Hello,

i need some help please.

I have some RDS-Server with OS 2008 R2 and some with 2012 R2. I want to use a single 2012 R2 Server for RDS Licensing. I have about 200x 2008 R2 TS User CALs and about 200x 2012 TS User CALs.

Will i am be able to install both Licences within my 2012 R2 RDS Licensing Server?

What happens if a user connects to a 2008 RDS-Server and after that he connects to a 2012 RDS-Server? Is he consuming two CALs (2008 and 2012) or will his 2008 CAL upgraded to a 2012 CAL and the 2008 CAL gets realeased?

Thanks.

Kind Regards

Marco

I have a Windows 2012 R2 farm with two session hosts servers, a server that is both gateway web host for the portal.  The internal and external domain names are the same (before my time so I'm stuck with it) Internal hosts use a Microsoft DNS server for name resolution and the rest of the world uses the Internet DNS.  The session hosts are resolvable from inside by their hostnames but not so from the outside.  The farm works fine as is with one exception.  When users launch an app they get the certificate mismatch error because the host name a) doesn't match the farm's DNS name and b) the cert is self-signed so it doesn't chain back to a trusted authority.

I bought a SAN cert form DigiCert to fix the issue but when I try apply it to theRD Connection Broker - Publishing service in the deployment I get the following error:

"The specified certificate is not valid. The certificate properties must match the requirements of the role service."

The PFX was created by highlighting the DigiCert Global root and the farm cert I purchased from them and exporting to PFX format with a key. The cert I got from digicert has the following :

• Ensures the identity of a remote computer
• Proves your identity to a remote computer
• 2.16.840.1.114412.1.1

The Subject Alternative names are the FQDNs of the servers in the farm as well as the externally and internally DNS registered name of the farm host itself.

Enhanced Key Usage shows:

Can anyone tell me why this isn't working and what I need to do to get it to work?

Thanks

Jack

I am working with a Server 2012 R2 standard machine and attempting to get Remote Desktop Services installed and configured on it. Using the Add Roles and Features wizard while logged on locally to the server in question resulted in the error“Unable to connect to the server by using Windows PowerShell remoting.” However, if I use a different Server 2012 R2 machine to run the Add Roles and Features wizard remotely targeted at the original server then I can successfully get RDS installed.

Also, after the installation has completed I cannot manage RDS locally on the server but can successfully manage it remotely from another Server 2012 R2 box. When attempting to use Server Manager locally and choose the Remote Desktop Services menu the error message "A Remote Desktop Services deployment does not exist in the server pool."

The server appears to be functioning correctly and can be managed remotely just not locally. I can reproduce the behavior on other Server 2012 boxes in the environment.

What would cause local install and management to fail but remote management work?

If I disable NLA on a server (tried on 2 different servers), the rd connection (via gateway only) is much slower (over 1 min to get to the logon screen).

RD Gateways are 2012R2, hosts are 2012 and 2012 R2.

Re-enabling NLA fixes the issue. Any ideas?

Dario Palermo

Looking at the page https://support.microsoft.com/en-us/kb/2473823 I am confused about the steps I need to follow when trying to setup a system where a user who normally logs into one RDS server will be logging into RDS servers throughout the company's multiple domains.

Currently

• Each site is has its own domain (It was like that when I started, and when a site has a server upgrade it will be changed to be part of the single forest root domain but that is years in the making)
• Each of the 6 domains is a separate domain tree in a single forest.
• Each domain has its own RDS license server.
• Some domains have a bad and/or slow data link between them. We struggle to maintain one 9 of up time for the data link back to head office at one of the sites, and the others aren't much better.
• We have Windows 2008 R2 and 2012 RDS servers at the moment and will be purchasing newer versions of windows in the near future.
• Each site has only 1 version of windows for all of its servers.
• Head office currently has no 2012 servers. Though this may change in the coming months.

Target

We are now trying to integrate the sites more closely. We would like to set things up so that a small group of users can log in to a particular group of RDS servers across all of the sites and domains.

My Confusion

Is about 2 of the bullet points on the page https://support.microsoft.com/en-us/kb/2473823

"To restrict the issuance of RDS CALs, you can add RDS Host Servers into Terminal Server Computers group on RDS Licensing servers."

• Under what circumstances would we want to?
• Is the "Terminal Server Computers" group a group on the local server or is it an AD group? Is this supposed to be the same for 2012 as well as 2008 R2? if neither where do I find it or how can I make it?

"Configure RDS licensing server on all RDS Host Servers in each domain/forest. You can do it through RDS host configuration snap-in or through a group policy."

