Quantcast
Channel: Remote Desktop Services (Terminal Services) Forumu
Viewing all 27533 articles
Browse latest View live

Would logging into multiple servers from a remote desktop session eat up any user licenses on the terminal server or network?

July 9, 2019, 5:35 pm
$
0
0

Hi,

If a user using a terminal/thin client logs into a terminal server, then from that RDP Session, connects to different Win servers. would that eat up a user license on terminal server or network? For example:

Thin Client --> Terminal Server ------> File Server
                                                   |
                                                   |---> QuickBooks Server
                                                   |---> App Server

Would that situation above cause the user eat up four user licenses on the terminal server or not?

Thanks

Search

Is it possible to migrate local profiles to user profile disks?

February 7, 2014, 2:37 pm
$
0
0

Hi guys, 

Is there an easy way to migrate local user profiles on an remote desktop server to user profile disks? I am replacing a Server 2008 R2 and want to start using UPD's instead on a Server 2012 R2. 

Best regards,

Hasan

Remote Desktop Not Connecting to Session Hosts from certain networks

June 28, 2019, 10:54 am
$
0
0

If I put the IP address in of the Remote Session Host server (there is only one) it works. It connects through the gateway and then connects and authenticates successfully to the server. 

Also if I connect to another internal PC remotely on the network through the rd gateway using DNS name it also works fine.

Finally if I connect from outside the office network using hot spot it will resolve both the remote session host and remote PC by DNS name. If I switch it back to the LAN it reverts to orignal behavior.  I have seen this at multiple places.

There must be a different way it is connecting on one network than on the other network that causes this odd behavior.

Also  Remote apps through RD Web will not open after successfully authenticating through gateway ut will work outside of network.

Can not issue licenses from Server 2019

July 7, 2019, 10:05 am
$
0
0

Hi,

I recently installed Windows Server 2019 on our company's server machine (PC A). The purpose is to have multiple users who have Win 10/7 Home/Professional to log on PC A to use software installed on it. The schematic diagram of what I'd like and the current situation can be seen below.


However, I could not set the RD licensing manager (after activation succeeded) to issue the licenses. Here are what I have done:

I purchased the RD CALs (5 per device CALs) and installed the manager on PC A. See below for the running status.

I did some search online but the answers vary themselves. I realized that the first problem is that, I could not find the RD Session Host Role in the Server Manager->"Add roles and features", as many were advising installing from many blogs I found, see below

Many people's screenshot is different than mine. So I tried to do the "Remote Desktop Services Installation", which gives me these errors (one if I do quick, one if I do standard installation):

That's where I feel confused. I searched again and realized that my configuration is a "Workgroup" mode, not the "domain" mode, and I don't know how to convert this standalone-server PC A to a domain host. Any advice will be appreciated!

Move an RDS server between domains and migrate user profile data

July 1, 2019, 8:33 am
$
0
0


We need to move several Remote Desktop Services servers (Server 2008 R2 and Server 2012 R2) from different domains to one consolidated domain and want to migrate/copy as much (local) User profile data as we can. Users will have the same username in both domains however, the 2 accounts will be independent of each other (different domains/SIDs etc) so we expect users in the new domain will have new user profile folders created (can’t re-use the old folders?).

Because the Source and Destination computer is the same device, will the User State Migration Tool (USMT) work?

Sorry, can't post links. It's the "usmt-migrate-user-accounts" page on Windows deployment section of "docs DOT microsoft"

Also looked at ADMT but never used it and unsure of implications.

"windows-server-2008-R2-and-2008/cc974455(v=ws.10)" page on "docs DOT microsoft"

Any help/guidance appreciated.


2016 RDS Host badpwdcount increments if a bad pwd is cached while enforcing "Always prompt for password upon connection"

July 2, 2019, 10:21 am
$
0
0

Hello,

We were doing some experimenting with the latest RD Client for an iOS device and accessing a 2016 RDS Host.  What we noticed is that while we had the "Always prompt for password upon connection" enabled on the RDS host and if the correct password was cached in the RD Client on an iOS device, the server responded as expected with the "The server's authentication policy does not allow connection requests using saved credentials" 

What was odd was that if the RD Client had an incorrect password cached, we would not get that response.  We would receive a "User name or password did not work" and the badpwdcount on the user account in AD would increment. 

The point of this exercise was to see if we could prevent users from locking their accounts by having a bad password cached in the RD Client.  We thought enforcing the "Always prompt for password upon connection" would prevent this, but it does not.  It only prevents this if the correct password is cached. 

Is this the expected behavior or is this a bug?  It seems kinda of pointless if the bad password is cached and yet it allows the badpwdcount to increment.   Kinda a DoS attack vector.  

Appreciate any and all feedback. 

