the mac clients are running RDC for mac version 2.1 and they cannot connect to Windows 2008 R2 TS server. They get the error "You were disconnected from the Windows-based computer because of problems during the licensing protocol".
really appreciated if someone have a fix for this.
thanks,
/dan
Our Remote Desktop users and Redirected Printers. Every login after the first they're getting what clearly appears to be the current + previous sessions multiple redirected printer sessions #s. Very frustrating. See attached image.
This really hints of the previous Login Sessions not closing properly, user profile logjam.
We're now focusing on the Event 1530 errors as a likely culprit. This event occurs at every user Log off. Below an a typical example of the event.
We read numerous forum posts and tried many of the suggestions.
1. Yes we have disabled Printer Redirection in Group Policy, same events occur
2. Yes we tried the UPHClean service which was popular back with W2K3 Terminal Server, it won't install on 2008 R2 and as its been replaced the MS User Profile Service.
3. No A/V software installed, no MSE or Defender.
4. User Profiles are at default location, on C:\Users\ of RDS Host. Very simple new setup.
Do we need to research these Processes shown below individually? Process 652 shown twice? Or any other solution you can suggest allowing the Redirected Printers to refresh/clear user profiles properly. How do we rid ourselves of Event 1530?
Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 2/18/2013 4:37:25 PM
Event ID: 1530
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: RDS.Domain.com
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
3 user registry handles leaked from \Registry\User\S-1-5-21-3730962552-3612442801-2705850247-2101:
Process 652 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-3730962552-3612442801-2705850247-2101
Process 980 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3730962552-3612442801-2705850247-2101\Printers\DevModePerUser
Process 652 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-3730962552-3612442801-2705850247-2101\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Any hints and comments would be greatly appreciated.
I've been receiving User Profile Service event id 1530 with nearly every logout from an rdp session. Our environment is Windows 2008 R2 64 bit running on Citrix XenServer 5.5. RDP is in remote administration mode. Tested with and without Windows updates applied. No additional printers added, no connection to a domain.
Because the environment is virtual, I've been able to try many combinations and have narrowed it down to this: When Windows 2008 R2 has a single processor, the event does not occur. When I give the virtual server two processors, the event occurs with nearly every RDP logout. Same results with or without XenTools installed. I do not have the resources to test the single/multi processor difference on physical hardware.
Any insights would be appreciated. I've posted the full event as well as information about the process that is mentioned in the event.
AB.
Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 7/23/2010 8:38:51 PM
Event ID: 1530
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: WIN-36DPBES2P14
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2545583-721118796-2022419212-1000:
Process 888 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2545583-721118796-2022419212-1000\Printers\DevModePerUser
----------
Process 888 is svchost.exe running UxSMS (Desktop Window Manager Session Manager), UmRdpService (Remote Desktop Services UserMode Port Redirector, TrkWKS (Desktop Distributed Link Tracking Client), and Netman (Network Connection)
Hi there,
I'm setting up a remote desktop farm. Here's my general config:
-All servers running Windows Server 2012.
-Three domain controllers, configured for a domain named internal.domain.org.
-Three remote desktop session host servers.
-One server hosting RemoteApp and the Remote Desktop web service.
-One Remote Desktop Gateway server.
-One Remote Desktop Connection Broker server.
The three Remote Desktop Session Host servers have been combined into a collection named "Farm" and there are three DNS records for Farm - one pointed to each of the servers' IP addresses. The Gateway server has been left at the defaults for CAP & RAP policies for now, which allows all users in the Domain Users group to access all resources on all Domain Computers.
A wildcard certificate has been purchased for *.internal.domain.org, which is what we're going to use for addressing the remote desktop farm both internally and externally. The wildcard certificate was applied using Server Manager to all four of the functions listed under the Remote Desktop certificates config (RD CB Signing, RD CB Publishing, RD Web Access, RD Gateway) and I have also manually installed it to the three remote desktop session hosts, using Certmgr.msc to put it in the Local Computer Account's personal folder, mirroring the automatic configuration that Server Manager did for the Gateway & Connection Broker servers.
