Quantcast
Channel: Remote Desktop Services (Terminal Services) Forumu
Viewing all 27533 articles
Browse latest View live

Bogus error: “The remote computer requires Network Level Authentication, which your computer does not support.”

September 9, 2015, 8:32 am
$
0
0

Hello, 

We have Windows 2008 R2 servers with SP1 fully patched and Windows 7 SP1 desktops also fully patched. We enabled NLA (Network Level Authentication) via group policy recently after we decommissioned our last 2003 R2 server. We can connect to all of our 2008 R2 servers via remote desktop except for one. We get the error: 

“The remote computer requires Network Level Authentication, which your computer does not support.”

We are using other 2008 R2 servers and Windows 7 desktops to try to connect to the server. They all support NLA. But we still get the message. We rebooted the server from the console. That still did not resolve it. We could turn NLA off in the group policy at least for this server but we need it turned on for compliance reasons. 

Any suggestions on what the issue is? 

Thanks. 

Search

Outlook unable to search after update

December 3, 2018, 6:51 am
$
0
0

After installing 2018-11 Cumulative Update for Windows Server 2016 (1709) for x64-based Systems (KB4467681) on our RDS servers the outlook 2013 search bar does not work, clicking on the magnifying glass does nothing.

Going to advanced find and searching there works.

Search works again after uninstalling update.

RDS 2019 (but probably other versions as well): locked RDP session logs in after session reconnect

February 19, 2019, 6:57 am
$
0
0

Hi. I'm running into some sort of security issue. Some of our customers actively lock their RDP session so obviously no-one can use it. It seems that when you lock your RDP session, and then get a reconnect to the server, and the RDP client reconnects, it automatically logs you in again, circumventing the lock.

Easy to abuse too: locked session? Just disconnect the network cable / wifi until the session starts reconnecting, and reconnect the cable and *poof* you are in.

Now some of this is prevented as we have some customers that have 2FA implemented on the RD Gateways, so when the session reconnects, you'll need to approve the 2FA. But not all customers have that.

Would there be any way to prevent this? Anyone else can confirm this?

Publish applications with RemoteApp from network drive

February 19, 2019, 7:06 am
$
0
0

Hello!

I need help with the following scenario ... I currently have a Terminal Services server that contains an application, which must be used through a network drive, users access remote desktop media to the server and use the shortcuts of the applications that point to the shared unit, for example, the X :

Now it is required to do the same but through RemoteApps, but when trying to add the path of the applications, from the network unit, I do not or can not, from C: if it does it without problems, but I need to add it to point to the network unit ... how could I do this?

Thank you

Can't RDP / Network Share Across Subnet

February 19, 2019, 8:37 am
$
0
0

I have 1 Server that can't RDP or be RDP'd, access file shares or have its file shares accessed from other servers on a different subnet. 

I can access the file shares and RDP to and from it from other servers in the same subnet. 

Windows Firewalls are off, no I cannot change the IP address for testing because web and application services are dependent upon it. 

Other servers can access shares and RDP across the subnets just fine. It's literally just this 1 server that's having the issue.

Idle Time reset for all users at logon

December 20, 2016, 7:49 am
$
0
0

When I run a 'query user' command to get the idle time for each user, I have noticed that it gets reset back to 0 when a new user logs in. This is a problem because our session timeouts never kick in, even if a user actually is idle. Every single time a user logs on it resets the counter for everyone.

Has anyone seen this behavior before or know how to prevent it? We have idle users who are never kicked off the server because the counter keeps getting reset.

Remote Desktop fails to connect on Windows 7 for users who have been assigned administrator rights. [The Local Security Authority cannot be contacted]

February 19, 2019, 10:32 am
$
0
0

Everything was working fine until about 2 months ago.

I have a Windows 7 system that I access with Remote Desktop Connection from a Windows 10 system.  One day I found that my user account, which had been given administrator rights quite some time ago, couldn’t log on remotely.  The Windows 7 system was configured for remote access with the setting “Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure)”. When I tried to log on, I got an error stating “The Local Security Authority cannot be contacted”

If I configured Windows 7 to “Allow connections from computers running any version of Remote Desktop (less secure)”, then I could log in but I didn’t want to use this less secure setting.

Doing some experimentation, I found that if I enabled the built-in Administrator account, then the Administrator could log in remotely using “Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure)”.

If I created a new standard user called Test.  I found that Test could also could log in remotely using “Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure)”.

