New task from work I have to learn with Remote Desktop Services Server 2012...its my first time using RDS. So far so good until
I have to create a Virtual Desktop Collection. This is the error that appears when creating the Collection:
Failed: The provisioned virtual machine could not connect to its primary domain
Failed: The operation has been cancelled.
Any help will be appreciated.
Setup:
1 server 2012 (DC, DNS, DHCP).
1 Server Hyper-V, Remote Desktop Services.
Win 7 is my template.
I am setting up a Server 2008 R2 RD Web Access server and I want users to be able to run ADUC without adding them to the server's local administrator group. All the users have the necessary domain rights to use various aspects of ADUC. I plan to add the users to the Remote Desktop Users group with user level access. However, I've been told "if any of the applications require a promoted token to use (like ADUC) in order to get that token, the account used has to be capable of receiving from that server (thus the account has to be a local admin).
Before I start testing, I thought I would see if this state is correct. I've read several other threads that simply disabling UAC on the terminal server will allow a user to run ADUC without being a member of the local admin group. I find it hard to believe that you would have to give everyone local administrative rights in order for them to run ADUC.
Hi,
I have a strange problem with 8.1 U1 and 2012 R2 pooled collection. The collection is created correctly, and I can login fine, however - the login takes approx 15 seconds each time. I think there is some initialising of some sort going on in the VM each time. If I use a normal win8 vm on the same host I get a 4 sec login time. Both machines have the same group policies, and I have tried using user profile disks or just local profiles.
It is as though the first login on a fresh/sysprepped 8.1 VM does some funky stuff that slows it all down a bit. Anyone seen anything similar?
I've changed the login script timeout on both vms so it isnt that. Any logs I can look at? Event logs and userenv.log show no clues.
David Hood www.consilium-uk.com
Recieve the following error when attempting to open a RDP session to my Server 2003 machine.
"To log on to this remote computer, you must have Terminal Server User Access permissions on this computer. By default, members of the Remote Desktop Users group have these permissions. If you are not a member of the Remote Desktop Users Group or another group that has these permissions, or if the Remote Desktop User group does not have these permissions, you must be granted these permissions manually."
I've checked membership on the remote Desktop Users group, and the user i am testing with is definitely in there.
Remote Desktop User group is allowed "Log on with Terminal Services" permission on the box in question.
Connection permissions are correct in Terminal Server Configuration.
I'm not sure where else to look.
This is a server 2003 R2 box also running an Exchange role.
I have a windows 2012 R2 RDP environment. 1 Broker and 3 Session Host Servers.
My question is as follows:
User connects via broker to one of the Host servers. Host server goes down, while user is still connected. Session is written in Broker database. User wants to connect again, but broker sends him on to the server which is down and so he cannot connect.
Other situation is similar, User connects to host, administrator drains host, stopping new connections. User disconnects session, session is still in Broker, when user tries to reconnect is sent to drained server but cannot login, as he is considered new connection.
What am I missing?
Aaron
Dear,
We configured a Terminal Server 2010 Gateway Farm with 3th party load balancing in front.
When we try to connect to a Terminal Server via this load balanced gateway farm we get error message "Http transport: IN channel could not find a corresponding OUT channel" (event id 210).
Has anyone seen this error before? What could be the issue?
I did not find any reference to this error message on the support site(s).
Kind regards,
Jannes Labaere | Networking & System Services
ConXioN bvba
Hoogstraat 134, 8540 DEERLIJK
We are working toward the (near impossible) goal of having an error and warning free environment.
When running a BPA scan on our Remote Desktop Services servers we are getting the following:
Title:The two servers we get this message on are only setup with the Remote Desktop Services role with RSWeb enabled. Applications have been configured as RemoteApps. These servers were built very recently and all services should be setup with the original system defaults.
We tried to follow the instructions in the article about editing the web.config or notepad administrationhost.config to revoke permissions, but there is no entry in there files for "handlers accessPolicy" as the instructions state I should find. I also checked the RDWeb folder in C:\Windows\Web\RDWeb and saw the web.config file in this location is also missing an entry called "handlers accessPolicy".
