Hi,

did not find a clear answer for my question on the Microsoft Websites.

I would only install the RDS Gateway Role one internal server and publish this over the tmg, so i can use this RDS Gateway to make an RDP (Admin) Session to another internal server.
I will not use the rds terminal server role /session breaker.

Do i need RDS Licensen Server and RDS CALs?

When upgrading our environment to Windows Server 2012 we experienced really slow RDP functionality towards these servers.

The sessions connected fine but the update frequency were extremely slow.
If one would log off, wait 20 seconds and log on again, the sessions would work just fine most of the time. In some cases this has to be repeated to get a working session.
If the server was restarted, the slow session returned and the above had to be repeated to get the sessions working..

So.. what the heck had happened??

With Server 2012 we had decided to start out with Microsofts Security Baseline for 2012, included in the Microsoft Security Baseline, as a base to get up to speed quickly.

Without the security baseline applied RDP works just fine. With the baseline applied, the above slowness appears.
When troubleshooting, the cause of this evil was identified (behold, for those faint of heart - stop reading now):

Under Local Policies/Security Options:
Use FIPS compliant algorithms for encryption, hashing, and signing - This was set to enabled.
If this policy is disabled, the RDP sessions works just fine..

We spent quite some time troubleshooting this and I wanted to share the annoying fact that Microsofts recommended security baseline was actually the cause of this. :(
I hope this is of help to others!

I'm a bit unclear about one specific vulnerability about Remote Desktop (CVE-2005-1794).  Microsoft knowledge base does not seem to address it well.  Basically the description of the vunlnerability from Mitre is:

"Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, which allows remote attackers to spoof public keys of legitimate servers and conduct man-in-the-middle attacks."

I understand that there is no patch for this vulnerability on 5.2.  My guess is this may be a false positive from my VA appliance for the following reasons because windows does not report the version of the Remote Desktop Protocol Terminal Services and thus, the VA scanner would think the version is still 5.2. 

However, I would like to know was this vulnerability fixed in 6.0 and beyond?  There's nothing on the Microsoft website that says it was fixed.

Also, what would be the best way to check the version on my machine?  What I'm doing right now is checking the termsrv.dll and looking for the version under properties.  Would that be sufficient?

Greetings!

I just got a new machine with Win10 Enterprise and I am trying to set it up to support multiple instances of simultaneous Remote Desktop Connections. I also have the required CALs for RDS. But I am struggling to set it up on Win10 Enterprise Environment. So far I was not able to find any guide online or etc. For Win Server the process in quite straight forward by using the Server Manager. However on Enterprise I can not for whatever reason make a local server for Remote Desktop Services. If someone can provide me with step-by-step instructions of how to do it, - would be great!

Thanks!

We attempted a stress load on our server and found users unable to join. The RDS would blackscreen and drop. It happened after 8 users had joined. The performance also was dropping as each connection stacked and after we saw the Event Viewer had 450+ Critical Error 1000 with dwm.exe dwmcore.dll crashing.

HP Dl380 Gen9

2x Xeon E5-2697 v3

192GB Ram

Nvidia Quadro M6000 24GB (Current Driver) RemoteFX enabled

Windows Server 2016

Bare-Metal RD Terminal Sessions

We currently have a similar environment with 2012R2 without a problem,

Hello everyone,

We are having the "can't connect, RD Gateway server temporarily unavailable" on RDWeb, only when accessed externally. Internally, the same external URL works. Server 2016.

This feature was working externally some time ago and we are not sure of what exactly broke it.

BPA's only warning is:

"The RD Gateway server SSL certificate must be configured with a valid certificate subject name

Severity: Warning

Problem:
The Remote Desktop Gateway (RD Gateway) server Secure Sockets Layer (SSL) certificate may not have a valid certificate subject name.

Impact:
If the RD Gateway server is configured to use an SSL certificate with a certificate subject name that is not valid, users cannot connect to internal network resources (computers) through the RD Gateway server.

Resolution
Use the RD Gateway Manager tool to select a valid SSL certificate for the RD Gateway server to use."

We have tried other certificates and the result is the same. All other certificates are also ok, they are valid and were made from Let's Encrypt.

Any help will be highly appreciated!