Mstsc to terminal server with a specific user Error : The Group Policy Client service failed the sign-in "Access is denied"

July 3, 2019, 8:26 am
$
0
0

Hello,

I have this weird problem that when I am trying to connect to a terminal server with a specific user (let's say "Anna") I am getting this error :

The Group Policy Client service failed the sign-in "Access is denied"

and if I am trying to connect with a different user it's working fine.

anyone have an idea what can cause this error?  (tried already : checking if there is a temp profile .bak in the registry and C:\users\%username% not showing the user profile). 

RemoteApp Problems on Windows Server 2016

July 4, 2019, 6:25 am
$
0
0

We´ve got a problem regarding our users using the RemoteApps.

Our enviroment are two Terminalservers on a Windows server 2016 and one Connection Broker Server on a Windwos Server 2016 too.

A few users need to open the RemoteApps multiple times from different workstations so they connect multiple times to the Terminalservers.

the Problem now is that

the user X opens a remoteapp on workstation 1 the connection broker decides to give him a session on Terminal Server 1, now user X opens

a Remoteapp on Workstation 2, the connection broker gives him a session on Terminal server 2 for now everything works fine but if

user X opens now a remoteapp on workstation 3 you get a short message that says you are connected with RemoteApp- and Desktopconnectiion 

but the Remoteapp wont start and if you click on "Details" you can see only a black screen.

So if the same User connects 2 times on the same Terminalserver the RemoteApp dont start and shows just a black screen.

We already edit the Registry:

 - fSingleSessionPerUser     value: 0

 - fdenyTSConnections value: 0

 

 and edit the Group Policy:

 

 - Restrict Remote Desktop Services users to a single Remote Desktop Services session    value: Disabled

 - double-click on Limit number of connections and then set the RD Maximum Connections allowed to 999999

 

 Deleted Firefox, disabled everthing regarding sound.

 

 The Eventlog shows this warning:

 

 "The installation of the default connection has been cancelled. A default connection cannot be used on a system that is part of a Remote Desktop Services deployment."

 "Event ID: 1026"

 

 Does anyone have a Solution for this Problem?

 

 Thanks in advance.

Search

RD Gateway in perimeter network with RODC

July 7, 2019, 7:46 am
$
0
0

Hi all,

I am rather unclear about how to set up RD Gateway and Read Only Domain Controller in perimeter network. I have read some of the popular blogs, among those: https://techcommunity.microsoft.com/t5/Enterprise-Mobility-Security/RD-Gateway-deployment-in-a-perimeter-network-Firewall-rules/ba-p/246873 . But I would need a step-by-step guide on how to practically implement this.

I have a two-firewall setup of" internet-outer firewall- perimeter network - inner firewall- corporate internal domain". I have full rights in the internal domain (10.10.1.0/24), but have limited rights in the perimeter network (172.1.0.0/0.0.255.255), which is another domain. I have setup a RODC, and have joined this to the internal domain, and promoted as RODC successfully. Have set up "allowed" and "denied" password replication policies. I have placed RODC in the perimeter network. I have setup a RD gateway server, and currently has not joined neither internal domain nor domain in the perimeter network. It is only set up as a member in perimeter network. I have full rights to configure firewall ports both on the outer firewall and inter firewall. The intended RD Gateway and RODC should be in the perimeter network subnet, but do not  joined the perimeter domain (obviously). there are no firewall between RD Gateway and RODC in the perimeter network.

What I want is to configure the RD Gateway in perimeter network to answer all RDP requests from internet, and authenticate users towards the RODC. If a user is authenticated, she will be allowed (by RAP) to connect to RDSH in the internal domain through say 3398 (I will reassign an uncommon port in the RAP and on the internal firewall NAT to session host).

I know I would need to open ports for RODC to replicate with RWDC. for testing purpose I can manually cache the users passwords. What I fail to understand, is how the RD Gateway in perimeter subnet(172.1.0.0) to contact a DC (in my case the RODC) on the same subnet for authentication. what would I do to let RD Gateway look for my RODC? should I put the RODC as the DNS server on the NIC of RD Gateway? I tried this, and it does not seems to work."There are currently no logon servers available to service the logon request".

Please help and I would be very grateful your assistance.

RDS Connection Time Limit Exceptions

July 2, 2019, 9:04 am
$
0
0

Hello,

I am working on a 2012 R2 Server and need help with Remote Desktop Services session time limits. I have a user who needs the screen to be on all the time to monitor critical areas and therefore cannot have their session disconnected. We have another user who already has this exception but I can't find where the exceptions are made. I've looked in GPEDIT.MSC and see that the time limits are enabled but that's all. Any help would be appreciated.

Install RDS - Per Device licensing in work-group environment

July 6, 2019, 6:16 am
$
0
0

Hello All,

Thank you in advance, We have 10 servers which are on workgroup and we need to configure the per device license for 10 servers.