Anyone have a suggestion how to correct this? We would prefer not to exclude the result from BPA scans.
I am setting up an RDS infrastructure and I am currently looking at using Windows 7 ThinPC on some older workstations. They should auto login and auto connect to the RDS session. I am hoping that this can all be done with Group Policy but realize that it might require some extra work (startup script, etc).
Has anyone managed such a thing? I have performed many searches on this but all the documentation I find on VDI with Server 2012 just relates to the setup of the server side of things, not the clients.
Any help would be greatly appreciated.
I have searched through the forums and there are a number of posts that are similar but all the checks they list seem to not apply to this one.
My current setup is as follows
All Servers are 2012 R2
1 x DC server
1 x RDS Gateway server with RDS Web installed
1 x Session Host Server
Certificate supplied by godaddy with 5 names. (included is the name of the RDS Gateway/Web server in the certificate, the internal name of the session host server is not included as the internal names are differnet to the external)
My tests are as follows
Navigating to the RDSWEB page from a machine inside the same network (windows 7 sp1) but not on the same domain is fine no errors and logging in and launching any published application is fine with no errors.
However logging in on another machine that is external from the network (windows 7 sp1) is ok up to the point of launching any of the published apps I get the error about ""A Revocation check could not be performed for the Certificate". this prompts twice but does allow you to continue and login and use the app till the next time. If I view the certificate from the warning message all appears to be ok with all certs in the chain.
I have imported the root and intermediate certs to each of the gateway/rdsweb server and session host server into the computer cert store just to be on the safe side. This has not helped, I have also run the following command from both windows 7 machines with no errors on either
certutil -f –urlfetch -verify c:\export.cer
I cant seem to see where this is failing and I am beginning to think there is something wrong with godaddy cert itself somehow.
If I skip rdsweb and just use MSTSC with the gateway server settings then I can login to any machine on the network with no errors so this is only related to launching published apps on the 2012 R2 RDWEB or session host servers.
Any help appreciated
Good Day Guys,
I have a very frustrating problem I can’t resolve for some other reason. I have tried every single solution they posted on the web but still no success.
I’ve got a Server 2008 R2 server running RDWEB Gateway, CAP and RAP Policies created and IIS Version 6.1 Build-7601 SP1. This setup was done 2 years ago and all worked 100% internally and externally to the RDWEB page and opening published applications on the page. 4 weeks ago the external access to the published applications are giving an error “23002” but all is working 100% still internally.
Hi have recreated the CAP and RAP and our GOdaddy cert is expiring only on april 2016. I also recreated another network resource group and recreated another user security group, I also made sure all needed firewall ports are open. I can access the page perfectly externally but when I open any application I get the following error:
The user "xxx\xxxxx", on client computer "xx.xx.xx.xx", did not meet resource authorization policy requirements and was therefore not authorized to resource "xx.co.za". The following error occurred: "23002".
Any other tricks you guys have up your sleeves to please help me out of this black hole?
Thank you
I am accessing an application via Terminal Server. The application ended abnormally, which was ended from the application. When I log on to the TS I am still seeing the application session.
I recently started to use TS 2012, I can't find where you go to end the TS session itself. Please help.
Hi all,
We have problem with remote desktop connection. The server that I want to connect is 2012 R2.
We have no trouble with server 2008. I searched from internet, there are solutions on server side(I am not sure if these suggestions solve the problem), but our customers don’t want to solve this problem on server side because it is diffucult and risky.
Is there a solution on handheld terminal side to do?
Operating system: WM 6.5 classic(Professional o.s. has no effect, same error continues)
Any help will be appreciated from your side.
With Best Regards.
I do not have a domain configured in Win Ser. 2008 R2, there is not a need for it in my application I would like to set up restrictions for users that access using Remote desktop to only have access to one folder and be able to run one installed program on the server, how do i do this, new user obviously....
