I'm racking my brain, I've done this before but I'm doing this in another lab environment . Non-Domain computers (Outside) trying to RDP in via the Gateway (Domain-Internal is working).  Certs aren't an issue as they're installed, I've tried it multiple ways, but for now I'm using the self signed generated via the RD Gateway manager.  I can go to https://rdgatewayurl/rpc and authenticate and get a blank page (external and internal).

New Domain, 2k8R2 Functional Level, no real GP customization at all, except not requiring NLA and enabling RDP on the internal "servers" in a specific OU.  My Account has Admin privileges on all the servers in question.

Another stupid question: This should also work with just the RD Gateway role installed, right?  I've tried it both ways with no luck.

RD Gateway is logging Event 4625 in the Security Log.  I feel like this should be obvious but my brain is fried.

An account failed to log on.

Subject:
	Security ID:		NULL SID
	Account Name:		-
	Account Domain:		-
	Logon ID:		0x0

Logon Type:			3

Account For Which Logon Failed:
	Security ID:		NULL SID
	Account Name:		myadminaccount@somedomain.com
	Account Domain:		

Failure Information:
	Failure Reason:		An Error occured during Logon.
	Status:			0xC000035B
	Sub Status:		0x0

Process Information:
	Caller Process ID:	0x0
	Caller Process Name:	-

Network Information:
	Workstation Name:	EXTCOMP
	Source Network Address:	-
	Source Port:		-

Detailed Authentication Information:
	Logon Process:		
	Authentication Package:	NTLM
	Transited Services:	-
	Package Name (NTLM only):	-
	Key Length:		0

This event is generated when a logon request fails. It is generated on the computer where access was attempted.

The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).

The Process Information fields indicate which account and process on the system requested the logon.

The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
	- Transited services indicate which intermediate services have participated in this logon request.
	- Package name indicates which sub-protocol was used among the NTLM protocols.
	- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

I am running 2012 RDS. Occasionally a user session (no specific one user) will enter a state that cannot be disconnected or logged off. The session still shows as active in the connections list

I cannot kill the 'stuck' process for this user. I cannot log them off or disconnect them and they can no longer log on to an rd session.

No command line or powershell script will end their session or kill their 'stuck' process (in this case rdpshell)

The ONLY way i can resolve this issue is to reboot the server, not ideal!

I have tried just about every kill script out there and nothing works.

thx

Shel

I read online that with RD Gateway, I can make my RDSH server visible from the outside without having to forward ports at the router. If so, how is this achieved?

I finished configuring the RD Gateway server and was able to <a href="#" id="_GPLITA_1" in_rurl="http://i.trkjmp.com/click?v=VVM6MzA5OTg6NDpjb25uZWN0IHRvOmQ2MWI0NGUwNjUwZjM5ZjdlMWFkMTJmZWQzOGM2ZTkzOnotMTMyMi0xMjc1MDQ6c29jaWFsLnRlY2huZXQubWljcm9zb2Z0LmNvbTowOjA" style="text-decoration:underline;" title="Click to Continue > by Coupon Companion Plugin">connect to the RDSH server through it, but only from inside our network. I had used the following guide to help me configure this:

http://technet.microsoft.com/en-us/library/dd983941(v=ws.10).aspx

any ideas?

thanks

-Frank

Hi,

Had setup RDS2012 using Quick Start on Single Server (DC is Win2k8). Manage to resolve SSO issue with RDS Forum and MS Blog site.

Currently I have following concerns

1. Once login from RDSWeb using SSO I am able to launch Remote Apps but when i log off this session and login from different user i am able to login RDSWeb , i also get notification that connected remote network but my RemoteApp applications do not launch .Basically i click to apps they just disapear (I am able to view apps but Icons do not function )
2. However when i delete Cookies from Internet explorer options We are able to get apps working.
3. I am following the http://support.microsoft.com/kb/977507 KB to resolve this issue but renderscripts.js in Server 2012 had different values rather mention in this KB . So how do i modify and replace with given code.
4. Most of times users event get connected with  RDWEB and connected ICON is appeared in notification area but Remote apps didnot work when we launch them.

