I am getting ready to purchase windows server 2016 essentials for a small business. Because of our accounting system, we need to have 6 concurrent remote desktop connections to one server. We are currently running 2012r2 essential evaluation, which limits
us to 2 connections. Before plunking down cash for 2016 essentials (or breaking my currently running setup to try 2016), I need to know how many remote desktop connections windows server 2016 essentials allows. Can anyone point me to documentation telling
me what i need to know? Thanks in advance!
↧
Remote Desktop Connections in Server 2016 Essentials
↧
Remote desktop services (termsvcs) high cpu Server 2016
Hi.
I've migrated a Server 2008 R2 (Hyper-V VM) to Server 2016.
After that, I've noticed Remote Desktop Services (termsvcs) uses 20-30% CPU.
I've other Server 2016 VM's and CPU usage is less than 1%.
How can resolve it?
Thanks.
↧
↧
RD Gateway on Windows 2016 Two Factor Authentication
I need to setup AD with 2 Factoru authentication. The RD Gateway server is in DMZ in standalone environment. Is there a way/solution to setup 2F authentication?
↧
Restrict RDS users from copying or deleting files, but keep rights to edit files
Hello,
I have several Server 2016 VMs and AD users (customers) connect with RDS and run an Access DB with Remote App. If a tech savvy user with dubious intentions finds his way to the desktop, he can navigate to the folder the DB is in and copy or delete the files.
Is there a way to prevent copying or deleting files but still let use of the DB?
Thanks
↧
A remote desktop services deployment does not exist in the server pool
Hi
Have Problem after i removed all remote desktop services and installed them again
It's maybe a domain problem because if i make a new server i just getting same error any idea's?
Can't rdp to the server getting error 802/RD connection broker failed to process the connection request for user domain\Username. element not found.
Running 2012 R2
Roles installed on server:
Remote Desktop connection broker
Remote Desktop Session Host
↧
↧
Bypass the RD Gateway for local addresses - Direct Access + MFA
I've stumbled upon a problem regarding that Windows 10 (1803) Direct Access client does not utilize the function "Bypass the RD Gateway for local addresses" when using RDWeb Remote Apps. The reason why we want to utilize the bypass feature is because
we enforce MFA for external users but don't want it for Direct Access clients.
When using the same Direct Access client with a standalone mstsc.exe and entering the rdcb.contoso.com as the target computer and rds.contoso.com as the gateway with the setting "Bypass the RD Gateway for local addresses" it works, no MFA is enforced for the user.
We have the following setup. The server names and IP-addresses are fictive.
2 nodes RDGW & RDWeb (Server 2016) - SE003.contoso.com and SE004.contoso.com
2 nodes RDCB (Server 2016) - SE005.contoso.com and SE006.contoso.com
2 nodes Azure MFA Server (Server 2016) - SE008.contoso.com and SE009.contoso.com
1 node Direct Access (Server 2016) -SE010.contoso.com
The MFA solution is setup using RADIUS + NPS.
We use Split-DNS.
(RDGW & RDWeb) rds.contoso.com - Externally points to Loadbalancer 12.13.14.15 and internal points 10.1.1.3 and 10.1.1.4 (No LB).
(Direct Access) da.contoso.com - Externally points to Loadbalancer 12.13.14.20 and no internal record.
(Connection Broker) rdcb.contoso.com - Externally points to no record andinternal points 10.1.1.5 and 10.1.1.6The whole *.contoso.com is present in the NRPT-table with nls.contoso.com and da.contoso.com as the only excluded entries.
We only use IP-HTTPS for Direct Access.
When we use Test-NetConnection -ComputerName 'rds.contoso.com' -Port 3389 from a Direct Access client the test is successful. When we disconnect the Direct Access tunnel and run the same cmdlet it's not successful.If we change the ComputerName/DNS to rdcb.contoso.com the test is also successful when the Direct Access tunnel is up.
Anyone?
Can this be related?
https://social.technet.microsoft.com/Forums/es-ES/e23a8b8d-f84d-4bb5-aad6-211d83a9aa89/windows-10-1703-breaks-remoteapp-remote-desktop-gateway?forum=winserverTS
↧
HowTo Server 2016: Clicking on link in an RDS session and having it open a browser on local machine
I've seen this asked before but haven't seen a definitive answer. A client is running in an RDS on Server 2016. They open Outlook within their RDS session and click on a link in an email. When clicking on the link, is it possible for that
action to be redirected to the local browser, instead of the browser in the RDS sessions? Hoping that over the years, a policy or setting has been added that allows for this.
The reasoning is that the RDS Server may not have the graphics hardware to support video streaming (such as YouTube), while the local client does.
