Hey Guys,

I have had this problem for sometime now and really need a solution. I have Windows 2008 Enterprise Server running about 200+ terminal services clients. All Windows XP clients are fine, Windows 7 clients have issues when they get an updated version of remote desktop client(to solve the issue we simply rollback the update), Windows 8 clients cannot connect and use out remote app. The issue stems from the newer version of remote desktop client (on windows 7 and embedded in windows 8) cannot connect to our terminal server and generates an error and immediately disconnects. The error says "

Your computer can't connect to the remote computer because an error occurred on the remote computer that you want to connect to

So my questions are, how can i update my Windows 2008 Terminal server version to support these clients, or do u have migrate to Windows 2012? Or is there a solution to my current problem which will allow my client to connect and use the remoteapps?

I try to map some printers to my 2008R2 RDSH.

Printer mapping is not disabled on the listener, no eventlogs regarding 'not mapping' my printer!

Server is fully patched.

Even a testprinter with a 'generic text only' driver is not mapped.

Anybody has an idea?

My Setup:

LAN and DMZ (perimeter network). LAN consists of RW Domain controller, RDSH and RD Connection Broker. DMZ contains RODC, RD Web Apps, and RD Gateway. I'm hosting ~25 remote apps (from RD Web Apps) with different permissions on each. I also have 2 2008 servers hosting remote apps that are also listed from the remote apps page (modified IIS).

The Issue:

If I create an app and allow everyone to log in, it works great. Say I now want to restrict access to that application for certain users. I go in an change the permissions on the app so it doesn't include the user I just logged in as. If I load the page again after permissions have been modified, I'm still able to see the app. If I log in with a user that has never logged in before, the correct permissions apply. If I log with the original user on another PC, all apps still show up. It seems that whatever permissions are set when a user first logs on, are staying applied forever. Its been 3 days and still no permissions update. I've rebooted/updated everything with no luck. Also all apps from the 2008 servers show up regardless of permissions as well.

What am I missing?

Hi There,

This may be something very simple however its the first time we have set this up from scratch so i do apologise should this be easy!

• Server 2012 Connection Broker and Web Access Roles
• Server 2012 R2 Session Hosts

Attempting to add a session host server to a session collection that i have created however when this attempted we recieve the following error - "The property SessionDirectoryLocation is configured vy usinf Group Policy settings. Use the Group Policy Management Console to configure this property."

Ive taken a look at the GPO which we configured to use a connection broker and it appears to be configured correctly

"Configure RD Connection Broker Farm Name" and "Configure RD Connection Broker Server name" are what i think is causing this problem.

The farm name is set as remote.domain.local which matches my DNS entry for the farm as advised and the server name is server.domain.local for the server with the connection broker role installed is this correct?.

All other GPO under the RD Connection Broker is configured to be enabled.

My DR session collection that doesnt use a connection broker works fine and can be added as expected.

Any thoughts?

Hello

I am currently working in an environment where we use a bespoke application install on two APP servers which have RDS installed and are load balanced with high availability. This works great however i have been asked if we can limit the amount of sessions per user to 2 sessions as there are people opening 3 and 4 sessions of the same application which is slowing down the server. Is this a possibility with just Windows Server 2012 R2 or RDS or will i need some 3rd party software/scripts?

Thanks in advance

Lewis

Could you please tell me procedure i.e. which license we have to purchase, so that more than 2 users can take remote desktop of (Server 2008 R2, Server 2012 R2) at a time.

We are planning to purchase the license but no idea of what needs to be purchased.

Thanks,

Babasaheb

Hi,

I have a Windows Server 2012 R2 with RD Gateway Role Service installed and Configured (Server1).

• RD CAPs => OK
• RD RAPs => OK

I have a client Windows 7 with RDP 8.1 update installed (Client1).

I have a second client windows 7 (Remote1) configured to allow RD.

In this configuration i can open a RDP on "Client1" with this option:

• RD Gateway : ("Server1"),
• User: <domain/user1>
• password: <password>.

So, i follow the instruction describe in Sample "Remote Desktop Gateway Pluggable Authentication and Authorization Sample in C++ for Visual Studio 2012".