Regards

TShabbir

I have 2 Remote Desktop Host servers (RD001, RD002) on Windows Server 2008 R2. On RD001 I have installed the RD Gateway manager role and the Remote Connection Broker role. I have configured the CAP and RAP policies (I allow domain users and just to test I allowed all network resources). When i try to connect via the internet, using an RDP client, I get the Network Level Authentication prompt which I enter my domain account, then I get passed through to the windows login screen. I enter my domain account credentials again and it goes immediately to a black screen. After a few seconds it brings a pop up saying: Remote Desktop can't connect to the remote computer for one of these reasons:

1. Remote access to the server is not enabled

2. The remote computer is turned off

3. The remote computer is not available on the network

The strange thing about this is, I can login using the same computer via the internet with different accounts. My account is a domain admin account. I have setup 5 test accounts which are identical and only 3 of them can login while the other 2 cannot (Including mine). I have unlimited connections enabled. I do not have any event errors on either the servers or the client.

I have no idea what the problem could be. Any suggestions would be appreciated.

I am trying to find a RDP or rdesktop client that can be installed on an older PC that will automatically connect to a Microsoft Server 2012 VDI shared pool vm.  The PCs in question have 2GB RAM and 60GB HDD's.  I don't care if the OS on the PCs is Linux based or XP.   Has anyone done this successfully yet?

Thanks

Hi there,

I'm setting up a remote desktop farm.  Here's my general config:
-All servers running Windows Server 2012.
-Three domain controllers, configured for a domain named internal.domain.org.
-Three remote desktop session host servers.
-One server hosting RemoteApp and the Remote Desktop web service.
-One Remote Desktop Gateway server.
-One Remote Desktop Connection Broker server.

The three Remote Desktop Session Host servers have been combined into a collection named "Farm" and there are three DNS records for Farm - one pointed to each of the servers' IP addresses.  The Gateway server has been left at the defaults for CAP & RAP policies for now, which allows all users in the Domain Users group to access all resources on all Domain Computers.

A wildcard certificate has been purchased for *.internal.domain.org, which is what we're going to use for addressing the remote desktop farm both internally and externally.  The wildcard certificate was applied using Server Manager to all four of the functions listed under the Remote Desktop certificates config (RD CB Signing, RD CB Publishing, RD Web Access, RD Gateway) and I have also manually installed it to the three remote desktop session hosts, using Certmgr.msc to put it in the Local Computer Account's personal folder, mirroring the automatic configuration that Server Manager did for the Gateway & Connection Broker servers.

Now, on to the issues:

First, when I try to connect internally to the session hosts, I *have* to use the farm name.  If I try to use a single RDSH server name, it pops up an error saying you must use the farm name.  That's all fine - redirection happens correctly, etc.  However, when I try to connect from outside using the gateway, the exact *opposite* happens - it refuses to connect to the farm name, but will connect to individual servers, and appears to be doing the redirection correctly as well.  The thing is, I don't want people putting in individual server names - I want the farm name to work when they're connecting through the gateway.  How can I make that happen?

Second, when I connect internally to the farm name, it redirects to one of the RDSH servers, but then pops up an error saying the "certificate is not from a trusted certifying authority" even though the wildcard SSL certificate is installed on all of the servers.  When I view the certificate, it's definitely not the wildcard cert - it appears to be the self-signed cert that was generated by the RDSH server.  This error does not occur when connecting through the gateway.  What can I do to make this error go away?

Third, when I add the RemoteApp feed URL to Control Panel\RemoteApp and Desktop Connections, it asks for credentials to add it - even though I have the default credentials (and default credentials for NTLM) settings in group policy set to allow the delegation of credentials to the RemoteApp server.  Any way to get rid of this?

Fourth, once I add in those credentials and add the RemoteApps - I click to run one of the apps in my Start Menu, and I get a warning asking if I trust the publisher of this RemoteApp program.  Again - the SSL cert is installed on the RemoteApp server, so I don't understand why I'm continuing to get these errors.

