Hi folks,

I am dealing with weird issue on my Windows Server 2012 R2 server. Server is used as DC and RDS server.

Everything was working fine until Friday where I saw this problem first time.

Users reported that they are unable to log on to RDP - they see black screen only. User with active RDP connection are able to work but unable to log off from RDP. In server console I see that RDS is not working properly. I am able to restart all RDS services except this one - UmRdpService.

And there are some errors in event viewer.

13:05:13 Source - System, Service control manager - event ID 7011 - service UmRdpService timeout. 

And then another:

The same source and event id but service is different - hidserv, Netman, ScDeviceEnum, transaction  SysMain 

and the last one - event id 7046 - UmRdpService

There is another error in app event viewer.

13:00:13 - App - Application Hang - event id 1002 - program StwPh.exe verze 5.1.12103.2 stopped cooperate with OS

I would say that problem is caused by app - STWPh.exe.

What do you mean?

Thanks.

Jendislav

Hi All,

I'm designing a multi-region RDS 2016 farm where 2 of the regions have very stable internet connections but the 3rd does suffer from intermittent internet outages. The office is on an island in the Carribean and the telco thinks nothing of cutting the connection to the island for a few hours for maintenance every so often so there's not much I can do about that. I also have to think about hurricanes and the odd ship that hits the undersea cable. As if things weren't difficult enough :)

Currently, all users at all offices are using PCs but we are introducing RDS with the long term plan to have everyone using RDS session-based desktops, also available externally. There are many reasons for this, including an ever-growing population of remote users.

The main user population is in the Carribean but our SQL databases for critical in-house applications, Exchange and a few other important apps run out of our main data centre located in a very stable environment but will all be moving to Azure (US) and O365 this year.

My preference would be to put all the RDS environment (brokers, GW, Web, RDSH etc) in our main data centre or Azure as our critical data and apps aren't accessible during an internet outage anyway but I've already lost that argument.  So that's enough background.

To ensure users in the Carribean office can launch an RDS desktop session from a thin client when they have no internet connection, along with having local RDSH servers, I'll have to have the brokers in HA, one in the Carribean, the other in our main data centre. As this will require SQL, will the broker in the Carribean office still function should it not be able to communicate to the SQL DB in our main data centre? is the broker clever enough to cache the settings locally and continue to work or will it cease to handle any connections when the DB is unavailable?

If it will not function without a continuous connection to the DB, I guess my only option would be to have the SQL DB in HA group with both SQL servers servicing their local brokers. I'd really like having to avoid paying for 2 SQL licenses.

Thanks

Conor

I have a 2008 R2 Std Term Server.  Has been having 3 to 5 BSOD per day over the last few days.  

Have tried:

- Remove and reinstall production apps

- Run scans with WebRoot and MBAM (no issues found)

- SFC

- CHKDSK

- Driver Check and Update (Driver Reviver)

- Windows Updates

- Removed all un-needed virtual hardware (CD/DVD, Floppy, etc)

Server is a VMware virtual machine version 8.  Host is a Dell FC430 running ESXi 5.5 (build 2068190).  A second VM (Server 2008 R2 File Server) is running on the host as well, not having any issues.

DMP and MSinfo files available as soon as my account is verified by MS and I can post links for download

Thank you in advance.

We have two servers here. a 2008r2 domain controller, and a 2012r2 file/print/rds server.

I installed AD onto the 2012r2 server in the hopes that it could work as a backup dc, not realizing that doing so would kill Remote Desktop services.

So I removed AD from the 2012r2 in the hopes that would bring back RDMS, but it doesn't. Every time I try to start the service it says "The Remote Desktop Management service failed to start. Error code: 0x88250001"

Did installing the AD role change something that did not get reverted when I removed the role? Is there a way to get this server to accept RDP connections again?

Is there a best practice regarding putting an RDS domain-joined gateway in an existing DMZ with other systems or creating a new isolated DMZ for it? 

Thought process is that if a system in the DMZ is compromised it could more readily lead to a compromise of the gateway and then straight to a domain controller.

I've tried to find comments or articles about the pros & cons of using an RDS 'full desktop' vs. 'apps'.

Particularly if using 'apps' would help better manage the RDS hosts' memory and cpu requirements, particularly in light of needing to offer Google Chrome as an additional browser because Internet Explorer is getting old and can not display some sites. But Chrome eats up a lot of resources, particularly if people leave tabs/windows running. 

We presently have a lot of device licenses and I am also thinking about changing them to user licenses instead, this would enable using the new HTML5 client.