I installed windows server 2016 for a small company, so I don't need to have domain controller on this installation and for RDS I only needRD Licensing and RD Session Host roles. But only with that roles theres is no Remote Desktop Gateway which is used in many tutorials to install SSL certificate on terminal server (like here: https://ryanmangansitblog.com/2013/03/27/deploying-remote-desktop-gateway-rds-2012/).

So to conclude, I just don't have interface of Remote Desktop Gatewayto install SSL certificate.

Is there any workaround to deal with it and install SSL cert on my RDS?

Just started experiencing this out of the blue today.

Connecting to server 2012 virtual machine with latest RDP program.

RDP users (including me) seem to suddenly be unable to connect to the server intermittently.

Getting the below error messages on several tries. Sometimes it will ask for password and connect normally.

Event viewer shows many instances of:
RemoteDesktopServices-RdpCoreTS
The server security layer detected an error (0x80090308) in the protocol stream and the client (Client IP:XXX.XXX.XXX.XXX) has been disconnected.
EventID 139
User: NETWORK SERVICE
OpCode: ProtocolExchange
Task Category: RemoteFX module

Hello,

We have Remote Desktop Services installed on a server and currently I am in the process of changing the certificate to a more secure one - this works just fine if I import the certificate via MMC and remove the older one. The problem is, Windows decides to reinstate the old certificate every time the server is rebooted. Granted, this shouldn't be often, however the plan is to upgrade the certificate on many RD servers, and so this automatic replacement of the certificate I want to instate will become unmanageable.

Is there any way to prevent Windows from automatically instating its own certificate, so that the one I have imported will always be used?

As I have said, if I replace the certificate and leave the server on - it works perfectly, it's only a reboot that seems to reset things.

Rory Fewell

(CCNA, MOS)

Windows Server 2012 and Networking Fundamentals Apprentice

Visit my site!

View me on GitHub!

Hello

We have 2 RDS License server in the domain with 40 Per User CAL on each server with OS Windows Server 2016 DataCenter. and we have GPO in place as well point RDS license server But only one RDS License server is allocating the licenses. Second server is not allocating. 

Both server are activated for RDS license.

Need help in this.

Thanks & Regards,

Sapan Shah

Hello, I just setup a RDS licensing server on Server 2016. I got it setup and it appeared to be working so I signed in with a test account and it worked. However I noticed that I now have only 19 of 20 RDS licenses left. Does this mean it assigned a license to my test user and that only that user can use it? If so is there a way to un assign it and allow it to be used by an actual user?

If this is the case what happens when an employee quits is their license just gone?

Thank you

Hi all

I am in the process of migrating users out of an RDWeb environment and would like to see if there are any users still connecting with the RDWeb URL

Does anyone know of some sort of powershell script to determine which users are connecting via Web URL and which users are connecting via RDP?

Scope of this is that out of dozens of accounts that work fine for rdwc sessions, there are two that do not.  The connection starts but within a few seconds fails with, user facing side, 'we couldn't connect to gateway because of an error.'  When running a capture, the key error appears to be:

Any pointers in the right direction, or if anyone else has seen these errors, would be much appreciated!

I have a user that, when she logs into Terminal Server (W2K3,) she gets a message that a program cannot run.  The program was actually a virus, (the somethingorother Fortress AV virus,) and all of it has been cleaned off, but the virus was originally evoked by doing a rundll32 on login to a certain dll.  I cannot find the rundll32 setting in the registry that is causing this.  In a PC, it would be under Run in the registry.  My question is:

Where are the locations a user could have a program "autorun" upon signing in IN A TERMINAL SERVER?  And only on a user-by-user basis - this is not an issue for any other users, it is unique to THIS user.  So, no GPO suggestions, or other global locations - I only need the locations where an individual user might have something auotrun.

Thanks in advance for any help on this!

Hello, 

I have two HA broker and RDSFARM DNS entry as round robin that points to two broker servers.

I am getting "Load Virtual Machine.." message for at least 30 secs when I am redirected to second broker but first broker has no issue. I do not have Virtualization Host role in my servers.

Did some body have this issue before?

Thanks

Hello Friends, 

i have deployed new RDSH 2019 farm with 2019 RD Web , Gateway & Broker server farm in my local infrastructure. we have couple of user who are still on Windows 7 SP1, but when they try to access  new 2019 RDSH farm they are not able to access with warning as below.

my Windwos 7 computer is fully updated and  i have also applied  RDS version 8.1 to my windows 7 computer. still no luck, let me know if any one else is facing simile issue.  

