Quantcast
Channel: Forum Remote Desktop Services (Terminal Services)
Viewing all 27650 articles
Browse latest View live

2012r2 RDS Server: "Something" makes the RDS Server slow

November 18, 2015, 8:27 am
$
0
0

Hello Forum!!

I have an ESXi 5.5 running on a DELL R720 with 2 6-core Prozessors an 96 GB RAM.

On this Server are 4 Windows 2012R2 Server. 2 Domain Controler, 1 Exchange 2013 and 1 RDS Server. All servers have the last updates.

The RDS Server has 6 cores an 48GB of RAM for about 55 Users running Office 2013 and Management Software based on SQL Server.

The clients are connected via LAN and WAN. The Clientdevices are Thinclients, WIN7 and WIN8 PCs.

The whole system is running performantly, the RDS Server is running at 50 - 70 Percent of Prozessorutilization and using about 20-25 GB Ram (as TASKMANAGER is displaying). Excel and Winword ie. are loading in about 3-5 seconds.

First I recognized, that he RDS Server starts slowing down, when some users (no special users) disconnect their sessions. When about 8-10 sessions are disconnected, loading Excel or Word takes about 30sec. to 1 minute. Opening TASKManager takes about the same time.

When I was logging off 4-6 disconnected users, no matter which users, the server is comming back to the normal performance. The same occours when some people are coming back from the break at about 10:00, the server also goes back to normal performance.

I did not see any changes in Prozessor-Utilization and only a small amount of memory is becoming free.

i.e: 55 Users connected, 7 disconnected, 65% Utilization, 26GB used ---> slow

loging off 5 Users: 62% Utilization, 24GB used ----> performing system

In another thread, a suggestion was setting the autologoff time down to 1 minute. First I set it from 6 to 3 hours, for 2 days no problem occours, then I set it to 30 min, 1 week no problems, now its 1 minute. No problems for about one week, too.

Today the problem occours again.

Ie. unable to start Process Monitor, with about some patience the Gui of Processmonitor appeared after about 15 min. Unable to unload Office Scan. After a long time the gui for entering the unload password appeared, but I was unable to key in the password.

After Processmonitor-Gui was visible I did some testing:

Doble Click Excel, no process visible in Process Monitor. About 30-45 sec later, excel.exe is visible and availiable in about 3-5 sec. From becoming visible as a process and excel is availible for use in 3-5 sec is normal performance.

Disk IO from the view of the resource manager is about 3-6 MB per sec. In the vSphere Client I found the same counts.

Nothing special occours, when the server is slow.

IE. today I resolved the problem, with killing some console tasks (pcntmon.exe) from the Office Scan AV Scanner.

I was installaing check_mk in an instance on the esx. I did not found any relavant information or reason, what makes the server slow.

Today I heard from a friend, that in their company, they had a similar problem with some windows 7 machines. Their solution was in kb3083710. But this patch is only for windows 7 an 2008r2.

Does anybody know someting, that a similar patch is availiable for windows 2012r2 ??

Thanks a lot for any ideas and help.

Regards from Austria

Reinhold

Search

User Profile Disks on RDS 2012

November 18, 2015, 8:52 am
$
0
0

Hi,

I would like to use this feature but have a question about what type of storage can be used for this feature.

Our storage guys initially gave me a a 1TB share on our TrueNAS system but I when specifying this share in my collection I got an error:  'Unable to enable user disk son UserVHDShare. Could not create the template VHD. Error message: The RPC server is unavailable'

Doing some digging it says that the COMPUTER$ account needs full access rights.

Since this is a share on TrueNAS (ZFS file system that support SMB 4.0) I cannot specify AD accounts or Groups, only local UNIX users.

We then presented an iSCSI disk and I formatted that as NTFS and Windows sees it as a local disk.
That worked.

My questions is:
What re the requirements for UPD when using shares? Does it have to be a volume that can be NTFS formatted?

User profile disk store on a DFS ?

November 28, 2013, 10:22 am
$
0
0

Hi All,

i'm going to do some tests for the future infrastructure for SaaS.

Actually i'm going to tests the usage of the User Profile Disks. I'm facing to a strange behaviour with the storage of UPD on DFS. The idea to do that is to offer high availability of the profiles.

When i try to setup the path for the UPD in a Collection, i get an error "The network location is unavailable". But when I test the DFS all is right...

I would know if it's possible to use DFS as storage for UPD. And if yes how to setup that.

