When you try to install RDS role on server 2012 R2 using standard deployment, this issue may occur (Figure 1).

“Unable to connect to the server by using Windows PowerShell remoting”.

Figure 1: Unable to connect to the server by using Windows PowerShell remoting

First of all, we need to verify the configurations as it suggested:

1. The server must be available by using Windows PowerShell remotely.

2. The server must be joined to a domain.

3. The server must be running at least Windows Server 2012 R2.

4. The currently logged on user must be a member of the local Administrators group on the server.

5. Remote Desktop Services connections must be enabled by using Group Policy.

In addition, we need to check if the “Windows Remote Management “service is running and related firewall exceptions have been created for WinRM listener.

To enabling PowerShell remoting, we can run this PowerShell command as administrator (Figure 2).

Enable-PSRemoting -Force

Figure 2: Enable PowerShell Remoting

However, if issue persists, we need to check whether it has enough memory to work.

By default, remote shell allots only 150 MB of memory. If we have IIS or SharePoint App pool, 150 MB of memory is not sufficient to perform the remoting task. Therefore, we need to increase the memory via the PowerShell command below:

Set-Item WSMan:\localhost\Shell\MaxMemoryPerShellMB 1000

Then, you need to restart the server and the issue should be resolved.

You can get more information regarding Remote Troubleshooting by below link:

about_Remote_Troubleshooting

If you need further assistance, welcome to post your questions in the RDS forum.

Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

Thomas

Hello,

Which VPN software are you using to access Remote Desktop?

Many Thanks,

Hello,

I would like to access the server without Teamviewer. I`ve been told that we need to set up terminal services and that I need a licence. Are there any tutorial on this?

Many Thanks,

Have a functional Server 2016 RDS Deployment consisting of RD Web Access (not using), RD Gateway, RD Connection Broker, RD Session Host on TS-01, RD Licensing on DC-01, and a 2nd Session Host on TS-02.  There is one existing Collection serving up one RemoteApp program to both Session Hosts.

The TS-01 server needs to be redeployed from scratch due to an OS issue so I need to move the RD Web, RD Gateway, RD CB roles to the DC-01 server first, leaving the Session Host role in place on TS-01 for now.

I've seen articles about migration which I don't think apply here.  I do not want to enable HA on this since I know you can't go back to non-HA.  Can each role be deployed on the other server and then removed from the TS-01 server?  Or is this a deploy from scratch scenario?

Hello i have everything on single server 2016

rdweb, rd gateway, session host

i am forwarding 443 thru my firewall to my server

when i go to launch a remote app i get the following, working internally, just not externally.

RDP users (Citrix XenApp) are getting connections refused/dropped and a black screen. This is Citrix MCS spawned terminal services on Windows Server 2012 R2. On the server seeing these messages:

Log Name:      Microsoft-Windows-TerminalServices-LocalSessionManager/Operational
Source:        Microsoft-Windows-TerminalServices-LocalSessionManager
Date:          5/7/2019 12:08:15 PM
Event ID:      36
Task Category: None
Level:         Error
Keywords:      
User:          SYSTEM
Computer:      CTXIAHYP004.mydomain.com
Description:
An error occurred when transitioning from CsrConnected in response to EvCsrInitialized. (ErrorCode 0x80004005)

Log Name:      Application
Source:        Microsoft-Windows-Winlogon
Date:          5/7/2019 12:08:15 PM
Event ID:      4005
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      CTXIAHYP004.mydomain.com
Description:
The Windows logon process has unexpectedly terminated.

After extensive Internet search with these symptoms I am coming up empty.

I reviewed EventTracker and related MicrosoftHelp but these recommendations do not seem to apply in this case or are too vague to be useful. Those articles suggest a server resource constraint (we do not see this, unless it was temporary and is no longer present when the system event occurs), registry corruption (this seems very unlikely, but even if true, how do we determine which registry hive or key is corrupt?) or a service that needs restarting (which service? we do not see any errors showing failed or stopped services).

Any other tips?

Can i add custom sign in option in addition to already available sign in options (password, smart Card) ?

Custom sign in option is related to smart card but without reading certificate on smart card. Rather it will perform sign in on other attributes fetched through smart card and comparing them againstemployee ID attribute of AD?

Rox_Star

Hi

I am doing a POC on RDS and I am currently running into some limitations that I hope someone here on the forum can help answer if those are indeed limitations or if what I try to do can be achieved in another way.

Explanation of environment.

1 datacenter site (6 RDS hosts)
11 large branch sites (2-3 RDS hosts in each branch)

Datacenter is publishing applications from central systems running in the datacenter

Branches are publishing applications from system running locally on the branches. Most of these local systems for several reasons have to run locally in the branches and it is mission critical for thin clients and computers running at the same local branch to have access to those local published applications 24/7. That means also when the WAN link to the datacenter should go down.

