Quantcast
Channel: Remote Desktop Services (Terminal Services) Forum
Viewing all 27656 articles
Browse latest View live

Remote Desktop VDI 2016 Server Topology for small business

May 20, 2019, 6:14 pm
$
0
0

Hi Guys, 

Hoping I can get some advice on this.

I am in the process of building a Remote Desktop VDI 2016 environment. I am trying to working out a reasonable topology that is secure but also has a reasonable foot print. So I don't build and maintain servers that are not required. 

I am a little surprise that I cannot find one clear document on a good topology. I see documents talking about having a AD in the DMZ and other about only a Gateway in the DMZ with access to the internal AD servers. Both of these don't seem like the best option in terms of security. 

My thoughts is to setup a Reverse proxy in the DMZ pointing to the internal Gateway server that can then talk to the broker and enable access, with the webserver being installed on the Broker. (Yes I would configure HA)

So the basic layout is this. 

Firewall || Reverse Proxy (ARR) || Firewall || Server 1 (Gateway Server), Server 2 (Webserver, Broker), Server 3 (RD Virtual host)

Would like to hear people thoughts and this and if anyone can see any problems. 

Thanks for your time.

Craig G

Craig G

Search

hide broker name from remote app name in taskbar

May 20, 2019, 11:35 pm
$
0
0

Good day,
I am working on a RDS environment for a customer.
We implemented a remote app for his software that he is exposing to the outside world.
When the customer has opened his application and the customer hoovers with his mouse over the app in his task bar, the name of the application is "applicationname" + (rdsbrokername).
We don't want to display the brokername to the customer.
How to manipulate this name to hide the broker?

Thank you in advance,

Per User RDS licensing on Windows Sever 2016 in Workgroup environment

May 8, 2019, 3:30 am
$
0
0

Hello to All!

We have a problem with RDS feature on 2016 Server.

Server was deployed with no CALs installed and worked some time in a trial mode. Then owners of this server bought 30 Per User licenses trough SPLA programm and I was asked to activate and install licenses in it.

Before I connect to server I saw that owners are now in procces of deleting grace period registry entry (because grace period has ended and they was in big hurry to make it work again).

After all this and mine (standart activation and installing licenses proccess) manipulations server now did not want to see legal licenses and continuing working in trial mode (grace period still ticking). Last manipulations was to delete grace registry again and reboot the sever (I found similar situation https://www.360ict.nl/blog/no-remote-desktop-licence-server-availible-on-rd-session-host-server-2012/) but it did not helped and now grace period start ticking from beginnig (120 days).

I found info that 2016 server is still can issue Per User CALs to local users in Workgroup environment and made all manipulations with local group policies https://digitalbamboo.wordpress.com/2017/04/05/deploy-remote-desktop-services-in-a-workgroup-easily/ and other stuff and now in diagnostics there have no warning and all green.

Maybe some one faced similar problem or have any suggestions I would be very graceful. I'm desperate already.

Black Screen on all new Connections, SessionHost has to be rebooted

June 21, 2017, 2:31 am
$
0
0

hi,

we're suffering from session hosts that produce black screen errors in a RDS 2016 farm.

already connected users can mostly work, all new connections end up with a black screen.

to resolve the error the server has to be restarted.

i can say that

- this error appears after error 1534 (Fehler bei der Profilbenachrichtigung des Ereignisses Delete für Komponente {709E2729-F883-441e-A877-ED3CEFC975E6}. Fehlercode: Das System kann die angegebene Datei nicht finden.) starts appearing in the eventviewer.

- upon checking the registry for this SID i end up at "ProfileNotifyHandler Class app id {E10F6C3A-F1AE-4adc-AA9D-2FE65525666E} inprocserver32, C:\Windows\System32\gameux.dll".

- starting explorer.exe per taskmgr does not open an actual explorer window although the process appears in taskmgr

- tskmgr, eventvwr, cmd can be started without problems

- affected users appear as active in RDS management

- no third party security software is installed

- farm is fully patched

- HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ProfileGUID and ProfileList are ok (no old or .bak entries)

looking forward on how to resolve this without  rebooting the server or a permanent fix

thank you

best regards


link for activate.microsoft.com is not working

May 21, 2019, 3:04 am
$
0
0

Dears,

I am trying to install CAL licenses using web. but the link https://activate.microsoft.com/ is frequently going down these days.

is there any other alternative ways to generate RDS and install it on Win server 2012?

is there any issue with activate.microsoft.com? and any timeline to fix it?

thanks

Barznj

New-RemoteApp command creating multiple apps

May 21, 2019, 3:56 am
$
0
0

Hi,

I am using puppet to deploy remote apps using powershell commands, it works fine, but my problem is whenever the configuration runs. It just creates another remoteapp with the same name but with (1) next to it. Is there a check I can do to see if it already exists then do nothing? rather than create a new remoteapp with a slightly different name?

