Quantcast
Channel: Remote Desktop Services (Terminal Services) Forum
Viewing all 27656 articles
Browse latest View live

RDS with Azure Load Balancing

April 28, 2019, 5:12 pm
$
0
0

Hi Folks,

I was testing out the solution provided by MS in one artciles to configure RDGW/WEb access server behind Azure LB but was confused with step3.https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/rds-rdweb-gateway-ha


Scenario: RDS GW/Web Access in HA running behind a Standard Azure Public Load balancer..The solution works good  but If i start restricting the traffic via NSG...the only way rd Gateway/WI URL works publicly  is if i put the 
source :Internet;destination : IPs of my RDS GW/WebAccess Servers; port :443... 

Ideally,shouldn't it be working if i enable the port 443 from outside network to the IP of Public Load balancer (behind which actually are my RD GW/Web Access servers)or Am i doing something wrong?...
If it works by allowing port 443 to internal IP of RD GW/Web Access server ,isnt it a  secrutiy risk?
Please let me know if somebody can help out to clear the confusion

ManeeshB

Search

Windows Server 2012R2 - svchost.exe 60-100% load!

April 10, 2014, 7:32 am
$
0
0

We are using RDS collection with two Windows Server 2012R2 session hosts. Both hosts are virtual servers (clean installation) and are used as session hosts (terminals) with 10 to 25 users each. RDS Connection Broker is also virtual machine with Windows Server 2012 R2. Our users are using Windows 7 Embedded thin clients with MSTSC RDP 8.0.

There is problem with high cpu load on these servers. Sometimes Svchost.exe starts to cause 60-100% load. Our virtual machines have 10 virtual processor cores. Load is caused by LSM (Local Session Manager) Service from DCOM Launcher group. Svchost creates many thread as you can see on picture attached. Sometimes this load disappears after 12-24 hours, sometimes it needs restarting whole server.

We still cannot find cause of this problem, although we managed to reproduce this issue one time by logging two admin accounts to server console and force disconnecting one of these accounts by third admin account connecting to server console by RDP mstsc.exe with -admin parameter.

Our users are very unsatisfied :-(

This is screenshot of Process Explorer - svchost.exe - Threads:

Windows Server RDS Freezing with Flickering "Not Responding" in the top bar

April 1, 2019, 1:51 am
$
0
0

We have around 15~ Remote Desktop Session Host servers of varying versions (2012 R2, 2016 and 2019) which are experiencing freezing and flickering issues with "Not Responding" appearing in the top bar and the program being unresponsive when switching between tabs. Other symptoms include screen flickering and, when in Task Manager, the tabs sometimes disappear until you roll the mouse over them. These issues started appearing after the weekend of 23rd March 2019 (23/03/19).

I have been scouring forums looking for other people with the same issue but can't find anyone with similar symptoms except someone called Chris_UKDE and his questions haven't been answered either.

At first, we thought that this was caused by a Windows Update but we have been through all of the updates and cannot find any consistent update or lack of update across the servers that seems to have caused the problem. We thought it might have been KB4489889 but after uninstalling this, the problem still remains.

We have opened a case with Microsoft and we are waiting for them to analyse some logs that they gathered on Friday and they have advised various registry fixes and disabling hardware acceleration but none of these have worked. I am taking to the forums to see if anyone else is a. having any luck with their diagnosis and b. having these issues at all(!) and c. if we manage to fix it, to share it with you so you don't have to experience the same pain we have.

The issue does NOT appear to happen in Safe Mode BUT when running a Selective Startup from MSConfig, these issues still happen, eluding that it's still a Microsoft element causing the problem. We are mainly seeing the problems in Microsoft Office programs but we do get a few issues in other Microsoft programs, such as Internet Explorer/Task Manager and also Chrome.

Most of the servers are running on VMWare ESXi 6.0-6.5 but we do have one native Windows Server with the problem. We have tried updating/uninstalling VMWare tools but this does not seem to fix anything. We also thought this might have been related to the video driver, so we booted the server with "Base Video" options in MSConfig but this still didn't fix the problems.

