I have reviewed several of the other posts on this issue.  None seem to provide a fix that works for me.

I am receiving the following error when connecting remotely from one machine to another using RDP.  I have seen this issue on several of my servers lately (RDP stops working) and I am concerned this is becoming a major issue as my end users can no longer manager their servers remotely without me connecting to console for them.  The server having the issue is in Remote Desktop Administration mode.  Let me explain further symptoms and attempted fixes.

For the rest of my description I will call the server having this RDP issue "server".  Sorry to be so vague.

• Connect from Windows 7 to server (2008 R2 no patches, no antivirus) using RDP client and receive "This computer can't connect to the remote computer.  Try connecting again.  If the problem continues, contact the owner of the remote computer or your network administrator."
• Connect from Windows 7 to server using "telnet servername 3389" and connection succeeds
• Connect from server to localhost using RDP client, receive "This computer can't connect to the remote computer.  Try connecting again.  If the problem continues, contact the owner of the remote computer or your network administrator."
• From server do a "netstat -na|find "3389"" and see 3389 listening

• Event ID 50 TermDD The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client.
• Event ID 36871 Schannel A fatal error occurred while creating an SSL server credential. The internal error state is 10013.

Attempted Solution

• Checked on the server for the x509 certificates under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService\Parameters and on a server with working RDP these registry keys don't exist
• Checked that Client Encryption is set on the server for the RDP listener
• Randomly tried registering schannel.dll on the server using "regsvr32 c:\windows\system32\schannel.dll" and receive, "The module 'c:\windows\system32\schannel.dll' was loaded but the entry-point DllRegisterServer was not found.  Make sure that 'c:\windows\system32\schannel.dll' is a valid DLL or OCX file and then try again."

Hi guys,

On a random base (daily, weekly) we're experiencing major log-in problems on our Windows Server 2012 R2 Remote Desktop Services farm. The VM's are hosted on Hyper-V 2008 hosts and we're not using Citrix techniques etc.

Users are reporting that they cannot log-in, the log-in sessions hangs with a blank screen when loading their user profile (e.g. Please Wait For The User Profile Service).

In the System event log of the server on which the user is logging on the following errors are shown:

Source:        Service Control Manager 
Date:          23-12-2014 7:28:01
Event ID:      7011 
Task Category: None 
Level:         Error
Keywords:      Classic
User:          N/A 
Description: 

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UmRdpService service.

…and after 30 (or sometimes 60) seconds, the same error only another service (in random order):

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UmRdpService service.

…and after exactly 30 seconds, the same error only another service:

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UxmSms service.

etcetera, with the following errors:

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndPointBuilder service.

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WPDBusEnum service.

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.

The Portable Device Enumerator Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UmRdpService service.

These errors are logged continuously.

An administrator cannot solve this since he isn't able to login in as well (console or remotely), only a hard reset of the VM is possible to use the affected server again.

I took different steps to solve this problem without any success, like:

- Installing the latest Windows updates
- Removed unnecessary printer drivers, print monitors and print processors (no local printers/drivers are installed, only Remote Desktop Easy Printer driver is used)
- Searched different forum posts, but found only hotfixes for Windows Server 2008 R2.

Can someone please help me with this annoying problem?

Many thanks!!

EDIT:
Of course is increasing the time-out not really an option here... http://social.technet.microsoft.com/wiki/contents/articles/13765.event-id-7011-service-timeout.aspx

First, breakdown of the environment:

• Windows Server 2012 Standard,
• Not domain joined,
• Setup RDS and installed (1) single device RDS CAL per this article: https://support.managed.com/kb/a2328/adding-remote-desktop-cals-to-a-dedicated-server.aspx
• Switched to Device CAL mode per this article:http://www.tbngconsulting.com/blog/bid/404182/Licensing-mode-for-the-Remote-Desktop-Session-Host-is-not-configured

Set this up Tuesday (1-Nov-2016) night and confirmed that I could have three different users log in simultaneously.  Worked fine until about 10:00am this morning when RDP connections started receiving the following error:

the hardware id does not match the one designated on the software license

and no one can RDP into the machine without reaching this error.  I finally am able to RDP with the local administrator account using mstsc /admin.  Remote Desktop Diagnoser returns the error:

