Hi All,

So I understand that you cannot use SQL Express for HA connection broker back end because Express does not have any HA features native to the express version...but..

Can you use SQL Express as instead of WID as an RDS Connection Broker back endwithout any HA setup?

I'm trying to figure out how to create an RDS farm that is TLS 1.2 capable so that it meets our strict security auditing requirements so as I understand I need an SQL connection broker database to achieve this but I don't need HA, I just want to run a SQL Express database locally on my  RDSCB server capable of allowing TLS1.2 level encryption in the RDS farm.

Anyone know if this is possible?

Thanks in advance...

durrie.

Hello,

Serer 2012 R2 used to allow remote connections through RDweb via internet. I am still able to login to the server on the internal network via RDP. I have been through and checked all the deployment options and SSL certs within server manager. I can access the web page fine, but its not letting me login with this error

The user name or password is incorrect. Verify that CAPS LOCK is off, and then retype your user name and password. If you continue to experience problems, contact the person who manages your server.

I have tried both logging in using both credential formats domain\user user@domain.xx.xx.

I have been through the event logs and cant see anything related. 

I have no gateway server. 

I have checked the firewall rules so RDP is allowed. 

Has anyone got any suggestions on how I can track down the issue?

Thanks

We have Server 2019 running RDS

How do I get Sticky Notes installed ?

Thanks,

Steve

Hi there,

In my environment we run 4 virtual windows server 2012 R2 plus a host on the same. Occasionally on the Main domain controller I will receive and RDP error from one of our sensors on our monitoring software (PRTG), when trying to remote in it will pop up saying, unable to connect and internal error has occured. It is very random, some days it wont happen sometimes it may happen once, it could happen 3 or 4 times at random intervals in a 20 minute period, the sensor also monitors the response time for RDP and it just seems to timeout. We have a sonicwall firewall in between the server and the outside world. I have tried changing the connection properties on windows firewall as well and other suggestions don seem to apply to my environment. Would anyone have any suggestions.

Kind Regards

Ben 

Hello.

I heard that phrase before "There is no stupid questions, only stupid answers". I am going to challenge it.

Here is a stupid question that I came up with and I do not remember seeing it asked or answered!

Our techops need to have simultaneous access to administer certain application servers. Until now, they used direct RD connections that limited them to 2 simultaneous sessions. I have deployed server 2016 RDS infrastructure, installed RD Session host roles on those applications servers, that they managed, placed them in one collection, installed User CALs and voila. The techops add RDS gateway in the RD properties and happily connect to the servers.

Have I achieved the requested goal?

What did I just give them - an environment which they can now use as remote users (aka VDI) or the way to have more than 2 simultaneous connections or the combination of the 2 ?  Which option for a session type would be better: pooled desktop session or personal desktop session?

Thank you.

We have OpenGL application working on a server computer.  If later we connect via RDP to this server, OpenGL application continues to function without any problems. Obviously RDP just transfers image from server to remote computer.

If we start the same OpenGL application on the same server from RDP session, it runs OpenGL not on server but on the remote computer. Application crashes on operations that require OpenGL 2.0 or higher.

Is there any way to force RDP to run OpenGL code always on server no matter how it was started, directly on server or from remote computer?

Ran into a couple of issues getting SharePoint mapped for our users but was able to get those resolved once I installed the WebDAV svc on the server. I was able to the map the drive for each user and verified it was working properly. 

Fast forward a few days, and I had a handful of users reach out to me saying that they couldn't access the mapped SharePoint drive. I checked each of their profiles, and all of them were getting the error that access was denied and they needed to reach out to their network admin. I remapped the drive for each user, and they were able to access it fine. The last user I decided to dig a little further on. I disconnected and remapped the drive, verified that it was working properly, logged off and back on to see if the drive would hold. If you are familiar with SharePoint and mapping it as a local drive, you are aware that every restart/shutdown/log off event will force you to reauthenticate to SP on the drive. However, this did not occur. The drive icon was still green as if the session never closed properly and when you went to launch the drive the document library was empty. No force to reauthenticate and no docs. Close File Explorer and attempt to get back on the drive, "access is denied, contact network admin" error.

Very odd behavior, even for SharePoint. I'm curious if anybody else has ran into this? We previously used a Citrix platform and never ran into this issue. To summarize the issue again; User can access mapped drive to SharePoint, ends session, begins another session, can't access the drive.

Any help would be awesome!

Hello,

I am trying to install the RD License manager on a member of computer in AD. The AD Schema is Windows Server 2016 and this member computer is Windows Server 2019.

I have successfully installed the role and activated the server, added the member computer in the BUILTIN "Terminal Services License Server" group but in the configuration page I get the message "the system cannot determine if the license server is member of tsls group".

