Quantcast
Channel: Remote Desktop Services (Terminal Services) Forum
Viewing all 27656 articles
Browse latest View live

Personal certificate release prompt not showing on user desktop

March 20, 2015, 9:39 am
$
0
0

'Client Certificate Private Key release prompt is incorrectly shown on a different session desktop rather than on the session desktop of the active user who has selected the client certificate to submit to a website.'

I have a client who is have a few issues with personal identify certificates for secure login to various websites through a Remote Desktop server (Unipass). Having read around on the issue I found a few who encountered a similar issue in various technical forums but could find no resolution mentioned in the posts. (I will post these after my account has been verified)

This is a Server 2012 R2 RDS and doesn't seem to be an issue based on the browser which is accessing the website. It has been tested with IE11 and the latest Google Chrome both of which have the same effect.

The behaviour can be replicated while shadowing the user session on an admin login. The user goes to the website, the certificate prompt appears and the user clicks ok to continue. For the user the website then pauses, seemingly processing the logon, however it is waiting for a certificate release prompt to be pressed to allow the website to use the certificate which has appeared on the admin session desktop that I am using, without any visibility of the user. Obviously this does not work in day to day operation.

Just to confirm the following also:

The client certificate is correctly imported and shows up in the personal certificate store of the user. The Third party CA has also been imported into the LM store.

Tried adding websites to Trusted sites in IE to raised integrity level from Low to Medium but that seemed to have no effect.

The issue isn't prevalent on Server 2008 and the personal certificates operate as you would expect, any prompts are directed at the user who is trying to use the certificate to identify themselves.

After Proc Mon traces the issue seems to be because read/write access to the certificate store/registry is denied so it reverts to LM which requires higher privileges and therefore appears on the admin desktop and not the desktop of the user who wants to use the certificate to connect to the website.

Can anyone point me in the direction of a fix for this issue?

Search

Dumb Terminal options using Server 2012 R2 RDS.

March 23, 2015, 10:23 am
$
0
0

I have a 2012 RDS environment configured and it works great to remote from any on network machine as well as I setup the RD Gateway to direct outside traffic.  So yes this works on a full machine with an OS and the RDP application and so on.  What I currently have in use here are a few machines that boot PXE from a 2x Thin Client server and that is directed to my old current RD solution which is server 2003.  Now upgrading 2x appears to introduce more configuration than what I want and almost appears that it want's to take the responsibilities of the RDS server 2012 deployment.  It has configuration for Gateways and what not as well.


I guess really what I'm looking for is a solution that will allow my machines to possibly still boot off the network, OR the HD and get directed to my current RDS solution I don't want to have an independent OS on these machines because they are VERY old.  Is there anything out there that is minimal cost and configuration?  This is for 3-4 boxes at the most so that's why I'm trying to keep it cheap.. 2x is a minimum of $1200.  I have to buy a 15 user license.

Under appreciated IT Tech...

Multiple users logged into one server, each users printer has a different name, application needs ONE name to print to.

March 16, 2015, 3:19 pm
$
0
0

Multiple users logged into one server, each users printer has a different name, application needs ONE name to print to. 

I'm NOT in any way a Terminal Services expert and I need help trying to get an application program working in a multi-user environment.

The issue is that the printer changes for every user that is logged in. The application needs to print NOT to the default printer, but to a "special" printer which is selected in the application... let's call it a label printer to simplify the explanation. You have your default regular printer, easy for the application to find that one, and then you have a special printer that labels get printed onto. The application needs to know what printer is the label printer. So we allow the user to select that in the application and the selection is stored in a config file in 
C:\ProgramData\mfgr\prog\setting files

I don't have access to the application so I can't change how this works.  

In the "regular" world, selecting the label printer driver to use should be per machine, NOT per user. When a new user logs into a machine, the physical printer doesn't go "poof" and a new printer suddenly appear. Same printer for all users.

Yet in terminal services, the physical machine is "merged" with the virtual machine on the server. And there can be many users logged in at the same time. So each users real machine (and real printer) is injected into the "fake" terminal services machine. The name of the printers is made unique for each user. So the printers DO go "poof" and change names depending on the user logged into terminal services.