I am hoping that there are others in the same position as me, looking for an answer but having no forum to discuss it on, hence this post. Any advice greatly appreciated.

Lewis

Lenovo YOGA 3 Pro-1370 Product Key error

April 29, 2019, 2:12 am

Server 2019 GPU Partitioning

April 29, 2019, 6:43 am
$
0
0

Hi everyone,

we are planning to install a new RDSH server 2019 in our company.

One of the new technologies in 2019 is the GPU Partitioning feature.

However, I am not sure if this feature is only availbe when the RDSH is a virtual machine, running inside a Hyper-V or do we need a bare metal installation of the RDSH?

In addition, could someone recommend a graphic card for such scenario?

The new server will be a HP DL380 G10. About 25 clients will connect to the RDSH and just do the normal office stuff but might also need to watch videos on youtube, etc. and as far as I understood the new GPU Partitioning feature will help to show the videos smoothly.

Thank you very much in advance for your support

Greetings
Aktuator

Server 2019 GPU Partitioning

April 29, 2019, 6:50 am
$
0
0

Hi everyone,

we are planning to install a new RDSH server 2019 in our company.

One of the new technologies in 2019 is the GPU Partitioning feature.

However, I am not sure if this feature is only availbe when the RDSH is a virtual machine, running inside a Hyper-V or do we need a bare metal installation of the RDSH?

In addition, could someone recommend a graphic card for such scenario?

The new server will be a HP DL380 G10. About 25 clients will connect to the RDSH and just do the normal office stuff but might also need to watch videos on youtube, etc. and as far as I understood the new GPU Partitioning feature will help to show the videos smoothly.

Thank you very much in advance for your support

Greetings
Aktuator

RDS 2012R2 Issue

April 29, 2019, 6:55 am
$
0
0

1.We have installed RDS (RDCB, RDSH, RDWeb) on one host. RDS service is working well without any errors. But if we open Server Manager->RDS we're getting "A Remote Desktop Services deployment does not exist in the server pool.
To create a deployment, run the Add Roles and Features Wizard and select the Remote Desktop Services installation option."

2. We get the same error after Get-RDServer - "The RD Connection Broker server is not available"

3. If we add Roles-> RDS Installation, the next error - "could not retrieve the deployment information from the rd connection broker"

4. If we add this server to Server Manager on another host we receive - "Kerberos Security Issue". All hosts was added to Trusted.

All RDS services are running (including WID). ServerManager and Posh running by Administrator.

How to resolve it?

Certificate issue: the remote computer cannot be authenticated due to problems with its security certificate. " Error code - 0x80072f8f, 0x20

April 29, 2019, 7:52 am
$
0
0

Hello Team,

I have the below issue:

Here is my RDS environment:

I have only one server 2012 R2 standard with the below roles installed 

  • RD connection broker,
  • RDSH,
  • RD Licensing and
  • RD web access

I have published few remote apps and I was able to access them using RD web feed till yesterday. 

Example : https://contoso.com/RDWeb/Feed/webfeed.aspx

I do have installed the SSL certificate on my server and provided the same to RD web. 

But today while I use the same url to access the remote apps I get the below error message 

"The remote computer cannot be authenticated due to problems with its security certificate. security certificate problems might indicate an attempt to fool you or intercept any data you send to the remote computer"

Error code - 0x80072f8f,0x20

Now I can only access the remote apps through RD web access ( https://FQDN/RDWeb)

Please help me in fixing this issue. 

Any help would be much appreciated.

