Hi,

I am facing an issue since last day. I am not able to login in a system via RDP with remote user in my domain. This user have admin privilages and add to remote desktop group. I'm able to login with same user to other systems in same domain.

Hi guys, 

Struggling to find information on how to enable verbose logging so we can see a Connection Broker redirections happening  in a 2012 R2 RDS farm - in the past someone has enabled it on two of the four CB servers (HA), but we'd like to know how to enable it on the other 2 as we need to plan to migrate to new servers soon and would like to see the connections being redirected to confirm successful migration. 

Specifically looking to generate 

Microsoft-Windows-TerminalServices-SessionBroker-Client

ID: 1307

Remote Desktop Connection Broker Client successfully redirected the user %1\%2 to the endpoint %3. 
Ip Address of the end point = %4

Any help would be appreciated. 

Hi

All applications I publish for RemoteApp on Windows Server 2016 gets "Current directory" set to "C:\Windows\system32\", no matter where I have the application (only tried with applications stored on C:\ fyi)

This is the environment-settings all applications I've published on a Server 2016 gets (besides the command line ofc).

My current solution is to use a cmd-script to enter the correct directory and then start it and just publish the .cmd-script.

Hi!

May i ask, how to enable simultaneous Remote Desktop Connection on a non domain server? Thanks!

Hi

I have an issue in one of our site . We have an application using remote app mechanism to launch application on the server .

In the server the following security settings are done under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services 

SecurityLayer = 2 ( SSL) , MinEncryptionLevel=3 and UserAuthentication =0.

with this setting the when remote app is launched , user credential pop dialog appears and application fail to run . Check with to connect to the server from the client using mstsc , then also the user credential pop dialog appears .

when the SecurityLayer = 0 ( RDP ) is set , the remote app and the mstsc started working

It is also observed that when the settings was SecurityLayer = 2 ( SSL) on server and we use mstsc the following message is displayed

We tested the same set up in our test lab , even when the above message for certificate comes we are able to launch the remote app .

I am not able to understand why with same set up and with same type of error message related to certificate validity

our test lab set up able to launch remote app but not the site

I am not an expert in this topic so need some help to figure out what is happening

regards

Somaraj

Hi all,

I've got a gateway server setup feeding two RDS servers (RDS1 and RDS2) and currently RDS2 is getting tonnes of 6425 errors from the gateway server (App01). 

There are thousands of these being generated every day, all different ports, I used ProcMon to trace it back to the tssdis.exe program on App01.

Here's the event:

Any help would be greatly appreciated!

I go with RDS quick install, and the wizard always fail at the last step saying "unable to create the virtual desktop collection. The process cannot access the file "\sever\RDVirtualDesktopTemplate" because it's being used by another process. 

What's this problem? That folder was created by this wizard and I don't see other process that is using it. Also this is installed on my domain controller that has DHCP and DNS installed too.  Does that affect the RDS installation?

Hello

I am running a Server 2016 based RDS deployment. I have created a virtual desktop collection with Gen2 VM as the master image.

The collection will deploy initially with no issues at all and work as it is expected to do.

However, when I attempt to recreate all desktops due to updates etc, the job will fail with the following error reported in Server Manager:

Failed: Task: Calling into Hyper-V: failed. Result of task [0x80004005]

Looking in the event logs on the CB I am able to find this message under Microsoft-Windows-TerminalServices-SessionBroker/Admin:

VM host [host.name] failed to execute VM Provisioning operation [Task: Calling into Hyper-V: ] for virtual machine [Gen-0] in pool [Gen_2_Test], Error: [Unspecified error ]

If I look in the VMMS event log on the actual Hyper-V host itself I can find this message:

However, the machine is still there and booted? However it will stop the rest of the recreations so a collection with more than one vm will not finish.

