Hey
I have a few creative studens, who had created some batch file.
One of them give the access to whole path c:/ trough the file explore .with this command: start %windir%\explorer.exe "C:\"
Im running some batch files my self for all the users, so i wont block for batch file running.
How do I stop or block for these creative studens. :-(
King Regards
Jerry
Can you offer up some suggestions regarding the following System log events? We are seeing these errors frequently on the Windows Server 2012 R2 server which is hosting the Remote Desktop license server.
1. Are these warnings and errors concerning and require action to correct? If so what steps?
2. What end user experience symptoms (other than the posted messages to System log) would we expect to see?
Log Name: System Source: Microsoft-Windows-TerminalServices-Licensing Date: 4/29/2019 11:12:28 AM Event ID: 4105 Task Category: None Level: Warning Keywords: Classic User: N/A Computer: MSRDSLIC.mydomain.com Description: The Remote Desktop license server cannot update the license attributes for user "useraccountname" in the Active Directory Domain "mydomain.com". Ensure that the computer account for the license server is a member of Terminal Server License Servers group in Active Directory domain "mydomain.com". If the license server is installed on a domain controller, the Network Service account also needs to be a member of the Terminal Server License Servers group. If the license server is installed on a domain controller, after you have added the appropriate accounts to the Terminal Server License Servers group, you must restart the Remote Desktop Licensing service to track or report the usage of RDS Per User CALs. Win32 error code: 0x80070005
Log Name: System Source: Microsoft-Windows-TerminalServices-Licensing Date: 4/30/2019 5:51:17 AM Event ID: 44 Task Category: None Level: Error Keywords: Classic User: N/A Computer: MSRDSLIC.mydomain.com Description: The following general database error has occurred: "ESE error -1003 JET_errInvalidParameter, Invalid API parameter."
Log Name: System Source: Microsoft-Windows-TerminalServices-Licensing Date: 5/1/2019 11:46:41 AM Event ID: 4106 Task Category: None Level: Warning Keywords: Classic User: N/A Computer: MSRDSLIC.mydomain.com Description: CAL reporting: Windows Server 2012 : RDS Per User CAL - Installed: 850, Issued: 881
In addition, I can confirm that, per instructions in event 4105, the license server is not a domain controller and the computer account is a member of the built-in "Terminal Server License Servers" group.
A similar question TechNetForumTopic, TechNetForumQuestion, SysAdminTipBlog, and MsITprosBlog refers to a solution involving old accounts for long-term employees who are appearing in event 4105. I have validated that many of them are old enough that they likely existed back when this domain was at the 2003 functional level (it is now at the 2012 level). However, these users are not reporting any symptoms, so the event 4105 seems to not cause any downside other than logging the event. (Which goes back to my original questions, what symptom effect should we be seeing?)
Thanks in advance for your assistance.
The Terminal Services license server cannot update the license attributes for user "XXX" in the Active Directory Domain "mydomain.intern". Ensure that the computer account for the license server is a member of Terminal Server License Servers group in Active Directory domain "dirnat.intern".
If the license server is installed on a domain controller, the Network Service account also needs to be a member of the Terminal Server License Servers group.
If the license server is installed on a domain controller, after you have added the appropriate accounts to the Terminal Server License Servers group, you must restart the Terminal Services Licensing service to track or report the usage of TS Per User CALs.
I'm receiving event id: 4105 on my RDS license server event logs. I've determined that I have a corrupted DACLS because I have reviewed the following articles:
http://support.microsoft.com/kb/2030310
http://itinternals.blogspot.com/2012/01/resovling-event-id-4105-terminal.html
Basically if I follow these directions:
Make sure, the domain group "Terminal Server License Servers" has the following permissions to the active directories users:
- Open Active Directory Users And Computers
- Tick View -> Advanced
- Right click on the root of your domain and select properties.
- Select the Security tab.
- Check if "Terminal Server License Servers" is listed with special permissions. If not, click on "Advanced" and add the domain group "Terminal Server License Servers", select "Applies onto" "User objects", then tick the permissions "Read Terminal Server License
Servers" and "Write Terminal Server License Servers".