If I promoted Test to an administrator, then Test couldn’t remotely log on.  He got the LSA error.  If I demoted my account to a standard user then I could log in remotely using “Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure)”.

When I promoted my account back to an administrator, the logon failed with the LSA error.

All users have valid passwords that are set to never expire and are members of the Remote Desktop Users group.  The only thing that is changing is whether or not the users have administrative privileges.

Is this a permissions issue, or a behavior change cause by an update to Windows 7?

Mark Wilson

Windows update breaks Remote Desktop service on Windows 2008 R2

January 22, 2019, 8:17 pm
$
0
0

Dear Sir,

We hit the issue on 2 windows updates - KB4462915 & KB4462923 (KB4462927). Once we apply them, the RD connection via RD gateway to RD Host is not working. but the internal connection is no issue if I bypass the RD gateway.

In Event Viewer, I found the connection and resource authorization polices are passed but it can't connect to the farm address with warning / error message below in different logs

TerminalServices-Gateway Log: The user "DDD\ABC", on client computer "W.X.Y.Z", met connection authorization policy and resource authorization policy requirements, but could not connect to resource "farm.domain.name". The following error occurred: "817".

System Log: A fatal error occurred while creating an SSL client credential. The internal error state is 10013.

There are the system setting we applied on Remote Desktop Service (all RD servers are Windows 2008 R2),

- Only TLS1.2 is enabled with FIPS (Disabled TLS1.1/1.0)

- "Send NTLMv2 response only" is applied

- RD Gateway and Broker are in the same server and RD Host is in the other machine

If we can enable TLS1.0 on RD Gateway, the RD connection can be resumed but this is not a good solution and will leave the backdoor on server.

Besides, we tried to change security layer to negotiation or enabled back NTLMv1 on servers but they didn't help.

I suspect the main issue might be on the change by KB4462923(KB4462927) which fixes TLS1.0/TLS1.1 issue on FIPS (see below) but MS didn't have a fix for RDG / RDCB to support TLS1.2 completely

  • Addresses an issue that makes it impossible to disable TLS 1.0 and TLS 1.1 when the Federal Information Processing Standard (FIPS) mode is enabled.

At this moment, we only can stop the windows update on RD gateway to prevent the blocking again on RD connection. 

I tried to apply the latest windows update (up to Jan 2019) for the test but the problem is still there...

Does Anyone have the solution to enable TLS1.2 only for RD Service for Windows 2008 R2 with update applied? 

Any advice is much appreciated..

MK

Search

Having issues with UPD in VDI Deployment

January 31, 2019, 3:43 pm
$
0
0
I have a VDI Deployment with 2 RDVH servers. I am using a Failover clustering for two servers with multiple users. 

It shows that a user has previously logged out of a RDS session, and then tries to log back in, however the UPD for that user was “in use” so the user receives a temporary profile instead. Im using 2016 windows server

Also please don’t forget that at the same time we started experiencing these errors, we started having performance issues for the users as well.

When a user first connects, there is a delay (sometimes up to 3-7min) to get a desktop. Then the user will usually open Outlook to check their emails. There is a large delay doing this as well.

It seems like for about 15 min or so after a user logs in, the system/session is EXTREMELY slow. Then after the first 15 min or so, it picks up and runs like normal (speeds).


Remote Desktop Management service won't start

February 19, 2019, 1:00 pm
$
0
0
We have two servers that have clustered desktop services. On both servers the Remote Desktop Management service will not start. When I try to start it I get the message that the service started then stopped but there is no error or log entry anywhere.

How do I resolve this and get the service started again?

Satya

RD Gateway NPS issue (error occurred: "23003")

February 19, 2019, 4:01 pm
$
0
0

I setup a RD Gateway on both Windows server 2016 and Windows server 2019. That should be a strainght forward process following Microsoft doc and multiple other website (https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/rds-deploy-infrastructure).

When I try to connect I received that error message Event Log Windows->TermainServices-Gateway

The user "DOMAIN\Username", on client computer "IP", did not meet connection authorization policy requirements and was therefore not authorized to access the RD Gateway server. The authentication method used was: "NTLM" and connection protocol used: "HTTP". The following error occurred: "23003".

I found many documentation that claim that registering the NPS server (https://docs.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-manage-register) should fix that issue, I register the server. Both are now in the "RAS and IAS Servers" Domain Security Group. But We still received the same error. Can in the past we broke that group effect?

