Hello,

We are trying to setup RDS to allow users to connect to a Remote Desktop Server both internally as well as external.
However when the gateway/broker is redirecting the user to the session host we get a certificate warning. Depending on the config it is either a untrusted certificate (the self-signed cert) or a name mismatch (.local domain <> public domain name)

Environment details:
- All Windows 2012 servers
- 2 servers running RD Gateway, RD Connection Broker and RD Web Access in HA
- Gateway and Web Access is setup as HA using NLB with a dedicated NIC.
- Broker is setup as HA using DNS Round Robin.
- Internal DNS name for Gateway has been added to internal DNS. Public DNS also published.
- We have bought a wildcard certificate from a trusted CA and applied it to all roles (GW, CB SSO, CB Pub., WA) and gateway manager. All show as Trusted and OK.

What I have already tried:
- Used TP's powershell script to change the published FQDN.
- Used a WMI script to input the certificate for the Session Host (SSLCertificateSHA1Hash in the registry).
- Used a MS Fixit that seems to do the same as the WMI script.
- Used the Set-RDSessionCollectionConfiguration powershell command to modify the CustomRdpProperty of the session collection with "use redirection server name:i:1 `n alternate full address:s:broker.domain.com".

I'm testing with Windows 7 machines that have version 6.3.9600 of mstsc installed. Shows RDP 8.1 supported.
My home machine running Windows 10 is having the same issues.

Some of these solutions seem to work at first as the certificate error disappears, but after a while it comes back.
Don't know what I'm missing here as these solutions seem to have helped people with this particular issue already.

Thanks for the input.

Kind regards,
Dennis

Hi everybody!

Connection broker is logging error with Event ID 1306 (Remote Desktop Connection Broker failed to redirect the user domain\user Error:NULL) while client gets an error "The connection was denied because the user account is not authorized for remote login." after depoymnet of RDS with HA Connection Broker. 

While deploying RDS I did not receive any errors or warnings. 

I tried to find solution on internet but it seems like none of suggested works for me. 

I tried to do following:

1. I double checked network connections between RDSH and RDCB.
2. Checked DNS.
3. Tried to add Connection Brokers to Windows Authorization Acces Group. 

4. Checked if a uses are members of Remote Desktop Group.
5. Tried to find errors in logs on SQL Server. Found nothing. 

6. Tried to recreate Collection several time without any success.

...

I can run apps from Web Access without problem, but cannot connect via RDP client.

Any help would be appreciated.

Tnx.

Dia

Folks,

Just noticed this becoming an issue on a Windows 2012 R2 Terminal Server after the last round of Patch Tuesday updates stemming from August 9th, 2016.

Typically, I'm rebooting the server every 24 hours to over-correct the issue - rebooting not being the best option here.  

In previous discussions, it's advised to remove KB3002657 or KB3035132 from the server.  Is this still the best option to restore full functionality even with the last round of patches and updates? Just to confirm, we are not using webroot as an AV solution. 

Hi,

We faced with the problem: when administrator disconnects from his shadow session, language bar in user's session disappears (hot keys stop working too).

Hardware/Software:
1. Clients: Win8.1 (pc), WinCE (thinclient)
2. Servers: Win2012R2 (all hotfixes have been installed)
3. Roles: RDS
4. Administrators' pc: Win8.1 (pc)

Steps to reproduce:
1. Users open their sessions. Language switching works fine, language bar is on its place.
2. Administrator connects to active session with command: mstsc /v:%HOSTNAME% /shadow:%SESSIONID% /control /noconsentprompt
3. User's issue resolved. Administrator closes his shadow window and language bar disappears in the user's session (hot keys also stop working). User has to logoff and then logon again.

I found that the Remote Assistant has the same issue too (msra /offerRA %USERPCNAME% -> Help -> Disconnect -> lang issue).

May be someone faced with the same issue too?
Thank you for your help.

Hi,
I have trouble logging in remote desktop to a Windows 2008 STD SP1.The server is in the domain. Something strange happens, often I can not login with a domain user but only with the local administrator, and sometimes use the same user domain without any problems in accessing remote desktop.Event viewer when the machine fails to login, I find the following error:

EVENT ID: 4625

Log Name:     Security

Source:       Microsoft-Windows-Security-Auditing

Date:         8/24/2010 10:52:04 AM

Event ID:     4625

Task Category: Logon

Level:        Information

Keywords:     Audit Failure

User:         N/A

Computer:     wbrdvpx40.webred.personal

Description:

An account failed to log on.

