Hello,

I have a windows server 2019 workgroup joined that I recently installed with RDS roles.
all users are able to remote in, installed SSL certificate, configured all the tasks in rd gateway manager,

I have still not installed license server yet, still on trial version.


I tried to connect using "use these rd gateway server setting" and type the ip address but I get error message saying "your compuiter can't connect to the remote computer because "rdp gateway server address requested and the certificate subject name do not match"

Problem is that we are not able to see en active connections under monitoring.

I recently deployed a Windows Server 2019 with Hyper-V and with two VM's. One DC/File and Print server and a RDS.
Hardware - Dell 740 PowerEdge with RAID 10 and 8GB of Cache on the RAID controller and a Tesla GPU M10. 
RDS VM - Widnows Server 2019, 16 vCPU and 40GB of memory with the 1 GPU in DDA. On Avg 30 users. (Increased the memory from 24GB in an attempt to resolve some issues but didn't help).

Originally I created a NIC team but since removed it, as many forums had mentioned possible issues with NIC teaming, I have disabled RSC and VQM, I couldn't not disable Disk Write Caching, keep getting an error. I went over all the possible settings and can't seem to find anything that leads to a possible cause of performance degradation.

There is only a few application installed, Office 2019, ERP / Inventory package, AutoCad Viewers, Adobe 

The overall performance is that poor that I have advised the customer we redo this whole project with Server 2016. It takes ages for Outlook to open, the menus take a long time to load, at times the user sessions lock up or the display lags. It is random and not all users have the same issue at the same time, which is weird. For most of the time, users are putting up with it, the whole reason for this deployment was better performance and user experience hence the latest hardware, GPU and Windows 2019 platform. 
Since researching, I have found multiple end users with the similar issues, none pin pointing or finding a resolution and really hope there is an update or resolution to this soon, pretty poor from MS to release something this substandard. 

The CPU, MEM, GPU utilization is really good and not maxing out at anytime, Disk queue's are really good. The server is minimal network dependent, although I have realized when I transfer data on the HV host it had some impact on the server, the HV and VM's don't share a NIC, each have a dedicated.

Has anyone got similar issues with Server 2019 in a RDS environment that has had some success to a degree? From the Technet cases I read, their seems to be several complaints but yet a solid resolutions and I don't particular want to change this back to 2016.

Any advice, feedback or possible cause would be greatly appreciated.

Regards

Starting a new thread on that bug. (the thread named "Windows Search changes in Server 2019" doesn't reflect the exact catastrophy of that bug for RDSH users.

This is not a change this a broken feature.

Any fix ?

Hello,

I am deploying a scaled out RDS deployment.

2 clustered Web Servers

2 clustered Connection brokers

4 session host servers

The servers are members of the xxx.local domain

All servers have a publicly trusted wildcard certificate on them.

Connecting the the RDWeb front end works fine, when a user attempts to RD to the session host server however they get a certificate warning.  The certificate shown is the wildcard one as I expect, but the machine name is .local, and therefore the mismatch.

Can the connection broker send the public DNS name for the session host rather than the internal DNS name?

we have a rds environment all windows server 2019. in this environment we deploy our software with remote apps. our customers connect to the software with html5 webclient via rdweb. now we have several times the problem, that the app won`t apper on the first click. when we press the app button on rdweb, the rd connection establish successful but the app won`t appear. now if we open another app both apps will appear and all works fine.

have anybody an idea?

Hello!

I have a RemoteApp host established, and RemoteApps work well.  When I associate any off the RemoteApps with a file type, the RemoteApps starts to launch, but I receive this error:

When I try to access \\tsclient\ drives from Remote App, I receive this error:

However, if I RDP directly to the host, I am able to access the \\tsclient\ drives from the applications.  The problems only occur when using applications as RemoteApps.

In the Applications and Service Logs \ Microsoft \ Windows \ RemoteApp and Desktop Connections \ Operatoinal event log, I receive event 1041 - Remote Application (Excel) is luanched on RemoteApp and Desktop Connection (RemoteApp Host Name) but no stored credentials are used for single sign on.  (Reason - RemoteApp and Desktop connection does not exist).

Using RemoteApps works fine for the 20-or-so test users.  They all have the same problems, on any machine, when using \\tsclient\ drives in Remote Apps, and receive the same error when trying to open files that have a file associated with a RemoteApp. 