Fifth, from outside and coming through the gateway, I get the same error as above in #4, but then am prompted to enter credentials again (apparently for the Broker server), and then am denied a RemoteApp connection with the message "Your computer can't connect to the remote computer because a security package error occured in the transport layer."

Any help with any of these is much appreciated.  Thank you!

Ok, at the risk of making myself look foolish, and hearing the quote " the only stupid question , is the one never asked" can one of you most awesome techs please send me a link to the "A" typical Terminal Server 2012 setup and Installation guide, Best Practice notes.

Thank you in advance

I have an application presented in RemoteApp (w Server 2012) that is a management console.  The Management console itself is capable of SSO, but fails when presented in remoteapp.  I can logon over remote desktop to open the application and SSO process works fine.  

The application spins a minute as it normally does like its trying to pass the SSO credentials then fails and prompts for the password.

Is there another layer here that i'm missing?  Is there some impersonation i need to use to allow the remoteapp to pass as the account I've logged in as?

when creating a VDI collection I get the error below:

Ideas?

Twitter: @dguilloryjr LinkedIn: http://www.linkedin.com/in/dannyjr Facebook: http://www.facebook.com/#!/dguilloryjr

I have a user with a Mac, iPhone, and iPad who was connecting fine to a 2008 R2 RDS server. He used MS RDC client on the Mac and iTap on the phone and tablet.

We recently moved RDS from the 2008 server to a 2012 server. Windows clients are connecting just fine to it. But the Apple user is unable to connect on his Mac or his iPhone. He can still connect on his iPad. I'm leaving the iPhone problem for later as I think that's just a configuration issue since it uses iTap just like the iPad which -is- connecting. I'm concentrating on the Mac.

So far my research has turned up only 2 things. Make sure the RDC client is at 2.1.2 as anything earlier will have problems; or use CoRD, though that application seems to have issues of its own.

I've looked in the event logs on the RDS server and there are no events created at the time he's trying to connect.

When he does try to connect he's getting 2 errors. One says "the server name on the certificate is incorrect" and the other is "you were disconnected from the Windows-based computer because of problems during the licensing protocol."

He was running RDC 2.1.0 and I had him upgrade to 2.1.2 but he gets the same results. Before I tell him to try installing and using CoRD, I thought I'd see if anyone else with a 2012 RDS server has run into this and find out what you did to fix it.

Jonathan

TS is broken on Windows 2008 R2 Std x64 bit VM Server... After RDS  and Citrix XenApp 5.0 install not able to RDP the box. In the event log, I see the error message: TS listener stack was down, Event ID 1035.

As in thread title.

I've tried
1. Uninstalling & Reinstalling Office 2010
2. Trying a repair install of Office
3. Ensured Office 2010 is fully patched & service packed
4. Rename the wizard files so Access re-creates them (suggested by a MSFT KB article)
5. Uninstalling Office 2010 32 bit and installing Office 2010 64 bit
6. Downgrading to Office 2007

No matter what I do, I can't get the wizards to run.

I can re-create this error by
1. Launching Access
2. Create a new blank database
3. Go to Database Tools > Database Access

The error I receive states

"The wizard you've requested is not installed or is in a bad 
state. Please install or reinstall the wizard. If you do not have 
permission to do this on your computer, please contact your help desk 
representative"

I've done everything I can think of short of reinstalling windows.

Any help appreciated!

Clean install on IBM 3250, joined domain, attempting to install RDS and get the following errors:

RD Connection Broker role service:

Failed - The RD Connection Broker cannot be joined to the RD Management server.

RD Web Access role service:

Failed - Exception of type 'Microsoft.RemoteDesktopService.Common.RDManagementException' was thrown.

RD Session Host role service:

Failed - Exception of type 'Microsoft.RemoteDesktopService.Common.RDManagementException' was thrown.

This was on our 2003 functional level domain. Next i tried this in my sandbox environment which is a 2008 R2 functional level domain and it works fine.

