Hello,

I've set for my client a big RDS Farm, on two distincts locations. All of the users are using Wyses to connect to the farm. On the internal network everything is fine, but when trying to connect from outside, after login in, I get this message

"Your Computer can't connect to the remote computer because the Remote Desktop Gateway server is temporarily unavailable."

In the logs, I get those errors :

• Microsoft-Windows-TerminalServices-RDPClient/Operational : EventID 1033 :"CAAClientAdapter, :: 'm_spHelper->ReadCreds failed' in CAAClientAdapter::CreateTunnel at 380 err=[0xffffffff],"
• Microsoft-Windows-TerminalServices-RDPClient/Operational : EventID 1033 : "CClientProxyTransport, :: 'm_ClientAdapter->CreateTunnel failed' in CProxyRawTrans::CreateProxyConnection at 2116 err=[0x800759d9], "
• Microsoft-Windows-TerminalServices-RDPClient/Operational : EventID 1033 : "CClientProxyTransport, :: 'Gateway connection time out is 90' in CClientHTTPProxyTransport::Connect at 1099 err=[0x800759d9], "
• Microsoft-Windows-TerminalServices-RDPClient/Operational : EventID 1033 : "CClientProxyTransport, :: 'CreateConnection failed' in CClientHTTPProxyTransport::Connect at 1108 err=[0x800759d9], "
• Microsoft-Windows-TerminalServices-RDPClient/Operational : EventID 1033 : "CClientProxyTransport, :: 'Gateway Error' in CClientProxyTransport::SetErrorStatus at 2818 err=[0x800759d9],"
• Microsoft-Windows-TerminalServices-RDPClient/Operational : EventID 1033 : ":CClientProxyTransport, :: 'Gateway Error' in CClientProxyTransport::SetErrorStatus at 2818 err=[0x800706ba], "

The farm consists of 2 RDBroker in HA (with 2 SQL Servers AlwaysOn for the database), 2 RDGateway (HA), 2 RDWebAccess (HA), 1 RDlicence Server, an 10+ RDSH. A wildcard Certificate is set on the external name for all roles.

• rds.external.com : RR DNS name for the RD Brokers
• rdsweb.external.com : RR DNS name for the RDWebAccess

When connecting to the RDWebAccess FQDN (rdsweb.external.com) from external network, i can connect to the website, use my credential to view the collection of session I can connect to. But when I use one of them, I get this error message. If I download the rdp file, I can see that all the correct adress are in use:

full address:s:rds.external.com
gatewayhostname:s:rdsweb.external.com
workspace id:s:rds.external.com
use redirection server name:i:1
loadbalanceinfo:s:tsv://MS Terminal Services Plugin.1.CollectionName
use multimon:i:1
alternate full address:s:rds.external.com

As we use KEMP GeoLoadbalancing, I have in the public DNS a CNAME for rdsweb.extrernal.com, redirecting to rdsweb.geo.external.com, and the NS for this zone are set to the public IP of the distant site, with our internal DNS resolving all this to the correct farm member, for geo loadbalancing purpose.

Also the RAP and CAP policies are set in the 2 RD WebGateway.

Any hints on what to check or do to allow connection the farm from outise their network ?

Regards

my code is here:

CMsRdpClientShell m_MsRdpClientShell = m_rdp.get_MsRdpClientShell();

VARIANT font_val;
font_val.vt = VT_BOOL;
font_val.lVal = TRUE;
m_MsRdpClientShell.SetRdpProperty(_T("allow font smoothing"), font_val);

I have the following:

RDS Gateway = Windows 2016

TS server = Windows 2008 R2

TS Server2 = Windows 2016

I get into the RD webpage without issue, there lies 2 RDP published apps pointing to 2 different servers.

When the icons are launched and authentication box appears, domain credentials are put in, and the error stated below comes up.

End users can access the gateway without issue, when they select the TS Server RDP icons they get the following error:

RemoteApp Disconnected - Your computer can't connect to the Remote Desktop Gateway server. Contact your network administrator for assistance.

The TS connection is set to maximum, everything else is set correctly to. I have read all the articles I can find and it has not resolved the issue, is there something I am missing?