I suspect the two problems (not being able to access \\tsclient drives in RemoteApps, and not being able to open files via file-type-associations in RemoteApps) is related to SSO.

I'd appreciate any thoughts about how to resolves theses.

Thanks!

Scott

Hello,

I have a big RDS farm at a client, which mixes RDSH and RemoteApp session.

I'm able to publish those work resources into Session open into the RDSH collection of my farm. This way, my user (on their thinclient) are able to access the RemoteApp published by the collection, everything works fine, but I had to use the Windows 7 way, with the Powershell script and the feed.aspx file.

Everything fine this way, and our end-user are pleased to have direct access to the app from their Windows session.

But we also need to use redirected StartMenu via GPO, and when this is set, we cannot publish the Work Resources anymore.

I know that publishing those work resources create an entry in the start menu, but if I deactivate the publishing GPO, apply the redirected StartMenu GPo, I can't manually publish those Work Resources.

Any ideas of the why, and maybe the how to correct this ?

Regards

hi guys, happy new year.

we have bought new server hardware and software and i will migrate our 2012 r2 rds farm on new enviroement (vmware vsphere 6.7). So we have bought 2019 server and rds cal license and now my question, if i keep actual two connection broker server with 2012 R2, can i create a new collection with 2019 rds server host role?

i wolud keep remoteapp collection with 2012 R2 server and rds desktop with 2019

thanks

Andrea

Hi,

I am in the process of building a new 2019 RDS farm to replace an aging 2008R2 one. I am at the point where i am ready for the UAT however i am having problems making a change apply to all users. 

The problem is that the visual effects are set to not 'Show shadows under windows' which is making it almost impossible to see where one windows ends and another begins. I know this will be a problem in the UAT as the users have made similar complaints when first using the current farm.

I can switch the shadows back on fine for my user, however i cant seem to find anywhere to set this for all users across the system. The last thing i want to do is have to enable this setting for each user (~300 users) on their first login.

Is anyone aware of a group policy which can be applied to have this option set as default? I have read multiple articles online, but they are all geared towards Windows 7.

Any help would be appreciated

Thanks 

Niall

Hello everyone,

I'm still using windows server 2008 R2

And I have a question about the session broker.

If I have a farm with 2 servers. I'm connected to server A and I'm writing some text in a file, the server crash.

I reconnect to the farm,I'm also connected to server B, but I have lost my file. Is there a way that store the CACHE of a session, and restore it for the user who was deconnected from a server and reconnect to a new server of the farm ? And then I would be able to retrieve my file and continue to write my text.

I hope my question was clear enough :D

Thanks for your time and have a good day

Uhuru

This issue has been a thorn in my side for the past several months. While investigating I've read every post/article I could find on the topic and wanted to share my findings, as well as include instructions how to recreate the issue which I haven't seen elsewhere. 

Symptom:

In Server 2012r2 and Server 2016 RDS environments, while in published RemoteApp applications, the Caps lock/Numlock keys become inverted from the local computer. For example, the keyboard indicator shows Caps Lock is off, but capitalizes all characters in the RemoteApp application.

Cause:

The Caps Lock/Num Lock keys are inverted when the application opens a new window, a text field is selected, and the “Caps Lock” or "Num Lock" keys are the first input. It appears that when new Windows are generated from the published application they don't get keyboard sync information until text is input. For instance, if you launch a published instance of File Explorer, click the search bar, and hit the "Caps Lock" key, the issue doesn't happen. However, if you right click a folder, select"open in new window", click the search bar in the new window, then hit the caps lock key, it will. Again, only if the Caps Lock/Numlock keys are the first input.

You can recreate the problem easily by doing the following:

1. Publish "Notepad" in your RemoteApp environment
2. Launch "Notepad
3. Go to File -> Open
4. Select the "File name:" field
5. Press the "Caps Lock" or "Num Lock" key before pressing anything else
6. The caps lock/num lock key will now be out of sync

I have tested this in several applications including: Adobe, WordPad, Word, Excel, PowerPoint. This also works in clean installations on both Server 2012r2 and 2016.

