Hi

Please give us solution to 

Disable / Block / Hide / Prevent Connection settings in remote desktop connection

or/and hide / block / disable totaly Show Options

See attached screen

https://ibb.co/RTVPTdw

Hi everyone,

I have a Win Server 2016 with RD Services on it. Everything is running fine but Remotedesktopgateway cannot be configured by me. I installed the role without errors but configuration ends in the error:

RD Gateway Configuration Failed on [X] With Error: Unable to configure the RD Gateway server: [X] . The error is You cannot call a method on a null-valued expression.. (event-id 4119)

I found no solutions to resolve this issue on the web. I think the problem occurs already during the installation process because the RPC application is missing in the IIS. It's not the first installation of the RDG. Maybe there are some old entries in the registry what cause this failure but I do not know where to search ... Would be nice to get some help from the community ...

Thanks,
Chris

The MS post below i not understanding, i added the powershell on management VDI, to download the virus update and unpack it, but how the VDI vms can get these unpack virus file?

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus

Hi, I have set up RDS 2016 farm in forest A (2 WA, 2 CB and 2 SH servers). Having done that, session host sitting in other forest B was added to the RDS farm. There are two collections, one with apps published on 2 SH servers in forest A and the other one with apps published on SH in forest B. Adding SH from forest B and collection creation/app publishing on it were done with TWO-WAY trust between forest A and forest B.

Having removed trust (forest A trusts forest B) leaving me with ONE-WAY trust I can access applications published on SH in forest B by using PAM request and proper rights were passed through. Problem is that now, with one-way trust in place, I can not publish new apps on SH in forest B neither with GUI or PowerShell.



Since this RDS farm is part of Active Directory Red Forest design (ESAE) having two-way trust between forest(s) defies purpose of whole project. Is there any solution for this or only way to publish new apps on SH in forest B is to temporarily recreate other trust direction (forest A trusts forest B) which would certainly be turned down?

Thanks in advance!

Hi,

We have 2 session host and 1 license server, 1 session host working properly grace period return0 , another session host still showing grace period 119 days. 

we have checked forum based on that changed the configurations but still showing grace period 119 days.

wmic/namespace:\\root\CIMV2\TerminalServices PATH
Win32_TerminalServiceSetting WHERE (__CLASS!="")CALL GetGracePeriodDays
Executing (\\RDLicenseServer\root\CIMV2\TerminalServices:Win32_TerminalServiceSett
ing.ServerName="RDLicenseServer")->GetGracePeriodDays()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        DaysLeft = 119;
        ReturnValue = 0;
};

Group Policy :

Computer Configuration\ Administrative Templates\ Windows Components\ Remote Desktop Services\ Remote Desktop Session Host\ Licensing
Use the specified Remote Desktop license servers     Enabled    RDLicenseServer
Set the Remote Desktop licensing mode                Enabled    per user

Rebooted 

Registry Value:

It was 5, changed to 4

psexec -s -i regedit.exe

Deleted 

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\Terminal Server\RCM\GracePeriod

Rebooted, but when  reboot again this folder creating and Showing in Grace period. 

Powershell Cmd:

Checked in rds license diagnoser , but no error / warning.    

Please suggest on the same.

Regards,

Mani

Current Setup

2x RDS Brokers – Server 2012 R2

1x RDS SQL Database / RD License / RD Web Access / no RS Gateway configured

Round Robin DNS configured to both Brokers – working as intended

5x RDSH 2012 R2 servers for PROD collection

2x additional RDS 2012 R2 servers yet to be added

The environment is used to connect to either a DEV, TEST or PROD app. Separate collections are setup for each. Domain Users have access to the collections and apps. Security to the apps is handled by the app itself with separate login requirements.

The Problem

I have built two new RDSH servers to help with capacity as the number of users has increased dramatically since the solution was released many years ago. When I try and add these new servers into the current PROD collection, I get an error “Unable to retrieve collection properties” and the wizard ends.