"The Remote Desktop Session Host server is in Per Device licensing mode and No Redirector Mode, but license server <MyServerNameisHere> does not have any installed licenses with the following attributes".  I google this error, and manually confirmed that Diagnoser is still pointing at the local machine to manage licenses and that my registry still is set to Per Device licensing (Dword value 2) on the registry key HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM\Licensing Core\LicensingMode.  Regardless, I run these PowerShell lines again per this MS article (https://support.microsoft.com/en-us/kb/2833839?sd=rss&spid=16526&wa=wsignin1.0,wsignin1.0) I found Googling:

I run these and Diagnoser's error clear up.  Try to test with RDP from client machines again and same errors crop up re: Hardware ID not matching. I restart RDS services on the server.  Does not fix.  I backup my registry and delete the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSLicensing key, and sub keys, per this article (http://www.thewindowsclub.com/remote-session-disconnected-no-remote-desktop-client-access-licenses)  but it does not rebuild itself as suggested upon new mstsc /admin RDP Connection.  I found a few more articles discussing this same registry key deletion trick, plus deleting another key under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Store, but this key does not exist on my client machine.

I have been reading and testing for hours, revoked the Device CAL from another registered users on the server, created test accounts, but nothing I have done has fixed this.  Between Tuesday night and today, there have been no server reboots, no updates, nothing in the Event Logs, nor server reconfigurations that were performed that would suggest why this suddenly stopped working.  I am at a complete loss.  What am I missing?

Simple setup, all 2012 R2 Standard.

1. Domain Controller
2. RDS Gateway, Broker, Webaccess
3. Session Host

Clients can log into webaccess with their email address (account in DC). When they run the connection app from webaccess it will prompt a second time for credentials. If you type in the email address again it will often go straight in. If you don't type in the email address and run with DOMAIN\username you will get one more credential request which, once details are entered, will let you in, although sometimes it doesn't. So two prompts with an email address and three with DOMAIN\username.

The event logs on the gateway state that the user is successfully redirected to the session host.

The event logs and netlogon.log, when enabled, on the session host show that when logging in with DOMAIN\username the username is (NULL)\DOMAIN\username the first two times then changes to DOMAIN\username for the third.

Using the email address, not much is in the netlogon.log. The Security log seems to state A logon was attempted using explicit credentials"in relation to the successful login but nothing about the first unsuccessful.

I might be looking at the wrong thing, but I've tried everything else I can think of, including:

• Built a new session host and connection as different session collection. Same issue.
• Add TERMSRV/*.domain.local and TERMSRV/*.domain.co.uk in "allow delegating default credentials" and the NTLM-only version in the local policy on the gateway. (will tighten security on this once works)
• Set "always prompt for password" to disabled on session host.
• Set "NTLMv2 only" in LAN manager authentication level across the domain. And checked that the client computer has this set to "Not defined".
• Turned off "Use my RD Gateway credentials for the remote computer" in the app from remote access. It prompts the second time for direct auth to the session host as expected, and DOMAIN\username works. So has to be something the gateway is doing.

Ideas would be greatly appreciated!!!! I'm certain it's something to do with (NULL)\DOMAIN\username. But could definitely be wrong.

Happy to post logs (ran out of time for now)

hi, i just got a lenovo yoga which has a 3200x1900 resolution screen.  rdp does not render the desktop big enough on a high resolution screen and is unusable.  I was happy to find rdcm 2.2 handles the high resolution fine. but when i upgraded to rdcm 2.7, the remote desktop is much to small to be usable again.

  I have played with resolution setting in rdp/rdcm but the problem is the desktop icons are just too small.  I finally back-rev'd to 2.2

does anyone know how i can report this bug to the developer?  or if you know of a way to make 2.7 it work on high resolution screen....

thanks in advance

to be clear, the problem is that on a 3200x1900 screen, the size of the icons in the rdp session is so small its hard to read them.  if i play around with the rdp resolution, i am only making the desktop bigger or smaller, the icons are not scaling to that.  This is different in rdcm 2.2.  in 2.2, the icons are scaled up on a large desktop, making them usable.

