I've set up a single Server 2012 R2 Gateway/Session/RDWeb server. At some point during setup, the WebFeed stopped working and I can no longer connect using the RemoteApp and Desktop Connections control panel or the Remote Resources connection in the Mac RDC client.

Trying to connect to https://domainname.com/RDWeb/Feed/webfeed.aspx receives an Error code: "0x80040205, 0x1F4" on Windows connections and nothing on the Mac except an empty Remote Resources list.

Looking at the inetpub logs, the following events are recorded during the connection attempt:

------------------------------------------------------------------------

#Software: Microsoft Internet Information Services 8.5

#Version: 1.0

#Date: 2016-03-28 15:35:38

#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Referer) sc-status sc-substatus sc-win32-status time-taken

2016-03-28 15:35:38 172.xxx.xxx.xxx GET /RDWeb/Feed/webfeed.aspx - 443 - 50.xxx.xxx.xxx TSWorkspace/2.0 - 302 0 0 155

2016-03-28 15:35:38 172.xxx.xxx.xxx GET /RDWeb/FeedLogin/WebFeedlogin.aspx ReturnUrl=%2fRDWeb%2fFeed%2fwebfeed.aspx 443 - 50.xxx.xxx.xxx TSWorkspace/2.0 - 401 2 5 144

2016-03-28 15:35:38 172.xxx.xxx.xxx GET /RDWeb/FeedLogin/WebFeedlogin.aspx ReturnUrl=%2fRDWeb%2fFeed%2fwebfeed.aspx 443 - 50.xxx.xxx.xxx TSWorkspace/2.0 - 401 2 5 12

2016-03-28 15:35:50 172.xxx.xxx.xxx GET /RDWeb/FeedLogin/WebFeedlogin.aspx ReturnUrl=%2fRDWeb%2fFeed%2fwebfeed.aspx 443 domain\username 50.xxx.xxx.xxx TSWorkspace/2.0 - 200 0 0 105

2016-03-28 15:35:50 172.xxx.xxx.xxx GET /RDWeb/Feed/webfeed.aspx - 443 - 50.xxx.xxx.xxx TSWorkspace/2.0 - 500 0 0 188

-----------------------------------------------------------

The 401 entries lead me to believe authentication is being denied somewhere for some reason, but I haven't been able to figure out where.

Looking at the server's Security log, I see the logon attempt followed immediately by a logoff notification. I see the logon attempt is using NTLM:

-----------------------------------------------------------

Detailed Authentication Information:
    Logon Process:        NtLmSsp
    Authentication Package:    NTLM
    Transited Services:    -
    Package Name (NTLM only):    NTLM V2
    Key Length:        128

-----------------------------------------------------------

Any help is appreciated.

Additional information

I looked at another server that has a working feed, and found this series of events in the inetpub log file:

-------------------------------------------------

#Software: Microsoft Internet Information Services 8.5

#Version: 1.0

#Date: 2016-03-28 16:24:41

#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Referer) sc-status sc-substatus sc-win32-status time-taken

2016-03-28 16:24:41 192.xxx.xxx.xxx GET /RDWeb/Feed/webfeed.aspx - 443 - 50.170.136.41 TSWorkspace/2.0 - 302 0 0 799

2016-03-28 16:24:41 192.xxx.xxx.xxx GET /RDWeb/FeedLogin/WebFeedlogin.aspx ReturnUrl=%2fRDWeb%2fFeed%2fwebfeed.aspx 443 - 50.xxx.xxx.xxx TSWorkspace/2.0 - 401 2 5 102

2016-03-28 16:24:41 192.xxx.xxx.xxx GET /RDWeb/FeedLogin/WebFeedlogin.aspx ReturnUrl=%2fRDWeb%2fFeed%2fwebfeed.aspx 443 - 50.xxx.xxx.xxx TSWorkspace/2.0 - 401 2 5 36

2016-03-28 16:24:54 192.xxx.xxx.xxx GET /RDWeb/FeedLogin/WebFeedlogin.aspx ReturnUrl=%2fRDWeb%2fFeed%2fwebfeed.aspx 443 foundation\mcsadmin 50.xxx.xxx.xxx TSWorkspace/2.0 - 200 0 0 1580