So is it possible that i can configure RDSH and install 10 device license on it and rest 9 servers to point that RDSH for license or do i need to install the per device license on each server. please suggest how should i configure this.

Dayanand Gavas

RD Connection Broker HA and SQL 2017 Standard

July 8, 2019, 2:31 pm
$
0
0

Has anyone been able to setup RD Connection Broker HA with SQL 2017 Standard?  I have been working on it for three days and can not get it to work.  I have assigned numerous excessive security permissions, manually created the database, can connect with ODBC connection, installed client tools, installed SQL Management Studio, can telnet to SQL from connection broker, disable firewall on both sides, followed over half a dozen guides and many other things.  I'm about to loose my sanity.  Is this even compatible??

Thanks!!

Implementing 2nd Remote Desktop Server - Question

July 2, 2019, 8:04 am
$
0
0

Hello, I currently have a Remote Desktop Server "Windows Server 2012 R2" running in a small but busy Accounting Office and it's working great but during last tax season it bogged down from time to time so we are considering implementing a 2nd Remote Desktop Server to help service the load..

Here's some details:

1 - Approx 30 Users running MSOffice and Accounting Apps connecting via RDWeb to run Apps..

2 - The current RDS is a Physical installation with no Gateway as there's no external access at this time to limit security issues.

Question: My plan is to install a New Host "Windows Server 2016" and implement the new RDS as a Virtual Server and I'm not sure if I should tie it back to the current Physical so it can manage the load balancing or if I should just set this up as a separate standalone and just instruct the users how to access each server.. 

My concern is if I tie it to the Physical RDS and there's a problem with the physical server then will it prevent users from accessing the new Virtual RDS.. 

Thanks for you help...Scott

 

RDS 2016 - multiple forests

July 4, 2019, 3:21 am
$
0
0

Hi, I have implemented standard RDS 2016 farm deployment in single forest with single domain - 2 Web Access, 2 Connection Brokers and 2 Session Hosts) and collection with many published apps. I want to expand this somehow to other forests too which trust forest hosting RDS 2016 farm.

Is there any detailed guide how to implement this? There are some docs about multi-tenant RDS but I do not see anything useful for my case scenario. I guess I need new session hosts per forest but could I use existing WA/CB servers without adding new ones? 

Any help would be appreciated. Thanks in advance!!!

KB4503294 affecting Wyse 3040 thin clients only in RDS Environment (Serv 2016)

June 28, 2019, 7:38 am
$
0
0

Also affects Wyse Thin Os 5070 - but NOT older T series thin clients or original branded Wyse Clients

Before anyone asks - Yes I have a case open with Microsoft, and Dell. Both are pointing the finger at each other and we're going nowhere.

After My posts on patch Tuesday where we determined that KB4503267 was killing Wyse 3040 thin clients (And only wyse 3040 thin clients) we've now determined that KB4503294 is causing this also.

Configuration example:

A single Remote Desktop Connection is configured. The hostname is pointing to internal hostname of server e.g. remote1, and the use TS gateway setting is checked, with the TS gateway pointed to gateway.contoso.com

Symptom: When a user attempts to login the login window on the thin client disappears for a moment and then re-appears

Event log does not show anything useful or conclusive either on the thin client or Windows Security log. All windows security log says is "error during logon". I'll add a complete extract as soon as the box comes back up.

I'm at a loss (And so is everyone else apparently) as to why only the dell 3040's are affected. Even the earlier Wyse T series thin clients are fine and Microsoft can't give me any answers nor can Dell

On Server 2012 we found that Preview updates KB4503295, KB4503277, caused this.

Edit: I previously typed that KB503886, KB4503865 affected this - That information is incorrect and these were not installed on the servers impacted this morning

We also found that non preview updates KB4503263 AND KB4503276 when combined caused this issue.

I was also able to confirm that this affects firmware version 8.6_024 & 8.6_013

An example of the Event log from a failed user logon (with some redactions)

An account failed to log on.

Subject:
	Security ID:		NULL SID
	Account Name:		-
	Account Domain:		-
	Logon ID:		0x0

Logon Type:			3

Account For Which Logon Failed:
	Security ID:		NULL SID
	Account Name:		USERNAME
	Account Domain:		CONTOSO.local

Failure Information:
	Failure Reason:		An Error occured during Logon.
	Status:			0x80090308
	Sub Status:		0x0

Process Information:
	Caller Process ID:	0x0
	Caller Process Name:	-

Network Information:
	Workstation Name:	GATEWAY.CONTOSO.COM
	Source Network Address:	12.234.234.234
	Source Port:		54188

Detailed Authentication Information:
	Logon Process:		NtLmSsp 
	Authentication Package:	NTLM
	Transited Services:	-
	Package Name (NTLM only):	-
	Key Length:		0



Search

Windows 10 Enterprise virutal machines frequent disconnects due to RemoteFX on Hyper V

July 9, 2019, 10:51 am
$
0
0

Hello,

We run Windows server 2016 on our host machines, and we connect to our hosts through an remote desktop gateway, we have run into an issue where users who remote in through the gateway are getting disconnected for about 5-10 seconds and then their session is restored. This happens about once every 30-60 minutes.

