Good Day

I have configured standard RDS session based deployment recently on 2012 R2 servers
Everything is working as expected
The setup has TWO RD Session host, 1 Session Broker, one RD Web access and one RD Gateway
I have created 2 DNS records named Rdsfarm.domain.com for my RDS1 and RDS2 session host servers and if I connect to thisrdsfarm.domain.com with RDP from TS clients, i am able to connect to any one of TWO rds servers without any problem
However some part is not clear to me
I have not added rdsfarm.domain.com any where except my RD Gateway server RAP policy
Also I have added my RD Broker server in RAP allowed group above.
I don't see any config where this farm name is associated with my RD Broker server

I have tried to connect to RD broker server from client, but it didn't redirect me to RD session host servers
If I try to connect to my RDS servers with their FQDN , it gives me error that I must connect thru farm name

Can you please help me to understand relation between RD session host servers farm and RD broker server ?
Also I would like to know what exactly happens in background when user start RDP session by entering RDS farm name

Note that RDS farm name is generic DNS Host(A) record pointing to my both RD session host servers

I wanted to know is there any command or configuration I missed out as I don't see any config where Generic RD Session Host Farm name (DNS Host(A) record) is associated with my RD Broker server ?

Thanks

Best Regards
Mahesh

I have set up a test Server 2012 RDS collection (Single Server for now) and implemented User Profile disks.

I have two problems.

First: My generic test user can connect and does successfully use the user profile disk as expected. However, atlogoff, the system event log contains these errors:

The error (NTFS 137) is: The default transaction resource manager on volume C:\Users\ts3.test encountered a non-retryable error and could not start.  The data contains the error code.

The warning (NTFS 50) that concerns me is:

It appears that the user profile disk is being "disabled" or "disconnected" before the profile data is completely written at logoff. What can I do to troubleshoot this?

Second:

Update: A post from Mike Connor on the following page: -LINK- solved the problem described below. 

My administrative user always logs on now with a temporary profile. At the beginning, the UPD was working and mounting. That stopped working. In attempting to troubleshoot, I logged the admin user off and deleted the UPD disk file from the share. I remember it working again after generating a new UPD disk file in the share. Soon, it quit working again. I deleted the UPD disk file again from the share and ever since, it has never regenerated a new UPD andalways logs on with a temporary profile.

Good Day Guys,

I have a very frustrating problem I can’t resolve for some other reason. I have tried every single solution they posted on the web but still no success.

I’ve got a Server 2008 R2 server running RDWEB Gateway, CAP and RAP Policies created and IIS Version 6.1 Build-7601 SP1. This setup was done 2 years ago and all worked 100% internally and externally to the RDWEB page and opening published applications on the page. 4 weeks ago the external access to the published applications are giving an error “23002” but all is working 100% still internally.

Hi have recreated the CAP and RAP and our GOdaddy cert is expiring only on april 2016. I also recreated another network resource group and recreated another user security group, I also made sure all needed firewall ports are open. I can access the page perfectly externally but when I open any application I get the following error:

The user "xxx\xxxxx", on client computer "xx.xx.xx.xx", did not meet resource authorization policy requirements and was therefore not authorized to resource "xx.co.za". The following error occurred: "23002".

Any other tricks you guys have up your sleeves to please help me out of this black hole?

Thank you

Hello,

I've searched extensively and cannot find a definitive solution to this problem. Here is the current situation:

2 Servers: 1 Windows Server 2008 R2 acting as a database server (DB1), 1 Windows Server 2008 R2 acting as a terminal server (TS1)

1 Windows 7 Workstation (my work laptop)

I have configured the TS1 with RD Session Host to have 'Negotiate' as the security layer and have checked "Allow only connections from computers running Network Level Authentication."

With a Windows 7 Pro computer, fully up to date with updates, including RDP 8.1 (as verified by looking at the 'About' window from the Remote Desktop Connection program), I cannot connect to the TS1 when these settings are in place. I get a credential prompt, but when I attempt to login, I get "The Logon attempt failed." When I change the Security layer to "RDP Security Layer" then there is no problem whatsoever. I establish a session, and can log on as expected.