Thanks!
Alan
↧
Create new restricted user folders
Is there any difference applying NTFS permissions directly on a volume vs on a folder?
I have terminal servers with 2008, 2012 and 2016 where people are working with restricted use data. There is a scratch volume for temporary files. When a user logs in the first time, a script runs that creates a folder with their name at the root of the volume. The Creator Owner user is set at the volume to have full control over subfolders and files only, so the new user is the only person who can get into their new folder (besides the server admins). None of these folders are shared out. That's been working as intended.
I've created a new shared folder at the root called Transfer. I'm trying to replicate the process above so that users can transfer files from their desktop but still only have access to their own folder. I've set up the Transfer folder with the same permissions as the volume, but I'm not able to create my user folder under it when I log in with a non-admin user account. I get an "Access is denied" error.
Any thoughts? Thanks.
↧
Restrict to Remote Apps only
Hi,
I have several applications published by RemoteApps from Windows Server 2008 Enterprise to the internet. Port 3389 is open, and the clients have the programs packaged as MSI files.
I want to be able to prevent users from connecting to the normal desktop (ie. connect via standard RDP and get a full desktop) - so they can only run the specified remote apps.
I cant find any way of setting this.
Can anyone help?
Many Thanks,
Ben
↧
↧
Office Application hang issue on Terminal Server
Hi,
We are using Terminal Server installed on Win 2008R2 with Office 2013.
1.For Some users when they open Excel or Word and try to Print the Office application goes in to "not Responding" Mode and it crashes.
And on Event Viewer :
A)
The program Setup.exe version 15.0.4569.1503 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1370
Start Time: 01cf8ea12b2acfcb
Termination Time: 4
Application Path: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\Setup.exe
Report Id:
B)Faulting application name: msiexec.exe, version: 5.0.7601.17514, time stamp: 0x4ce79d93
Faulting module name: msi.dll, version: 5.0.7601.17807, time stamp: 0x4f80321a
Exception code: 0xc0000005
Fault offset: 0x000000000017bcbe
Faulting process id: 0xf9c
Faulting application start time: 0x01cf8ea0900c6fbc
Faulting application path: C:\Windows\system32\msiexec.exe
Faulting module path: C:\Windows\system32\msi.dll
Report Id: b08f40c2-fa94-11e3-949e-002564fa12d8
2.And When we select "Devices and Printers" Menu it won't display any Printers. And when we restart spooler service it display all the installed Printers. In Short users are unable to Print and office application gets hang.
3.For Some users Excel 2013 gives an pop-up window "Microsoft Excel is waiting for another application to complete an OLE action"
The Printers are installed on Terminal Server through Print Server.
I had tried with Repairing and reinstalling Office 2013 but still the same issue
And for some users they won't face such issue.
Have any idea why Office application is hang and none of the Printer is displayed under "Devices and Printers" ?
Thanks
↧
The remote session was disconnected because license store creation failed.............windows 8.1 machines
Hi there,
Our terminal server running on server 2008 was working fine till today the users started to have
the error while visiting the remote desktop via https://server.mydomain.com
****the remote session was disconnected because license store creation failed with access denied******* on windows 8.1. The clients using windows 7 are fine. I have checked the logs, no clue. I thought may be the license management would through some light, but that also is fine. I have a fear that we only had 40 licenses (user CAL) for our terminal server but the licenses management gives no clue.
Some points to note:
- If its the licensing issue then why windows 7 machines have no error.
- Tried to run this: no luck, it says it does not apply to your OS:
http://support.microsoft.com/kb/2782802
-Have no idea which one to pick from here:
http://technet.microsoft.com/en-us/library/cc756826(v=ws.10).aspx
-Cannot find MSLicensing Key here:
http://www.windowsclever.com/windows/windows-server-2008/remote-desktop-licensing-error-messages.html
Need help please.
Our terminal server running on server 2008 was working fine till today the users started to have
the error while visiting the remote desktop via https://server.mydomain.co
****the remote session was disconnected because license store creation failed with access denied******* on windows 8.1. The clients using windows 7 are fine. I have checked the logs, no clue. I thought may be the license management would through some light, but that also is fine. I have a fear that we only had 40 licenses (user CAL) for our terminal server but the licenses management gives no clue.
Some points to note:
- If its the licensing issue then why windows 7 machines have no error.
- Tried to run this: no luck, it says it does not apply to your OS:
http://support.microsoft.c
-Have no idea which one to pick from here:
http://technet.microsoft.c
-Cannot find MSLicensing Key here:
http://www.windowsclever.c
Need help please.