Now, on to the issues:
First, when I try to connect internally to the session hosts, I *have* to use the farm name. If I try to use a single RDSH server name, it pops up an error saying you must use the farm name. That's all fine - redirection happens correctly, etc. However, when I try to connect from outside using the gateway, the exact *opposite* happens - it refuses to connect to the farm name, but will connect to individual servers, and appears to be doing the redirection correctly as well. The thing is, I don't want people putting in individual server names - I want the farm name to work when they're connecting through the gateway. How can I make that happen?
Second, when I connect internally to the farm name, it redirects to one of the RDSH servers, but then pops up an error saying the "certificate is not from a trusted certifying authority" even though the wildcard SSL certificate is installed on all of the servers. When I view the certificate, it's definitely not the wildcard cert - it appears to be the self-signed cert that was generated by the RDSH server. This error does not occur when connecting through the gateway. What can I do to make this error go away?
Third, when I add the RemoteApp feed URL to Control Panel\RemoteApp and Desktop Connections, it asks for credentials to add it - even though I have the default credentials (and default credentials for NTLM) settings in group policy set to allow the delegation of credentials to the RemoteApp server. Any way to get rid of this?
Fourth, once I add in those credentials and add the RemoteApps - I click to run one of the apps in my Start Menu, and I get a warning asking if I trust the publisher of this RemoteApp program. Again - the SSL cert is installed on the RemoteApp server, so I don't understand why I'm continuing to get these errors.
Fifth, from outside and coming through the gateway, I get the same error as above in #4, but then am prompted to enter credentials again (apparently for the Broker server), and then am denied a RemoteApp connection with the message "Your computer can't connect to the remote computer because a security package error occured in the transport layer."
Any help with any of these is much appreciated. Thank you!
During deployment of a new application, we have been running into strange issues trying to run processes with certain domain accounts. Looking through the machine settings the only difference we could see between the affected accounts and accounts that work is that the affected accounts are added directly to the local administrators group and the accounts that work are added through AD security groups.
Seeing this i decided to mess around with the account membership of the local administrators group. I found that if i place the account into an AD group that is a member of the local administrators group the account can no longer connect to the server through RDP (after a reboot of the server); however I can connect to the server locally and do indeed have full administrator privileges on the server. If i move the user back to being defined as a direct member of the local administrators group I can RDP again. All accounts are domain accounts; some accounts work and some accounts do not. All remote desktop settings are default including Local Security Policies.
Works
Does Not Work
I believe this issue affects more than just RDP, however this is a pretty obvious condition produced by the underlying issue.
My initial thought point to how the machines were provisioned. We clone out machines through VMware 5.1 and do not perform sysprep on the machines after cloning. After researching this further it appears that sysprep is indeed not required but still recommended.
Searching around for a couple days has not yielded any useful results. There is also nothing useful in the event logs of the server.
Has anyone encountered this issue before?
hello ,
i dont find an option to export .pub file that i need in order to publish terminal servers thruogh UAG
any suggestions ?
Hi everybody,
I am tinkering around with Remote Desktop on Windows Server 2012. After running into several problems, everything works now...except for RemoteFX.
The server runs on a INTEL XEON X3440 processor. I bought a new graphics card (HIS Radeon HD 5450) to use for RemoteFX. DirectX 11 is installed.
When I installed the drivers and the Catalyst software, the graphics card shows up in the Hyper-V settings an I can choose to use it for RemoteFX. But in the settings for the VM I cannot install RemoteFX.
After restarting the server Hyper-V Manager doesn't recognize that there is a graphics card installed that supports RemoteFX.
Any ideas?
Christian
Hi all,
We are using Folder Redirection and Roaming Profiles in our environnement.
Roaming Profiles are stored in \\ShareServer\Roaming\%username%
Folder Redirection are redirected in \\ShareServer\FolderRedirection\%username%
(not the same directory).
It works, redirected folder and profiles are created, but, when we use a script using "%userprofile%" as variable everything will be written in the local profile and doesnt not appear in the user redirected folders.
For example if I use a script like "copy FILE.txt %userprofile%\Desktop\FILE.TXT" the FILE.txt will exist in C:\users\<my_user>\Desktop but will not appear on the desktop and will not be copied into the redirected folder.
I would like to change this behavior so everything will be in the redirected folders.
