RDS server giving odd audit failure when user log in.

October 10, 2014, 2:02 pm

≪ Previous: RDS Pooled desktop naming suffix bug?

About 8 of them when anyone logs into server 2012 r2 RDS server. This was a server 2k3 domain and there were definitely some hickups with terminal server licensing not be delegated Access to TS licensing user properties in AD and issue with 2003 default DC policies preventing windows internal database from working correctly. This one I'm clueless about. There is nothing that isn't working, there are no application or system errors occurring along with the audit failure. Hoping someone super smart would know..

Thanks,

Klaus

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          10/10/2014 3:13:10 PM
Event ID:      4625
Task Category: Logon
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      TERMSERV.PACE.local
Description:
An account failed to log on.

Subject:
Security ID:  NULL SID
Account Name:  -
Account Domain:  -
Logon ID:  0x0

Logon Type: 3

Account For Which Logon Failed:
Security ID:  NULL SID
Account Name:  TERMSERV
Account Domain:  PACE

Failure Information:
Failure Reason:  The user has not been granted the requested logon type at this machine.
Status:   0xC000015B
Sub Status:  0x0

Process Information:
Caller Process ID: 0x0
Caller Process Name: -

Network Information:
Workstation Name: TERMSERV
Source Network Address: fe80::2051:ba32:44bf:c24
Source Port: 64432

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon request fails. It is generated on the computer where access was attempted.

The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).

The Process Information fields indicate which account and process on the system requested the logon.

The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
    <EventID>4625</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>12544</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8010000000000000</Keywords>
    <TimeCreated SystemTime="2014-10-10T20:13:10.838588600Z" />
    <EventRecordID>70558</EventRecordID>
    <Correlation />
    <Execution ProcessID="604" ThreadID="7156" />
    <Channel>Security</Channel>
    <Computer>TERMSERV.PACE.local</Computer>
    <Security />
</System>
<EventData>
    <Data Name="SubjectUserSid">S-1-0-0</Data>
    <Data Name="SubjectUserName">-</Data>
    <Data Name="SubjectDomainName">-</Data>
    <Data Name="SubjectLogonId">0x0</Data>
    <Data Name="TargetUserSid">S-1-0-0</Data>
    <Data Name="TargetUserName">TERMSERV</Data>
    <Data Name="TargetDomainName">PACE</Data>
    <Data Name="Status">0xc000015b</Data>
    <Data Name="FailureReason">%%2308</Data>
    <Data Name="SubStatus">0x0</Data>
    <Data Name="LogonType">3</Data>
    <Data Name="LogonProcessName">NtLmSsp </Data>
    <Data Name="AuthenticationPackageName">NTLM</Data>
    <Data Name="WorkstationName">TERMSERV</Data>
    <Data Name="TransmittedServices">-</Data>
    <Data Name="LmPackageName">-</Data>
    <Data Name="KeyLength">0</Data>
    <Data Name="ProcessId">0x0</Data>
    <Data Name="ProcessName">-</Data>
    <Data Name="IpAddress">fe80::2051:ba32:44bf:c24</Data>
    <Data Name="IpPort">64432</Data>
</EventData>
</Event>

↧

RD Connection Broker Farm help!

October 9, 2014, 3:34 am

≫ Next: Connect Without Terminal PC

≪ Previous: RDS server giving odd audit failure when user log in.

Hi All,

Let me first explain what I have and what I'm trying to achieve.

I have 1x Microsoft RD Connection Broker Server

I also have 2x Microsoft Remote Desktop Session Host servers (one primary and one secondary)

I then have a Kemp hardware loadbalancer which contains the IPs of the Session Host servers

I have configured an RD Connection broker farm that includes the two aforementioned Session Host servers.

The plan is for clients to connect into the Session Host servers via the Kemp loadbalancer's virtual IP. As the Session Host servers are part of the RD Connection Broker Farm on the RD Connection broker sever I want there to be continuity for user sessions in the event of a primary Session Host server failure. The problem is that this is not happening!

To test I am logging into a user session on Session Host Server1 (I get server1 as I have weighted the real server IP on the Kemp device so it will always connect here unless it is down). I then simulate a Server1 failure (pulling power). The session crashes and I start a new session. The Kemp device does its job and directs me to Server2. All good so far. However once I put in the users login details I get the 'Server cannot be found' error. So the connection broker is kicking in as its trying to connect me to the existing session but on the wrong server! It is trying to reconnect me to the failed server. Does anyone have any ideas why this would be happening?