However, and here’s the odd part.  When I create a new collection, I can add the two new servers plus one of the other PROD RDSH servers (I removed it as part of testing) to the newly created collection. I also have the same problem if I try just adding one of the old RDSH servers too. If I remove one of the RDSH servers from this Test Collection I can’t then re-add it back again. I have to scrap the collection completely and build a new one.

I’ve switched RDMS logging on and the logs don’t tell me anything I don’t already know – copy of log below (redacted server names). All servers im testing with are at the same current patch level too.

AddRemoveSessiontoCollectionWizardTask.Execute::<exisitingserver.domain.com>

RdmsUI: RDManagement\Add-RDSessionHost -CollectionAlias TEST -RDSHServer System.String[] -RDManagementServer <Broker1.domain.com>

AddRemoveSessiontoCollectionWizardTask.Execute:: RDMSModel.Instance().RdmsServerName-<Broker1.domain.com>

CommandLetExecutor: Job Progress Received for cmdlet: RDManagement\Add-RDSessionHost - Progress : 0 - -1% completed

CommandLetExecutor: Job Progress Received for cmdlet: RDManagement\Add-RDSessionHost - Add-RDSessionHost - 0% completed

CommandLetExecutor: Job Progress Received for cmdlet: RDManagement\Add-RDSessionHost - Progress : 0 - -1% completed

CommandLetExecutor: Job Progress Received for cmdlet: RDManagement\Add-RDSessionHost - Verbose: Input - -1% completed

CommandLetExecutor: Job Progress Received for cmdlet: RDManagement\Add-RDSessionHost - Verbose: Input - -1% completed

CommandLetExecutor: Job Progress Received for cmdlet: RDManagement\Add-RDSessionHost - InlineScript - -1% completed

CommandLetExecutor: Job Progress Received for cmdlet: RDManagement\Add-RDSessionHost - InlineScript - -1% completed

RdmsUI: Workflow 'RDManagement\Add-RDSessionHost' failed: System.Management.Automation.RemoteException: Unable to retrieve the session collection properties.

RdmsUI: Job finished for cmdlet RDManagement\Add-RDSessionHost

Has anyone encountered this problem before and if so, how did you solve it? Is this an issue with the RDS SQL database?  If so, is there way I can fix it? Restoring isn’t an option as we don’t know how long its been like this and would take far too long in going through backups.

Thanks

I am trying to move from a Windows 2016 RDS license server to a new Windows 2019 RDS license server - my understanding is this is required in order to start using Windows 2019 RDS services (2016 license server cannot offer 2019 CALs).

When I try to add licenses it tells me:

The licensing agreement data provided to Microsoft is not valid. Check all the information you provided, make any necessary corrections, and then resubmit your request. If the problem persists, try using a different connection method.

I am using "Other" as the agreement type and then our "PURCHASING ACCOUNT NUMBER" as the code which I got from the Business Center website (https://businessaccount.microsoft.com/Customer/LicensesAndServices/)

I have tried both automatic and web browser (from my PC just to eliminate any firewall/proxy issues from the RDS server) methods - but all methods fail.  Before I tried the last resort of calling MS and doing the activation that way, I figured I would post a question to see if anyone has any suggestions.

Thanks

NK

When creating RDS Quick Deploy, then trying to add a collection, I get an error:

Unable to configure RD Session Host Server <Server Name>. Invalid operation.

I've set every property I know, have a valid Licensed server, a wildcard Certificate installed properly, everything looks good. I've been three (3) days on this. 

Any help would be appreciated.

Thanks.

Hi All

I have a virtualised (VMWare) RDS 2012R2 environment with 20 Session hosts spread across 6 Dell ESXI Hosts - 2 Sets of different PowerEdge Models. Over the past 4-6 weeks we have started to get multiple event 7011's followed by a 7046.

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UmRdpService service.

