Hi Guys,

I try to deploy a new virtual desktop collection with Win8 VDI's (pooled/managed) based on a custom answer file. Everything needs to automated so working with the server manager is not an option, that's why the answer file is needed.

The lab environment is based on Windows Server 2012 and Win8 Enterprise only. So functional level etc. is off course Windows Server 2012.

I Use the following command:

New-RDVirtualDesktopCollection `
-CollectionName "Pooled Managed Win8" `
-Description "This collection contains Pooled and Managed Win 8 VDI machines." `
-OU "VDI" `
-ConnectionBroker "RDSCB01.lab.local" `
-PooledManaged `
-CustomSysprepUnattendFilePath "\\hyper02\_Unattend\OOBE-only.xml" `
-VirtualDesktopAllocation @{"hyper02.lab.local"=3} `
-VirtualDesktopNamePrefix "Pooled-Win8-" `
-UserGroups "lab.local\domain users" `
-MaxUserProfileDiskSizeGB 1 `
-VirtualDesktopTemplateHostServer "hyper02.lab.local" `
-VirtualDesktopTemplateName “_WIN8-Template” `
-UserProfileDiskPath "\\hyper02.lab.local\_UserProfileDisks" `
-StorageType LocalStorage `
-LocalStoragePath "E:\_VDI" `
-Force `
-Debug

$error[0]|format-list -force

I tried multiple answer files, but even with this simple one it fails:

<?xml version="1.0" encoding="utf-8"?><unattend xmlns="urn:schemas-microsoft-com:unattend"><settings pass="oobeSystem"><component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><InputLocale>en-US</InputLocale><SystemLocale>en-US</SystemLocale><UILanguage>en-US</UILanguage><UILanguageFallback>en-US</UILanguageFallback><UserLocale>nl-NL</UserLocale></component><component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><UserAccounts><AdministratorPassword><Value>UABhAHMAcwB3AG8AcgBkACEAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBQAGEAcwBzAHcAbwByAGQA</Value><PlainText>false</PlainText></AdministratorPassword><LocalAccounts><LocalAccount wcm:action="add"><Password><Value>UABhAHMAcwB3AG8AcgBkACEAUABhAHMAcwB3AG8AcgBkAA==</Value><PlainText>false</PlainText></Password><Description>Admin</Description><DisplayName>Admin</DisplayName><Group>Administrators</Group><Name>Admin</Name></LocalAccount></LocalAccounts></UserAccounts><OOBE><HideEULAPage>true</HideEULAPage><HideLocalAccountScreen>true</HideLocalAccountScreen><HideOEMRegistrationScreen>true</HideOEMRegistrationScreen><HideOnlineAccountScreens>true</HideOnlineAccountScreens><HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE><NetworkLocation>Work</NetworkLocation><ProtectYourPC>3</ProtectYourPC><SkipMachineOOBE>true</SkipMachineOOBE><SkipUserOOBE>true</SkipUserOOBE></OOBE></component></settings><cpi:offlineImage cpi:source="wim:d:/=%20software/iso&apos;s/lic/en_windows_8_enterprise_x64_dvd_917522/sources/install.wim#Windows 8 Enterprise" xmlns:cpi="urn:schemas-microsoft-com:cpi" /></unattend>

Everything goes fine, until is comes to the deployment of the VDI machines and the answer file is called. It fails with the following error:

PS N:\> \\dc01\isos\New-VirtualDesktopCollection.ps1
Unable to retrieve the details of the virtual desktop collection.+ CategoryInfo          : WriteError: (:) [Start-RDVMRollout], RDManagementException+ FullyQualifiedErrorId : StartRDVirtualMachineRollout,Microsoft.RemoteDesktopServices.Management.Cmdlets.StartRDVirtualMachineRo 
   lloutCommand+ PSComputerName        : localhost

CollectionName    Type              Size       PercentInUse   
--------------    ----              ----       ------------   
Pooled Managed... PooledManaged     0          0              




writeErrorStream      : True
OriginInfo            : localhost
Exception             : System.Management.Automation.RemoteException: Unable to retrieve the details of the virtual desktop 
                        collection.
TargetObject          : 
CategoryInfo          : WriteError: (:) [Start-RDVMRollout], RDManagementException
FullyQualifiedErrorId : StartRDVirtualMachineRollout,Microsoft.RemoteDesktopServices.Management.Cmdlets.StartRDVirtualMachineRolloutCo
                        mmand
ErrorDetails          : 
InvocationInfo        : 
ScriptStackTrace      : 
PipelineIterationInfo : {}
PSMessageDetails      : 

Without the answer file parameter is runs perfectly, BUT the VDI machines get the OOBE.... That's not what we want off course....

