Hi,

I installed rds on a Windows Server 2016 and a Remote Desktop Application (exe)

User are in remote desktop user group.

The user is allowed to start an rds application through a rdp file from a client  computer.

The User is not allowed to  Logon to the desktop of the server.

I need a script/ mechanism which check's weather (1) the User logon via starting  my application or (2) logon on Windows desktop.
In Case the user starts to logon the desktop (2) if have to refuse/stop/hinder the logon

(i see, that in case the user logon starting my application(1), rdshell.exe ist running)
Perhaps there are other, easier indicators for deciding where the Logon comes from.

Any ideas?

Thank you in advanced

I have the following:

RDS Gateway = Windows 2016

TS server = Windows 2008 R2

TS Server2 = Windows 2016

I get into the RD webpage without issue, there lies 2 RDP published apps pointing to 2 different servers.

When the icons are launched and authentication box appears, domain credentials are put in, and the error stated below comes up.

End users can access the gateway without issue, when they select the TS Server RDP icons they get the following error:

RemoteApp Disconnected - Your computer can't connect to the Remote Desktop Gateway server. Contact your network administrator for assistance.

The TS connection is set to maximum, everything else is set correctly to. I have read all the articles I can find and it has not resolved the issue, is there something I am missing?

Hello,

I am currently evaluating RemoteApp to deliver applications to our roaming users. It is working well.

However, whenever user reconnects, it creates a new session rather than hooking up to a disconnected session. My requirement is that till the time a disconnected session does not end, user must reconnect to their corresponding disconnected sessions only.

I have tried configuring following Group Policy Settings on the Session Host Server, but could not achieve the objective:

• Automatic reconnection = Enabled
• Configure keep-alive connection interval = 30 mins
• Restrict Remote Desktop Services users to a single Remote Desktop Service session = Enabled

Request if someone can guide me about some missing configuration to achieve the objective.

Thanks,

Amit Jogi

Hello everyone,

I am trying to figure out the easiest way to allow more than 2 RDP sessions at a time on my Windows 2016 Server Standard. I have tried using the google to help, but there are so many suggestions and 90% of them result in the original poster disappearing so I don't know the best way to accomplish this. I don't need anything extravagant setup, I just need more than 2 people to be able to rdp into the server at the same time.

Any help would be appreciated.

Thanks,

Hi all,

We have made a RDS Farm to deploy a Virtual App. After configuring the roles, we have this structure:

• server1 - RDBroker/RDGateway/RDWeb access
• server2 - RDBroker/RDGateway/RDWeb access
• server3 - RDLicensing/RDSH
• server4 - RDLicensing/RDSH
• server5 - RDSH

server 1 and 2 are in DMZ VLAN, and server 3, 4 and 5 in midd VLAN. To publish our public DNS, we use a pool into VIP F5 that balance the connections with Round Robin mode and assign a static public IP to this DNS.

All roles are in HA: RD bróker have a DNS RR register with the server 1 and 2 IP, RDGateway is duplicated on both servers, RD Web Access and IIS is installed on both servers and the RDSH role is blanacing via RDBokrer service.

The question is: Is possible to check the health status of every role (RD Gateway, RD Bróker and RD Web Access) to remove of the F5 pool the machine when some role is out of service in a server1 or 2 ?

Thanks!

Gerardo,

System Administrator

I have a Hyper-V virtual machine running on a Windows Server 2012 host. I have outside users that RDP into the virtual machine.

Yesterday, a couple users (including me) started getting an Internal Error when trying to connect to the VM after entering password.

I did some testing and noticed that I was able to connect only very rarely. The majority of the times, RDP would give me that error. I restarted the physical server and today, nearly all of our users are experiencing the issue.

Interestingly, when I use the FQDN of the VM or its internal IP in the RDP panel, there is no issue. It only seems to happen when using the DNS name or outside IP address.

We have a backup virtual machine on the same server that is basically a clone of our main VM. This one is working fine with no issues.