I continue investigating and found the Failed Audit log in the security event log:

Network Policy Server denied access to a user.
Contact the Network Policy Server administrator for more information.
User:
 Security ID:   NULL SID
 Account Name:   DOMAIN\Username
 Account Domain:   DOMAIN
 Fully Qualified Account Name: DOMAIN\Username
Client Machine:
 Security ID:   NULL SID
 Account Name:   LM-G710-8.0.0
 Fully Qualified Account Name: -
 Called Station Identifier:  UserAuthType:PW
 Calling Station Identifier:  -
NAS:
 NAS IPv4 Address:  -
 NAS IPv6 Address:  -
 NAS Identifier:   -
 NAS Port-Type:   Virtual
 NAS Port:   -
RADIUS Client:
 Client Friendly Name:  -
 Client IP Address:   -

Authentication Details:
 Connection Request Policy Name: TS GATEWAY AUTHORIZATION POLICY
 Network Policy Name:  -
 Authentication Provider:  Windows
 Authentication Server:  SERVER.FQDN.com

Authentication Type:  Unauthenticated
 EAP Type:   -
 Account Session Identifier:  -
 Logging Results:   Accounting information was written to the local log file.
 Reason Code:   7
 Reason:    The specified domain does not exist.

I have then found that thread which claim that I should disabled NPS authentifaction

https://social.technet.microsoft.com/Forums/windowsserver/en-US/f49fe666-ac4b-4bf9-a332-928a547cff77/remote-desktop-gateway-denying-connections

I try it but disabling the NPS authentification leave me a bad impression...

Did anyone have a clue why I cannot resolve the domain.

For the testing/debuging purpose and I install The RD Gateway on a AD member server in main network, no other firewall than the windows one.

The only thing I can suspect is that we broke the "RAS and IAS Servers" AD Group in the past.


Remote Desktop Gateway Denying Connections

December 3, 2010, 8:05 am
$
0
0

I have configured a simple RDS setup using the step-by-step guides from Microsoft with the only exception being that I used certs from an Enterprise CA instead of the self-signed certs the guide uses.  I have configured the following setup:

RDWA -> RDG -> RDCB -> RDSH

I have no problems logging into the RDWA server, but whenever I click on anything, I get the following error:

Remote Desktop can't connect to the remote computer "RDG.domain.com" for one of these reasons:

1) Your user account is not authorized to access the RD Gateway "RDG.domain.com"

2) Your computer is not authorized to access the RD Gateway "RDG.domain.com"

3) You are using an incompatible authentication method (for example, the RD Gateway might be expecting a smart card but you provided a password)

Contact your network administrator for assistance.

Right now, on the RDG server, I have two basic policies, a CAP that allows passwords and the Domain Users group, and a RAP that allows Domain Users to connect to any network resource.  On the RDG I'm also seeing the following entry in the event log:

Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

User:

Security ID:NULL SID

Account Name:Domain\RDGTestUser

Account Domain:Domain

Fully Qualified Account Name:Domain\RDGTestUser


Client Machine:

Security ID:NULL SID

Account Name:RDWA.domain.com

Fully Qualified Account Name:-

OS-Version:-

Called Station Identifier:UserAuthType:PW

Calling Station Identifier:-


NAS:

NAS IPv4 Address:-

NAS IPv6 Address:-

NAS Identifier:-

NAS Port-Type:Virtual

NAS Port:-


RADIUS Client:

Client Friendly Name:-

Client IP Address:-


Authentication Details:

Connection Request Policy Name:TS GATEWAY AUTHORIZATION POLICY

Network Policy Name:-

Authentication Provider:Windows

Authentication Server:RDG.domain.com

Authentication Type:Unauthenticated

EAP Type:-

Account Session Identifier:-

Logging Results:Accounting information was written to the local log file.

Reason Code:8

Reason:The specified user account does not exist.

Any ideas?

Start menu not coming up, Server 2016 RDS

March 22, 2018, 10:08 am
$
0
0

A few users are experiencing this problem.

 

Event ID: 5973

Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: The remote procedure call failed. See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

And event ID: 1000

Faulting application name: ShellExperienceHost.exe, version: 10.0.14393.2125, time stamp: 0x5a990817
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.14393.2125, time stamp: 0x5a9909e5
Exception code: 0xc000027b
Fault offset: 0x00000000006d710b
Faulting process id: 0x6b78
Faulting application start time: 0x01d3c1fbf1890ced
Faulting application path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report Id: 7c1dae0b-eec7-416c-b5c9-5148b1bc7ba6
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App

 

When this happens the start menu will not work. This corresponds with me enabling the roaming of C:\Users\user\AppData\Local

 

I'm wondering if there is a folder I should exclude from roaming.