Subject:

           Security ID:                NULL SID

           Account Name:                     -

               Account Domain:                           -

               Logon ID:                           0x0

Logon Type:                                     3

Account For Which Logon Failed:

               Security ID:                       NULL SID

               Account Name:                              Administrator

               Account Domain:                           WEBRED2000

Failure Information:

               Failure Reason:                               Unknown user name or bad password.

               Status:                                0xc000006d

               Sub Status:                       0xc000006a

Process Information:

               Caller Process ID:           0x0

               Caller Process Name:    -

Network Information:

               Workstation Name:       ANTONIO

               Source Network Address:          -

               Source Port:                     -

Detailed Authentication Information:

               Logon Process:                NtLmSsp

               Authentication Package:            NTLM

               Transited Services:         -

               Package Name (NTLM only):     -

               Key Length:                      0

This event is generated when a logon request fails. It is generated on the computer where access was attempted.

The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).

The Process Information fields indicate which account and process on the system requested the logon.

The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

               - Transited services indicate which intermediate services have participated in this logon request.

               - Package name indicates which sub-protocol was used among the NTLM protocols.

               - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

  <System>

    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />

    <EventID>4625</EventID>

    <Version>0</Version>

    <Level>0</Level>

    <Task>12544</Task>

    <Opcode>0</Opcode>

    <Keywords>0x8010000000000000</Keywords>

    <TimeCreated SystemTime="2010-08-24T08:52:04.983Z" />

    <EventRecordID>120934</EventRecordID>

    <Correlation />

    <Execution ProcessID="696" ThreadID="788" />

    <Channel>Security</Channel>

    <Computer>wbrdvpx40.webred.personal</Computer>

    <Security />

  </System>

  <EventData>

    <Data Name="SubjectUserSid">S-1-0-0</Data>

    <Data Name="SubjectUserName">-</Data>

    <Data Name="SubjectDomainName">-</Data>

    <Data Name="SubjectLogonId">0x0</Data>

    <Data Name="TargetUserSid">S-1-0-0</Data>

    <Data Name="TargetUserName">Administrator</Data>

    <Data Name="TargetDomainName">WEBRED2000</Data>

    <Data Name="Status">0xc000006d</Data>

    <Data Name="FailureReason">%%2313</Data>

    <Data Name="SubStatus">0xc000006a</Data>

    <Data Name="LogonType">3</Data>

    <Data Name="LogonProcessName">NtLmSsp </Data>

    <Data Name="AuthenticationPackageName">NTLM</Data>

    <Data Name="WorkstationName">ANTONIOZAZZARO</Data>

    <Data Name="TransmittedServices">-</Data>

    <Data Name="LmPackageName">-</Data>

    <Data Name="KeyLength">0</Data>

    <Data Name="ProcessId">0x0</Data>

    <Data Name="ProcessName">-</Data>

    <Data Name="IpAddress">-</Data>

    <Data Name="IpPort">-</Data>

  </EventData>

</Event>

How can I fix this problem??

We have two servers:

• Server 2012 R2 RDS 
• Server 2008 R2 RDS

Users are constantly reporting being unable to change their screen resolution. After some digging, the reason they're trying to change the resolution is because their text is too small to see. DPI scaling is obviously the answer, but when users go into the setting it is greyed out and cannot be changed.

Now, for Server 2008 R2, I've found this link:
http://support.microsoft.com/kb/2726399/en-us

Does this hotfix actually do what I suspect/hope/blindly-pray it will do? Does it re-enable the DPI options if connected via RDP? The article doesn't actually say what it does, just that it will "fix" the issue.

Next, for Server 2012 R2, I've found this link:
http://blogs.msdn.com/b/rds/archive/2012/06/13/remote-desktop-services-what-s-new-in-windows-server-2012-release-candidate.aspx

The second last section mentions "Support for Changing DPI in Remote Sessoins." Having logged into this RDS server, this is not the case, the setting is greyed out just like in Server 2008 R2.

