Quantcast
Channel: Remote Desktop Services (Terminal Services) Forum
Viewing all 27656 articles
Browse latest View live

Extremely slow RDP session - Solved

July 9, 2013, 1:45 am
$
0
0

When upgrading our environment to Windows Server 2012 we experienced really slow RDP functionality towards these servers.

The sessions connected fine but the update frequency were extremely slow.
If one would log off, wait 20 seconds and log on again, the sessions would work just fine most of the time. In some cases this has to be repeated to get a working session.
If the server was restarted, the slow session returned and the above had to be repeated to get the sessions working..

So.. what the heck had happened??

With Server 2012 we had decided to start out with Microsofts Security Baseline for 2012, included in the Microsoft Security Baseline, as a base to get up to speed quickly.

Without the security baseline applied RDP works just fine. With the baseline applied, the above slowness appears.
When troubleshooting, the cause of this evil was identified (behold, for those faint of heart - stop reading now):

Under Local Policies/Security Options:
Use FIPS compliant algorithms for encryption, hashing, and signing - This was set to enabled.
If this policy is disabled, the RDP sessions works just fine..

We spent quite some time troubleshooting this and I wanted to share the annoying fact that Microsofts recommended security baseline was actually the cause of this. :(
I hope this is of help to others!

Search

CVE-2005-1794

October 11, 2013, 8:09 am
$
0
0

I'm a bit unclear about one specific vulnerability about Remote Desktop (CVE-2005-1794).  Microsoft knowledge base does not seem to address it well.  Basically the description of the vunlnerability from Mitre is:

"Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, which allows remote attackers to spoof public keys of legitimate servers and conduct man-in-the-middle attacks."

I understand that there is no patch for this vulnerability on 5.2.  My guess is this may be a false positive from my VA appliance for the following reasons because windows does not report the version of the Remote Desktop Protocol Terminal Services and thus, the VA scanner would think the version is still 5.2. 

However, I would like to know was this vulnerability fixed in 6.0 and beyond?  There's nothing on the Microsoft website that says it was fixed.

Also, what would be the best way to check the version on my machine?  What I'm doing right now is checking the termsrv.dll and looking for the version under properties.  Would that be sufficient?

2016 RDS Double Authentication

May 29, 2019, 10:54 am
$
0
0

Can anyone help Windows 2016 RDS Single Server solution. 

Sorry I see this was asked as 1000 times. I get two prompts to login to RDS

RemoteApp - Login - Gateway never passes credentials to Server. 

I authenticate via the RemoteApp (RDP) - Established a connection the the RDS Server. I get the Splash screen to the server (as RemoteApp configures the remote session) I hit OK to accept the corporate warning we have on the RDS splash screen. Then the RemoteApp closes, I get Windows Security "Enter your credentials" for the remote server (not the gateway) there is no option to remember credentials....  I log in again - I get the corporate warning splash screen again. Hit OK - finally get to desktop. 

I have updated the System/Credentials Delegation - setting in the RDS GPO. Adding RDSSERVER/* to both Allow Delegating default cred w/ NTLM-Only Server and Allow Delegating default creds

I have also tried to play with rdp settings

promptcredentialonce:i:1

gatewayusagemethod:i:1

gatewayprofileusagemethod:i:1

gatewaycredentialssource:i:4

full address:s:TS.DOMAIN.COM

gatewayhostname:s:gw.DOMAIN.com

workspace id:s:TS.DOMAIN.com

use redirection server name:i:1

gw.DOMAIN.com matches my SSL Cert


How to get server 2016 to allow multiple concurrent remote desktops.

May 29, 2019, 1:55 pm
$
0
0

I've tried Google and all of the suggestions, but I just can't get it to work.

I did a quick start on one server that is the RDS server. I added another server that we want to remote into as a session host and changed the group policy on both machines. I installed licenses on the license server after activating it. I can still only get two connections at any one time.

Oh, this is on AD and the machine was put into the Terminal Services group.

What am I missing? 


Hyper-V Host Server treating direct logins as "Remote" Logins after RDS Role installed.

May 29, 2019, 2:03 pm
$
0
0

Hello All.

I'm busy with an installation for a clien using "Server 2019" as the Hyper-V Host Server.

On the host I am running two (2) Hyper-V OSEs, also Server 2019 Standard. One acts as the AD Domain Controller, the other is acting as an APP Server for their Financial software on which they need remote access. Everything runs fine through the entire configuration right up to the point after I added the Remote Desktop Services Role. From there on the whole thing goes bonkers. 

When I log back in after a restart, the profiles under C:\Users are all messed up. "domain\Administrator" is gone and there are folders like "Administrator.000", a file that looks like a VHD, I'm guessing this is a Remote Desktop User Profile.

Sometimes it would all of a sudden block my login attempts saying: "To sign in remotely, you need the right to sign in through Remote Desktop Services. By default.... blah blah bla." So I am physically logging into that server "on" Hyper-V, but it is treating the login as a "Remote" login.

