Hello!

We have RDS 2012 deployment with 2 RD Gateways + GD Web Access, 2 RD Connections Brokers in HA and some RD Session Hosts and everything seem to working fine.

But on one RD GW server we have a very strange Audit Failure error in Security Log:

where ServerName - Name of problem GW server. So it is connect to itselfthrough network and get error during Logon.

There is no that errors on the other RDGW server, so it think it is very strange.

With Sysinternals TCPView I saw, that connection on that port make a System Process PID 0 with RDS remote name like rds.company.com both in local and remote address.

Any help about that problem?

Hi everyone,

I am trying to enable password change on RDWeb for users but when a user tries to reset the password he receives the following error:

Your new password does not meet the length, complexity, or history requirements of your domain. Try choosing a different new password.

I saw there is a hotfix for that but it is only applicable for 2008R2 and 2012 RTM.

I am using 2012R2.

By the way password reset was not enabled by default so I had to enable it from IIS (password.aspx = true).

Please advise how to troubleshoot this problem and how to solve it!

Thanks!

Regards,

Ognyan

My Windows server 2012 standard has been enabled with Remote Desktop.

It has been working until recent but now my remote desktop client always gives me this error: 'This computer can't connect to the remote computer'.

When i check the event viewer from my 2012 server after trying to remote desktop to it, i see this:

event id: 1057

Severity: Error

Source:: Microsoft-Windows-TerminalServices-RemoteConnectionManager

Log: System

Message detail:

The RD Session Host Server has failed to create a new self signed certificate to be used for RD Session Host Server authentication on SSL connections. The relevant status code was Object already exists.

I've tried to follow the instructions from the another technet post: removing the existing self signed certificate (by using mmc), then restarting the Remote Desktop Configuration service to re-generate the certifiacte, then configure in RD Session Host Configuration (tsconfig.msc)

http://social.technet.microsoft.com/Forums/windowsserver/en-US/8df42746-465f-4902-95a6-121ef1f0fd68/the-terminal-server-has-failed-to-create-a-new-self-signed-certificate-to-be-used-for-terminal

It did not work for me. No new self signed certificate has been re-generated. I also could not find RD Session Host Configuration from my server.

I was having network problems while trying to connect through TSG and now it refuses to let me login and I receive this message:

The requested operation cannot be completed because the terminal connection is currently busy processing a connect, disconnect, reset, or delete operation.

I have been getting this message for at least 12 hours now.

Anyone know how to resolve this?

Good afternoon all!

We are running a POC VDI deployment on a Nutanix system, and I am having a DNS issue. I would appreciate some help trying to figure this out. Two situations that are causing issues that I can see:

1. VMs go into a saved state if not being used: This in itself is not an issue, and I see it as a way to save resources not being used; however, if a VM is saved for a few days, the DHCP address often gets reassigned. Now if users are connecting, and that saved VM with the stale address is called to wake up, the VM is not found.

2. Recreating the pool after updating the golden image: This is the bigger issue. After a couple days of running smoothly, I was asked by my pilot users to add Firefox. I installed it and recreated all the VMs in the pool. When this happened, they all got new IPs, but the old DNS records were not updated. This made the broker unable to find a single VM in the pool. I could not ping a single one.

Has anybody else run into these DNS issues with a VDI deployment? If so, what did you do to resolve it? If not, have any ideas on what is going on here?

Thank you in advance!

Eric

We recently stood up some servers to host GIS software.  The GIS software from ESRI requires a license to run so we have about 60 licenses for potentially 400 users.  Many are part time users of the GIS software and the RDS environment. Every week about 6 to 10 users disconnect from the RDS servers without closing their GIS software.  They intuitively think that clicking on an X meets closing a program so we're having a hard time reconditioning all the users to sign out the proper way.

Is there anyway to capture a disconnect from Terminal Service so that we could force sign them off?  Or prompt the user before the session disconnects?

We are testing the HYper-V 2012 and Windows 8 Enterprise 32 bit. We have created Personal Desktop collection and Created VDI. But this VDI's are frequently going Down automatically and if we check in Hyper-V, the VDI state is showing as 'Saved'. Anybody can help us as we are going to decide whether to go with Microsoft or VMware for Virtualization

Thanks in advance

Dear Team,

                I have deployed the New RDS 2012 R2 Farm with 03 Server 

Server 01- RDCB,RDSH & RDWA

Server 02- RDCB,RDSH & RDWA

Server 03- RDGW

DNS Round Robin:Created DNS Round robin for Server 01 and 02 IP address.

Certificate Deployment: I don't have Wild Card or SAN. So I tried creating a Server Certificate (from Internal CA) with one common Name, but didn't work with "Error".

            Then I created the Self-Signed Certificate with the DNS roundRobin Name and applied to SSO,Publishing and WebAccess and that RDweb was working fine, when Imported the same on Gateway I started getting Error 403 Page forbidden for RDWEB page.

