Dear Team,
we planned to use linux based thinclient connected with microsoft server 2008 r2.
What are license we have to procure for the above connectivity.
Thanks & regards,
Arasu.
↧
Regarding CALS for thinclient
↧
Remote Assistance and Mandatory profiles
Hello all,
I've just implemented mandatory profiles and it seems that Remote Assistance doesn't work anymore. I can confirm that it works with normal profile.
Google told me that it's known problem that many people are facing, however I haven't seen any solution. The workaround with changing the "State" registry key is NOT solution - the profile is no longer mandatory and is not deleted after logoff.
Any ideas how to solve it?
Thanks,
Martin
↧
↧
Certificate for Remote Desktop Services .local
Hello,
My Remote Desktop server has as a name rd1.mydomain.local .
Whereas the public dns name is: rd1.mydomain.com
When I requested the certificate (to my internal CA server) for the machine rd1, I found the name of the certificate is "rd1.mydomain.local"
Does anyone know if I could request (to my internal CA server): "rd1.mydomain.com" ?
Luis Olías Técnico/Admon Sistemas . Sevilla (España - Spain)
↧
RD Web & Gateway setup in Web Application Proxy WAP?
Hi,
I'm building Web Application Proxy with ADFS Preauth for RD Web and Gateway. Can anybody help with these 3 questions:
- ADFS:
What is the best way to configure Relying Party Trusts in ADFS for RD Web and Gateway? - RD Web:
If I configure RD Web for windows integrated authentication, then I can logon to ADFS and successfully access the RD Web page, however no credentials are passed through to the client for connecting via RD Gateway.
If I configure RD Web for forms based authentication then I have to logon twice however it appears to set a TSWAAuthHttpOnlyCookie cookie correctly and credentials are passed through to the client for connecting via RD gateway.
How do I achieve SSO for both RD Web and RD Gateway? - RD Gateway:
I can't get gateway to work through WAP. I am wondering if this might be because it is attempting to authenticate with NTLM instead of Kerberos? I get repeated auth popups with "the logon attempt failed". Nothing useful in Web Application Proxy log. In the headers below extracted from fiddler my WAP is 'rdsext.lab.local'.
About the only doco I've found on this is here: https://technet.microsoft.com/en-us/library/dn765486.aspx
Any assistance appreciated!
Simon.
RDG_OUT_DATA https://rdsext.lab.local/remoteDesktopGateway/ HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Accept: */*
Cookie: TSWAAuthClientSideCookie=Name=lab%5Ctestuser&MachineType=public&WorkSpaceID=CB1.lab.local
User-Agent: MS-RDGateway/1.0
RDG-Connection-Id: {9DB5E643-DA7E-4D22-89FF-F6AB061CFBDE}
RDG-Correlation-Id: {6BB275E1-B8E1-44EE-B45C-ABE1BCA00000}
RDG-User-Id: dAB0AEAAcwBsAGEAYgA=
Host: rdsext.lab.local
Authorization: NTLM TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAGA4AlAAAADw==↧
Folder Redirection / Roaming Profiles on 2012R2
Hi there,
I am setting up a Remoteapp/ RDS environment and was hoping someone could advise on the following:
Environment: 2003 AD scheduled to be upgraded to 2012R2. All the servers below are Hyper-V VMs.
1 RD Gateway, 1 RD web, 1 RD Broker (all 2012R2).
2 Session collections, each with 4 RDS servers. Collection 1 is for remote apps and Collection 2 is for Full Desktop.
All session hosts are 2012R2.
The plan is to have roaming profiles and folder redirection along with user home drives. Roaming profiles for desktops will be on Profile01/profile$. Roaming profiles for RDS will be on Profile02/profile$. Home drives will be on FileServer01/Home$.
Additionally, we have a request that some users home folders also be 'work folder' capable.
1) I believe I am correct in that a user's Desktop and RDS profiles have to be in different places. However, what about Profiles for different RDS collections? Do the profiles for a user's RDS collections have to be located in different places (simillar to that of different RDS farms) or can 2 collections (Remoteapp and Full Desktop) share the same Profile?
2) http://blogs.technet.com/b/askds/archive/2008/06/30/automatic-creation-of-user-folders-for-home-roaming-profile-and-redirected-folders.aspx states several permissions for roaming profiles, home drives, and folder redirection. However the link is quite dated. Is there newer guidance or is the info here still valid for 2012R2?
