Hi,

we have an environment with 4 RDS Session Hosts, 2 Connection Brokers and 1 Remote Gateway. All machines are Windows 2012 R2. The users use Romaing Profiles and Folder Redirection.

Users, inside their RDS Session, launch a RDP connection to another server and enable the checkbox to save their credentials to RDP client. This works untill the servers are rebooted.

There is a method to save definitively their RDP credentials? 

Thank You!!

-Davide S.-

Friends:

My RD setup went kafluie.  We are running Win10 virtual machines on a Server 2012R2 box.

Out of the blue, we were unable to connect, getting a certificate error.  I got a new CSR and a new certificate and installed it.  Great.  Now we can access our virtual machines from within the LAN --- but not from outside the LAN.

Unfortunately, the error message is meaningless:  "Your computer can't connect to the remote computer because an error occurred on the remote computer that you want to connect to.  Contact your network administrator for assistance."

It stands to reason that my Gateway is not correctly set up, and sure enough its using a self-signed certificate instead of my SSL cert.  But the problem is that I can't install my cert because it is in the wrong format.  My certificate is a CRT file but I need PFX or P12.  I was going to use sslshopper to convert it, but I do not have my private key.

OK, so then I thought I'd use Management Console with the Certificates snap-in to Export in PFX format.  But that option is grayed out.

Oy!

Can anyone tell me what the heck I'm doing wrong?

Micah

Since the new Windows 10 update, my Remote Desktop Connection Manager software is buggy. When running it on my external monitor (connected by USB adapter), the mouse does not show up visually, it is there, just cannot see it.  I move the RDCMAN to my Surface Pro 3 screen (primary) it works fine.  Also, since the Win 10 update, when I use RDCMAN to connect to a Windows 2012 R2 server, it is smaller than the screen with garbage in the black space -- main issue is that the mouse is about an inch off to the bottom right of where the visible mouse actually is.  I have downloaded MultiDesk and it works just fine on all my monitors and with 2008 and 2012 server without issue.  Any ideas?  Or does Win 10 break the RDCMAN 2.7?

Hi

I am getting the following vulnerability from all my Windows servers (win2012 R2). I believe to fix this vulnerability I will have to configure my RDP to use a certificate. I know nothing about certificates and here are my questions:

1. How do I configure RDP to use a certificate?

2. If I am connecting to the server(has the SSL certificate) from my laptop(does not have the certificate). If my laptop does not have a SSL certificate, will I still be able to connect to the server?

3. I am also getting the same vulnerability for HTTPS, can we use the same SSL certificate for both HTTPS and RDP?

THREAT:
An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote
server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection. The authentication is done by
verifying that the public key in the certificate is signed by a trusted third-party Certificate Authority.
If a client is unable to verify the certificate, it can abort communication or prompt the user to continue the communication without authentication.

SOLUTION:
Please install a server certificate signed by a trusted third-party Certificate Authority.

Unable to Take RDP to the Windows server 2012 standard , I get no error when i RDP ,it simply disconnects. 

Logged in by ILO and found out in event viewer EVENT 4005, Winlogon    -  The Windows logon process has unexpectedly terminated.

I have tried to end users from task manager  and also tried to take mstsc /console that did not work either. Kindly help to resolve the issue.

Hello

I have a 2008r2 server which is in work group and not connected to internet.I need to enable multiple RDP session on the server.

I need to install licensing server and per device CALs on the same server. I have been provided the Enterprise Agreement number for the CAL license

Please let us know how best i can implement this

Hi,

We are using DigiCert WildCard Plus Certificate for our organization.

We would like to know do we need to request different certificate for RDWeb / RD Gateway .... etc from DigiCert OR we can import the "*.mycompany.com" Certificate for them ?

Thanks

Hello everybody, 

Faced with strange situation. I have DFS namespace based on Windows Server 2012R2 and same RDS server. Issue is very simple: if you map DFS share to network drive, no matter how, via logon script or via group policy, the first user which logs in get this drive ok, second logged in user gets red X on this drive but still able to access it. 

If I map this drive via GPO, after second user log in I can see warning in Event Viewer

The user 'R:' preference item in the 'Test DFS mapped drive {7CDE4506-692E-422B-9299-D12CB15F7CC6}' Group Policy Object did not apply because it failed with error code '0x80070055 The local device name is already in use.' This error was suppressed.

No matter if checkbox "Run in logged-on user's security contest" were marked or not. 

After some tests I recognised following:

1. If you map drive manually from Windows Explorer, second logged in user gets same red X on that drive

2. If you map drive manually and use "connect using different credentials" options and even enter credentials of logged on user, then the problem goes away.