I can RDP to the DB1 with NLA with no problem as well.

I would much prefer to use SSL and NLA rather than simply the RDP native encryption, but I cannot for the life of me figure out what the underlying issue is here. I have tried adjusting Group Policy with the whole "Send LM, NTLM, use NTLMv2 if negotiated" etc, but all to no avail.

As a note, there is no 3rd party certificate installed on the TS. Only the Self-Signed certificate that is generated automatically.

Any help would be appreciated!

Hi,

I've configured a fresh single RDS Server (all roles on one Server including Gateway) based on Windows Server 2012 R2. Everything works fine when we use Windows 7 with current RDP Client to connect via Gateway/HTTPS.

When we use a Mac (OS X 10.9.3) with current Version of "Microsoft Remote Desktop" (8.0.7), no RDP Connection is established. Error message: "Unable to connect to remote PC. Please verify ...". Login on <external.domain.name>/rdweb works fine and I'm able to download the .rdp-file and open it with Microsoft Remote Desktop, but after a few seconds the error above appears.

I did some traffic analyzing on our Firewall and it seems that the Mac try to connect on port 3389 on the public ip of the RDS Server, which is blocked. I manually configured a RDP Connection with Gateway - same error. The log of Microsoft Remote Desktop:

[2014-May-22 11:58:30] RDP (0): Final rdp configuration used: gatewayhostname:s:<external.domain.name>

screen mode id:i:2

use multimon:i:1

session bpp:i:32

full address:s:<external.domain.name>

audiomode:i:0

username:s:

disable wallpaper:i:0

disable full window drag:i:0

disable menu anims:i:0

disable themes:i:0

alternate shell:s:

shell working directory:s:

authentication level:i:2

connect to console:i:0

gatewayusagemethod:i:1

disable cursor setting:i:0

allow font smoothing:i:1

allow desktop com:1

redirectprinters:i:1

bookmarktype:i:3

use redirection server name:i:1

loadbalanceinfo:s:tsv://MS Terminal Services Plugin.1.<name>_RDS

[2014-May-22 11:58:30] RDP (0): --- BEGIN INTERFACE LIST ---

[2014-May-22 11:58:30] RDP (0): lo0 af=18  addr= netmask=

[2014-May-22 11:58:30] RDP (0): lo0 af=30 (AF_INET6)  addr=::1 netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff

[2014-May-22 11:58:30] RDP (0): lo0 af=2 (AF_INET)  addr=127.0.0.1 netmask=255.0.0.0

[2014-May-22 11:58:30] RDP (0): lo0 af=30 (AF_INET6)  addr=fe80::1%lo0 netmask=ffff:ffff:ffff:ffff::

[2014-May-22 11:58:30] RDP (0): gif0 af=18  addr= netmask=

[2014-May-22 11:58:30] RDP (0): stf0 af=18  addr= netmask=

[2014-May-22 11:58:30] RDP (0): en0 af=18  addr= netmask=

[2014-May-22 11:58:30] RDP (0): en0 af=30 (AF_INET6)  addr=<address>%en0 netmask=ffff:ffff:ffff:ffff::

[2014-May-22 11:58:30] RDP (0): en0 af=2 (AF_INET)  addr=<address> netmask=255.255.255.0

[2014-May-22 11:58:30] RDP (0): en0 af=2 (AF_INET)  addr=<address> netmask=255.255.255.0

[2014-May-22 11:58:30] RDP (0): en1 af=18  addr= netmask=

[2014-May-22 11:58:30] RDP (0): fw0 af=18  addr= netmask=

[2014-May-22 11:58:30] RDP (0): en2 af=18  addr= netmask=

[2014-May-22 11:58:30] RDP (0): bridge0 af=18  addr= netmask=

[2014-May-22 11:58:30] RDP (0): p2p0 af=18  addr= netmask=

[2014-May-22 11:58:30] RDP (0): --- END INTERFACE LIST ---

[2014-May-22 11:58:30] RDP (0): ----- BEGIN ACTIVE CONNECTION -----

[2014-May-22 11:58:30] RDP (0): client version: 8.0.24875

[2014-May-22 11:58:30] RDP (0): Protocol state changed to: ProtocolConnectingNetwork(1)