1. What needs to be done to get this working on both platforms? My end result is I want users to log in and be able to go into the preferences, move the DPI slider to their desired text size and fix their problem without resorting to workarounds like decreasing the resolution of their local PC to increase the apparent size of text.
2. If this isn't possible, is there a way to configure RDS to run at a lower resolution permanently but to stretch to fit any screen resolution? Right now, if you drop the resolution on an RDP session, it just takes up part of the user's screen. In the newest RDP clients, I notice the Smart Sizing option, but it apparently isn't "smart" enough to stretch higher than the base resolution of the session.

I've looked through literally years of forum posts and articles and nothing seems to point at a user-friendly fix such as take the slider, choose your size, done.

Hi,

Is there any way to specify multiple RDS License Servers (or add an additional one) with powershell?

Tried:

$obj.SetSpecifiedLicenseServerList("srv-rds-lic01.local.net","srv-rds-lic02.local.net")

and:

$obj.SetSpecifiedLicenseServerList("srv-rds-lic01.local.net,srv-rds-lic02.local.net")

Specifying one entry works without any issues.

Thanks.

Hi,

After looking at other threads, I couldn't find an direct answer to this problem.

For a very SMB client (max 5 RDP sessions, first and only server) I'm trying to install a single box running  WS2012 Foundation  (single DC) as recommended in this KB article (http://support.microsoft.com/kb/2833839) and I'm stuck in step 8 while trying to configure the Remote Desktop Session Host role with to use the localRemote Desktop Licensing server.

The Powershell command fails with the following errors:

PS C:\Users\Administrateur> $obj.SetSpecifiedLicenseServerList("LicServer")
Exception lors de l'appel de « SetSpecifiedLicenseServerList » : «  »
Au caractère Ligne:1 : 1
+ $obj.SetSpecifiedLicenseServerList("LicServer")
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : WMIMethodException

Thanks for any help

Jeff

I get either this error in the quick start deployment:

Failed:
Unable to install the role services. ArgumentNotValid: The role, role service, or feature name is not valid: 'rds-virtualization'. The name was not found.

Or

Failed:
Unable to install RD Virtualization Host role service on server DC-BOZ-01.BOZIEDOIL.local ArgumentNotValid: The role, role service, or feature name is not valid: 'rds-virtualization'. The name was not found.
Unable to install RD Virtualization Host role service on server DC-BOZ-01.BOZIEDOIL.local Exception of type 'System.Exception' was thrown.

All other RDS services including licensing are working and licenses installed. Hyper-V is installed and basic VM configured ok. Just cannot get a Virtualization Host configured to get users to it.

Ooo, yikes. everything else in RDS was working now it is blank.

Help!

I have set up Remote Desktop Services on a Windows 2012 R2 Server.  Internally everything is working as expected.  The next stage is to get it to work via DirectAccess. 

I can log into DirectAccess as me (member of the Domain Admin group) and get to the RDWeb page,  but when I click on the RemoteApp Program,  I get the "Remote Desktop can't connect to the remote computer for one of these Reasons:  etc."

But if still logged into DirectAccess as me, I log into the RemoteApp program as the Domain Administrator it all works as it should.

Anybody have any ideas?

I am receiving this error when recreating my virtual machines:

"The request to create the virtual desktops in 'my collection name' failed with the following errors:

Could not export the virtual desktop template 'template name'. Exception of type 'Microsoft.RemoteDesktopServices.Common.RDManagementException' was thrown."

Does anyone have an idea? any help will be much appreciated.

Kind Regards.

hello

setup as follows:

1 x windows 2012 r2 server acting as RDS

1 x windows 2012 r2 server acting as RDG

same subnet

gpo acting on RDS but only computer config - admin templates - windows components - terminal services - terminal server - device and resource redirection -- do not allow com port redirection, do not allow smart card device redirection and do not allow supported plug and play device redirection

RDG has CAP that allows device redirection for all client devices

however, when i connect to the RDS from my windows 10 machine (via the RDG), no local drives have been redirected.

also, if i log onto the main File server then from that, rdp to the RDS directly, still no redirected drives.

yes, i've checked that drives are checked on the remote desktop client.

any ideas?

Greetings and welcome to this thread.

We have consequently been experiencing errors with RDS 2012 R2 User Profile Disks / UPD's not detaching after user logoff in brand new Remote Desktop Services 2012 R2 collections.

