Hi Team,

I have implemeted Windows Remote Destop Service Gateway for accessing internal windows OS application servers from internet.

I have few linux server as well. Is there any way i can access internal linux server through remote desktop gateway server. 

I am using putty on internet client side. 

Let me know if any details are required. 

Hey,

I'm trying to enable more than 2 parallel sessions for one of our hosts and I'm not sure what am I doing wrong.

The host has the RDS role installed.

I installed a license my company has through the RD licensing manager, it has the green check on the server the Review Configuration returns both checks well. I see 3 Device CALs available and 5 User CALs available.

The thing is that RD licensing diagnoser I see 2 errors - one is that the grace period ended (before I installed the lisence), the other says that the licensing mode is not configured..

What am I doing wrong? Why is the Manager showing everything's fine and the Diagnoser not?

P.S I tried deleting the GracePeriod reg key but I get an "Error while deleting key"..

Anyone stumbled upon a similar situation?

Thanks,

Ilan

Hi,

I've got two Connection Brokers behind an ELB connected to a SQL database. All is fine. This is all Windows Server 2012R2.

I now tested how resilient this setup is and started killing VMs. I shut down one Connection Broker and all was good. I removed the "dead" Connection Broker from the RDS deployment (via Server Manager).
Now I launched a new Connection Broker (new VM, new name, same setup) and tried adding it to the existing RDS deployment as a new Connection Broker (again via Server Manager).

This failed with an obscure error message saying that the Connection Broker "failed the health check" and it wasn't added.
Trying it via PowerShell I got this error message:

Add-RDServer -Server WIN-C1JJO036FF6.CUSTOMER.COM.AU -Role RDS-CONNECTION-BROKER -Verbose
VERBOSE: Validating RD Deployment Server 'WIN-C1JJO036FF6.CUSTOMER.COM.AU'
Add-RDServer : Validation failed for the "RD Connection Broker" parameter.
WIN-C1JJO036FF6.CUSTOMER.COM.AU      The database is not reachable from the specified RD Connection Broker server.
At line:1 char:1+ Add-RDServer -Server WIN-C1JJO036FF6.CUSTOMER.COM.AU -Role RDS-CONNECTION-B ...+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+ CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Add-RDServer

VERBOSE: Verify the validation failures before continuing with the deployment.
A valid fully qualified domain name (FQDN) for the server was not specified.
Unable to connect to the server by using Windows PowerShell remoting. Verify that you can connect to the server.
The server is not joined to a domain.
The currently logged on user is not a member of the local Administrators group on the server.
The server must be running at least Windows Server 2012 R2.
The server is part of the high availability cluster.
The server has a deployment associated with it.
The database is not reachable from the specified RD Connection Broker server.

The database is 100% reachable from that server. I tested connectivity via telnet 1433 to the DB and also a more detailed test via a UDL file from that server.

Why am I getting this error?

My blog on all about automation: www.david-obrien.net | me on Twitter: @david_obrien Please remember to mark the post(s) that helped you resolve the issue (even if it was your own)

Hi all,

We have an environment with users who connect when on the corporate LAN and also when on public networks. I'm pretty clear on targeting network print devices with users on the LAN/VPN however I face the following challenge for client printer redirection for users on public networks.

Basically I would like disable client printer redirection for all users except those that connect from defined IP addresses. We have remote offices that cannot support VPN's and hence a user at this location should have a printer redirected however users working from home should not be able to print.

Any insights appreciated.

Regards,

Simon

Hi All,

Not sure if anyone else has tested this yet or come across it but this PITA bug is back in Server 2016, it was patched in 2012 R2 but has made an ugly reappearance

The issue is that all Office applications fall away from the top and left screen edges by 3 or 4 pixels due to the translucency in Office 2016 windows when maximised. This also means the app sits incorrectly against the start menu.

Disabling RemoteFX GPU and Use Hardware adapter in Local Group Policy gets the windows alignment correct however you lose the translucency and the screen dragging between monitors causes the background to render black (i.e. you lose the smooth animation transitions).

Office 2016 on RD 2012 R2 with the RemoteFX and use Hardware adapter settings enabled works perfectly (you get the translucency, correct alignment on screen and animation transitions are correct).