Hi All,
I'm in the process of a VMware to Hyper-V migration and whilst in the process rather than migrating the 2012 RDS VM's over to Hyper-V I have decided to setup a bunch of 2012 R2 VMs. My original setup was
1 x Windows Server 2012 VM running RDSCB, RDSGW & RDSWA
2 x Windows Server 2012 VMs running RDSSH
My new environment runs
1 x Windows Server 2012 R2 VM running RDSCB, RDSGW & RDSWA
2 x Windows Server 2012 R2 running RDSSH
I have the connection broker running in HA mode for SSO purposes and publishing the correct name. This also made life easier when running the upgrade as I joined the new 2012 R2 VM to connection broker group which worked fine. I then set the new 2012 R2 RDSCB VM as the active connection broker. At this point the old 2012 VM was decommissioned (Without the RDS roles removed). As the old 2012 VM is now offline and un contactable when I add any new session hosts to the collection I see an error stating it can't contact the old 2012 RDSCB.
I have been through the RDS connection broker database and removed any reference to the old RDSCB VM but this hasn't helped. Does anybody have any other ideas or would you suggest re creating the collections from scratch?
Alex
Hi!
How can we increase the remote desktop connection idle timeout limit in windows 2012? The remote desktop host configuration option is not available in Remote desktop service under administrative tools.
Thanks.
We have terminal farm on Windows Server 2012 (RDS 2012), and several RemoteAppapplications.
Once installed on the client computers with the Windows 7 updateKB2923545 get the following problem.
RemoteApp running application takes away the focus from a certain application periodicity.
This happens as follows:RemoteApp application is open, but not in focus.User are working in any application, such as in Microsoft Word.User is typing text without looking at the monitor.While typing the focus from the currently active application (Microsoft
Word) goes to RemoteApp application and the user enters text into nowhere, causing very angry.That is RemoteApp application does not go to the front, it still sits in the background or minimized.But the focus (cursor) it catches itself.On the taskbar, it shows the application icon highlighted RemoteApp.
Prompt, who faced with a similar, what to do?
Is there a solution?
Critical Update or whether it can be safely declined?
Does MS know about this behavior of this update?
Setup:
Deployment Type: 2012 RD Session based deployment
Domain level: 2012
DNS: separate internal and public domain names
Clients: Windows 8.1 ENT
Session Host: Two RDSH Collections
Broker: Single RDSB server
RD WEB: Single RDGW+RDWEB server in DMZ
SSO setup as per M$ and community KBs
Certificates: RDWEB/RDB/RDGW - Public PKI (remote.contoso.com); RDSH - Self-Signed (*.contoso.local)
Form-based authentications has been replaced with Windows Integrated and Clients successfully logon onto the Remote.Contoso.com without credential prompts.
RemoteApp Client gets configured via a GPO without any issues and Feed syncs fine.
Issue:
Upon attempt to launch RemoteApp either via Web or RemoteApp Client client receive a credential prompt from RD Gateway for authentication: *Type your user name and password to connect to Contoso RemoteApps*
Notes:
The Credential Manager shows no saved credentials for the remote.contoso.com, despite the configured RemoteApp Client. If I manually add an entry under Windows Credentials for Remote.Contoso.com withUSER1`s credentials, then there is no prompt and application launches.
Even if the credentials I enter are for USER2, even then the application is launched under the initialUSER1.
I have set up a standard 3 node 2012 R2 RDS for testing. All virtualized on VMware ESXi 5.0. I have a connection Broker, session host, and web access server. I have published several applications and I can access them without a problem. Here is my issue:
When I try to log on to my session host server either locally or thru RDP, I am always logged in with a Temporary profile. It does not mater what user account I use. Even logging on locally as the administrator I get a temporary profile.
All windows updates are installed and current.
I have removed the server from the domain, deleted the account, and rejoined it to the domain.
I have deleted all .bak registry entries from here:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
There is a hotfix here for a similar issue on 2012 but it does not apply to 2012 R2
The only event viewer errors are:
1515 (Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.)
1511 (Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.)
Any suggestions to resolve would be greatly appreciated.
Russ