As an example we have this enviroment:

DCSRV01 - Domain Controller

DCSRV02 – Domain Controller

FILESRV01 – Fileshares and User Profile Disks

RDSGW01 – RD GW

RDSSB01 – Session Broker

RDSSB02 – Session Broker

RDSSH01 – Session Host

RDSSH02 – Session Host

ADFS01 – ADFS

WAP01 – WAP

Only 3^rd. Party application installed on the session host is Office 2016 Click-To-Run with shared activation. (GPO for SSO activation etc.)

Consequently User Profile Disks does not detach upon logoff using the newest build of the Click-To-Run Service.

We have tried with multiple builds of Office 2016, and downgrading. 

If we disable the C2R service or uninstall Office 2016 C2R completely the UPD’s will detach just fine upon logoff.

We have a bunch of setups like the above where we can produce the issue. However we also have one older setup, with an older version of Office 2016 C2R, that does not seem to produce the issue. However all new setups produce this.

Has anyone experienced issues comparable to this?.

We also have setups with many users running both Office 2010, 2013, 2016 Non-C2r versions on both 2008 R2 and 2012 R2 without any issues at all whether we’re using UPD or Roaming Profiles.

So it seems like there is some issue/bug with the newer versions of Office 365 C2R and User Profile Disks / UPD.

Hope for some well shared knowledge, tips or bugfixes for this :-)

All the best, Jesper Hassing - MCTS SCCM 2012 - MCSA 2012 Server - MCP

Double clicking on a print server queue, a regular user can trigger installation of a printer drivers through "point and print".

This shouldn't be allowed. Only administrators should have rights to write (or trigger writing) in C:\Windows\system32\spool\DRIVERS\

At least this was not allowed in W2008 R2 RDS.

I have some apps that are TZ sensitive on our 2012 RDS farm, as such TZ redirection is enabled in group policy.

The issue I have is one particular app requires the user TZ to match the local server which is in AU.  I have users in NY and other US regions using this app and they get TZ errors from the app because their local date differs from the server date.

Because the client redirection is a computer setting in GPO I can't turn off TZ redirection for specific users.  I've tried creating a targeted login script that runs TZUTIL and sets the zone to AUS +10 however I find this is hit and miss, sometimes it works sometimes not or it works the first time but if they reconnect it goes back to their local time. I've also seen it change the TZ to AU time when you first login but then 10 mins later it changes back to the remote clients TZ

Any suggestions how I can overcome this. 

I understand that the config may be mutually exclusive for the apps that require AU time and others that need actual local time but this is OK, the users of the apps are different roles and need one or the other.

We have a remote desktop solution which integrates RemoteApp as a way to launch applications remotely. We would like to do a scalability test with about 750 users launching multiple applications. 
Can someone tell me if there is any way or solution to perform this kind of load test? 
We were thinking in LoginVSI, but it seems they dont support yet RemoteApps (they do with XenApp I think, but not with RemoteApp)
Someone also recommends here Remote Desktop Load Simulation Tools, but it seems this tools only simulates RDP connections to the SessionHost, opening RDP sessions to the server and sending keyboard events and so on, but we want to simulate the whole process of opening the application in the client side and working from there somehow.

Any idea it would be very apreciated since I cannot find many information about this.
Regards,
Gabriel.

Hi, I have a collection made of two session hosts servers in a RDS 2012 R2 deployment. My clients get connected to one or the other session host server through an rdp file that points to a specific session host (mstsv /v <name>). I noticed that after that some client connects to the host 1, next clients that try to connect get an error of connection similar to "Cannot connect to host one, you will be redirected to host 2". But actually it doesn't get connected. 

I know it is related to the load balancing mechanism that Remote desktop services uses by default. But why does it fail to connect? If I connect directly to the "host2" I get connected correcly.

Thank you,

Francesco B.

Could someone suggest what Windows Server platform to use to provide a single box Terminal Server/Remote Desktop server for about 5 users to remote into simultaneously

Prefer to have only 1 server if possible that will do some basic file sharing and host virtual desktops for up to 5 remote users. Will just be running MS Office for the most part.

Would prefer to not run Hyper-V or similar -- looking for simplest and cheapest but efficient, not against spending the money to do it right but trying to keep it simple.

Thanks in advance for any of your advice