Solution:

Currently none. We placed a paid ticket with Microsoft Support where we explained the issue and provided instructions on how to recreate. The ticket was escalated, and we were eventually informed that this is a known issue that hasn't been documented. We were then provided a refund and informed that they would let us know when a fix is in place.

Workaround: 

Clicking anywhere outside of the RemoteApp applications will correct the inversion. We typically recommend clicking the task bar. Another option is minimizing and maximizing the application manually or by pressing Win+D twice. Many of our users use the caps lock key in place of the shift key. I'm not sure how effective it has been but we are instructing users to use the shift key, especially when entering credentials. 

Even though there isn't currently a solution I hope that this is at least informative and someone finds it helpful.

I use a programme called Acomba and make it open in rpd on the server windows 2016 Essencial.

It's work corectly, but these programme require to have outlook 2016 open on the session to be able to send email.

Actually, I need to make both programme open and my user get confuse between that remote outlook and theyr local outlook.

I need a way that on session opening, outlook open but remain invisible to the user. Thanks.

Hello!

I'm having issues with my RD setup. I don't know exactly what happen, but it broke. If I try to log in via Internet Explorer it loads properly and I can access our resources. When I try Chrome/Firefox(from multiple computers in different locations) this happens. I tried to attach screenshots, but my account has not been verified to do so. Basically the page loads almost empty without any of the fields to enter Username or Password. If I examine the source of the page this shows:

<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet type="text/xsl" href="../Site.xsl"?>
<?xml-stylesheet type="text/css" href="../RenderFail.css"?>

<RDWAPage 
    helpurl="http://go.microsoft.com/fwlink/?LinkId=141038" 
    workspacename="Work&#32;Resources" 
    baseurl="https://EDITEDOUTFORSAFETY/RDWeb/Pages/en-US/"
    privacyurl=""
    >
  <RenderFailureMessage>
    <html xmlns="http://www.w3.org/1999/xhtml">
        <head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
            <title>Error: Unable to display RD Web Access</title>
        </head>
        <body>
            <h1>Error: Unable to display RD Web Access</h1>
            <p>An unexpected error has occurred that is preventing this page from being displayed correctly.</p>
            <p>Viewing this page in Internet Explorer with the Enhanced Security Configuration enabled can cause such an error.</p>
            <p>Please try loading this page without the Enhanced Security Configuration enabled. If this error continues to be displayed, please contact your administrator.</p>
        </body>
    </html> 
  </RenderFailureMessage>
  <BodyAttr 
    onload="onLoginPageLoad(event)" 
    onunload="onPageUnload(event)"/>
  <HTMLMainContent>

      <form id="FrmLogin" name="FrmLogin" action="login.aspx?ReturnUrl=%2FRDWeb%2FPages%2Fen-US%2FDefault.aspx" method="post" onsubmit="return onLoginFormSubmit()">

        <input type="hidden" name="WorkSpaceID" value="EDITEDOUTFORSAFETY"/>
        <input type="hidden" name="RDPCertificates" value="3C1BFF3D553CB91F896AA95498495CC52E63161E"/>
        <input type="hidden" name="PublicModeTimeout" value="20"/>
        <input type="hidden" name="PrivateModeTimeout" value="240"/>
        <input type="hidden" name="WorkspaceFriendlyName" value="Work%20Resources"/>
        <input type="hidden" name="EventLogUploadAddress" value=""/>
        <input type="hidden" name="RedirectorName" value="EDITEDOUTFORSAFETY"/>
        <input type="hidden" name="ClaimsHint" value=""/>
        <input type="hidden" name="ClaimsToken" value=""/>

        <input name="isUtf8" type="hidden" value="1"/>
        <input type="hidden" name="flags" value="0"/>


        <table id="tableLoginDisabled" width="300" border="0" align="center" cellpadding="0" cellspacing="0" style="display:none">

            <tr id="trWrongAxVersion" style="display:none" >
            <td>
                <table>
                <tr>
                    <td height="20">&#160;</td>
                </tr>
                <tr>
                    <td><span class="wrng">You don't have the right version of Remote Desktop Connection to use RD Web Access.</span></td>
                </tr>
                </table>
            </td>

AND MORE....

I have two nodes that I am trying to set up a virtual machine-based deployment with.

Node1 has RDCB, RDGW, RDWA, RDVH all installed properly, and seem to work as expected.