2016-03-28 16:24:55 192.xxx.xxx.xxx GET /RDWeb/Feed/webfeed.aspx - 443 S-1-5-21-484763869-xxxxxxxxxx-xxxxxxxx-xxxx 50.xxx.xxx.xxx TSWorkspace/2.0 - 200 0 0 1483

2016-03-28 16:24:55 192.xxx.xxx.xxx GET /RDWeb/Feed/rdp/mstsc256.ico - 443 S-1-5-21-484763869-xxxxxxxxxx-xxxxxxxx-xxxx 50.xxx.xxx.xxx TSWorkspace/2.0 - 200 0 0 519

2016-03-28 16:24:55 192.xxx.xxx.xxx GET /RDWeb/Feed/rdp/cpub-Remote_Server_Co-Remote_Server_Co-CmsRdsh.rdp - 443 S-1-5-21-484763869-xxxxxxxxxx-xxxxxxxx-xxxx 50.xxx.xxx.xxx TSWorkspace/2.0 - 200 0 0 47

---------------------------------------------------

The same 401 status codes are there, but it looks like the feed is supposed to return with the user SID and allow access. Instead, I'm getting a 500 status code on the non-working server.

I have gotten a server set up with Windows Server 2016 TP4, and deployed RDS on the server. I installed several applications that use several different rendering technologies (including OpenGL), and I am seeing no difference from RDS 2012 R2, even though I have enabled 1Gb of RAM for the graphics. The video card shows up on the client VM as Microsoft RemoteFX Graphics Device - WDDM, and is not recognized by any of the applications as a compatible card, so they have problems with hardware acceleration. For example, AutoCad 2016 does not allow me to enable hardware acceleration because it says my graphics card is not compatible. It is the same experience that we get when using RDS on Windows Server 2012R2.

On the server, we are running an Nvidia Grid K1, which is the top recommendation from Microsoft. I was not able to install the latest Nvidia driver, because it says the OS was not compatible. The only driver I was able to install successfully looks like it was from 7/2/2014 - 340.52. This is the only thing I could think of that would not allow RemoteFX to function properly. If this is most likely the cause of the issue, any information on a workaround would be great. I have tried to manually install the driver through Device Management, but it says that the driver is not compatible also.

I know my question is not specific, but I'm hoping that if nothing else, Microsoft becomes aware that the advertised improvements in 2016TP are not working - at least in our environment. I would have thought there would have been much more documentation about workarounds that might be required for the Grid K1, since that is the top recommended card, but I found nothing - Nvidia doesn't even mention 2016TP. My thought is that if the issue is the graphics driver, then Microsoft would have had to work closely with Nvidia on the driver, and there would be documentation somewhere.

I have been looking forward to the RemoteFX improvements in 2016 for many months, so it is pretty disappointing that I'm not seeing any change in performance.

i have three servers applied RD session broker, all three servers have windows server 2008 R2 installed, and all are members of farm (FARM-B) i want a specific user or security group to override the redirection and login to a specific server in that farm

OneDrive for Business is an explorer shell extension, does anyone know how I can install it in Citrix / Terminal Services?

Even if the explorer shell extension isn't possible, it would be nice to know if anyone on here has presented the OneDrive for Business to their users in any other way i.e. a mapped drive etc?

thanks in advance.

I have a client that is currently failing there PCI scan due to TLS 1.0

I've modified the registry to remove TLS 1.0 and 1.1 and confirmed TLS 1.2 is there.

Client has Windows 7 computer(s)

I've enabled logging so i can see how clients are connecting.

There appears to be a mix of TLS 1.0 and SSL3, however if i connect it reports TLS 1.2

The RDS Collection is set to TLS 1.0 (there is some bug posted a while back that said it doesn't display the right version!)