Query01: To be honest I don't any idea on Certificates for RDS here. I prefer to use my Internal CA for Certificates here. Please suggest on How many Certificates I need and what Name (I have internet users as well). Kindly help

Query02: My Rdweb Page is Not working on https, do I have to change the Binding in IIS or have to enable Redirect.

We upgraded our license server to 2012 R2 several months ago. We only use Per Device CALS. The server is fully patched as of today. The license server is running on a Domain Controller and the License server is in the Terminal Server License Servers group as is the Network Service.

Licensing overall seems to be working fine IE; issuing CALS, upgrading CALS, etc. 

The issue(s) we have are this:

1) It issues temporary 2003 Per device CALS (as it should) and in several months, it has only upgraded 19 CALS to permanent out of 1300. Most all of these devices connect daily. Plenty of licenses available. Expired 2003 licensesare not being removed from the console and it is not issuing multiple CALS to a device as is happening with our 2008 and 2012 licenses (see below).

2) When a temporary 2008 or 2012 device license is issued, it issues multiple licenses to the same device. When the licenses are upgraded it is the same thing. Multiple licenses for the same device are upgraded to permanent. We have several users who have multiple temporary licenses and permanent licenses for the same device. Although we have plenty of available licenses, this is not right.

In our efforts to try and resolve this problem, we have deactivated and activated new license servers a few times. We have activated them all different ways with the same result.

We have 2 separate forest where we have the exact same behavior.

Aside from event ID 42 (An error occurred in policy module "Policy Module for company Microsoft Corporation product A02 has denied new license request with error code 14.)

We have no other errors in the event viewer.

Any help with this issue would be greatly appreciated.

Russ

Hello,

           I have  new RDS farm. Web access URL is working fine but unable to configure The RemoteApp and Desktop Connections in Control Panel with certificate Errors. I'm using Self-Signed certificates. Please help me to get rid of this.

I understand that by default only 2 pooled virtual desktops stay in the running state while saved virtual desktops are started up as needed.   I would like to change the number of running virtual desktops in my Pooled Collection so that 10 are ready for user login and don't have to be woken up.

How can I do this in RDS Windows 2012 R2?

Hi,

I´m wondering if its possible to have a psychical Windows server 2012 r2 foundation with RDS?

I´ve got a Windows server 2012 r2 foundation and a license fore 5 CALs. 

I what to have them both on the same server. I don´t want them in a domain. I´m using "workgroup"

Is this possible?

Best Regards

Fredrik

Hi,

I have issue on 2012 R2 RD server with RD gateway role. 
Some users cannot log off. They gets black screen and RD window don’t  close.  This window can be closed only from task manager.

I checked these things:
-When user log off and gets black screen in process explorer nothing remains from this user but with netstat I can see opened connection on 443 port
-I tried start server with only MS services  - not helps
-Other interesting thing – my local pc from different places (different GW) do different – from one place disconnects but from other not. I checked with port scanner – results same
-I tried to install local pc without updates – not helps
-I tried local pc os 2008r2, 2012r2 
-Same problem if connecting from RDCMan but OK from Royal TS

Hi,

I have created a new RDS farm, with a session-based desktop deployment.

Users can logon to the new servers and the programs are working fine. The only issue is that the users are not visible in the server 2012r2 collection. There for if a user disconnect and then he want to reconnect he log on to another server.

But his files are in use through the other session

Also the session is not visible in the Rdweb

Can someone help me out with this ?

Hi,

We recently have setup an RDS infrastructure for our sales team and we cannot configure correctly the SSO. I think I have read all what Internet can bring about this topic.

We have a domain with a .local terminaison (contoso.local for the example). We have two servers in our RDS infrastructure:
•SRV1.contoso.local: Broker, Licensing, Web Access, Gateway
•SRV2.contoso.local: Session Host

Our users access their remote app through a public dns: rds.contoso.be. We have an SSL certificate from a public Authority for the Gateway and the RDWeb roles. We have setup an ADCS service in our domain and we have create a wildcard certificate *.contoso.local for the Broker roles. This certificate has the RDS public url in its SAN. 

We have create a new zone in our DNS server and add a A pointer for rds.contoso.be to the local IP.

We have change the published FQDN to avoid the certificate missmatch.

We have setupe some GPO's:
•"Allow delegating default credentials" for TERMSRV/*.consotoso.be and TERMSRV/*.contoso.local
•"Specify SHA1 thumbprints of certificates representing trusted .rdp publishers" for the public certificate
•"Set RD Gateway authentication method" setup to "Use locally logged-on credentials"

Despite of all of that, the SSO does not work when we are out of the domain network. The logs of the SRV1 server show two errors:

==================================================
Record Number     : 4908385
Log Type          : Security
Event Type        : Audit Success
Time              : 07-05-15 22:50:15
Source            : Microsoft-Windows-Security-Auditing
Category          : 12292
Event ID          : 5058
User Name         :
Computer          : SRV1.contoso.local
Event Data Length : 0
Record Length     : 708
Event Description : Key file operation.    Subject:   Security ID:  S-1-5-20   Account Name:  SRV1$   Account Domain:  CONTOSO   Logon ID:  0x3e4    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: UNKNOWN   Key Name: {C017AAA3-8C59-4823-A3A7-C07C50E15EAE}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\341303ccbc41dcf73f00dac2528105a7_67d8b4b9-b49d-4d99-bc08-8062cb363238   Operation: A password mismatch has been detected.     Return Code: 0x0 
==================================================