Thanks

SM

Search

Windows 2019 RDG issue

April 21, 2019, 1:30 pm
$
0
0

Hello,

I've deploy RDS on one server (RDWeb/RDG/RDL/RDConennection broler/ RD session host). I try to disable UDP and/or change RD Gateway port and received the error:

---------------------------
RD Gateway
---------------------------
The following error(s) occurred:



Unable to set transport settings
---------------------------
OK   
---------------------------

In log Microsoft - TerminalServices-Gateway - admin:

event id 4004

The Windows Firewall exception to allow network traffic comprising of Remote Desktop Services client connections data through the configured UDP port of Remote Desktop Gateway could not be modified.

or 

4002

The Windows Firewall exception to allow network traffic comprising of Remote Desktop Services client connections data through the configured (non-default) HTTPS port of Remote Desktop Gateway could not be modified.

And settings didn't change

Intermittent connection issues to our RemoteApp via RD Gateway

April 29, 2019, 8:13 am
$
0
0

We are getting intermittent errors only when connecting to one of our Remote App servers. When users attempt to connect using an RDP file we provided them they occasionally get,

"RemoteApp Disconnected"
"Remote Desktop can't connect to the remote computer "MACHINE.DOMAIN.COM" for one of these reasons:

1) Your user account is not authorized to access the RD Gateway "RD-GATEWAY-DEV.DOMAIN.COM"

2) Your computer is not authorized to access the RD Gateway "RD-GATEWAY-DEV.DOMAIN.COM"

3) You are using an incompatible authentication method (for example, the RD Gateway might be expecting a smart card but you provided a password)

Contact your network administrator for assistance.

If they trying logging in with the same RDP file a couple of times, it eventually works. Not sure how to track this issue down.

We know that the RDP is ok, because it works much of the time.

Any ideas on what logs to look at on the server?

The Remote Desktop license server cannot update the license attributes

May 5, 2010, 6:58 pm
$
0
0

I have a domain that was successfully running with two Windows 2003 DCs.  I added a Windows 2008 R2 DC to the network successfully.  I demoted (removed) one of the 2003 DCs.  I added a Windows 2008 R2 Terminal Server to the network.  I added the TS Licensing Server as well.  I activated the Licensing Server and installed my User CALs.  All seemed to work well until I looked at the error log.  Whenever a non-administrator user logs in to the TS machine I get an error in the errror log telling me that

The Remote Desktop license server cannot update the license attributes for user "USER" in the Active Directory Domain "DOMAIN". Ensure that the computer account for the license server is a member of Terminal Server License Servers group in Active Directory domain "DOMAIN".

I do not get this error when an administrator logs in via TS.

When I look at the Security Groups in the DC for the domain there is a Builtin Security Group called "Terminal Server License Servers" and it has the terminal services computer (which is the same as the license server) listed in the group.

How do I fix this?

 

"Terminal Services license server group" is not added to user accounts in Windows 2003 domain

February 11, 2009, 4:11 pm
$
0
0
We have a Windows 2003 domain and have just set up some terminal servers using a Windows 2008 terminal server licensing manager server in the domain (we are using per user licensing). This license server is not a DC.

Our problem is that mostusers will not be assigned licenses from the license server and the eventviewer says:

The Terminal Services license server cannot update the license attributes for user "XXX" in the Active Directory Domain "mydomain.intern". Ensure that the computer account for the license server is a member of Terminal Server License Servers group in Active Directory domain "dirnat.intern".
If the license server is installed on a domain controller, the Network Service account also needs to be a member of the Terminal Server License Servers group.
If the license server is installed on a domain controller, after you have added the appropriate accounts to the Terminal Server License Servers group, you must restart the Terminal Services Licensing service to track or report the usage of TS Per User CALs.

Well, sure enough the server in question was not member of the "Terminal Server License Servers" group at first but was added. Restarted (both ts and licensing servers) and the situation is still the same.

A little further investigation shows that this problem occours for apx 3 out of 4 users. Checking users permissions with powershell get-adpermission reveals that the group "Terminal Server License Servers" is present with some special permissions on the accounts who works, and is absent on the rest. At first it looked like it was a inheritance problem, but the users OU shows no trace of the "Terminal Server Licensing Servers"-group.  Interestingly enough all newly created users gets the correct permissions which makes me think that the permissions are added as a part of default settings from the AD-Schema. I can see that the "Terminal Server Licensing Servers"-group is present with permssions on the users objevt, but the AD Schema mmc-snapin doesnt seem to be able to list which particular permissions this is.