Currently we are running Windows Server 2016 RDS with User Profile Disk. We are looking at installing FSLogix so we can do cached Outlook mode with indexing and OneDrive.

If we install FSLogix Office 365 User Profile Containers what happens to the current User Profile Disk? Do we just point the containers to where they are located and it works without issue? Or does it create a new User Disk for the users?

Thank you

I've set up an RD Gateway that connects to a number of internal servers. Everything is working fine if I connect to a server (via RD Gateway) using either the Netbios name or the FQDN, however if I try to connect using the servers IP address I get the following error:-

Remote Desktop can't connect to the remote computer "10.XXX.XXX.XXX" for one of these reasons:

1) Your user account is not listed in the RD Gateway's permission list

2) You might have specified the remote computer in NetBIOS format (for example, computer1), but the RD Gateway is expecting an FQDN or IP address format (for example, computer1.fabrikam.com or 157.60.0.1).

Is there some configuration step I've missed on the RD Gateway to allow IP address connections?

Hi.

Environment:

• Windows Server 2016
• RDS Remote Apps
• Office 2016 - MSI Installation
• Windows 10 Enterprise v1803 clients

The Outlook window dissaperars or looses focus when the cursor is moved between e-mails or tasks. Resulting in the application behind Outlook showing instead.

The problem is sporadic and it does not matter what window is behind Outlook. PDF reader, Excel, etc...

The video below shows the problem.

Remember: In the video the user is only moving the mouse cursor. No mouse clicks and no keyboard keys are in play here.

https://streamable.com/5am7k 

./ Lars Olsen

The user "domain\user", on client computer "193.xxx.xxx.xxx", was not authorized to connect to the RD Gateway server because a tunnel could not be created. The authentication method attempted: "NTLM" and connection protocol"HTTP". The following error occurred: "2147965433".

Any ideas?

• Clean install,
• godaddy cert.
• Windows 2012 R2 Standard
• 1 Broker, 1 Gateway, 1 Host on the same server.
• Client uses windows 10 

When connecting via RDWEB, the login prompt is displayed. When logging in after clicking on the rdp file the mstsc connection window freezes for a brief second, then the pop up below appears: (google translated)

Your computer can not connect to the remote computer because the server Remote Desktop Gateway expected a different authentication method than the one used.

1 CAP, 1 RAP. Policy set to allow Domain Users, user is member of Domain User and Admins.

Also saw the following Warning:

RDPClient_SSL: An error was encountered when transitioning from TsSslStateDisconnected to TsSslStateDisconnected in response to 25 (error code 0x8000FFFF).

//Regards, Andreas

Can't figure out why login through RDS Gateway is so slow...

I've setup a 2019 RDS environment.

It's all VM's
Server: Connection Broker and License Server
Server: Session Host (Server 2019)
Server: Gateway (in DMZ)

Using FSLogix.
MFA plugin through Azure.

When logging in from inside network it's fast. (Not asking for MFA)
When logging in from outside through gateway, it takes 1:40 minutes before desktop is ready. (Asking for MFA)

Using a RDP file.
MFA challenge comes ~11 seconds after password is entered.
After that: "Configuring remote session" in a long time.
Occasionally the login is way faster.
(after I wrote this, the MFA challenge took 4 seconds and was 100% logged in in about 10 seconds through gateway)

I can't see where to begin troubleshooting...

Sometimes the connection is lost, asking the MFA challenge again.
Tried using "Negotiate" and  "RDP Security Layer"

Tried looking Event Viewer on several servers with no luck

Sorry for the jumping in text.

Hi,

We have a Server 2016 with Remote Desktop Services enable but we can't connect to it anymore (it worked before).

We tried a lot of things already but not solved it yet. It seems the RDS isn't accepting connections on port 3389.

- telnet to it on port 3389 not working

- ping does work

- verified the port setting in registry

- rebooted the server

- added a separate rule to allow 3389 always

- netstat -an doesn't show an listening port on 3389

Someone an idea?

Kr Kevin

Hi,

How can we change the remote desktop web access URL in Windows 2016 so that the applications can work from the internet. We have already installed a third party certificate. When we are trying to use the below command

"Set-RDPublishedName "remote.ourdomain.com"

It says "The RD Connection Broker server is not configured for high availability".

