Azure RDS HTML5 Web Client Unable to Access Gateway

May 3, 2019, 3:49 pm

≫ Next: Remote Desktop web client exception with disconnect code GatewayProtocolError 52 , extended code=, reason = Gateway tunnel authorization failed with error code = 2147965403

≪ Previous: Windows 2016 Terminal Server - Application Error in Explorer.exe

We have a RDS (Remote Desktop Services) deployment, and recently went through the process of installing the HTML5 web client as per the directions at:

https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/remote-desktop-web-client-admin

Our deployment is hosted on domain A, which has an active directory instance. There is also domain B with its own active directory instance, there is a two way trust between the two.

The problem we are having is that the traditional RD Web Access works fine for all users, but when users from domain B log on to the HTML 5 web client and try to open an app they get a message "We couldn't connect to the gateway because of an error". At the same time the browser console shows the following error:

Connection(ERR): The connection generated an internal exception with disconnect code=GatewayProtocolError(52), extended code=, reason=Gateway tunnel authorization failed with error code=2147965403

During troubleshooting we’ve tried:

Verified that required ports are opened.
Disabling all firewalls between gateways, brokers, and session hosts – same error.
Re-applied the publicly trusted cert to the HTML5 client (via Import-RDWebClientBrokerCert) – same error
Verified that the proper cert was bound to the HTML5 client – same error.
Enabled NTLM by setting the GPO: Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> Network Security: Restrict NTLM: NTLM Authentication in this domain. To “Disable” (within same domain as RDP) – same error.
Ran regsvr32 wksprtps.dll (dll was already registered, but tried it anyway)
Verified that the required KB4025334 from July of last year was installed or not necessary (OS was up to date)

Any ideas on other areas we can look at?

↧

Remote Desktop web client exception with disconnect code GatewayProtocolError 52 , extended code=, reason = Gateway tunnel authorization failed with error code = 2147965403

May 1, 2019, 11:33 am

≫ Next: The identity of the computer cannot be verified

≪ Previous: Azure RDS HTML5 Web Client Unable to Access Gateway

Scope of this is that out of dozens of accounts that work fine for rdwc sessions, there are two that do not. The connection starts but within a few seconds fails with, user facing side, 'we couldn't connect to gateway because of an error.' When running a capture, the key error appears to be:

"The connection generated an internal exception with disconnect code=GatewayProtocolError(52), extended code=<null>, reason=Gateway tunnel authorization failed with error code=2147965403"

This is what’s in the nps log from the RD server:

"orgRD","RAS",04/05/2019,15:22:31,1,"DOMAIN\SAMACCOUNTNAME",,"UserAuthType:PW",,,,,,,,,,,,5,,,12,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"TS GATEWAY AUTHORIZATION POLICY",2,"TS GATEWAY SERVER GROUP","xxx.xx.xxx.xx",,
"orgRD","RAS",04/05/2019,15:22:31,11,,,,,,,,,,,,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"TS GATEWAY AUTHORIZATION POLICY",2,"TS GATEWAY SERVER GROUP","xxx.xx.xxx.xx"",,

And this is from the NPS server:

"FILES","IAS",04/05/2019,15:22:31,1,"DOMAIN\USERNAME","domain.org/Users/FirstnameLastname","UserAuthType:PW",,,,,,,0,"xxx.xx.xxx.xx","orgrd",,,5,,,12,7,"RDpolicy",0,"311 1 xxx.xx.xxx.xx 03/19/2019 04:54:59 292",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"RDGWauth",1,,,,
"FILES","IAS",04/05/2019,15:22:31,11,,"domain.org/Users/FirstnameLastname",,,,,,,,0,"xxx.xx.xxx.xx","orgrd",,,,,,,7,"RDpolicy",0,"311 1 xxx.xx.xxx.xx 03/19/2019 04:54:59 292",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"RDGWauth",1,,,,

Any pointers in the right direction, or if anyone else has seen these errors, would be much appreciated!

↧

The identity of the computer cannot be verified

May 16, 2019, 4:24 am

≫ Next: Setting up failover site and high avail broker

≪ Previous: Remote Desktop web client exception with disconnect code GatewayProtocolError 52 , extended code=, reason = Gateway tunnel authorization failed with error code = 2147965403

Hi,

I'm building a RDS environment based on Windows Server 2016. When i connect via RDP i get the message below.

I need a simple way to get rid of this. I know i can tell users to just check the box to don't show again, but i want to deliver a clean configuration. Downloading the shortcut from the web access page solves it as well, but in this environment it's not simple to enroll this on hundreds of thin clients.