Event viewer is throwing the following errors

Disconnect trace:CUMRDPConnection Disconnect trace:'calling spGfxPlugin->PreDisconnect()' in CUMRDPConnection::PreDisconnect at 4726 err=[0xc], Error code:0xC

'Failed GetConnectionProperty' in CUMRDPConnection::QueryProperty at 3015 err=[0x80004001]

I get flooded with these events about 100 times a minute, (not each event, just a collection of related events in one minute).

I'm looking for a way to disable remotefx so the host will not allow the client computers to use remotefx anymore. I tried a few things such as 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations
DWORD: fEnableRemoteFXAdvancedRemoteApp: 0x00000001 (0) - On remote gateway server

The DWORD above is not on any of my host machines, I was concidering adding it and setting the value to zero, but I'm not sure if this will do the job.

I also tried to disable this in group policy,by disabling everything remoteFX related other than the remotefx entry related to compression algorithms.

Has anyone delt with this before? I would greatly appreciate any guidance.

RemoteApp doesn't apply correct scaling initially

July 9, 2019, 1:29 pm
$
0
0

I have a large app for which we are waiting to configure DPI scaling. Currently, when we launch our app via RemoteApp (RDP to our Windows Server 2016 server) on a high DPI screen, the text and controls overlap. As a work around for our customers with high DPI displays, we found the best solution is to set HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\IgnoreClientDesktopScaleFactor to 1.

This stops the RemoteApp from using DPI scaling and makes it look decent. 

The problem is that the size of the window itself starts off at 100% scaling (96 dpi) even though the computer is set to 200% scaling (192 dpi.) 

If you change the scaling factor on the local PC (to any scaling) and then change it back to 200, it will automatically size the window back up to the correct scaling (200% size.)

We would prefer to use this workaround instead of adding a mstsc manifest file to our customers' PC's, but we would need to know how to force the RemoteApp window to scale the same as the system's scaling when it's first launched.

Windows Server 2008 R2 RDP will not connect

July 9, 2019, 6:37 am
$
0
0

I am having a issue with a 2008 R2 server RDP no longer working out of nowhere. I have tried all the things listed below any help with bee appreciated!

Server will not allow any Remote desktop connection


  1. New Network Nic
  2. Reactivated license server
  3. Reinstall RDP Cals
  4. Run updates
  5. Reboot server ( This was fixing it for the few time it happened before Yesterday)
  6. Checked to make sure no Firewall rules were wrong
  7. Checked that port 3389 was open
  8. Ran a ping test to the Router IP, WAN, and PC IP
  9. Checked to make sure all RDP Services were running.

User from trusted Domain can connect to collection over broker, but straigt over RDP

July 9, 2019, 7:56 am
$
0
0

Hi,

we got an terminalserver environment with Server 2016, with RD-Web-Access, two connection brokers and many collections and RD Session Hosts.

This Environment is in Domain X, we have a collection where Users from domain y (trusted) can connect to collection RemoteCOLL

X\L_RemoteCOLL (domainlocal) with y\g_RemoteCOLL-2x (global groupe) with remoteuser

Last Friday everything was fine, only known change, in Domain y we updated Exchange to CU13, with Forrestprep (but maybe this is just coincidence.)

At Monday, no connection possible over broker... not autorised.

direct connection to the RD Session host is working.

Connection over Broker for Users from the broker domain x, working.

Connect from domain Y, not autorised... 

Any ideas? 

Default Credentials Error after adding new RD Session Hosts

July 9, 2019, 1:29 pm
$
0
0

Here is a strange one:

Have a standard setup with the following:

  • RD Broker and RD WA on one server
  • 2 Session Hosts
  • 2 RemoteApp hosts

Setup SSO perfectly and all working as expected.

Then I realised the guy who setup the virtual machines set them up as Gen1 so could not have more than 1 processor due the tech on the host. Tried converting them using the MS PS script but failed.

Alas I had to create 2 new session hosts. After I removed the old session hosts and added the new session hosts, when connecting to the broker server to get allocated a session host, I now get the following error:

"Your System Administrator does not allow the use of DEFAULT credentials to log on to the remote computer

******.*******.co.uk because its identity is not fully verified"

Things I have tried:

  • Reapplying the cert to all roles
  • Restarting all servers
  • Allowing delegated creds using local group policy

Weirdly enough, if I connect via RDWeb or via Remote Resources feed it goes straight through.

It is very strange.

Any ideas?

Thanks in advance.

Viewing all 27533 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>