Quantcast
Channel: Forum Remote Desktop Services (Terminal Services)
Viewing all 27650 articles
Browse latest View live

RDS - the connection has been terminated because an unexpected server authentication certificate was received from the remote computer

December 13, 2016, 1:08 am
$
0
0

Hi,

we have an intermittent issue whenever some users connect to our RDS environment. our RDS is setup is we have 2 RDS servers (2012R2) with round robin DNS configured. Users will need to connect via rdp to hostname.domain.com (DNS) but for some users, they wil get the error "The connection has been terminated because an unexpected server authentication certificate was received fro the remote computer".

Now, i didn't get this error before until i installed the win 10 build 1607. 

i found this technet forum were a workaround is able to fix this. You need to replace the current mstsc.exe and mstscax.dll from a system still running win 10 build 151.

https://social.technet.microsoft.com/Forums/Windows/en-US/5871a96e-b80e-4c67-9b0c-1ff8f64565b4/windows-10-1607-update-not-working-with-remote-desktop-gateway-server?forum=win10itprogeneral

is there a permanent fix already for this issue? thank you very much.

cris-up

Search

RD Gateway & Session Host Server Certificate Question

July 7, 2010, 12:27 pm
$
0
0

Hi all - I'm setting up a secure RD Gateway and Session Host for testing and development.  The RD Gateway, Domain Controller, and RD Session Host servers are all up and running.  Now, I successfully exported the SSL certificate from the GATEWAY and imported it into the client.  Now, I'm receiving messages that the RD Session Host server is not trusted. " The identity of the remote computer cannot be verified.  Do you want to connect anyway".

It is my understanding that all traffic is through the gateway - even though it looks like you have to specify the actual RD server you are connecting to in the Remote Desktop Client connection.

Do I have to have a certificate for the RD Server in addition to the gateway?

Thanks!

SSL questions for my RDS Gateway

November 2, 2012, 10:19 am
$
0
0

Hello all,

  I'm working on a project now which has five RDS servers, four of which are Session Hosts, and one functions as both RDS Gateway and RD Connection Broker.  I've got my Four session hosts setup as a RDS Farm using DNS Round-Robining combined with Connection Broker and internally I can access the RDS Farm with only a few issues, namely an error that



 If I click Yes, to Connect Despite these certificate errors, I then get the same message again for another RDS Farm host.

Here is what I think is happening.  When I connect to rds.company.org, DNS has four entries listed, one for each host, so my connection goes to one of them, which prompts this message the first time.  This then uses connection broker to route to the most available host, prompting the message to display a second time.

  My company ordered the SSL certificates for me, so now we have five of them:

Name
----
certificate.crt
Intermediary_Certificate_1.crt
Intermediary_Certificate_2.crt
Privatekey.key
Root_Certificate.crt

  My questions are this :

  1. What do I do with these certificates to get rid of the messages we're seeing?
  2. How do I then allow remote users to connect to this RDS farm without also getting these errors?  We have public DNS entries now pointing to the RDS farm, but externally, I can't seem to connect to my farms address if I put the name "remote.company.org" in my Remote Desktop Connection Client.  

  Thanks guys for any help you can give.  I feel like RDS is one of those lingering undocumented technologies.  I've checked all the usual sources before coming here.

two License Gateway Server Error Issue

December 13, 2016, 12:02 am
$
0
0

Hi, I've found a problem about "License Gateway Server Error". If anyone have experience about this, please suggest to me. My Problem details is as follow.

In our network, I used windows server 2012 as active directory server. We have another server (Lets' say Server2)that needs to remote login. So, technician set up our AD Server as "License Gateway Server" and our users can remotely access to Server2. After three months later, our users can't access to Server2 and IT administrators can't access to AD Servers. When it's try a remote session, it show like this

"The remote session was disconnected because there are no Remote Desktop License Server available to provide a license.Please contact to the Server Administrator."

In this situation, technician make "License Gateway Server " at Server2. Our Users can access Server2 Remotely. But for AD Server, nobody can access with remote Desktop.

So, I would like to know, " If I removed License Gateway Service on AD Server, is there any impacts to network". Or how should I do to make normal remote desktop service to my Active Directory Server. Is there any technical man, please suggest to me. Thanks you.

