Very basic RDS setup on Server 2012 R2. Single VM running all roles. Everything works fine until I disable TLS 1.0 on the Server.
Then Remote Desktop Management Service fails to start with Error code: 0x88250003.
Service Control Manager error gives error code: %%2284126211
And I see tons of SChannel 36871 errors: A fatal error occurred while creating an SSL client credential. The internal error state is 10013.
Any ideas?
Patrick
I'm looking an email hosting environment that wants to expand to also offer RDS to the existing email customers. There is an existing AD environment already. Each customer already has their own UPN domain that distinguishes them from each other customer. Theoretically, each customer would have their own segmented subnet that would contain an RD Session Host and file/application server that is managed by a central set of redundant RD Gateway and Connection Broker servers. Group policies for things like folder redirection and computer lock down policies would have to work. Of course no access from the individual customer subnets directly to the existing AD domain servers with all the user accounts would be wanted. I can not decide if making a subdomain of the existing user accounts domain and joining customer servers to the subdomain or setting up a resource and authentication forest set up would be best.
Any input would be greatly appreciated.
Hello Team,
I have the below issue:
Here is my RDS environment:
I have only one server 2012 R2 standard with the below roles installed
I have published few remote apps and I was able to access them using RD web feed till yesterday.
Example :https://contoso.com/RDWeb/Feed/webfeed.aspx
I do have installed the SSL certificate on my server and provided the same to RD web.
But today while I use the same url to access the remote apps I get the below error message
"The remote computer cannot be authenticated due to problems with its security certificate. security certificate problems might indicate an attempt to fool you or intercept any data you send to the remote computer"
Error code - 0x80072f8f,0x20
Now I can only access the remote apps through RD web access ( https://FQDN/RDWeb)
Please help me in fixing this issue.
Any help would be much appreciated.
Thanks
SM
Something is broken with RD Easy Print Driver in (at least) Spanish Installatons of Window Server 2016 and 2019. It will NOT show no matter what you try to configure (spent a lot of hours and headakes). I have tested the same steps installing Windows
Server with English ISO file an it works perfectlly!!!. The problem is with the Spanish ISO es-ES (at minimum), maybe if you install Windows Server 2016 or 2019 with any non-english ISO.
This problem is known by some people in the spanish "community", but no one on Microsoft is scalating this problem properly because it is not fixed yet since a couple of YEARS!!! This is happening since the launch of Window Server 2016 at least, I think it works with 2012r2 if I remember well, but I am not sure..
I hope someone can scalate this Bug with support services. THANK YOU!!!
Hello,
We've search several solutions over the network but in our enviroment nothing helps.
in the company we have a problem with freezing RDS Hosts. Usually looks like:
- Someone is calling to us end tell that some software is crashed and he cannot run it again / Cannot logout/login.
At First we thought that is a software problem (very often we saw that excel has 100% cpu), we've update office 365.
at the Begining of the creash we see error in event log:
"A timeout was reached (30000 milliseconds) while waiting for the ServiceName service to connect."
Usually it stars with UmRdpService but we recieve it in several another services.
What's more we found strange behavior during this problem - we see that number of active sessions is going down... but total session are growing very fast (example we have 20 sessions on the host, total session ~30, during our crash we have 5 active session but 100 total sessions).
During this crash we usually cannot log into domain accounts, very often we cannot log in local account.
We tried to reset services, disable priter redirection, try to update OS system with Office 365 - no luck.
What's more in the event log we have many errors like:
-20499 "Remote Desktop Services has taken too long to load the user configuration from server \\XXXXXXXXXXXX for user XXXXX
-1152 "Failed to create KVP sessions string. Error Code 0x8007007A"
I have an odd issue whereby I have configured an RDS Collection (1 CB/Gaetweay/RDWeb and 3 RDS Session Hosts) where when a user connects and uses Webcam Redirection, it works perfectly for admins, but non privileged users even though the device is passed through, it doesn't work in any app.
I have used GPO to force enabled the camera redirection feature and force enable the camera for all apps too.
In the Camera settings app, everything is set to On as forced by organisation.
The camera is detected and availible to apps, the Windows Camera Frame Server service starts when the user attempts to load the camera in any app, but nothing is displayed and the camera doesn't kick in.
I have users wanting to use Teams inside the RDS (company policy allows only for company stuff to be inside the RDS) and cannot get them access other than granting Admin rights!
Any ideas?
Hi Folks,
I was testing out the solution provided by MS in one artciles to configure RDGW/WEb access server behind Azure LB but was confused with step3.https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/rds-rdweb-gateway-ha
ManeeshB
We are using RDS collection with two Windows Server 2012R2 session hosts. Both hosts are virtual servers (clean installation) and are used as session hosts (terminals) with 10 to 25 users each. RDS Connection Broker is also virtual machine with Windows Server 2012 R2. Our users are using Windows 7 Embedded thin clients with MSTSC RDP 8.0.