I imagine anything said about this topic would apply to Citrix XenApp too.

Thank you, Tom

Hello,

I wonder what protocol does the client requests when launching the RemoteApp.  We choose to Negotiate option for the collection and client compatible on security.

On the network traffic, we are only allowing TLS1.2. sometimes when a client launches the Remote app and they facing spinning issues " configuring remote session" and spins forever. Sometimes it will connect just fine. Wondering it could be because of the communication issue between client and RDS server.

Please help me how can I see whether it is a communication issue or not?

Shekar-Technet

Hi,

I'm setting up a RDS 2016 environment. I have configured the webaccess role on the gateway server. The gateway server is in a DMZ.

Do i also need a webaccess server available inside the network, besides the one in the DMZ? 

Hi. I'm running into some sort of security issue. Some of our customers actively lock their RDP session so obviously no-one can use it. It seems that when you lock your RDP session, and then get a reconnect to the server, and the RDP client reconnects, it automatically logs you in again, circumventing the lock.

Easy to abuse too: locked session? Just disconnect the network cable / wifi until the session starts reconnecting, and reconnect the cable and *poof* you are in.

Now some of this is prevented as we have some customers that have 2FA implemented on the RD Gateways, so when the session reconnects, you'll need to approve the 2FA. But not all customers have that.

Would there be any way to prevent this? Anyone else can confirm this?

Hello,

since end of november i'm dealing with a curious problem with user profile disks. In some new installed environments with RDSH deployment sometimes an existing user profile disk is overwritten with the uvhd-template.vhdx. In other deployments UPD works like a charm.

Everytime the UPD is overwritten it seems like the user never had a UPD, because the eventlog shows the same entrys like first creation of a UPD for a user.

I tried to get rid of the problem with several methods:

- changing standard gpo for rdsh settings
- deployment without gpo (configuration only via server manager)
- patching server before/after rdsh role deployment
- different antivirus programs on RDSH and Server with UPD Share

For a better understanding for the deployment some details:

UPDs are stored on fileserver (Server 2016) on an hidden share on the server
RDSH (Server 2016) is in most cases a deployment with all roles on one server

I searched the internet for a detailed documentation how the process auf mounting/creating a UPD works or where i can get a detailed logfile about the process but i haven't found something.

Anyone has an idea about this? If additional information is needed feel free to ask :)

We have a Dell TS130 running Windows Server 2016 system which is supposed to server as a Remote Desktop Services server.  It lets two people connect via RDP and then says we have limited connections and all of the connections are in use, try again later.  Considering we have ten licenses something is clearly wrong.  The Remote Desktop Licensing Diagnoser says no problems detected.   4 licenses issued 6 left available. It sees the licenses and it issuing the licenses but only allows two connections at a time.  I spent all day yesterday  on the phone with Dell.  They can't find a problem and sent me to a Microsoft phone number which leads me to this situation.

Microsoft told me on the phone that the service ticket must be initiated online but the URL they directed me to will not allow me to submit a ticket because we don't have a support contract and it will not let me submit a per incident ticket because it says we are an "Azure Client"??  The only Azure connection is a couple of laptops that predate the server.  I'm very frustrated and I wonder if Microsoft can come up with any other ways to piss me off.

If anyone has any helpful suggestions I would appreciate them.

Hey Together,

we have a customer with a RDS Terminalserver Farm with 4 2016 RDS Session Hosts located in Azure.

The customer is facing the issue that the desktop icons are flashing, like they are pressing f5 all the time.
Already tried the specific registry key here: 
https://community.spiceworks.com/topic/1978620-rds-2016-desktop-icons-flickers-refreshes. that either did not work.

In addition the users are experiencing that the cursor sometimes start to randomly juming around.
For example, user is typing in the adress field of outlook, and the cursor jumps out of that field and the user has to click in it again to finish typing.

Probably the issue is related to the flickering and refreshing desktop, but not sure.

Best Regards,
Dominic

Is anyone aware of a fix to this issue?

See the post from Sasha (Microsoft): here

Here is a post to the MS KB acknowledging and providing a resolution for 2012 R2:here 

To resolve the issue when it happens, i need to kill the TermService service (it won't stop normally as it is in a deadlock state). I can then start the service again and it's business as usual until it happens again.

I can't see any info about this in RDS 2016... Anyone else? MS?

Thanks,

Stephen

Dear All,

we have a ADC  server on windows 2012 r2 but its working very slow when i view like task manager,disk management some time get hang and some time working good. kindly suggest how to resolved this issue.