Tony Guadagno

Dear All,

Anyone has any idea on how to resolve this?

It is already a member of Remote Desktop Users

My company have a server farm setup like this:
All five servers are VM´s on Hyper-v hosts.

• 2 RDS Gateway servers - windows server 2012 R2
• 3 Terminal Service servers - windows server 2003 R2

Each group of servers have a NLB cluster configured
We have discovered that almost every 30 minutes the one terminal service server with the most user sessions drops the connections so all servers have almost the same amount and then connection amount to the server that drops it starts to rise again.

Hi

I have deployed RDS integrally on Windows Server 2012. This is my deploymnet:

RDweb01 - RD Web access and gateway - Let's say "rdweb.contoso.com"

RDCBroker01 - Connection Broker in HA mode using a certificate signed by a public trust CA. We have just one Broker. The HA mode is only to be able to use the certificate. Let's say "rdfarm.contoso.com"

RDSHost01 and RDSHost02 - RD Session host.

I have several RemoteApp publishd through RDWeb. It's just IE pointing to different web sites.

When the users are using IE evrything works fine. No warnings and SSO works. The users log on to rdweb.contoso.com and then they are able to launch any RemoteApp without being asked for credentials, i.e. SSO works fine.

The problem is when using Firefox or Chrome. Then the users are asked for credentials when launching any RemoteApp. It seems the request comes from the broker. Since I can see the address rdfarm.contoso.com in the credential window.

The question is if SSO is supposed to work on non-IE browsers and if so HOW?

Thanks in advanced.

Hello,

I have a small, newly set up network consisting of three Windows 10 Build 1607 desktops, all up to date, a 2016 Essentials server and a Windows 10 Build 1607 laptop and desktop on the other end of a OpenVPN tunnel. The remote laptop and desktop are successfully joined to the domain and mapping drives no problem. I've been pushing GPOs out to all the machines and everything seems to work, up to the point where I enabled remote desktop and began to test with it. The OpenVPN tunnel should not be an issue, as the remote desktop session to the Server 2016 Essentials machine from the remote machine is rock solid stable, even when the network is under heavy use. My problem lies with making and maintaining remote desktop sessions to each of the three Windows 10 machines in the office from the remote Windows 10 machines. All three office machines exhibit the same issue.

Here is a scenario:

You are already pinging the remote machine you want to control with RDP, and you are getting responses back as expected. You can make a connection just fine, but whether using the session or leaving it idle, you can watch the pings going to the machine randomly drop as if the NIC on the remote machine has been reset. The RDP session is interrupted, then a few seconds later reconnected. It has done this thousands of times during my troubleshooting session on all three office machines. You can see that the session is not being starved for bandwidth. The first event in the RDPCoreTS logs that happens right at the time of the connection drop is almost always a slew "TCP socket WRITE operation failed, error 64." and "TCP socket READ operation failed, error 64" followed by "The server has terminated main RDP connection with the client." Then another error-level event comes up: "'Failed CreateVirtualChannel call on this Connections Stack' in CUMRDPConnection::CreateVirtualChannel at 2349 err=[0x80004005]" followed by number disconnect events, and then: "Disconnect trace:CUMRDPConnection Disconnect trace:'calling spGfxPlugin->PreDisconnect()' in CUMRDPConnection::PreDisconnect at 4477 err=[0x0], Error code:0x0." The last event you see in this grouping is: "The disconnect reason is 14." Upon automatically reconnecting, you see: "The network characteristics detection function has been disabled because of Reason Code: 2(Server Configuration).." Then the connection is restored, only to drop in anything from a few seconds up to a few minutes later.

So, in recap (TL:DR):

RDP from the remote machines to the 2016 Essentials Server through the VPN tunnel:Rock Solid Stable
RDP from the remote machines to the office machines through the VPN tunnel: Constant drops and numerous logged events.
RDP from 2016 Essentials Server to office machines on LAN only: Rock Solid Stable
RDP from the office machines to the remote machines through the VPN tunnel: Constant drops and numerous logged events.
ALL network traffic ceases to and from the host machine when the drop happens, including ICMP traffic (pings).
ALL of the Windows 10 machines can ping each other without issue and without any drops when not using RDP.