I thought it might be a bug in Server 2019, so I installed 2016, and it is doing exactly the same. I am doing the RDS configuration to the letter as per Microsoft, I am just not using the RD Gateway. 

Could someone "pleaaaase" tell me why this is happening? I have to deliver the server to site in two days.

Kind Regards and thank you in advance.

Hentie

Internal Error 0x609 using Remote Desktop

May 25, 2019, 5:32 am
$
0
0

Hi for all

I´m facing a problem to access the server through Remote Desktop. 

When i tried to connect I received the message: Internal Error 0x609.

Does anybody has an idea?

M. Thanks.

Server 2016 RDS connections maxing out and crashing dwm.exe?

November 30, 2016, 10:12 am
$
0
0

We attempted a stress load on our server and found users unable to join. The RDS would blackscreen and drop. It happened after 8 users had joined. The performance also was dropping as each connection stacked and after we saw the Event Viewer had 450+ Critical Error 1000 with dwm.exe dwmcore.dll crashing.

HP Dl380 Gen9

2x Xeon E5-2697 v3

192GB Ram

Nvidia Quadro M6000 24GB (Current Driver) RemoteFX enabled

Windows Server 2016

Bare-Metal RD Terminal Sessions

We currently have a similar environment with 2012R2 without a problem,

RDWeb: can't connect, RD Gateway server temporarily unavailable

January 19, 2019, 10:58 am
$
0
0

Hello everyone,

We are having the "can't connect, RD Gateway server temporarily unavailable" on RDWeb, only when accessed externally. Internally, the same external URL works. Server 2016.

This feature was working externally some time ago and we are not sure of what exactly broke it.

BPA's only warning is:

"The RD Gateway server SSL certificate must be configured with a valid certificate subject name

Severity: Warning

Problem:
The Remote Desktop Gateway (RD Gateway) server Secure Sockets Layer (SSL) certificate may not have a valid certificate subject name.

Impact:
If the RD Gateway server is configured to use an SSL certificate with a certificate subject name that is not valid, users cannot connect to internal network resources (computers) through the RD Gateway server.

Resolution
Use the RD Gateway Manager tool to select a valid SSL certificate for the RD Gateway server to use."

We have tried other certificates and the result is the same. All other certificates are also ok, they are valid and were made from Let's Encrypt.

Any help will be highly appreciated!


Search

How install SSL certificate for RDS on windows server 2016?

August 19, 2018, 1:20 pm
$
0
0

I installed windows server 2016 for a small company, so I don't need to have domain controller on this installation and for RDS I only needRD Licensing and RD Session Host roles. But only with that roles theres is no Remote Desktop Gateway which is used in many tutorials to install SSL certificate on terminal server (like here: https://ryanmangansitblog.com/2013/03/27/deploying-remote-desktop-gateway-rds-2012/).

So to conclude, I just don't have interface of Remote Desktop Gatewayto install SSL certificate.

Is there any workaround to deal with it and install SSL cert on my RDS?

We can't sign in to your account

May 27, 2019, 7:43 am
$
0
0

Hi!

I build a RDS deployment based on server 2016. After I finished building my session host and users tested it successfully, I cloned and sysprept the server in VMware vCenter.

Everything works fine and user can login and work on the servers without any problems.

When me and my colleague admins login to the cloned servers with our admin accounts, we always get a message like below;

User profile disks are configured in the environment. Folder redirection is enabled to redirect profile folders to H:\. This is inherited from the original RDS 2008 setup that we are migrating from.

I already tried to delete the entry from the profilelist key in the registry. But this didn't solve anything.

How can I fix this?

User Profile storage vlan question

May 27, 2019, 7:42 am
$
0
0

Hello, we are setting up a RDS environment for roughly 400 users. At a given time we expect the max concurrent users to be around 250. We are setting up a storage server with a DAS Dell PowerVault to hold the User profile disk. Would it be best to put that server on it's own VLAN for the storage piece? 

We are also going to have a Synology NAS for user documents and such, is it best to put it on it's own VLAN as well or would it really matter? We aren't using iSCSI for anything just smb shares.

Thank you

Two monitors with virtual desktop, can i configure app to open in specific monitor/desktop?

May 27, 2019, 7:02 am
$
0
0

Hi friends, i have two monitors with 2 virtual desktop, name this this way each screen

Screen 1 (monitor 1 virtual desktop 1)

Screen 2 (monitor 1 virtual desktop 2)

Screen 3 (monitor 2 virtual desktop 1)

Screen 4 (monitor 2 virtual desktop 2)

can i configure app to open in specific monitor/desktop?

I mean, can i add a command line (for example) to app 1 shortcut to open in screen 1 and app 2 open in screen 3?

Hope was clear what i need

Thanks in advance

PD: Sorry if incorrect forum, im not sure what forum should post

2 Node Load Balancer or Active Passive

May 26, 2019, 7:41 pm
$
0
0

Hi,

We need to create 2 Windows 2016 RDWEB Servers and configure them either with Load Balancing or Active Passive Nodes type so that if one server is down, users should be able to login to the 2nd server.