In desparation i did try RDS SECURITY but the Win7 clients couldn't launch a RemoteApp and evet log on the server ID:5605 saying to change auth to Pkt_Privacy. and because it was the working day i had to revert back to TLS 1.0

The way i see it, even if i can get the Win7 clients to connect at TLS 1.2, the PCI Scan will still fail !!

This must be an issues many are facing with TLS 1.2 and PCI but can't find any answers, only questions.

If i've missed any vital info here then please ask and i'll try to answer ASAP

Thanks in advance :)

Dear Team,

I have observed our terminal server has  assigned temporary licenses.

I am not understand why terminal server showing temp licenses and how to resolve this issue.

Can anyone help me on this issue?

Thanks

Sachin Khadtare

We will be using a new application that is hosted externally to our organization.  The we will be using a dedicated network connection to the hosting site. The hosting site has it's own Application Servers, terminal servers, and Ad Domain controllers.   We will be connecting to the the hosted application using the Remote Desk Top Client on Desktop Computers that are on our own internal AD Domain.  

I would like to understand high level Process Flow for Remote Desk Client Authentication Against Active Directory.   Are there any resources available that could assist assist me to understand the process.  

We have some concerns.

Thanks

Hi All,

RDS farm 2012 R2 setup

I am getting the following error " The following requirements should be met for the RD Session Host Servers in the collection:

-1 You must be an administrator on The  RD Session Host

-2 The session host must be running

I am able to un-publish Remote Apps but when I try to publish new ones the error message pops up.

The setup is a  1 Gateway, 2 Brokers, 1 Remote web access and 2 RD session hosts.  RDweb is working from  the internet and from the Intranet.Thanks for the help

I have set up my Server (2008 R2 Foundation) for remote desktop and RemoteApp as per the instructions provided by Microsoft.  I am using a single server for all functions.  When a user logs in to the Server through remote desktop, the remote desktop screen comes up and then the user immediately gets an 'Access is Denied' message.  If the user connects through RDWeb, the RemoteApps are displayed, but when the user clicks on an application, they are prompted again for their login credentials and then they get the remote desktop screen with an 'Access is Denied' screen as well.  This happens even for Administrators.

I am getting very frustrated with this as I have read many blogs and tried everything to no avail.  PLEASE help me.

We have several terminal server farms and in each farm we have the need for 1 user to always log into a specific server in the farm.   This is due to a little piece of sortware that is required for a device that only this one user has and the fact the it is licensed to only one server.   The user must use that server for it to work.  I want to include this server in the farm because it seems silly to have a server for only one user.    How can I point one PC/user to the same server in the farm all the time?  We are using the Connection Broker and NLB which seems to work just fine for all other users. 

Thanks

We have major issues with our Server 2012 RDS farm. We have had a case open with Microsoft Support for months and they cannot resolve the issues.

We have the Remote Desktop Gateway role configured, but I don't think it is needed. All users connect to the RD Collection by name "RDS" - via LAN or VPN.

We are trying to simplify our configuration and eliminate possible cause of all the issues.

What are the steps to remove the Remote Desktop Gateway from our environment and still have everything operate correctly?

Here are the Servers and Roles:

TS01 = RD Session Host

TS03 = RD Session Host, Gateway, Connection Broker and Web Access (currently not allowing Session Host connections)

TS04 = RD Session Host

TS05 = RD Session Host

App01 = RD Licensing Host

FS01 = UPD Shares

I have a server that has 7 per user CALs for terminal services that supports itself.  I have now purchased an additional 25 per device CALs that have been applied to the licensing server.

What I an trying to accomplish is to add two additional application servers that will serve some point of sale software through a full desktop experience.

My question is, what is the proper configuration for allowing those 25 device CALs to be split between the two application servers with 13 on one and 12 on the other, while still allowing the current 7 per user CALs to remain active on the the licensing server which also provides the same application?

I currently have the RD Session Host Configuration tool pointed at the licensing server and can see all of the 25 available licenses.  This host will have 13 RDP sessions and my second server with the RD Session Host Configuration tool pointed at the licensing server seeing all 25 will have 12 users that need to connect.  Is this the proper configuration?