What this tells me is that the issue lies in some configuration issue either with a GPO setting or something inbuilt wrong with all of the Windows 10 1607 machines I have.

I have tried a variety of fixes, and have probably put 20 hours into researching a solution to this problem so I am prepared for this to be difficult to fix. My google powers have failed me.

Okay here goes what I have tried:

Disabling firewall on both ends of the connection: no change.
Removing DHCP reservations: no change.
Adding every scope I could think of to the routing/firewall rules: no change.
Trying to move RSA crypto keys as suggested in another post: no change.
Changing the physical NIC in the office machines to a add-in PCI-e one: no change.
Re-installing all suspect machines: no change.

GPO settings I have tried both ON and OFF:
-Allow users to connect remotely by using Remote Desktop Services: Enabled
-Configure compression for RemoteFX data: Optimized to use less network bandwidth (tried balanced too)
-Require use of specific security layer for remote (RDP) connections: Enabled, SSL
-Require user authentication for remote connections by using Network Level Authentication: Enabled
-Set time limit for disconnected sessions: Enabled, Never
-Set time limit for active but idle Remote Desktop Services sessions: Enabled, Never
-Set time limit for active Remote Desktop Services sessions: Enabled, Never
-Windows Firewall: Allow inbound file and printer sharing exception: Enabled
-Windows Firewall: Allow ICMP exceptions: Enabled, Allow inbound echo request
-Windows Firewall: Allow inbound Remote Desktop exceptions: Enabled, 10.0.20.0/24,10.0.25.0/24

I have also generated a Wireshark packet capture from both ends of the connection during the RDP drop, but I don't want to share them publicly. I will share them with you privately if asked, though. I am not a professional packet inspector, so I couldn't gleam much from it. I can also provide a dump of the event log on the main PC I have been troubleshooting, if needed.

Any insight or suggestions you can give me would be very much appreciated. This issue is has really been trying my patience.

Thank you! 

Hello Everyone,

We have a terminal services server running Windows 2008 R2 Standard Service Pack 1 and recently we have been noticing that the server is rebooting itself on its own at 4am each morning.  After going into the Event logs to determine what is happening, it shows that there is a hotfix that has been installed.  We have auto updates configured to download, and not install at 3am.  Also we cannot seem to identify the hotfix that is being applied that is failing and rebooting the operating system.  When executing PowerShell, it does not seem to be logging it there, nothing in the event logs, nothing in update history.  I set in gpedit.msc to not automatically reboot the server after updates install, however I am not certain if this change will have any impact.  Any suggestions? 

Thanks,

Nick

Hi All,

I'm hoping for some assistance as I'm completely out of ideas. All users sessions are randomly being disconnected when connect to Windows 2012 RDS. Users have not reached any limits put on the Server. The only information I have is in the Even log under TerminalServices-LocalSessionManager. What I see is Session 5 has been disconnected, reason code 0. Server is fully licensed, not sure why it keeps disconnecting users randomly. Any help would be appreciated.

Hi,

I've a customer which today has Citrix farm to deploy applications/desktop and Netscaler to handle VPN connections. They are really satisfied with the solution but of course this have a price.

Now I'm looking into replacing this with a RDS solution...but I cant figure it out how to do it as good as Citrix do. Regardless how I turn this they will not have a seamless solution as they have today. ....and they are only 35 users.

Does anyone have any advice to do this as good as possible?

OT: Is it possible/any good idea to run/stream App-V on one server?

Hi!

i need obtain the client IP  address at logon with terminal services in logonscript or gpo. I don't have dns , ping is not a solution for me. 

I know the variable clientname but i need the ip address. How can i get it?

Many thanks.

Hi,

We are currently using RDS without the use of of Gateway or connection broker. It's a small environment so I don't have any issues with the way users connect.  I would like to introduce another group of RD servers so we can direct a certain group of user to them. I am a bit concerned that my current group of RD servers will be negatively impacted by the introduction of the RD Gateway services. Our end goal is to have the new group of servers available to users from the internet. 

Any suggestions will be greatly appreciated.

Thank you. 