In "RD Gateway Manager" on "Server1" i have a message in "Configuration Status":

• Due to pluggable Authorization, Remote Desktop connection authorization policies and Remote Desktop resource authorization policies are no longer used to manage authentication and authorization on this system. Use the appropriate administrative tool to manage these services.

And when i execute "sample.rdp" on "Client1" i have this error: 

The user "<Domain\user1>", on client computer "xx xx xx xx", did not meet connection authorization policy requirements and was therefore not authorized to access the RD Gateway server. The authentication method used was: "Cookie" and connection protocol used: "HTTP".

The following error occurred : "23003".

Have you any suggestions ?

Thanks for any advise.

We want to build up a test domain with Windows Server 2012 R2. It will be in an separate V-LAN with no connection to our “normal” Domain/Network.

First of all we want to use the 180 days trial version. Regarding this I have two questions:

-      Is it allowed to have as many users in this domain as we want to test or do we need user licenses (or is there a limit?)?

-      If we want to use it after the 180 days. Is it possible just to buy the licenses and activate it or do we have reinstall the whole environment?

I was wondering how I would set a Remote Desktop Web Access source for RemoteApps in windows 2012.

on windows 2008 R2 there was a tab on the web access web page (the configure tab), that would allow you to type in either a connection brokers address, or multiple RD session hosts addresses as RemoteApp sources. I don't see that in windows 2012 anymore and was wondering how a 2012 RD Web Access finds the RemoteApps.

there must be a way of setting this parameter. lets say I have a new connection broker that I want my web access to point to from this moment on instead of the one it is currently set to. there should be a command/UI somewhere. I can't even tell how my web access found and figured my current connection broker to point to at the first placed.

I've read here and there that there is a design change in 2012 that removes a Session host as an option for web access source, and that Remote Desktop Web Access 2012 is capable of only querying a connection broker for remote apps. I couldn't find an official documentation stating this , and even if it is the case, it still does not make sense that you , as the admin, not be able to change the target connection broker on a web access server.

Hello there:

For a one-off project, we are implementing a stand alone Windows 2012 Server w/ RDS.  We have up to 10 users, wanting concurrent access to RDS.  We do not have Active Directory in this section of our infrastructure.  I have been searching online, but have not found clear answers to the following questions:

1)  What is the minimum licensing and software required?  A Windows Server 2012 license, plus a 10 user RDS CAL?

2)  I understand that RDS should be installed on a member server, but is Active Directory required?  Do we need an AD PDC as well?

3)  Are there any other software or licensing requirements, or requirements for a second server which are required?

Thank you.

Hello,<o:p></o:p>

since we build a new 2012R2 RDS farm we have problems
with the remember password for an IE website. The option to remember passwords
in IE is enabled but in the credential manager the password is not cached.<o:p></o:p>

I checked with vaultcmd /list to see where the vault
directory is stored. It is stored in
c:\users\%username%\appdata\local\Microsoft\Vault.<o:p></o:p>

That directory do not exist. (most of the time)<o:p></o:p>

Now the strangest thing is that sometimes it does work
and the directory suddenly exists. Its not server related, it is random. I did a search for
the Vault directory in all logged in users directory and some have the vault
directory and some not.<o:p></o:p>

Also new users have the same problem.<o:p></o:p>

I hope someone has an answer or solution? Thanx,<o:p></o:p>

Hi,

I am tearing my hair out.  I have a RD Gateway server that is pointing towards a RD Farm.  I cannot connect to it using the Gateway.  I keep getting the the following error in the TerminalServices-Gateway Operational log:

Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          10/7/2014 10:56:02 AM
Event ID:      304
Task Category: (3)
Level:         Warning
Keywords:      (16777216)
User:          NETWORK SERVICE
Computer:      XXXXXXXXXXX.wbc.local
Description:
The user "XXXXXX", on client computer "XXX.XXX.XXX.XXX", met connection authorization policy and resource authorization policy requirements, but could not connect to resource "SyteLine.wbc.local". The following error occurred:"23005".
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" />
    <EventID>304</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>3</Task>
    <Opcode>44</Opcode>
    <Keywords>0x4000000001000000</Keywords>
    <TimeCreated SystemTime="2014-10-07T15:56:02.952172000Z" />
    <EventRecordID>183</EventRecordID>
    <Correlation />
    <Execution ProcessID="2428" ThreadID="3140" />
    <Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel>
    <Computer>WBC-SLGW-01.wbc.local</Computer>
    <Security UserID="S-1-5-20" />
  </System>
  <UserData>
    <EventInfo xmlns="aag">
      <Username>XXXXXXXXXXXXX</Username>
      <IpAddress>XXX.XXX.XXX.XXX</IpAddress>
      <AuthType>
      </AuthType>
      <Resource>SyteLine.wbc.local</Resource>
      <ErrorCode>23005</ErrorCode>
    </EventInfo>
  </UserData>
</Event>

Any ideas?  Lots of googling has not helped

Thanks

Hello!

We are hosting an application trough Remoteapp on Server 2012 std. We have been struggling with a screen drawing issue where for example text in a textbox does not appear unless the textbox is clicked or borders of boxes are hidden until moving mouse over them. Running the application trough full rdp session works perfectly. Our client machines are running on Windows 7 with latest updates. 

We have tried changing some remoteFX settings but nothing seems to be working. Does anybody have solution or ideas what might work for the described issue?

Thanks

About 8 of them when anyone logs into server 2012 r2 RDS server.  This was a server 2k3 domain and there were definitely some hickups with terminal server licensing not be delegated Access to TS licensing user properties in AD and issue with 2003 default DC policies preventing windows internal database from working correctly.  This one I'm clueless about.  There is nothing that isn't working, there are no application or system errors occurring along with the audit failure.  Hoping someone super smart would know..

Thanks,

Klaus

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          10/10/2014 3:13:10 PM
Event ID:      4625
Task Category: Logon
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      TERMSERV.PACE.local
Description:
An account failed to log on.

Subject:
 Security ID:  NULL SID
 Account Name:  -
 Account Domain:  -
 Logon ID:  0x0

Logon Type:   3

Account For Which Logon Failed:
 Security ID:  NULL SID
 Account Name:  TERMSERV
 Account Domain:  PACE

Failure Information:
 Failure Reason:  The user has not been granted the requested logon type at this machine.
 Status:   0xC000015B
 Sub Status:  0x0

Process Information:
 Caller Process ID: 0x0
 Caller Process Name: -

Network Information:
 Workstation Name: TERMSERV
 Source Network Address: fe80::2051:ba32:44bf:c24
 Source Port:  64432

Detailed Authentication Information:
 Logon Process:  NtLmSsp
 Authentication Package: NTLM
 Transited Services: -
 Package Name (NTLM only): -
 Key Length:  0

This event is generated when a logon request fails. It is generated on the computer where access was attempted.

The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).

The Process Information fields indicate which account and process on the system requested the logon.

The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
 - Transited services indicate which intermediate services have participated in this logon request.
 - Package name indicates which sub-protocol was used among the NTLM protocols.
 - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
    <EventID>4625</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>12544</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8010000000000000</Keywords>
    <TimeCreated SystemTime="2014-10-10T20:13:10.838588600Z" />
    <EventRecordID>70558</EventRecordID>
    <Correlation />
    <Execution ProcessID="604" ThreadID="7156" />
    <Channel>Security</Channel>
    <Computer>TERMSERV.PACE.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="SubjectUserSid">S-1-0-0</Data>
    <Data Name="SubjectUserName">-</Data>
    <Data Name="SubjectDomainName">-</Data>
    <Data Name="SubjectLogonId">0x0</Data>
    <Data Name="TargetUserSid">S-1-0-0</Data>
    <Data Name="TargetUserName">TERMSERV</Data>
    <Data Name="TargetDomainName">PACE</Data>
    <Data Name="Status">0xc000015b</Data>
    <Data Name="FailureReason">%%2308</Data>
    <Data Name="SubStatus">0x0</Data>
    <Data Name="LogonType">3</Data>
    <Data Name="LogonProcessName">NtLmSsp </Data>
    <Data Name="AuthenticationPackageName">NTLM</Data>
    <Data Name="WorkstationName">TERMSERV</Data>
    <Data Name="TransmittedServices">-</Data>
    <Data Name="LmPackageName">-</Data>
    <Data Name="KeyLength">0</Data>
    <Data Name="ProcessId">0x0</Data>
    <Data Name="ProcessName">-</Data>
    <Data Name="IpAddress">fe80::2051:ba32:44bf:c24</Data>
    <Data Name="IpPort">64432</Data>
  </EventData>
</Event>

I understand Remote Desktop Services has undergo some drastric changes.