Checking the Event Logs after failing to connect, I see:
Security Log:
2 instances of the below three events:
Event ID 4672 Special privileges assigned to new logon.
Event ID 4624 An account was successfully logged on.
Event ID 4634 An account was logged off. (This is immediately after the logon event.)

RemoteDesktopServices-RdpCoreTS Log:
3 instances of the below events:
Event ID 131 The server accepted a new TCP connection from client *ip address*
Event ID 65 Connection RDP-Tcp#3 created
Event ID 102 The server has terminated main RDP connection with the client.

Solutions tried:
Restarting VM
Restarting entire server
Removing VM from domain and re-joining
Lowering MTU on VM
Removing and Reinstalling Remote Desktop Gateway service on VM
Restoring a backup image from before this error started happening (the error happens now on the old image as well)

Both the main and backup VMs have the same settings in our firewall.

Hi,

I working in testlab, testing scenarios on upgrade of RDS farm 2012 to 2016.
I removed all RDCB exepct one, did in-place upgrade which completed successfully.
Tested everything and all worked OK.

Then I did in-place upgrade of second RDCB, which completed ok.
After that I did add second upgraded RDCB to deployment.

After that I'm having problems with accessing recoursed on RdWeb.
Clicking on icon in rdweb window I got error that says:
"Your Computer can't connect to the remote Computer because of the Connection Broker couldn't validate the settings specified in your RDP file. Contact your network administrator for assistance".
Event log on second RDCB gives error on TerminalServices-SeesionBroker hive, Event 802:
"RD Connection Broker failed to process the connection request for user *****
Farm name specified in user's RDP file (hints) could not be found.
Error: The farm specified for the connection is not present."

I removed one DNS record of RoundRobin which was added second to RDS farm and I reestablished that RDS farm is working ok.
But I'm not able to find root cause of the problem, which involves second upgraded RDCB server.

Has someone have a clue what is wrong here?

Hi.

Environment:

• Windows Server 2016
• RDS Remote Apps
• Office 2016 - MSI Installation
• Windows 10 Enterprise v1803 clients

The Outlook window dissaperars or looses focus when the cursor is moved between e-mails or tasks. Resulting in the application behind Outlook showing instead.

The problem is sporadic and it does not matter what window is behind Outlook. PDF reader, Excel, etc...

The video below shows the problem.

Remember: In the video the user is only moving the mouse cursor. No mouse clicks and no keyboard keys are in play here.

https://streamable.com/5am7k 

./ Lars Olsen

I deployed several collections and started using user profile disks with Windows server 2016. I am running into an issue when it comes to mounting a user profile disk of one of our employees. The disk mounts just fine but access is denied to the administrator. Is there a best practice for user profile disk maintenance through the administrator? What can I do to grant access to the administrator for every user profile disk in any of my collections.

Thanks!!

Hi,

I have special circumstances where I need to connect (RDP using MSTSC) to a Windows server that enforces RDP over TLS, but without NLA (enablecredsspsupport:i:0 in the RDP file, the server allow this).

On some clients (I saw this only with Windows Server 2012 R2 clients) I'm getting the following error: "The connection cannot proceed because authentication is not enabled . . .".

The only thing I found online was to change the authentication level, which didn't help.

I analyzed the traffic using Wireshark and I believe the problem is with the RDP negotiation, where the client sends a list of it's supported security protocols. If I connect from the same client with NLA (enablecredsspsupport:i:1) I get this:

requestedProtocols:
    .... .... .... .... .... .... .... ...1 = TLS security supported: True
    .... .... .... .... .... .... .... ..1. = CredSSP supported: True
    .... .... .... .... .... .... .... 1... = Early User Authorization Result PDU supported: True

But if I connect with enablecredsspsupport:i:0 I get this:

requestedProtocols:
    .... .... .... .... .... .... .... ...0 = TLS security supported: False
    .... .... .... .... .... .... .... ..0. = CredSSP supported: False
    .... .... .... .... .... .... .... 0... = Early User Authorization Result PDU supported: False

Where I would expect this (I do get this with some clients):

requestedProtocols:
    .... .... .... .... .... .... .... ...1 = TLS security supported: True
    .... .... .... .... .... .... .... ..0. = CredSSP supported: False
    .... .... .... .... .... .... .... 0... = Early User Authorization Result PDU supported: False

It seems like for some reason disabling CredSSP on the client also disables TLS.