↧
RDS 2016 - Licensing Issue - Per Device - Warning at user logon
Hello guys,
I'm building a new RDS farm on Windows Server 2016. 2 servers with connection broker, gateway, web server and licensing role (ha mode) installed and 4 session hosts - all on WS2016Standard.
Licensing is configured on both licensing servers - licenses per device are added on both and is integrated with AD. No errors or warning pop-up regarding licensing (though RD Licensing Diagnoser is no longer available in WS2016 apparently). Licensing servers are activated and integrated with AD.
We changed the licensing mode from per user to, per device (an initial mistake). For this change we rebuild the RD licensing database and re-added the per-device licenses. Next we changed the deployment properties 'RD Licensing' mode: we removed both lic servers and re-added them with per device licensing mode.
If we logon with our test users (5 of them) we all get this error. It states: "There's a problem with Remote Desktop Licensing - There is a problem with your license for Remote Desktop and the session will end in 60 minutes. Contact your system administrator to resolve this issue".
Just to be clear: no errors pop-up whatsoever in Group Policy, System, Application and Administrative Event Logs on the Terminal Servers and connection broker servers.
Any guidance on how i can troubleshoot this please?
↧
Windows Servr 2016 RDSH - Firewall rules created at every login.
Hi,
I have a setup with the following servers running Windows Server 2016
1x RDGW, RDCB, RDWA, RDLicensing.
5x RDSH
Im using UPD on the collection.
I have noticed very long login times, after policys etc are shown on screen it sits at a black screen for between 20sec and sometimes up to 5min.
I have also noticed that the svchost.exe that controls the Windows Firewall is using 25% to 50% when a user logs in and using around 1200Mb memory.
After I found this I checked the Windows Firewall with Advanced Security and found thousands of Cortana, Work or school account, Your account, Contact Support rules.
I found a script in this thread that could delete the rules https://social.technet.microsoft.com/Forums/windows/en-US/9aad7675-d1ba-4900-9d85-0cd117f5514f/new-firewall-rules-created-for-each-user?forum=win10itprosetup
This made the CPU usage and memory usage go down to normal levels, but after every login a user does it builds up the list of rules again. With many users logging in to the system the rules build up very fast and the login times gets high and every server gets slow.
Example on our RDSH01 server that have been running in production since 2017-04-13 the script found and deleted 66153 rules that it found with "$Rules = Get-NetFirewallRule -All | Where-Object {$profiles.sid -notcontains $_.owner -and $_.owner }"
The script also tryed to get rules with this command "$rules2 = Get-NetFirewallRule -All -PolicyStore ConfigurableServiceStore | Where-Object { $profiles.sid -notcontains $_.owner -and $_.owner }" but fails with an "not enough space error"
The script removes the rules from here with the content of $rules "HKLM:\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules"
and $rules2 was meant to clean up at "HKLM:\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System"
but doesnt do anything because of the error on the Get-command. If I try to access it with regedit it stops to respond, guessing there are too many items in that container for it to handle.
Anyone know a solution for this problem?
Regards Fredrik
↧
↧
Remote App Connection via RDS app
Hi all, I have an Access database deployed to remote users using RDWeb and all works great on laptops that are connected via direct access. However, I want to deploy a thinned down database to staff members phones.
I have created an RDP file that if I open on a windows mobile, or iOS with the Remote Desktop App and it all works well. I have changed the port of the connection and this matches up with the RDP port on the RD Server and using that short cut it works great.
However I cannot save this connection to the remote desktop software and have to accept the certificate and enter the credentials every time.
I have also changed the RDWeb port as (443 is used for direct access to a different server). The RDweb server on this port works great inside the office.
To set it up on the mobile device I have to add the application by clicking: Add New > Remote Resources. I enter the URL with the port that is forwarded and when I click find feed it just spins on "Preparing your remote resources..."
Is there anyway to save the RDP file into the Remote Desktop mobile app, or any suggestions on why the port forwarding to the RDWeb might not be working?
↧
Windows 2016 RDS thoughts. (and a question : RemoteApp w/o Broker)
Hi,
Microsoft drives us hard to use RD Broker, IIS etc.. But this is totally over killing my needs. For instance a RD Broker is a single point of failure, so you need actually two. IIS is a target for attacks. By using Roaming profiles, you need a file server, which is also a single point of failure, so you also need two, clustered. In addition you need to fine tune what part of the profile is roaming and what part is redirected. So you're ending up with an extremely complex infrastructure.
In the long run a complex infrastructure is more prone to failure IMO. So I like my RDS servers being autonomous entities. High availability being handled by the underlying virtualization infrastructure. (OK I don't have "ultra" high availability but my users and I can live without it.)
