Hi techies,
i looking for some help in setting up Remote Desktop Services on windows server 2012 R2, i have purchased 100 RDS Device CALS. can some one help with procedure where to download these license and how to configure them on windows server 2012 and i want this to be configure on 4 Machines.
Thanks & Regards
Sivakumar K
k sivakumar
We have an environment where we use smartcards to log in to remote resources. It works just fine when we try to remote desktop from a machine that is domain joined, but does not work at our homes or on personal machines brought to work.
Things start working from home when we disable NLA though... but we would like to use NLA for an extra layer of security. OR if we leave NLA on, but only use a username and password it works (but again, we want to use smartcards for the extra layer of security with multifactor blah blah blah).
Stuff I have tried that has not worked:
Installing the internal Domain CA's certs to the off-domain machine and user cert store.
Issuing a "real" certificate from a major 3rd party CA and configuring RDS to use this certificate.
Tweaked some certificate properties, tested CRL paths off-location, anything I could find on BI-NGLE that was related... (shot-in-the-dark methods).
Any ideas out there that I have missed?
Hi,
We have an RDS 2012 R2 deployment with two RD Session Hosts where one (rds01) is running the Connection Broker. We also have a load balancer in front of the RD environment, with a LB IP (10.33.12.26).
The problem we have is that users are not reconnected to their existing session if their new connection attempt is not done against the same RD SH.
I have checked the Connection Broker event log, and can see that it finds the existing connection, but the new connection is still done to the wrong server.
Log from the first connect, without existing connection:
RD Connection Broker received connection request for user DOMAIN\user.
Hints in the RDP file (TSV URL) = tsv://MS Terminal Services Plugin.1.RDS
Initial Application = NULL
Call came from Redirector Server = rds02.domain.local
Redirector is configured as Farm member
RD Connection Broker successfully processed the connection request for user DOMAIN\user. Redirection info:
Target Name = RDS02
Target IP Address = 10.33.12.26, 10.33.12.32
Target Netbios = RDS02
Target FQDN = rds02.domain.local
Disconnected Session Found = 0x0
Session for user DOMAIN\local successfully added to RD Connection Broker's database.
Target Name = rds02.domain.local
Session ID = 18
Farm Name = RDS
This connection request has resulted in a successful session logon (User successfully logged on to the end point). Remote Desktop Connection Broker will stop monitoring this connection request.
I then disconnected the session, and made a new connection with the same user, which ended up on the other machine.
RD Connection Broker received connection request for user DOMAIN\user.
Hints in the RDP file (TSV URL) = tsv://MS Terminal Services Plugin.1.RDS
Initial Application = NULL
Call came from Redirector Server = rds01.domain.local
Redirector is configured as Virtual machine redirector
RD Connection Broker successfully processed the connection request for user DOMAIN\user. Redirection info:
Target Name = RDS02
Target IP Address = 10.33.12.26, 10.33.12.32
Target Netbios = RDS02
Target FQDN = rds02.domain.local
Disconnected Session Found = 0x1
Session for user DOMAIN\user successfully added to RD Connection Broker's database.
Target Name = rds01.domain.local
Session ID = 18
Farm Name = RDS
I might have missed something obvious, but I haven't found the cause. Is the problem that the LB IP is listed in the Target IP Address, so the client might be instructed to connect to that IP? IN that case, can I control which IP addresses should be included in the Target IP Address list?
So the crux of the issue is this: NLA does not allow users with expired passwords or whose account has been configured to require a password change on next logon to log into a Remote Desktop Server.
Requirement: Enable SSL/TLS for RDP connections to provide RDS host identity validation and use "current" encryption standards
Background: We have a fairly large number of remote users in a BYOD situation where the user does not EVER have direct access to the corporate network from a corporate device on the network. When setting up a new user we require that they change their password upon initial login. When using the RDP security layer, this is fairly straight forward as they can provide their credentials and are immediately prompted to change their password. However, if SSL/TLS or negotiate is selected, the connection fails indicating the password is expired without any prompt to change it.
