Quantcast
Channel: Forum Remote Desktop Services (Terminal Services)
Viewing all 27650 articles
Browse latest View live

Server 2016 RDS Farm - External Users cant access past the Broker

April 3, 2019, 11:11 am
$
0
0

Server 1 - Web Access/ Gateway

Server 2 - Broker

Server 3 - Host 1

Server 4 - Host 2

External and internal DNS records set. Firewall rules open Any/Any. Certs with external Web access name in place (the only names are server 1 and its alternate name). Security groups in place for CAP and RAP. Collections made. NO HA

Currently works internally for applicable users but not external.

External ERROR:

Remote Desktop can't find the computer "Broker.company.com". This might mean that "Broker.company.com" does not belong to the specified network.

Any Assistance would be appreciated.

Search

RDS Licensing WIndows R2 and Firewall ports

May 7, 2012, 12:44 pm
$
0
0

What firewall ports need to be open between Windows 2008 R2 and RDS Liscending.

Thanks

Windows 2016 RADC URL rejects credentials. An Error has Occured.

April 16, 2019, 7:38 am
$
0
0

Good Morning,

Hoping to get some insight on troubleshooting this.

I have a brand new single instance Windows 2016 Standard Remote Application and Desktop Server.

The server hosts the following roles;

Gateway
Licensing
Connection Broker
Web Access

The server is protected via a public CA Cert and works as far as being a Gateway, and Web Access is concerned.  Users can connect thru it to other servers via gateway and can open and launch applications via the Web page.

When users try the add the URL https://servername/RDWeb/Feed/Webfeed.aspx  in the RADC applet in control panel,  they receive an error that they are using Incorrect Credentials.  When they type in their credentials in either DomainName\username or username@domainname format it errors out and they need to try again or cancel.

I have looked in the event log in the server and while I can see the transactions happening in the IIS logs,  the end user never is allowed to log in or receives apps.

Could use some insights here?

If I type the URL correctly in a web browser,  I receive a login prompt which once submitted provides me what appears to be an encrypted token.

Guide for transitioning from Win2008R2 RDS to a Win2012R2/2016/2019 RDS?

April 23, 2019, 12:10 pm
$
0
0

I have a Windows Server 2008R2 server that i installed Remote Desktop Services on many years ago.  It only has two role services installed.  

Remote Desktop Server.  It is as basic a configuration RDS can be.  It only has Remote Desktop Session Host and Remote Desktop Licensing Server installed.  Nothing else.  And all i do is create local users, put them in the Remote Desktop Users group and i let them remote to this server using "Remote Desktop Connection" in Windows 7/10.

How do i replicate this environment as closely as possible in Windows 2012R2/2016/2019?  I see that those versions introduced a bunch of new features and role services, all of which look like stuff I DONT NEED. :) I dont need a connection broker or a web server!  None of that. I just want what i already have today and nothing more.  Is that possible?

Has anyone written a guide for building a bare bones RDS server on the newer OS that doesnt have all this new stuff?

VDI Shutdown inactive machines

April 20, 2019, 11:40 am
$
0
0

Hello,

Is there any documented approach to minimize the number of running VDIs?

I'd like to :

  1. Schedule starting the machines early in the morning.
  2. Schedule shutting down the machine after working hours.
  3. Allow the users to start their machine without admin support.

1 and 2 are easy, my concern is with 3. or any other recommended approach.

Thanks

RDS licensing issue in windows server 2012 R2 Datacenter evolution.

April 21, 2019, 11:18 pm
$
0
0

we are facing RDS licensing issue in windows server 2012 R2 Datacenter evolution. 

Error : RD Licensing Manager : the license code is not recognized .ensure that you have enter thr correct code  



Help with migrating RDS servers to new domain

April 18, 2019, 8:38 pm
$
0
0

Hi,

 

We have two AD forests and I'm moving users from one domain to another. Domain A have 100 users and two terminal servers 2012 r2 (TSSRVR1 is session host, connection broker, RD web, license server and TSSRVR2 is session host only). I have migrated all users to new Domain B using ADMT, so they keep the same passwords. Now I am really confused what is the best way to move terminal servers to new domain, should I just disjoin and join to new domain or should I use ADMT to migrate them? what is the good working approach?