Any help appreciated!

↧

Connect Without Terminal PC

September 28, 2014, 3:28 pm

≫ Next: Rename Cluster Shared Volume folder

≪ Previous: RD Connection Broker Farm help!

Instead of having multiple PCs I would like to have just one and then everybody is connecting to that PC simultaneously. Some might work on Office Apps, somebody might us Adobe products, etc. I believe this is possible with Windows Server. However, it is my understanding that everybody still needs to have a simple terminal PC. Is there a solution where everybody just has a keyboard, mouse and monitor connected to the Windows Server, i.e. no terminal PC?

↧

Rename Cluster Shared Volume folder

September 26, 2014, 6:51 am

≫ Next: Get-RDRemoteApp fails to find deployment

≪ Previous: Connect Without Terminal PC

I renamed my cluster shared volume from Volume1 to the same name as my SAN LUN to keep things straight. The name has a dash in it and looks something like this: LUN 3 - HyperV Virtual Desktop Storage 2 I am trying to deploy a new desktop collection with the virtual desktop location set to C:\ClusterStorage\LUN 3 - HyperV Virtual Desktop Storage 2\Virtual Desktops but every time I enter that path in the desktop creation wizard Server Manager locks up.

Anyone seen this?

↧

Get-RDRemoteApp fails to find deployment

September 25, 2014, 2:08 am

≫ Next: Unnamed Disconnected Sessions - 2012R2 Sesion Hosts

≪ Previous: Rename Cluster Shared Volume folder

I have created a rds deployment as follows

3x Server 2012r2
RDSH01 (RemoteApp Host)
RDSGW01 (is actually running web access)
RDSBR01 (Broker)

I created it using the add role wizard and everything is currently working as expected.

When I run get-RDremoteapp I get the following message

Get-RDRemoteApp : A Remote Desktop Services deployment does not exist on RDSH01.domain.com. This operation can be
performed after creating a deployment. For information about creating a deployment, run "Get-Help
New-RDVirtualDesktopDeployment" or "Get-Help New-RDSessionDeployment".+ CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Get-RDRemoteApp

I have tried running this remotely and directly on each of the 3 machines above, however I get the same error message.

Any suggestions?

↧

Unnamed Disconnected Sessions - 2012R2 Sesion Hosts

October 9, 2014, 2:44 am

≫ Next: RemoteApp 2012 problem on windows XP.

≪ Previous: Get-RDRemoteApp fails to find deployment

We're deploying an application via RemoteApp to our employees. Everything Works well, untill some users start having issues connecting and get the error message saying:

"The task you are trying to do can't be completed because remote desktop services is currently busy. Please try again in a few minutes. Other users should still be able to log on"

Clients connecting are Windows 7 and Windows 8 computers and both have had the same issue at some point.

The server task manager shows disconnected sessions without displaying the name, and allways with the same processes there (4):

- Windows Logon User Interface Host

- Desktop Window manager

- Client Server Runtime process

- Windows Logon Application

using the query sesión command I see disconnected sessions with no name as well and and if I try to reset sessions that don´t show name and are disocnnected they never do and looks like the command never ends. Allways running cmd with higher privileges.

the only solution happens to be rebooting the sesión host server... I would like to go to production having resolved this issue.

Any ideas?

does anybody know how to resolve this?

↧

RemoteApp 2012 problem on windows XP.

October 11, 2014, 2:12 am

≫ Next: using WMI implement qwinsta (query session) on terminal servers?

≪ Previous: Unnamed Disconnected Sessions - 2012R2 Sesion Hosts

Hello

I have a problem with RemoteApp web access on Windows Server 2012 when i connect with Windows XP clients. The internet explorer shows the credential promt always and i can not access to the server. I have not this problem when i connect with windows 7 clients with Remote Desktop client 8.1. Remote Desktop client 8.1 is not available on windows XP but i have installed 7.0 RDC but the problem continues.

What i have to do to correct this problem?

Thanks and sorry my english.

↧

using WMI implement qwinsta (query session) on terminal servers?