So user "A" logs in and sets up the application to print to "LabelPrinterForUserA" (or whatever the name of the printer happens to be), that setting is stored in the ProgramData subfolder, and all is well. Later, user "B" logs in, and when they print, the application tries to print to "LabelPrinterForUserA" which doesn't exist for user B or is only accessible by user A. If user B re-configures, that breaks it for user A. 

SOLUTION 1: The way that /should/ work (in my mind) is that you define one "generic" printer in Terminal Services... call it "Virtual Label printer" and when the user wants to print to it, the print job gets re-directed back to whatever physical printer is actually connected to their local workstation. There is a map of virtual printer to actual printer depending on the current user. The application is told once to print to "Virtual Label Printer" for all users.

SOLUTION 2: Or... there should be some way to make the ProgramData sub folders separate per user. E.g. when user "A" tries to access:
C:\ProgramData\mfgr\prog\setting files
they actually get 
C:\UserData\UserA\AppData\mfgr\prog\setting files
and user "B" gets
C:\UserData\UserB\AppData\mfgr\prog\setting files

So the question I have is: Does either of those solutions exist hidden somewhere in the setup of terminal server? Or is there another way around this issue that I don't know?


Slow RD connection to server via RD Gatway if NLA is disabled on the server

March 23, 2015, 12:07 pm
$
0
0

If I disable NLA on a server (tried on 2 different servers), the rd connection (via gateway only) is much slower (over 1 min to get to the logon screen).

RD Gateways are 2012R2, hosts are 2012 and 2012 R2.

Re-enabling NLA fixes the issue. Any ideas?

Dario Palermo

Windows 8.1 RDP pci/font size too small

March 23, 2015, 10:01 am
$
0
0

I just purchased a Dell Xps 15 Windows 8.1 and am struggling with many apps including RDP which I use daily for several clients. I have searched on line for suggestions. I can connect but the font is tiny. I am not even sure if I have the correct RDP installed but I have tried all options on what I have to no avail.  My old laptop with Windows 7 is "dandy".  Any help would be appreciated.

Installed apps ask for permissions to open.

March 23, 2015, 1:28 pm
$
0
0

Hello,

I have installed apps to a network location and I am trying to open it as a standard user. When I log into the server as an admin (myself) it works fine. I know that it is a permissions issue. The application in installed on network shared drive. When I try to launch it as a standard user it asks me for admin credentials. I have located the executable and tried right clicking it and set it to run as an administrator still no luck. The standard user can open other apps such IE, Outlook, Word Excel. I have windows 2012 r2.

Thanks in advance

I have installed the icon on remote app via powershell. maybe I need to define the security fr the application this way. I will check.

Export-StartScreen issue

March 19, 2015, 11:32 am
$
0
0

Quick question.  I had exported a start screen for a windows 2012r2 RDS server.  No problems.

I had to update some of the tiles as there's shortcuts on the desktop that point to UNC paths...right clicked Add to Start.

The start screen looks correct when i run the export-startscreen powershell command.

When i log into RDS I get the "updated" screen but the tiles that point to UNC paths, missing!

Any idea?

Best third party tool or other option to compress print jobs?

March 19, 2015, 12:22 pm
$
0
0

We have gone from W2k3 and Citrix PS4.5 to a W2k12R2 RDS environment. Most of the issues have been worked out and I have the majority of heavy printers printing via network shared printers that are deployed via Group Policy rather than Redirected printers due to speed.

Even with using the non local redirected printers, printing is still slower than in the old W2k3/PS4.5 world. I have a user that batch prints a 100 documents a couple times of day and instead of processing 4 invoices per second it is now 1 per second. I have Client Side Rendering turned off. I believe the compression that the Citrix Univeral print driver delivered was the reason for this superior performance.

What have others done that wanted to say good buy to ICA, but still wanted good printing speed?

Steve J.

