Hello,
We are planning to deploy OneIdentity SPS for session monitoring. We want to deploy it as a Remote Desktop Gateway in front of a windows server (Session Host).
I want to know how will the license be managed in this case. Note: We have RDS Device CAL license model.
Knowing that all traffic will go through the SPS, is this considered as one device?
For more on SPS as RD gateway: https://support.oneidentity.com/technical-documents/doc1300463
Hello.
I heard that phrase before "There is no stupid questions, only stupid answers". I am going to challenge it.
Here is a stupid question that I came up with and I do not remember seeing it asked or answered!
Our techops need to have simultaneous access to administer certain application servers. Until now, they used direct RD connections that limited them to 2 simultaneous sessions. I have deployed server 2016 RDS infrastructure, installed RD Session host roles
on those applications servers, that they managed, placed them in one collection, installed User CALs and voila. The techops add RDS gateway in the RD properties and happily connect to the servers.
Have I achieved the requested goal?
What did I just give them - an environment which they can now use as remote users (aka VDI) or the way to have more than 2 simultaneous connections or the combination of the 2 ? Which option for a session type would be better: pooled desktop session
or personal desktop session?
Thank you.
Hi Experts!
Would like to ask if it is possible to have 2 Collection which is windows 7 and 10 with 2 RDSH in one VDI infrastructure ? Or should i need to add additional RDSH for new Windows collection in same server?
Currently we have existing windows 7 collection and we provision to build another collection, we have successfully build it and create virtual desktop under the new collection. Unfortunately upon testing /log in to windows 10 we have an error message prompt below.
Can someone tell us the best practices if it's possible to have 2 collection with 2 RDSH only separated the RDVH server. or it may required to have additional Remote Desktop Session host in VDI. ?
Homer Sibayan
Hi,
We have a web application published on rdweb through internet explorer. When users click on the application, it opens in internet explorer and the screen resolution is fine when opened on PCs but very small if Microsoft Surface users open it. We are currently having same application with two different sizes to solve this problem. Is there a way to have one size for all the devices?
Thanks.
Dear sir
Recently i have formatted my server and re-instaled windows server 2008 enterprise edition. Our clients are accessing this server thorugh remote desktop connection and they will be able to logon to application and if they close the application they will be logged out from the server. They are not allow to see or to do any other activity on the server and server desktop.
My problem is the clients are getting the date format dd/mm/yyyy but they wanted to have dd-mm-yyyy. I have done configuration changes on the regional setup (administrative tab).
Before changing the above setup there are users already created. For those users the date format is showing dd/mm/yyyy but if i remove that users or add new users i am getting the new format as dd-mm-yyyy.
Is any way i can change the date format to all the users without deleting the user account.
Your help will be very helpful.
Thanks
Srini-Mumbai
We have Server 2019 running RDS
How do I get Sticky Notes installed ?
Thanks,
Steve
Hello,
We have two old virtualmachine 2008 r2, running remote desktop app services, and we got some issues with schtask.exe process that comes randomly and uses all of cpu ressources that freeze the server.
We have to force restart the vm to get the services running again.
My question :
is it possible to disable remote access to schtasks.exe or just disable it forever? Because we 're suspecting a virus trying to remotly access to the task scheduler on both machines.
Thanks in advance and sorry for my bad english
OS: Windows Server 2019 Standard
Version: 1809
OS build: 17763.1039
Server is a VM installed on a Windows Server 2019 Standard Hyper-V physical server.
Server has terminal services installed and is being used as a RDP server.
It has the search services feature installed.
The problem is that I am unable to select any of the drives as locations for search indexing. There should be at least a C: D: and F: drive available for indexing, but none are available. I have already click the "Show all locations" button but that added nothing to the list. I have tried logging in as a new user, but that didn't help. I have tried uninstalling and re-installing the feature but that didn't change anything. Server has been rebooted multiple times with no change. I'm really at a loss at this point, any other server 2019 that I try the same process on works perfectly.
We have Remote Desktop published through Web Application Proxy, both running on Server 2012 R2.
The RDS application in WAP is configured for pass-through authentication so users can connect from both Windows and non-Windows ("rich apps" on Android/iOS/Mac) devices. This has been working for the past few years without issue.
After installing recent update KB4534309 (or the rollup that contains it, KB4534297), the non-Windows clients are unable to connect. They show error 0x3000008 during the "initiating remote connection" phase:
We couldn't connect to the gateway because of an error. If this keeps happening, ask your admin or tech support for help.
Has anyone experienced this or figured out a way to fix it?