Documentation on this is a bit unclear, however it all seems to indicate that this should ONLY be an issue if NLA is REQUIRED. However, in my experience NLA is used if it is supported and there is no mechanism in place for the connection to "fall back" to the RDP security layer and the connection just fails. One oddity to note is that Windows Server 2003 allows either the RDP Security layer or SSL/TLS to be used but does not support NLA. To me this would seem to indicate NLA is separate from SSL/TLS and that there should be the ability to utilize SSL/TLS WITHOUT NLA. I am aware that there are "patches" available for this issue but I am also aware that they 1) only change the error message displayed on the client side and 2) only enable the password change functionality via RDweb. We are not interested in using RDweb and are looking for a solution to the problem above.
In summary, looking for a way to enable SSL/TLS but to disable NLA. Alternatively, if there is a solution to allow the connection to fallback to the RDP Security layer if NLA fails, I would happily accept that as well. Thank you all in advance for any assistance you can provide.
I'm trying to verify if DNS is configured properly.
I have a customer with two 2012 R2 servers with RDS installed. Server1 has all roles but gateway. Server 2 has all roles but licensing. A public certificate is in place for remote.domain.com.
Public DNS points remote.domain.com to IP 74.xx.xx.xx. Shouldn't the firewall translate that public IP to the private IP of Server2 which is the gateway?
Private DNS and an A record for remote which points to Server1, not the gateway which is Server2.
Server2, the gateway, has the Resource Authorization policy set with a group that includes Server1's private IP, NetBIOS name, FQDN, and remote.domain.com.
In the RD client I have the Access Anywhere configured as remote.domain.com. On the General tab I have the name as Server1 and I can connect to it. If I put remote.domain.com on the General tab my connection attempt is rejected. I thought I would be able to connect to either computer name as the gateway has that in the RAP.
Any ideas if private DNS is configured incorrectly and if so, how it should be configured? Also why can't I connect to Server1 by using remote.domain.com as the computer name instead of Server1 in my RD client?
Jonathan
I'm using RDCMan and it has been using a lot of memory and crashing. With 12 connections it uses 1,548,976 K of memory and crashes with an "Unhandled exception" "Not enough storage is available to process this command. (Exception from HRESULT: 0x80070008)." I love this program and want to know if there's a way to fix this on my end. It seems like other people are not having this issue. I'm running a fresh install of Win7 Ent. I have .NET 3.51 and 4 installed. Do I need to installed .NET 2.0?
Here is the info from the crash:
See the end of this message for details on invokingWe're trying to configure our RD Session Collection to use a CIFS share from our EMC VNX to store the User Profile Disks. However, we're running into an RPC error when trying to create it. After searching here a lot of posts seem to conclude that it can't be done with a non-Windows file server solution (even though this VNX definitely supports SMB 3.0, and is configured to use SMB 3.0). What I don't get is why this MS article mentions "User profile disks can be stored on Server Message Block (SMB) shares, cluster shared volumes, SANs, or local storage."if it really can't be done by using a SAN in the logical way you normally would with a VMware environment: http://blogs.msdn.com/b/rds/archive/2012/11/13/easier-user-data-management-with-user-profile-disks-in-windows-server-2012.aspx
This forum post pretty much says the same thing about not being able to use an EMC VNX: https://social.technet.microsoft.com/Forums/en-US/8bf3ac9a-46a6-41de-b834-fb9832e1e8b0/user-profile-disk-on-emc-vnx-storage?forum=winserverTS One person in that thread mentions using a Windows scale-out file server cluster in VMware vCenter (I'm guessing using a SAN/NAS as the back-end). Is this really the only recourse we have if you want highly available UPD while still using your NAS?
I'm attempting to install the RD Web Access role service to test a VDI deployment but the installation keeps failing. I get the following error:
Exception of type 'Microsoft.RemoteDesktopService.Common.RDManagementException'was thrown.
As anyone else come across this error? Any help would be appreciated.
Thank you.
Martin.
Hello, I am trying to add the TSPortalweb part and am having some difficulty.
I have the following setup
Wss 3.0 sp1 server on windows 2008 std sp1
2008 R2 Terminal Server running remote web app feature
My sharepoint server has .net 3.5sp1 and is running sp1 of wss3.0.
The isntructions online here are for .net 3.0 and wss 3.0 sp1
http://technet.microsoft.com/en-us/library/cc771354(WS.10).aspx
Since my sharepoint server has .net 3.5 and NOT 3.0, I found what I think is the new entry in my web.config file on my sharepoint server to load the correct tsportal web part.