I would appreciate if someone could help me figure out what's happening.

Thanks,
Gabriel

Hi,

I'm sure this has been asked many times before, and I'm probably just missing something simple but we've built a new RDS 2016 system consisting of 2 Connection Brokers and a few RDS Hosts which will be used for plain Remote Desktops. 

Clients are getting certificate warnings when connecting as the DNS name for the farm (RDSFARM.domain.com) is different to the host name on the self-signed certificate which is presented. We have a wildcard cert which we could use, in place of a SAN certificate, but I'm unsure where we configure this. 

In the RDS Server Manager, you can configure the RD Conncection Broker for SSO, Publishing, Web Access and RD Gateway but these aren't related to what I'am talking about are they? 

I've also tried putting this wildcard cert into the RDS system certificate store and removing the self signed cert, but no luck doing that. So what is the right way to configure this? 

Thanks in advance, 

Dave

I have a Server 2008 R2 Enterprise system acting as a RDSH server in a vSphere 4.1 Advanced cluster environment.  This server experiences intermittent lock-ups during business hours.  I am posting in the RDS (TS) forum because I believe the problem relates specifically to it being an RDSH server.  The problem has occurred at inconsistent intervals, with about 30 instances over the last six months.  It consistently occurs during use by end-users.

More info about the environment:

• 2008 R2 domain running all R2 DCs at 2008 domain and forest level
• HP ProLiant DL360 G7 hardware running ESXi 4.1 in vSphere 4.1 Advanced cluster
• HP StorageWorks P2000 G3 SAN utilizing 10K and 15K SAS 6.0gbps DP drives over Brocade FC switches
• Almost entirely HP printers installed on server, with a couple of others.  Most printers are HP LaserJet 2420s using PCL5 and PCL6 drivers.
• Clients are mixed between XP, Vista, 7 and thin clients based on CE, HP ThinPro (Linux), and WES 2009.  All desktops fully patched.
• The server runs Office 2007, Chrome (multi-user install),  Firefox, IE9, a proprietary LoB application, AVG Antivirus 2012, ShadowProtect, Adobe Reader, Flash, Java, Sonicwall Terminal Services Agent, and uses Desktop Experience to provide a full Aero environment where possible.
• When the system locks up, all network communication and VMWare Tools heartbeats cease.  On the vSphere console, we are able to issue Ctrl + Alt + Del at the login prompt, which causes the "Press Ctrl + Alt Del" message to go away, as if it is about to prompt for username and password, but it never does.
• Device redirection is disabled
• The server has four vCPUs and 12GB of RAM assigned to it; it has had between 20 and 50 concurrent users at the time of the crashes

Looking at Event Viewer, there is no one, consistent set of events in any logs that can be correlated to the crash.  However, there are several events that can be tied to different crashes.

Set1:

WinLogon 6005

The winlogon notification subscriber <Sens> is taking long time to handle the notification event (Disconnect).

Sevice Control Manager ID 7011

A timeout (120000 milliseconds) was reached while waiting for a transaction response from the SessionEnv service.

DCOM 10010

The server {AAC1009F-AB33-48F9-9A21-7F5B88426A2E} did not register with DCOM within the required timeout

Set2: 

Event ID 1000, Interactive Services Detection
A device or program has requested attention. Device or application: C:\Windows\System32\spoolsv.exe. Message title: \\CSR|[HOSTNAME of PRINT SERVER & DC]\{94AFF4B1-B79E-4BA3-B27C-179216BCC082},LocalsplOnly Document Properties

2:00:11
Event ID 7036, Service Control Manager
The Windows Error Reporting Service service entered the running state.

Numerous Event ID 602.