Thanks

Windows could not load your roaming profile

January 31, 2011, 5:24 am
$
0
0

I'm having problems with one Username, I get this error in Event Viewer:

 

Windows could not load your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you log off. Windows could not load your profile because a server copy of the profile folder already exists that does not have the correct security. Either the current user or the Administrators group must be the owner of the folder.

 

1. The profile path exists: \\ts-srv\Profiles$\Username

2. The folder Username.V2 exists too.

3. The user has Full access Username folder.

 

What I did once is gave full rigths to Administrators for the Username.V2 folder, I wanted to see something and I did not have access so I've change the permission.

How to fix this issue ?

Thank you.

 

...

RDS 2012 R2 + Office 365 Shared Activation - UPD's not unloading.

June 21, 2016, 1:49 am
$
0
0

Greetings and welcome to this thread.

We have consequently been experiencing errors with RDS 2012 R2 User Profile Disks / UPD's not detaching after user logoff in brand new Remote Desktop Services 2012 R2 collections.

As an example we have this enviroment:

DCSRV01 - Domain Controller

DCSRV02 – Domain Controller

FILESRV01 – Fileshares and User Profile Disks

RDSGW01 – RD GW

RDSSB01 – Session Broker

RDSSB02 – Session Broker

RDSSH01 – Session Host

RDSSH02 – Session Host

ADFS01 – ADFS

WAP01 – WAP

Only 3<sup>rd</sup>. Party application installed on the session host is Office 2016 Click-To-Run with shared activation. (GPO for SSO activation etc.)

Consequently User Profile Disks does not detach upon logoff using the newest build of the Click-To-Run Service.

We have tried with multiple builds of Office 2016, and downgrading. 

If we disable the C2R service or uninstall Office 2016 C2R completely the UPD’s will detach just fine upon logoff.

We have a bunch of setups like the above where we can produce the issue. However we also have one older setup, with an older version of Office 2016 C2R, that does not seem to produce the issue. However all new setups produce this.

Has anyone experienced issues comparable to this?.

We also have setups with many users running both Office 2010, 2013, 2016 Non-C2r versions on both 2008 R2 and 2012 R2 without any issues at all whether we’re using UPD or Roaming Profiles.

So it seems like there is some issue/bug with the newer versions of Office 365 C2R and User Profile Disks / UPD.

Hope for some well shared knowledge, tips or bugfixes for this :-)

All the best, Jesper Hassing - MCTS SCCM 2012 - MCSA 2012 Server - MCP


Search

Remote app redirected printer stops working then log off hangs forever

May 21, 2019, 9:47 am
$
0
0

Anyone know know where to start looking for a solution to our Remoteapp issue? Redirected printers will stop printing then when the user tries to log off and reconnect it will show a message that says "Signing out" indefinitely or a black screen. We are using windows 10 Clients connecting to Windows 2012 R2 Remote app servers. This happens to multiple Remote App servers we have. Any suggestions would be great!

Suddenly Internal Error on RDP and Security Layer Errors in Event Viewer

May 21, 2019, 10:07 am
$
0
0

Just started experiencing this out of the blue today.

Connecting to server 2012 virtual machine with latest RDP program.

RDP users (including me) seem to suddenly be unable to connect to the server intermittently.

Getting the below error messages on several tries. Sometimes it will ask for password and connect normally.

Event viewer shows many instances of:
RemoteDesktopServices-RdpCoreTS
The server security layer detected an error (0x80090308) in the protocol stream and the client (Client IP:XXX.XXX.XXX.XXX) has been disconnected.
EventID 139
User: NETWORK SERVICE
OpCode: ProtocolExchange
Task Category: RemoteFX module








RDS and SID error with two-way trust

December 6, 2012, 7:28 am
$
0
0

Hey there.. weird one here.. I am testing RemoteApps with Server 2012. All is fine except for when I try and grant access to user in another forest where we have a two-way\forest transitive trust. The error is below.. What is interesting is the trust works fine otherwise. For example, if I try and add a user to the local admin group on the server it works great.. I can even authenticate via RDweb portal from a user in the trusted domain.. any ideas? 

RDS Servers Events 7011, 7046 - BSOD rdbss.sys

March 14, 2019, 3:42 pm
$
0
0

Hi All

I have a virtualised (VMWare) RDS 2012R2 environment with 20 Session hosts spread across 6 Dell ESXI Hosts - 2 Sets of different PowerEdge Models. Over the past 4-6 weeks we have started to get multiple event 7011's followed by a 7046.