Can someone help me?

↧

Setting up failover site and high avail broker

May 21, 2019, 7:02 pm

≫ Next: Unable to login as admin tomy DC after enabling interactive login

≪ Previous: The identity of the computer cannot be verified

I've got a few questions I am hoping to get help with. We have roughly 20 sites and a main corp office. We plan on setting up a rds farm in our corp office and using VM's to host session host servers and the connection brokers. In all 20 sites we are going to have a site to site vpn tunnel so a connection gateway isn't required to my understanding. Then in one of the 20 remote sites we are going to setup another rds server with a dc and connection broker.

So here are my questions

1. We will probably have 6-8 session host VM's. When I ran this in a lab I set it up with DNS round robin for each of the session host, is that the best way to do it. Basically if VM 1 is named sessionhost1 and vm 2 is named sessionhost2 I made an A record in DNS with the name SessionHost and gave it the IP of sessionhost1 and then created another A record with the same name and called it sessionhost and gave it the IP of sessionhost2.

2. If we setup high avail for the connection broker where is the best place to store the sql database? Lets say I have 3 broker servers, 2 at corp and one in the failover site and I reboot the one that has the sql database what happens? Also if I want to have a 3rd one at the remote site for failover are there anythings I should be aware of?

Thank you for your input

↧

Unable to login as admin tomy DC after enabling interactive login

May 18, 2019, 9:27 pm

≫ Next: Can I convert per device RDS Cals to per user RDS Cals

≪ Previous: Setting up failover site and high avail broker

Windows Server 2008

As stated in the title, i enforced the interactive login: require a smart card to login. Logged off and it applied and now I am unable to login to the DC using my admin account because it is not associated with a smart card. I undid the gp back to original but am still unable to login to the DC. I assume its because i can't get the login script to run to fix the issue. How do i go about getting the login to update the GP without actually logging in?

↧

Can I convert per device RDS Cals to per user RDS Cals

May 13, 2019, 10:26 pm

≫ Next: about Windows Server 2012 Remote Desktop Services(RDS）licenses

≪ Previous: Unable to login as admin tomy DC after enabling interactive login

Hello

We purchased some per device RDS Cals. Now we find some user use two computers（a desktop and a laptop), We'd like to convert our Per Devcie RDS Cals to Per user RDS Cals.

Does microsoft provide a route to convert Per Device to Per User.

↧

about Windows Server 2012 Remote Desktop Services(RDS）licenses

May 21, 2019, 8:04 pm

≫ Next: RDWEB/Webclient not able to connect websocket errors...

≪ Previous: Can I convert per device RDS Cals to per user RDS Cals

If I rds release office(word, excel,ppt), It's a license or By number of users

↧

RDWEB/Webclient not able to connect websocket errors...

May 21, 2019, 8:38 pm

≫ Next: Logs of which host are using RD License Manager

≪ Previous: about Windows Server 2012 Remote Desktop Services(RDS）licenses

after configuring and installing eh webclient on my deployment. when I try to connect to one of the resources I get the error..

when I check for the error in the console i get the following errors...

Can someone help me...

what to do next...

rsamayoa

↧

Logs of which host are using RD License Manager

May 21, 2019, 10:04 pm

≫ Next: Remote Desktop Fails as soon as a RDS Collection is Created

≪ Previous: RDWEB/Webclient not able to connect websocket errors...

I have inherited the RDS environment across 3 Domains.
Have recently built a new license server for current 2016/2012 hosts and i wish to migrate our old 2008 R2 RD licenses.

How can i track which servers are accessing the old RD license server??
Are there log files i can look at as there are VM's all over the place.
Group Policy hasnt been used so mostly manual setups so can look at a security group to assist.

↧

Remote Desktop Fails as soon as a RDS Collection is Created

December 19, 2018, 11:13 am

≫ Next: What RDS licenses do I need and WHERE do I need to put them?

≪ Previous: Logs of which host are using RD License Manager

Abbreviated Problem:

As soon as I create a RDS application collection I am unable to use any remote desktop services. Reboot has no effect. Security Layer is set to "Negotiate" and Encryption Level is "client compatible". Prior to creating the collection standard RDP works; after it is created, however, RDP (including remote apps) fail to connect with the error :

Likewise, Immediately upon deleting the collection, Remote Desktop begins working again.

-This is a quick setup RDS deployment that exists only on one virtual Server 2016 instance.