Hello, I tried to research this, but Microsoft (or anyone else) doesn't seem to have to much info on this. https://technet.microsoft.com/en-us/windows-server-docs/compute/remote-desktop-services/upgrade-to-rds-2016 only states that Connection Brokers must be upgraded first; it doesn't state if they should be new servers, upgrades, etc.

I have an HA RDCB Farm (2 Servers) both running Windows Server 2012 R2.  What is the correct way to start getting to server 2016.  Typically, I try to rebuild new servers and migrate, but not sure if that is the case or recommended with RDCB?  Is the recommended method to just upgrade the servers in place?  Is there a supported method to do this with new servers?

Anyone have any insight? Thanks!

  I'm labing a remote desktop deployment following the process here <https://msfreaks.wordpress.com/2013/12/09/windows-2012-r2-remote-desktop-services-part-1/> pretty much verbatim. The only real diference is that instead of using the certificate created in the RD Gateway deployment wizard, I'm using a self signed certificate created in the Deployment Properties wizard's certificates tab.

  We can access the rdweb webpage from both the local and external network, but when I log in using domain credentials and select the published desktop, I get the following error:

  This computer can't connect to the remote computer because the Terminal Services Gateway Server is temporarily unavailable. Try reconnecting later or conatact your network administrator for assistance.

  Ports 443 and 3391 are forwarded to the Remote Desktop Gateway's IP address and are allowed through our firewall on incoming connections. I have attempted this connection with the windows firewall disabled on the RDS Gateway.

  Any suggestions are appreciated at this point. We've been at this for a while now.

I have set up a standard 3 node 2012 R2 RDS for testing. All virtualized on VMware ESXi 5.0. I have a connection Broker, session host, and web access server. I have published several applications and I can access them without a problem. Here is my issue:

When I try to log on to my session host server either locally or thru RDP, I am always logged in with a Temporary profile. It does not mater what user account I use. Even logging on locally as the administrator I get a temporary profile.

All windows updates are installed and current.

I have removed the server from the domain, deleted the account, and rejoined it to the domain.

I have deleted all .bak registry entries from here:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

There is a hotfix here for a similar issue on 2012 but it does not apply to 2012 R2

The only event viewer errors are:

1515 (Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.)

1511 (Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.)

Any suggestions to resolve would be greatly appreciated.

Russ

Hi!

I deployed Windows Server 2016 at hyper-v. I have installed AD, DHCP, DNS, IS, Remote Access (using for nat), WDS and WSUS (it's just test enviroment, don't worry ;) )

After that, I changed RPD port from 3389 to 3390 at registry and everything is work good for 3 minutes.

After this 3 minutes I get this information and I cannot connect to my server. 

I'm checked logs from this moment and I see only that error:

Do you have any idea what I can fix it? :(

• 
  HI,

  
  I want to  automate the following steps  after obtaining the license key pack id from the Remote Desktop Services Licensing Web site.

  
  •1) "In the Install Licenses Wizard, on the Obtain Client License Key Packpage, enter the license key pack ID in the boxes provided, and then click Next. The RDS CALs are installed on your license server.

  
  •2) On the Completing the Install Licenses Wizardpage, click Finish. The license server can now issue RDS CALs to clients that connectto a Remote Desktop Session Host (RD Session Host) server."

  
  Is "unit32 InstallLicenseKeyPack( [in] string sLlicensKeyPackId, [out]uint32 KeyPackId) the right API to use ?

  What is the use of the KeyPackIdreturned by the API ?
  How to call this using powershell ?

  
  Thanks for the help
  somaraj

Hi

I am trying to automate activating server on a Windows 2008 R2 system  which is not connected to internet . The script used is  Set-ItemRDS:\LicenseServer\ActivationStatus-Value1-ConnectionMethodPW-LSID$ServerLicenseID

When exectuted on Windows 2008 R2 throw the following error . I am connecting to the server remotely using mstsc and executing the script .

Error thrown

Set-Item : Access to the object at RDS:\LicenseServer\ActivationStatus is denied for the cmdlet Set-Item+ CategoryInfo          : PermissionDenied: (:) [Set-Item], AccessViolationException
+ FullyQualifiedErrorId : PermissionDenied,Microsoft.PowerShell.Commands.SetItemCommand

Please suggest how to fix this .

Regards

Somaraj