Thank you, 

@mar



RDS 2012 R2 with a GW. We were using a reg edit to publish a users full desktop on the server. Friday, that published full desktop is not working like it use to via remoteapp. I'm not sure if a server windows update or client windows update overwrote the reg edit or not but when I look in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\CentralPublishedResources\PublishedFarms\collectionname\RemoteDesktops\collectionname, the key is no longer in the server registry. I used this reg edit:

http://www.garethjones294.com/publishing-full-desktops-and-remoteapps-on-a-single-server-server-2012-r2-rds/

Hi

I have setup a Windows Server 2016 RDS Server with Certificate as,

• RD Connection Broker - Enable Sign on - Trusted - OK
• RD Connection Broker - Publishing - Trusted - OK
• RD Web Access - Trusted - OK
• RD Gateway - Trusted - OK

It works well , I can start the RD Web Access without any error.. but when I trying add RemoteApp in clients Desktop, I got Error messages about Security Certificate.

How will I do to fix that ?

Please help me

----- S-O-K-O-B-A-N -----

We have several users that remote in from their Windows 10 PC's in Sydney, Australia to a Windows Server 2008 R2 located in Auckland, New Zealand.

I've had in the past users report that they would get "An internal error has occurred" message, but would work after a reboot.

I am having it happen on a daily basis to another user now, and rebooting doesn't help. Re-creating his local PC profile fixes it at times, and other times re-creating his profile on the server side fixes it.

This has become a huge annoyance as no one wants to have to re-create a profile on a daily basis. I am adding below the error seen on the server side and the warnings seen on the client side.

Any ideas on how to fix this would be greatly appreciated. Thanks in advance!!

This is the error that I see on the server logs every time:

Log Name:      Microsoft-Windows-TerminalServices-LocalSessionManager/Operational
Source:        Microsoft-Windows-TerminalServices-LocalSessionManager
Date:          5/06/2019 9:33:53 a.m.
Event ID:      20
Task Category: None
Level:         Error
Keywords:      
User:          SYSTEM
Computer:      (erased for security purposes)
Description:
Attempt to send connect message to Windows video subsystem failed. The relevant status code was 0xd0000001.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-TerminalServices-LocalSessionManager" Guid="{5D896912-022D-40AA-A3A8-4FA5515C76D7}" />
    <EventID>20</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x1000000000000000</Keywords>
    <TimeCreated SystemTime="2019-06-04T23:33:53.729408700Z" />
    <EventRecordID>142380</EventRecordID>
    <Correlation />
    <Execution ProcessID="624" ThreadID="916" />
    <Channel>Microsoft-Windows-TerminalServices-LocalSessionManager/Operational</Channel>
    <Computer>(erased for security purposes)</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <UserData>
    <EventXML xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="Event_NS">
      <messageName>connect</messageName>
      <errorCode>0xd0000001</errorCode>
    </EventXML>
  </UserData>
</Event>

These are the errors that come up on the local/client PC:

Warning 1:

Log Name:      Microsoft-Windows-TerminalServices-RDPClient/Operational
Source:        Microsoft-Windows-TerminalServices-ClientActiveXCore
Date:          5/06/2019 9:32:24 AM
Event ID:      226
Task Category: RDP State Transition
Level:         Warning
Keywords:      
User:          (deleted for security)
Computer:      (deleted for security)
Description:
RDPClient_TCP: An error was encountered when transitioning from TcpStateFrontAuth to TcpStateFailure in response to TcpEventFrontAuthFailed (error code 0x0).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-TerminalServices-ClientActiveXCore" Guid="{28AA95BB-D444-4719-A36F-40462168127E}" />
    <EventID>226</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>104</Task>
    <Opcode>19</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime="2019-06-04T23:32:24.946716600Z" />
    <EventRecordID>364</EventRecordID>
    <Correlation ActivityID="{3ED9A1E0-AEB2-4F3F-BA4A-DAE52B2E0000}" />
    <Execution ProcessID="3264" ThreadID="6340" />
    <Channel>Microsoft-Windows-TerminalServices-RDPClient/Operational</Channel>
    <Computer>(deleted for security)</Computer>
    <Security UserID="S-1-5-21-4249852208-4238076462-3618392913-22309" />
  </System>
  <EventData>
    <Data Name="StateTransitionName">RDPClient_TCP</Data>
    <Data Name="PreviousState">2</Data>
    <Data Name="PreviousStateName">TcpStateFrontAuth</Data>
    <Data Name="NewState">13</Data>
    <Data Name="NewStateName">TcpStateFailure</Data>
    <Data Name="Event">7</Data>
    <Data Name="EventName">TcpEventFrontAuthFailed</Data>
    <Data Name="Error Code">0</Data>
  </EventData>
</Event>