Has anyone experienced similar issues trying to implement 2012 RDS in a 2003 AD environment? I would appreciate any leads to resolution. Looking through errors in event logs but have not located a smoking gun.

Searches on the above errors just lead to posts about people trying to cram RDS onto their AD servers.

Hello everyone.

I have a weird situation that i'm pretty sure is possible but i'm just running into a wall and I hope someone can show me the door.

Scenario:

A user has an office.  The office has a front desk. 

In the user's office, there is a PC and a networked printer.

There is also a TS that the user connects to from his PC in his office to work from (which prints to his networked printer in his office).

At the front desk, there is a thin client, and a networked receipt printer.

PRIOR to there being a thin client, this is how things worked:

when the user would connect to the TS, we relied on RDS to push the printer connections to the TS and the user can print fine.  no problems here.

Now we introduced Thin Clients into the equation.  Since you cannot install printers locally on a thin client, we are running into a problem.  There are some catches though.

Right now, when the user connects to the TS from his office, and tries to print, everything works great.  Now someone calls and the user has to go to the front desk (leaving his PC logged into the TS through RDS) and at the front desk, the user logs into the SAME TS with the SAME credentials and loads up a program to print a receipt.  PROBLEM:  no printers show up.  Close program (not the RDS session) and re-open it, the printers show up (but they are more than likely from his session that originated in the office from the PC)  This is a problem because when you close the program, it loses the receipt it was supposed to print and re-printing them is a pain in the arse.

The solution I have come up with is this:

Run a login script from the TS server, that looks at the user connecting in and gets the Thin Client name the user is connecting from and then maps a printer according to the name of the Thin Client logged into from.  This would assure that users logging in from multiple front desk sites from multiple thin clients would get their respective receipt printer mapped before they opened the program that prints them and therefore be able to print the first time they need to.

My problem is I do not know how to find the name of the thin client (or pc for that matter) that the user RDS'd to the TS from.

If i was to get that name, i could write a script that basically says "if connecting from XXX (thin client name) then map XXX printer" and repeat that for each location.

My main question is:  is there a way with a VBscript to determine the name of the computer(thin client) that connected to a server where the VBscript is run.

My main thing i'm avoiding is:  having multiple copies of the same printer being mapped to the users PC in his office when he's not at the front desk using a thin client.  because any scripts running on the TS will also run when he logs into the TS from his PC.

I suppose another question could be: How do I make the printers from session A copy over to session B for the same user, logged into the same TS , from 2 different PC's w/out having to open/close a printer window through a program first.

I know this is a crazy question and I hope I worded it properly and i'm sorry if my spacing is hard on the eyes, i just never know when to break a paragraph off into a new one and this way is easier to read than one big paragraph IMO.

Thank you so much for any help or leads in the right direction.

please ask if my scenario doesn't make sense.

Derek Conlon

I have an issue when launching an application from remote desktop gateway i get " Your computer cant connect to the remote computer because the Remote Dekstop Gateway server is running low on server resources and is temporarily unavailable. Try reconnecting later or contact your network administrator."