This link (http://support.microsoft.com/kb/2747656?wa=wsignin1.0) and other sources tell me that when i set the regkeys i can find a log in c:\windows\logs, but there is nothing. I looked on the management server and the connection broker.

The only thing i could find in the event viewer was this:

The XML input specified for the VM Provisioning job is not in a valid format. Error: 0xC00CEE03
Input XML:
<?xml version="1.0"?><rdvp:RDVProvisioning xmlns:rdvp="http://www.microsoft.com/rdv/2010/05/"><rdvp:ProvisionPoolRequest><rdvp:Job><rdvp:Action>Create</rdvp:Action><rdvp:OnError>Stop</rdvp:OnError></rdvp:Job><rdvp:Pool><rdvp:Name>Pooled_Managed_W</rdvp:Name><rdvp:Type></rdvp:Type><rdvp:VhdType>DiffDisk</rdvp:VhdType><rdvp:SaveDelay></rdvp:SaveDelay><rdvp:Version></rdvp:Version><rdvp:MARK_HA>No</rdvp:MARK_HA></rdvp:Pool><rdvp:Vm><rdvp:BaseVmLocation>\\RDSCB01\RDVirtualDesktopTemplate\Pooled_Managed_W\IMGS\__3</rdvp:BaseVmLocation><rdvp:LocalVmCreationPath>E:\_VDI</rdvp:LocalVmCreationPath><rdvp:LocalGoldCachePath></rdvp:LocalGoldCachePath><rdvp:SMBShare></rdvp:SMBShare><rdvp:EnableVmStreaming>0</rdvp:EnableVmStreaming><rdvp:RunVMsFromSMB>0</rdvp:RunVMsFromSMB><rdvp:NamingPrefix>Pooled-Win8</rdvp:NamingPrefix><rdvp:NamingStartIndex>1</rdvp:NamingStartIndex><rdvp:Domain>lab.local</rdvp:Domain><rdvp:OU>OU=VDI,OU=Computers,OU=Kamer 2101,DC=lab,DC=local</rdvp:OU><rdvp:ProductKey></rdvp:ProductKey><rdvp:UnattendXml><![CDATA[<?xml version="1.0" encoding="utf-8"?> <unattend xmlns="urn:schemas-microsoft-com:unattend">     <settings pass="oobeSystem"> 		<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">             <OOBE>                 <HideEULAPage>true</HideEULAPage>                 <HideLocalAccountScreen>true</HideLocalAccountScreen>                 <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>                 <HideOnlineAccountScreens>true</HideOnlineAccountScreens>                 <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>                 <NetworkLocation>Work</NetworkLocation>                 <ProtectYourPC>3</ProtectYourPC>                 <SkipMachineOOBE>true</SkipMachineOOBE>                 <SkipUserOOBE>true</SkipUserOOBE>             </OOBE>         </component>     </settings> </unattend>]]></rdvp:UnattendXml></rdvp:Vm><rdvp:HyperVHosts><rdvp:HyperVHost><rdvp:Name>hyper02.lab.local</rdvp:Name><rdvp:NumberVms>3</rdvp:NumberVms></rdvp:HyperVHost></rdvp:HyperVHosts></rdvp:ProvisionPoolRequest></rdvp:RDVProvisioning>
----------------------------------------------------------------------
Log Name: 	Microsoft-Windows-TerminalServices-SessionBroker/Admin
Source:		TerminalServices-SessionBroker
EventID:	1549
Level:		Error
User:		NETWORK SERVICE
Task Category:	MS VM Provisioning Plugin
Computer:	RDSCB01.lab.local

I hope we can get this working, thanks in advance everybody!

Regards,

Bart

Hi

I have looked at a few articles but cant quite find anything that confirms what I am trying to do.  I have also looked at the steps on setting up a gateway which is straight forward but I would like to find instructions on how to add an independent server.

Currently we have an Remote Desktop service and a Gateway.  I would like to do some testing and just want to add an independent gateway (but don't want to make it part of a farm or do load balancing).  I just want to build the second Gateway to test two factor authentication with and then delete the VMs.

Is this achievable or does this have to be part of a farm to be able to work.

and is there anything I need to look out for here?

Hello,

When implementing a VDI solution, I'm getting an error on our virtualization host server.  The error is:

Remote Desktop Virtualization Host failed to get redirection authentication information from the virtual machine [VDI-PC].

Hresult 0x8000FFFF

Event ID 8467, Severity: Warning, Source: Microsoft-Windows-TerminalServices\TSV\VmHostAgent

This error happens every time a user or admin connects to a VDI desktop.  This is a fresh install of Remote Desktop Services on completely fresh servers.  This is in testing and we have not ever had it working before without the error.