Node2 has only RDVH installed, and it is not working correctly.

From Node2, in Server Manager under Remote Desktop Services, I get the error:  

The server pool does not match the RD Connection Brokers that are in it. Errors:
1. Cannot connect to any of the specified RD Connection Broker servers. Ensure at least one server is available and that the Remote Desktop Management (rdms), RD Connection Broker (tssdis), or RemoteApp and Desktop Connection (tscpubrpc) services are running.

Node1 (which hosts the RDCB) is online, and all of the three services above are running on it.

I can ping Node1 from Node2 and vice versa.

Node2 is apart of the server pool on Node1 and vice versa. I even removed them and re-added them.

I followed threads suggesting to open the RDCms database in SQL Management Studio, bring it offline and then back online, but this makes no difference (probably because RDCms was not in a recovery or pending state in the first place for me).

Uninstalling RDVH and re-installing RDVH directly onto Node2 makes no difference.

Uninstalling RDVH and re-installing RDVH through "Add RD Virtualization Host Servers" under Deployment Overview on Node1 fails with this error in Event Viewer under Microsoft-Windows-Rdms-UI/Admin :

Event ID 4119

RD Virtualization Host Configuration Failed on <server-name> With Error: At least one of the required services is not running on the server <server-name>.

Searching this event ID pretty much only brings up results about firewall blockages. I have no firewall set up, and so this is not the issue. I found absolutely no results online about not having a required service.

On Node2, I have the following services installed and running:

- Remote Desktop Configuration

- Remote Desktop Services

- Remote Desktop Services UserMode Port Redirector

- Remote Desktop Virtualization Host Agent

What service am I missing? Is it Remote Desktop Management (rdms)? How do I go about installing it? And why was it not already installed?

Both these servers have just gone though fresh OS installations, are fully updated, and have identical OS specs. 

I have removed/installed/rebooted both servers countless times to try to get a proper RDVH installation on Node2.

It makes no sense as to why this wouldn't be working out of the box.

We upgraded a system to 1903 and immediately we are unable to remote powershell to that box.

Already done:

No available updates to install.

rebooted several times more.

Firewall is disabled.

disable-pssession and re-enable pssession, no errors.

This is the error we get when trying to connect:

Enter-PSSession : Connecting to remote server testdesktop failed with the following error message : WinRM cannot process the
request. The following error with errorcode 0x80090322 occurred while using Kerberos authentication: An unknown security error
occurred.
 Possible causes are:
  -The user name or password specified are invalid.
  -Kerberos is used when no authentication method and no user name are specified.
  -Kerberos accepts domain user names, but not local user names.
  -The Service Principal Name (SPN) for the remote computer name and port does not exist.
  -The client and remote computers are in different domains and there is no trust between the two domains.
 After checking for the above issues, try the following:
  -Check the Event Viewer for events related to authentication.
  -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS
transport.
 Note that computers in the TrustedHosts list might not be authenticated.
   -For more information about WinRM configuration, run the following command: winrm help config. For more information, see the
about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ Enter-PSSession testdesktop
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (testdesktop:String) [Enter-PSSession], PSRemotingTransportException
    + FullyQualifiedErrorId : CreateRemoteRunspaceFailed

The internet has a lot of stuff about broken SPN's on web servers and deleting or recreating:

http/host.domain.com  

but this isn't a web server, it's just a Windows 10 desktop. there are no existing HTTP SPN's on this box.

Domain trust is fine, computer account is fine.

Any ideas are appreciated.

Hi All,

we use a Windows Server 2016 RDS Deployment with three virtual Machines: the first VM is the classic Terminalserver Desktop where all users connect to from their client PCs, the two others are RDS Hosts with some RemoteApps, like Outlook 2016.

Sometimes this happens:

1. a User connects to the terminalserver by RDP ( not using RD Gateway, Native Port 3389 )

1. the User starts Outlook as Remoteapp on the Terminalserver ( RDP Icon on the Desktop, Connecting by RD Gateway )

2. the User clicks on "New Mail", a window opens, he writes the content and sends it, the windows closes, everything is fine ;-)

3. the User clicks on "New Mail" ( or wants to forward an existing mail ), a windows opens - this window shows the content of the previous e-mail (from 2.) - it is not possible to hit or edit the elements in the windows, it's just graphic ...