Anyway - at one point a job must have been triggered that tried to set these permissions for all user accounts (?) in my domain, but it must have stopped at one point. Is there a way I can trig this manually?  Or is there another way to get this done by the book?

I was thinking I could simply set the permissions manually through powershell and hope for the best, but I really don't like doing that in case this is a sign that something else is wrong with my AD. I suspect this because profile-folders seem to be inconsistent on some users (some are created as USERNAME.V2 while others are created as USERNAME.DOMAIN.V2 and some users gets both of them and the TS keeps alternating between them..) Strange thing, but perhaps this is all connected.

Anyone have a suggestion here?. Should I fix the accounts with a set-adpermission command or choose another approach?

There seems to be others with quite similar problems in this thread:




Event ID 4105 - Need to fix corrupted DACLs

January 27, 2012, 8:37 am
$
0
0

I'm receiving event id: 4105 on my RDS license server event logs.  I've determined that I have a corrupted DACLS because I have reviewed the following articles:

http://support.microsoft.com/kb/2030310

http://itinternals.blogspot.com/2012/01/resovling-event-id-4105-terminal.html

Basically if I follow these directions:

Make sure, the domain group "Terminal Server License Servers" has the following permissions to the active directories users:
- Open Active Directory Users And Computers
- Tick View -> Advanced
- Right click on the root of your domain and select properties.
- Select the Security tab.
- Check if "Terminal Server License Servers" is listed with special permissions. If not, click on "Advanced" and add the domain group "Terminal Server License Servers", select "Applies onto" "User objects", then tick the permissions "Read Terminal Server License Servers" and "Write Terminal Server License Servers".

I don't see "Read Terminal Server" or "Write Terminal Server"

The solution suggested in the MS article states the following resolution:

Windows Server 2003 level Schema

dsacls "CN=XXXX,OU=XXXX,OU=XXXX,OU=XXXX,DC=XXXX,DC=XXXX,DC=XXX" /G
"BUILTIN\Terminal Server License Servers:WPRP;terminalServer"

When you grant the permissions on a container, you should use the following command:
dsacls "OU=XXXX,DC=XXXX,DC=XXXX,DC=XXX" /I:S /G 
"BUILTIN\Terminal Server License Servers:WPRP;terminalServer;user"

 

My question is, am I really typing XXXX or do I need to determine what my CN, OU, DC are?  It's not clear what I should be typing to replace the X's if that I what I should be doing.  Can anyone help?

 


RDS 2016 gateway error event id 312 "The user "abc@xyz.com", on client computer "xx.xx.xx.xx:2985", has initiated an outbound connection. This connection may not be authenticated yet."

June 21, 2018, 9:21 pm
$
0
0

When try to connect from public network to RDS 2016 environment web page is loaded, but when try to connect on RDP clinet, it will ask for credentials and after that it will connect to remote machine. Error shows as " your computer can't connect to the remote computer because remote desktop gateway server is temporarily unavailable"

When checking on error log found that even id 312 on gateway server

The user "abc@xyz.com", on client computer "xx.xx.xx.xx:2985", has initiated an outbound connection. This connection may not be authenticated yet.

I tried the registry key fix recommended for 2012 server (HKLM\SYSTEM\CurrentControlSet\Control\Lsa) and (HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServerGateway\Config\Core) but no joy. It did not work for 2016 server. Please help.


RDVH Delegation Rights Error

April 29, 2019, 11:53 am
$
0
0

Hello all, need some help in determining why the ConnectionBroker can't see the delegated rights to the assigned OU for creating & deleting virtual desktops.