October 6, 2011, 6:27 am

≫ Next: Display issues when multi monitor users connect to 2008 R2 RDS server (funky start menu, missing system tray icons and desktop icons)

≪ Previous: RemoteApp 2012 problem on windows XP.

Hi there,

i am trying to implment the functionality of qwinsta (query session) through WMI but am very lost. can someone please give me some hints, or even indication whether this is possible?

thanks

jasmine

↧

Display issues when multi monitor users connect to 2008 R2 RDS server (funky start menu, missing system tray icons and desktop icons)

December 10, 2010, 12:11 pm

≫ Next: Graphics distorted using Remote Desktop on iPad

≪ Previous: using WMI implement qwinsta (query session) on terminal servers?

Hi All,

I'm going crazy trying to find a solution to this problem. At our company, I have several users connecting to a farm of four 2008 R2 RDS servers. Everything works well with the users that connect remotely to their desktop with a single monitor setup. The users that have a dual monitor setup and are using them for the remote connection however, have to log in, disconnect and log in again to see their desktop's start menu, icons, etc... When the multi monitor user connects the first time the only thing that shows is the task bar. The start menu only shows the user's account picture on the top right. The rest of the start menu is gone. Also, the system tray icons and the desktop icons are also missing. We have them connecting to the servers via thin clients or workstation with various monitors and operating systems and the results are the same. The RDS servers are HP DL360 G6 with the latest drivers and patches. Has anybody experienced this? I've search everywhere and the closest I've seen to my problem is: http://social.technet.microsoft.com/Forums/en-US/windowsserver2008r2rds/thread/2fdd2bc6-1274-4b4a-b0f6-07ab9861b589 and it seems that they didn't find a solution either. Any help is greatly appreciated.

↧

Graphics distorted using Remote Desktop on iPad

October 11, 2014, 2:38 pm

≫ Next: RDS App That Will Not Open

≪ Previous: Display issues when multi monitor users connect to 2008 R2 RDS server (funky start menu, missing system tray icons and desktop icons)

When I connect to a computer running Windows 2000 Advanced Server with a graphics card that only support 256 colors, graphics are distorted on the iPad but appear normal on a Windows Vista computer. Using RD Client version 8.1.4.

↧

RDS App That Will Not Open

October 5, 2014, 5:42 pm

≫ Next: Server 2012 R2 Remote Desktop Gateway. Most Simple and Secure Design For Small Environment?

≪ Previous: Graphics distorted using Remote Desktop on iPad

RDS on server 2012. We have a few users that keeping having a problem when they open a published program. The issue is, when the users open/connects to the remote app it says it connects but will never open. I have to login to the RDS server and logoff the users, then the remote app will open. There is nothing in the event viewer about this issue. I thought it might be due to the way the users were closing the remote app so i instructed them to close the remote app with the "X" in the top right of the remote app. Even when they close the remote app the correct way, they still have this issue. The users are on windows PC's (7 i believe). Any ideas on why this is happening? Or where are some RDS logs that i can look at?

↧

Server 2012 R2 Remote Desktop Gateway. Most Simple and Secure Design For Small Environment?

October 11, 2014, 3:39 pm

≫ Next: Server 2008 R2 Remote App Web Access suddenly apps are gone

≪ Previous: RDS App That Will Not Open

We would like users to be able to connect remotely over the Internet from their personal devices to their primary Windows 7 workstation (a physical box on their desk) by using the Microsoft RDP Client For Windows, Mac, iOS and Android. There is no plan to use RDWeb or Remote Apps, or VDI. Just plain remote access to their desktop PC without VPN plus a third party 2nd factor authentication product that can text them back a code to enter with their AD credentials (AuthAnvil or Duosecurity)

We do not have TMG or ISA.

We would like to get these services all running in a single server and be as simple as possible while still being very secure.

The recommendations I see seem to suggest putting the RDG in a DMZ with either a domain controller on a new domain with a one-way trust to your internal domain or else a read-only domain controller on your domain and then RD Session Host and License server located on different servers on your internal LAN.

http://blogs.msdn.com/b/rds/archive/2009/07/31/rd-gateway-deployment-in-a-perimeter-network-firewall-rules.aspx

That sounds like a lot of separate servers and cost for not a lot of users in our environment.