Hi,
We have a Windows 2008 R2 Farm and the users are configured to get a Aero Visual Style theme when they log on. The Theme is applied using a GPO "User Configuration\Policies\Administrative Templates\Control Panel\Personalization" and Loopback processing is set to "replace" via another GPO. We find that when a user logs on for the first time they get the standard "Windows 2008 R2" branded background but then get the correct black Themed background when they log on after that. Could anyone provide some insight on how this happens?
thanks.
What is happening: File access is slow to open files when browsing to the network resource, say S:\shared\docs\here\doc.doc. When they double click on that document it take 20-40 seconds to open. This statement is also true for ANY type of file, .xls, .pdf, .tif, .jpg, etc. We can also copy that same file that is slow opening on the network to the desktop of the server and it takes the same amount of time to open directly on the server.
However if we know we are going to open a PDF per say, and we open Adobe Acrobat PDF, then select FILE > OPEN and choose the file we wish to open (without regard to file location, local or network based), the file opens as normal with no lag time.
Our assumptions here was that SEP (Symantec Endpoint Protection) on the file server could be causing the issues, if this was true the following statement would apply:
· All workstations would also experience a delay of some nature, but this is not the case.
Based on the information above SEP on the terminal server would logically be the next step to remove, or disable. I suspected this in the process of diagnosing these problems, however someone had removed SEP from the terminal server previously, so it’s not even a factor to consider anymore.
I have ran a full Malbytes scan of the server looking for Spyware or other things, and the server came up entirely clean.
Filemon does not reveal any sinister processes running when any of these application call out a document or file. Filemon appears to show that everything opens normally and there are normal processes associated with it.
This problem impacts ALL users on the terminal server, on all programs. The server also has some “sluggish” response when trying to view things in admin tools, say log files or whatever. The system appears to stall for the same amount of time occasionally as the file take to open, however this is not consistent at all.
The server had 4gb of virtual memory on the E drive, 3gb of physical memory on the server and has a nice Xeon processor… so that’s not a factor really since they have 10 users give or take on it at any one time.
Event 1130 Logged, get-rdslicenseconfiguration is correct, and no error in RD License Diagnoser.
Group Policy shows the correct server. The is an active Directory deployment. Server 2012
The license Server is the same box as the Session Host.
The Event 1130 on the 2012 server says to run the Remote Desktop Session Host Configuration tool ?? That no longer exists.
Have removed and redeployed roles, with no help. Anbody have any Ideas?
Hello Everyone,
I spent a lot of time trying to find a resolution to this issue and could use some help.
My Environment: I setup a 2012 Domain controller (DC01) and a 2012 RDS server (TS01). The domain controller has the RD Licensing Manager and RD Licensing Diagnoser installed. The TS01 server has all the other RDS roles installed.
I Installed the licenses on DC01 and they show 0 Available and 5 issues even though nobody has logged into the server
I also pointed the TS01 server to the license server (DC01) but I get this error when adding it:The license server specified is not valid. Verify the server name and specify a valid server name before saving the settings.
When I run the RD License Diagnoser from either server, I get the below error. Does anyone know what I'm missing? Is the 2012 server really looking for 2008 RDS CALs??? I didn't think that was possible.
----------------------------------------------------------------------------------------
The Remote Desktop Session Host Server is in Per User licensing mode and No Redirector Mode, but the license server dc01 does not any installed licenses with the following attributes:
Proiduct Version: Windows Server 2008 or Windows Server 2008 R2
Licensing mode: Per User
License type: RDS CALs
-----------------------------------------------------------------------------------------
Any help would be greatly appreciated. I think we have 2 weeks left on our grace period.
Thanks in advance!
Hi
I have an RD Session Host farm configured with a clustered connection broker. This works fine, providing load-balanced RDS sessions (Terminal Server Sessions) to domain users.
I also have a number of domain bound physical hosts, running legacy applications. I would like to assign these physical machines as "personal desktops" to some specific users. I have setup another RDS host, made it a member of the connection broker cluster, and set its mode to "Virtual Machine Redirection". How can i specify machines to redirect-to without using a Hyper-V server?
Since these are physical hosts they are not running on Hyper-V, nor can i virtualise them.
