Hello, we have deployed HA RDS Farm 2012 R2 with several Brokers, Session Hosts etc. The problem is - when a user gets allocated session ID 114 (ONLY THIS), he get a black screen and can't login in any scenario (admin or regular user). I see it on any of our session hosts, later this session can come to "DOWN" state, some how, and workin fine, till servers reboot.
Problem is googling by "session 114", still no solution... any ideas?
A couple months ago I deployed a Windows Server 2012 R2, with the intent of using RDS Gateway on it for a client. I got it working, but there is a 60 second delay during the login process to the RDS Gateway. Specifically, the RDP client hangs on "Configuring Remote Session." This happens 100% of the time from outside the network (but never when connecting to the same server on port 3389 from *inside* the same network that the server is on). It is also important to know that even though there is always a 60 second delay, it still connects successfully 100% of the time. The client is not happy with the 60 second delay though (understandably), and has asked me to to solve the problem. I have done a ton of research, but the few possible solutions I came up with ended up not solving the problem. Here is everything I have done so far:
-My problem is *most* similar to this other post: http://social.msdn.microsoft.com/Forums/en-US/20a68eec-d639-47f7-abd1-3ae10aaf4db8/remote-desktop-to-web-role-gets-stuck-on-configuring-remote-connection However, the problem in that case eventually resolved on its own, & I have already tried the only suggestion mentioned in that thread (disabling port re-direction).....either I did that improperly, or it did not help).
-100% of the time immediately after a 60 delay login, I get this warning in the server's event log:
| SERVERNAME | 20499 | Warning | Microsoft-Windows-TerminalServices-RemoteConnectionManager | Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin |
"Remote Desktop Services has taken too long to load the user configuration from server \\servername.domainname.local for user XXXXXX" (where XXXXXX is an actual username).
The only recommendation I can find after researching *that* warning message is a small registry edit, which I have tried, and it did not help.
-In my research, I came across someone's theory that the problem is related to the SSL certificate, & the fact that the internal domain has a .local extension (which mine does). According to this theory, Microsoft's RDS Gateway (unfortunately) exposes the RDS Session host's computer name (including its .local extension) to the remote/external RDP client, and therefore the 60 second delay is caused by the remote/external RDP client taking time to look for the SSL certificate for the session host, which doesn't exist. The only way to determine whether this theory is the actual cause of the 60 second delay, or not, is to actually purchase a UC Certificate, which supports multiple domain names. There is an additional problem with testing this theory however, in that ICANN has mandated that certificates will no longer support .local (and similar) domain extensions come November, 2015. Therefore, even if I go through all the work to purchase & install the UC Certificate, *and* it happens to solve this 60 second login delay problem (which is a big "if"), that solution would only work for 1.5 more years from now.
I hope you can see I have tried hard to solve this problem on my own, but I am unable to. I really need some outside perspective to cut through the troubleshooting fog in my head regarding this particular problem. It is for that reason that any assistance with this problem would be greatly appreciated! Thank you in advance!
Hello, got an issue with printing
Windows Server 2012 r2 ->Remote Desktop
Printer gets rediricted - 32 and 64 drivers are present on server ( 32 bit on client PC )
Drivers are the same
It says it prints on Server but nothing comes out of a printer
Issue might be that the printer is also a printer/scanner/fax machine
Thanks for reading
Hello,
We have a new RDS 2012 R2 deployment that we're working on and are having some issues. We've got the environment setup for HA and that part seems to be working. We can connect in but when the connection broker hands the connection over to the session host,
we get a certificate mismatch error.
All access will be externally through the Web/Gateway and will be accessing remote apps. We have a wildcard cert loaded for *.mydomain.com on all the servers. (Including the session hosts.)
Domains
Internal: int.mydomain.com
External: mydomain.com
Servers
Web / Gateway: rdg01.int.mydomain.com & rdg02.int.mydomain.com (behind load balancer as remote.mydomain.com)
Connection Brokers: rdcb01.int.mydomain.com & rdcb02.int.mydomain.com - accessed via remote-cb.mydomain.com)
Session hosts: rdsh01.int.mydomain.com & rdsh02.int.mydomain.com
The web login to "remote.mydomain.com" works with no errors. In the .rdp file, I see "remote-cb.mydomain.com" in the correct locations. When I connect, shortly after getting prompted for credentials I get the follow error message:
1. Identity of the remote computer could not be verified. Name in the certificate from the remote computer RDSH02.int.mydomain.com (If I use the selfsigned) -or-
2. Identity of the remote computer could not be verified. Name in the certificate from the remote computer RDSH02.int.mydomain.com but the certificate is for *.mydomain.com (If i have the wild card associated to rds.)