3. So I created script which do it in following way:

net use Z: /delete

net user Z: \\dfsnamespace\root /user:domain\%username%

This works fine but I'm wonder that this bug a bit well known on Google and there is no any reaction from MS as well about this point. Could please hint me anything about this issue? I don't like this workaround and I think there has to be another way to solve this issue.

Greetings,

We currently have issues with opening the access to people working outside of the office for our VDI solution.

We recently bought the SSL certificate and we got a domain name already (let's call it domainname.com) as well as a local AD (let's call it local).

People at the office have no problems connecting to the server's local addresse (let's call it server.local), but whenever someone tries to open a RDP connection at home at server.domainname.com it does not work, even if the connection is initiated through https://server.domainname.com/RDweb.

Whenever the RDP is started, the certificate is validated but after the user type his/her credentials in we get:

"Your computer can't connect to the remote computer because an error occured on the remote computer computer that you want to connect to. Contact your network administrator for assistance."

In the even logs, on the home computer I have the following (under RemoteApp and Desktop Connections":

"Remote application (server.local) is launched on RemoteApp and Desktop connection (server.local) but no stored credentials are used for single sign on. (Reason - RemoteApp and Desktop connection does not exist)". Event ID: 1041

Under the server, I have Event ID: 301 in TerminalServices-Gateway, the exact log is (sorry that server is in French):

L’utilisateur « local\user » sur l’ordinateur client « 0.0.0.0 (censored home IP) » ne répond pas aux exigences de la stratégie d’autorisation d’accès aux ressources et n’a pas été autorisé à se connecter à la ressource « server.domainname.com ». L’erreur suivante s’est produite : « 23002 ».

Translated:

"The user “local/user”, on client computer “ 0.0.0.0 (censored home IP) ”, did not meet resource authorization policy requirements and was therefore not authorized to resource “externalURL”. The following error occured: “23002”.

Does anyone got an idea as to what the problem could be and how it could be resolved?

Thank you in advance for your time and help.

I know that there is many questions and requests about RDS licensing

I've recently purchase 10 per user licenses to be able to use RDS I installed Broker/Web Access/Licensing services on the same server (say RDServer) on which I installed the 10 per user licenses.

I've deployed Host server (no VDI) on this same server (RDSServer). At first, I wanted to use this server as an entry point to access other servers on my LAN. So, 10 users can open, simultaneously, up to 10 sessions on RDSServer and from this server each user can open a classic terminal service session on other servers (up to 2 sessions simultaneously on that server)

Now, things changed, I need to install Host Server on the servers in LAN, so the 10 users can open more then 2 sessions on them

My question is: Do I need to purchase more licenses ?

Any help please ?

Microsft states: (https://technet.microsoft.com/en-us/library/3660ac5a-7468-48d3-b7e8-5529de8fb6c5)

Verify that you have purchased enough CALs for the Terminal Server license server and that the Terminal Server Licensing mode matches the type of CAL available on the license server. Terminal Server licensing modes determine the type of CAL that a license server issues to a client. In Windows Server 2003, two types of CALs are available: Per User and Per Device. A Per Device CAL gives each client computer or device the right to access a terminal server that is running Windows Server 2003. A Per User CAL gives one user the right to access a terminal server from an unlimited number of devices. In this case, only one CAL is needed instead of a CAL for each device. Per User CALs are not monitored by Terminal Server. This means that even though there is a Per User CAL in the license server database, the Per User CAL is not decremented when it is used.

Hello, we have a 2012 Server R2 that we use a Terminal Server.  Users are having problems printing to redirected printers(network printers seem ok).  Sometimes it will work and other times it won't work at all or it will work until they log off then won't work after that.  I have the Group Policy set to use easy print driver first which has always worked in the past and we install drivers for the printers that don't work well with Easy Print.  I have tried changing the Group Policy, changed the Spool folder permissions, restart print spooler, restart the server but doesn't help.  I do get the event entries below but a google search has lead to dead ends.  This just started in the past 2 weeks so not sure what could have changed.  Thanks for any help.

Event Errors:

The document Print Document, owned by (user), failed to print on printer HP LaserJet 700 M712 PCL 6 (redirected 67). Try to print the document again, or restart the print spooler.

Data type: RAW. Size of the spool file in bytes: 197590. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: (Server). Win32 error code returned by the print processor: 122. The data area passed to a system call is too small.

Windows could not load print processor hpcpp165 because EnumDatatypes failed. Error code 126. Module: 7\hpcpp165.dll. Please obtain and install a new version of the driver from the manufacturer (if available), or choose an alternate driver that works with this print device.