[2014-May-22 11:58:30] RDP (0): correlation id: 7a0a5e55-c35a-c642-882e-788a487a0000

[2014-May-22 11:58:30] RDP (0): Resolved '<external.domain.name>' to '<external ip address>' using NameResolveMethod_DNS(1)

[2014-May-22 11:58:38] RDP (0): Protocol state changed to: ProtocolDisconnected(8)

[2014-May-22 11:58:38] RDP (0): ------ END ACTIVE CONNECTION ------

I remember that there was an issue to establish SSO based on DNS resolve (external Domain Name to internal ip address via Gateway Connection); but we resolved this with a new DNS Zone. But why is it fine on Windows, but not on Mac OS X with Microsoft Remote Desktop? I wondering why the MRD is not using the Gateway Connection to resolve the RDP host ... ?

Many thanks,

Erik

In our environment we have Remote Desktop Services Host running patched and up to date Windows 2008 R2 Enterprise behind Remote Desktop Gateway running Windows 2012 R2 Standard. Dual Factor Authentication from Windows Azure is used in our system as well.<o:p></o:p>

We experienced following strange behavior. Users with updated Windows 7 clients can successfully authenticate against RD Gateway, receive a call from Windows Azure DFA, authenticate and establish remote session to RDSH. No issues while working in remote session until user need step back or minimize the active RD session window. After 120 seconds the session get dropped and reconnects immediately and the user receives another authentication call from DFA.<o:p></o:p>

No errors on client side, no errors on DFA, RDG or RDSH servers, just entries that the session was disconnected and then reconnected.<o:p></o:p>

Running Wireshark on the clients side shows that the local computer sends RST, ACK which drops connection and then immediately sends SYN to RDG server with initiates connection reestablishment and a call from DFA. <o:p></o:p>

We figured out that this behavior is related to the stations with KB2923545 installed. As soon as we remove mentioned KB, no session drops.<o:p></o:p>

Anybody experiencing the same and had found other solution then just removing windows update KB2923545? <o:p></o:p>

Hello,

I woud like to ask what certificate template should I use to create certificate for remote desktop services. And maybe not good question. Is it the same certificate that I have to install on clients? Thank you.

Hello All,

Please, Could you tell me if it's possible to migrate Terminal Server 2003 (Server and Licensing Server) to New Forest (there is "two way Trust-RelationShip").

Tanks

Regards

José Osorio

Good morning! Faced with a some trouble while configuring Terminal Server (Windows Server 2012 based). I selected licensing mode "Per User" and now I see this message:

“The Remote Desktop Session Host server is in Per User licensing mode and No Redirector Mode, but license server “server name” does not have any installed licenses with the following attributes:

Product version: Windows Server 2008 or Windows Server 2008 R2

Licensing mode: Per User

License type: RDS CALs”

So this is trial using of terminal server - I have 25 days yet but already today I can't connect to server using RDP. There is an error message about absent licensing server. How can I activate licenses in trial mode? Thank you for support.

Hi,

We have a RDS 2012 R2 deployment using user profile disks. The UPD share is placed on an unclustered file server. We need to move the share with the UPD disks to a new SoFS cluster to give HA to that part of the solution aswell (all other components are clustered). Is this possible and if so, how?

Could i simply uncheck the use of UPD in deployment properties, move the share with all the vhdx UPD's in it to a new location, then reactivate use of UPD pointing to the new share containing the existing UPS VHDX files? Will it then be able to use my existing UPD VHDX files, or will it error out and give me temp profiles?

This posting is provided "AS IS" with no warranties or guarantees and confers no rights

Hi All,

We have the following problem, we are running a Windows Server 2012 (non R2) Session Host server using User Profile Disks. A user creates a new folder within their "Documents" folder, this new folder contains different file types eg, PDF, ZIP, DOC.