Thank you.

Terminal CALS License upgarde issue !!!!!

November 19, 2015, 12:40 am
$
0
0

Hi Tech team,

  I have used a Terminal CALS License more than 50 users in windows 2003 std Edition. I upgrded the w2k3 to win 2012  terminal CALs license, it's worked normaly more than 120 days . But i try to connect the RDP logins ,Its shows error like "  The remote session was disconnected because there are no Remote Desktop Licence Servers available to provide a license. " Please advice on this issue


Thanks ,

VARUN

how to choose which cipher suit in order to exclude RC4 vulnerability?

November 19, 2015, 12:48 am
$
0
0

i use NLA most secure in remote desktop

i do not know which cipher suit currently my computer using. 

how to choose which cipher suit in order to exclude RC4 vulnerability?

https://social.technet.microsoft.com/Forums/en-US/3f6f7cb7-b7f4-4f5e-90c3-a52f819e6ad0/remote-desktop-mssql-and-tls-10-and-rc4-ciphers?forum=winserverTS
https://social.technet.microsoft.com/Forums/windowsserver/en-US/5e17d836-39f7-4246-a382-b073d1130079/ssl-cipher-suite-order-best-practice?forum=winserversecurity


If the IIS server apply following policy settings, it will take effect from the server side.
Group Policy > Computer Configuration > Administrative Templates > Network > SSL Configuration Settings > SSL Cipher Suite Order.
From the blog provided before, we could know we'll see that vy default IE presents the algorithms in decreasing order of strength, 
but places the shorter bit-lengths first. So the default order is security. If we don't want to use some lack securiy SSL Cipher, we could remove it from above policy settings.


Determines the cipher suites used by the Secure Socket Layer (SSL).

If this setting is enabled, SSL cipher suites will be prioritized in the order specified.

If this setting is disabled or not configured, the factory default cipher suite order will be used.

SSL2, SSL3, TLS 1.0 and TLS 1.1 cipher suites:

TLS_RSA_WITH_AES_128_CBC_SHA                 
TLS_RSA_WITH_AES_256_CBC_SHA                 
TLS_RSA_WITH_RC4_128_SHA                     
TLS_RSA_WITH_3DES_EDE_CBC_SHA                
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256      
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384      
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521      
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256      
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384       
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256    
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384    
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521    
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256    
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384    
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521    
TLS_DHE_DSS_WITH_AES_128_CBC_SHA             
TLS_DHE_DSS_WITH_AES_256_CBC_SHA              
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_RC4_128_MD5                                       
SSL_CK_RC4_128_WITH_MD5                      
SSL_CK_DES_192_EDE3_CBC_WITH_MD5             
TLS_RSA_WITH_NULL_SHA
TLS_RSA_WITH_NULL_MD5                        

TLS 1.2 SHA256 and SHA384 cipher suites:

TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_NULL_SHA256

TLS 1.2 ECC GCM cipher suites:

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521


How to modify this setting:

1. Open a blank notepad document.

2. Copy and paste the list of available suites into it.

3. Arrange the suites in the correct order; remove any suites you don't want to use.

4. Place a comma at the end of every suite name except the last. Make sure there are NO embedded spaces.

5. Remove all the line breaks so that the cipher suite names are on a single, long line.

6. Copy the cipher-suite line to the clipboard, then paste it into the edit box. The maximum length is 1023 characters.

心地好好想你有, 留住處男笑笑口

Remote Desktop Services over WAN

November 19, 2015, 1:03 am
$
0
0

Hi,

My company provides network facilities for a french legal profession.

The WAN covers around 5000 sites. On each site there are several users.

Depending of the site size, the bandwith goes from 2Mbps to 4Mbps. The latency is 50ms, 80% of the time. 20% of the time, the latency is up to 50ms (mainly due to parameters we cannot control).

We offer a cloud infrastructure for the softwares editors but some of them have decided to deploy solutions based on Remote Desktop Services. Basically, they deploy their solution on our cloud infrastructure and ask users to connect it using Terminal Server. I guess the advantage is they only have to deploy once their solution but the problem for us is that the user experience is directly dependant on the WAN latency.

My question is quite simple: In this situation (WAN network with latency spikes), is it a good practice to deploy a Remote Desktop Services based architecture ?

Thanks in advance for your answers.

Local MS Server 2012 connect to a domain licensing server

November 17, 2015, 6:37 pm
$
0
0

I have a terminal server running on windows 2012 locally (Non domain)

My license server is running on windows 2012 joined domain. Forest mode

I try to establish a connection between the 2 of them and it fails.