 

I did try to test migrating them in my lab using ADMT and when I open TSSRVR1 I get error following servers (TSSRVR1.DomainA, TSSRVR2.DomainA) are not part of deployment and add them into server pool. Which means rds deployment still searching for servers on old domain, I added TS servers from new domain using Add Servers but no luck.

 

Before I do migration in production, I really need to know if disjoin and re-join is better than ADMT? If I go with this approach what are steps involved to make TS servers functional again?

 

There are no profiles to migrate or to worry about, they will have new profiles from Domain B because they only use one published app on terminal servers.

 

Thank you and your expert help will be highly appreciated.


Load Balance 3391/UDP and 443/TCP for RDS Gateways

April 18, 2019, 6:49 pm
$
0
0
Looking for some help concerning the RDS Gateway Role and load balancing.

I have an pre-production RDS environment that contains 3x Gateway Servers. I have tested the environment by connecting through each one of the individual Gateways and everything works just fine.

I'm now at the point where I want to use my hardware load balancer to receive the connections and distribute them between the 3 Gateways. I would also like to use the UDP Transport on 3391 as well.

The part that I don't completely understand is that I'm assuming that each individual connection, which will be coming in initially on TCP 443 and then UDP 3391 would need to be routed to the same gateway?

It would make sense and be easy to set the LB up to balance both ports to the 3 Gateways, but without any specific load balancer magic, connection "A" might go to one gateway for 443 and a different gateway for 3391.

It's possible that I could be overthinking this and I'm not sure if this is a flat out requirement. In the case where the user initially connects on Port 443 to Gateway A, then the UDP traffic comes in and the LB forwards that to Gateway B. Does Gateway B know to forward that UDP traffic to Gateway A if all the gateways have the farm properties configured?
Search

Issues with connection broker when RDS server has issues

April 17, 2019, 11:57 am
$
0
0

Current Environment:

HA Connection Broker servers and about 30 RDS Servers (all virtual).  What we have noticed is that when an RDS Host is having response issue (it's still online and running but in a state where it's barely responsive, but apparently responsive enough that Connection broker doesn't see it as offline).  Obviously when this happens users trying to log in that have a session on that host the connection broker tries to redirect them to.  The normal timeout function never kicks in because the RDS Server is still responding.  We have to figure out which RDS Server is not responding and reboot it to resolve the issue.

I have seen the registry keys related to HKLM\SYSTEM\CurrentControlSet\Services\Tssdis\Parameters timeserversilentbeforeping , pingmode, etc.

My questions are:

1 - what is the actual "ping" from the connection broker to the RDS Server, is it an actual ICMP Ping or an application ping of the terminal server service?

2 - any suggestions on how to automatically resolve this issue short of having to find the offending RDS Server and manually rebooting it?

-SMB

Please help azure VMs cant RDP after removing weak Ciphers

April 17, 2019, 11:44 am
$
0
0

Hi, I'm having a really rubbish time of trying to get my Azure VM's. I need to remove any weak ciphers suites and still have RDP work. 

Please, in simple steps and English can someone tell me what settings to set. and if possible the actual registry keys I need to set to make it work.

If I require cipher</g> suites that are weak, but required can you please show which ones they are.