We don't want to use HA now.

Thanks.

I am looking at deploying around 8 Terminal  server across our offices. All offices are in the same domain and interconnected. At the central site I am looking at deploying the licensing server. Am I right in thinking that I can use 1 central licensing server to allot the licenses?

Next am I also right in thinking that RDS user cals are allotted to each specific user and cannot be reallocated to another user (So not concurrent users but specific named users) and the only way to release the license would be to remove them from the AD.

We would also be looking to run MS office on each Terminal server, How does the licensing work for this, so for example if I have an office with 5 TS users do I need to buy 5 Open licenses for office and 5 RDS user cals.  (we do not use Office 365) Or can I buy an open license for 40 copies of office and 40 RDS users?

We have recently faced many problems with our infrastructure based on the rds 2016 system. The most common problems are:

• login issues (when attempting to login, users are thrown back to the login screen)

• problems with redirecting usb devices

• connecting to CB in server manager takes a good few minutes.

How can I investigate what is the reason of this issue? Which logs and which CB / SQL / GW / WA servers are best to check? T hank you in advance for your response.

Hi All,

I have created a DC and I have 5 servers which have to be using RDS User CAL Licensing. DC is one of the 5 Servers that I have.

Now I have added all the machines to the Domain that I have created and also configured the Licensing Role as required, but now the servers are disconnected stating that it has passed the grace period. I have a User CAL License available with me. Below details are configured as per the requirement on of them

RD Licensing / RD Session Host / RD Gateway - All Servers

RD Connection Broker / RD Web Access - only on one server which is not a DC

I want to activate the license and make sure I have access to all the 5 Servers which are configured in the same domain.

Kindly suggest if any changes with the gpedit.msc is required or with the regedit which I presume shouldn't be done as I have a proper license available.

I would like to configure the existing mis-configuration to be corrected. Let me know what kind of details you need in order for me to get this fixed.

Hi All,

I have a Server 2008 R2 server that is a RDS Licensing Server and Connection Broker to 5x 2008 R2 RDS Session Hosts.

I understand the key to migrating is move the Connection Broker role to Server 2016 first, then add the Server 2016 Session Hosts to the farm

However I cannot use High Availability cluster to add a Server 2016 Connection Broker as my 2008 R2 server is Standard Edition, which does not support Failover Clustering.

Can I extract the Connection Broker settings (farm name etc.) and import them into a new replacement Connection Broker running on Server 2016 so I have the same farm name?

Or is the only way, to create a new RDS farm, with a new name, on Server 2016 running the Connection Broker role and then move the 2008 R2 Session Hosts to this broker? But then off course I'll have to update all my thin clients with the new name.

Thanks in advance.

Hi,

I have a Windows Server 2012 R2 there i have installed:

RD Web Access

RD Connection Broker

RD Session Host

But RD Connection Broker service will not starta I get this 3 errors:

Event ID: 833 Source: TerminalServices-SessionBroker

The VMResource plugin failed to load. Error: VMResource is not a valid Win32 application. 

Event ID: 833 Source: TerminalServices-SessionBroker

The MS Default Provisioning Plugin plugin failed to load. Error: The group or resource is not in the correct state to perform the requested operation. 

Event ID: 898 Source: TerminalServices-SessionBroker

RD Connection Broker service failed to start. HRESULT = 0x8007139F.

I have checked VMResource in register in it´s look fine.

Regards Pierre

Hello,

recently we want to move from redirect folders on our RDS enviroment to UPD.

We created new Collection, new RDSH. Everything works fine except that every time system create new folder for the user ex.

user.001

user.002

What's more we have in GPO rule to delete user folder on the server during logout. It wont happened.

I've searched Event log and every time i see errors like:

1533 - Windows cannot delete the profile directory C: \ Users \ Administrator.000.The cause of the error may be that the files in this directory are being used by another program.

20491 - Remote Desktop Services cannot disconnect the user disk for a user account with SID S-1-5-21-4205589905-739050087-1798985181-500.Error code: 0x91.38

I've found that in 2016 was a hotfix but we have updated system up 11.2019 year and problem still exists

What can we do?