***

To identify possible licensing issues, administrator credentials for license server myServer.com are required

***

When i provide a domain credentials , it works and after reboot it fail. (Non domain server)

I even try to use a local administrator account (Non domain)  to connect to the license server (Joined domain) and it fail too.

**Created both local admin account on both server

I have no problem when using windows 2008.

Anyone experience this before?

Thank You

Rgds

Wang

Activating the Printer Session in Windows Server 2008r2 - Regarding

November 19, 2015, 2:31 am
$
0
0

We have been using windows server 2003. But now we have updated the new server with Windows Server 2008r2.

In Windows Server 2003 the printer session was very much useful, in a single printer we are using the multiple remote user. But in Windows Server 2008r2, we are unable to create printer session for multiple printer users. 

I would be grateful to you if you would guide us in creating printer session like windows server 2003....

thanks

Regards

John Pannaivilai

Search

RDS 2012R2 - The following servers are not part of this pool....

November 12, 2015, 1:58 am
$
0
0

Is it just me....

why do all the RDS servers regularly disappear from RDSM?  It's simple to resolve by adding them back into Server Manager > Manage > Add Servers.

Corrupted roaming RDS Profiles maybe?

Lea

 

Publishing Browser

November 19, 2015, 3:14 am
$
0
0

Hi!

We need to publish a web application through a web browser. We have a hyper-v server with a GPU installed. The server where the application is installed is a VM on the hyper-v server. We just need to publish the browser instead of the full desktop like VDI.

In brief what are the options and how can we do it with minimum cost?

Thanks.

Remote Desktop Services has taken too long to load the user configuration from server Event ID 20499

October 18, 2013, 10:41 pm
$
0
0

I keep getting Event ID 20499 "Remote Desktop Services has taken too long to load the user configuration from server \\SERVERNAME for user USERNAME" in our event logs for multiple servers that are running 2012 R2

I noticed that when this happens the user often is missing items that get applied via group policies such as desktop wallpapers and mapped drives.  

I am also using the Microsoft Remote Desktop for Mac that was release yesterday on another Mac computer and for certain users it won't launch the redirected folder that I specified when I get this Event ID 20499

Because of a protocol error detected at the client (code 0x1104)

November 16, 2015, 11:39 am
$
0
0

I just received a rebuilt DELL M6800 Laptop from our Service desk with Windows 8.1 Pro installed, this is to replace my old Windows 7 laptop. As a System Administrator for database systems on over 100+ servers, being able to RDP is a critical function of my job. After receiving the laptop and doing a few preliminary checks (i.e. updates, etc.) I attempted to execute an RDP connection and received the following pop-up:

Because of a protocol error detected at the client (code 0x1104), this session will be disconnected.
Please try connecting to the remote computer again.

I am unable to locate any events in the standard logs and I find the following in a Microsoft sub-log:

Source TerminalServices-ClientActiveXCore
Channel Microsoft-Windows-TerminalServices-RDPClient/Operational

RDP ClientActiveX has been disconnected (Reason= 4356)

I have been unable to locate any information concerning these specific codes and have attempted every fix I could find for not being able to connect.

Any help would be greatly appreciated. I am about to pull the pistol and run diskkill and re-install the OS, have a feeling there is a ghost in the machine from a previous owner.

Greg

 

Gman

[2012R2 WorkGroup] RDSH : use the same licensing server

November 19, 2015, 7:08 am
$
0
0

Hi,

I configured a Server 2012R2 with Remote Desktop Session Host and Remote Desktop Licensing in a WorkGroup.

Everything is working fine.

I'd like to install a second Remote Desktop Session Host.

Do you know if I can use the first server as a Licensing server ? What configuration should I do?

Regards,


User Profile Disk not releasing on Logoff

March 28, 2014, 6:49 am
$
0
0

We're having an issue with UPD's not dismounting when a user is logging off of one of our two Server 2012 R2 based RDS boxes.