___________________

Additional info:

The collection was working as intended for several months but I discovered that the above error would occur for all users and devices after a reboot of the RDS server or after a restart of the remote desktop services on the RDS server. Heeding the advice of a RDS forum I deleted the application collection and thought my troubles were behind me once remote desktop began to work again.. wrong.. As soon as a new RDS collection is created the error returns for all connections. I initially created the collection over an RDP connection and thought that might be the cause but the issue remains even when using a vmware console while creating the collection.

Obviously my RDP ports are open from the client computers to the RDS since RDP works after the collection is deleted -windows firewall is also off.

Hoping someone with more expertise and experience with RDS can help here.

↧

What RDS licenses do I need and WHERE do I need to put them?

May 15, 2019, 6:46 am

≫ Next: RD Connection Broker HA setup with SQL AlwaysOn doesn't work correctly

≪ Previous: Remote Desktop Fails as soon as a RDS Collection is Created

I'm building a new server... [Host Server] (Windows Server 2019 Standard)

The new HOST Server will have 4 VM's

1) [PDC/DC1] - Domain Controller - Windows Server 2019 Standard

2) [Exchange] - MS Exchange Server - Windows Server 2019 Standard / Exchange 2019

3) [Apps] - Apps Server - Windows Server 2019 Standard

4) [Workstation] - Windows 10 Professional

As an Admin, I will be RDP'ing directly to: [Host Server] - [PDC/DC1] - [Exchange] - [Apps] servers for maintenance.

Connections:

1) As an admin, I will be RDP'ing directly to: [Host Server] - [PDC/DC1] - [Exchange] - [Apps] servers for maintenance.

2) A handfull of users (1 at a time) will RDP directly to [Workstation - Windows 10 Pro] for various tasks.

I believe that I need RDS licenses to accomplish this. What I don't know is where do I need to install them to? Do I:

A) Install all of them to the host server?

B) Install 1 on each of the VM's [Host Server] - [PDC/DC1] - [Exchange] - [Apps] - [Workstation Windows 10 Pro]

Thanks!

↧

RD Connection Broker HA setup with SQL AlwaysOn doesn't work correctly

May 21, 2019, 11:36 pm

≫ Next: New-RemoteApp command creating multiple apps

≪ Previous: What RDS licenses do I need and WHERE do I need to put them?

Hi everybody,

I have an issue with RD Connection Brokers in a highly available setup backed by a SQL Server 2017 Enterprise Availability Group. The setup works correctly while the database is running on SQL node A of the availability group, users can logon via RDWeb and start their RemoteApp(s). When the Availability Group fails over to SQL node B, users can not start their RemoteApps, nor connect to a disconnected session, they are faced with these errors:

- The requested session access is denied.

- Your remote Desktop Services session has ended, possibly for one of the following reasons:

The Administrator has ended the session.

An error occurred while the connection was being established.

A network problem occurred.

For help solving the problem, see "Remote Desktop" in Help and Support.

Any idea's how to resolve this?

↧

New-RemoteApp command creating multiple apps

May 21, 2019, 3:56 am

≫ Next: hide broker name from remote app name in taskbar

≪ Previous: RD Connection Broker HA setup with SQL AlwaysOn doesn't work correctly

Hi,

I am using puppet to deploy remote apps using powershell commands, it works fine, but my problem is whenever the configuration runs. It just creates another remoteapp with the same name but with (1) next to it. Is there a check I can do to see if it already exists then do nothing? rather than create a new remoteapp with a slightly different name?

Thanks

↧

hide broker name from remote app name in taskbar

May 20, 2019, 11:35 pm

≫ Next: Remote app redirected printer stops working then log off hangs forever

≪ Previous: New-RemoteApp command creating multiple apps

Good day,
I am working on a RDS environment for a customer.
We implemented a remote app for his software that he is exposing to the outside world.
When the customer has opened his application and the customer hoovers with his mouse over the app in his task bar, the name of the application is "applicationname" + (rdsbrokername).
We don't want to display the brokername to the customer.
How to manipulate this name to hide the broker?

Thank you in advance,

↧

Remote app redirected printer stops working then log off hangs forever

May 21, 2019, 9:47 am

≫ Next: Remote Desktop Connection Broker Load Balancing Issue

≪ Previous: hide broker name from remote app name in taskbar

Anyone know know where to start looking for a solution to our Remoteapp issue? Redirected printers will stop printing then when the user tries to log off and reconnect it will show a message that says "Signing out" indefinitely or a black screen. We are using windows 10 Clients connecting to Windows 2012 R2 Remote app servers. This happens to multiple Remote App servers we have. Any suggestions would be great!