Published applications must be able to be launched from computers and mobile devices, from the internet. This should be archived with gateways and web access servers placed only in the Datacenter. We don't want to have internet facing servers running on our branch sites. Of course those local published apps on branches can only be launched from internet when the WAN link to the datacenter is up, but this is ok. Critical part is for local clients on the same site as the RDS hosts to be able to launch them if WAN should be down.

Design considerations

Since we don't want an individual deployment for each branch, where we would need internet facing gateway and web access servers on each branch, those should be placed in the datacenter, so the best fitting design here would be the below.

Datacenter: 2 x RDS gateway/Web access servers, 2 x connection broker, license server and 6 RDS hosts.
Branches: 2-3 RDS hosts
Collections: 1 for datacenter and 1 for each of the 11 branches.

This setup however would not allow clients to start locally published applications if the WAN link is down to that branch, since users in that branch cannot reach the Web access and broker in the datacenter.

Questions:

Is there any way around this or any way it could be designed to allow users to start local published apps (not desktops) when users cannot reach the broker and web access servers.

Can you setup that if a broker is not available, the remote apps will still launch, just without load balancing and the feature to reconnect to disconnected sessions. So it should just launch directly against RDS host servers (You could probably use DNS RR to then still get some kind of client distribution across the hosts) ?

When setting up remote desktop clients on phones and computers, they require a URL feed. This is pointed to the Web access server "https://server.domain/rdweb/feed/webfeed/xxxxxx.aspx" does this mean that the web access server is mandatory to even be able to launch remote apps or is there another way to launch them that doesn't rely on the Web access server ?

Thanks

Martin

I came from the VM Ware remote desk top services so stumbling a little getting up and running. I have a windows 2019 farm built and working with published apps and 2 windows 10 pools one pooled and one personal. Everything is working across HTTPS including html 5 where I have an issue is with some thin clients I am running ( RDP protocol ) . I point them at my RD Connection Broker server and added the reg entry to redirect to my  windows 10pooled pool everything works great. With only one RD Connection Broker ( in this case 2 clustered ) how can I redirect some thin clients to the personal pool and others to the pooled pool. Thanks for any help you can give me here.

Hello

We purchased some per device RDS Cals. Now we find some user use two computers（a desktop and a laptop), We'd like to convert our Per Devcie RDS Cals to Per user RDS Cals.

Does microsoft provide a route to convert Per Device to Per User.

Hi,

We host around 4000+ RemoteApp connections in an RDS 2016 farm with 4 RDG, 2 RDCB and 28 RDSH servers.

All servers are Windows Server 2016.

Recently we are seeing that RDCBs stop tracking the number of connections on some RDSH servers and keeps redirecting new connections to them. As a result these servers start hosting a lot more connections than other servers.

Get-RDUserSession keeps reporting the same last known sessions and does not update irrespective of number of connections on the server or their state.

The workaround we have found is to disable new connections to affected RDSH servers, reboot them overnight and add them back on next day.

It will be great if someone can shed some light on this issue. I'm not sure how connection brokers get updated connection info from RDSH servers.

Thanks

Dinesh

Hi,

I have set up a Windows Server 2016 RDS environment which is as follows:

1 RD Gateway Server (RDGW1)

1 RD Web Server (RDWeb1)

5 RD Session Hosts (RDS1 to 5)

1 RD Broker (RDBroker1) - also does licensing.

gateway url is: gateway.domain.com which points internally and externally to the RDGW1 server.

The RD gateway and RD Web servers are in the DMZ.

We now want to implement Azure MFA using the NPS Extension as described here: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension-rdg  

To minimize impact, I set up another Gateway server in the DMZ called RDGW2, along with an NPS server in the LAN (NPS1). Following the documentation linked to above, I was able to successfully set this up.

To test, I have downloaded the RDP icon from the RDWeb page and edited it to direct via RDGW2 rather than RDGW1. I also created an External DNS entry for gateway2.domain.com pointing to the WAN IP for RDGW2.  This works fine from outside of the network and I get MFA prompts and can see connections going through RDGW2.

I now need to publish 2 RDP shortcuts. One would be using the old non MFA gateway (RDGW1)  - this is already there. The second would be the edited RDP Shortcut that uses the new MFA configured Gateway (RDGW2).

Is there any way I can publish the second RDP icon? Perhaps by editing the relevant web page or locating where the original icon is located? Publishing via RemoteApp is not an option. The reason for having both is to provide a transition environment and possible future DR environment (in case there are issues with Azure).

Thanks,

I already posted this question in Server2016 section - they had no idea - but they suggested to try and find a solution at the RDS-Section

I have 3 Win2016 Terminal-Server - all show the same Problem:

Sometimes Windows Desktop is not responding - no Startmenu reaction, no right-click on taskbar. But i can double-click Desktop-Icons and the program starts. I also have this problem when i log on locally as admin.

