We are in the process of implementing Azure MFA on our production RD Gateway. We want to be able to thoroughly test MFA authentication before producing documentation and rolling out to our production users. I am following the guide made by the nice people at RDSGurus Step By Step – Using Windows Server 2012 R2 RD Gateway with Azure Multifactor Authentication.

The problem is that I can't find any documentation which  explains how to deploy MFA to a small test group, but allow production users to continue to authenticate on our RD Web Portal as usual. After following the guide, the RD Web Portal only allows users with MFA configured to authenticate, of course. We want to allow our main user group to authenticate against AD as usual-- is this easy to accomplish or even possible? If not, I will have to roll back all my work before the end of business today, so that's not optimal.

Any help will be greatly appreciated!

I keep getting Event ID 20499 "Remote Desktop Services has taken too long to load the user configuration from server \\SERVERNAME for user USERNAME" in our event logs for multiple servers that are running 2012 R2

I noticed that when this happens the user often is missing items that get applied via group policies such as desktop wallpapers and mapped drives.  

I am also using the Microsoft Remote Desktop for Mac that was release yesterday on another Mac computer and for certain users it won't launch the redirected folder that I specified when I get this Event ID 20499

We have (2) 2008 R2 RDS servers setup with session brokering.  Users have roaming profiles and redirected folders enabled.

Users report that their list of recent documents in Word 2010 aren't consistent between sessions, presumably when they are connected to another RDS box.

For example, the user opens word > file > recent > and sees a list of recent files.  That list is not up to date when they connect to another server.  Additionally, when a user Pins a recent word document within that list, it doesn't show as pinned when they connect to another RDS box.

Is this behavior normal?  Should this recent list within Word 2010 roam with the user when they are connected to another RDS box?  How can we troubleshoot this?

bp

Environment: Primarily Windows Server 2012 R2 servers and Windows 8.1 clients, with some older versions of Windows Server and Windows client

I understand that if a user's password has expired and they attempt to make a remote desktop connection (RDP) to a computer running Windows Server 2012 R2 or Windows 8.1, and if Network Level Authentication is enabled on the remote computer, then the user is not allowed to change their expired password. Instead, they receive this prompt:

"This user account's password has expired. The password must change in order to logon. Please update the password or contact your system administrator or technical support."

However, even when Network Level Authentication has been disabled on all computers in our domain, users whose passwords have expired still get the above prompt when connecting via RDP to Windows Server 2012 R2 or Windows 8.1. I do not understand why we still receive this prompt even when NLA is disabled. Older versions of Windows still allow users to change their expired passwords in the RDP logon session.

I also understand that RD Web Access can be enabled as a workaround for this issue, but I first want to understand why users cannot change their expired passwords even when Network Level Authentication is disabled. Reference: http://blogs.msdn.com/b/rds/archive/2014/06/04/failed-logons-due-to-expired-passwords-password-change-functionality-in-rd-web-access.aspx

-Taylorbox

I have a simple home network setup and I want to remote control my Vista Business PC from my Macbook Air. I have previously installed the Microsoft Remote Desktop app on my iPhone 5S and it successfully connects to my PC and works fine. I downloaded the Microsoft Remote Desktop app from the Mac Store onto my Macbook Air and tried to do the same connection, but it is refused. I am putting in the same user name and password as I used on the phone, but no joy. What is the difference? From a network perspective, there is no difference. This connection is on my LAN. I use the IP address of the PC to make the connection profile. The PC is on a static address. There is a Symantec firewall running on the PC but it allows the iPhone RDP connection through.

Thanks in advance for your advice.

Hi All,

I am trying to print when I remote desktop to login to Terminal server from Windows XP computer.

Terminal server is Windows 2008 R2.

Windows XP computer is Windows XP SP3 with Remote Desktop Connection Version 6.1.7600 and .Net Firmware 3.5 SP1.

My issue is that I could not redirect print from Terminal server, I can see the printer is there when I login to Terminal server, I can see the print job is in print queue, and it shows print out, but I can get it from my Sharp printer.

The Sharp printer is a network printer, I setup it on the Windows XP computer, when I connect to TS, and I select use print in remote session.

For troubleshooting, I have tested it from another Windows XP computer, it works fine. So I know that TS works fine with correct setting. The problem is on the Windows XP computer, so I reinstall .Net Firmware 3.5 SP1. But it still did not work.