As we don't have a hardware load balancer, which is the easiest way to fulfill the above requirements. How many servers we need to have for Load Balance Configuration or Active Passive setup?

Thanks.

Certificate issue? and double sign in and Remote computername

May 23, 2019, 3:38 am
$
0
0

Good Day,
I am having these 3 issues with my RDS farm:
I published an app via RemoteApp to the outside world.
The environment is full Windows Server 2016 Version is 1607 build 14393.2906

There is 1 server RD Licensing server (This server is a domain controller)
There is 1 connection broker
There is 1 Gateway server and this server is also WebAccess Server
There are 2 Session Host
There is 1 application published through remote app. This is the app that we are talking about.

When customers connect they see this:

The certificate is issued by a trusted thirdparty to ts.domainname.com The publisher is also ts.domainname.com
1. My first question. Why is this message appearing? And how to make it skip. Does a wildcard certificate help for this problem?
2. The remote computer is rdscluster.intra.domain name, I want to change this to cluster.domainname. Where is this modified? I dont want internal stuff shown to the outside world
3. After this message, the system asks me to log in again. How to autolog through second logon?
It worked before but I think it stopped working after modifying the Publisher name. And when the second logon screen appears it says The logon attempt failed. It then shows the username without the domain name.
I modified the webscripts-domain.js so that the user only needs to put in the username. But I think in the second logon this is not copied the right way

I hope I supplied enough info this way. If not, please let me know what to provide more





Remote desktop issue

May 23, 2019, 12:24 am
$
0
0

Dears ,

Please we need your support remote service does not work and I get the below error .

Please advise .

Br,

"Windows could not start the Remote Desktop Services service on LocalComputer

Error 1075: The dependency service does not exist or has been marked for deletion .

"

Search

Windows Server 2016 Remote App issue

May 22, 2019, 5:27 am
$
0
0

Hi There

Hoping you can help with an issue am having adding remote apps to my existing RDS farm,

I currently have a working RDS farm consisting off 1 x gateway, 1 x broker and 2 x rd hosts, at the moment i can start a desktop session collection either internal or external to my organization without issue.

Now the issue is i have built another rd host to add remote apps, ive added this using my broker and published an app, all works fine internally but externally it does not work, when i start the application it sits on starting remote app for ages then errors out with the following message.

Remote Desktop can't find the computer "RD host", this might mean that it does not belong to the specified network.It looks like its trying to resolve the internal broker name externally and obvioulsy that wont work.

The gateway settings are already enabled globally within RDS, just scratching my head, dont want to mess with the configuration too much as the other rd hosts work fine.

Any ideas what could be the issue ?

RD Connection Broker HA setup with SQL AlwaysOn doesn't work correctly

May 21, 2019, 11:36 pm
$
0
0

Hi everybody,

I have an issue with RD Connection Brokers in a highly available setup backed by a SQL Server 2017 Enterprise Availability Group. The setup works correctly while the database is running on SQL node A of the availability group, users can logon via RDWeb and start their RemoteApp(s). When the Availability Group fails over to SQL node B, users can not start their RemoteApps, nor connect to a disconnected session, they are faced with these errors:

- The requested session access is denied.

- Your remote Desktop Services session has ended, possibly for one of the following reasons:

   The Administrator has ended the session.

   An error occurred while the connection was being established.

   A network problem occurred.

   For help solving the problem, see "Remote Desktop" in Help and Support.

Any idea's how to resolve this?

RDWEB/Webclient not able to connect websocket errors...

May 21, 2019, 8:38 pm
$
0
0

after configuring and installing eh webclient on my deployment. when I try to connect to one of the resources I get the error..



when I check for the error in the console i get the following errors...

Can someone help me...

what to do next...

rsamayoa

Issues with saving adobe files from Adobe reader to a TS client redirected drive

May 25, 2019, 11:24 pm
$
0
0

Hi all,

I know this is issue is about Adobe but I asked the question there two weeks ago and no replies so I'm trying my luck here.

 

I have 2 Terminal servers 2012 R2 with different reader versions, 1 has Adobe reader XI and the other has Acrobat Reader DC version 2019.010.20098

When I login to the server with XI and I want to save a file from the program to a redirected drive I have no problems. However, when I try the same on the server with DC I get this alert: "The document could not be saved, access denied".

On the problematic server I am able to save files to that location by copying and pasting or even from office apps saving new \ existing files to the redirected location.

Also, these servers are used to work with SAP. On the problematic server, when a user tries to save a file from SAP to the redirected drive it gets the alert about "disk used for temporary files is full".

 

Any help would be appreciated.

Printers from GPOs causing slow login times to RDS environment

May 15, 2019, 8:11 am
$
0
0
Have an odd situation.  I've already loaded the printer drivers for all the printers onto each of the RDS servers, which helped decrease login times, but for users who do have printer mappings via GPO, their logins are much greater in time than those without printers.   I thought eliminating drivers would be the fix but it only helped a bit.  any other tips or tweaks anyone could suggest to try?
Viewing all 27656 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>