Tried various hardware configurations and it is reproducible so it suggests a bug that was fixed in 2012R2 has been resurrected in 2016.

Anyone aware of this? and a fix?

Thanks

Russell

Hi Guys,

This is going to be a bit of a two part question the second part I can place in a spate thread if required but I think the two things are related some how.

I have the following RDS Configuration all servers are running Windows Server 2016 Standard:

RDB - Broker Server, Web Access and Gateway Server
RDS01 - Remote Desktop Sessions Server

Collection 1 - Contains RDS01

Issue 1 - After a undefined period of time I am unable to remotely connect to the RDB Server and when I log in locally it is extremely slow. The only way to resolve this is to reboot the server. Is the a known issue or is it just a bad build server?

Issue 2 - When trying to connect through the Web Access it sometimes tries to connect to the RDB Server which is not part of the collection for RDS.

Has anyone seen this before or know of any issues that I should be looking for. I have been looking in the Event log but I haven't found anything that indicates why the server is not working as expected.

If I need to rebuild the servers then I am happy to complete this task as this in preparation to go live on our system in early 2017, if we can get over these issues then are hoping to make the changes over the Christmas Holiday period.

Any suggestion on what might be at the route of this issue would be appreciated.

Kind Regards

Hello together,

we want to use Server 2016 for Remotedesktop Service. The user has the RDP Roaming Profile configured in AD register card. But it doesnt work?! Is this function not supported in server 2016? Only uvhd's?

How i can migrate the users from server 2012 R2 to server 2016? With USMT?

Thanks a lot for answers.

Best regards A. Weuthen

Hello

We recently did a migration of our RDS Server to a brand new Windows 2012 R2 server.

All was working fine but we started to have this messages in the RemoteConnectionManager event log:

Log Name:      Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin
Source:        Microsoft-Windows-TerminalServices-RemoteConnectionManager
Date:          9/14/2016 8:42:53 AM
Event ID:      20499
Task Category: None
Level:         Warning
Keywords:     
User:          NETWORK SERVICE
Computer:      XXXXX.com
Description:
Remote Desktop Services has taken too long to load the user configuration from server\\xxxxx for user xxxx
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-TerminalServices-RemoteConnectionManager" Guid="{C76BAA63-AE81-421C-B425-340B4B24157F}" />
    <EventID>20499</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime="2016-09-14T15:42:53.300353800Z" />
    <EventRecordID>388</EventRecordID>
    <Correlation />
    <Execution ProcessID="28452" ThreadID="50892" />
    <Channel>Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin</Channel>
    <Computer>XXXX.com</Computer>
    <Security UserID="S-1-5-20" />
  </System>
  <UserData>
    <EventXML xmlns="Event_NS">
      <ServerName>\\XXXXX</ServerName>
      <UserName>agranados</UserName>
    </EventXML>
  </UserData>
</Event>

Everytime this error message is logged the user gets disconnected from their RDS session.

So far we tried the following:

- Validate AD health (sites,subnet,replication, sysvol)

- We changed the DisableTaskOffload option as suggested in other posts

- We verified the group policy settings applied

Unfortunately we still haven't found what the root cause of this issue is.

Any suggestion of similar previous experience is welcome.

Thanks in advance!

Cristian

Regards. Cristian V.

Hi all

I've a windows 2008r2 terminal server that after an in place version upgrade (from standard to enterprise) made with dism tool,  stop to listen for incoming connection.

I've already check firewall antivirus and so on, got nothing in the event viewer, simply after the first reboot i've no processes listening on port 3389. Already tried to remove and re-add rds role. All services are up and running but rdp is not working anymore

rgds

Paolo

I am setting up a Server 2016 RDS Session Host and want to ensure it's fully locked down. I have been through various Group Policies that worked with Server 2012 but am having problems with locking down and configuring the new 2016 Start Menu.

I would like to know how other people are locking their Server 2016 RD hosts down.

One major issue I am trying to configure is regarding the Power and Settings Buttons on the Start Menu. When remote connected and I click on the Power Button the only option available is to Disconnect. I want to also have the option for users to Sign Out. I know this is available if a User clicks on their User icon, but this may confuse users. Alternatively if I can't add it to the Power Button is it possible to remove the Power Button and Add the Disconnect option to the User Button?

