Greetings!
We have 4 hosts:
1.Application server
2.Mssql server
3.The terminal server with RemoteApp and WebAccess
4.Domain controller with CA is on a separate site.
They
are all in DC in Europe, the traffic goes through the software-based router, which is secured by firewall for ip ranges. There is max 200 user sessions, all of them are in the domain, they have network drives, printer caught up via GPO and local USB printers.
On the terminal server role installed RemoteApp and WebAccess.Issued CA certificate is used in the domain.
Through software-based router originally probrosheny only 443 and 3389 ports.
At one point climbs error:
Service Control Manager 7001 umRdpService, then begins to crumble constantly bug TerminalService-Printers in 1103 and none of the devices are forwarding a RDP session.
Error 7011 comes out more about services and Netman UxSMS.
Another crawl errors PrintService 215 and DCOM 10009
I did in HKLM \ System \ CCC \ Control option ServicePipeTimeout = 500000
It was fly less frequently, but still every day is steadily proiskhodit.Perezapusk service RDS UserMode
Port Redirector does not help.
In order to solve this problem I made the following steps:
1.Select the maximum number of number of printers in the session: HKLM \ Software \
Policies \ Microsoft \ Windows NT \ Terminal Services option MaxPrintersPerSession = 20
2.Forced printer redirection: HKLM \ System \ CCC \ Control \ Terminal Server \ Wds \ rdpwd \ fEnablePrintRDR = 1
3.Install updates kb2525949 and kb2465772
I thought that the problem may be in the closed ports, so I made the following steps:
1.Select range of dynamic TCP and UDP:
netsh int ipv4 set dynamicport tcp start = 10000 num = 1000
netsh int ipv4 set dynamicport udp start = 10000 num = 1000
2.Set ports for DCOM HKLM \ Software \ Rpc \ Internet 50000-50500.Checked the job through DTCPing by the local name - all gud.
3.Set fixed port for WMI equal 24158
4.Stopped service NetDriver HPZ12, PML Driver HPZ12
5.Disable EasyPrint Driver via GPO, there changed the "Point and Print Restrictions" on the Disabled and the "Ignore failure delegation" has changed to"Enabled"
4.Redirect these ports through software-based router.
The result: today employs about 50 people, I saw a couple of PrintService 215
and DCOM 10009, how to fight them do not know.About
the DCOM I would venture to guess that the problem is due to the fact that the service is not able to resolve dns names and uses netbios hostnames on the Internet as part of it when trying to connect an error, but the registry HKLM \ Software \ Policies \
Microsoft \ Windows NT \ Rpc explicitly specified, IgnoreDelegationFailure = 1, it would have to ignore but
still continues to pour in error.
And just noticed that for some
reason the printer is not deleted after the session, each person pulls a printer 1-2, 50 ~ 100 printers are hanging even after restarting the server.
In order to solve this problem I made the following steps:
1.Install update KB2655998
2.Install MicrosoftFixit50833
3.Downloaded utility http://inactivetsport.codeplex.com/ but for some reason she told me that I had no "is not the ports"
The result is zero, the printer will still hang after the sessions and how to remove them automatically I can not imagine.
Please help me advice!))