RDS Website on Server 2016

December 11, 2016, 9:52 pm
$
0
0

Hi,

has anybody else experienced the issue with RDS Website causing IIS to throw an error 500 after installation?

Solution for me was to reconfigure the IIS AppPool to run under "NetworkService" and give "Network Service" full permissions on "C:\Windows\temp"

Is this a known issue?

Cheers
David

My blog on all about automation: www.david-obrien.net | me on Twitter: @david_obrien Please remember to mark the post(s) that helped you resolve the issue (even if it was your own)

How to hide external HDD drives connected on win 2008 r2 server through USB on the rdp session of Limited user ?

December 13, 2016, 5:17 am
$
0
0

I want to hide external hard disk drives connected on win 2008 r2 server through USB on the rdp session of Limited user (non-administrator). When a administrator logs on to the server through he should see all the drives (Removable Hdds and Pendrives) and could access them. When a limited user logs through he should see the internal drives of the server (as he has rights). Please note that a external Hdd gets different drive letters when connected at different conditions.

I am not a expert person so please be lenient and tolerant while answering.

The remote desktop gateway server is temporarily unavailable / The remote desktop gateway server address requested and the certificate subject name do not match.

December 13, 2016, 6:00 am
$
0
0

I have the following scenario:

Firewall 

WebAccess (Internet/intranet) - WA.internal.net

Internal 

Gateway - GW.internal.net

Connection Broker - CB.internal.net

Session Host - SH.internal.net

All the internal.net 2012 servers are on the AD Domain internal.net and have a *.internal.net certificate installed.

We would like all the users to go to WebAccess (WA) to logon to access resources on the SH.

We have configured Split-Brain DNS so outside users and inside users can access the URL held on the WA which is www.external.com

We purchased a certificate for www.external.com

I have applied this certificate to the server WA and GW. Via the: Deployment Properties - Certificates.

On logon I get two errors:

Internal logon: Your computer can't connect to the remote computer because the remote desktop gateway server address requested and the certificate subject name do not match.

Web logon:

A website is trying to run a RemoteApp Program... Publisher *.internal.net

Remote computer: CB.internal.net

Gateway Server: GW.internal.net

Click connect:

Your computer can't connect to the remote computer because the remote desktop gateway server is temporarily unavailable. Try reconnecting later or contact your network administrator for assistance.

I guess this is a problem with the www.external.com certificate?

Having read a little more it should be a wild card?

How could a *.external.com work on a domain internal.net?

What do I need to do to get this to work using single Sign on?

Certificate in RDS Gateway and the Session Host Servers

December 13, 2016, 1:26 am
$
0
0

Hello,

I have just finished installing a RDS Gateway in a DMZ and a Session Host in a LAN (both with 2008 R2)

I am reading some documentation but I am not sure whether I must install the same certificate in both machines.

I installed a certificate (from my internal CA) for the gateway, and then exported it into the Session host machine. 

Could that be correct? . Thanks in advance.

Luis Olías.

Search

why is java not reading the correct deployment.config file??

December 13, 2016, 6:21 am
$
0
0
We have a 5-server RDS farm on Win2k12 R2.
All the servers have Java installed on them.
Group Policy redirects AppData (as much as it can) to the user's folder on our file server.

I read all the numerous instructions about how to put deployment.config into C:\Windows\Sun\Java\Deployment on each RDS 
server and deployment.properties and exception.sites into an accessible network share, referred to in deployment.config and exception.sites, respectively.

deployment.config says:

deployment.system.config=file\://server/software/java_files/deployment.properties
deployment.system.config.mandatory=true

deployment.properties says:

deployment.webjava.enabled=true
deployment.security.level=HIGH
deployment.security.level.locked
deployment.expiration.check.enabled=false
deployment.user.security.exception.sites=file\://server/software/java_files/exception.sites

exception.sites contains just one website URL

What is happening and I don't understand why, is the users start Java and they get a deployment.properties file created in the 
RDS server's local user profile in C:\Users\username\AppData\LocalLow\Sun\Java\Deployment...which does not even have the desired deployment properties nor the exception.sites involved.