Do we even need a separate session host server if there are no RDP sessions being hosted directly on the servers because the users are only being redirected to connect to their workstations and will never be using terminal sessions on the server?

Can the RODC or the Domain controller on new domain with the one-way trust be the same server as the Remote Desktop Gateway server and not separate servers?

What is the most minimalist way to set this up with good security when opening all the ports needed to authenticate with internal DC is not secure enough?

↧

Server 2008 R2 Remote App Web Access suddenly apps are gone

March 16, 2010, 9:27 pm

≫ Next: 2012 RDS VDI deployment RDP connections fail from outside network

≪ Previous: Server 2012 R2 Remote Desktop Gateway. Most Simple and Secure Design For Small Environment?

I was using Remote apps just fine through RD Web Access and suddenly when i log on to the RD Web Access site there are no longer any apps listed.
When i go into the Remote apps management, all the apps are still there and available for Web Access.
If i use a remote app rdp file, it still works as well. So basically everything is still working except the population of the remote app we part.

this is a standalone TS server, gateway, session host, remote app server all in one install

When i go in the configuration site, i make sure its the correct fqdn or shortname tried both of this standalone server and it gives me the error, place the server in TS Computers.

The server is in that group and i made sure all the correct Com+ and wmi permissons are set as per the technet article...still gives me event id 8 and still apps arent showing.

im out of ideas

Benjamin Niaulin

↧

2012 RDS VDI deployment RDP connections fail from outside network

September 23, 2014, 11:14 am

≫ Next: Copy/Paste Files from Remote to Local using RD Web Access

≪ Previous: Server 2008 R2 Remote App Web Access suddenly apps are gone

Hello all,

I recently setup a 2012 RDS VDI based deployment on my .local domain. I have provisioned all of the VMs in Hyper-V on the Virtualization Host and I have all other roles for the deployment (Broker, Gateway, Web Access and Licensing) on another server. So my total deployment consists of 2 servers. I originally used a self signed certificate but later changed it to a public issued wildcard certificate and I can access the RD Web Access just fine. I also changed the FQDN from the original .local address during deployment, to an actual public URL which is a A-Name record of our top-level domain. So at the moment, the deployment is using: rds.mycompany.com for access to the Web Access and seems to be operating ok. Note that I also have forwarded all applicable ports from our network firewall/gateway to the broker/gateway/web access server (ports 80,443 and 3389). Also, I have put a zone and an entry into my local DNS server for the FQDN of rds.mycompany.com

Here is the issue I have - when I log into the Web Access from a computer outside of our internal network I can see the icon for the Virtual Desktop Collection and I can click on it and it begins to load. It appears to be fine and even begins to tell me that it is preparing and loading the VM and then it gets hung up at "Initiating remote connection" and after about 10 to 15 seconds it fails and gives the following error:

“Remote Desktop can’t connect to the remote computer for one of these reasons:

1) Remote access to the server is not enabled
2) The remote computer is turned off
3) The remote computer is not available on the network

Make sure the remote computer is turned on and connected to the network, and that remote access is enabled.”

When I try the exact same procedure from within the internal network, by accessing it from both the internal host name or even the FQDN it works just fine every time. It will say it is preparing and loading the VM and then just zips right through the "initiating remote connection" part and starts the session.

Any ideas?

Thank you,

D. Graf

↧

Copy/Paste Files from Remote to Local using RD Web Access

October 10, 2014, 4:42 am

≫ Next: Poor performance in remote fx

≪ Previous: 2012 RDS VDI deployment RDP connections fail from outside network

Hi all,

I am new into Remote Desktop through Web Access and I would like to ask you if it's possible to copy a file from the computer accessed with the RD Web Access to my computer?

Thanks and Regards

↧

Poor performance in remote fx

October 9, 2014, 12:01 pm

≫ Next: got trusted certificate. Need some guidance...

≪ Previous: Copy/Paste Files from Remote to Local using RD Web Access

Hello,

I'm running a small test setup in our university. The goal is to virtualize all of our workstations. For this purpose I made a small test lab consisting of 2 PC's. 1 remote fx host and 1 thinclient.