Search

Inaccurate messages about SSL and users in Best Practices Analyzer

March 19, 2015, 1:41 pm
$
0
0

I have an SSL certificate installed on the server. In RD Gateway Manager I selected the certificate, which is a valid certificate referring to the external domain name, ie contoso.com not contoso.lan. But in BPA it still says that the RD Gateway Server needs to be configured to use a valid SSL certificate. Is this because it doesn't refer to the internal name? I've seen one article over on the Spiceworks forums that says you need to have a UCC that refers to both the external and internal names. Is this true and could it be why I'm getting this message?

Another problem is that BPA is saying that there are no users in the Remote Desktop Users group but I do have users in there. Strange.

RDP screen goes black after successful remote login

February 6, 2011, 1:27 pm
$
0
0

I have a Windows 2008 Server that I have been connecting to once a month remotely to apply OS updates.  Often, I reboot that server and it uses auto-logon to login and run an application. 

Today, I rebooted the server and when I try to connect with RDP, I get the login prompt and enter my credentials, I see a few expected messages fly by on the host OS (the last one I see is the word Welcome), but then the screen goes black.

The apps on the server are running successfully because our applications can connect to them, we just can't logon to the desktop of the Windows Server 2008.

I made no configuration changes (I NEVER do) other than to apply the latest Windows Server updates.

I would prefer not to drive to the computers location, or try to coordinate a time to have the server hosting company assist me with troubleshooting; but is there anything else I can do?  Any ideas about what might cause this?

RemoteApp This theme can't be applied to the desktop

March 23, 2015, 2:10 am
$
0
0

Hello,

We are changing our servers infrastructure from windows server 2008 R2 to the new Windows Server 2012 R2.

We faced with really strange issue with TS and remoteapps. When the client starts a remote application the error message appears "This theme can't be applied to the desktop". It happens every time when the user starts remoteapp. RD connection (using mstsc) works fine without any messages.

Clients are Win7 Ent with roaming profiles.

I tried to stop the theme service on the server but it isn't fix the issue.

The method described here doesn't solve the issue for us.

The RDP Client update doesn't help.

Could anybody help?



RDS 2012 R2 Collection - Published Remoteapps not visible

March 22, 2015, 4:32 pm
$
0
0

Hello,

I have a strange issue with a RDS Deployment I´m setting up for a customer.

RDS Roles setup:

Server1: RD Licensing / RD Gateway

Server2: RD Connection Broker / RD Sessions Host / RD Web Access

I´m all done with the LOB Apps as well as adding ~30 users and migrated their profiles, I have set up UPD etc. All is working great and I´m almost ready to take it into production...apart from this annoying thing.

I have created a Session Collection and published some remoteapps.

However when I log in to the rdweb site it doesn´t show the published Remote Apps.I have tried to unpublish / republish, reboot and so on to no avail.

How can I troubleshoot and solve this?

Sure I could delete the session collection and create a new one, but what will happen with the created UPDs that has all the customized settings for the users (store all ?

Can those be redeployed to the new Session Collection ?

Also, I cannot be sure that this will even fix the issue.

Any advise are very welcome.

Thx /Tony

Can't resize/maximize remote desktop on one of four computers

May 9, 2011, 8:51 am
$
0
0

I have two Win7 and two XP computers using RDS to my server.  Up until yesterday, all were working correctly; when I connected to the server, the RD window showed up maximised and filled the screen.  As of yesterday, on one of the Win 7 computers, when I connect to the server, the RDS window is maximized, but just covers a small square area of my screen.  No matter which of the user accounts I log in with, the same thing happens.  On the Other three computers, the RDS window fills the screens.  I tried restoring the problem computer to an earlier restore point, but that didn't help.  No matter what I do, the window only shows as a small square window with that compter.

What could be causing this, and how can I fix it?

Creacon

VDI in multi forest

March 22, 2015, 12:33 pm
$
0
0

Hello everyone,

We have a situation with a Remote Desktop Services with virtual desktops where we are limited in our possibilities. We have a multi forest domain structure with trusts between the forests, some trusts are 2 way trusts, some trusts are 1 way trusts and some forests have no trust at all.

We are trying to implement a RDS solution with virtual desktops, the servers are in domain 1 and the client VDI VM’s are in domain 2. Our question is in which trust configuration is this supported and is there any documentation?