Eduardo Valverde

Hi,

I have 3 Server 2008 R2 servers in a TS farm. If I connect via RDP using my admin user i can use all 3 screen's.

If I connect via my regular user (from the same laptop) I can only use 1 screen.

I have fine combed all the policy's to check if there is a "Limit number of monitors" policy running but I cannot find one.

I have also checked that there is no limitations on the Broaker.

Any tips on what else i can check? It feels like a policy thing since I can connect with 3 monitors with my admin user.

Hi,

I have arequest from users to logon to server (Windows 2012 R2) and run the application direct from the server. IsRemote Desktop Services rolerequiring a domain?

This is a Workgroup server, 15-20 simultaneoususers and my idea was to use Windows users, like the TS fashion way.

Is that possible?

Have a nice day!

I have set up a test Server 2012 RDS collection (Single Server for now) and implemented User Profile disks.

I have two problems.

First: My generic test user can connect and does successfully use the user profile disk as expected. However, atlogoff, the system event log contains these errors:

The error (NTFS 137) is: The default transaction resource manager on volume C:\Users\ts3.test encountered a non-retryable error and could not start.  The data contains the error code.

The warning (NTFS 50) that concerns me is:

It appears that the user profile disk is being "disabled" or "disconnected" before the profile data is completely written at logoff. What can I do to troubleshoot this?

Second:

Update: A post from Mike Connor on the following page: -LINK- solved the problem described below. 

My administrative user always logs on now with a temporary profile. At the beginning, the UPD was working and mounting. That stopped working. In attempting to troubleshoot, I logged the admin user off and deleted the UPD disk file from the share. I remember it working again after generating a new UPD disk file in the share. Soon, it quit working again. I deleted the UPD disk file again from the share and ever since, it has never regenerated a new UPD andalways logs on with a temporary profile.

Hi,

I deployed a RDS 2012r2 with a self-singed certificate and everything worked until I changed the certificate with a third party cert.
I can still login using RDP from a client through RDS Gateway and broker .. is working, but when I try to log on through RDWeb I get the famous "authentication error 0x607" error.
Setting/changing the collection security to low ... is not working for me.I can't imaging that recreating the collection is the only solution to this.

Thank You,
Best Regards,

MrFormula

Hello,

I am having an issue with thin clients on my new RDS configuration.  All Windows 7/10 etc instances of MSTSC connect to RDS fine.  I have some Thin clients previously configured to 2003 Terminal Services that need reconfiguring to 2012 RDS.

I receive the error when trying to connect "Because of a Security error, the client could not connect to the remote computer".

In the Server event logs under RemoteDesktopServices-RdpCoreTSOperational, I see that it logs on and then an Event ID 103 "The disconnect reason is 0"

I have ensured that "Allow connections only from computers running Remote Desktop with Network Level Authentication" is NOT set, but I still receive the error.  I am not sure where to look next.  I read on Technet that possibly a cert is corrupt, but other Operating systems connect with no issue.

My set up is one collection with one server and I am attempting to connect directly to the FQDN of that one server.

If I have missed any details out, please let me know.  Any help gratefully received.

Many thanks,

Dan

We're an MSP and want to manually manage RDWEBAccess.config for use with new Modern Remote Desktop client and it's webfeed. Our customers are not in our forest so the Broker service has not created a RDWEBAccess.config file.

Could someone share a copy of their RDWEBAccess.config so that I can manually edit it for my needs?

Thanks, Stu

Hi

I have startet to setup the company i work for terminal setup.

The setup is like this 4 servers, 1 gateway, 1 connection broker and 2 RDS servers.

i have setup the rds servers to use User profile disk, now the issue is that then i logoff my admin, and look on disk management.

it still keeps the disk mounted. under logoff i get 2 events but no errors. Desktop Windows Manager has exited with code (0xd00002fe) Event id 9009 and 

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. 

DETAIL -

 1 user registry handles leaked from \Registry\User\S-1-5-21-606747145-261478967-682003330-10137:

Process 1260 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-606747145-261478967-682003330-10137\Printers\DevModePerUser

Event ID: 1530

hope that someone have a idear.