Quantcast
Channel: Remote Desktop Services (Terminal Services) forum
Viewing all 5613 articles
Browse latest View live

Azure MFA with RDS only works when Gateway is Specified

July 11, 2019, 4:45 pm
$
0
0

I have deployed an RDS server with all the roles installed including the Gateway , this Terminal server wont be externally available i have a local Azure MFA server which is working i can get an MFA request on my phone with no problem 

However my issue is , this only works when the Gateway is specified e.g 

In the connection settings if i do not specify my gateway remote.mydomain The MFA will not kick in the connection to the Terminal server will just go straight through , which makes the MFA pretty much pointless if a user will only get prompted for MFA if the Gateway is specified.What i want to know is , is there a way to force it to always use the Gateway or force MFA to be enforced regardless on the sever

Has anyone else encountered this ?

Search

Remote Desktop App with Azure AD

July 30, 2018, 12:28 am
$
0
0

It seems that I am unable to connect to a computer on my network with the Remote Desktop App (trusted Windows Store App on my Windows Laptop or from the iOS App store on my iPhone), while I am able to connect successfully to it from Remote Desktop Connection (old Windows app).

The remote computer is joined to Azure AD (Windows 10 Pro, up to date; again, this works from the old Remote Desktop Connection application on Windows).

Can anyone tell me if connection to a machine joined to Azure AD is supported on the Remote Desktop App or if there is something I need to do to configure it properly?

Thanks.


RDP: Block IP address after failed login attempts

July 12, 2019, 5:33 pm
$
0
0
It is surprisingly high the number of RDP access attempts nowadays, regardless of the external port being used. Even more surprising is the fact that Microsoft systems do not have their own blocking feature for offending IPs, which would be appropriate to be enabled by default.

Is there documentation that explains why Microsoft does not include this very important feature, crucial even to the company's own security reputation?

What server-side alternative solutions would you recommend to mitigate botnets and so many other online brute force and similar threats?

RDP hangs on Welcome with Windows 7 64 bit

June 3, 2011, 3:10 pm
$
0
0

Does anyone know what is going on with RDPing to a Windows 2008 R2 Ent server?  I have about 20 of them and majority of the time anymore, I cannot RDP to them.  The screen stays on the Welcome screen or the Applying users' settings screen.  I cannot use Terminal Services to connect to the box if it is having the RDP issue.

My servers are always a few weeks behing on updates and they are 64 bit.  As is mt workstation, 64 bit and currently up to date with patches, updates, etc.  Good thing I have the DRAC access, but rebooting a server everytime I want to RDP to it is NOT a solution for the issue.  Anyone?

Thanks!
Randy

 

Move an RDS server between domains and migrate user profile data

July 1, 2019, 8:33 am
$
0
0


We need to move several Remote Desktop Services servers (Server 2008 R2 and Server 2012 R2) from different domains to one consolidated domain and want to migrate/copy as much (local) User profile data as we can. Users will have the same username in both domains however, the 2 accounts will be independent of each other (different domains/SIDs etc) so we expect users in the new domain will have new user profile folders created (can’t re-use the old folders?).

Because the Source and Destination computer is the same device, will the User State Migration Tool (USMT) work?

Sorry, can't post links. It's the "usmt-migrate-user-accounts" page on Windows deployment section of "docs DOT microsoft"

Also looked at ADMT but never used it and unsure of implications.

"windows-server-2008-R2-and-2008/cc974455(v=ws.10)" page on "docs DOT microsoft"

Any help/guidance appreciated.


RemoteApp Problems on Windows Server 2016

July 4, 2019, 6:25 am
$
0
0

We´ve got a problem regarding our users using the RemoteApps.

Our enviroment are two Terminalservers on a Windows server 2016 and one Connection Broker Server on a Windwos Server 2016 too.

A few users need to open the RemoteApps multiple times from different workstations so they connect multiple times to the Terminalservers.

the Problem now is that

the user X opens a remoteapp on workstation 1 the connection broker decides to give him a session on Terminal Server 1, now user X opens

a Remoteapp on Workstation 2, the connection broker gives him a session on Terminal server 2 for now everything works fine but if

user X opens now a remoteapp on workstation 3 you get a short message that says you are connected with RemoteApp- and Desktopconnectiion 

but the Remoteapp wont start and if you click on "Details" you can see only a black screen.

So if the same User connects 2 times on the same Terminalserver the RemoteApp dont start and shows just a black screen.

We already edit the Registry:

 - fSingleSessionPerUser     value: 0

 - fdenyTSConnections value: 0

 

 and edit the Group Policy:

 

 - Restrict Remote Desktop Services users to a single Remote Desktop Services session    value: Disabled

 - double-click on Limit number of connections and then set the RD Maximum Connections allowed to 999999

 

 Deleted Firefox, disabled everthing regarding sound.

 

 The Eventlog shows this warning:

 

 "The installation of the default connection has been cancelled. A default connection cannot be used on a system that is part of a Remote Desktop Services deployment."

 "Event ID: 1026"

 

 Does anyone have a Solution for this Problem?