Warning 2:

Log Name:      Microsoft-Windows-TerminalServices-RDPClient/Operational
Source:        Microsoft-Windows-TerminalServices-ClientActiveXCore
Date:          5/06/2019 9:33:27 AM
Event ID:      226
Task Category: RDP State Transition
Level:         Warning
Keywords:      
User:          (deleted for security)
Computer:      (deleted for security)
Description:
RDPClient_SSL: An error was encountered when transitioning from TsSslStateHandshakeInProgress to TsSslStateDisconnecting in response to TsSslEventHandshakeContinueFailed (error code 0x80004005).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-TerminalServices-ClientActiveXCore" Guid="{28AA95BB-D444-4719-A36F-40462168127E}" />
    <EventID>226</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>104</Task>
    <Opcode>19</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime="2019-06-04T23:33:27.476917000Z" />
    <EventRecordID>369</EventRecordID>
    <Correlation ActivityID="{BC314134-857F-456C-907B-6FE816510000}" />
    <Execution ProcessID="3264" ThreadID="6340" />
    <Channel>Microsoft-Windows-TerminalServices-RDPClient/Operational</Channel>
    <Computer>(deleted for security)</Computer>
    <Security UserID="S-1-5-21-4249852208-4238076462-3618392913-22309" />
  </System>
  <EventData>
    <Data Name="StateTransitionName">RDPClient_SSL</Data>
    <Data Name="PreviousState">3</Data>
    <Data Name="PreviousStateName">TsSslStateHandshakeInProgress</Data>
    <Data Name="NewState">10</Data>
    <Data Name="NewStateName">TsSslStateDisconnecting</Data>
    <Data Name="Event">8</Data>
    <Data Name="EventName">TsSslEventHandshakeContinueFailed</Data>
    <Data Name="Error Code">2147500037</Data>
  </EventData>
</Event>

Warning 3:

Log Name:      Microsoft-Windows-TerminalServices-RDPClient/Operational
Source:        Microsoft-Windows-TerminalServices-ClientActiveXCore
Date:          5/06/2019 9:35:06 AM
Event ID:      226
Task Category: RDP State Transition
Level:         Warning
Keywords:      
User:          (deleted for security)
Computer:      (deleted for security)
Description:
RDPClient_SSL: An error was encountered when transitioning from TsSslStateDisconnected to TsSslStateDisconnected in response to TsSslEventInvalidState (error code 0x8000FFFF).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-TerminalServices-ClientActiveXCore" Guid="{28AA95BB-D444-4719-A36F-40462168127E}" />
    <EventID>226</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>104</Task>
    <Opcode>19</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime="2019-06-04T23:35:06.985818100Z" />
    <EventRecordID>382</EventRecordID>
    <Correlation ActivityID="{FE1FD2F3-7DF2-426F-B2AE-798845CA0000}" />
    <Execution ProcessID="10060" ThreadID="12260" />
    <Channel>Microsoft-Windows-TerminalServices-RDPClient/Operational</Channel>
    <Computer>(deleted for security)</Computer>
    <Security UserID="S-1-5-21-4249852208-4238076462-3618392913-22309" />
  </System>
  <EventData>
    <Data Name="StateTransitionName">RDPClient_SSL</Data>
    <Data Name="PreviousState">0</Data>
    <Data Name="PreviousStateName">TsSslStateDisconnected</Data>
    <Data Name="NewState">0</Data>
    <Data Name="NewStateName">TsSslStateDisconnected</Data>
    <Data Name="Event">25</Data>
    <Data Name="EventName">TsSslEventInvalidState</Data>
    <Data Name="Error Code">2147549183</Data>
  </EventData>
</Event>