Hello all, need some help in determining why the ConnectionBroker can't see the delegated rights to the assigned OU for creating & deleting virtual desktops.
Environment:
Regardless of the method I try to use I'm stymied in creating a virtual desktop pool.
I've been able to successfully get RDSH working, but not the RDVH.
I've validated the permissions on the OU. I've cleared out the permissions, setup new OUs to try, re-run the commands, used the script that they provide. Permissions are there...but the UI and PowerShell commands simply don't acknowledge the permissions. I've even tried (and reverted) given Everyone full access to the OU.
Errors:
In the 'Create Collection' UI Wizard I receive the following text when clicking Next in the 'Unattended Settings' section.
In the Deployment Properties, Active Directory section I receive the following text:
Clicking apply and/or using the 'Generate Script' button and running the script applies the permissions...but the UI does not acknowledge that it works. Visually validated the permissions through AD.
Ran Test-RDOUAccess and received an error -2147463168, Failed to test access for the Connection Broker.
Ran Grand-RDOUAccess and received the same error -2147463168, says that my current user didn't have the rights. I tried with a domain admin and enterprise admin account...still didn't work.
Hoping that someone can give me an idea on what to try next.
Thanks!
Hi!
I've been testing out RDS for our company and have deployed all roles on a single Windows server 2012 R2 (version: 6.3 Build 9600) for testing. It worked for a couple of days but suddenly almost nobody can login in, the users get this error "Your computer can't connect to the Remote Desktop Gateway server. Contact your network administrator for assistance". In the windows log on the server this shows up: "The user "user@domain", on client computer "xx.xx.xx.xx:12345", has initiated an outbound connection. This connection may not be authenticated yet.".
4 different users have tried logging on at home at their home network without success. But somehow it works for me, both at the office and at home on a another computer and a completely different network. And the other user accounts work at my PC even tho none of the computers is connected to the domain that the RDS solution is running on.
I've tried adding the registry keys LmCompatibility and EnforceChannelBinding but it doesn't work.
Any thoughts on what i'm missing?
We run Server 2016's only but get that same license message since ~ January 2020 only. We have Ncomputing L300 terminals behind. We use CAL per device with Workgroup only and our RDL diagnosers says there are no issues. Each server is its own licensing
server too.
Through gpedit.msc I switched off licensing messages but that has no effect.
Sometimes the terminals get disconnected for ~30 seconds but they come back in the last state, just irritating.
We don't want to give our students admin login rights.
Hi there,
In my environment we run 4 virtual windows server 2012 R2 plus a host on the same. Occasionally on the Main domain controller I will receive and RDP error from one of our sensors on our monitoring software (PRTG), when trying to remote in it will pop up saying, unable to connect and internal error has occured. It is very random, some days it wont happen sometimes it may happen once, it could happen 3 or 4 times at random intervals in a 20 minute period, the sensor also monitors the response time for RDP and it just seems to timeout. We have a sonicwall firewall in between the server and the outside world. I have tried changing the connection properties on windows firewall as well and other suggestions don seem to apply to my environment. Would anyone have any suggestions.
Kind Regards
Ben
Hello
We have got a server, call it S1, running Windows Server 2012, and workstations running Windows 10 Enterprise 1909. People regularly need to access this server using the workstations. When people on workstations try to access this server, it initially works (i.e. they enter their credentials and then the "The identity of the remote computer cannot be verified ..." windowappears), but then the "remote desktop can't connect to the remote computer for one of these reasons" error comes up. It goes away when connecting again, but instead shows the following error (without the "The identity of the remote computer cannot be verified ..." screen):
The connection has been terminated because an unexpected server authentication certificate was received from the remote computer. Try connecting again. If the problem continues, contact the owner of the remote computer or your network administrator.
This has been occurring sporadically ever since the server was built, however in the past few days it has appeared on all of the workstations. A few workstations used by sysadmins can still access the server by remotely connecting to another server that is on the same network, then remoting to S1 on the other server, however this is not the case for the rest of the workstations in the room. I've tried pinging S1 and it's replying fine.
I have also checked out the following other solutions to this problem from similar forum posts :
I can't seem to figure out anything else about why this is happening.
Hey guys,
I guess a simple (stupid) question for the RDS specialist.
We have one broker and several Session Host servers. There is a DNS entry, lets say "RDS.Domain.local" which is setup for Round Robin. The A record is created multiple times for every RDSH server. So users will use this DNS name to connect to the
farm.
When i want to make the broker HA i have to setup Round Robin also for the brokers. Lets say i create a record called "Broker.domain.com". How does a user connect to the farm after the broker HA setup? Will he/she still use "RDS.domain.local"?