There is also the Settings Button on the Start Menu. Is there any way to remove that?

I have been able to customize the start menu Tiles by exporting an XML file with the custom layout and using the group policy to specify that as the layout for users, but it has removed the ability to pin and unpin tiles from the Start Menu. It's not a major as users probably don't need to do much customization, but am wondering if this is the expected behavior as it will require manually updating if any new programs are installed.

Additionally, I have created groups of tiles and find that even though I exported the layout with the tiles set to 3-wide and the groups arranged down the menu, the groups end up side-by-side going across the desktop. The tile menu can be manually resized back to a single group column, but I'm trying to get consistency with the User experience.

Appreciate any assistance or recommendations with these issues.

Just like the title states. I am looking to limit the number of connections by group. For simplicity sake, Let's say group A has 10 users, and 5 of them can login at once. The 6th would be denied. Group B has 6 users, and only 2 can login at once. The third gets denied. I have researched a bit and found similar questions but no concrete answers. From what I have gathered I'll need a script that runs at login counts currently logged in users, checks for their group membership and counts currently logged in users by group if the count is below for this users groups then the login is allowed to continue, if it is at or exceeded, then a simple uncloseable window could open stating the reason for the denial and the user would then be forecably logged back out. This seems to be the simplest way to do this without involving changing the session host settings. The scripting is beyond me but it should be doable from what I know.

Any thoughts or coders out there to get me a start ?

Any help would be greatly appreciated.

Thanks

I'm looking at upgrading our IT infrastructure where all users remote into RDS. I'm primarily doing this because we have multiple sites, I like the idea of hot desking, and managing individual desktops is becoming time consuming.

Below is a basic guide to the specs I'm looking at:

• 2x Dell R730 Servers
• 4x Intel XEON E5-2650 v4 processors (2 per server)
• Hyper-V or VMWare vSphere 6
• Windows Server 2016 Std (will have to be downgraded to WS 2012 R2 until certain applications are upgraded in the summer holidays)
• etc. (you get the idea)

I need a little help understanding an RDS Infrastructure. I've listed some questions below.

1. Does RemoteFX work with RDS (WS2012R2 and/or WS2016) or is it limited to VDI? i.e. falls back to RDP 
2. I've read RemoteFX only works with Hyper-V. How would one connect to an RDS environment if using VMWare vSphere 6?
3. Given the opportunity, would you choose Hyper-V (2016) or VMWare vSphere 6?
4. Can a GPU be used with RDS to improve performance or is it limited to VDI?
5. If a GPU can be used with RDS, which nVidia and ATI cards do the job?
6. If a GPU can be used with RDS, would the end user benefit with better web browsing experience and video playback?

I may have a few more questions depending on the answers to the above.

Thank you.

Hello,

what would be the best sollution

I have a aaa.com and terminal server with  domain.com users

and there is bbb.com  and its terminal server with bbb users.

I want, that AAA doain users access bbb terminal server with their credentials.

what steps would i need to do?

Inception

We are moving everything to the "Cloud". Currently we log into a local domain. When I try to login to the new server at our contracted host, I can connect to the RDP Gateway server but not login to the specified server behind it with ANY workstation that is on the local domain. I have tried removing the computer from the local domain and still I can't connect. I have removed all Group Policy's after removing it from the local domain and still cannot login to the specified server behind the RDP gateway. I sure I am logging into the RDP gateway but can't access the server behind it which is named the same as our business because I can login to the web version of the gateway but not the server that I am pointed to.

Now, if I use a Laptop that was never connected to the local domain, but on the same network, same router gateway going out, I can login to the specified server behind the RDP gateway. I can login from home on a computer that was never on the local domain. I installed Windows 7 with NO updates, not even SP1 and as long as I didn't connect it to the local domain (as in I didn't create an account for it on the local domain server), I was able to login.

My host tells me that it is my problem. 

What do I need to do to the computers that are joined to the local domain to get them to connect to the remote server through their RDP gateway?