Topolgy: Server2012 R2, Windows 7

Srv-RDCB1: Is the connection broker and Web Access server.  It is Virtualized thru Hyper=V.

Srv-RDVH1: Is the virtualization host.  It is a physical server. It also has a separated hyper-v role (for RDS VDI deployment).

Everything seems to be functional other than this error in the log, and I haven't found any information on what this could mean.

Any help is greatly appreciated, thanks!

We migrated this box from a physical to virtual but had to do a BackupExec backup and full restore (P2V would not work).  When doing this we had to delete the original AD object and rejoin the newly restored vm to the domain.  Server name was never changed.

Thin clients connect to this server running a remote app.  This works without any issues.  Everything appears to work 100% successfully as before.

We need to manage the sessions to the RDS server using Remote Desktop Services Manager.  When opening this up it shows the server name "Server1" but when opening RDSM I get a popup saying "The specified computer cannot be reached.  Make sure that the computer is accessible and verify computer name."  If I click on the added server "Server1" it has a green arrow pointing up it does not show any users, sessions or processes.  If I right click and try to add computer using Local Computer it comes back saying the same error message above.  If I try to add computer using select a computer I get "Server was not found".

Now I have no idea if this has anything to do with the migration above but they say before they could get in here and now they can't.  They want to be able to manage the sessions connected to the server.

I have a Hyper-V Server 2012, 4 VM's, 3 are Server 2012, 1 is Server 2008 R2.  One of the Server 2012 is the CAL Server, they other 2 are just remote application servers.  I've got the CAL Server setup with 20 Per User licenses, The RD Licensing is setup, RD Connection Broker is setup, RD Session Host is setup and the Collection is setup.  And when I state "Setup", I mean to the best of my ability...

BUT, I cannot get anyone logged into the Application Servers, keep getting "No Remote Desktop License Servers available to provide a license."

On App Server 01, RD Licensing Diagnoser DOESN'T show the CAL Server and states:

"The licensing mode for the Remote Desktop Session Host server is not configured."

On App Server 02, RD Licensing Diagnoser showes the CAL Server but states:

"The Remote Desktop Session Host server is in Per Device licensing mode and No Redirector Mode, but license server does not have any installed licenses with the following attributes:

Product version: Windows Server 2008 or Windows Server 2008 R2
Licensing mode: Per Device
License type: RDS CALs or VDI Premium Suite licenses"

Any help or guidence would be appreciated.

When making theFIRST Remote Desktop Connection between any of the following:

Local Computer                Remote Computer

Windows 7                          Windows 7

Windows 7                          Windows Server 2008

Windows Server 2008    Windows 7

Windows Server 2008    Windows Server 2008

there is a 20-30 second delay before the connection is established.  On some versions of Remote Desktop client you will see the message “Securing Remote Connection” during the delay.   Once the first connection has been established the delay disappears for any new connections which occur within the next 3-5 minutes.  After 3-5 minutes the delay reoccurs.

The delay does NOT occur for the following connections:

I would like to know if there was a way to restrict logins to remote desktop web interface to a certain security group on Server 2012

To clarify, this isn't referring to starting an application, but to the login page right when you visit the site.

I am aware of the following thread - http://social.technet.microsoft.com/Forums/windowsserver/en-US/66595988-753a-4cab-b5c4-4b9b3bcabbe8/restrict-logins-to-rds-web-access?forum=windowsserver2008r2rds which is helpful.

While planning to use this technique on a Windows 2012 RDS server I have found that the RDweb folder already has a permission for the group RDWebAccess.   I would rather modify an existing group but I cannot find this group in either the local computer or AD.

Any ideas?

Bob

Hi guys, 

Is there an easy way to migrate local user profiles on an remote desktop server to user profile disks? I am replacing a Server 2008 R2 and want to start using UPD's instead on a Server 2012 R2. 

Best regards,

Hasan

Vincent Sprague

Hello everyone,

I have a Windows Server 2008 R2 with RDP installed.

I want to create a couple of user groups which will have 5 different users in each. Then I would like to limit RDP connections, let's say 2 connections for the first group and 3 connections for the second group. For example, if 2 users from Group 1 are connected then when a 3rd user from Group 1 tries to connect it will be rejected to connect, but 3 users from Group 2 still can connect. Is it doable?

Thanks in advance.

Hi there,

Could anyone help with the bellow:

I have set up remote app function on Windows Server 2008 however I need to change the file path to be the user folder of each user logged in. Otherwise there are right conflicts.

The file path while running it locally is 

"C:\Program Files (x86)\Microsoft Office\Office15\MSACCESS.EXE" "C:\FAM\fam_form.mde" /wrkgrp "l:\FAM.MDW"

However within remote app settings it picks up MSACCESS as the file path and then the remainder is in the command line arguments. 