Anybody can help me out? Thanks in advance.

I have a problem related to the fact that remote desktop client are not redirected to the disconnected sessionr when they try to reconnect.

I'm using a netscaler load balancer that uses redirection toker with the connection broker server.

I have made a small configuration test environment that reflect my origina configuration and the problem will exist event there.

All the servers are windows 2008 R2 with sp1 and all latest fix available using microsoft update.

The connection broker server is a domain controller server, and the terminal server are computer member of the domain.All the information are correctl registered by the connection broker database, but is seems that it works only with administative users.

The error that is reported

RD Connection Broker failed to process the connection request for user DOMAIN\USER.Load Balancing failed OR Specified endpoint could not be found.HRESULT = 0x80070515.  

I have found no information about the error 0x80070515.

Here follow the connection broker information after

ClusterName = MYCLUSTER

NumberOfServers = 4

SingleSessionMode = 1

    SERVER :

    ServerName = TS018.mydomain.local ServerSingleSessionMode = 1 LoadIndicator = 655350000
    ServerIP = 10.10.4.18
    ServerWeight = 0
    ClusterName = MYCLUSTER
    NumPendRedir = 0
    No sessions on server TS018.mydomain.local

    SERVER :
    ServerName = TS020.mydomain.local ServerSingleSessionMode = 1 LoadIndicator = 655350000
    ServerIP = 10.10.4.20
    ServerWeight = 0
    ClusterName = MYCLUSTER
    NumPendRedir = 0
    NumberOfSessions = 1
        SESSION :
        UserName= mydomain\administrator    ApplicationType=     SessionState= 0
        CreateTime= 20150303101848.856647+060    DisconnectTime=
        ServerName= TS020.mydomain.local
        SessionID= 1
        ServerIP= 10.10.4.20
        TSProtocol= 2
        ResolutionWidth= 1920
        ResolutionHeight= 1080
        ColorDepth= 4

    SERVER :
    ServerName = TS019.mydomain.local ServerSingleSessionMode = 1 LoadIndicator = 655350000
    ServerIP = 10.10.4.19
    ServerWeight = 0
    ClusterName = MYCLUSTER
    NumPendRedir = 0
    NumberOfSessions = 2
        SESSION :
        UserName= mydomain\administrator    ApplicationType=     SessionState= 1
        CreateTime= 20150303101224.366219+060    DisconnectTime= 16010101000000.000000-000
        ServerName= TS019.mydomain.local
        SessionID= 1
        ServerIP= 10.10.4.19
        TSProtocol= 2
        ResolutionWidth= 1920
        ResolutionHeight= 1080
        ColorDepth= 4
        ------------------------------------------------
        SESSION :
        UserName= mydomain\Flavio    ApplicationType= D:\Programmi\Seac\SeacCruscotto.exe    SessionState= 0
        CreateTime= 20150303121903.740379+060    DisconnectTime=
        ServerName= TS019.mydomain.local
        SessionID= 2
        ServerIP= 10.10.4.19
        TSProtocol= 2
        ResolutionWidth= 1920
        ResolutionHeight= 1080
        ColorDepth= 4

    SERVER :
    ServerName = TS017.mydomain.local ServerSingleSessionMode = 1 LoadIndicator = 655350000
    ServerIP = 10.10.4.17
    ServerWeight = 0
    ClusterName = MYCLUSTER
    NumPendRedir = 0
    No sessions on server TS017.mydomain.local

Second dump with the disconnected user and the same user that ties to reconnect and was redirected to a new session  instead to the disconnected session. You will find two user Flavio one in disconnected state (1) and one in connected state(0)

ClusterName = MYCLUSTER
NumberOfServers = 4
SingleSessionMode = 1

    SERVER :
    ServerName = TS018.mydomain.local ServerSingleSessionMode = 1 LoadIndicator = 655350000
    ServerIP = 10.10.4.18
    ServerWeight = 0
    ClusterName = MYCLUSTER
    NumPendRedir = 0
    No sessions on server TS018.mydomain.local

    SERVER :
    ServerName = TS020.mydomain.local ServerSingleSessionMode = 1 LoadIndicator = 655350000
    ServerIP = 10.10.4.20
    ServerWeight = 0
    ClusterName = MYCLUSTER
    NumPendRedir = 0
    NumberOfSessions = 1