3) Another option may be to use Profile disks for RDS. Is this more advantageous than the traditional way? The file and RDS servers themselves are Hyper-V VMs so would there be any issues mounting VHDX files within a VM? The client uses Shadowprotect to take image backups of all the servers so another concern is that the entire profile VHDX for a user gets locked while it is being backed up.
4) Is it ok for the home drive location to be the same for the user whether they log on from their desktop, collection 1 or collection 2?
Thanks,
HA
↧
↧
User getting popup message "The Recycle Bin on \\server\another user\start menu" is corrupted.
Hi all,
This is becoming a pain
We have a 2008 R2 RDS environment with user folder redirection. Every now and again, users are getting this message....
\\server\share$\user45\start menu
I myself have just logged into RDS, and I have this message. How on earth is this user45 having an effect on my account?
Just for info, user45 is a domain admin and works in IT. They regularly login to that server either directly, or using the /admin switch
Futhermore, when launching shortcuts from the taskbar I sometimes get unable to find \\server\share$\anotheruser\start menu. This other user is another IT admin.
Thanks
↧
RDweb as published app in citrix web interface
Hi everyone!
I have such a problem:
when launching (from RDS web interface) application published in RDS farm, black screen appears after i click "ok" in logon text message (legal notice text) or just hung on "preparing windows" and disappears after 2 minutes.
"connect to desktop" works.
RDS Web interface is published as application ( ie / FF) in Citrix xenapp web interface.
Do You have any ideas why it doesn't work ? Is it actually possible to nest RDS into Citrix web interface?
When i launch any app published in RDweb from citrix server (connected to server via rdp, RDweb launched from ie/ff) , it works.
Configuration details:
RDS farm - win 2012 r2, domain A, one server with all roles ( broker , host , rdweb, no gateway in farm)
citrix farm - xenapp 6.5 ( win 2008 r2), domain B
windows firewalls - off
firewall between domains - 443 allowed, 3389 allowed
Thanks in advance!
↧
Cannot Remote Into Win 2008r2
Good day My Fellow Techs, A few Months ago I was given a task to repair a server that had multiple issues, This server is a Gen 6 with 2008r2. Most of the more important issues have been resolve, but there is one issue that I need help on. I cannot log in remotely from my work computer even though I am the admin of the domain and server. the Error that i get once it ask for user name and Password goes as follows;
To log on to this computer, you must be granted the allow log on through Terminal services right. By default members of the Admin group have this right. If you are not a member of the admin group, you must be granted this right manually.
be aware that I have logged in and Gone through all the admin rights for the is Particular server.
Thoughts???
↧
How do I set up a Windows Server 2012 with client access licenses?
First time installing a Windows Server 2012 remote desktop services deployment.
I have Server1 that several users use. I have 15 client access licenses that I would like to add to the server so more than the default 2 people can log in at once.
from my understanding of the process, a windows server acts as a remote desktop licensing server and other servers contact this server to grab client access licenses. This will be all on one server. Thanks for any clarification.
↧
↧
Long Logon Times
I am troubleshooting long logon times (25 to 45 seconds) onto Windows 2008 R2 Terminal Servers and found that the profile creation is what is causing the long logon time. We are only using Local Profiles. Below is the gpsvc.log file of one login that took 26 seconds. The profile took 19 second to load. In the log below there is a 16 second gap between the GPO processing and the user's SID. Any ideas why there is a 16 second gap?
GPSVC(484.1248) 10:53:52:396 ProcessLocalGPO: Local GPO's gpt.ini is not accessible, assuming default state.
GPSVC(484.1248) 10:53:52:396 GetGPOInfo: Leaving with 1
GPSVC(484.1248) 10:53:52:396 GetGPOInfo: ********************************
GPSVC(484.1248) 10:53:52:396 GetGroupPolicyObjectListInternal: Leaving with 0x0
GPSVC(404.16cc) 10:53:52:396 GetGPOList: Leaving with 1
GPSVC(484.1248) 10:54:08:246 SID = S-1-5-21-118249029-956843410-312552118-7116
GPSVC(484.1248) 10:54:08:246 bMachine = 0
GPSVC(484.1248) 10:54:08:246 Setting GPsession state = 1
GPSVC(484.1248) 10:54:08:246 Message Status = <Applying user settings...>
GPSVC(484.148c) 10:54:08:246 StartTime For network wait: 24741ms
GPSVC(484.1248) 10:54:08:246 Setting GPsession state = 1
GPSVC(484.148c) 10:54:08:246 MaxTimeToWaitForNetwork: 12476ms
GPSVC(484.148c) 10:54:08:246 TimeRemainingToWaitForNetwork: 0ms
↧
Multiple RDS Desktops from same user
Is there a way to allow someone to access more than one "published" RDS desktop from a collection? In essence can I allow one person to open say 4 published desktops on the same group of RDS Hosts (same collection)?