Everything else works fine up till that point.
I've tried changing it so the servers were added using "rdsh01.mycompany.com" but server manager didn't like that. I allow followed the directions in Appendix A Non-RDP 8 Clients. (http://www.rdsgurus.com/ssl-certificates/windows-2012-r2-how-to-create-a-mostly-seamless-logon-experience-for-your-remote-desktop-services-environment/)
It seems to have left something out. I have the DNS entries created but the connection broker still uses the wrong name. Is there any way to tell the connection broker to use a different FQDN when it connects?
I've seen quite a few posts on this but it looks like most people stopped answering back without a resolution.
Thanks!
I have created 2 new remote app connections for different modules of the same application in TS 2008 R2. I am trying to launch them via a remote apps web front end on a Win7 Enterprise workstation fully patched.
One connection works fine but the other errors out immediately with "This RDP file is corrupted. The remote connection cannot be started." If I do not digitally sign the connection to the remote app site both connections work fine. All other connections published on this server work fine.
Thanks
Sean
Sean Evans
The error message is:
The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP: 94.242.239.162.
No way anyone from this IP should be logging in. Hacker? If so, where should I look to see how far it got?
The Security Log show a failed login 2 seconds before this (failed network login. Tried to login as admin.)
Thanks in advance
Don
Hi,
We have a RDS Session Host desktop collection of 4 servers. All 2012 R2.
We have those servers pointing to a file server to host UPD.
During my testing phase, everything was working fine.
We have about 100 users. When they connect, we get several users a day per server that end up with a Temporary Profile, instead of their normal UPD and we don't know why?
We have a GPO which sets the normal sort of settings for this you would expect with regard to disconnects, timeouts etc.
I have deleted all the users .BAK bits from the registry (HKLM\... Win NT \...\ ProfileList)
I have checked and when a user gets their temp profile, their UPD is accessable and I can mount it and view it OK (and disconnect it once done).
To me, it looks like the sessions are shutting down normally, I don't see any .exe remaining running in task manager etc.
AV is excluded from scanning the VHDX files on the file server.
Not sure what to check next.
Any advice please?
Thanks - James
Hello All,
I am looking for a clarification on my setup. I have had my RDS system setup for a few years now and I have had no issues in regards to certificates. We have updated our certs to SHA2 from SHA1 and now I am getting all kinds of errors. In my RDS console under certificates it states everything is trusted and OK. I have 2 connection brokers in an HA configuration and now when I connect to a desktop I get a certificate warning that the connection broker connection is not trusted. Is all of this a result of the SHA2 cert? I know I cannot raise the connection security to TLS1.1 or higher so I have not done that. I also assumed the GPO "Specify SHA1 thumbprints" will not work as well with a SHA2 cert. If I go back to a SHA1 cert I have this feeling everything will be fine.
Thanks,
Scott
Hi everyone,
There seems to be a blizzard of questions and misunderstandings about certificates for Svr 2012 TS.
Here is another one. I've just set up a TS system and its working using its self signed certificates. There are three servers; 2 are session hosts and everything else is on the 3rd. All three are domain member servers and there is a domain CA.
I've search and googled this issue and read many of the articles on the subject. Maybe I'm just not getting some of the finer points of detail.
For example this post looks promising
https://technet.microsoft.com/en-us/library/cc732329?f=255&MSPPError=-214721739
as it has the statement
"You can generate and submit a certificate request to obtain a certificate from a stand-alone or an enterprise certification authority (CA)."
Great we are making progress here, but wait, it then keeps the answer a secret. :-(
Is there a way to get a Certificate Signing Request out of a TS system and install a signed certificate? I read one article that described getting a CSR from IIS on the RDGW server, which I did and I then got a signed certificate from the domain CA and tried to install it on the RDGW server. The certificate from the Domain CA is in .cer and .p7b format. But the "Configure the Deployment" wizard wants the certificate to be in .pfx format. That, I believe, includes the private key. Why would I want to replace the private key?
I've probably missing something obvious here, or missing the point completely, as this process appears at best obfuscated and at worst is downright user aggressive!
I've been generating CSR's and installing signed certificates on MS and Open Source web and e-mail systems for years. I have a fair idea what I'm doing - I'm not a guru but not daft either. But there must be a subtlety I'm missing on this one.
