windows-TerminalServices-SessionBroker/Operational
Source:        Microsoft-Windows-TerminalServices-SessionBroker
Date:          02/06/2019 09:54:55
Event ID:      801
Task Category: RD Connection Broker processes connection request
Level:         Verbose
Keywords:      
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
RD Connection Broker successfully processed the connection request for user domain\user. Redirection info: 
Target Name = COMPUTER_NAME 
Target IP Address = XXX.X.XX.XXX, a000:b000:c000::d000:e000 
Target Netbios = COMPUTER_NAME 
Target FQDN = computer_name.domain.example.com 
Disconnected Session Found = 0x0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-SessionBroker" Guid="{D1737620-6A25-4BEF-B07B-AAC3DF44EFC9}" /><EventID>801</EventID><Version>0</Version><Level>5</Level><Task>101</Task><Opcode>11</Opcode><Keywords>0x2000000000000000</Keywords><TimeCreated SystemTime="2019-06-02T06:54:55.091773200Z" /><EventRecordID>534541</EventRecordID><Correlation ActivityID="{F420EE10-A030-485A-8B06-EFE8C1E30000}" /><Execution ProcessID="4596" ThreadID="6204" /><Channel>Microsoft-Windows-TerminalServices-SessionBroker/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventXML xmlns="Event_NS"><param1>domain\user</param1><param2>COMPUTER_NAME</param2><param3>XXX.X.XX.XXX, a000:b000:c000::d000:e000</param3><param4>COMPUTER_NAME</param4><param5>computer_name.domain.example.com</param5><param6>0x0</param6></EventXML></UserData></Event>

I have numbered the events for ease of reference.

As can be seen from event #7  and #14 the user disconnects twice after 30 sec timeout.

From some research it seems like a possible problem may be in the VM settings, which is not in my control so if it is the case I would have to know what exactly to ask from the hosting service.

Any idea/solution will be greatly appreciated!

We have several Virtual Machines running off an MS SERVER 2012. The setup is working well, but something has changed on securities. When setting up a new user to access an existing VM, it was required to add the User Account to REMOTE SETTINGS. If this was not performed, the User was not able to Login to the VM. It is a great way to keep other Users from bumping each other off. 

Something has changed in the settings that no longer requires this REMOTE SETTING Account add. We are using WINDOWS 10 PRO - with 1809 Updates. Access to the VM is thru  DELL WYSE ThinClient using RDP settings. I would really like to re-enable the required REMOTE SETTINGS Account add-in as it makes my life easier. ANy help would be AWESOME!!

Thanks,

Duggan 

Hello Everyone:

I have recently deployed Web Application Proxy with ADFS (Both installed on seperate VMs). I have created relying party trut for G-Suite on ADFS and have successfully published it throug we application proxy as fs.externaldomain.co.uk (internal domain is different) and have pointed fs.externaldomain.co.uk to public ip address of the WAP server.

I have gone through a few articles which mention how to deploy remote desktop serivces through WAP, but none of them mentions pusblishing multiple services on the same WAP server.

I plan to deploy remote desktop serivces with RD Gateway. I also plan to deploy DirectAccess. As these services will be accessed by remote users, can I configure WAP server to be a single point of entry for all these services?

Many Thanks

Hi,

We have a terminal server 2008 R2 with 100 cals installed in a license Server 2008 r2, we added recently a RDS 2016 with 200 cals.

the plan is to add a new license Server 2016 to manage the RDS 2016 cals.

my question is how we can keep using the old terminal server 2008 R2 with their 100 cals.

thanks.

We upgraded a system to 1903 and immediately we are unable to remote powershell to that box.

Already done:

No available updates to install.

rebooted several times more.

Firewall is disabled.

disable-pssession and re-enable pssession, no errors.

This is the error we get when trying to connect:

Enter-PSSession : Connecting to remote server testdesktop failed with the following error message : WinRM cannot process the
request. The following error with errorcode 0x80090322 occurred while using Kerberos authentication: An unknown security error
occurred.
 Possible causes are:
  -The user name or password specified are invalid.
  -Kerberos is used when no authentication method and no user name are specified.
  -Kerberos accepts domain user names, but not local user names.
  -The Service Principal Name (SPN) for the remote computer name and port does not exist.
  -The client and remote computers are in different domains and there is no trust between the two domains.
 After checking for the above issues, try the following:
  -Check the Event Viewer for events related to authentication.
  -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS
transport.
 Note that computers in the TrustedHosts list might not be authenticated.
   -For more information about WinRM configuration, run the following command: winrm help config. For more information, see the
about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ Enter-PSSession testdesktop
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (testdesktop:String) [Enter-PSSession], PSRemotingTransportException
    + FullyQualifiedErrorId : CreateRemoteRunspaceFailed

The internet has a lot of stuff about broken SPN's on web servers and deleting or recreating:

http/host.domain.com  

but this isn't a web server, it's just a Windows 10 desktop. there are no existing HTTP SPN's on this box.

Domain trust is fine, computer account is fine.

Any ideas are appreciated.