There is problem with high cpu load on these servers. Sometimes Svchost.exe starts to cause 60-100% load. Our virtual machines have 10 virtual processor cores. Load is caused by LSM (Local Session Manager) Service from DCOM Launcher group. Svchost creates many thread as you can see on picture attached. Sometimes this load disappears after 12-24 hours, sometimes it needs restarting whole server.
We still cannot find cause of this problem, although we managed to reproduce this issue one time by logging two admin accounts to server console and force disconnecting one of these accounts by third admin account connecting to server console by RDP mstsc.exe with -admin parameter.
Our users are very unsatisfied :-(
This is screenshot of Process Explorer - svchost.exe - Threads:
We have around 15~ Remote Desktop Session Host servers of varying versions (2012 R2, 2016 and 2019) which are experiencing freezing and flickering issues with "Not Responding" appearing in the top bar and the program being unresponsive when switching between tabs. Other symptoms include screen flickering and, when in Task Manager, the tabs sometimes disappear until you roll the mouse over them. These issues started appearing after the weekend of 23rd March 2019 (23/03/19).
I have been scouring forums looking for other people with the same issue but can't find anyone with similar symptoms except someone called Chris_UKDE and his questions haven't been answered either.
At first, we thought that this was caused by a Windows Update but we have been through all of the updates and cannot find any consistent update or lack of update across the servers that seems to have caused the problem. We thought it might have been KB4489889 but after uninstalling this, the problem still remains.
We have opened a case with Microsoft and we are waiting for them to analyse some logs that they gathered on Friday and they have advised various registry fixes and disabling hardware acceleration but none of these have worked. I am taking to the forums to see if anyone else is a. having any luck with their diagnosis and b. having these issues at all(!) and c. if we manage to fix it, to share it with you so you don't have to experience the same pain we have.
The issue does NOT appear to happen in Safe Mode BUT when running a Selective Startup from MSConfig, these issues still happen, eluding that it's still a Microsoft element causing the problem. We are mainly seeing the problems in Microsoft Office programs but we do get a few issues in other Microsoft programs, such as Internet Explorer/Task Manager and also Chrome.
Most of the servers are running on VMWare ESXi 6.0-6.5 but we do have one native Windows Server with the problem. We have tried updating/uninstalling VMWare tools but this does not seem to fix anything. We also thought this might have been related to the video driver, so we booted the server with "Base Video" options in MSConfig but this still didn't fix the problems.
I am hoping that there are others in the same position as me, looking for an answer but having no forum to discuss it on, hence this post. Any advice greatly appreciated.
Lewis
Hi everyone,
we are planning to install a new RDSH server 2019 in our company.
One of the new technologies in 2019 is the GPU Partitioning feature.
However, I am not sure if this feature is only availbe when the RDSH is a virtual machine, running inside a Hyper-V or do we need a bare metal installation of the RDSH?
In addition, could someone recommend a graphic card for such scenario?
The new server will be a HP DL380 G10. About 25 clients will connect to the RDSH and just do the normal office stuff but might also need to watch videos on youtube, etc. and as far as I understood the new GPU Partitioning feature will help to show the videos smoothly.
Thank you very much in advance for your support
Greetings
Aktuator
1.We have installed RDS (RDCB, RDSH, RDWeb) on one host. RDS service is working well without any errors. But if we open Server Manager->RDS we're getting "A
Remote Desktop Services deployment does not exist in the server pool.
To create a deployment, run the Add Roles and Features Wizard and select the Remote Desktop Services installation option."
2. We get the same error after Get-RDServer - "The RD Connection Broker server is not available"
3. If we add Roles-> RDS Installation, the next error - "could not retrieve the deployment information from the rd connection broker"
4. If we add this server to Server Manager on another host we receive - "Kerberos Security Issue". All hosts was added to Trusted.
All RDS services are running (including WID). ServerManager and Posh running by Administrator.
How to resolve it?
Hello Team,
I have the below issue:
Here is my RDS environment:
I have only one server 2012 R2 standard with the below roles installed
I have published few remote apps and I was able to access them using RD web feed till yesterday.
Example : https://contoso.com/RDWeb/Feed/webfeed.aspx
I do have installed the SSL certificate on my server and provided the same to RD web.
But today while I use the same url to access the remote apps I get the below error message
"The remote computer cannot be authenticated due to problems with its security certificate. security certificate problems might indicate an attempt to fool you or intercept any data you send to the remote computer"
Error code - 0x80072f8f,0x20
Now I can only access the remote apps through RD web access ( https://FQDN/RDWeb)
Please help me in fixing this issue.