'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384',
'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256',
'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384',
'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256',
'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384',
'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256',
'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384',
'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256',
'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384',
'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256',
'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA',
'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA',
'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA',
'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA',
'TLS_DHE_RSA_WITH_AES_256_CBC_SHA',
'TLS_DHE_RSA_WITH_AES_128_CBC_SHA',
'TLS_RSA_WITH_AES_256_GCM_SHA384',
'TLS_RSA_WITH_AES_128_GCM_SHA256',
'TLS_RSA_WITH_AES_256_CBC_SHA256',
'TLS_RSA_WITH_AES_128_CBC_SHA256',
'TLS_RSA_WITH_AES_256_CBC_SHA',
'TLS_RSA_WITH_AES_128_CBC_SHA',
'TLS_RSA_WITH_3DES_EDE_CBC_SHA',
'TLS_DHE_DSS_WITH_AES_256_CBC_SHA256',
'TLS_DHE_DSS_WITH_AES_128_CBC_SHA256',
'TLS_DHE_DSS_WITH_AES_256_CBC_SHA',
'TLS_DHE_DSS_WITH_AES_128_CBC_SHA',
'TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA',
'TLS_RSA_WITH_RC4_128_SHA',
'TLS_RSA_WITH_RC4_128_MD5',
'TLS_RSA_WITH_NULL_SHA256',
'TLS_RSA_WITH_NULL_SHA',
'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384',
'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256',
'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384',
'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256',
'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384',
'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256',
'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384',
'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256',
'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384',
'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256',
'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA',
'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA',
'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA',
'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA',
'TLS_DHE_RSA_WITH_AES_256_CBC_SHA',
'TLS_DHE_RSA_WITH_AES_128_CBC_SHA',
'TLS_RSA_WITH_AES_256_GCM_SHA384',
'TLS_RSA_WITH_AES_128_GCM_SHA256',
'TLS_RSA_WITH_AES_256_CBC_SHA256',
'TLS_RSA_WITH_AES_128_CBC_SHA256',
'TLS_RSA_WITH_AES_256_CBC_SHA',
'TLS_RSA_WITH_AES_128_CBC_SHA',
'TLS_RSA_WITH_3DES_EDE_CBC_SHA',
'TLS_DHE_DSS_WITH_AES_256_CBC_SHA256',
'TLS_DHE_DSS_WITH_AES_128_CBC_SHA256',
'TLS_DHE_DSS_WITH_AES_256_CBC_SHA',
'TLS_DHE_DSS_WITH_AES_128_CBC_SHA',
'TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA',
'TLS_RSA_WITH_RC4_128_SHA',
'TLS_RSA_WITH_RC4_128_MD5',
'TLS_RSA_WITH_NULL_SHA256','TLS_RSA_WITH_NULL_SHA'

P.s I'm just on about a simple RDP connection to a server from a workstation.

Thanks

Russ


Windows Event log did not find IP for Windows server 2012

April 23, 2019, 7:43 pm
$
0
0

Event log did not find IP

Image add Error - -  

  • Body text cannot contain images or links until we are able to verify your account.


But log perse found

Image add Error - -  

  • Body text cannot contain images or links until we are able to verify your account.



Forgive me for bad English
I just want to know the truth.


Windows 2012 R2 RDS RemoteApp "Protocol Error"

August 26, 2016, 9:02 am
$
0
0

One of our customer's is receiving a strange "Protocol Error" when connecting to a RemoteApp via RD WebAccess.  They are able to log into WebAccess just fine and the vast majority of the time are able to launch RemoteApps successfully.  On occasion however they receive the error below (RemoteApp Disconnected - "Because of a protocol error, this session will be disconnected. Please try connecting to the remote computer again.")

If the user immediately re-launches the RemoteApp it works just fine.

I didn't find anything relevant in the event logs.


  • Their RDS environment is all Windows 2012 R2, with three session hosts, RD Gateway, RD Broker, and RD WebAccess.
  • Affected users already have the latest Remote Desktop clients on Windows 7.
  • Affected users are both local to the RDS servers and across private WAN links or site-to-site VPN's.

Here's a key piece of information - The problem started in April after RDS and the customer's RiverBed configurations were changed to match RiverBed's recommended best practices. Basically RDS traffic began being optimized by the RiverBeds so the compression& encryption settings on RDS was turned down/disabled to allow the RiverBeds to perform this function. 