I have seen the account properties in AD for assigning the FQDN of a host to a user, but i do not know how to configure the RDS host for this purpose.
Any help would be appreciated.
Clean install on IBM 3250, joined domain, attempting to install RDS and get the following errors:
RD Connection Broker role service:
Failed - The RD Connection Broker cannot be joined to the RD Management server.
RD Web Access role service:
Failed - Exception of type 'Microsoft.RemoteDesktopService.Common.RDManagementException' was thrown.
RD Session Host role service:
Failed - Exception of type 'Microsoft.RemoteDesktopService.Common.RDManagementException' was thrown.
This was on our 2003 functional level domain. Next i tried this in my sandbox environment which is a 2008 R2 functional level domain and it works fine.
Has anyone experienced similar issues trying to implement 2012 RDS in a 2003 AD environment? I would appreciate any leads to resolution. Looking through errors in event logs but have not located a smoking gun.
Searches on the above errors just lead to posts about people trying to cram RDS onto their AD servers.
I have deployed RDS 2012 for multi tenancy purposes and have a few questions:
Some information on our setup:
We have 1 DC, 1 RDS Gateway/Connection Broker/Web Gateway. Tenants are configured in to collections.
1) Does anyone know why there is such a huge delay in opening a Remote Desktop connection? It's 30 seconds or more.
2) Why do you need to edit the registry to allow remote apps and be able to connect to the servers? (See http://infused.co.nz/2013/03/04/rds-publish-remote-desktop-with-remote-apps/)
3) How can I easily manage the users Metro screen? We have office 2013 installed, but the icons only show on the administrator login. We only want to display these icons as well as the Desktop icon.
Thanks.
I know this topic has been beaten to death but the sheer amount of posts makes it difficult to decipher the fix.
Background:
Windows Server 2012 RDS infrastructure
*Gateway/Web Access/Licensing/Connection Broker roles on 1 Server 2012 VM
-Gateway configured with options:
*Session Host role installed on 3 separate VMs (each a separate VM running Server 2012)
*3 Remote App collections published (each going to their respective server)
*BYOD scenario - clients running Win7/Win8 connecting to RD Web. Working from home, offsite, etc.
2 issues:
*Being prompted twice for credentials - once when logging into RD Web (of course) and then again once a Remote App is selected. Not prompted twice internally from other server 2012 boxes joined to the domain. This leads be to believe if I used Win8 it wouldn't happen? http://blogs.msdn.com/b/rds/archive/2012/06/25/remote-desktop-web-access-single-sign-on-now-easier-to-enable-in-windows-server-2012.aspx
*Getting the "the identity of the remote computer cannot be verified..." warning. Not sure how to fix this since the internal name of the servers is xyz.local and the name of the SAN SSL cert is *.scotapps.com
Thanks!
Hi,
Recently i deployed the "Remote app on windows 2012 ".I have published few applications for all domain users.But the issue is that after successful logon
no publish app are viewing by any users.
all users view following only one thing after logon
current folder:/
Please help me out.
Hello,
We have windows 2003 std. server and I had enabled remote desktop option and it was working well but few days back i have reboot my server and I wont be access server using mstsc console. I have tryed below steps for resolve this problem
Kindly tell me how to resolve this problem
With warm regards, Kiran Sawant
I have a server 2008 R2 member server that is running Remote Desktop Services. We create and distribute remote apps to give to our end users. Everything was working as expected until a few days ago, when we started getting errors in our System event log. The errors are as follows:
The Network Policy Server service terminated with the following error: %%-2147352573
Log Name: System
EventID: 7023
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Opcode: Info
The failure of the NPS service to start caused the RDS Gateway service to fail as well and suddenly remote app users could not connect. We worked around the issue by having the users connect with a traditional RDP window, but I need to bring the remote app functionality back up. I have tried restarting the server and checking the VssAccessControl registry key. No dice. I also was going to uninstall/reinstall the role, but without the service started I apparently cannot uninstall the role. Attempting to manually start the Network Policy Server service brings up an error stating:
Windows could not start the Network Policy Server service on Local Computer. Error: 0x80020003: Member not found.
I can't seem to find any further information on this issue. Any help would be appreciated.