How do you configure a farm name in RDS 2012? Or is the concept around farm name changed in another concept?

Although I have imported a certificate on the RDCH withe the farm name I want to use. When I click on a RemoteApp on the RD Web Access portal, it does not connect to the right farm name.

Boudewijn Plomp, BPMi Infrastructure & Security

Hi all

We have a strange issue with the Microsoft RDP Client - Every day at some point a user will contact us with this and its driving me insane.

What happens is - the User will click the RDP link on the desktop Enter their password and hit enter - what happens then is the program minimizes to the taskbar ,cannot be maximized and I have to kill the mstc process in Task manager and either log off , restart and or delete the registry key MSLICENSING

Its not happening with everyone but it happens on a daily basis  - Terminal Server is 2008 R2 and all clients are Window 7

The users have a shortcut on their desktop to resourses in another office using the format \\192.168.100.100\Server\Share\

I cant help feeling this issue is attached to this as , when one works the other doesnt and vice-versa  only a restart will get both working . If the remote desktop session is open , users clicking the Resouirses link get the circular "Working" Icon and the link never opens

There are no relating events either on the local client or the Terminal Server and it has me stumped

really appreciate some help or guidance of what to try

Thanks

James

Hi All,

Let me first explain what I have and what I'm trying to achieve.

I have 1x Microsoft RD Connection Broker Server

I also have 2x Microsoft Remote Desktop Session Host servers (one primary and one secondary)

I then have a Kemp hardware loadbalancer which contains the IPs of the Session Host servers

I have configured an RD Connection broker farm that includes the two aforementioned Session Host servers.

The plan is for clients to connect into the Session Host servers via the Kemp loadbalancer's virtual IP.  As the Session Host servers are part of the RD Connection Broker Farm on the RD Connection broker sever I want there to be continuity for user sessions in the event of a primary Session Host server failure.  The problem is that this is not happening! 

To test I am logging into a user session on Session Host Server1 (I get server1 as I have weighted the real server IP on the Kemp device so it will always connect here unless it is down).  I then simulate a Server1 failure (pulling power).  The session crashes and I start a new session.  The Kemp device does its job and directs me to Server2.  All good so far.  However once I put in the users login details I get the 'Server cannot be found' error.  So the connection broker is kicking in as its trying to connect me to the existing session but on the wrong server! It is trying to reconnect me to the failed server.  Does anyone have any ideas why this would be happening?

Any help appreciated!

Hello Everyone,

I spent a lot of time trying to find a resolution to this issue and could use some help.

My Environment:  I setup a 2012 Domain controller (DC01) and a 2012 RDS server (TS01).  The domain controller has the RD Licensing Manager and RD Licensing Diagnoser installed.  The TS01 server has all the other RDS roles installed.

I Installed the licenses on DC01 and they show 0 Available and 5 issues even though nobody has logged into the server

I also pointed the TS01 server to the license server (DC01) but I get this error when adding it:The license server specified is not valid.  Verify the server name and specify a valid server name before saving the settings.

When I run the RD License Diagnoser from either server, I get the below error.  Does anyone know what I'm missing?  Is the 2012 server really looking for 2008 RDS CALs???  I didn't think that was possible.

----------------------------------------------------------------------------------------

The Remote Desktop Session Host Server is in Per User licensing mode and No Redirector Mode, but the license server dc01 does not any installed licenses with the following attributes:

Proiduct Version: Windows Server 2008 or Windows Server 2008 R2

Licensing mode: Per User

License type: RDS CALs

-----------------------------------------------------------------------------------------

Any help would be greatly appreciated.  I think we have 2 weeks left on our grace period.

Thanks in advance!