• Does this mean that an RDS host can only obtain RDS licenses from a single license server? If so how can we move license from one license server to another and decommission the originating license server role?
• What happens to the user sessions from site W connected to an RDSH server at site W with license server at site H if the data link between sites W and H goes down? Can existing sessions keep running? for how long? Can new sessions connect with a temporary license at least until the link to the license server is available again?

Hi

I see similar questions here but not the same as I'm having. I have a server for testing the new server with RemoteFX. Physical server is installed with Windows Server Technical Preview. Enabled Hyper-V. All drivers are installed including NVidia drivers. Installed a guest server running the same OS.

As I can see from this post: http://blogs.msdn.com/b/rds/archive/2014/11/05/remotefx-vgpu-updates-in-windows-server-next.aspx it should be supported to have the RemoteFX graphic adapter in the guest OS with Windows server Tech Prev. I have a unknown device in my device manager that I cant install the driver for.

What have I missed?

Joakim

Hi,

I've come across a problem today where I'm unable to connect to our locally hosted RD Gateway server. We have one Server 2012 R2 machine with the Remote Desktop Services installed. The system was setup following the configuration wizard in Remote Desktop Services section of Server Manager. One of our users has gone to connect to the main remote app hosted by this setup and received an expired certificate error. No problem I thought, checked the certificate on the server and it does indeed expire today. I'll re-issue a self signed certificate through the RD Gateway Manager and all should be ok. On loading the RD Gateway Manager, clicking Connect to RD Gateway Server and selecting Local Server I get the following error.

"The RD Gateway Manager snap-in console cannot connect to the server "SERVER" because it is not a RD Gateway server."

I've checked that the services for remote desktop are running which they are, and I can connect to the server using standard RDP remote desktop.  Any ideas on where to go next to solve this problem?

Rob

We have several terminal server farms and in each farm we have the need for 1 user to always log into a specific server in the farm.   This is due to a little piece of sortware that is required for a device that only this one user has and the fact the it is licensed to only one server.   The user must use that server for it to work.  I want to include this server in the farm because it seems silly to have a server for only one user.    How can I point one PC/user to the same server in the farm all the time?  We are using the Connection Broker and NLB which seems to work just fine for all other users. 

Thanks

I am setting up a new Windows server that will act as an RDP server. The server has been built with Windows Server 2012R2. 

I have the following roles and services working on the server: RD Web Access, RD Gateway, RD Licencing (with 30 user cal licences), the RD Connection broker, and the RD session host. 

I have a SSL certificate configured and installed on the site, and both external and internal DNS are configured and working. 

I have created and published an application collection and this is working. That is, when you go to https://remote.<servername>.org you are presented with a log in screen, users can log in with their domain accounts and then can connect to the published applications, this is working both on our internal network and from the general internet. 

So all the roles on the server are working and the collection itself is also working. However, what I cannot do is set it up so that we can use user profile disks with that collection. When I go through the Session Collection Wizard and I get to "User Profile Disks" I can click on "Enable user profile disks" and then you can enter the options below. 

I am entering the share location under location \\<servername>\<sharename> 

I am using the default "store all user settings and data on the user profile disk" 

Then I go to create the profile disks and I get the following error: 

"Could not create the template VHD. Error Message: -2147024809

This has happened multiple times, I have done the following: 

- installed all windows updates and rebooted the server, same error 

- checked the share permissions AND the folder permission for that share, for testing purposes I have set permissions on both the folder and the share to allow full control to "everyone" (I also tried it with only "domain users") but same error message. 

- I have checked to see that no quotas are imposed on the disk where I am attempting to create the profile disks  - this was because this was the closest thing I could find on Technet was this post:

https://social.technet.microsoft.com/Forums/windowsserver/ru-RU/aec30527-d742-42b9-950e-85c709c4cb45/vdi-problem-creating-user-profile-disks?forum=winserverhyperv

And that was a quota issue that I am not having. 

The UPD wizard says the following "the servers in the collection must have full control permission on the user profile disk share and the current user must be a member of the local Administrators group on that server" 

Recently, clients get problems when the Broker of our RDP server farm decides that the user should be redirected to another host. We use a broker and DNS round robin, no NLB or gateway.All RDP servers involved are Win2008R2, AD is Win2003.

The problem occurs with all modern clients (i.e., those with server authentication); changing the connectrion security from "negotiate" to "RDP" helps (though that brings back the old user experience of people having to enter their credentials twice etc.).

The error message the clients get in case of redirection is (translated from German):

Remote desktop connection cannot connect to remote computer.