So can this be done? I'm beginning to doubt it. I looked for how-to's on some well known public CA's Knowledge Bases. They don't seem to know either.
If there is a in depth "how to" that describes this in excruciating detail, I'd really like to read it.
Thanks for reading so far
Pointers and wisdom most welcome.
:-)
Ken
Hi this is a copy of my post in the Windows 7 misc forum where it's getting no relevant replys.
-------------
Has anyone been able to get this working?
All I get is error 1000 which is that the thin pc can not find the rdgateway or app server.
I know that they are both working and accessible from this machine, I can drag an rdp to the desktop and it runs, I can go to the rdweb site and run applications from there.
I have a full windows 7 test bed and running the wcx config file poulates the remote app programs and I can go to the control panel and type in the url and that works.
I have turned off all the firewalls, the thin pc is configured for hyper-v management and just about everything else works.
As this is the pricnipal use of thin pc - a hyper-v client has anyone got any ideas ?
Hi,
I think it is a stupid issue but I cannot see it...
So far here is what I have seen:
- I have a windows server 2008R2 which is used for connect clients using RDP.
- Clients are not in the same building so they need to be able to print on local printer.
Problem is: even if I am able to see the redirection of my local printer on the RDP session and click on the "printing test page", well nothing happen. No errors, no trouble, just nothing at all, and still, I do not have my copy.
However, when I try to print a "Nozzle check" (on a Ricoh printer) for testing print condition, it works...
Hope you will be able to help me.
Hello,
I have a sound issue with a 2008 server (32 bit). I'm monitoring the server via an RDP-Session that's up and running 24/7. Sometimes, the audio-output on the Client PC (Win 7 pro, 32 bits too) fells silent. Sound on the ClientPC itself (outside the RDP-Session) is fine, within the Session everything seems to be okay (volume control, Microsoft RDP Audio Device), just there is no sound. If I close the Session and reconnect, sound is back - sometimes for a day, sometimes for a week... Audio in the Console-Session or in other RDP-Sessions at the same time is flawless.
The WAN-Link between the two sites is a bit shabby, but as long as the session itself doesn't break I don't see a reason why a few beeps shouldn't come through.
After searching for a solution for a while now I have found hundreds of threads and solutions for no sound in RDP-Sessions at all, even a MS-Hotfix for shabby sound - but obviously I'm the only guy with such a problem.
Ideas anyone?
Thanks.
Hello,
We are facing a strange problem, the below is a description:
- We have a several terminal server 2008r2/2012r2
- Sometimes some users can not open their sessions on the server, due to the corrupted profile.
- For now my solution is to delete the user profile and at the next login they can login.
- The problem we have is we can not delete there associated folders without restarting the TS server?
I want to know if they are a solution to to delete the user profile and the associated folder without restarting the TS server because sometimes it happens 2,3 times a day?
Thank for your help
Hello,
i need to block access to the internet via IE, my users cant surffe the internet when they log in to the Terminal server.
what is the simply method to block it?
Thanks,
Itai
Hello,
We need 15 Remote Desktop Connection for our remote users. We have HPE ML310E Server and are going to purchase HPE Windows Server 2012 R2 Standard with 15 HPE RDS CALs. Question is, do we need to purchase standard user CALs as well with RDS CALs?
OnSite Geeks
Desired result (should be fairly simple-NOT): I need to access my server via Windows Remote Desktop via VPN from remote locations. I can VPN to the machine just fine.
Remote Access Error: The following error occurred in the Point to Point Protocol module on port: VPN3-127, UserName XXX. The connection was prevented because of a policy configured on your RAS/VPNserver. Specifically the authentication method used by the server to verify your user name and password may not match the authentication method in your connection profile. Please contact the Administrator of the RAS server and notify them of this error.
The other related error:
The address of remote RADIUS Server xxxx in server group VPN-access resolves to Local address xxx, and will be ignored. THis is listed twice. Once each for IPv4 and IPv6 address.
Again my goal: Very simple - Provide remote access to my server. I can VPN in, but am blocked with Windows Remote Desktop. Actually tried Chrome RD also. Same results. This is a new server setup and the only thing on the Server besides the operating system. Is SQL Server.
I will be eternally for any an all help!
Christopher
Thank you, Chris
I have new setup which is working fine externally for Windows 8.x and Windows 10 clients, but not working with any Windows 7.
When launching a published WebApp users on Windows 7 are getting error message "Your computer can't connect to the remote computer because and error occurred on the remote computer you want to connect to. Contact your network administrator for assistance."
The setup is:
I'm stumped. Any ideas?