" <SafeControl Assembly="TSPortalWebPart, Version=6.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" Namespace="Microsoft.TerminalServices.Publishing.Portal" TypeName="*" Safe="True" AllowRemoteDesigner="True" />"
However when I do this and create the corresponding images directories (with access rights to network service account), the web part does not show up as an option to add in the sharepoint web part listing and I get the following error in my event log
Error: Failure in loading assembly: TSPortalWebPart, Version=6.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
I don't know much about .net but since my sharepoint server is a production system, I dont want to install .net 3.0 since I already have 3.5.
I also dont know if Im making the proper entry into the web config.
Any suggestions or links to documents that work with my setup would be appreciated. Thanks.
Hi ,
I have windows 2003 Enterprise R2 with Terminal server role installed , I am not able to Remote desktop below error is faced when taking RDP
Error : Remote Desktop cant connect to the remote computer for one of these reasons:
1) Remote access to the server is not enabled
2) The remote computer is turned of
3) The remote computer is not available on the network
Make sure the remote computer is turned on and connected to the network and that remote access is enabled
I have an issue that's limited to specific computers.
Users can log into the RDS site just fine. They can see all of the applications, but when they try to run the applications, they're prompted for a user name and password, and no matter what you put in there, it doesn't work. This is true for all of the RDS applications.
This is defiantly PC related, because the same person can work just fine on another computers.
I have about 300 computers that are having this issue. I've tried looking into port conflicts, but the port usage for port 3389 is the same on working and non-working PCs. I would welcome other troubleshooting ideas.
I'm trying to set up user profile disks for a Session based Remote Desktop Services deployment in Windows Server 2012R2.
I have two servers configured as session hosts in a single session collection.
I have a third server with the broker and gateway roles installed, and some additional storage provisioned to store the user profile disks.
On the third server I have created a share named \\hostname\userprofiledisks and assigned Everyone Full Control on the Share Permissions, and the two host servers Full Control on the NTFS permissions.
When I attempt to enable User Profile disks using this configuration I receive the error message: Could not create the template VHD. Error Message: -800391115. I am attempting to apply the settings while logged as a Domain Admin. I have tried re-creating the share, rebooting all servers, and verified all permissions.
I can't find references to this error anywhere online. Can anyone suggest what I might try next to get this working? Or at least what this error means?
Hello,
I was wondering if someone could explain how the RDS licensing works in Per User mode. I am a little confused as to how to determine whether we are reaching our installed CAL limit or not. As I understand it RDS User CALS are not assigned per user, an unlimited number of users can connect, whereas a device CAL is assigned per device. If this is the case, then how can I tally up how many RDS User connections we have and compare against the CALS installed. Currently our license server shows the following, I have inherited this system from an outsourced provider setup so Ii don’t really know exactly what they have done. This information is displayed under the RDS licensing server manager in 2008 R2
License Version and Type License Program Total Licenses
Windows 2000 Server - Built-in TS Per Device CALS Built-in unlimited
Windows Server 2008 or Windows 2008 R2 RDS Per User Open 5
Windows Server 2008 or Windows 2008 R2 RDS Per User Open 46
There is another column to the right of these which indicate how many have been issued, there is no figures in this column for any of those license types shown. I am assuming that the built-in line is for the two admins which can connect from an unlimited number of devices. If I run a report and cover the entire domains and trusted forests it comes back with a CSV file which only contains half a dozen user names in it, despite the installed quantity showing 51, it shows that I have 13 available – how can I find out where the other 38 have been assigned and how can I tell if they are being used or not?
Many thanks
Steve
I have a workstation trying to map the COM ports to the RD session which is hosted on a Hyper-V 2012 R2 as virtual machine (GEN2). No matter what I do, the port doesn´t appear in the device manager. Group policy is configured to always allow COM/LPT ports redirection. The server and workstation is temporarily connected on the same network. COM port on the workstation is not emulated in any way. On the workstation the COM port is labeled as COM9, initially tried with the COM1. No errors in the event log.
Any ideas what´s wrong?
Guys, Gals,
I have a Terminal Server 2012 service running, and I would like the default location of authenticated users to change from C: to say E: drive in our server. Right now when users connect, their Home Folders are assigned at C:, I would like all their data
to be stored in a bigger partition E:
I know that I have to do it thru the DC server, but I can't seem to find the right Policy location.