Hello,

I have a small, newly set up network consisting of three Windows 10 Build 1607 desktops, all up to date, a 2016 Essentials server and a Windows 10 Build 1607 laptop and desktop on the other end of a OpenVPN tunnel. The remote laptop and desktop are successfully joined to the domain and mapping drives no problem. I've been pushing GPOs out to all the machines and everything seems to work, up to the point where I enabled remote desktop and began to test with it. The OpenVPN tunnel should not be an issue, as the remote desktop session to the Server 2016 Essentials machine from the remote machine is rock solid stable, even when the network is under heavy use. My problem lies with making and maintaining remote desktop sessions to each of the three Windows 10 machines in the office from the remote Windows 10 machines. All three office machines exhibit the same issue.

Here is a scenario:

You are already pinging the remote machine you want to control with RDP, and you are getting responses back as expected. You can make a connection just fine, but whether using the session or leaving it idle, you can watch the pings going to the machine randomly drop as if the NIC on the remote machine has been reset. The RDP session is interrupted, then a few seconds later reconnected. It has done this thousands of times during my troubleshooting session on all three office machines. You can see that the session is not being starved for bandwidth. The first event in the RDPCoreTS logs that happens right at the time of the connection drop is almost always a slew "TCP socket WRITE operation failed, error 64." and "TCP socket READ operation failed, error 64" followed by "The server has terminated main RDP connection with the client." Then another error-level event comes up: "'Failed CreateVirtualChannel call on this Connections Stack' in CUMRDPConnection::CreateVirtualChannel at 2349 err=[0x80004005]" followed by number disconnect events, and then: "Disconnect trace:CUMRDPConnection Disconnect trace:'calling spGfxPlugin->PreDisconnect()' in CUMRDPConnection::PreDisconnect at 4477 err=[0x0], Error code:0x0." The last event you see in this grouping is: "The disconnect reason is 14." Upon automatically reconnecting, you see: "The network characteristics detection function has been disabled because of Reason Code: 2(Server Configuration).." Then the connection is restored, only to drop in anything from a few seconds up to a few minutes later.

So, in recap (TL:DR):

RDP from the remote machines to the 2016 Essentials Server through the VPN tunnel:Rock Solid Stable
RDP from the remote machines to the office machines through the VPN tunnel: Constant drops and numerous logged events.
RDP from 2016 Essentials Server to office machines on LAN only: Rock Solid Stable
RDP from the office machines to the remote machines through the VPN tunnel: Constant drops and numerous logged events.
ALL network traffic ceases to and from the host machine when the drop happens, including ICMP traffic (pings).
ALL of the Windows 10 machines can ping each other without issue and without any drops when not using RDP.

What this tells me is that the issue lies in some configuration issue either with a GPO setting or something inbuilt wrong with all of the Windows 10 1607 machines I have.

I have tried a variety of fixes, and have probably put 20 hours into researching a solution to this problem so I am prepared for this to be difficult to fix. My google powers have failed me.

Okay here goes what I have tried:

Disabling firewall on both ends of the connection: no change.
Removing DHCP reservations: no change.
Adding every scope I could think of to the routing/firewall rules: no change.
Trying to move RSA crypto keys as suggested in another post: no change.
Changing the physical NIC in the office machines to a add-in PCI-e one: no change.
Re-installing all suspect machines: no change.

GPO settings I have tried both ON and OFF:
-Allow users to connect remotely by using Remote Desktop Services: Enabled
-Configure compression for RemoteFX data: Optimized to use less network bandwidth (tried balanced too)
-Require use of specific security layer for remote (RDP) connections: Enabled, SSL
-Require user authentication for remote connections by using Network Level Authentication: Enabled
-Set time limit for disconnected sessions: Enabled, Never
-Set time limit for active but idle Remote Desktop Services sessions: Enabled, Never
-Set time limit for active Remote Desktop Services sessions: Enabled, Never
-Windows Firewall: Allow inbound file and printer sharing exception: Enabled
-Windows Firewall: Allow ICMP exceptions: Enabled, Allow inbound echo request
-Windows Firewall: Allow inbound Remote Desktop exceptions: Enabled, 10.0.20.0/24,10.0.25.0/24

I have also generated a Wireshark packet capture from both ends of the connection during the RDP drop, but I don't want to share them publicly. I will share them with you privately if asked, though. I am not a professional packet inspector, so I couldn't gleam much from it. I can also provide a dump of the event log on the main PC I have been troubleshooting, if needed.