IIS Log

2013-02-27 04:05:11 W3SVC1 server 10.0.0.10 RDG_OUT_DATA /remoteDesktopGateway/ - 443 - 76.227.181.109 HTTP/1.1 MS-RDGateway/1.0 - - remote.domain.com 404 0 2 1445 326 92
2013-02-27 04:05:11 W3SVC1 server 10.0.0.10 RPC_IN_DATA /rpc/rpcproxy.dll localhost:3388 443 - 76.227.181.109 HTTP/1.1 MSRPC - - remote.domain.com 401 1 2148074254 693 341 107
2013-02-27 04:05:11 W3SVC1 server 10.0.0.10 RPC_IN_DATA /rpc/rpcproxy.dll localhost:3388 443 domain\administrator 76.227.181.109 HTTP/1.1 MSRPC - - remote.domain.com 200 0 0 69 1054 92
2013-02-27 04:05:12 W3SVC1 server 10.0.0.10 RPC_OUT_DATA /rpc/rpcproxy.dll localhost:3388 443 - 76.227.181.109 HTTP/1.1 MSRPC - - remote.domain.com 401 1 2148074254 693 390 133
2013-02-27 04:05:12 W3SVC1 server 10.0.0.10 RPC_OUT_DATA /rpc/rpcproxy.dll localhost:3388 443 domain\administrator 76.227.181.109 HTTP/1.1 MSRPC - - remote.domain.com 200 0 0 69 1171 121
2013-02-27 04:11:14 W3SVC1 server 10.0.0.10 RDG_OUT_DATA /remoteDesktopGateway/ - 443 - 76.227.181.109 HTTP/1.1 MS-RDGateway/1.0 - - remote.domain.com 404 0 2 1445 326 109
2013-02-27 04:11:14 W3SVC1 server 10.0.0.10 RPC_IN_DATA /rpc/rpcproxy.dll localhost:3388 443 - 76.227.181.109 HTTP/1.1 MSRPC - - remote.domain.com 401 1 2148074254 693 341 125
2013-02-27 04:11:14 W3SVC1 server 10.0.0.10 RPC_IN_DATA /rpc/rpcproxy.dll localhost:3388 443 domain\administrator 76.227.181.109 HTTP/1.1 MSRPC - - remote.domain.com 200 0 0 69 1054 203
2013-02-27 04:11:15 W3SVC1 server 10.0.0.10 RPC_OUT_DATA /rpc/rpcproxy.dll localhost:3388 443 - 76.227.181.109 HTTP/1.1 MSRPC - - remote.domain.com 401 1 2148074254 693 390 125
2013-02-27 04:11:15 W3SVC1 server 10.0.0.10 RPC_OUT_DATA /rpc/rpcproxy.dll localhost:3388 443 domain\administrator 76.227.181.109 HTTP/1.1 MSRPC - - remote.domain.com 200 0 0 69 1171 140

Trace log (2-warning)

2013/02/26 23:17:11 [Error] Windows Group : TS Web Access Administrators already exisits.
2013/02/26 23:17:11 [Error] Windows Builtin Role : Administrator already exisits.
2013/02/26 23:17:13 [Warning] Program's icon file not available - using default.
2013/02/26 23:17:13 [Warning] Program's icon file not available - using default.
2013/02/26 23:17:13 [Warning] Program's icon file not available - using default.
2013/02/26 23:17:13 [Error] Could not write icon to file: Argument 'picture' must be a picture that can be used as a Icon.

Any help is appreciated - out of ideas right now.

Thanks!

Windows 2003 server, sp2.  4GB of RAM

every 3-4 weeks the server runs out of resources, event id 2020.  Paged Pool memory full.  Causes server to become unresponsive.  Users cannot RDP to server. On 11/26, I noticed spoolsv.exe had 106K+ handles and 908K of PPM.  I checked my poolmon logs which run every 3 secs and found the ToKe paged tag consuming the highest amount of PPM.  I cycled the printer spooler service and PPM was released from ToKe tag and spoolsv.exe went down to 254 handles, 84K of PPM.  On 11/26 after this event, I installed the latest HP universal PCL6 print driver too.

I have searched the internet to find a root cause for this issue and can see others having this issue but no resolution has been listed.  Can anyone explain why this is occurring and the relationship between the spoolsv.exe and ToKe paged pool tag?

Thank you

Hi everyone,

We have Windows Server 2008 R2 Terminal Services Server. There are 100 clients (ThinClient HP t5550 with Windows XP Embeded Edition) connects to this TS. We can remote control connected users from Terminal Server exept  Windows 7 o.s. clients (thinclient and workstation). Please help me ....

Hi,

My application/exe needs to get the session id of the invoker programetically- C#. I have used WTS APIs and check if the sessionstate is active then return sessionid. This works when there are single users connected to Terminal server. When there are multiple active sessions then the logic fails.

I have refered the URL :http://www.codeproject.com/Articles/111430/Grabbing-Information-of-a-Terminal-Services-Sessio

This lists all the sessions. I need to get the sessionid of the invoker only not all active.

Please help