Any help is greatly appreciated.
TIA.
Hello everyone,
We host a remote desktop environment for customers consisting of a Windows 2012 R2 Session Broker connecting to Terminal Servers 2012 R2. Clients run mostly Windows 7 and some Windows 8 machines (up-to-date) with Remote Desktop Connection 6.3.9600.
The following situation occurs:
When clients connect through the Remote Desktop Gateway (our Session Broker) and try copying a file from \\tsclient to the terminal server, the RDP connection disconnects and reconnects. The file transfer has been aborted with error message"Error 0x800703E3: The I/O operation has been aborted because of the closing of a thread or because of a command from an application" (Freely translated into English). Choosing Retry from the dialogue option results in a different
error message: "Insufficient memory is available to complete this operation."(Again, this is a translated message.)
This problem only occurs when copying files larger than 2,5MB (estimation). Smaller files will be copied correctly.
This problem does not occur when connecting directly (no RD Gateway) to the terminal server.
Using drag-and-drop to copy the files has no different effect.
Can anyone assist me resolving this issue? If there is need for more information, please let me know.
Auke, Netformatie
Good day All
Server Setup (server hosted externally)
1x Hyper V Host (static)
1x VM DC - DNS/(integrated with AD) (static)
1x VM RDS - Domain Joined (with all roles for a RDS server) (static)
--------------
mydomain.com (registered public domain name)
DNS name servers of hosting provider : dns1, dns2 & dns3
---------------
I am having difficulty in configuring my public domain name (first time registering a public domain name, had to implement SSL) to resolve to remote.mydomain.com so that users can access Remoteapps externally via Rdweb . I am able to successfully access remote apps internally on RDS & DC servers via Rdweb with certificates successfully configured but I am not getting anything right externally.
I am 99% sure that this is a DNS issue between my server and the hosting provider. What should my DNS settings be on my internal server (DC) and what configurations should I make/request regarding the hosting provider?
Do I have to setup my own nameservers and ask the hosting provider to update the name servers for the domain at the registrar in their root? Or can I not make use of their DNS servers (dns1,dns2&dns3) to handle the DNS service for the domain? My attempts so far to resolve the matter has just confused me and I am not sure any more as to the details of setting this up.
Any feedback and instructions much appreciated...
Dear all,
I get the error "The user profile Service failed the logon - User cannot Be Loaded" on a Server 2008 R2 RDS on some profiles.
My architecture is composed of 3 RDS server NLB.
Here are the actions that I have taken:
1/ Boot in safe mode with CHKDSK / F / R
2/ Check the "user profile login" service works and never stops.
3/ Kb followed this by removing .bak put the refcount = 0 and the state = 0 https://support.microsoft.com/en-us/kb/947215/ it’s works but after some time still the same error The user profile Service failed the logon - User cannot Be loaded "or temporary profile.
4/ Reapply the rights to C:\users\default
5/ Compress hives:
C:\ windows\system32\config\default
C:\ windows\system32\config\sam
C:\ windows\system32\config\security
C:\ windows\system32\config\software
C:\ windows\system32\config\system
C:\ windows\system32\config\components
6/ when I deletethe corruptedprofile andIcreate a new profileI alsoerrorcoming back.
Thanks in advance.
Hello,
I have a sound issue with a 2008 server (32 bit). I'm monitoring the server via an RDP-Session that's up and running 24/7. Sometimes, the audio-output on the Client PC (Win 7 pro, 32 bits too) fells silent. Sound on the ClientPC itself (outside the RDP-Session) is fine, within the Session everything seems to be okay (volume control, Microsoft RDP Audio Device), just there is no sound. If I close the Session and reconnect, sound is back - sometimes for a day, sometimes for a week... Audio in the Console-Session or in other RDP-Sessions at the same time is flawless.
The WAN-Link between the two sites is a bit shabby, but as long as the session itself doesn't break I don't see a reason why a few beeps shouldn't come through.
After searching for a solution for a while now I have found hundreds of threads and solutions for no sound in RDP-Sessions at all, even a MS-Hotfix for shabby sound - but obviously I'm the only guy with such a problem.
Ideas anyone?
Thanks.