I don't believe that the RiverBeds themselves are the cause of the problem due to the fact that some of the users that experience the intermittent problem are local to the RDS servers, thus their traffic is not going through the RiverBed appliances. I suspect that the so called "Protocol Error" may be related to encryption or compression in RDS but I haven't been able to narrow it down. This conclusion is more due to the fact that the problem started after making the compression & encryption change and not really because of any specific evidence pointing in that direction.

I had suggested to the customer that we reverse the RDS compression & encryption settings (one at a time) as a test to try to narrow the problem. They are reluctant to do this however because making these changes in RDS and the RiverBeds in April made such a dramatic difference in their overall performance - they don't want to go backwards!

I am considering using WireShark to sniff some packets, but because the problem is so intermittent (it can be days between errors) and the fact that I don't know what "protocol" is causing the problem, it is likely to be difficult to come up with a decent enough filter to grab useful data. It would be like drinking out of a firehose!

Anyone else ever see this error? Anyone?

-Ted


User is logged on to a temporary profile

April 23, 2019, 10:02 pm
$
0
0

Hi All, 

A virtual server (with Terminal Server role) based on Windows Server 2016 was upgraded several times in attempts to rectify the issue with users logging on to temp profiles. The number of connected users roughly 30-35.

It now has 20vCPUs and 72GB or RAM and at the moment CPU usage is about 30% and RAM usage is about 70%. This means the server is not running out of resources.

Now that I can exclude the resources related factor what else might be the root cause of this issue which recur literally every day?

Regards

RDS 2019 Gateway compatibility with 2012 R2 sessionhost

April 23, 2019, 6:23 am
$
0
0

Hello

Can a Windows Server 2012 (R2) sessionhost be added to a Windows Server 2019 Gateway, and is this supported?

The Microsoft documentation has not yet been updated for Server 2019.
(https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/rds-supported-config)

I would like to migrate existing SH's to a newer Gateway to make use of a broader set of security ciphers.

Kind Regards

D.

export-startlayout gives non readable output

April 23, 2019, 3:55 am
$
0
0

Hello readers,

We have a server 2012R2 environment with 2 RDS servers and a Connection Broker.

When I try to export the Startdesktop (Export-StartLayout -Path "C:\Beheer\start_new.xml") -Path ", i get instead of a xml file an output in non readable format like:

LMXL@  H  ÷^*xœÍ—oOAÆç£ßòç@H¬    \cªÅh«}ÁÃš"RÀj5ýîýÍs'FÛØÚX —Û›™ÝyfgwvnÛFÖ³+Û©}¶Ä¦–³oúÎìÜ.῱
+ñæìÈv­¥þ†íØ6zçh^#3Ç´ËŽlNoJ›jA_ba¢Þœ1#4sÖ€3YÌxg8u‹­j¼¦V€jÒ,”Äy5¸5Qmž2½ªô*ÐmÚ‚ý°.㻕•Ûع²{•ÇúؾÈ÷ð6C=³¯è8îÄŠšç&ûºf ×W(±æ›1—qÙæ¼j    gÈ\MÛc Ub÷ªLÏ©¼-yÕ„n`¯È¨¼Z¯{•Îí{òfŒ½´À;‡šg‘[ŽwûðOÝï½<²{cÚ9^Ü0b„|š­¿Çf¨=7ÒYÒˆ½=ÕNHV¸6'ŠÑ€þ5Üt%fìÅ9œÉ/¸®¡Ð¾G^†ióÉ™û»ø;ľCñáßµ÷´;dLžØ~âÍ ÙêVõ1ÆŽ}´¶Ç·cïÖ£cŠh÷ÖßýPB½g5×å>7Mƒuô•<âYÊ;2t¤›+D»Í<žË Ù]ÒÆÊïžÉC$=—–Ð- õ[­´åwÏ
}ì8zßW®Ï‹jÝÐ-æé>â=Œ8„SÆBþÍ«ç»Ë-]ž6õBg¢û  Æ.½>6&šc@?ÎÆϾu@3²ïò¯¯¬™®ÈêvaCµÄ¥½ÕœÉâ6 »CÚĪßùuµûHZPvßêé-ïÕJ ß+˜²v…˫쓪öÃr<|>2sÅb¾†‘yí“w¦
*§úe¨jåBÞ¤5ptiM;Î*¬®bÛÔ¨2Ÿc-ÏBÜ<yÉ«êÏÿ9ÏÅ5Q\ÏU`F¯Š{ªÍÓ\qªsëÕÚqVÇ;ÿ8»åï³éºž³6c–¶bšF¿ªÓåõu¨ëv(KZ×éóÜwGË1ÚË:g/÷ÐsD‹·
æ8û7(gžOJòµ­ÿ…’(÷¯˜ý9„ðªø­±‡Ep–@ãWSÞT²ÿ¥@hZò+B¡(ÞE÷·®*Ò¯íáÓ;nsñ§›öžþ1ï˜ÙOüáe