All the required ports are also open as specified by : https://support.microsoft.com/en-us/help/832017/service-overview-and-network-port-requirements-for-windows#method53

Does anyone have a similar issue or know how to solve this? I dont want to install any CaLs if the service has any errors.

Regards,

Tony

antonis michael

Hi,

I want to create different AD groups and assign RDP with limited permissions e.g. for application team to run different application services etc. similarly to DBAs to to check DB related things. but they should not be able to install anything or restart servers.

please guide

Regards

Ali

Hello,

We are planning to deploy OneIdentity SPS for session monitoring. We want to deploy it as a Remote Desktop Gateway in front of a windows server (Session Host).

I want to know how will the license be managed in this case. Note: We have RDS Device CAL license model.

Knowing that all traffic will go through the SPS, is this considered as one device?

For more on SPS as RD gateway:  https://support.oneidentity.com/technical-documents/doc1300463

Hello everybody,

A customer runs Windows Server 2019 terminal server farms. From the local network, everything is fine. Users get perfectly connected and load-balanced to the RD servers. However, if the log on to the domain through a VPN (TMG 2010) which does not block any traffic, they can only only sometimes connect to the farm. When they fail, their Windows 10 RDP client just yields an "internal error" without being more specific.

We checked already:

* TMG does not block anything coming from the VPN to the inner servers or vice-versa. We also tried temporary firewall rules allowing any traffic in both directions.

* DNS resolution and contact to the domain controllers is fine from the LAN and through the VPN. There are DNS A records for each RD server, and for each RD server there is a DNS A record with the farm name, pointing to each of the RD servers, for DNS round-robin.

* The RD broker (a separate server) load-balances the users just fine.

* The clients get a DHCP address for their VPN connection from VPN, also just fine.

* The clients CAN connect every time to the old 2008 R2 server farm which did not load balance. When they try to connect to a 2019 farm (with each farm consisting of 4 RD servers and its own broker and licensing server), the only connect sometimes, the other time failing with the "internal error".

* The clients connect (locally and through VPN) using the same .rdp file pointing to the farm name. The do not use RDWeb currently, nor a RD gateway.

We have the suspicion (although not proved 100% yet) that the users can connect when a RD redirection is not needed/requested by the RD server that they initially contact via DNS round-robin.

Is such a symptom known? Does anyone have a clue what is happening here?

Best Regards, Stefan Falk

We're running an old but still important business app that is built on Silverlight. Yes, it was really stupid to build it on Silverlight, but hindsight is 20-20; there are steps in play to replace it. But for now we must run it.

We also use RDS for the majority of our workers, and on RDS 2016 it has become quite unstable, especially from Windows 10 clients but possibly also older thin clients that still run an Embedded OS.

The only browser remaining that runs the Silverlight plugin is "good" old Internet Explorer, and it has generally worked, but lately especially after some of the newer patches (I presume) users have begun experiencing screen flicker, UI elements just appearing to move around and after a while just a straight-up logoff off the system. This is massively disrupting of course.

Running the same things on a Windows 10 local client (without RDP) works the way it has until now.

Grateful for any ideas on what may be causing this and how I could mitigate it.

This is to raise issue with Microsoft for “DPAPI”.

DPAPI stands for “Data Protection Application Programming Interface”, a built in component in windows 200x servers and used by developers for encryption/decryption of text/string like passwords.

We need to know if there is any specification for “DPAPI” when it is used by any application in Windows Terminal Server (Farm Environment) which has both Roaming profile functionality and Folder Redirection configured.

We are asking this because our customer is facing issues in using client app for above mentioned configuration of windows server and has escalated this. Currently we see it to be a configuration issue of their windows server.

 Issue Details:

Our client app use DPAPI to encrypt and then decrypt specific user settings which are to be saved in file in the roaming folder location, something like this  à  C:\Users\<user-name>\AppData\Roaming\XYZ.

DPAPI works in Roaming profile and we use protection scope in DPAPI based on current user (and not local machine) in our client app

Read more details here.. https://support.microsoft.com/en-us/help/309408/how-to-troubleshoot-the-data-protection-api-dpapi#bookmark-1

In a windows terminal server farm, we will have multiple terminal server for load balancing. In this environment, it is not fixed the user will always get logged in to the same terminal server

When user gets logged in to a terminal server other than previous one then issue occurs in client app. When it is launched it shows error. To fix this user needs help of admin.

The reason for this issue is that the encrypted “settings” file of client for that user (in the roaming folder) is not getting decrypted (DPAPI) at this different terminal server where is user is logged in now and thus client show auth failure.

 The DPAPI used in the client for decryption throw following exception

 [0 2019-04-18 09:35:42.497]<E/Application> 1st chance exception (type=CryptographicException): sender(Name:XYZ.exeThere are no context policies.), exception=Key not valid for use in specified state.