In the Eventlog i get:

Information: The Desktop Window Manager has registered the session port.(EventID 9027)

followed by

Error: Application Error - EventID 1000

Faulting application name: explorer.exe, version: 10.0.14393.2879, time stamp: 0x5c89ec44
Faulting module name: ntdll.dll, version: 10.0.14393.2608, time stamp: 0x5bd133d4
Exception code: 0xc000041d
Fault offset: 0x000000000002138e
Faulting process id: 0xf51c
Faulting application start time: 0x01d505941f3bf9c4
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: f943abdf-c7c2-4b2e-9906-e5ea5e358841
Faulting package full name: 
Faulting package-relative application ID: 

The faulting module name changes between: ntdll.dll and user32.dll

I have no idea why this happens - hope you can help me

Thanks

Arnold

Can you offer up some suggestions regarding the following System log events? We are seeing these errors frequently on the Windows Server 2012 R2 server which is hosting the Remote Desktop license server.

1. Are these warnings and errors concerning and require action to correct? If so what steps?

2. What end user experience symptoms (other than the posted messages to System log) would we expect to see?

Log Name:      System
Source:        Microsoft-Windows-TerminalServices-Licensing
Date:          4/29/2019 11:12:28 AM
Event ID:      4105
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      MSRDSLIC.mydomain.com
Description:
The Remote Desktop license server cannot update the license attributes for user "useraccountname" in the Active Directory Domain "mydomain.com". Ensure that the computer account for the license server is a member of Terminal Server License Servers group in Active Directory domain "mydomain.com".
If the license server is installed on a domain controller, the Network Service account also needs to be a member of the Terminal Server License Servers group.
If the license server is installed on a domain controller, after you have added the appropriate accounts to the Terminal Server License Servers group, you must restart the Remote Desktop Licensing service to track or report the usage of RDS Per User CALs.
Win32 error code: 0x80070005

Log Name:      System
Source:        Microsoft-Windows-TerminalServices-Licensing
Date:          4/30/2019 5:51:17 AM
Event ID:      44
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      MSRDSLIC.mydomain.com
Description:
The following general database error has occurred: "ESE error -1003 JET_errInvalidParameter, Invalid API parameter."

Log Name:      System
Source:        Microsoft-Windows-TerminalServices-Licensing
Date:          5/1/2019 11:46:41 AM
Event ID:      4106
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      MSRDSLIC.mydomain.com
Description:
CAL reporting: Windows Server 2012 : RDS Per User CAL - Installed: 850, Issued: 881

In addition, I can confirm that, per instructions in event 4105, the license server is not a domain controller and the computer account is a member of the built-in "Terminal Server License Servers" group.

A similar question TechNetForumTopic, TechNetForumQuestion, SysAdminTipBlog, and MsITprosBlog refers to a solution involving old accounts for long-term employees who are appearing in event 4105. I have validated that many of them are old enough that they likely existed back when this domain was at the 2003 functional level (it is now at the 2012 level). However, these users are not reporting any symptoms, so the event 4105 seems to not cause any downside other than logging the event. (Which goes back to my original questions, what symptom effect should we be seeing?)

Thanks in advance for your assistance.

Hello to All!

We have a problem with RDS feature on 2016 Server.

Server was deployed with no CALs installed and worked some time in a trial mode. Then owners of this server bought 30 Per User licenses trough SPLA programm and I was asked to activate and install licenses in it.

Before I connect to server I saw that owners are now in procces of deleting grace period registry entry (because grace period has ended and they was in big hurry to make it work again).

After all this and mine (standart activation and installing licenses proccess) manipulations server now did not want to see legal licenses and continuing working in trial mode (grace period still ticking). Last manipulations was to delete grace registry again and reboot the sever (I found similar situation https://www.360ict.nl/blog/no-remote-desktop-licence-server-availible-on-rd-session-host-server-2012/) but it did not helped and now grace period start ticking from beginnig (120 days).

I found info that 2016 server is still can issue Per User CALs to local users in Workgroup environment and made all manipulations with local group policies https://digitalbamboo.wordpress.com/2017/04/05/deploy-remote-desktop-services-in-a-workgroup-easily/ and other stuff and now in diagnostics there have no warning and all green.

Maybe some one faced similar problem or have any suggestions I would be very graceful. I'm desperate already.

Hello, I've got a question regarding the use of VDI and RDS at the same time.

We managed hotels and most of our front desk computers will be required to use VDI and not RDS due to software that has to be installed at each front desk pc for credit card and room keys and it won't work on RDS since each reader is independent.

My question is if we setup VDI for the front desk computers which will use Dell Wyse ThinOS and then all the other computers in the Hotel are RDS on Dell Wyse ThinOS can we set it up so that if a user logs into a front desk computer it goes to the VDI machine and then if they sign into a back office terminal it goes to the RDS server?

If that's possible do you just have the wyse terminal set to sign into the VDI machine using the vdi hostname or would you still point it to the Broker?

For RDS I've went into the DNS and put in a A record since we have multiple RDS servers. How would this work with VDI? 

The other question is what is the difference between buying a VDI license vs just buying a Windows 10 license and putting that on a Hyper-V VM?

Thanks