Host specs:

CPU: E-3550
GPU: K2 Grid
Ram: 16Gb
Windows Server 2012 Datacenter
Test VM running Windows 8.1 Enterprise

I've installed all updates and drivers for the VM and the host.
The WDDM driver is successfully installed in the VM ans I also can dxdiag.
From the GPU about 150Mb of VRam are allocated. When I open up a graphic intense porgram e.g. a game the performance is super low. The gpu load goes up a little bit on the host but not much. On the host the GPU allocates more ram but it looks like it cant pass it to the VM because the 150Mb of ram allocation for the remote fx adapter stays the same. Also the GPU is not realy hard working(checked by fan speed temps etc.). I only tried to remote directly from the host to the VM and due to that low performance I havent tried the thin client yet.

I know that this setup is not a very powerfull, but on a test basis just for 1 thinclient it should be more than enough.

It would be very nice if someone could help me solving that problem.
Kind regards

↧

got trusted certificate. Need some guidance...

October 8, 2014, 10:21 am

≫ Next: Does Remote Desktop Services Gateway Support RSA SecurID without TMG or ISA?

≪ Previous: Poor performance in remote fx

Hi,

I received a trusted cert after creating a request from IIS Server2012.

Now need to properly install it to appropriate certificate storage

For testing WEBApp and RemoteApp I used self signed.

Please provide steps for properly install the trusted one.

Should I remove my self-signed?

Just for fun clicked Complete Certificate Request in IIS.

There are two options for store: Personal and Webhosting. Is it OK?

Please advice. I need a flawless functionality :)

Thanks.

-- When you hit a wrong note it's the next note that makes it good or bad. --- Miles Davis

↧

Does Remote Desktop Services Gateway Support RSA SecurID without TMG or ISA?

October 9, 2014, 9:08 pm

≫ Next: Requirement to enable more than two concurrent RDP sessions on multiple Windows Server 2012

≪ Previous: got trusted certificate. Need some guidance...

We would like to roll out a single server RDS Gateway in our DMZ that can allow users to work from home and access their primary Windows 7 physical box workstation in the office.

Instead of purchasing laptops for everyone who only occasionally needs to work from remotely, we would like some of the users to be able to use their home PCs and not need to install any VPN or other software on their computers.

We already have RSA SecurIDs used for VPN clients, and I wanted to know if there is a way to use these existing tokens for second factor authentication instead of having to purchase an additional product such as Duo Security or AuthAnvil.

If will be much easier to use something we know and probably much more economical to use the SecurID tokens that are already paid for plus add a few more if needed.

We do not have TMG or ISA and when I do a web search for RSA tokens with RDS Gateway, most of the results are talking about using TMG to make it work.

↧

Requirement to enable more than two concurrent RDP sessions on multiple Windows Server 2012

October 12, 2014, 11:51 pm

≫ Next: Roll Back Virtual Desktops is causing HyperV machines to reset, causing problems for the zero clients connecting to them

≪ Previous: Does Remote Desktop Services Gateway Support RSA SecurID without TMG or ISA?

I have an existing Remote desktop licensing server, which has users CALs for server 2008. Now I have some windows server 2012 R2, where more than 2 concurrent RDP connections are required.

What I understand that I will need to install RDS server roes on all my Widows Server 2012 and I will need to have at least one RD licensing server to install RDS CALS, that’s all.

If it is correct, the questions is : Can I use my existing license server to add my newly purchased version 2012 RDS user CALs or I will need a new licensing server?

If it is not correct, then what else I need

I appreciate your detail step by step

Thanks

↧

Roll Back Virtual Desktops is causing HyperV machines to reset, causing problems for the zero clients connecting to them

September 30, 2014, 12:03 pm

≫ Next: Windows 2008 Server and Windows 8 clients

≪ Previous: Requirement to enable more than two concurrent RDP sessions on multiple Windows Server 2012

I've got Remote Desktop Services running 25 HyperV machines, in which 25 zero client machines, on my production floor, connect to. I'm having an issue in that when I restart or shutdown a HyperV machine, it resorts back to its initial state; losing any changes, updates, installs that may have occurred.

After digging around in Server Manager > Remote Desktop Services > Collections, the only thing I can come up with that would be causing this is theRoll Back Virtual Desktops is ENABLED.

Is it possible to DISABLE this setting to without rebuilding the entire collection? Rebuilding the entire collection would cause a lot of down time and I can't afford that at the moment.

↧

Latest Images