Any pointers would be really appreciated I've Googled everything, tried with/without checkpoints, with/without the machines started at the time of recreation, with/without secure boot and nothing works. All that works, is regeneration with a Gen1 VM

Please help :)

Steve

I seem to have a problem with Windows Server 2012R2 remote desktop services. From time to time i cannot manage my servers. We have several Remote desktop farms, one 4 node widows Server 2008 RTM farm, a single Node Windows Server 2012r2 farm and a 6 node Windows Server 2012r2 farm. we have no issue with the Windows Server 2008 RTM farm, but have a lot of issue's with the two other ones. the same issue occurs on both nodes, and the  issue is that i cannot manage them. In server manager i get the following error: "The WinRM client cannot process the request. It cannot determine the content type of the http response from the destination computer. the content type is absent or invalid."

When i try to manage the RD deployments via powershell i get:

PS M:\> Get-RDRemoteApp -ConnectionBroker connectionbroker.domain.group
Get-RDRemoteApp : A Remote Desktop Services deployment does not exist on connectionbroker.domain.group. This operation can be performed after creating a deployment. For information about creating a deployment, run "Get-Help New-RDVirtualDesktopDeployment" or "Get-Help New-RDSessionDeployment". 

last week i had it on the single node, but could manage the node from the other 6 node cluster. Rebooted the single node over the weekend, and the issue was resolved. This morning the issue returned, in which i was unable to manage Remote desktop deployment from all nodes, except one. All published applications are running fine, but cannot the deployment. Rebooting the node resolves the issue for that node.

Have been looking into the issue, where it could be that the kerberos ticket is to large for the logged-on user. However when i log on with a user which is only member of the domain admins, the issue isn't resolved. So think it is not related to where the kerberos, or NTLM authentication issue described here:

http://oyvindnilsen.com/solution-for-powershell-remoting-error-it-cannot-determine-the-content-type-of-the-http-response-from-the-destination-computer/

all servers are fully patched.   

Answers provided are coming from personal experience, and come with no warranty of success. I as everybody else do make mistakes.

Hello,

My project is the following one :  i am working in a security company which sells intrusion-detection and video-surveillance solutions.
One of our clients is having issues with its existing solution because we underestimated the need of the software we implemented.
The software is named "Genetec - Security Center". It is based on a windows server 2012 R2.
The server is perfectly ok, but the client parts is far from being ok.
We sold tablets, which are overused by the software, which cause them to freeze, lose connections to the server, etc. And most of all, they are slow.

The main issue is that, because they are tablets, the graphics are generated by the UC. They  are not designed to support that kind of load and usage.
We have 7 tablets plus the server, all linked to the network with Cat.6 cables on a dedicated Local network.

The solution i am studying is to create a new server, to work aside of the first one, and the new server would be dedicated to RemoteFX which by it, i would use the LAN and make remote sessions to ease the load of the tables by using them only for making remote sessions, the rest would be taken cared of by the new server.

I have to display 6 cameras per screen, resolution : 1080p, for the cameras and the screen resolution of the tablets.

So i have several questions like :

-Is such a solution is a good one? If not, what are my other options?

-Considering the fact that i have 7 tablets to run simultaneoulsy, which would be better?  Create via Hyper-V, one virtual machine per tablet, or could Terminal Server be a better solution, regarding the price, the eased management, etc. ?

Thank you for the advices and/or solutions.

Hi,
I have trouble logging in remote desktop to a Windows 2008 STD SP1.The server is in the domain. Something strange happens, often I can not login with a domain user but only with the local administrator, and sometimes use the same user domain without any problems in accessing remote desktop.Event viewer when the machine fails to login, I find the following error:

EVENT ID: 4625

Log Name:     Security

Source:       Microsoft-Windows-Security-Auditing

Date:         8/24/2010 10:52:04 AM

Event ID:     4625

Task Category: Logon

Level:        Information

Keywords:     Audit Failure

User:         N/A

Computer:     wbrdvpx40.webred.personal

Description:

An account failed to log on.

Subject:

           Security ID:                NULL SID

           Account Name:                     -

               Account Domain:                           -

               Logon ID:                           0x0

Logon Type:                                     3

Account For Which Logon Failed:

               Security ID:                       NULL SID

               Account Name:                              Administrator

               Account Domain:                           WEBRED2000

Failure Information:

               Failure Reason:                               Unknown user name or bad password.