I don't see "Read Terminal Server" or "Write Terminal Server"
The solution suggested in the MS article states the following resolution:
Windows Server 2003 level Schema
dsacls "CN=XXXX,OU=XXXX,OU=XXXX,OU=XXXX,DC=XXXX,DC=XXXX,DC=XXX" /G
"BUILTIN\Terminal Server License Servers:WPRP;terminalServer"
When you grant the permissions on a container, you should use the following command:
dsacls "OU=XXXX,DC=XXXX,DC=XXXX,DC=XXX" /I:S /G
"BUILTIN\Terminal Server License Servers:WPRP;terminalServer;user"
My question is, am I really typing XXXX or do I need to determine what my CN, OU, DC are? It's not clear what I should be typing to replace the X's if that I what I should be doing. Can anyone help?
Dear colleagues and support.
That is not something that was solved here, I found a couple of similar problems with 2008r2, but it cannot be applied to latest OS. And problem described in other topics are a little different
Our case:
We are using large infrastructure based on many Servers 2012r2 all in one RDS servers (Broker, Web, SH is installed at every server). Many servers published behind some load balancer.
As we have a lot of servers in farm - we have a redirected profiles configured (over GPO) and placed at DFS.
We started testing 2016 servers, and our test group start reporting problems with "Remote Desktop Services is currently busy".
Usually problem solved itself in 1-2 min, user have to try several times before he is able to connect. There was no hanged user sessions or something like this or some useful even log as i can see.
There was no solution for 2016 problem over the internet, so I was hoping to find it with 2019 server.
But we are able to reproduce problem even on "clean", powerful (8 cores, SSD, 32 GB RAM), freshly installed server with single role (RDS) on it for the minimal number of users (1-2 users online)
So that is not something like server load or not enough resources.
I assume it is related somehow to redirected profiles or some service really "busy" with what? But why it is working stable for 2012R2 and has such problem with 2016/2019? May be we can adjust some parameters, timeouts or something like this?
Do we have any workaround for this except disabling redirected profiles or living forever based on 2012 r2 (that is not an option when you have a farm for 1000 users online and many member servers behind balancer)
Many thanks for your ideas!
Regards,
Sergii V
Hello colleagues
When we are doing such config (enable multiple sessions per user):
Computer Configuration\ Administrative Templates\ Windows Components\ Remote Desktop Services\ Remote Desktop Session Host\ Connections
Restrict Remote Desktop Services users to a single Remote Desktop Services session Disabled
We are not able to reconnect to any disconnected session that was running previously.
It seems that it was mentioned here for Inside build, but we have same...
Any solutions for this problem?
Regards,
Hi,
Not sure if this should be asked here or not. If I have submitted in error, please let me know and I will redirect my query elsewhere.
We have an RDS platform (single GW/CB/Lic server - Windows Server 2016, 3 RDSH servers - also Windows Server 2016). The platform is accessed using HP Thin Clients via the Gateway's RDWeb feed. The clients connect fine and all applications and hardware devices appear to work correctly.
However, intermittently (doesn't seem to be any rhyme or reason that I can ascertain) one of the servers (it can be any of the three) will BSOD with a bugcheck of 0x0000009f (DRIVER_POWER_STATE_FAILURE). The server automatically reboots after a period of time and then works normally. Sometimes the BSOD happens only once, but then other times it will BSOD three or four times in a row shortly after coming up from the previous BSOD reboot.
From what I can gather, Windows is attempting (and failing) to instruct some device attached to the system (presumably via one of the remote sessions) to enter into a power saving mode and BSODs as a result. I have disabled USB power saving on the server but this does not resolve the issue. I have tested one of the RDSH servers by removing it from the connection pool and left it running without clients for a number of months and it has so far not given me any problems.
I took the MEMORY.DMP file (which is available for anyone to peruse upon request) and tried my best to analyse it using the tools available, and it seems to point to hidusb.sys, though I am unsure as to how to trace the problem any further.
All RDSH servers are patched with latest crticial/security patches as of a week ago.
Any possible thoughts as to avenues I could explore to diagnose/resolve this issue?
Thank you in advance for any advice you might be able to offer.