↧
problem to reestablish the Remote Desktop Services session
One of our clients has two Windows 2008 R2 with SP1 as Remote Desktop servers. One user has a problem to reestablish the Remote Desktop Services session. We have downloaded and installed this hotfix on the 2008 R2 servers:
If this section does not appear, contact Microsoft Customer Service and .... kbautohotfix kbqfe kbhotfixserver kbfix kbsurveynew kbexpertiseinterKB2661332 ...
support.microsoft.com
support.microsoft.com/en-us/kb/2661332
But the user still has the same problem to re-establish the remote session. Do we need to install the hotfix on client/windows 7? If not, what could be the problem?
Bob Lin, MCSE & CNE Networking, Internet, Routing, VPN Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net How to Install and Configure Windows, VMware, Virtualization and Cisco on http://www.HowToNetworking.com
↧
Multiple RDweb and RD host
Hi,
Currently i have
a: Two rdweb servers : rdweb1.contoso.com , rdweb2.contoso.com
b: Two RD hosts : rdhost1.contoso.com , rdhost2.contoso.com
C: Two Collections : SG Collection, CN Collection.
User in Singapore will connect to rdweb1, they should be accessing the "SG collection" in rdhost1
User in China will connect to rdweb2, they should be accessing the "CN collection" in rdhost2.
But when i try to login to https://rdweb2.conto.com/rdweb , I can see both SG and CN collections.
What is the work around? Anything else i need to do? I want them to only see the collection closer to them. SG will access sg collection, china will access china collection.
Thanks.
↧
↧
Remote desktop smartcard errors: The system could not log you on. The requested key contained does not exist on the smart card
Hi,
I login to domain with smartcard. Domain is Server 2008 R2.
When I try to login to remote desktop services server (2008 R2) I open the RDP client, enter PIN and when the remote window opens I have the following 3 errors:
"The system could not log you on. The requested key container does not exist on the smart card."
I press OK, the the following errors appear:
"Windows is searching for drivers for your card. Please wait"
"The card supplied requires drivers that are not present on this system. Please try another card."
What can I do ?
↧
Remote Session Host Server at a Remote Location
Hello;
I have to office in the same city, the primary office is using a Windows 2012 R2 Remote Desktop Broker and 2 X Windows 2012 R2 Remote Desktop Session Host, for the secondary office; I am planning to install another Windows 2012 R2 Remote Desktop Session Host, these two offices are connected via a site to site VPN. In this scenario, can I use the original Broker Server to control the 3rd Session Host in secondary office? Of I must setup another Broker server in the secondary office?
Primary OfficeSecondary Office
Broker Server - 192.168.0.100 Session Host 3 - 192.168.10.101
Session Host 1 - 192.168.0.101
Session Host 2 - 192.168.0.102
I want deploy one Broker Server for Remote Desktop to control all Session Host, no matter it is locally or at remote site.
Any Pros and Cons?
KW - CNE,MCSE,VCP5
↧
Port 3389 is blocked ramdonly
We have one Windows server 2008 as Remote Desktop server. Recently, the Remote users keep having a problem to access the server because the port is blocked. The RDP is enabled and they can login if the user tries a couple times. After the user login, he/she
doesn't have any issues and he can keep the remote session forever. It is not network connectivity issue because consistent ping receives 100% reply. Whenever the port is blocked, our monitor send this alter "Connection to remote server on port 3389 failed
with err=0". WE have disabled the Windows firewall and Symantec Endpoint Protection, but that doesn't make any different. Any ideals?
Bob Lin, MCSE & CNE Networking, Internet, Routing, VPN Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net How to Install and Configure Windows, VMware, Virtualization and Cisco on http://www.HowToNetworking.com
↧
appdata folder takes too much space on rdsh server local disk c
hello all,
i have a small issue with my roaming profiles on RDS 2012 r2, the folder AppData is taking too much space per user on the local server in c:\users\%username%\appdata
i use roaming profiles through gpo and marked all the settings i could find to point all user profile folders to a network share and it works for all folder except for appdata\local
ive set the following (among others) in my RDSH machine policy:
policies > admin temp > > system > user profiles > set roaming profile path for all users logging onto this computer - i put my network path
policies > admin temp > windows components > rds > rdsh > profiles > set remote desktop services user home directory - i put my network path
in the users policy:
policies > folder redirection > all folders are redirected to my network share (btw i see AppData(roaming) but no Appdata(Local)
at the moment 1 user creates an appdata\local of 70mb
i also delete all temp junk left my users on the server but i cant create a local disk c of such size to handle many users...