        SESSION :
        UserName= mydomain\administrator    ApplicationType=     SessionState= 0
        CreateTime= 20150303101848.856647+060    DisconnectTime=
        ServerName= TS020.mydomain.local
        SessionID= 1
        ServerIP= 10.10.4.20
        TSProtocol= 2
        ResolutionWidth= 1920
        ResolutionHeight= 1080
        ColorDepth= 4

    SERVER :
    ServerName = TS019.mydomain.local ServerSingleSessionMode = 1 LoadIndicator = 655350000
    ServerIP = 10.10.4.19
    ServerWeight = 0
    ClusterName = MYCLUSTER
    NumPendRedir = 0
    NumberOfSessions = 2

       SESSION :
        UserName= mydomain\administrator    ApplicationType=     SessionState= 1
        CreateTime= 20150303101224.366219+060    DisconnectTime= 16010101000000.000000-000
        ServerName= TS019.mydomain.local
        SessionID= 1
        ServerIP= 10.10.4.19
        TSProtocol= 2
        ResolutionWidth= 1920
        ResolutionHeight= 1080
        ColorDepth= 4

        SESSION :
        UserName= mydomain\Flavio    ApplicationType= D:\Programmi\Seac\SeacCruscotto.exe    SessionState= 1
        CreateTime= 20150303121903.740379+060    DisconnectTime= 16010101000000.000000-000
        ServerName= TS019.mydomain.local
        SessionID= 2
        ServerIP= 10.10.4.19
        TSProtocol= 2
        ResolutionWidth= 1920
        ResolutionHeight= 1080
        ColorDepth= 4

    SERVER :
    ServerName = TS017.mydomain.local ServerSingleSessionMode = 1 LoadIndicator = 655350000
    ServerIP = 10.10.4.17
    ServerWeight = 0
    ClusterName = MYCLUSTER
    NumPendRedir = 0
    NumberOfSessions = 1

        SESSION :
        UserName= mydomain\Flavio    ApplicationType= D:\Programmi\Seac\SeacCruscotto.exe    SessionState= 0
        CreateTime= 20150303122059.706850+060    DisconnectTime=
        ServerName= TS017.mydomain.local
        SessionID= 2
        ServerIP= 10.10.4.17
        TSProtocol= 2
        ResolutionWidth= 1920
        ResolutionHeight= 1080
        ColorDepth= 4

Any idea ?

Thanks

Flavio

I'm having a few issues with some multiple logon prompts using "Connect to a remote PC" via RD Web Access.

I am able to log onto the RDWeb without a problem.

Essentially once I make a connection to my end-device I first receive a logon prompt, I'm authenticated, then I'm asked again for another logon prompt. Any ideas how to resolve this?

My layout is simple:

1 VM in the DMZ that has the Remote Desktop Gateway and Remote Desktop Web Access roles installed. No connection broker, or session host.

With my deployment I have a wildcard certificate bound to the Remote Desktop Gateway and it is bound properly in IIS. Remote Desktop functionality through the RDGateway works just fine. However, the only nuisance is that I get prompted multiple times for credentials when accessing the end-device regardless if my connection is from a domain-joined machine or a non-domain joined machine.

I've tried using Web Single Sign On via http://anandthearchitect.com/2014/01/20/rds-2012-r2single-sign-on-using-windows-authentication-for-rdweb-page/ and it still does not work.

Any ideas?

Thanks,

Dan

Hi

when i try to change the Remote Desktop Services User Profile Path with ADUC i get the error "Operation failed: Access is denied"

This error occurs in a subdomain with the Domain Admin of the Subdomain. I'm able to change this attribute with the Enterprise Admin.

As far as I understand this attribute is set in the userParameters but I don't know what permissions must be set to allow the Domain Admin to change this Attribute and why the Enterprise Admin is allowed to change the Attribute and the subdomain Admin not.

Our AD Schema is 2003.

Hi,

When I try to add a new host to a session collection I get the error "unable to retrieve the session collection properties"

The host is running Windows Server 2012 and so are the connection brokers, I have multiple sessions configured, this one already have 5 hosts in this collections and I dont see any errors in event logs.

It was the first collection that I created in my environment and users have no problems logging on to it.

Is anybody able to help or point me in a direction to troubleshoot.

Thanks

I have set up a test Server 2012 RDS collection (Single Server for now) and implemented User Profile disks.