From the remote computer "myfarm" which you are trying to connect to you are redirected remote computer "somefarmmember.mydomain.local". It cannot be verified if both remote computers belong to the same remote desktop session host server farm. You must use the farm name, not the computer name, if you want to make a connection to a remote desktop server farm.

Contact a network administrator to obtain support if you use a RDP connection that was prepared by the administrator.

If you want to connect with a specific farm member for administration purposes, use "mstsc /admin" at the command prompt.

In my test farm, I can even enforce this error message by blocking one server ("Do not accept logins until reboot") and let DNS resolve "myfarm" only to the IP of this blocked server (so that the broker will always decide to redirect).

What we see in the logs of the broker is that the redirection seems to take place correctly, but after some simeout the broker notices that the expected login to the redirected host did not occur.

What can be the problem? How can I debug more closely how that failed verification mentioned in the error message takes place? At least I am unable to see anything that seems to be related to the problem in any of my event logs

What might we have done to break things? Two months ago, we wanted to begin our migration from AD2003 to AD2012. A new Win2012 server was added and DNS and AD roles installed without any problems. Later we were unhappy with the new server in general and demoted and removed it - sucessfully as far as I can tell. While this process must have permanently "modernized" the schema and all, I cannot really assume that this process is the root cause of our porblems (also, the time the error behaviour stated was not directly related), but some side-effects might be perhaps?

Regards

Hagen

UPDATE

Things are getting weird: As of now some lucky users function, i.e. they go through the following steps:

1. Start "mstsc"
2. enter the farm name and "connect"
3. enter their credentials and "OK"
   
4. accept the warning about the certificate of the first contact rdp host (I let warnings on deliberately to easily see which hosts get tried)
5. accept the warning about the certificate of the second rdp host
6. huzzah!

Other (unlucky) users get only to point 3 (i.e., they are never even presented the server certificate warning) and get a "failed login" message upon hitting "OK". They can try again and again - only entering a different username/password (one of the lucky ones) will help.

Originally I had just one lucky user. It seems that one can (temporarily?) turn an unlucky user into a lucky user by doing "mstsc /admin" once to the destination rdp server (and logout again). This procedure was even needed to make Administrator work! It seems that at any moment I can have at most two lucky accounts - trying to make a third one lucky makes one of the others unlucky ...

A login attempt by an unlucky user leaves the following trace in the corresponding rdp host: In Eventlog "security" there is an Event 4625

>An account failed to log on.
>
>Subject:
>       Security ID: NULL SID
>       Account Name: -
>       Account Domain: -
>       Logon ID: 0x0
>Logon Type: 3
>Account For Which Logon Failed:
>       Security ID: NULL SID
>       Account Name: <unlucky username>
>       Account Domain: <domain>
>Failure Information:
>       Failure Reason: An error occured during login.
>       Status: 0xc000006d
>       Sub Status: 0x0
>Process Information:
>       Caller Process ID:       0x0
>       Caller Process Name: -     
>Network Information:
>       Workstation Name: <workstation name>
>       Source Network Address: -
>       Source Port: -
>Detailed Authentication Information:
>       Logon Process:              NtLmSsp
>       Authentication Package:       NTLM
>       Transited Services:       -
>       Package Name (NTLM only):       -
>       Key Length:              0

I find the many gaps (e.g., Source network addess) and all those NULL SIDs disturbing.

Hi,

I have been searching for requirements on RDS 2012 R2 but nothing has been found with regards to what SQL version it needs.  I am running 2008 R2 and what to go to 2012 R2 but not sure if my SQL 2008 R2 server will suffice for all roles.  Also, what do I need in SQL Cals to use RDS 2012 R2?

Thanks for anyone who can answer as it is holding up our project.

We have an 8 node cluster running RDS/VDI. We have 3 collections with 30 pooled desktops each in them. If I look in server manager, under collections; there are 3 boxes. I box goes across the top that shows all the collections. Then the bottom is split into two boxes. One box on the left is titled "Host Servers" and the one on the right is titled "Connections".

Under the HOST SERVERS section, it shows a list of all 8 of my RD Virtualzation Hosts, and how many Virtual Desktops are running on each. The issue I'm seeing is that the counts that this interface showsdo not match at all with what shows under Failover Cluster Manager.

Is there something that is not working right? Is there a way to get this interface to "re-inventory" so that the counts are correct? Or is this interface pretty much useless in that regard (among others)? I have logged off and re-opened server manager 20-30 times over the past months and it's just always wrong.