This behaviour is confusing the users.

Workaround: resizing the windows solves the problem, after this the user use the window, can edit ...

It seems that the graphical content is cached somewhere, so we disabled "bitmap caching" in the rdp Settings on the Client PC and in the rdp Settings for Outlook on the Terminalserver - nothing changed. 

Sometimes the behavior occurs after writing 10 to 15 E-Mail, sometimes after every E-Mail. There is no regularity. The Load on the VMs isn't high, enough RAM. 

Do you have any ideas ? 

Best Regards,

Karsten

Hi,

So nothing like being on the cutting edge......

I have been testing Server 2019 RDS and so-far-so-good apart from an issue with the Windows Search Service.

It appears that in Server 2019 each user gets their own search database EDB file in their profile path (appdata\roaming). e.g.

C:\Users\username\AppData\Roaming\Microsoft\Search\Data\Applications\S-1-5-21-3901271148-1553943383-1671037523-1629\S-1-5-21-3901271148-1553943383-1671037523-1629.edb

When they log on and log off; this is connected to the search service and the following event log is generated

Source:ESENT
EventID: 326
SearchIndexer (10896,D,50) S-1-5-21-3901271148-1553943383-1671037523-1629: The database engine attached a database (3, C:\Users\username\AppData\Roaming\Microsoft\Search\Data\Applications\S-1-5-21-3901271148-1553943383-1671037523-1629\S-1-5-21-3901271148-1553943383-1671037523-1629.edb). (Time=0 seconds)

Unfortunately it appears that this process is not very stable and on some logons the database in the users profile does not attach and the following error is generated

Source:Search
EventID: 3057
The plug-in manager <Search.TripoliIndexer> cannot be initialized.
Context: S-1-5-21-3901271148-1553943383-1671037523-1629 Application

Source:Search
EventID: 3028
The gatherer object cannot be initialized.
Context: S-1-5-21-3901271148-1553943383-1671037523-1629 Application, SystemIndex Catalog
Details: The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)

And a few more similar but related errors....

No subsequent logon/off will succeed in attaching the database until the Windows Search service is restarted

I am not testing with User Profile Disks or Roaming Profiles
There is no AV on the server

Any ideas?

Andy

Andrew

Hello,

I have the internal RDS Server name (rds.internal.lan) exposed in the RDP-window regardless of I start it from the Web access or Remoteapps and Remote Desktops. The objective is not to eliminate Certificate mismatch warnings.

I have a 2 server setup,

1) dc.internal.lan DC/DNS with 'pinpoint' DNS A record for rds.publicdom.com pointing to the server's private ip

2) rds.internal.lan with all RDS (also RDGW)Roles. 

Only Desktop Collection is published.

All roles configured with trusted certificate for rds.publicdom.com

Role          Level          ExpiresOn                           IssuedTo                                      
----          -----          ---------                           --------                                      
RDRedirector  Trusted        01/08/2021 00:59:59                 CN=rds.publicdom.com                                 
RDPublishing  Trusted        01/08/2021 00:59:59                 CN=rds.publicdom.com                                 
RDWebAccess   Trusted        01/08/2021 00:59:59                 CN=rds.publicdom.com                                 
RDGateway     Trusted        01/08/2021 00:59:59                 CN=rds.publicdom.com 

AND 

Subject              : CN=rds.publicdom.com
SubjectAlternateName : {rds.publicdom.com, www.rds.publicdom.com}
IssuedBy             : CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, S=Greate
                       r Manchester, C=GB
IssuedTo             : CN=rds.publicdom.com
ExpiresOn            : 01/08/2021 00:59:59
Thumbprint           : FDD6C6647131871F2KKK5197A29EE04FDFD90C4C
Role                 : RDGateway
Level                : Trusted

PS C:\> Get-RDWorkspace

I attempted to change the RDPublishedName with the tool from the below link, that runs fine, but makes the RDP Desktop unavailable.

https://gallery.technet.microsoft.com/Change-published-FQDN-for-2a029b80

Is the HA configuration described in the very useful article below an option to configure the internal name correctly? 

https://msfreaks.wordpress.com/2018/10/06/step-by-step-windows-2019-remote-desktop-services-using-the-gui/

Any assistance will be highly appreciated.

Best regards

Tim K