I know that we can install Remote Desktop Session Host role by going through a "Role based or feature based installation" instead of a "Remote Desktop Services installation". So far so good for Full Desktop access. (Expect that we are still missing the Remote Desktop Service manager MMC. )
But how to give access to a RemoteApp w/o installing IIS, RD Broker etc... ? (Note that I'm publishing RemoteApps internally, not to the entire world.... I don't need IIS, I'm happy with my GPO pushing the rdp files to my clients.).
↧
Remote
"Remote desktop can't find the computer "serverNameA". This might mean that "serverNameA" does not belong to the specified network. Verify the computer name and domain that you are trying to connect to."
So the above is the error I'm getting when using Win 10 remote desktop.
If I use serverNameA.contoso.com (FQDN) it actually connects perfectly! if I use IP address, it is also successful!
The server in question is part of another domain, a trusted domain. There are two to other servers on that other domain that i have no issues using Remote Desktop via their servername (ie: serverNameB, and SeverNameC).
Any help would be appreciated! Thank you!
-rudy
↧
Remote Desktop Gateway Port
Server 2012 with RDS. We have an apache server that forwards (reverse proxy) 443 connections to the appropriate server. However, it appears apache does not support rpc over https. So, when we launch a remoteapp resource using the webfeed.aspx, we get remote
desktop gateway is unavailable. If we change the port from 443 to x443 in remote desktop gateway manager and configure our firewall to allow port x443 to the RDS server, we get the same error. What is the correct way to setup RD Gateway in this environment?
Does the remoteapp on the client know to use the new port x443? I have removed the resources and reconfigured for the resources
I have confirmed the remoteapp piece is using 443 according to the apache ssl logs. How to use different port on remoteapp piece on client?
↧
↧
Remote Desktop user getting locked into a TEMP profile each time she logs in.
Hi everybody.
I work for a company that's supporting a non-profit crisis line, and there is a new 2008 R2 server running Remote Desktop services that they log into on top of their older servers.
On the older devices this one user can log in fine, but on the newer one she is stuck in a TEMP profile that deletes itself immediately after she logs out.
Here is a copy of the event logs.
Log Name: System
Source: Microsoft-Windows-GroupPolicy
Date: 3/7/2011 11:47:12 AM
Event ID: 1085
Task Category: None
Level: Warning
Keywords:
User: name\alison
Computer: UtilityBoxPrime.name.local
Description:
Windows failed to apply the Folder Redirection settings. Folder Redirection settings might have its own log file. Please click on the "More information" link.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
<EventID>1085</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>1</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2011-03-07T16:47:12.578720200Z" />
<EventRecordID>6513</EventRecordID>
<Correlation ActivityID="{0968A3DF-41B4-42B6-B5CF-23AA2D6E991E}" />
<Execution ProcessID="300" ThreadID="1188" />
<Channel>System</Channel>
<Computer>UtilityBoxPrime.name.local</Computer>
<Security UserID="S-1-5-21-2936736527-876100542-1019300941-1199" />
</System>
<EventData>
<Data Name="SupportInfo1">1</Data>
<Data Name="SupportInfo2">3961</Data>
<Data Name="ProcessingMode">1</Data>
<Data Name="ProcessingTimeInMilliseconds">1813</Data>
<Data Name="ErrorCode">1003</Data>
<Data Name="ErrorDescription">Cannot complete this function. </Data>
<Data Name="DCName">\\name-SBS.name.local</Data>
<Data Name="ExtensionName">Folder Redirection</Data>
<Data Name="ExtensionId">{25537BA6-77A8-11D2-9B6C-0000F8080861}</Data>
</EventData>
</Event>
I appreciate any insight into this.
Thanks.
-Tim
↧
How to change password in RDP session
In my situation all RDP clients are remote over the internet. their passwords expire every 60 days. How can the user change their password before it expires? CTRL ALT DEL will not work because it takes you to a password change on your local machine. Note
the users have no access to a desktop only a single application is forced to run through the user profile.
Lee
↧
Any way to customize/limit/set Microsoft Remote Desktop Licensing service port on Windows Server 2016?
Recently I had a weird problem on one of the Windows Server 2016 servers where Microsoft Remote Desktop Licensing service / TermServLicensing occupied port 1541 & prevented another critical 3rd party service from starting.
Is there a way to customize/limit/set the port of TermServLicensing service to a particular port/range of ports to prevent that situation from happening once again?
I wasn't able to find any info here: https://social.technet.microsoft.com/wiki/contents/articles/16164.rds-2012-which-ports-are-used-during-deployment.aspx#Remote_Desktop_Licensing_Server
Thanks!
↧