The following service has repeatedly stopped responding to service control requests: Remote Desktop Services UserMode Port Redirector

At this point some existing connected users cant sign out and applications start to crash including explorer.exe. Trying to shutdown via the GUI just hangs and the only way to get the server back is to reset the power using vSphere console. 

Applications on the Session Hosts are mainly MS Office 2016, Acrobat Reader, 7Zip and Webroot AV. Windows OS and applications are fully patched and up to date and Dell Firmware and drivers are fully up to date. 

Users connect in via RemoteApp and local drives and printers are redirected into their sessions. 

The weird thing is, like clockwork the crashes happen at the end of each day usually between 16:00 - 18:00 - To me its like a degradation symptom or perhaps its the actions of users disconnecting or logging off their session - Its affecting a couple of servers each day. 

On top of this, it appears 7011, 7046 results in a BSOD. I have grabbed the Memory.dmp file and opened it with WinDbg. 

Im now trying to figure out the dmp - uploaded to PasteBin here (happy to paste dmp here but didnt want to "dump" to much information in the post)

What stands out to me is rdbss.sys

Probably caused by : rdbss.sys ( rdbss!__RxAcquireFcb+1f3 )

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80179d3ba44, address which referenced memory

BUCKET_ID:  AV_rdbss!__RxAcquireFcb

PRIMARY_PROBLEM_CLASS:  AV_rdbss!__RxAcquireFcb

My rdbss.sys version - 6.3.9600.18895

Can anyone help to try and decipher the above and suggest next/best cause of action?

Many thanks :)

We recently added a 3rd session host server and are not able to shadow sessions on it. The other 2 work just fine, but this third one pops up an error that states "the specified session is not connected."

any ideas on what we can try?

Thank you

I built a 2016 RDS/RD Gateway VM with roles of RD Access, RD Gateway, NPS, Licensing server, RD Broker.

I have installed the MFA agent configured the same as other RDS Servers.

The new server is named RDS-GW and the gateway portion is working properly, however, I cannot get the MFA to trigger when trying to access from outside of our network, or within the network on an untrusted IP range.

When configuring the MFA agent, all other MFA servers are listed.

All other RDS servers are triggering the MFA when trying to connect to them.

Any help will be appreciated.

Hi,everyone

   A few day ago, i installed a windows 2K8 R2 as a terminal server ,and specify itself as a terminal licensing server ,but without install any CALs.So erevytime i logged into the terminal , system will pop up a message said that the terminal server's grace period will expired at xxx days. but due to someone unchecked the message , systme can't pop up any message talked about the grace period.

  So can anyone tell me where can i find the remaining grace period  ??

Hi!

I am testing RDS 2019 with RemoteApp, and I have problems with startup splash screens. Each splash screen creates a button on the client’s taskbar and does not disappear from desktop and taskbar after the appearance of the main window. For example, I run three RemoteApp and I have three splash screens and three program windows on my desktop. And even if I close these windows, the splash screens will still remain on desktop and cannot be closed. This happens only in RemoteApp and does not occur with a remote desktop mode. I tried to recreate an RDS farm again, but it does not help.

This does not happen with all programs (having splash screen), but with many. At the same time, there were no such problems at RDS 2012R2/2016. 

As RDCB and RDSH used Windows Server 2019 with latest cumulative update (2019-01). As clients used Windows 10 1709/1809 with same update.

Hello everyone,

I am tring to setup RDG with MFA on Windows 2016. I have followed countless instructions and cannot seem to get the NPS part work. I can log int the remote desktop without issue however it never authenticateswith Azure. When I look that the logs for NPS I see absolutley nothing, when I check the logs for the NPS extension its the same nothing. I just cant figure out what part I am doing wrong and there be nothing in the logs. Let me know if anyoe has some suggestions.

Hi there,

I've a few problems accessing the RDWeb from external. When I try to download a .rdp file, it is downloading with 0 bytes/s and also has problems loading the icons of the published apps. This issue is only on path "/RDWeb/Pages/rdp" (path of rdp files and icons).