The UPDs are stored on a Server 2008 SBS box and the only error we can see is the one below:

The Error generated is:

LevelDate and TimeSourceEvent IDTask Category
Error27/03/2014 21:55:57Microsoft-Windows-TerminalServices-RemoteConnectionManager
20491None Remote Desktop Services could not disconnect a user disk for the user account with a SID of S-1-5-21-3629416733-2688236061-3029337882-1142. The error code is 0xAA.93

Any help on this one would be highly appreciated


Rdweb apps filtering not showing for trusted forest

November 19, 2015, 8:39 am
$
0
0

Hello,

I have two forest with two way non transitive trust relationship with selective authentication. Rds server is on domain A and users from this domain have not problems.
Users from domain B can logon on Rds serveur or rdweb. But with rdweb they don't show any icons.

If I disable apps filtering, Users from domain B can see all icons, but this is not a good solution.

If I disable selective authentication on domain B (incoming trust), Users from domain B can see icons.

I have test to add rdp computer account in domain B Windows Authorization Access Group without success.

Thanks

Arnaud.

Search

External Remote Desktop Session won't connect Server 2012 R2 (0x8007007A)

November 10, 2015, 2:01 am
$
0
0

Hi forum members, I have a weird issue going on with a high availability Server 2012 R2 setup. 

The users of this company are connecting trough Remote Desktop Connection in- and outside the organization. All the inbound connection inside the organization goes perfect, the servers are load-balancing the sessions and uses the two session hosts to connect. The users are connecting with the rds using round robin with hostname remote.customer.com

3389 is open and forwarded to Server 1. The users are able to connected when the connection broker starts a session on Server 1, but when the connection broker starts a session on server 2 we are receiving this error message.
So it's not possible to start a remote desktop connection from external location when the broker is trying to connect with server 2. 

If I check the eventviewer on server 2 it shows me the following error: "Failed to create KVP sessions string. Error Code 0x8007007A"

Current setup: 

Server 1 Roles:
- RDS Connection Broker
- RDS License Manager/Server (Per device cal)
- RDS Gateway
- Session Host

Server 2 Roles:
- Session Host

Server 3 Roles:
- SQL Connection Broker

The customer uses a per device cal. All the calls are stored on Server 1. I've also forced the License server on Server 2 with a group policy.

Could someone please advise what settings to check and change? Many thanks in advance.

From our remote office, a local Network printer shows as being offline when connected to RDP session.

November 19, 2015, 11:41 am
$
0
0

This has been working for several years, and recently stopped.  We are able to print to it locally from the PCs at the remote office.

From the RDP session, and on the RDP server it shows as being offline.

Running Windows Server 2008.

User Profile Disks on RDS 2012

November 18, 2015, 8:52 am
$
0
0

Hi,

I would like to use this feature but have a question about what type of storage can be used for this feature.

Our storage guys initially gave me a a 1TB share on our TrueNAS system but I when specifying this share in my collection I got an error:  'Unable to enable user disk son UserVHDShare. Could not create the template VHD. Error message: The RPC server is unavailable'

Doing some digging it says that the COMPUTER$ account needs full access rights.

Since this is a share on TrueNAS (ZFS file system that support SMB 4.0) I cannot specify AD accounts or Groups, only local UNIX users.

We then presented an iSCSI disk and I formatted that as NTFS and Windows sees it as a local disk.
That worked.

My questions is:
What re the requirements for UPD when using shares? Does it have to be a volume that can be NTFS formatted?

Font size increasing for RemoteApp (Windows Server 2008 R2)

November 20, 2015, 12:23 am
$
0
0
Hello! Help me please - I have a terminal server (Win 2008 R2 based), 5 users. There are also some RemoteApp applications they are using. But one of users asks to increase font size in this RemoteApp. I increased size to 125% in session but if we try to open RemoteApp (using same credentials, of course) - font size is still 100% (standard size). In spite of this - RDP session for this user shows 125% fonts. And if I will run this application inside RDP-session - all is OK, font is 125%. So problem is only with RemoteApp - it ignores font size changing - don't understand why... What will you suggest to me?

How to enable Remote Assistant in Terminal Session for Guest-type account?

November 18, 2015, 9:47 am
$
0
0

Hello!

When i include AD user in Local "Guest" (because he must not have any rights except Remote Assist) group on server Remote Assistant says me:

[Window Title]
Windows Remote Assistance

[Main Instruction]
There was a problem starting Remote Assistance

[Content]
Remote Assistance is unavailable for the current user account. If you are using a Windows Guest account try logging in with another account. If you are not using a Guest account, try restarting your machine.

[OK]

Is it possible to give some rights for Guest-type account to use MSRA.exe? How?


Maybe there is some special groups for Remote Assistant Users that have rights for only Remote Assistant?
Viewing all 27650 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>