Any insight or suggestions you can give me would be very much appreciated. This issue is has really been trying my patience.

Thank you! 

To participate, you need to be able to reproduce this, so please only participate if you have access to RemoteApps published at server 2016!

Ok, my problem is the following: we used server 2008R2 and 2012 R2 before with RemoteApps - ran really sweet, never a single problem. Now with 2016, the RA's work, but whenever someone - while using RA's on 2016 - connects to another server using remote desktop (in full session, not RA), the task bar of the remote computer is hidden behind the local taskbar and therefore unusable. As soon as I close the RemoteApp, the effect vanishes.

Please reproduce and tell me if you see the same effect or not. Our clients are all Win10 1607 x64, so please add your client version as well.
Server is patched (14393.447).

Please note, I asked the same at experts-exchange.com

Hello everyone!

Firstly, I don't come from English-speaking country, so my post may be chaotic..

Let's go!

In our environment we've got problem with a sudden loss of access to folders on the user desktop.

We are using Windows Server 2012 R2. Users use think clinet and connect to the server using RDP (RDS). User files like desktop, documents,.. are available through Folder Redirection in GPO. User desktop is available through two places: 1) default as 'user desktop'; 2) as 'mapped drive' (in My Computer is H: drive where user can get to desktop, documents, etc..).

It works fine.. for a time.. it means from time to time random user are losing access to user desktop files - cannot open directories but other files (pdf, doc, txt, .exe shortcut ) works..

I found workaround - when user enter through MyComputer -> H: -> Desktop then folders works.. -.- ; re-login to system works either, but it's abnormal situation and very annoying for users.

In GPO, in Folder Redirection for desktop I've got following path:
\\myserver\home\%USERNAME%\Desktop

To sum up - what is wrong? OS bug ?.., because I would point out  when users worked on WinServer 2008 R2 they did'nt have these problems.. never. Or somewhere is 'conflict of settings' after changing OS.

Do you know any solution?
How can I trace down source of the issue ? (currently EventLog has no any entries about this issue)

I will waiting for your response. I have no idea what do next..
AErot

ps1. I don't know how may I reproduce 'broken user desktop' situation.
ps2. I'm not sure for 100%, but It seems to me that user are losing access to desktop folders, at the same time Start Menu becomes unresponsive.

Hello,

First sorry for my bad english :)

I have a problem with my server 2012 when publishing remoteapp program. This error shows with every program i want to publish? Can you please help me.

Error when trying to publish remote app: Failed: Coul not create a published application instance on the server: ......

error in event viewer under Microsoft\windows\RDMS-UI\ Admin log

Event ID 16393

Publishing Failed for RDSH Collection - RemoteApp name: Excel 2013  Collection name: ........ Failure: Could not create a published application instance on the server .......

Please i googled it and didnot find any solutions can someone help me?

We recently upgraded one of our customer's network (WAN) to Fiber and installed new routers in several sites. The customer is migrating from an iVPN scenario where multiple sites establish IPSec tunnels to a central router (in the company's HQ) to a scenario where the Central router is nor required for all sites to communicate with each other. All IP addressing was maintained. What the client is noticing is that in some sites the computers cannot initiate the remote desktop session when using the new fiber line and router (the login process happens, it tries to connect then returns an error) yet we can Telnet to the remote TS server over port 3389 without any problems...  when we switch back to the old ADSL line and router (computer maintains the IP Address) the computer can establish the Remote Desktop session without any problems.

Our Client's IT support is struggling with this problem and hasn't found a solution yet. It doesn't seem to be a connectivity issue as there are 3 sites that are working perfectly with the new fiber line and router. Could it be a licensing problem? Cloud there be some kind of binding that isn't released when the computer switches to the new fiber line and router (yet maintaining the same IP address)? I've read about NAP in TS Server, could it be something along those lines? The IT tech mentioned an Error 21 in the Server's Event Log...

The Licencing type is "Device", and according to the IT Tech there are licenses available.

Any ideas as to what might be behind this strange behaviour? I apologize if there are some important details or information that might be missing, but this isn't a product that I'm totally familiar with :-( I'm trying to help are customer in getting things up and running.

I thank you in advance for your attention into this matter.

José Carlos