==================================================
Record Number     : 4908386
Log Type          : Security
Event Type        : Audit Success
Time              : 07-05-15 22:50:15
Source            : Microsoft-Windows-Security-Auditing
Category          : 12290
Event ID          : 5061
User Name         :
Computer          : SRV1.contoso.local
Event Data Length : 0
Record Length     : 464
Event Description : Cryptographic operation.    Subject:   Security ID:  S-1-5-20   Account Name:  SRV1$   Account Domain:  CONTOSO   Logon ID:  0x3e4    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {C017AAA3-8C59-4823-A3A7-C07C50E15EAE}   Key Type: %%2499    Cryptographic Operation:   Operation: The UPS driver could not be accessed by the UPS service.     Return Code: 0x0 
==================================================

I suspect a certificate problem but I do not see what.

Thanks a lot for your help.

Hi

Can someone point me to documentation that can assist with Infrastructure scaling and HA config of the RD Web Access/RD CB roles?

We have a successful PoC consisting of RD Web and RD CB on a single server (no GW required as we're using UAG) and several hosts.  Now looking to port to production, thinking of scalability and HA.  Looking to serve 300-750 users.

Thinking so far:

• RD Web Access role across 2 servers using NLB
• RD Connection Broker across 2 servers - (maybe same as Web Access machines?) But CB appears to operate using DNS Round robin.  (https://msfreaks.wordpress.com/2013/12/23/windows-2012-r2-remote-desktop-services-part-2/)?
• Can CB use NLB? 
• Which is preferred for the CB role, NLB or DNS round robin?

Cheers

Lea

Configuration

SBS 2011 Server 

Windows 2008 R2 server with Remote Desktop Services installed, License Manager installed.

WYSE WT3125SE thin clients with Windows CE 5

I setup the Windows 2008 with Remote Desktop Services and was able to successfully connect the Thin client.   Then I installed the License Manger and applied my Open license using User Cals.  Was able to login.  Next day I get the following error-"Because of a security error, the client could not connect to the remote computer.  Verify that you are logged onto the network and then try connecting again"    I still can connect fine from other machines even Windows Home Ed.   I remove license server and still was unable to connect.   Built a second Windows 2008 R2 server with RDS on it.  Was able to connect without issue.   Pointed it to the first RDS server license manager and have still been able to connect with the Thin Client.   The thin client can rdp to the SBS server without issue in admin mode, can connect to RDS2 server but not RDS1 with the license manger.    So my issue is with the license and so my question is what is it with the license server running on that server that is keeping thin client from connecting.  I even did a reload of RDS1 and tested connecting throughout the process and it worked up until I applied the license and then it stops. And then if I uninstall the license, rds, remove from domain still not able to connect.  Any help would be appreciated.

Hi there,

I have setup a 2012R2 RDS farm. The setup is as follows:

1 RDGateway (2012R2)

1 RDWEB server (2012R2)

2 RD Session Hosts (2012R2)

1 RD Broker (2012R2)

Internal domain is mydomain.local. External domain is mydomain.com. There is a wildcard cert in use on the farm, gateway etc for *.mydomain.com.

Everything works fine internally and externally via RDWeb. The issue I'm having is when I try to use 'Connect to Remote PC' from RDWeb when connecting externally. I get the message ' Remote Desktop can't fins the computer xyz..'. This happens whether I use an IP address, NetBIOS name or FQDN. There is a fix indicated here: http://www.concurrency.com/infrastructure/remote-desktop-services/remote-desktop-cant-find-the-computer-through-rdweb-and-gateway/

However, using this fix requires me to enter my credentials twice every time I want to connect to an onsite PC from outsite. The first authentication prompt is for the gateway and the second for the PC itself.

I guess my questions are:

1) Is the fix mentioned in the article (manually entering the default TS gateway in IIS on the RDweb server) the only way to resolve the 'cannot find computer' error or is there another way to do this?

2) If the answer to 1(above) is yes, then is there any way to avoid double authentication prompts (I realise the second prompt for the local PC I am connecting to will always be there due to certificate issues and the fact that the local pc FQDN is mypc.mydomain.local).

Thanks,

HA

We have a Windows Server 2012 R2 Remote Desktop deployment, where we use user profile disks stored on a central file server.

We are trying to run a scheduled tasks as a user, while they are logged off.

When the tasks runs, I can see an event in event viewer that says it was unable to load the user's profile, and as such, the Excel add in that is part of the tasks is not enabled, and as such the tasks fails to complete successfully.

Is this a limitation of the user profile disks? Can the server load the user profile disk even without the user logging in interactively?

Cheers, Eds