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UmRdpService service.

The following service has repeatedly stopped responding to service control requests: Remote Desktop Services UserMode Port Redirector

At this point some existing connected users cant sign out and applications start to crash including explorer.exe. Trying to shutdown via the GUI just hangs and the only way to get the server back is to reset the power using vSphere console. 

Applications on the Session Hosts are mainly MS Office 2016, Acrobat Reader, 7Zip and Webroot AV. Windows OS and applications are fully patched and up to date and Dell Firmware and drivers are fully up to date. 

Users connect in via RemoteApp and local drives and printers are redirected into their sessions. 

The weird thing is, like clockwork the crashes happen at the end of each day usually between 16:00 - 18:00 - To me its like a degradation symptom or perhaps its the actions of users disconnecting or logging off their session - Its affecting a couple of servers each day. 

On top of this, it appears 7011, 7046 results in a BSOD. I have grabbed the Memory.dmp file and opened it with WinDbg. 

Im now trying to figure out the dmp - uploaded to PasteBin here (happy to paste dmp here but didnt want to "dump" to much information in the post)

What stands out to me is rdbss.sys

Probably caused by : rdbss.sys ( rdbss!__RxAcquireFcb+1f3 )

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80179d3ba44, address which referenced memory

BUCKET_ID:  AV_rdbss!__RxAcquireFcb

PRIMARY_PROBLEM_CLASS:  AV_rdbss!__RxAcquireFcb

My rdbss.sys version - 6.3.9600.18895

Can anyone help to try and decipher the above and suggest next/best cause of action?

Many thanks :)


PDF printing solution for Terminal Server Farm 2008 R2

December 14, 2010, 12:03 am
$
0
0

Seeking solution for function Print to PDF or so called PDF printer. What it happening now, is that in terminal session, sometimes user call support desk, and say, that they have printed other user print job. Most of documents are not important, but some have confidential information and that is not good.

Because I do not won't to test all solution, and have burnout user support telephone lines, I need working solution for Windows Server 2008 R2 terminal server.

Windows 2016 Terminal Server - Application Error in Explorer.exe

May 13, 2019, 4:02 am
$
0
0

I already posted this question in Server2016 section - they had no idea - but they suggested to try and find a solution at the RDS-Section

I have 3 Win2016 Terminal-Server - all show the same Problem:

Sometimes Windows Desktop is not responding - no Startmenu reaction, no right-click on taskbar. But i can double-click Desktop-Icons and the program starts. I also have this problem when i log on locally as admin.

In the Eventlog i get:

Information: The Desktop Window Manager has registered the session port.(EventID 9027)

followed by

Error: Application Error - EventID 1000

Faulting application name: explorer.exe, version: 10.0.14393.2879, time stamp: 0x5c89ec44
Faulting module name: ntdll.dll, version: 10.0.14393.2608, time stamp: 0x5bd133d4
Exception code: 0xc000041d
Fault offset: 0x000000000002138e
Faulting process id: 0xf51c
Faulting application start time: 0x01d505941f3bf9c4
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: f943abdf-c7c2-4b2e-9906-e5ea5e358841
Faulting package full name: 
Faulting package-relative application ID: 

The faulting module name changes between: ntdll.dll and user32.dll

I have no idea why this happens - hope you can help me

Thanks

Arnold

Azure RDS HTML5 Web Client Unable to Access Gateway

May 3, 2019, 3:49 pm
$
0
0

We have a RDS (Remote Desktop Services) deployment, and recently went through the process of installing the HTML5 web client as per the directions at:

https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/remote-desktop-web-client-admin

Our deployment is hosted on domain A, which has an active directory instance. There is also domain B with its own active directory instance, there is a two way trust between the two.

The problem we are having is that the traditional RD Web Access works fine for all users, but when users from domain B log on to the HTML 5 web client and try to open an app they get a message "We couldn't connect to the gateway because of an error". At the same time the browser console shows the following error:

Connection(ERR): The connection generated an internal exception with disconnect code=GatewayProtocolError(52), extended code=, reason=Gateway tunnel authorization failed with error code=2147965403

During troubleshooting we’ve tried:

  • Verified that required ports are opened.
  • Disabling all firewalls between gateways, brokers, and session hosts – same error.
  • Re-applied the publicly trusted cert to the HTML5 client (via Import-RDWebClientBrokerCert) – same error
  • Verified that the proper cert was bound to the HTML5 client – same error.
  • Enabled NTLM by setting the GPO: Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> Network Security: Restrict NTLM: NTLM Authentication in this domain. To “Disable” (within same domain as RDP) – same error.
  • Ran regsvr32 wksprtps.dll (dll was already registered, but tried it anyway)
  • Verified that the required KB4025334 from July of last year was installed or not necessary (OS was up to date)

Any ideas on other areas we can look at?