I will use an external CA given certificate for the broker setup, like for example *.domain.com. This will be setup during the 'Broker HA setup' for Single Signon and Publishing. Can i still use "RDS.Domain.local" to connect to the RDS farm from a
user point of view? Or will i end up in conflicts because i use .Domain.local (RDSH) and .Domain.com (Brokers)?
Thanks for the answer.
Kr,
AJ
Windows Server 2019 1809 Build 17763,832 Win Defender Firewall disabled
I have a working publicly configured RDS-environment with RD GW and a trusted root certificate.
I have the NPS-extension installed ok.
I have configured
On the RD Gateway server:
RD CAP Store to 'use central server running NPS'
Remote Radius Server Group with ip of the central NPS Server, shared secret, recommended timeouts.
Radius Client with ip of the central NPS Server
Conn Request Policies
Network Policy
On the Central server running NPS:
Remote Radius Server Group with ip of the RD GW Server, shared secret, recommended timeouts.
Radius Client with ip of the RD GW Server, shared secret, recommended timeouts.
Conn Request Policies
The Network Policy on the central NPS Server was not created by me:
Hi there,
we've just Setup a new Server 2016 with Remote Desktop Licensing and the licenses for Server 2016 RDS Per User CAL's are also installed on it.
The Topic is, that when a user connects from one of our existing Server 2008 RDS Servers to it, the license Server serves him with a Built-In OverUsed License for Server 2008 R2.
It's the same behavior discussed on this Blog: Performance Team Blog
Now is this normal and can we proceed with this Setting or are we getting a Problem with it? We are in the Migration Progress from Server 2008 R2 to Server 2016 but maybe we can Change the License Server before the new Servers are installed.
Best Regards
Marc
Hi All,
So I understand that you cannot use SQL Express for HA connection broker back end because Express does not have any HA features native to the express version...but..
Can you use SQL Express as instead of WID as an RDS Connection Broker back endwithout any HA setup?
I'm trying to figure out how to create an RDS farm that is TLS 1.2 capable so that it meets our strict security auditing requirements so as I understand I need an SQL connection broker database to achieve this but I don't need HA, I just want to run a SQL Express database locally on my RDSCB server capable of allowing TLS1.2 level encryption in the RDS farm.
Anyone know if this is possible?
Thanks in advance...
durrie.
Hello everyone,
So im stuck for days on a problem, I have an RDS farm and the file share for upd (single node).
I want to file share cluster for the high availability on the UPD profiles.
So I started creating the cluster on azure.
Each node has 2 hdd for data for the cluster, I have enable ClusterS2D create the disk on CSVFS_REFS format and everything until now is fine. Then I installed the Scale-Out File Server role so the upd will be always available.
Configured a load balancer so can point to the file share role ip, I can connect now with the file share from the RDCB but when I try to add the shared path to the user profile disk I got this error.
I have set the static ports for RPC on regedit.
#Set RPC dynamic ports to static range setting
New-Item "HKLM:\Software\Microsoft\RPC\Internet"
New-ItemProperty "HKLM:\Software\Microsoft\RPC\Internet" -Name "Ports" -Value '50001-51024' -PropertyType MultiString -Force
New-ItemProperty "HKLM:\SOFTWARE\Microsoft\Rpc\Internet" -Name "PortsInternetAvailable" -Value Y -PropertyType "String"
New-ItemProperty "HKLM:\SOFTWARE\Microsoft\Rpc\Internet" -Name "UseInternetPorts" -Value Y -PropertyType "StringDo I need to configure anything on the load balancer?
when i add to the load balancer the rule for port 135 i give me another error.
for the configuration of the cluster i have follow the microsoft documentation.
Sorry maybe I didn’t expanding it very good as im new to this things.
Thank you
Hello,
I have used group policy to enable Unsolicited Remote Assistance to Domain Computers:
... & set Windows Firewall to allow Remote Assistance:
Logged on to a domain computer, in lusrmgr.msc I can see that the appropriate groups are added to the Offer Remote Assistance group and can telnet "computer name" 135 to that domain computer - group policy as been applied correctly. All PC's are fully up to date with Windows Update.
When I initiate msra.exe /offera to the domain computer I have confirmed *should* work I get:
(There was a problem interacting with COM object 833E4010-AFF7-4AC3-AAC2-9F24C1457BCE. An outdated version might be installed, or the component might not be installed at all.)
This is in eventvwr.msc of the computer initiating the Remote Assistance session.
How can I resolve this?
Thanks