↧

Remote Desktop Connection Broker Load Balancing Issue

May 13, 2019, 11:09 pm

≫ Next: Windows Server 2016 Remote App issue

≪ Previous: Remote app redirected printer stops working then log off hangs forever

Hi,

We host around 4000+ RemoteApp connections in an RDS 2016 farm with 4 RDG, 2 RDCB and 28 RDSH servers.

All servers are Windows Server 2016.

Recently we are seeing that RDCBs stop tracking the number of connections on some RDSH servers and keeps redirecting new connections to them. As a result these servers start hosting a lot more connections than other servers.

Get-RDUserSession keeps reporting the same last known sessions and does not update irrespective of number of connections on the server or their state.

The workaround we have found is to disable new connections to affected RDSH servers, reboot them overnight and add them back on next day.

It will be great if someone can shed some light on this issue. I'm not sure how connection brokers get updated connection info from RDSH servers.

Thanks

Dinesh

↧

Windows Server 2016 Remote App issue

May 22, 2019, 5:27 am

≫ Next: Redirected printers do not appear on 2008 R2 RDS

≪ Previous: Remote Desktop Connection Broker Load Balancing Issue

Hi There

Hoping you can help with an issue am having adding remote apps to my existing RDS farm,

I currently have a working RDS farm consisting off 1 x gateway, 1 x broker and 2 x rd hosts, at the moment i can start a desktop session collection either internal or external to my organization without issue.

Now the issue is i have built another rd host to add remote apps, ive added this using my broker and published an app, all works fine internally but externally it does not work, when i start the application it sits on starting remote app for ages then errors out with the following message.

Remote Desktop can't find the computer "RD host", this might mean that it does not belong to the specified network.It looks like its trying to resolve the internal broker name externally and obvioulsy that wont work.

The gateway settings are already enabled globally within RDS, just scratching my head, dont want to mess with the configuration too much as the other rd hosts work fine.

Any ideas what could be the issue ?

↧

Redirected printers do not appear on 2008 R2 RDS

May 22, 2019, 6:27 am

≫ Next: RDS - Certificate Settngs

≪ Previous: Windows Server 2016 Remote App issue

Since today we have a issue with our 2008 R2 RDP server

local printers from desktops are no longer forwarded to the RDS (before today all was working fine)

I cannot find any related errors in eventvwr and the settings havent changed.

Ive tried a few google solutions but unfortunately none worked. Hopefully you guys can help.

Done:

Print spooler restart
Checked printer redirection in configuration program for RDS
Checked local RDP settings
Verified rights to system32/spool
Tried different workstations. All seem to have the issue
Add a regkey under HCU\Software\Microsoft\Terminal Server Client\Default\AddIns\RDPDR (FilterQueueType FFFFFF)

Any suggestions?

Preferably without rebooting the server. That would really disturb the workflow.

↧

RDS - Certificate Settngs

May 22, 2019, 7:24 am

≫ Next: GP not working on RDSH in child domain

≪ Previous: Redirected printers do not appear on 2008 R2 RDS

I am trying to setup Windows Server 2016 Remote Desktop Services. I have to setup certificates, I wonder how I do that..

I have,

RD Connection Broker - Enable Single On
RD Connection Broker - Publishing
RD Web Access
RD Gateway

My scenario to custmer is from the Windows Clients you can click on firefox to get Internet in the customers area.

Please help me with certificate :-)

----- S-O-K-O-B-A-N -----

↧

GP not working on RDSH in child domain

May 22, 2019, 7:50 am

≫ Next: RDS Servers Events 7011, 7046 - BSOD rdbss.sys

≪ Previous: RDS - Certificate Settngs

Working on an environment with all 2016 servers. Parent.local domain and child.parent.local domain. If I log into RD-sessionhost.child.parent.local session host with a user in the parent.local domain everything works except group policy. On the session host server I see event ID: 1053 processing of group policy failed. Windows could not resolve the user name. The RDSH is joined to the child.parent.local domain but is on a separate VLAN and only allowed to communicate with the child.parent.local network but not the parent.local network. The child.parent.local network can fully communicate with the parent.local network and no issues there. Does the session host in child.parent.local network need to communicate directly with the parent.local network for group policy to work?

Thanks in advance!!

↧

Latest Images