Our consideration is that we are not flexible and we need a hardware cluster for every forest and it’s getting very expensive.

Thank in forward i hope to get a trustful answer.

Kind regards,

Jasper Sybrandy

rdpsign and wildcard certificate

March 24, 2015, 4:40 am
$
0
0

Hi,

All is working fine with rdp sign and I can sign file with thumbprint of our wildcard certificate, but when running file I still have a message "Do you trust the publisher of this remote connection?". It's not yellow with warning, but a warning anyway. I can see a message:

Publisher: *.domain.com (our wildcard certificate)

Remote computer: rds.domain.com

Gateway server: rdg.domain.com

Is this normal for rdg files signed with wildcard cert used for RDS deployment?

Best,

Marcin

Search

Shadowing in rdp sessions

March 22, 2015, 2:35 am
$
0
0
hey,
i have a server with windows 2012 datacenter, i have installed "Remote desktop services" and when i go into "collections" i can see the sessions but can not use "shadow" option for login into one of them.
can anyone please tell me why is that, and even if the option should exist in datacenter 2012, thank you.

Printers of other users visible and show up multiple times under the control panel

May 14, 2014, 6:57 am
$
0
0

Hello,

I currently have a very interesting problem:

Some (not all) printers show up multiple times on every user session on the specific terminal server. This behavior show up on both of the 2 servers. Also the printer only shows up multiple times under the control panel, but not in the printer dialog.

The users are not part of either printer operators, Administrator or Power Users.

The servers are Windows Server 2012.

I cannot find a reason for this after some hours with my friend Google.

Does someone have any idea how to fix this?

Thanks in advance

Paul

BSOD on RDS Session Host with TSFairShare.sys

March 24, 2015, 7:06 am
$
0
0

We ran into a problem with a RDS Session Host running Server 2012R2.
The Session Host is running as a VM on a Server2012 R2 Host.

A BSOD was shown on the Session Host, but we haven't any idea why the error is shown.
There are no special policies settings activated, all standard. Anyone got any better troubleshooting I can try?

Thanks a lot.

FOLLOWUP_IP:
TSFairShare!CTSFSBucket::AddToQueue+12b
fffff800`3cdeb85f 8b4510          mov     eax,dword ptr [rbp+10h]

SYMBOL_STACK_INDEX:  4

SYMBOL_NAME:  TSFairShare!CTSFSBucket::AddToQueue+12b

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: TSFairShare

IMAGE_NAME:  TSFairShare.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  5215f7bf

IMAGE_VERSION:  6.3.9600.16384

BUCKET_ID_FUNC_OFFSET:  12b

FAILURE_BUCKET_ID:  0xD5_VRF_TSFairShare!CTSFSBucket::AddToQueue

BUCKET_ID:  0xD5_VRF_TSFairShare!CTSFSBucket::AddToQueue

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0xd5_vrf_tsfairshare!ctsfsbucket::addtoqueue

FAILURE_ID_HASH:  {91215d5c-bed6-e578-f863-e1d1634e5dff}

Followup: MachineOwner

Remote Desktop Farm - Limited office license

March 24, 2015, 8:14 am
$
0
0

Hello,

Can a load balancing remote desktop farm with four servers and remote desktop gateway be configured to only allow certain users to access Microsoft Office?   There are several users but only a few users needing Microsoft office so how can we share out office to these specific users without violating licensing?

I know there are ways to publish out applications to certain users in Citrix but not sure how this would be done in Microsoft Remote Desktop.

Thanks,


Add RDH server to collection

March 24, 2015, 1:30 am
$
0
0

Hello all,

We are using server 2012 R2 fully up-to-date with all update rollups.

I have the following question, I'm trying to add a new remoteapp server to a RDS collection on our RDS broker server but when I try to do so the wizard cannot find any RDS host server.

The RDS host role is installed on this server.

I just right click the collection and try to add the server.

What can be the reason the wizard cannot find the rds host?

I already have a group containing all RDS servers incl. the broker.

 

Kind regards,

Arjan

 


Viewing all 27656 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>