Setting up a Windows 2008 R2 Remote Desktop Services environment and I'm getting stuck on my server farm config.

RDC Broker is installed to a domain controller at 192.168.1.12

I have 3 RDSH servers I want to add to the farm using network load balancing.  All 3 have that role installed as well as the NLB feature and dual NICS, the individual host IP's are 192.168.1.31, 32, 33 corresponding to node1, 2, 3.

NLB is setup, all 3 nodes are added and converged.  I created a DNS A record for the cluster nlb.domain.local 192.168.1.40

On each cluster host I configured the TS farm as follows:

RD Connection Broker Settings:

Farm member

RD Connection Broker points to the DC above

Farm Name: TS-Farm...?

RD Connection Broker Properties window:

Settings listed above are on top....

Participate in Connection Broker Load-Balancing

Use IP address redirection

IP to use for redirection: Node1 192.168.1.31; Node2 192.168.1.32; Node3 192.168.1.33

My question, referenced above, what should I use as the farm IP address?  Do I create three A records for ts-farm.domain.local, using the addresses of 192.168.1.31-33?

Do I point a ts-farm DNS entry to nlb.domain.local which is .40 my cluster IP?

I think that covers it all....thanks in advance!

**Edit**

DNS round robin is not an option in this setup.  Thanks.

I installled RDS with all services on a single server. Had a lot of trouble getting it to work over the internet however everything worked internally.

Eventually I removed all of the RDS Roles (except licensing) and I reinstalled them all again - this time everything works but the two published Apps from the old install have returned and users can click them in the RDWeb apps page but they fail because they are not really published anymore.

Does anyone know where Server Manager writes published app information - I'm keen to get the rogue orphan apps removed.

Many Thanks

Rob

Within my RAP policy on my Remote Desktop Gateway, I specified an active directory group containing the computer accounts of all VMs that comprise my VDI pooled collection, my connection broker and my RDVH computer.

When I try and connect, it fails and in the event log I see it is being rejected based on the target IP address:

The user "DOMAIN\user", on client computer "sourceIP", did not meet resource authorization policy requirements and was therefore not authorized to resource "VDI IP". The following error occurred: "23002".

If I configure the RAP to allow access to any resource it works.

Then I tried configuring the RAP using a local RD Gateway managed group instead, I added the FQDN of my VDI VM and Netbios name. No luck I get the same rejection.

If I add the IP address of the VM also, it works.

Therefore using a RD gateway to connect to a pooled VDI do I need to specify both the machine names and IP addresses, or am I missing some configuration setting?

The machine names of the VMs in the VDI pool have both forward and reverse DNS entries and can be resolved by the Gateway successfully.

So to summarise :

RAP Policy with AD group - rejects access based on IP
RAP Policy with Local RD Gateway managed group with Machine name - doesn't work
RAP Policy with Local RD Gateway managed group with Machine name & IP address - works

This wouldn't be a problem but my VDI pool is sitting on a /23 DHCP range shared with fixed desktops. I don't want to enter every single IP address in, I would like to restrict the gateway to just my pilot VDI collection for now.

Anyone have any ideas?

Thanks,
Paul.

1- First problem (sorry for my english)

Theproblem I have isthat I can notmap thelocal driveCclientthatconnectsto my server2008R2Terminal64bitor byGPOorby script,I mean;

-If I map the client local driveCon the clientconnection RDP, it works, everything is OK.But I will notdoso,the user willreceive onlyrdpfilegeneratedby the server thatwilllaunch the applicationdirectly, soI want map herlocalCdriveautomaticallyso he cansave the applicationdataetcfrom hisremote computer.

 I get this error;When I startthe clientIseethe drive witha red X,"Failed to connect, hasattempted to accessan addressnotvalidate"I triedtomap itbyscript"net use\\tsclient\cP", bypolicy as well,within"allocationunits"withoutsuccess.....

Someonegives me a hand?Thank you!

2- Is there any way to hide the Windows security item from start menu?