Any help would be much appreciated.
Thanks
SM
Hello,
I've deploy RDS on one server (RDWeb/RDG/RDL/RDConennection broler/ RD session host). I try to disable UDP and/or change RD Gateway port and received the error:
---------------------------
RD Gateway
---------------------------
The following error(s) occurred:
Unable to set transport settings
---------------------------
OK
---------------------------
In log Microsoft - TerminalServices-Gateway - admin:
event id 4004
The Windows Firewall exception to allow network traffic comprising of Remote Desktop Services client connections data through the configured UDP port of Remote Desktop Gateway could not be modified.
or
4002
The Windows Firewall exception to allow network traffic comprising of Remote Desktop Services client connections data through the configured (non-default) HTTPS port of Remote Desktop Gateway could not be modified.
And settings didn't change
We are getting intermittent errors only when connecting to one of our Remote App servers. When users attempt to connect using an RDP file we provided them they occasionally get,
"RemoteApp Disconnected"
"Remote Desktop can't connect to the remote computer "MACHINE.DOMAIN.COM" for one of these reasons:
1) Your user account is not authorized to access the RD Gateway "RD-GATEWAY-DEV.DOMAIN.COM"
2) Your computer is not authorized to access the RD Gateway "RD-GATEWAY-DEV.DOMAIN.COM"
3) You are using an incompatible authentication method (for example, the RD Gateway might be expecting a smart card but you provided a password)
Contact your network administrator for assistance.
If they trying logging in with the same RDP file a couple of times, it eventually works. Not sure how to track this issue down.
We know that the RDP is ok, because it works much of the time.
Any ideas on what logs to look at on the server?
I have a domain that was successfully running with two Windows 2003 DCs. I added a Windows 2008 R2 DC to the network successfully. I demoted (removed) one of the 2003 DCs. I added a Windows 2008 R2 Terminal Server to the network. I added the TS Licensing Server as well. I activated the Licensing Server and installed my User CALs. All seemed to work well until I looked at the error log. Whenever a non-administrator user logs in to the TS machine I get an error in the errror log telling me that
The Remote Desktop license server cannot update the license attributes for user "USER" in the Active Directory Domain "DOMAIN". Ensure that the computer account for the license server is a member of Terminal Server License Servers group in Active Directory domain "DOMAIN".
I do not get this error when an administrator logs in via TS.
When I look at the Security Groups in the DC for the domain there is a Builtin Security Group called "Terminal Server License Servers" and it has the terminal services computer (which is the same as the license server) listed in the group.
How do I fix this?
The Terminal Services license server cannot update the license attributes for user "XXX" in the Active Directory Domain "mydomain.intern". Ensure that the computer account for the license server is a member of Terminal Server License Servers group in Active Directory domain "dirnat.intern".
If the license server is installed on a domain controller, the Network Service account also needs to be a member of the Terminal Server License Servers group.
If the license server is installed on a domain controller, after you have added the appropriate accounts to the Terminal Server License Servers group, you must restart the Terminal Services Licensing service to track or report the usage of TS Per User CALs.
I'm receiving event id: 4105 on my RDS license server event logs. I've determined that I have a corrupted DACLS because I have reviewed the following articles:
http://support.microsoft.com/kb/2030310
http://itinternals.blogspot.com/2012/01/resovling-event-id-4105-terminal.html
Basically if I follow these directions:
Make sure, the domain group "Terminal Server License Servers" has the following permissions to the active directories users:
- Open Active Directory Users And Computers
- Tick View -> Advanced
- Right click on the root of your domain and select properties.
- Select the Security tab.
- Check if "Terminal Server License Servers" is listed with special permissions. If not, click on "Advanced" and add the domain group "Terminal Server License Servers", select "Applies onto" "User objects", then tick the permissions "Read Terminal Server License
Servers" and "Write Terminal Server License Servers".
I don't see "Read Terminal Server" or "Write Terminal Server"
The solution suggested in the MS article states the following resolution:
Windows Server 2003 level Schema
dsacls "CN=XXXX,OU=XXXX,OU=XXXX,OU=XXXX,DC=XXXX,DC=XXXX,DC=XXX" /G
"BUILTIN\Terminal Server License Servers:WPRP;terminalServer"
When you grant the permissions on a container, you should use the following command:
dsacls "OU=XXXX,DC=XXXX,DC=XXXX,DC=XXX" /I:S /G
"BUILTIN\Terminal Server License Servers:WPRP;terminalServer;user"
My question is, am I really typing XXXX or do I need to determine what my CN, OU, DC are? It's not clear what I should be typing to replace the X's if that I what I should be doing. Can anyone help?