My Windows server 2012 standard has been enabled with Remote Desktop.

It has been working until recent but now my remote desktop client always gives me this error: 'This computer can't connect to the remote computer'.

When i check the event viewer from my 2012 server after trying to remote desktop to it, i see this:

event id: 1057

Severity: Error

Source:: Microsoft-Windows-TerminalServices-RemoteConnectionManager

Log: System

Message detail:

The RD Session Host Server has failed to create a new self signed certificate to be used for RD Session Host Server authentication on SSL connections. The relevant status code was Object already exists.

I've tried to follow the instructions from the another technet post: removing the existing self signed certificate (by using mmc), then restarting the Remote Desktop Configuration service to re-generate the certifiacte, then configure in RD Session Host Configuration (tsconfig.msc)

http://social.technet.microsoft.com/Forums/windowsserver/en-US/8df42746-465f-4902-95a6-121ef1f0fd68/the-terminal-server-has-failed-to-create-a-new-self-signed-certificate-to-be-used-for-terminal

It did not work for me. No new self signed certificate has been re-generated. I also could not find RD Session Host Configuration from my server.

We have installed Server 2016 and installed Remote desktop services and license activated on the server.

When we connect to the server 2016 from windows PC and its connecting without any issue.

But when when we connect through Ncomputing Vspace session thin client and we are getting the below error message.

Please help on this issue.

Thanks

Krishna

Using Group Policy Editor, I have added Administrators into Computer Configuration\Windows Settings\Local Policies\User Rights Assignment\Deny access to this computer from the network. This is to make sure that file sharing users cannot bypass the NTFS rights. However, I want members of the Administrators group to be able to login interactively using Remote Desktop. It works from Windows PCs, but not from Microsoft RD Client for Android, where I get the following error message:

• We couldn't connect to the remote PC because the admin has restricted the type of logon that you may use. Ask you admin or tech support for help. Error code: 0x1307

I can connect from Android only if I remove that policy.

Any ideas?

Hi,

I am continuously getting event id: 4005 on RDS server.  

Server OS: Microsoft Windows Server 2012 R2 Standard.

The Winlogon process terminates unexpectedly and prevents new logins from processing.  However, the only way to get login process work after the power cycle the server.

Webroot antivirus agent is installed on the server.

Tried to install the below-mentioned update on the server but is shows not applicable. It looks like this update is superseded with other updates.

November 15, 2016:-  (Preview of Monthly Rollup)
https://support.microsoft.com/en-us/kb/3197875

Webroot released the new agent (9.0.18.34 -  October2th, 2017).

Added

•Efficacy improvements when making determinations for critical system processes
•Enabled installation where TLS version is 1.1 or greater
•Data gathering for phase 1 of malicious scripts shield
•Extended data set transmitted for use with Machine Learning
•Further optimization of cloud communications
•Handle /disable command line option correctly
•Improvements to hash calculation for non-PE files
•In Product Messaging ( IPM ) displays special characters correctly
•Select IPMs can trigger re-acceptance of EULA
•Update WSA copyright message to 2017
•Support for Windows 10 Fall Creators release
•Support for Windows 2016 Server
•Enable installation and removal of DNS-P Agent

Fixed

•Integration with Mozilla Firefox no longer causes a browser crash in certain circumstances
•Internet connectivity is not lost when removing WSA
•Protect against WSA driver being written to disk with zero-byte file size
•Prevent agent crash when Backup & Sync is being used
•Addresses a memory leak resulting in 4005 <g class="gr_ gr_106 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar multiReplace" data-gr-id="106" id="106">event</g> on Terminal Servers
•Ensured plugins are removed smoothly during un-installation
•Ensured journaling files are always present at the time of WSA installation
•Send data back for GSM to clear 'Needs Attention' from devices in a timely manner
•When System Analyzer is running, ensure that files can be restored from Quarantine

Reference link of Webroot: http://answers.webroot.com/Webroot/ukp.aspx?pid=10&app=vw&vw=1&login=1&json=1&solutionid=2234

Regards,

Vikrant Wakchaure...