is there a way to also redirect appdata\local to the network?
i cant use UPD (my share is not smb3 :/)
thanks for the help and time
Sean
↧
↧
Mandatory Profiles - Slow Logons and Setting Up Personalized Settings
Hi all,
This will no doubt open up a can of worms as I'm talking about using Mandatory Profiles in Windows Server 2008 R2 RDS (gulp), and no I don't want the headache of sysprepping or having to re-install the OS. We have a 20 server farm running very well so
we don't want this to turn into a nightmare.
Currently Users don't have anything configured in their AD account under the Profile setting, nor is there a GPO which sets an RDS profile. This is something we wish to implement.
Users logging in to a PC will remain the same, yet those same users who access the RDS platform will get a mandatory profile. We have a mandatory profile ready, created using this guide:
http://markswinkels.nl/2009/12/how-to-create-a-mandatory-profile-in-windows-server-2008-r2/
There is a new test gpo assigned to a group of users which sets the madatory profile path for an RDS session.
My question, is based around the windows personalized settings popup as this adds to logon times. Surely we want simple, fast logons. Why on earth is windows setting up anything when the profile is read only is beyond me. I had assumed windows
would be clever enough that if it found the file ntuser.man it would know it's read only so skip setting anything up.
anyway, I've read many conflicting articles about this. Some say to delete the stubkeys in the registry on each rds server, whilst others say remove keys in the profile hive?
I'd like to hear the experts take on this please
Info
====
http://blog.appsense.com/2009/08/some-mandatory-profile-best-practices-updated-april-16th-2010/
- deleting the key “HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders”, because it contains values with the path to the generating user’s locally cached profile folder, will cause problems at logon whereas deleting all of the values in the key, but not the key itself, does not cause issues.
- Delete all policy registry keys such as “HKCU\Software\Microsoft\Windows\CurrentVersion\Policies” and “HKCU\Software\Policies” (unless of course you want to apply GPO like lockdown this way but it can cause confusion).
- Strip out anything that you do not want – the best mandatory profiles are generally the simplest. There is, unfortunately, no easy way of deciding what should be stripped out. I tend to focus on Most Recently Used (MRU) lists such as those for opened documents, searches, runs and so on. The benefit of starting with the default user profile rather than a “contaminated” user profile is that this step, generally, is not required.
- Check all autorun locations, such as “HKCU\Software\Microsoft\Windows\CurrentVersion\Run” and “RunOnce”. It is usually best to have nothing in these keys and have things run at logon via other means.
- Set application defaults, such as disabling splash screens, either by running the application and configuring it or by directly editing the registry if you know what keys/values need setting.
↧
RDS Pooled desktop naming suffix bug?
I'm busy putting together our VDI infrastructure, a mix of shared desktop (RDSH) RemoteApp, App-V and Pooled Win8.1 desktops and have found an annoying facet of the automatic naming system. The underlying OS is Server 2012.
Let's say I have setup three machines, Pooled1, Pooled2 and Pooled3 by setting the prefix as "Pooled" and the Suffix as 1. I have recreated each of these three machines twice as the template image develops. If I now go to add another pooled desktop to the collection, it is created as Pooled10. Even though Pooled4 to Pooled9 have never existed, every time the virtual desktop collection members are recreated the counter is being incremented even though the existing machine names are reused.
Is there a way to stop this behaviour or, if not, where is the suffix counter held?
Many thanks
Angus Macdonald
Let's say I have setup three machines, Pooled1, Pooled2 and Pooled3 by setting the prefix as "Pooled" and the Suffix as 1. I have recreated each of these three machines twice as the template image develops. If I now go to add another pooled desktop to the collection, it is created as Pooled10. Even though Pooled4 to Pooled9 have never existed, every time the virtual desktop collection members are recreated the counter is being incremented even though the existing machine names are reused.
Is there a way to stop this behaviour or, if not, where is the suffix counter held?
Many thanks
Angus Macdonald
↧
Specify machines on which remotepp can run
I set up win2012R2 remoteapp environment with 2 session hosts.
All works fine.
However I would like to allow remoteapp use only if a user is using a corporate notebook.
In this way, he can use remoteapps on the go .. but only on our corporate device.
For example installing a certificate or something to identify the machines ? Is it possible ? How ?
Thanks.
↧