Does this inaccuracy effect connections? We do have users from time to time that get the spinning donut when they try to connect. It makes me think that maybe the system as a whole does not know where all it's Virtual Desktops are actually located so sometimes it causes issues.

Thanks.

Hi

For years client have been able to copy files from our Windows 2003 Terminal Server to their local workstation using:

copy myfile \\tsclient\mydrive\myfolder

However we upgraded to Windows 2012 Server R2 and now Windows 7 Pro clients cannot copy files.  The copy function creates the file name in their local folder but no content is sent after maybe 20 minutes or so the copy function times out and they get an error message saying that the application was unable to write to the file.  I have tried this function with my Windows 8.1 workstation and the file copies properly and it works fine for older Windows XP clients.  Does anyone know why Windows 7 clients are experiencing this issue.

Thanks

Simon

Hello,

I have a strange behaviour with Remote Desktop on Windows 7. I have a RDS 2012R2 deployment, with TS Gateways, broker and remote desktop collection. I have published a RemoteApp.

My issue is with the keyboard layout send by the client. My server is in English - Swiss French keyboard.

With my Windows 8 client, keyboard in "French", the keyboard used in my RemoteApp is correctly set to "French"

With my Windows 7 client, keyboard in "French", the keyboard used in my RemoteApp is set to "Swiss - French". This is not the correct layout.

Why under Windows 7 the keyboard layout is not send correctly ? 

I am running a Remote Desktop Services deployment with HA on Windows Server 2012 (not R2).  This occurs weekly for me, a user will be logged into server running a remote application, the user will report that they were disconnected during their session and when they try to reconnect they are unable to do so.  On the server side the user will either have a disconnected OR a couple days old active session (which should not be possible as I have GPO session time limits configured to kill the session in 12 hours).  I have tried to kill the session may different ways:
1) Task Manager > Users Tab > Right click logoff

2) Server Manager > RDS > Collection > Right click user and select logoff

3) Open CMD run - rwinsta ##  (## being the user session ID)

4) Open CMD run - logoff ## (## being the user session ID)

5) Open CMD run - reset session rdp-tcp#XX  (XX being the user rdp-tcp# session ID)

All of this yields no result, i have also opened task manager and killed all running applications however this leaves a few running applications: rdpclip.exe, taskhostex.exe, rdpinit.exe, rdpshell.exe, mstsc.exe

when i try to kill these, I get a warning that this may cause the server to shutdown OR access denied.

Has anyone found a solution to this problem?

Is removing servers from an RDS farm as easy as right-clicking and choosing 'remove server' or something like this??

Where can I find good documentation on this??

Or should I just set the server(s) to not allow logins?? -- does this setting persist across reboots??

We have too many RDS servers running for the current quantity of users, so I want to remove and shut down some of the hosts, what are the pros/cons of doing this?? (so long as MS updates and software updates are kept current)

Thank you, Tom

We have gateway.domain.org as our external/internal gateway server.

It goes from gateway.domain.org to rdbroker.domain.local, rdbroker is the DNS address for two connection broker servers.

After this it should set up the connection and create a remote desktop to one of the RDS host servers in the RDS host farm.

Sometimes this works, sometimes it doesn't -- for different user accounts and different computers.

How to troubleshoot this??

We know the firewall rules for DMZ etc. etc. are properly configured because everything IS observed to work, just not all the time consistently. We get errors about cannot contact the computer, cannot establish remote desktop connection...

Thank you, Tom

We have a Windows Server 2012R2 server running on VMware vSphere 5.5. When connecting with a RDP client, the audio redirect is established each time (playback & recording), but remote audio doesn't always play and recording isn't registered. It works like 3 out of 10 times a user logs in, user independent.

Sometimes when the user logs in it works, but most of the time it doesn't. When it works, the audio bar in the "playback devices" window lights up like it should. This is not the case when it's not working, it does display the remote audio device but the audio bar remains faded when sound is playing.

So its like the audio is playing, but not on the "remote audio" devices, even though it is the only one listed in the session.

• Desktop experience feature enabled
• Windows Audio & Endpoint Builder services are set to automatic
• Enabled local policies: Audio & video redirection, Recording redirection, Playback quality - high
• RDP client config: audioqualitymode:i:1
• USB headset both Logitech and Plantronics
• Client independent: HP Thinclient (win8.1), and two Fujitsu desktop (win7) - fully up-to-date
• RDP client file version 6.3.9600.16415

How can i troubleshoot this any further?

Hi Experts,

Is it possible to create a certificate for clients computers, so that only those clients can remote desktop the servers that has that certificate installed .....

Any suggestions for configuring this......???

Thank You.

TechSpec90