_______________________________________________________________

After much research, we've been led to believe the issue might be caused by problems with HP printers.  This HP thread is relevant:

http://h30499.www3.hp.com/t5/Print-Servers-Network-Storage/64-Bit-HP-BiDi-Channel-Components-Installer/td-p/1085299

However, we were able to resolve BiDi component issues.  Currently, we still get 602, and I noticed there were some driver problems on some of the printers (wrong driver).  I also read an anecdotal report that reverting to PCL 5 can help:

http://forums.citrix.com/thread.jspa?threadID=261933&start=15&tstart=0

I have not yet done this driver change.  I did apply the hotfix found in KB2457866

VMware Tools, Windows, and the HP hardware have been updated recently.  All software except the custom LoB app is in use at our other clients on 2008 R2 servers in vSphere, and we do not have this problem anywhere else.  This environment has nine other 2008 R2 Standard and Enterprise systems running on the vSphere cluster without issues.  The printers are served from a domain controller that does not experience issues.

While I intend to apply some printer driver updates and revert to PCL5, I am posting this in the hopes someone can give us another direction.  I am not 100% convinced this is caused by printer issues, since I cannot always correlate printing to the crashes.  I have reviewed several different Technet, Citrix, and HP forum threads with some similarities in symptoms, but none are quite the same.  At this point the print drivers and custom LoB software are the primary suspects, but I'm open to more lines of troubleshooting.

Is there any build in function from Microsoft to remove the right click option on the start button for my Terminal users, as they don't have to see all the option there?

And I think I have closed all down in GPO, but they are still able to open Event viewer and Network connection and worst, my computer management, where I can see they have the option for example, to remove under device manager?

Can it be possible that Microsoft hasn't think of this, as a problem for their own Terminal solution?

I don't find an documented answer to this question, but when using RDS through Azure Web Proxy, you are tied to legacy RPC-HTTP, right? UDP is not supported?

Hello all,

I have setup a "loadbalancer" (Server 2016 with the RD Connection Broker,RD Gateway, RD Licesing and RD Web Accessroles).
We have 2 "workers" with the RD Session Host role installed.

When using mstsc.exe to connect to the collection, everything is working fine (using a gateway) but when trying to start the desktop or a published app via RDWeb, it's connecting to the loadbalancer instead of to the collection (one of the brokers).
The users then get an error that they don't have rights to connect to the loadbalancer (obviously).

Where could this error come from?

hi, i just got a lenovo yoga which has a 3200x1900 resolution screen.  rdp does not render the desktop big enough on a high resolution screen and is unusable.  I was happy to find rdcm 2.2 handles the high resolution fine. but when i upgraded to rdcm 2.7, the remote desktop is much to small to be usable again.

  I have played with resolution setting in rdp/rdcm but the problem is the desktop icons are just too small.  I finally back-rev'd to 2.2

does anyone know how i can report this bug to the developer?  or if you know of a way to make 2.7 it work on high resolution screen....

thanks in advance

to be clear, the problem is that on a 3200x1900 screen, the size of the icons in the rdp session is so small its hard to read them.  if i play around with the rdp resolution, i am only making the desktop bigger or smaller, the icons are not scaling to that.  This is different in rdcm 2.2.  in 2.2, the icons are scaled up on a large desktop, making them usable.

Tony Guadagno

I currently have 2008R2 TS server. I have purchased new RDS cals for 2019 and a server license.

I have the RDS cals installed on the license server ok.

What roles do I need to install for RDS. I have selected the quick setup for RDS in Add Roles Features but this installed Remote Apps and Web Gateway.

I dont require these roles, I would just like a Sessions host server as it will be internal only for around 10 users.

Is this possible? Can the apps and gateway be removed?

Many thanks

Using Group Policy Editor, I have added Administrators into Computer Configuration\Windows Settings\Local Policies\User Rights Assignment\Deny access to this computer from the network. This is to make sure that file sharing users cannot bypass the NTFS rights. However, I want members of the Administrators group to be able to login interactively using Remote Desktop. It works from Windows PCs, but not from Microsoft RD Client for Android, where I get the following error message:

• We couldn't connect to the remote PC because the admin has restricted the type of logon that you may use. Ask you admin or tech support for help. Error code: 0x1307

I can connect from Android only if I remove that policy.

Any ideas?