 

If it's not being caused by roaming the local folder then it may be caused by some GPO settings I also changed. I did this because windows search was out of control and consuming too many resources. Unfortunately I cannot disable search completely because of Outlook. My discussion on Outlook and search I had to re enable indexing outlook.

 

Any guidance on this is appreciated.

 

So far the only fix I've come up with is temporary, which is to delete the local profile and on the next login the start menu works. After a day or 2 it stops working again. I haven't totally recreated the user profile and I'm hoping this is not the ultimate fix because that would be a PITA to have to do that for all the users that have this happen.





Windows Server remote desktop

February 8, 2019, 2:08 am
$
0
0

Hi,

We have Windows server 2012. When I remote desktop to my server connected PC (happens both from another pc on our network and from home), the connection is fine for around 30 seconds then freezes. 

I couldn't see any error logs relating to this on the server, where should I look? Any suggestions to help fix this. All was working fine until a month or so ago.

Thanks, Tim



RDS Windows Server 2012/2016 - Reserve 1 session for specific user?

February 8, 2019, 4:55 am
$
0
0

Hi, I'm wondering if it's possible in RDS on Windows Server 2012 or 2016 to make some sort of reservation on a session for a specific user? A customer asks this to be sure that an operations user always can connect to a session on a RDS server in case the connection was lost somehow.

I don't have very much in-depth RDS knowledge, until now I only worked on basic RDS configurations, so that's the reason I post this question here, hoping that someone can explain the possibilities to me. Many thanks in advance!

Search

How to perform a Remote Desktop license downgrade?

February 11, 2019, 5:01 pm
$
0
0
Hi, what is the process to downgrade a CAL for Remote Desktop?  I'm looking at purchasing Server 2019 user CALs but the vendor is saying I will then need to "access downgrade rights" to use these with Server 2012.  Thanks.

RDS 2016 session hangs when monitor goes to sleep on W10 clients.

February 11, 2019, 11:30 pm
$
0
0

Hello guys,

We consistantly encounter this effect on Windows 10 machines connecting to Windows Server 2016 Terminal Servers using the RDWEB gateway. When the client screen turns off the monitor to save power and the user comes back and presses a key, the last thing on the screen of the RDS session is displayed and everything is frozen for a good few seconds before displaying the login screen of the Terminal Server. Very nice when people are doing back transfers or paying salaries.

This only happens on 2016 Terminal Servers when connecting through RDWEB and using a W10 client. Domain joined or not, it does not matter. Nothing is displayed in the logging of the RDS host, gateway, broker or client.

Also, this is not a limit by the Terminal Server policies, the auto logoff after disconnect and auto lock times are set to at least 10 minutes while I can reproduce this after 1 minute when setting the screen energy saving settings to 1 minute.

Can someone please point me into a direction? I seem to be the only person on earth who can consequently reproduce this. Also, we know that simply locking your session is the way to go, especially when leaving sensitive data on screen but you know how users are.

We have updates all our servers and W10 clients (1809) and have this on multiple, totally different locations using totally different internet connections, locations, policies etc. Nothing fancy but a simple RDS deployment and some Office apps are everything they have in common.

Printer redirection

February 19, 2019, 6:53 pm
$
0
0

Hello Expertz,

I have 1 (one) session host server and 10 users are connecting to that server using mstsc. 

The problem here is printer redirection is not happening on the server from past 3 days. I have installed the new drivers but the issue still exists.

I can print locally but when I am on the server printer redirection is not happening. There are no group policies configured on the server.  My server details windows 2016. 

Please do let me know if you have any suggestions to resolve my issue.

Thanks 

SM

TIME OUT and log off script

February 13, 2019, 6:38 am
$
0
0
please help me to create script log off user after 20 min, but I know to link it to group policy, please make it clear

Server 2019 Essentials and RDS

February 13, 2019, 7:09 pm
$
0
0
Does Windows Server 2019 Essentials have the ability to allow 10 Remote Desktop Users? Either natively or by purchasing RDS CALs? This server is in workgroup mode, not a Domain Server.
Viewing all 27533 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>