It appear the DPAPI at this terminal server is not at the correct state to decrypt the user file. However as per Microsoft, if we are using “Roaming profile” then DPAPI should be in the correct state and work seamlessly irrespective user is in which computer but connected to the same AD domain. 

 Now, why customer is getting this issue if Roaming profile functionality is enabled.

1. Is it a configuration issue at customer end.
2. Is it something not supported on windows terminal server environment or due to “Folder Redirection”

I hope this information is enough. Let me know if you need more information related to this.

we have a problem days ago and we couldn't figure it out

we have one employe works as remot before he was able to see his local printer and use it but now hes not able to see it

i check everything i can GPO ,terminal server mangment, remot desktop settings , easy print , ..... all seems to be right but he still not able to use his local printer

Hello,

We are deploying a new RDS environment.  As a brief overview of our setup:

• 1 dedicated server for the broker, gateway, session host, and licensing (for 10 users or less)

After reading numerous articles, i'm trying to figure out the certificates.  I know I will need one 3rd party cert for the Connection Broker, Web Access, and Gateway roles to allow users to access the resources outside the network.  My questions are as follows:

• When obtaining a wild card cert, do I need to have the internal FQDN of the server, the external FQDN, or both listed in the cert?
• For the external FQDN, can i choose whatever I want (i.e. RD.COMPANY.COM) and then enter that in the internal DNS? Or external only? (sorry not a DNS guru)
• For the RD Web Access URL, do I need to change that to my external FQDN (i.e. RD.COMPANY.COM) or leave as is?

My thinking is I need to obtain a wild card cert with an external FQDN (i.e. RD.COMPANY.COM).  In my external DNS, setup that FQDN with a external IP address and allow that thru my firewall to the internal IP.  Am I on the right track?  Thanks for any assistance! 

We migrated to a Server 2016 based RD system a while back and in increasing frequency, users who log off or time out when they disconnect (it happens in both cases, possibly more so in the latter) don't have their profile accessible.

Using the "Sidder" app I can see that the users profile .vhdx file is locked and appears in use on one of the RD hosts, but the user is not logged in when viewing directly on the server or via the RD broker server.

By closing the open files on the profile drive server that stores those profiles, the user can usually then log in, but in some cases - if they get the same server they used last in the RD host pool - that server still refuses to load the profile, and I have to manually shut down logins on that server to steer them to another host, where their profile finally attaches.

This is, obviously, making my users furious. This kind of song and dance to log in when they go to do work is not appreciated, nor does our IT people enjoy the wasted time troubleshooting this stuff.

Does anyone have any suggestions on what could be causing this unreliability? Is the only answer really to get a third party profile management system to fix this into a usable state? We tried classic roaming profiles on an earlier generation system and had all the fun roaming profile problems so going back in time is not an option.

Hi,

Somebody's can help us what is causing of this error in Remote Desktop Connection. ? We Still have Window 7 pooled collection and everything is fine and working. And now we are provisioning the Windows 10 Virtual Desktop in the VDI infrastructure. After installation of windows 10  pooled collection in RDCB and have it created/Add  a 30 virtual Desktop we got this error during the connecting of our Wyse Thin client Device. 

Is there any steps need to check on this. ? 

Current Infra:

2 RDCB

2 RD Virtualization Host

1 RD gateway server (w/ DMZ switch )

1 RD web Page server (w/ DMZ switch )

1 RD Licensing Server Role

1 File Server

2 SQL Database Server Node

Checked and Verified the following : 

1. Windows 10 Master Image have been sysprep properly in the Session Host.

2. Created a Windows 10 Virtual Desktop properly.

3. Path to the correct cluster storage volume, parent disk and user profile disk. 

4. Ensure that Windows 7 profile disk, CSV and parent disk folder is separate to windows 10 pooled collection. 

5. Windows Server 2016 Version.

6. 2 times to recreate all VM's and collection in the RDCB.

Thanks

Homer Sibayan

My company is using a software package which is installed on RDS. All users access this program via Remote Desktop. The program is a business application which directly executes CRUD operations on a Pervasive database (no middle tier!). Our RDS server and database server reside in the same room (actually on the same vm host). Some of our users are remote over a VPN tunnel. These were the main reasons I wanted to install on RDS, because software updates and stability would be a nightmare if the application was installed on individual PCs, most notably with some running remotely. This setup would promote more stable execution because the servers are local to each other.

On occasion, the software produces database errors.

Certain errors are reoccurring, and the software company blames the issue on dropped packets. They claim desktops using a wireless connection can cause issues. They claim that this corrupts cache files and causes the database corruption.

I'm under the impression that RDP should generally negate any network issues because the application is executing on the server, not the PC. If a connection is interrupted, the application should continue to gracefully execute in the background until the session is reestablished.

On a setup like this, is it at all possible (or even heard of) to introduce database errors via RDP? Any thoughts?

Thank You.