Thanks & Regards

Naved Anjum 

Everything was working fine until about 2 months ago.

I have a Windows 7 system that I access with Remote Desktop Connection from a Windows 10 system.  One day I found that my user account, which had been given administrator rights quite some time ago, couldn’t log on remotely.  The Windows 7 system was configured for remote access with the setting “Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure)”. When I tried to log on, I got an error stating “The Local Security Authority cannot be contacted”. 

If I configured Windows 7 to “Allow connections from computers running any version of Remote Desktop (less secure)”, then I could log in but I didn’t want to use this less secure setting.

Doing some experimentation, I found that if I enabled the built-in Administrator account, then the Administrator could log in remotely using “Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure)”.

If I created a new standard user called Test.  I found that Test could also could log in remotely using “Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure)”.

If I promoted Test to an administrator, then Test couldn’t remotely log on.  He got the LSA error.  If I demoted my account to a standard user then I could log in remotely using “Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure)”.

When I promoted my account back to an administrator, the logon failed with the LSA error.

All users have valid passwords that are set to never expire and are members of the Remote Desktop Users group.  The only thing that is changing is whether or not the users have administrative privileges.

Is this a permissions issue, or a behavior change cause by an update to Windows 7?

Mark Wilson

We have Symantec End Point Installed in Servers. We found Event 4625 Which has NULL Event Logs Information found in the Logs 4625.

Can can anyone explains, How do we do the Investigation cause receiving many logs for same with Justification. 

We are in Mid of the Conclusion, and Why is this Event Generated by Whom and How?

Error: 

Configuration:

We have few servers on WORKGROUP however i have made single server as RDS License server and on rest all servers did below configuration

<style type="text/css"><!--td {border: 1px solid #ccc;}br {mso-data-placement:same-cell;}--></style>Local group policy on each server
Local Computer Policy -> Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Licensing

"Use the specified RD license servers" = myservername

"Set the Remote Desktop licensing mode" = Per User

Solution that i always apply to fix this by removing the REG Key and reboot the server

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM\GracePeriod

We have all the licenses and configuration in place still why we get the error after every 180 days..... What needs to do to avoid this 

Dayanand Gavas

Hi guys,<o:p></o:p>

We have the following situation in our IT environment. We set up multiple terminal servers, which are used by 50-60 end user of our company. They use them regularly. Every terminal server is a RD license server at the same time.<o:p></o:p>

We also have 50-60 3-party-accounts from other companies, who are using one specific terminal server to get access to our IT environment. This guys are maintaining/repairing our systems, installing software updates, and so on. They are doing it irregular. That means, that there are some 3-party-users, who use this terminal server once a week, and some of them who use it once in 6 months. This terminal server is also a RD license server. <o:p></o:p>

Now we are looking forward to reduce the number of our RD license servers to one or two. The question is, whether we have to separate the RD license server into a RD license server for internal users (who are performing business processes) and RD license server for external users (who are maintaining and repairing our systems). The number of internal users is constantly growing and we are afraid, that at some point of time in the future all free RDS user CAL will be reserved by our internal users and in the case of a critical system failure one of our external users won't be able to access our environment and fix the problem (because there won't be any free RDS CAL).<o:p></o:p>

Does it make sense to set up two RD license server in our case or what would you advise? I would prefer only one RD license server if we could assign some fix number of RDS CAL to the terminal server our external users use (but I think it's not possible) or if we could be sure, that even in case we don't have sufficient number of RDS CAL for some reason our external users will be able to connect to our terminal server in a critical situation.<o:p></o:p>

Of course we have to take care that we buy new RDS user CAL every time we grow, but what if we forget to do it for some reason (for example in case that the responsible person is sick or leaved the company)?

Thanks in advance and best regards
Valdez

Hello,

I have allot of apps that installed on a network share. So there is a front end installed on the server but the executable sits on network. It does not appear as an installed app in the window of publishing apps. The reason for this is so any settings modified as part of this software must be installed as a network server so that all users get the settings.

Thanks in advance

Hi All,

Just wanted to check with you all on is there a possibility to provide a maintenance window on RemoteApp collection level.

We have Production collection and Test Collection in an event we need to take down the production collection. For this purpose, we send emails to our client saying that that environment will not be available. Is there a way that we can let them know when they launch the RemoteApp?

We have 400+ end users that we need to notify when there is a maintenance window. 

BTW we have Window server 2012 R2 for all RDS servers.

I really appreciate your help.

Shekar-Technet