We have a RDS (Remote Desktop Services) deployment, and recently went through the process of installing the HTML5 web client as per the directions at:
Our deployment is hosted on domain A, which has an active directory instance. There is also domain B with its own active directory instance, there is a two way trust between the two.
The problem we are having is that the traditional RD Web Access works fine for all users, but when users from domain B log on to the HTML 5 web client and try to open an app they get a message "We couldn't connect to the gateway because of an error". At the same time the browser console shows the following error:
Connection(ERR): The connection generated an internal exception with disconnect code=GatewayProtocolError(52), extended code=, reason=Gateway tunnel authorization failed with error code=2147965403
During troubleshooting we’ve tried:
Any ideas on other areas we can look at?
Hello,
Is there any documented approach to minimize the number of running VDIs?
I'd like to :
1 and 2 are easy, my concern is with 3. or any other recommended approach.
Thanks
Bonjour ,
par erreur nous avons désinstallé la licence sur le RD licencing Manager . nous avons essayé de réinstaller la licence on a message que la licence est déjà activé .
Est ce qu'il y a une solution pour récupérer la licence ?
Version Windows sever : 2012 R STANDARD
Hello,
We currently have a setup where we have a server with the web access and RD gateway roles installed. They point back to a broker that has multiple applications defined that users can use through a browser (using the web access URL.) The issue we are having is that the user will click the application, it will establish a connection, but hang until you click show details. Once that has happened it will show the domain page and load the application. Does anyone know how to make the application automatically display instead of having to click show details?
Thanks
Dear Microsoft,
We are getting error on rdp services and in task bar users there are User4 Disconnected cant log off.
The task you are trying to do can't be completed because remote desktop services is currently busy. Please try again in a few minutes. Other users should still be able to log on.
Please help on this support.
Hello Team,
I have the below issue:
Here is my RDS environment:
I have only one server 2012 R2 standard with the below roles installed
I have published few remote apps and I was able to access them using RD web feed till yesterday.
Example :https://contoso.com/RDWeb/Feed/webfeed.aspx
I do have installed the SSL certificate on my server and provided the same to RD web.
But today while I use the same url to access the remote apps I get the below error message
"The remote computer cannot be authenticated due to problems with its security certificate. security certificate problems might indicate an attempt to fool you or intercept any data you send to the remote computer"
Error code - 0x80072f8f,0x20
Now I can only access the remote apps through RD web access ( https://FQDN/RDWeb)
Please help me in fixing this issue.
Any help would be much appreciated.
Thanks
SM
I'm in the midst of setting up a Server 2016 RDS deployment and as far as I can tell I have everything right, but I'm having a licencing issue.
For now, until I know everything is set up correctly I have just 5 "per user" CALs installed. They installed without any errors.
In the Deployment Properties the RD Licensing was set to "Per User". The licensing server listed is the correct one, and the 'per user' cals are installed on the correct server.
However, when I run the "Licencing Diagnoser", it says that the server is in "Per Device" mode.
Reinstalling the licences has not helped. I'm not sure what to do, I'd hate to have to re-do the whole deployment.
Hi,
I tried to install .net 1.1 on our Server 2016 RDP server, however it mucked up the ISAPI filters on IIS, so it was not working.
I have removed the one with the extra \ in it and recreated the default x86 and x84 ones, how do I know they are working though, and are they even used for our Remote Desktop Gateway?
Everything seems to be up and running by the way.
Hello Team,
I have the below issue:
Here is my RDS environment:
I have only one server 2012 R2 standard with the below roles installed
I have published few remote apps and I was able to access them using RD web feed till yesterday.
Example : https://contoso.com/RDWeb/Feed/webfeed.aspx
I do have installed the SSL certificate on my server and provided the same to RD web.
But today while I use the same url to access the remote apps I get the below error message
"The remote computer cannot be authenticated due to problems with its security certificate. security certificate problems might indicate an attempt to fool you or intercept any data you send to the remote computer"
Error code - 0x80072f8f,0x20
Now I can only access the remote apps through RD web access ( https://FQDN/RDWeb)
Please help me in fixing this issue.
Any help would be much appreciated.
Thanks
SM