               Status:                                0xc000006d

               Sub Status:                       0xc000006a

Process Information:

               Caller Process ID:           0x0

               Caller Process Name:    -

Network Information:

               Workstation Name:       ANTONIO

               Source Network Address:          -

               Source Port:                     -

Detailed Authentication Information:

               Logon Process:                NtLmSsp

               Authentication Package:            NTLM

               Transited Services:         -

               Package Name (NTLM only):     -

               Key Length:                      0

This event is generated when a logon request fails. It is generated on the computer where access was attempted.

The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).

The Process Information fields indicate which account and process on the system requested the logon.

The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

               - Transited services indicate which intermediate services have participated in this logon request.

               - Package name indicates which sub-protocol was used among the NTLM protocols.

               - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

  <System>

    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />

    <EventID>4625</EventID>

    <Version>0</Version>

    <Level>0</Level>

    <Task>12544</Task>

    <Opcode>0</Opcode>

    <Keywords>0x8010000000000000</Keywords>

    <TimeCreated SystemTime="2010-08-24T08:52:04.983Z" />

    <EventRecordID>120934</EventRecordID>

    <Correlation />

    <Execution ProcessID="696" ThreadID="788" />

    <Channel>Security</Channel>

    <Computer>wbrdvpx40.webred.personal</Computer>

    <Security />

  </System>

  <EventData>

    <Data Name="SubjectUserSid">S-1-0-0</Data>

    <Data Name="SubjectUserName">-</Data>

    <Data Name="SubjectDomainName">-</Data>

    <Data Name="SubjectLogonId">0x0</Data>

    <Data Name="TargetUserSid">S-1-0-0</Data>

    <Data Name="TargetUserName">Administrator</Data>

    <Data Name="TargetDomainName">WEBRED2000</Data>

    <Data Name="Status">0xc000006d</Data>

    <Data Name="FailureReason">%%2313</Data>

    <Data Name="SubStatus">0xc000006a</Data>

    <Data Name="LogonType">3</Data>

    <Data Name="LogonProcessName">NtLmSsp </Data>

    <Data Name="AuthenticationPackageName">NTLM</Data>

    <Data Name="WorkstationName">ANTONIOZAZZARO</Data>

    <Data Name="TransmittedServices">-</Data>

    <Data Name="LmPackageName">-</Data>

    <Data Name="KeyLength">0</Data>

    <Data Name="ProcessId">0x0</Data>

    <Data Name="ProcessName">-</Data>

    <Data Name="IpAddress">-</Data>

    <Data Name="IpPort">-</Data>

  </EventData>

</Event>

How can I fix this problem??

Hi guys,

On a random base (daily, weekly) we're experiencing major log-in problems on our Windows Server 2012 R2 Remote Desktop Services farm. The VM's are hosted on Hyper-V 2008 hosts and we're not using Citrix techniques etc.

Users are reporting that they cannot log-in, the log-in sessions hangs with a blank screen when loading their user profile (e.g. Please Wait For The User Profile Service).

In the System event log of the server on which the user is logging on the following errors are shown:

Source:        Service Control Manager 
Date:          23-12-2014 7:28:01
Event ID:      7011 
Task Category: None 
Level:         Error
Keywords:      Classic
User:          N/A 
Description: 

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UmRdpService service.

…and after 30 (or sometimes 60) seconds, the same error only another service (in random order):

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UmRdpService service.

…and after exactly 30 seconds, the same error only another service:

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UxmSms service.

etcetera, with the following errors:

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndPointBuilder service.

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WPDBusEnum service.

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.

The Portable Device Enumerator Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UmRdpService service.

These errors are logged continuously.

An administrator cannot solve this since he isn't able to login in as well (console or remotely), only a hard reset of the VM is possible to use the affected server again.

I took different steps to solve this problem without any success, like:

- Installing the latest Windows updates
- Removed unnecessary printer drivers, print monitors and print processors (no local printers/drivers are installed, only Remote Desktop Easy Printer driver is used)
- Searched different forum posts, but found only hotfixes for Windows Server 2008 R2.

Can someone please help me with this annoying problem?

Many thanks!!