I have two problems.

First: My generic test user can connect and does successfully use the user profile disk as expected. However, atlogoff, the system event log contains these errors:

The error (NTFS 137) is: The default transaction resource manager on volume C:\Users\ts3.test encountered a non-retryable error and could not start.  The data contains the error code.

The warning (NTFS 50) that concerns me is:

It appears that the user profile disk is being "disabled" or "disconnected" before the profile data is completely written at logoff. What can I do to troubleshoot this?

Second:

Update: A post from Mike Connor on the following page: -LINK- solved the problem described below. 

My administrative user always logs on now with a temporary profile. At the beginning, the UPD was working and mounting. That stopped working. In attempting to troubleshoot, I logged the admin user off and deleted the UPD disk file from the share. I remember it working again after generating a new UPD disk file in the share. Soon, it quit working again. I deleted the UPD disk file again from the share and ever since, it has never regenerated a new UPD andalways logs on with a temporary profile.

So the client has Windows Server 2012 Standard R2, it is not a DC.  Setup Remote Services (formerly known as Terminal Server).  He runs Office 2007 on the server.  When using LogMeIn, he can run the Office apps fine.  When doing RDP, and at starting an Office APP he gets this meesage, "This Copy of Microsoft Office Excel cannot be used on Terminal Server.  Please contact your local authorized Microsoft retailer for more information."  We did this and purchased 5 RDS CALS, installed the TS licensing Server and installed and activated the RDS CALS.  Have not rebooted the server - was not prompted to reboot.  However, when looking in the Application Log on this server this error is displayed:

Error 1002  The program mmc.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1d0c

Start Time: 01d0568473061f4e

Termination Time: 0

Application Path: C:\Windows\system32\mmc.exe

Report Id: d830bbcd-c277-11e4-80c8-ecb1d7f30b79

Faulting package full name:

 Faulting package-relative application ID:

Is there something else that needs to be done to activate the RDS CALS??  Got no error messages when installing the CALS, just activation and installation was successful.  I know that to run APPS on Terminal Server you need the RDS CALS - Microsoft verified that as well.  Perhaps we need to tweak the Sonic Firewall settings??

Please Advise.

Thanks,

LCD

ncc@netwebga.com

7703561074

LCD

Hello,

   I have recently installed a single Windows 2012 RDS server,  it is a member server joined to a domain and it is working well for the most part.  The overview shows all the roles installed on the server (RD Connection Broker, RD Session Host, RD Gateway, RD Licensing and RD Web Access.  However, under Tools, Terminal Services there is only RD Licensing Diagnoser, Gateway Manager and Licensing Manager.  From what I have read, there are supposed to be other tools like RD Connection Manager and others?  Add Roles and Features says everything is installed and nothing left to add.  Did I do something wrong?  How can I install and access these tools?

   Thanks

purchased 4 x 5 RDS 2012 per user licenses packs for my fresh install of server 2008r2, have installed the remote desktop services role and the RD licensing server role. When attempting to add my RDS user CALs, I get error "The license code contains invalid characters or not enough characters." Not sure where to go from here. The license packs are retail from Newegg,

SKU-6vc-01756

Good morning all,

We are currently dipping our toes into VDI and would like to use not only the virtual desktops, but RemoteApp as well. The one thing I am noticing is when you publish apps, the VM collection is removed from RemoteApps. I would like to keep the pool published so users can access the VMs remotely. For this reason, I created a new pool just to publish apps from.

Now the concern is the number of VMs I will end up having in total. Is there any way to use Virtual Machine-Based VMs for the VDI pool, but also use Session-Based VMs for the RemoteApps? From what I am seeing, you choose virtual machine or session-based, but not both. Is there a work-around for this?

Thank you in advance!

Eric

Am I doing something wrong? The dynamic update resolution works for win8.1. But it only works in the MS Store version of RDP. The desktop version of RDP does not reset the resolution in the host like the store app does. 

Am I missing something? The release notes from RDP 8.1 says you should be able to resize the window and resolution in the host will adjust accordingly?

Hi,

I have a 2012 R2 RDS farm deployed and users are able to log onto the personal desktops successfully.  However, when the user launches the VDI from RDWEB, they receive a certificate mismatch.  The certificate being presented is self signed from the VDI.

Is this normal behaviour for the VDI connection? Or am I missing something here?