External and internal access link: rdp.domain.com
Servername of RD Gateway and RDWeb: de-srdp01comp.domain.com
Serverconstruction for RDS/TS:
de-srdp01comp.domain.com: RD Gateway, Broker and RDWeb
de-sapp01comp.domain.com: RD Host
de-swap01comp: Windows Application Proxy running in DMZ (not in domain)

I already tried to set the Identity to "NetworkService" but that was not a solution.

Does anyone have a solution for that?

Thanks in advance.

Tom

Dear All,

We have a Windows 2012 R2 Stand Server running Remote App Services, Recently since the certificate was getting expired we have changed it with a new 2 yrs certificate, but IE and Chrome on the client still keep on showing the old cert. The old certificate is not yet expired , but i have actually removed it from IIS and removed and reinstalled the RD Gateway services 

However some client show new certificate also , all internal clients are showing new certificate,

Moreover there is a strange issue that client would fail to connect till client registry is editing with the below key , could some one help please,

RDGClientTransport= 1

Need Help

Hasan Reza

Hello Everyone,

I am a beginner in Microsoft forums so please excuse and guide me if i posted this in wrong section of the forum.

Server Configured like this:

1. A physical server named "RGB" and a virtual machine within it named "SON"

2. SON is primary domain controller and RGB is a backup domain controller.

3. SON has Remote access role installed which is working fine as of now.

4. RGB has Tally licence gateway server installed which is an accounting software.

5. RGB IP Address is 192.168.1.101

6. SON IP Address is 192.168.1.102

7. Remote Access Server assigns IP Address to its Internal Adaptor 192.168.1.201 (through DHCP when the VPN server is online)

My Problem is: (finally)

RGB has Tally licence gateway server (accounting software) installed which should distribute licence to its clients through its IP Address 192.168.1.101 (in normal scenario)

But in my case the licence is distributed through 192.168.1.201 which is only available, if VPN server is online.

I want to correct this scenario and redirect clients to access licence server through its default ip address 192.168.1.101

If anyone has a clue as to why this is happening and how to rectify the same. Please revert and help me out.

We upgraded a system to 1903 and immediately we are unable to remote powershell to that box.

Already done:

No available updates to install.

rebooted several times more.

Firewall is disabled.

disable-pssession and re-enable pssession, no errors.

This is the error we get when trying to connect:

Enter-PSSession : Connecting to remote server testdesktop failed with the following error message : WinRM cannot process the
request. The following error with errorcode 0x80090322 occurred while using Kerberos authentication: An unknown security error
occurred.
 Possible causes are:
  -The user name or password specified are invalid.
  -Kerberos is used when no authentication method and no user name are specified.
  -Kerberos accepts domain user names, but not local user names.
  -The Service Principal Name (SPN) for the remote computer name and port does not exist.
  -The client and remote computers are in different domains and there is no trust between the two domains.
 After checking for the above issues, try the following:
  -Check the Event Viewer for events related to authentication.
  -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS
transport.
 Note that computers in the TrustedHosts list might not be authenticated.
   -For more information about WinRM configuration, run the following command: winrm help config. For more information, see the
about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ Enter-PSSession testdesktop
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (testdesktop:String) [Enter-PSSession], PSRemotingTransportException
    + FullyQualifiedErrorId : CreateRemoteRunspaceFailed

The internet has a lot of stuff about broken SPN's on web servers and deleting or recreating:

http/host.domain.com  

but this isn't a web server, it's just a Windows 10 desktop. there are no existing HTTP SPN's on this box.

Domain trust is fine, computer account is fine.

Any ideas are appreciated.

We are getting the below error while deploying VDIs

Error HRESULT E_FAIL has been returned from a call to a COM component.

The error seems to be a generic one but what needs to be done to fix it in RDS environment.