Search

Remote Desktop web client exception with disconnect code GatewayProtocolError 52 , extended code=, reason = Gateway tunnel authorization failed with error code = 2147965403

May 1, 2019, 11:33 am
$
0
0

Scope of this is that out of dozens of accounts that work fine for rdwc sessions, there are two that do not.  The connection starts but within a few seconds fails with, user facing side, 'we couldn't connect to gateway because of an error.'  When running a capture, the key error appears to be:

"The connection generated an internal exception with disconnect code=GatewayProtocolError(52), extended code=<null>, reason=Gateway tunnel authorization failed with error code=2147965403"


This is what’s in the nps log from the RD server:

"orgRD","RAS",04/05/2019,15:22:31,1,"DOMAIN\SAMACCOUNTNAME",,"UserAuthType:PW",,,,,,,,,,,,5,,,12,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"TS GATEWAY AUTHORIZATION POLICY",2,"TS GATEWAY SERVER GROUP","xxx.xx.xxx.xx",,
"orgRD","RAS",04/05/2019,15:22:31,11,,,,,,,,,,,,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"TS GATEWAY AUTHORIZATION POLICY",2,"TS GATEWAY SERVER GROUP","xxx.xx.xxx.xx"",,

And this is from the NPS server:

"FILES","IAS",04/05/2019,15:22:31,1,"DOMAIN\USERNAME","domain.org/Users/FirstnameLastname","UserAuthType:PW",,,,,,,0,"xxx.xx.xxx.xx","orgrd",,,5,,,12,7,"RDpolicy",0,"311 1 xxx.xx.xxx.xx 03/19/2019 04:54:59 292",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"RDGWauth",1,,,,
"FILES","IAS",04/05/2019,15:22:31,11,,"domain.org/Users/FirstnameLastname",,,,,,,,0,"xxx.xx.xxx.xx","orgrd",,,,,,,7,"RDpolicy",0,"311 1 xxx.xx.xxx.xx 03/19/2019 04:54:59 292",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"RDGWauth",1,,,,

Any pointers in the right direction, or if anyone else has seen these errors, would be much appreciated!

The identity of the computer cannot be verified

May 16, 2019, 4:24 am
$
0
0

Hi,

I'm building a RDS environment based on Windows Server 2016. When i connect via RDP i get the message below.

I need a simple way to get rid of this. I know i can tell users to just check the box to don't show again, but i want to deliver a clean configuration. Downloading the shortcut from the web access page solves it as well, but in this environment it's not simple to enroll this on hundreds of thin clients.

Can someone help me?

Setting up failover site and high avail broker

May 21, 2019, 7:02 pm
$
0
0

I've got a few questions I am hoping to get help with. We have roughly 20 sites and a main corp office. We plan on setting up a rds farm in our corp office and using VM's to host session host servers and the connection brokers. In all 20 sites we are going to have a site to site vpn tunnel so a connection gateway isn't required to my understanding. Then in one of the 20 remote sites we are going to setup another rds server with a dc and connection broker.

So here are my questions

1. We will probably have 6-8 session host VM's. When I ran this in a lab I set it up with DNS round robin for each of the session host, is that the best way to do it. Basically if VM 1 is named sessionhost1 and vm 2 is named sessionhost2 I made an A record in DNS with the name SessionHost and gave it the IP of sessionhost1 and then created another A record with the same name and called it sessionhost and gave it the IP of sessionhost2.

2. If we setup high avail for the connection broker where is the best place to store the sql database? Lets say I have 3 broker servers, 2 at corp and one in the failover site and I reboot the one that has the sql database what happens? Also if I want to have a 3rd one at the remote site for failover are there anythings I should be aware of?

Thank you for your input

Unable to login as admin tomy DC after enabling interactive login

May 18, 2019, 9:27 pm
$
0
0

Windows Server 2008

As stated in the title, i enforced the interactive login: require a smart card to login. Logged off and it applied and now I am unable to login to the DC using my admin account because it is not associated with a smart card. I undid the gp back to original but am still unable to login to the DC. I assume its because i can't get the login script to run to fix the issue. How do i go about getting the login to update the GP without actually logging in?

Can I convert per device RDS Cals to per user RDS Cals

May 13, 2019, 10:26 pm
$
0
0

Hello

We purchased some per device RDS Cals. Now we find some user use two computers(a desktop and a laptop), We'd like to convert our Per Devcie RDS Cals to Per user RDS Cals.

Does microsoft provide a route to convert Per Device to Per User.

Viewing all 27656 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>