I try to configure a policy like this;

http://technet.microsoft.com/es-es/library/cc770884%28v=ws.10%29.aspx

But does not work, any idea??

After installing this  months MS Update I rebooted the RD servers and the broker server. Today I noticed that disconnected users started to be connected to other servers than the ones the were disconnected from.

Did a quick search but found nothing useful.

Any help would be greatly appreciated.

I was thinking of upgrading my RDS server to 2012, which is currently at 2008r2. Is it possible to simpley upgrade the server and done, or will I need new cals for 2012.

The Techguy

Even without starting any RDP sessions, I get a pile of TermDD code 50 errors in my server event log.

Only 2 machines in the domain/network, and only 1 user (me!):
   #1 Desktop is Windows 8 Pro with Media Center (64 bit), fully up to date on patches.
        C:\windows\system32\mstsc.exe Version 6.2.9200.16465
        C:\windows\system32\mstscax.dll Version 6.2.9200.16465
        C:\windows\system32\en-US\mstsc.exe.mui Version ?
        C:\windows\system32\en-US\mstscax.dll.mui Version ?
   #2 Server is Windows Server 2008 R2 SP1 (64 bit), fully up to date on patches, mostly with default high security configurations.
        C:\windows\system32\mstsc.exe Version 6.2.9200.16398
        C:\windows\system32\mstscax.dll Version 6.2.9200.16398
        C:\windows\system32\en-US\mstsc.exe.mui Version ?
        C:\windows\system32\en-US\mstscax.dll.mui Version ?

On the desktop, the default RDP connection settings I use include:
   Display - 1280x800, 24 bit colour
   Experience - detect connection quality automatically, persistent bitmap caching, reconnect if dropped

In the last week there have been 114 TermDD code 50 event log records and I have NOT ONCE in that week used RDP to logon to the server from the desktop. Seems to be about 9 each day, not in any apparent rhythm or pattern versus time.

Any ideas 1) what causes the connection to occur and 2) why it gets this protocol error and 3) what I should do about it? The current thread (and others I have searched for) contain lots of ideas, but no solutions that seem to apply to my situation.

Running Server 2008 Standard edition FE SP1. I've installed the Terminal Services roles put when trying change from "remote Desktop for Administration" to User licensing mode I get a put indicating : "unable to complete operation: 8007013D.  I tried removing the role and starting over but I get the following similar error:

Terminal Services: Installation succeeded with errors

Hello,

I just finished setting up 4 new Server 2008 R2 Standard boxes as follows:

1. File & Print Server (RRAS, DHCP, DNS, AD)
2. RDP server
3. Remote Dedicated user workstation #1
4. Remote Dedicated user workstation #2

The File server works great and provides a VPN into the network.  The RDP server works pretty good now that I've changed the Local GPO "Use Remote Desktop Easy Print printer driver first" to disable.  Prior to setting it to disable, HP host based printers were not working with Easy print and the local drivers I loaded were being ignored.  On the RDP server, I have loaded drivers for some HP laserjet 1000 series and 1600 series printer.  Easy print picked up and is working fine with a nework BizHub 282 and an HP Officejet 8600, so I know these printes are easy print compatible as they work, they show easy print in the driver information, etc.  On the two dedicated user workstations, I DID NOT load Remote Desktop Services since only a single user with full admin rights is logging into these workstations.  Neither of these workstations will connect to the Bizhub or Officejet 8600 using easy print when forming a remote connection to the dedicated workstations.  Howerver, both of these workstations connect to these two printer when forming a remote connection to the RDP server.  What I know for sure from this:

• The BizHUB 282 & HP Officejet 8600 work with Easy print
• The settings on the RDP client are correct for Easy print
• The local workstation running the RDP client IS capable of working with Easy print