HOW do I get Java to work as it's supposed to?? -- read the deployment.config and use the referenced deployment.properties file??

I could live with Java using the local user profile directory if it can't be properly put into the appropriate redirected AppData folder location.

Incidentally I've seen this same problem with a XenApp 6.5 server farm, I know I'm not imagining things. :)

Thank you, Tom


RD Web Access on Network Perimeter

December 12, 2016, 12:57 pm
$
0
0

RDS 2012 R2 with 1 GW (and web access), 1 CB and 3 SH's. Right now, all those RD servers are inside the LAN. I would like to take the web access and move it to the perimeter of the network (like a DMZ). Is this possible and if so, what is the process of moving an existing web access server to the perimeter network? The RD gateway server is a hyper-v VM.

So we have a single firewall network with 1 port to DMZ, 1 port to "trusted" and 1 port to the internet. The DMZ does NOT have AD DS on it but AD DS is on the LAN.

https://blogs.technet.microsoft.com/enterprisemobility/2009/07/31/rd-gateway-deployment-in-a-perimeter-network-firewall-rules/


RDS 2012 R2: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the (name-of-service) service

December 24, 2014, 3:29 am
$
0
0

Hi guys,

On a random base (daily, weekly) we're experiencing major log-in problems on our Windows Server 2012 R2 Remote Desktop Services farm. The VM's are hosted on Hyper-V 2008 hosts and we're not using Citrix techniques etc.

Users are reporting that they cannot log-in, the log-in sessions hangs with a blank screen when loading their user profile (e.g. Please Wait For The User Profile Service).

In the System event log of the server on which the user is logging on the following errors are shown:

Source:        Service Control Manager 
Date:          23-12-2014 7:28:01
Event ID:      7011 
Task Category: None 
Level:         Error
Keywords:      Classic
User:          N/A 
Description:

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UmRdpService service.

…and after 30 (or sometimes 60) seconds, the same error only another service (in random order):

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UmRdpService service.

…and after exactly 30 seconds, the same error only another service:

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UxmSms service.

etcetera, with the following errors:

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndPointBuilder service.

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WPDBusEnum service.

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.

The Portable Device Enumerator Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UmRdpService service.

These errors are logged continuously.

An administrator cannot solve this since he isn't able to login in as well (console or remotely), only a hard reset of the VM is possible to use the affected server again.

I took different steps to solve this problem without any success, like:

- Installing the latest Windows updates
- Removed unnecessary printer drivers, print monitors and print processors (no local printers/drivers are installed, only Remote Desktop Easy Printer driver is used)
- Searched different forum posts, but found only hotfixes for Windows Server 2008 R2.

Can someone please help me with this annoying problem?

Many thanks!!

EDIT:
Of course is increasing the time-out not really an option here... http://social.technet.microsoft.com/wiki/contents/articles/13765.event-id-7011-service-timeout.aspx

%CLIENTNAME% not available when launching published application via RemoteApp

December 12, 2016, 11:17 am
$
0
0

We are trying to get a published application to work on Window Server 2012 R2 that requires the %CLIENTNAME% environment variable. When logged in locally on that Remote Desktop Server the variable is available and works as expected. When we publish our application and try to reference %CLIENTNAME% we then receive an error that nothing is set for %CLIENTNAME%. I have checked the HKCU\Volatile Enviroment\ and I can see the session with the CLIENTNAME there.

If we change the application to use %USERNAME% or %COMPUTERNAME% than it will input the corresponding values, so I know it is reading some environment variables. 

Our clients are Windows 10.

Why is it possible to launch multiple instance of application using MS RemoteAPP mechanish even when fSingleSessionPerUser is set to 1

December 7, 2016, 1:27 pm
$
0
0

I am using msRdpClient8 to establish a remote session and launch an application on the server using the MS Remote App mechanism.

It is found that even after setting the below GPO  ,It is possible to establish multiple remote session and launch same application using the remote app mechanism .

Restrict Remote Desktop Services users to a single Remote Desktop Services session  --> enabled

I want to know if this is a expected and why it behaves like this ?

Is this documented any where in MS site ?