I have tied using the following in the command line arguments:

"USERPROFILE\fam\fam_form.mde" /wrkgrp "L:\fam.mdw"

however it is still not working.

Would greatly appreciate if someone could help or point me in the right direction.

Ali

Ok, ive been racking my brain over this for the last 2 days. I have finished setting up RD Web Access on a Server 2012 which is to replace our Server 2008 R2 box. 
Everything has been installed and configured correctly, everything works except I get an annoying certificate name mismatch upon connecting. Now this does not affect users from connecting in anyway as they can just click on "yes" and carry on as if nothing has happened

Everything is currently being hosted on the one server with internal FQDN server.company.local and external FQDN rdweb.company.com.I have an SSL certificate from GoDaddy registered to the external name rdweb.company.com.

Connecting to the website https://rdweb.company.com/rdweb all works fine. The Certificate is showing as trusted and authentication happens with username and password. The user is able to log in and is given the list of web apps. Clicking on any of the applications proceeds with the following (which is all as normal):

As you can see above the gateway is fine, however it connects to the internal server name and the user is presented with:

Now ive gone up and down the net and Im 99% sure that ive got everything setup correctly

Its important to note that I did not have this issue on our 2008 R2 server as the url for the connection is located in the remote app deployment settings. 

So does anyone have any ideas as to how I can overcome this issue? 

Id like to note that im preferring not to use an SSL with an internal SAN (due to security and the fact that this is being phased out over the next year or 2), however if this is the only way forward I may have to do this as a last resort (or just tell the users to click on yes).

Remote Desktop Connection Broker Client failed while getting redirection packet from Connection Broker.
User : DOMAIN\xxxuser
Error: Remote Desktop Connection Broker is not ready for RPC communication.

The Windows All-User Install Agent could not update timestamp for user user account DOMAIN\xxxuser. The error code is 0x8007054F.

The Windows All-User Install Agent could not to retrieve a list of packages for the user account DOMAIN\XXXUSER. The error code is 0×80070002.

Nevertheless, the app functions just perfectly.  The ONLY functional loss I have discovered is my apparent inability for a user with a default printer other than the default TCP-port network printer installed on the RDSH machine to redirect print jobs.  When they try, they get this error:

The document Print Document, owned by xxxUser, failed to print on printer Dell B1260dn Mono Laser Printer (redirected 2). Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 589824. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\TS2012. Win32 error code returned by the print processor: 5. Access is denied.

The drivers on the RDSH server and the Windows 7 Pro workstation with the direct-USB attached B1260dn are identical.  The user is in security group with permissions on the appropriate folders in Windows/System32/spool.  The appropriate GPO settings have been made and tested with modeling. 

Do not allow client printer redirection Disabled
Do not set default client printer to be default printer in a session Disabled
Redirect only the default client printer Disabled
Specify RD Session Host server fallback printer driver behavior Enabled
When attempting to find a suitable driver: Default to PCL if one is not found.

Policy Setting Comment
Use Remote Desktop Easy Print printer driver first Disabled

I have even tried giving that security group permission to restart the spooler service on the RDSH server.  No luck with any of this.

I realize that my approach is totally unorthodox, but I really do not need the overhead of Web Access, or the added security risks that come with an IIS installation in my domain.  I have tried installing the Connection Broker with RDSH role, but this leaves no one but the administrator able to connect.  Is there some supported (or unsupported) way to achieve my goal without IIS and the Web Access component?  Alternatively, were I to go with the recommended RDS install method, could I subsequently disable IIS and remove Web Access and still have the functionality I desire?

John

Hello,

I had a problem, where the terminal server refused the connection because the license expired.

This can be solved by deleting the grace period key. Following this: http://guru365.net/2013/04/18/server-2012-terminal-server-license-server-connection-issue/

But this problem occure in every terminal server in the network (aprox 40).

Right now i have to check the status of the licenses by script. And delete the key manually and restart the server.

Is there any solution that don't require manual solution?

Is there a way where the key is refreshed automatically?

I Hate Mondays

Hi,

I have set up a single RDS server with all the roles (Web, Gateway, Licensing, Connection broker and Session Host)

Everything is configured and I'm using a trusted certificate.

When sitting on the internal network, I can browse to the RD website, login in and start the Remote apps.

When sitting on an external computer connecting over the Internet I can browse to the RD web and login, but when the remoteapp is about to start, I get an error saying there is something wrong with the certificate.

The first window I get when I try to Connect to a Remote App is this:

The Gateway server name is an external FQDN and it matches my trusted certificate. This looks fine and I click Connect.

Then this window shows up (It's in Norwegian, sorry):

This one says there is a name conflict between the server name and the certificate used.

1. In it self that is correct, but why does the server suddenly use the internal server name, and not the external?