In an attempt to fix this, I set the Domain policy for "Use Remote Desktop Easy Print..." to disable as it is set on the local Group policy for the RDP server.  When this did not work, I set the local Group Policy on the dedicated workstations.  Additionally, I installed Desktop Experience, confirmed that .NET Framework 3.5.1 is installed, moved the spool directory to a new location with full right to all domain users, did various reboots, and other stuff I'm sure I'll remember as soon as you tell me to try it again. ;)

What I know from how things are working as listed above is that the issue lies on the dedicated workstation #1 & #2.  I'm not sure what to do next for troubleshooting.  I could not find any document indicated that Easy Print requires Remote Desktop Serives to be installed.  If this is the issue, I can setup Remote Desktop Services on the dedicated workstations, but I'm trying to avoid this unless I know it is the problem since doing this may break some or all of the installed programs. Currently, when I remote into the dedicated worksations, I've worked aroud the issue by installing print drivers for the local printers of the end-users.  If this is not the issue, is there a comprehensive troubleshooting guide?  I've gone throught the various BLOGs, but none of these suggestions helped. 

On a side note, one of the remote workstations will not play sound.  The hardware being used to connect is very different and may be some type of hardware incompatibility, but I'd love any suggestions on troubleshooting this as well.  The problem is the remote connection shows no audio hardware even though the local machine has working audio.

Thanks in advance,

Jeffery Smith

Hi,

I believe this has been answered in other posts but I'd like to ask the specific question to be sure

If you have a user who needs to access both a 2003 TS server and a 2008 TS server, are you covered for both by purchasing a single 2008 TS per-user CAL ? or do you need to purchase 2 separate licenses ?

My understanding from other posts is that 1 2008 TS CAL license purchase will cover the user for both

Could someone please confirm the position,

Thanks

Hello,

I setup a new RDP server running server standard 2008 r2.  Two of my users are having issues:

1. A laptop user's mouse keeps jumping around when he is in the RDP session.  When he is local, it doesn't happen. I'm pretty sure what is happening is that the "sensitivity" setting on the mouse that adjust whether a light touch is recognized is not being translated to the RDP session, so the sensitivity setting is set too high.  When I look for settings to adjust this on the RDP side, it has just standard mouse adjustments.
2. A user with an Microsoft ergonomic keyboard has random things happening, control keys randomly activating, paragraphs being selected, cursor moving to random places in the document.  Again, this keyboard has a very specific driver with special features. I suspect that similar to above, the driver information is not properly transitioning from local to remote thus causing some randomness.

Is there anyway to "mirror" the driver features between a local machine and an RDP session?  Are there any controls or other things I can try to adjust to attempt a fix for these problems?

Thanks,

Jeffery Smith

Hi Everybody,

I have a question concerning RDS licensing and configuring the RDSH server to use the licenses.

The client has an internal RDS environment inside the domain. This environment has its own licensing server. They have a separate RDSH server placed as standalone not within the domain (user connecting up to it are local users). The users connecting are external agents (the reason for which they placed it outside the domain).

1. How to license those users (external connectors)
2. When they can leverage from the already purchased RDS CALs sitting on the internal licensing server, can the non domain RDSH server be connected to the this licensing server?

I'm assuming for now we are talking about a 2008 R2 environment, but I still need to get this confirmed from the client.

Thanks for anyone that wants to help.

greetz,

Hi,

I am currently in the process of rolling out Thin Clients and wondering if there is away to have multiple Redirection Connection brokers.

I currently have a High availability Connection broker configuration using a VDI pool and configured the registry to redirect to the pool Virtualpool1.

HKLM\SYSTEM\CurrentControlSet\Control\TerminalServ  er\ClusterSettings

DefaultTsvUrl  tsv://VMResource.1.Virtualpool1

Is there anyway to configure multiple connection broker farms or redirectors so I can have a address for each VDI pool.

I am aware that you can modify RDP files to launch a VDI pool.

in addition to this, is there an way to load a RDP session /VDI pool from the login screen of a Windows thin PC so that users can have a SSO experience.