When I ran the cmd, there was no error message.

A few years ago, the StartLayout was exported succesfully.

What I have tried so far:

- tried the export on different servers (RDS and non-RDS)

- tried the export with a different (domain) admin account

- tried the export with optie "-as bin"

I found only one other reference to this issue online, but unfortunately no solution: https://social.technet.microsoft.com/Forums/en-US/71e76f2a-2b40-466a-8046-fa191babfb9a/how-to-hide-additions-applications-from-windows-81-using-group-policy-server-win2k8-r2?forum=w8itprogeneral

Anyone an idea how to fix this?

Search

NPS Azure MFA working for RDWeb but not RDC

April 23, 2019, 7:49 am
$
0
0

Single RDS gateway 2016.  Both RDweb and RDC point to same Gateway. We have NPS extention configured. 

When we login on to RDweb we get the MFA prompt from Ms Auth

When we log on to the same GW via RDC the logon never gets to NPS for MFA. 

I am trying to ID the issue. RDweb is aware and looks to the NPS CAP store. But RDC seem oblivious. How do these two authenticate differently? Any ideas on how to troubleshoot to ID and resolve? 

I have even remove NPS completely and rebuilt but same issue. So I am convinced the issue is w. RDC/RDGW and not the NPS/MFA side of things. 

Thanks,

SJMP

Publish custom rdp on rdweb

April 24, 2019, 12:24 am
$
0
0

Hey

Is it possible to publish a cutom rdp on the rdweb? (for another company/connection broker)

Mike

Windows 2019 server not retaining memory of local printers in terminal server

April 22, 2019, 1:52 pm
$
0
0
I am running a Windows 2019 Server Trial edition.  Working well EXCEPT for the printers is not retaining the port memory.  Every time a new session needs to occur, as Admin I have to hunt down where the printer is.  Why is this happening?

RDS2019 - Compatibility --> High DPI settings stop working when RDS role enabled

March 28, 2019, 6:30 am
$
0
0

Hi.

We are rolling out RDS 2019 in our environment. We've got a lot of complaints about the DPI settings not being able to set in the session anymore like in 2008R2, but it has to be done on the local client, which is really cumbersome. However, when done so, we still have some applications with issues.

Now, for most of them I can fix it by setting the compatibility settings:



On a Server 2019 test machine, when set to Application, the application actually shows up fine. On RDS2019 though, it doesn't. I've been working on this for a while, until I installed a machine from scratch, do one step of our installation script at a time, and see where it started failing. It turn out as soon as we enable the RDS role, the DPI settings don't have any effect anymore, and the app is all blurry.

When I remove the RDS role, they start working again. Would anyone know how to fix this?



Windows Server 2012 R2

April 15, 2019, 9:09 am
$
0
0

Hi,

I tried to install Microsoft Office 2019 in the Windows server 2012 and it says that the operating system has to be upgraded to Windows 10. I have Office 365 running in the same server, but, this error only happens for Office 2019.

Just wanted to know if the Office 2019 just works on Windows 10 and not in any other platforms. Also is there any other alternative that could make this work?

Thanks,

Viewing all 27650 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>