Environment:

  • Forest: Windows2008Forest
  • Domain: Windows2008Domain
  • Schema: Windows2012R2
  • DCs - Mix of 2012 and 2012R2 Servers
  • MSVDI- (CB, Lic, Web, SH, VH) = All 2019 Servers

Regardless of the method I try to use I'm stymied in creating a virtual desktop pool.

I've been able to successfully get RDSH working, but not the RDVH.

I've validated the permissions on the OU.  I've cleared out the permissions, setup new OUs to try, re-run the commands, used the script that they provide.  Permissions are there...but the UI and PowerShell commands simply don't acknowledge the permissions.  I've even tried (and reverted) given Everyone full access to the OU.

Errors:

In the 'Create Collection' UI Wizard I receive the following text when clicking Next in the 'Unattended Settings' section.

  • The RD Connection Broker server does not have access to add the virtual desktops to the Active Directory domain.  Configure access by using the Active Directory page of the Deployment Properties.

In the Deployment Properties, Active Directory section I receive the following text:

  • The specified Active Directory Domain Services organizational unit is not configured with the appropriate permissions to automatically create virtual desktops.  To configure the appropriate permissions, click Apply.

Clicking apply and/or using the 'Generate Script' button and running the script applies the permissions...but the UI does not acknowledge that it works.  Visually validated the permissions through AD.

Ran Test-RDOUAccess and received an error -2147463168, Failed to test access for the Connection Broker.

Ran Grand-RDOUAccess and received the same error -2147463168, says that my current user didn't have the rights.  I tried with a domain admin and enterprise admin account...still didn't work.

Hoping that someone can give me an idea on what to try next.

Thanks!


Search

Remote Desktop session establish problem

April 26, 2019, 12:12 am
$
0
0

Dear concern,

I am using 200 RDS Device CALs. I am using 2 RDS server in workgroup environment. I installed RDS host and licensing role in my one server and installed 200 RDS CALs in this server. Also installed RDS host role in another server and map of the first one server as it's licensing server via local policy. Users randomly connect to these two server via Remote Desktop. Licensing server shown the 200 device CAL in console but when user connect to RDS server via thin client (non Microsoft endpoint) they can establish connection only for one hour and got a warning message"There is a problem with your license for Remote Desktop and the session will end in 60 minutes. Contact your system administrator to resolve this issue"then user forcibly disconnected. I had seen two things that RDS server didn't assign temporary license for thin client user and RDS license not count down, it fixed on 200.

Please response me ASAP.

Thanks,

Babu

Babu

Hyperv enhanced session and RDP

April 29, 2019, 9:48 pm
$
0
0

I have a windows 10 computer and it has a hyperv windows 10 VM within it. When I try to log into the VM using enhanced session mode of HyperV, which requires RDP support, my logon is refused with the classic 'you need the right to sign in...".

I have verified the following:

The account I am using to logon is an administrator account and also has the User right 'allow logon on through terminal services'

Remote desktop connection is enabled through control panel system.

Firewall port for RDP is open and allows anyone in.

Is there something I have missed?

Thanks

David Z

Windows Event log did not find IP for Windows server 2012

April 23, 2019, 7:43 pm
$
0
0

Event log did not find IP



But log perse found



Forgive me for bad English
I just want to know the truth.



RemoteApp should open with default local admin credentials

April 30, 2019, 2:42 am
$
0
0

Hello RDS experts,

We have an application installed on server that works only with local administrator credentials. We want users also to use the application but we are not willing to provide either admin rights or admin credentials to users.

Question is, is there any option where this application is published through RemoteApp and when users on Windows-10 open it automatically opens with admin credentials ?

Any help much appreciated...

Best Regards, CSR


RDS ISAPI Filters

April 30, 2019, 3:56 am
$
0
0

Hi,

I tried to install .net 1.1 on our Server 2016 RDP server, however it mucked up the ISAPI filters on IIS, so it was not working.

I have removed the one with the extra \ in it and recreated the default x86 and x84 ones, how do I know they are working though, and are they even used for our Remote Desktop Gateway?

Everything seems to be up and running by the way.

Viewing all 27656 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>