Somaraj

RDS with ADFS and mobile clients

December 13, 2016, 9:37 am
$
0
0

Does anybody know if RDS (2012r2 or greater) that is integrated with ADFS (2012r2) and WAP (2012r2) and you try to login to the web interface, will it launch the MS RDS client after authentication and connect? I'm planning on using an external SAML IdP with ADFS, so credential pass-through will not work.

I know this works with desktop clients. I'm not sure about mobile OSes.

Citrix is allows this way of authentication. You log in through a the web interface then the browser gives a hint to launch the their mobile app and the user is already authenticated so it connects fine. Does anybody know if MS RDS does this too or something similar?

RDS 2012 R2 IP virtualization - IP-addresses are no longer being recycled

November 21, 2016, 1:38 am
$
0
0

Hi.

We have a problem with our RDS 2012 R2 farm. We are using IP virtualization and we have recently found out that the IP addresses are no longer being recycled i.e. the first user gets IP x.x.x.1, second user gets IP x.x.x.2, first user logs out but the third user gets IP x.x.x.3 even though IP x.x.x.1 is now free. This continues until x.x.x.254 and then the server runs out of IP addresses even though there are only 1 logged on user (and no disconnects). Do you know it there is a fix for this problem?

Search

Network Level Authentication (LSA)- Inaccurate password expired message RDP

December 7, 2016, 6:25 am
$
0
0

Hello all,

I am having an issue with a Hyper-V host. When anyone tries to remote into the server they receive a message that"The Local Security Authority cannot be contacted". At least 3 users are Domain Admins (with recently changed passwords) so I do not believe it is the user accounts. We are able to remote into other servers without issue but this particular server does not agree that the passwords of any users is current. I have disabled NLA and I am able to get into the server but our GPO will not leave this setting turned off. Also, the VMs that are on the server are giving the same error when trying to log into them. Is there some setting that I am missing that needs to be reset so that the server does not assume that all logon attempts via RDS have an expired password?

User Profile Disks with Windows Search

January 6, 2015, 6:37 am
$
0
0

We have 2 RDS Servers (2012R2) and work With User Profile Disks

We use outlook cached mode (Outlook 2013 SP1) because the link to our head office is to slow

The problem is that the outlook search isn't working properly.

Every time the users logs on, search indexes are recreated
This proces never finishes because the server is under a constant load, therefore search never works as it should.

In eventvwr, we see this error alot:

Crawl could not be completed on content source <winrt://{S-1-5-21-xxxxxxxxxxxx}/>.

Context:  Application, SystemIndex Catalog

Details:

The parameter is incorrect.  (HRESULT : 0x80070057) (0x80070057)

CAPS LOCK & NUM LOCK Keys on keyboard working vice versa

June 2, 2016, 12:49 pm
$
0
0

Hello guys. Need ur help

Hoping somebody can help here. I have RDS farm (2 terminal Servers) , each with approx 40 users on each. I've noticed that some users have started to complain that their CAPS LOCK and NUM LOCK key is inverted. i.e CAPS lock light is off but typing in uppercase and visa versa.

Servers are all Win2012R2. They use RDS Servers



Best strategy for user RDS profile implementation

December 14, 2016, 4:08 am
$
0
0

Hello for all!

In my environment there are 1000 RDS users and 5 RDS terminal server, there is no load balance at this moment and users connect in all servers replicating x5 each user profile generating more it support and bad disk usage with so many profiles

What is the best strategy to implement RDS in this environment to save storage management and reduce IT support ?

Brds,

Cleiton Silva

 

The settings for this terminal server cannot be retrieved. The remote server does not support running Terminal Services Configuration Tool remotely.

December 16, 2010, 2:31 pm
$
0
0

I'm trying to change a couple of options on one of our TS but when I go into the Terminal Services Configuration I get the following error:

The settings for this terminal server cannot be retrieved.  The remote server does not support running Terminal Services Configuration Tool remotely.

The thing is..... I'm not running it remotely, this on trying to retrieve the settings on the local machine.

I get the same error when trying to run it from within the mmc or by just running tsconfig.msc

The server is running Windows Server 2008 Std SP2 x64

Any ideas why it won't run?

Cheers

Adam.

Viewing all 27650 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>