Windows could not load print processor hpzppwn7 because EnumDatatypes failed. Error code 126. Module: 7\hpzppwn7.dll. Please obtain and install a new version of the driver from the manufacturer (if available), or choose an alternate driver that works with this print device.

Failed to upgrade printer settings for printer 1802 driver HP LaserJet 400 M401 PCL 6. Error: 1801. The device settings for the printer are set to those configured by the manufacturer.

I have a Windows remote desktop server and IEESC is disabled for administrators and users, however random users are getting a pop up when they browse the internet. 

I have checked the following reg keys are both set to 0

1. HKEY_LOCAL_MACHINE\ SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}\IsInstalled. 

2. HKEY_LOCAL_MACHINE\ SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}\IsInstalled. 

I have deleted the user profiles but still appearing. 

I remember when installing the RDS role you get the warning IEESC will be disabled for better experience so not sure why this is popping up all of a sudden. It's been working fine for some years. 

Any help or advice would be much appreciated. 

Thanks

Hello

I would like to deny access to windows partition (c:) for my UPD users (not just hide this partition) but when I do this, users are login with temoporary profile. I noticed it happens because when user is logged in the profile is created on c:\users\%USERNAME% and after logging out this profile is removed (and probably updating UPD).

UPD profiles are stored on D:\Users and I would like to move those "temp" profiles for example to D:\Users\Temp

How can I change default patch for those profiles? I know I could use registry:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

But it requires to do this manually for every user because of SID, but maybe Im wrong.

It would be great if I could do this only for the specified users

Regards

I've configured a RDS 2012 R2 Session based farm from the standard deployment but am having issues with our Linux based thin clients.

When connecting to the connection broker im just getting presented the logon screen of the connection broker so it isnt redirecting me to a session host. Ive applied the registry settings on the broker for redirection but they dont fix the issue.

Any help on this would be very much appreciated otherwise ill have to use another method of load balancing that I dont really want to do.

Hi,

I'm working on Windows Server 2012 and I want to create RemoteApp. Two users at the same time is enough for me, and I don't have need for additional RDS licenses. Is it possible to set it like that, because when I install RDS role it says that my trial will expire in 119 days.

Hi!

I have infrastructure
1. DC.mydomanin.local - Domain controller
2. CS.mydomanin.local - AD certyfication services - enterprise
3. RDS.mydomain.local - Remote Desktop Services

My computer is domain client. But when I'm on a client machine, I open the RD Web Access page (  HTTPS://RDS.mydomain.local/RDweb ) and get the Certificate Error page. I can still open RD Web Access by clicking 'Continue to this website'. RD Web Access and RemoteApp work fine, but how do I get rid of this Certificate Error in IE8?
How i can generate certification from my CS to IIS? 

How do you stop an RDP Session self-signed certificate warning from popping up when connecting to pooled VMs running in an RDS Virtualization Host environment?

Scenario is test using all 2012 R2 servers and RDS deployment. Certificates in use are internal CA and have added root cert from CA on all clients being used in the testing environment (domain-joined and non domain) to get past the usual cert issues with RD Web Access, RD Broker connectivity, RD Gateway... etc. However, cannot seem to get past the RDP session popping up a cert warning when connecting to a VM. The warning is related to the self-signed cert on the VM which in this case is Win7 Pro.

Basic entry to VM is going through RD Web Access and selecting the collection named associated with pooled Win7 desktops deployed on a 2012 R2 Hyper-V Virtualization Host.

Is it possible to have all contents rendered in a Windows 8.1-Pro + NVidia Card based PC?

Is RemoteFX the only way to have that including GPU acceleration?

Is Mandatory to have virtualization?

I want to have a thin client connected to a host that renders all the contents. The client just have to "paint". All that I have read refers to use a virtual GPU and can't see why is no possible to use the real GPU if just one user is going to be connected remotely to the windows machine.

Thanks in advance

I have a 2008R2 license server with 20 user cals. I also have a terminal server that everyone connects to. When I log into it as the local administrator account, it tells me that No RD license server is available, RD services will stop working in 50 days. If i connect to the terminal server under one of our domain user accounts, I do not get this message. When I do a licensing diagnosis under the domain account, things appear to be fine. 

"Licensing Diagnosis did not identify any licensing problems for the RD Session Host server"

"Number of licenses available for clients : 20"

And my license server is listed under the "Remote Desktop Services License Service Information" with good credentials and connectivity.

So Im confused - am I good? Or will no one be able to log in in 50 days?

Thanks

Hello!

I want to publish my https://my.company.com/rdweb to the internet to let my external users connect to published apps. Is it possible to use only 433 port to connect to the apps? I guess I should install rd gateway... Will external users receive rd gateway server settings automatically while opening published App icon?