 

 Thanks in advance.

2012 R2 RDS Temporary Profile issue

December 30, 2013, 12:40 pm
$
0
0

I have set up a standard 3 node 2012 R2 RDS for testing. All virtualized on VMware ESXi 5.0. I have a connection Broker, session host, and web access server. I have published several applications and I can access them without a problem. Here is my issue:

When I try to log on to my session host server either locally or thru RDP, I am always logged in with a Temporary profile. It does not mater what user account I use. Even logging on locally as the administrator I get a temporary profile.

All windows updates are installed and current.

I have removed the server from the domain, deleted the account, and rejoined it to the domain.

I have deleted all .bak registry entries from here:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

There is a hotfix here for a similar issue on 2012 but it does not apply to 2012 R2

The only event viewer errors are:

1515 (Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.)

1511 (Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.)

Any suggestions to resolve would be greatly appreciated.

Russ

Migrating RD Licensing to the same server, different domain

July 15, 2019, 10:01 am
$
0
0

I have a client whose domain lost it's DC so I built a new one and created a new domain with a slightly different name. The old domain name was example.local and the new domain name is example.lan

They have a Terminal Server and as a result of the domain name change it no longer 'sees' the old licensing server ts.example.local (itself) because it is now called ts.example.lan, however all users can logon to the server and work with no issues other than seeing a brief message of the error above. I am concerned that eventually the server might not let the users logon anymore since the od licensing server isn't available.

The new DC and the Terminal Server are both Server 2008.

I am not sure whether to use the Migrate Licenses or Rebuild the server database from the Manage License Wizard.

Has anyone else run into this exact issue?

I cannot stress enough that this is a server I cannot afford to have stop working. I am open to all responses.


Search

RD Gateway in perimeter network with RODC

July 7, 2019, 7:46 am
$
0
0

Hi all,

I am rather unclear about how to set up RD Gateway and Read Only Domain Controller in perimeter network. I have read some of the popular blogs, among those: https://techcommunity.microsoft.com/t5/Enterprise-Mobility-Security/RD-Gateway-deployment-in-a-perimeter-network-Firewall-rules/ba-p/246873 . But I would need a step-by-step guide on how to practically implement this.

I have a two-firewall setup of" internet-outer firewall- perimeter network - inner firewall- corporate internal domain". I have full rights in the internal domain (10.10.1.0/24), but have limited rights in the perimeter network (172.1.0.0/0.0.255.255), which is another domain. I have setup a RODC, and have joined this to the internal domain, and promoted as RODC successfully. Have set up "allowed" and "denied" password replication policies. I have placed RODC in the perimeter network. I have setup a RD gateway server, and currently has not joined neither internal domain nor domain in the perimeter network. It is only set up as a member in perimeter network. I have full rights to configure firewall ports both on the outer firewall and inter firewall. The intended RD Gateway and RODC should be in the perimeter network subnet, but do not  joined the perimeter domain (obviously). there are no firewall between RD Gateway and RODC in the perimeter network.

What I want is to configure the RD Gateway in perimeter network to answer all RDP requests from internet, and authenticate users towards the RODC. If a user is authenticated, she will be allowed (by RAP) to connect to RDSH in the internal domain through say 3398 (I will reassign an uncommon port in the RAP and on the internal firewall NAT to session host).

I know I would need to open ports for RODC to replicate with RWDC. for testing purpose I can manually cache the users passwords. What I fail to understand, is how the RD Gateway in perimeter subnet(172.1.0.0) to contact a DC (in my case the RODC) on the same subnet for authentication. what would I do to let RD Gateway look for my RODC? should I put the RODC as the DNS server on the NIC of RD Gateway? I tried this, and it does not seems to work."There are currently no logon servers available to service the logon request".

Please help and I would be very grateful your assistance.

RDS CAL loading & activation timing...

July 4, 2019, 3:08 am
$
0
0

Hi all,

A vCloud provider handed over 2 servers to me, one to be DC and one to be RDS.

They decided it was a good idea to load the RDS server roles and per User CALS into the RDS Server before handing over to me without telling me.

I then begun to setup the DC and joined the RDS server to the domain after that without knowing or checking RDS roles were installed...and now we are getting a warning the CALS are not activated...Remote Desktop Licensing service also will not start.

Do we need to remove RDS roles and start again or can the CALS be reloaded and activated?

vCloud admins tell me they want to remove RDS roles and start again...WTF!?

As always, thanks in advance...

durrie.

RDs 2012 R2

July 3, 2019, 8:05 am
$
0
0

Hello what a mess Microsoft has created in 2012 r2,  for us in 2008 we were able to highlight all users to log them out, we have over 50 users in our servers at any given time, and when we do maintenance we take the servers out of load balance and send a msg to logout, then the ones that didn't get out we would highlight them all and log them off in one shot...what were you guys thinking with 2012 R2 I have not found a simple way to do this yet...

any help would be greatly appreciated.

Default Credentials Error after adding new RD Session Hosts

July 9, 2019, 1:29 pm
$
0
0

Here is a strange one:

Have a standard setup with the following:

  • RD Broker and RD WA on one server
  • 2 Session Hosts
  • 2 RemoteApp hosts

Setup SSO perfectly and all working as expected.