EDIT:
Of course is increasing the time-out not really an option here... http://social.technet.microsoft.com/wiki/contents/articles/13765.event-id-7011-service-timeout.aspx

Hello,

We are trying to setup RDS to allow users to connect to a Remote Desktop Server both internally as well as external.
However when the gateway/broker is redirecting the user to the session host we get a certificate warning. Depending on the config it is either a untrusted certificate (the self-signed cert) or a name mismatch (.local domain <> public domain name)

Environment details:
- All Windows 2012 servers
- 2 servers running RD Gateway, RD Connection Broker and RD Web Access in HA
- Gateway and Web Access is setup as HA using NLB with a dedicated NIC.
- Broker is setup as HA using DNS Round Robin.
- Internal DNS name for Gateway has been added to internal DNS. Public DNS also published.
- We have bought a wildcard certificate from a trusted CA and applied it to all roles (GW, CB SSO, CB Pub., WA) and gateway manager. All show as Trusted and OK.

What I have already tried:
- Used TP's powershell script to change the published FQDN.
- Used a WMI script to input the certificate for the Session Host (SSLCertificateSHA1Hash in the registry).
- Used a MS Fixit that seems to do the same as the WMI script.
- Used the Set-RDSessionCollectionConfiguration powershell command to modify the CustomRdpProperty of the session collection with "use redirection server name:i:1 `n alternate full address:s:broker.domain.com".

I'm testing with Windows 7 machines that have version 6.3.9600 of mstsc installed. Shows RDP 8.1 supported.
My home machine running Windows 10 is having the same issues.

Some of these solutions seem to work at first as the certificate error disappears, but after a while it comes back.
Don't know what I'm missing here as these solutions seem to have helped people with this particular issue already.

Thanks for the input.

Kind regards,
Dennis

Hi all.

Im testing out RDS 2016, so far its been very nice and performance is great.

But im having a wierd issue when trying to run RemoteAPPs in maximized windows (fullscreen)

It sort of looks like the window is in a incorrect placement. The top and leftmost part of the window is sort of moved out 5-6 pixels when running fullscreen. The buttom part of the window is also below the processbar of the workstation im using.

On my client i am running 2560x1440 and im not sure if that is the issue, but it just seems strange.

Have anyone experienced anything similar, and do you have a solution for the issue?

MD

Dear All

I have the following setup.

1. Host Server which is also ADS server and DNS Server. This is the physical server. WS2012R2 is the Base OS.

2. 4 x Hyper-V Guest Servers running WS2012R2 Std Edition configured  onto this server.

3. One of the Hyper-V Servers is a Terminal Client Server. We have about 50 Thin Clients connecting to this server. Another is the application Server.

4. The Thin Clients have Win7 OS embedded on them. The Thin Clients connect to TS server first and then they can access the application server.

Problem :

Sometimes when Thin Clients try to log in ; they get message TS-Server could not be located ; i.e. the TS-Server is not accessible. But when the Thin Client is rebooted

Some times the problem goes away after a few minutes. Without doing anything.

Sometimes we have to reboot the TS Server ( Virtual).

Sometimes we have to shutdown all servers and reboot the physical host server and restart everything all over again. But the problem comes up again in next 2-3 days.

We have installed all the windows updates and patches and we do it weekly for all servers.

Any suggestions ?

Hey I wonder if somebody can help me answer a bit of a conundrum!

We use a number of Windows based RDS jumpboxes to manage various parts of our network.  However we also use an RDS environment for our day-to-day business operations.  So to connect to a jumpbox we would log onto our PC, then connect the primary business RDS environment (which is where we can access files, Outlook etc.) which is fully licenced with per-user RDS CALs and then from there we RDS to one of the jumpboxes if we need to manage that part of the network.  These remote jumpboxes, for various reasons are not joined to the domain and are completely isolated from the business network (other than RDS over 3389) so we cannot use the one RD licence server for all of them.

For the first jumpbox we happened to have some old 2008 per-user RDS CALs so I used these, but we now need a couple more jumpboxes and I'm contemplating how to licence them.  Given that we will only connect to these jumpboxes from one of our two "business" RDS servers it would seem we only really need to installed two per-device RDS CALs?  Note that we could have multiple users connecting to these jumpboxes from the business RDS servers, rarely more than 3-4 at a time however.

Am I right do you think?

Thanks!