Best Regards,

Hi, 

I have a domain with 2 Win Server 2008 R2 SP1 RDS servers.  One of this servers hosts the Licensing server as well.  The second RDS server is located on a different subnet.  

The problem I have is the the second RDS server.  I run the RD Session Host Configuration, I select the Licensing server on the the first RDS server and it connects without any issue.  When I go to run Licensing Diagnosis, I have the error: "Licenses are not available for this Remote Desktop Services Host server and Licensing Diagnosis has identified licensing problems for the RD See..."  Then it shows 0 licenses.

I looked in the logs and I see a DCOM error with event if 10009 saying that it is unable to communicate with the first server.... I thought that would be a firewall issue and I opened a number of ports (including adding the subnet) but both problems persist.

Any thoughts or guidance?

Thanks

We have two servers web3 and web4 and a domain controller mws.

I have been trying to set up load balancing for users who use remote desktop connection to connect to web3 and web4, but have failed quiet miserably.

I have installed NLB(network load balancing feature) on both web3 and web4. I have created a new NLB cluster with a IP4 address for load balancing on web3 and web4.

i have installed active directory services on the domain controller and created a new domain called rdp.xxx.com. (xxx is name of my company).

How do i add web3 and web4 onto the domain that i have created on my DC? I tried using dcpromo and rdp.xxx.com.. but i get the following error.

"An error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain rdp.xxx.com"

More importantly, Could some tell me the next steps i should follow now to complete implementing the load balancing cluster on web3 and web4?

P.S: I have only one NIC card on web3 and web4 would this be a problem?

Thanks in advance.

I'm in the final stages of depreciating an old SBS 2003 DC on our lan.  It is being replaced by a new Server 2012 machine which is currently a member server.  All the roles of the SBS machine except AD and core DC roles have been moved to several new Server 2012 machines.  I have RDWeb up and running, published several apps and they are all working from both the lan and the internet. 

One big request from my clients is to customize the RemoteApp and Desktop Connection landing page to provide a drop-down box to choose the running lan workstation to connect to instead of them having to remember a cryptic PC name.  The goal of course is to duplicate the way RWW did this in SBS2003.  The list of available PC's change frequently on our LAN due to the number of users and upgrades to workstations.  From my perspective I also want the ability to connect to a server remotely for administrative purposes. However, I'm not keen on the idea of server names being in the same drop-down.

Is it possible to provide two choices; the first using the existing box that is limited to servers (no drop-down) and then a seperate drop-down for client PC's?  These are just ideas of course, just looking for information.  My web searches have returned a few ideas but nothing that fully provides all the client PC names. 

Thanks in advance for any help!

I currently have a SBS 2011 Std with 25 CALs and am testing scenarios to us RDS.  We would like to use the RemoteApp feature with WS 2012 Std which I have been having trouble with.  I had it working, but the certificates and gateway for remote access were giving me trouble.  So I installed a second NIC in the WS 2012 server and gave it a internet IP which then fixed the remote access errors... sort of.  The certificate was working correctly internally and externally, but the Remote Application section of RDWeb showed no apps.

Has Anyone else tried this before, and if so is adding a second NIC the best way? or is this not recommended?  I am clearing everything out again and starting fresh to see if maybe the error occured because I added the second nic after I had everything set up.

Since RDP 6.1 in windows 2003 don't support NLA and RDP can't be upgraded, so I am stuck with "RDP-man in the middle attack vulnerability and looking around and trying to find a fix for my win 2003 SP2 servers. however I can see an option of installing RD Gateway Server on win 2008 R2...but don't know If enabling RD Gateway on Windows 2003 via RD Gatway Server will close "RDP-man in the middle attack" vulnerability. In other words is RDP 6.1 on windows 2003 compatible with RD Gateway Server as a client ?

Hi,

We have deployed three terminal servers at three different locations and managing through load balancer but we are coming across certificate issue which says "A revocation check could not be performed for the certificate".

Can someone please help me out here on this error ?

Thanks