Then I realised the guy who setup the virtual machines set them up as Gen1 so could not have more than 1 processor due the tech on the host. Tried converting them using the MS PS script but failed.

Alas I had to create 2 new session hosts. After I removed the old session hosts and added the new session hosts, when connecting to the broker server to get allocated a session host, I now get the following error:

"Your System Administrator does not allow the use of DEFAULT credentials to log on to the remote computer

******.*******.co.uk because its identity is not fully verified"

Things I have tried:

  • Reapplying the cert to all roles
  • Restarting all servers
  • Allowing delegated creds using local group policy

Weirdly enough, if I connect via RDWeb or via Remote Resources feed it goes straight through.

It is very strange.

Any ideas?

Thanks in advance.

RDS 2008 R2 to RDS 2016r2

July 17, 2019, 4:25 pm
$
0
0

Good afternoon everyone,

We currently have a RDS Server on 2008r2 and I spun up a new 2016r2 with RDS role and updated CAL licensing. Im trying to figure out the best way to approach this. Should it be

Bring down old RDS server with remote.contoso.com and just give the static ip to the new 2016 server. Or do I need to migrate profiles from old server to new? Currently we run a Clustered environment between 4 hosts so everything is shared.

Thanks 

-Gunnah88

create farm with all applications?

July 18, 2019, 5:12 am
$
0
0

Dear All,

Now i have 4 terminal servers Windows 2008 R2 and each of them is hosting a specific application. I am in process to upgrade to windows 2012 R2 terminal servers. I am thinking to create a farm with 4 terminal servers and each of them to have all 4 applications together installed. Is this good idea to install all application to all servers or i should keep them separately?All these servers are virtual machines.

Regards

Pantos

RD Licensing Service change DOmain

July 16, 2019, 12:08 am
$
0
0

Hi all, 

At the moment i have a RD Licensing Service running in the old.domain. But now i need to run the exact same server in the new.domain. The Users are already migrated to the new.domain.

But when I change the servers domain from old.domain to new.domain i get the following message:

"the following servers in this deployment are not part of the server pool" 

Can someone help my with this?

Thanks a lot. 

KR

Search

RDS service - FairShare - aplication performance drop

July 10, 2019, 11:43 pm
$
0
0

Hello.
After deploying RDS role on servers we have problems with app performance.
The only solution is to turn off FairShare.
App is not cpu/resource heavy, but fairshare is limiting our app i/o performance from 200mb/s to 20mb/s.
The only logged user on the server is admin.
Apps works slow even if i try to run them directly from server, without using RDS app.
Everything on server start to slow down in the moment when we add rds role.
We are running RDS role on new FUJITSU Server PRIMERGY RX2540 M4 servers:
- 2xCPU Xeon 4110
- 256GB RAM
- 2x300GB SAS in raid 0
- Windows Server 2019 Standard with only RDS role added.
I checked already:
- remote fx
- remoteapp instalation procedure
- best practises to deploy remote services
- TCP/UDP configuration changes
- performance profiles
- C state configurations
- lan performance
- visual styles and schemes
Why fairshare have so anormous impact on app performance even on underloaded servers ?


Indexing issue on RDS with Outlook 2013 and UPD

July 11, 2019, 6:39 am
$
0
0

We have an RDS farm on Server 2016 and have Office 2013 installed. The users have a User Profile Disk which is where everything for them is stored. I'm having an issue getting Outlook 2013 to index the .OST file. 

I've installed the Windows Search feature and rebuilt the index. I don't even see Office 2013 in the Indexing locations. I do see it's set to index OST and PST files however.

When I click on the Indexing status inside of Outlook it just says "Loading" and never loads.

any advice?

Thank you

Users are stuck in log-off

July 14, 2019, 9:12 am
$
0
0

Hi,
I have this problem with users that unable to sign out when they are logging off they are stack then they are doing force logoff (Disconnect) and trying to sign-in but they can't .
getting this event on event viewer : 



any ideas? 

Remote Desktop Connection

July 14, 2019, 10:04 am
$
0
0
I have purchased A windows Server 2016 Essential by conforming that its no CAL required connecting 25 remote connections but its still displaying remote desktop service will stop working in  74 days. On the RD connection broker server, Use server manager to specify the remote desktop connection......what should i do...plz help

RDS session host access is getting removed automatically-getting error "the connection was denied because the user account is not authorised for remote login"

June 25, 2019, 3:38 am
$
0
0

we have a 2016 RDS farm and we have few Session host collection in it and users are able to use the session host.

Now when i am trying to give access to new users in the existing collection, the user is able to access the session host for certain duration after providing access. if he tries to login to the session host next day he is getting the error 

"the connection was denied because the user account is not authorised for remote login"

if i remove the user and add again, the access works for certain period of time and again the next day he is getting the same error. the username is in the properties of the user group collection and still facing the same error

Please help on this issue, im not able to trace it.



Viewing all 5613 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>