When the user tries to delete a file of the entire folder they are prompted by UAC. The user is not able to delete without an Administrator account confirming the UAC prompt.

We have checked the users security rights, the user has full access to the new folder and all files within.

Any suggestions would be appreciated.

Thanks,

Hello,

I'm currently in the final fase of installing an functional Remote Desktop (Windows Server 2012R2) environment. The only problem i have, which i try to complete several days now without any luck, is the installation of our WildCard SSL certificate on de Remote Desktop Session Host servers (farm).

We have 1 gateway server which is also the connection broker. On this server i have installed (using the Deployment Properties of the Session Collection) the certificate on all available levels. But still, when i try to connect to our Remote Desktop Servers i get the automatically created certificate from the Remote Desktop Session Host servers. The certificate works for all the other functions (gateway etc.)

.

The servers are joined to the domain, and the wildcard certificate = *.zon-ict.nl.

Below the screenshot of the deployment settings.

Can someone point me in the right direction for installing the certificate on the RDSH servers?

Hi all.

I have the next infrastracture:

1. DC on WS2008

2. New RDS Host on WS2012R2. Connection Broker and Licensing Server installed on same server. 

Sometimes (about every 10 days) connection issues occurs. Users try to login, pass authentication successfully, then they "freeze" when settings must apply. The same time logged users can work without any problem, after some time they get black screen, but server manager shows the sessions like active. I can connect via telnet to RDP-port, it looks like OK.

I solve the issue rebooting RDS Host till now. 

In event viewer I see that user group policy doesn't apply since the issue occurs. 

When we used WS2008 as Terminal Servers there was not the problem. 

Any ideas? 

We are running Windows 2003 TS for client access their report. We create a group policy to “Hide these specified drives in My
Computer” and “Prevent access to drives from My Computer”. The problem is when a TS user tries to save the PDF report, he receives this error: This operation has been cancelled due to restrictions in effect on this computer

Any suggestions how we fix this problem?

Bob Lin, MCSE &amp; CNE Networking, Internet, Routing, VPN Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net How to Install and Configure Windows, VMware, Virtualization and Cisco on http://www.HowToNetworking.com

Hi,

I just setup a new server with ESXi 5.5 u1

The VM= 8vcpu, 10Gb of RAM(reserved), on RAID5 with 15k disks

Then I installed Windows server 2012R2 with the rdp host roles

all updates

Office 2013 with sp1 with all update.

Clients side=Windows XP and 7, with the last rdp client.

The problems are:

Fews times every days they got lags, the keyboard is not working for seconds, the mouse is not responding, and Office applications freezing.

I put the vm on another server(less load) and still with the same issue.

I limit the maximum color to 16bit

Remove the wallpaper

No effect...

When I look to the performance :

no more than 30% in average for the cpu, with some peak to 80%

no more than 40% for the memory

Any idea? Thanks

Hi!

I have a small network with an Active Directory Domain Controller (Windows 2003) - including Exchange, I initially had a Windows 2003 Terminal Server, but have replaced the Windows 2003 Terminal Server with a Windows 2008 Enterprise (non R2) Terminal Server. The Windows 2008 is an entirely new system, not an upgrade.

The problem is that the new Terminal Server ('08) runs very very slow once the old 2003 Terminal Server is not present on the network. Although I am no longer using the old server, it seems to have an impact on the network's performance.

For example, if I should shut the old server down, the new server becomes really slow. It takes approximately 5+ minutes for services/applications to load after you try to log onto the server using RDP. You get a blank screen for a long time before the icons are loaded and everything runs really slow, including Outlook. On the contrary, once the old server is booted up into Windows, the new server works just fine.

All of the servers are physical boxes and I do intend on eventually getting rid of the old Windows 2003 Terminal Server.

When configuring the 2008 Terminal Server, I did transfer the 2003 Terminal Server's IP Address to the 2008 Terminal Server and give the old server a new IP Address. I do not know if it has something to do with the behavior but the old server is not used at all. It is only booted to try to keep the network steady.

Jale01