Hello, Currently ruuning a 2008 R2 RDS farm with a single connection broker. All is working well.
Is it possible to have another seperate farm managed by the same connection broker and only give access to a select AD group of users?
thanks for your help
All,
Thank you for your time.
My question is do you know of any MS documentation that shows how to properly set this up? I understand the implementation process of standing up a RDS farm but I am having an hard time finding any official documentation for implementing a single session broker that manages multiple farms. Would you have any information that explain how to setup a single connection broker that manages multiple RDS farms on Server 2008 R2?
Any help or links would be greatly appreciated.
Thank you,
Rob Jaudon
Thank you for your help and time, Robert Jaudon
I have a Server 2012 box that we would like to use Remote Desktop on to perform administrative tasks. IE, install updates to various applications, OS, whatever. We set the service up and RDP complained that it doesn't have a license. Looking over this document from Overview of Remote Desktop Licensing it appears that we don't actually need a license if we're merely performing administrative tasks.
So I feel like for what I'm trying to do here, I don't need any RDP licenses. BUT when the user logs into the server to do their tasks, they're told that there aren't any license servers. So how do I go about setting up the user?
I have a desktop installed with window server 2012. I installed Connectify to create a wifi hotspot, and added active domain role on it with domain abc.com .
Then, on another laptop installed with window server 2012, I connect to the wifi hotspot, and joined the domain abc.com. I then installed hyper-V. After restart, I installed RDS (All 3 roles on same computer) and during wizard, i ticked the checkbox to create new v-switch. However, unlike every post i found, the RDS v-switch is not created. (On this laptop, I have 2 network card, one is cable, one is wifi. The cable port is not connected to anything, wifi is connected to the wifi hotspot mentioned earlier.)
I need this vSwitch for my template vm to create a collection of managed pool desktop. I tried creating the vSwitch manually but I have no idea how to configure the network and it didnt work. Can anyone tell me why is the RDS v-switch not created?
ps: I also tried installing a loopback adapter, configure it with dummy Ip without gateway, and then run the add RDS role wizard. The v-switch is still not created even though i ticked the checkbox to create new v-switch.
Hi,
We have Remote Desktop Server on Cloud and wanted to apply CAL license to it. Wanted to know what if the server crashes and couldn't be restored from snapshot. Am I going to lose the license or can I build a new Server and apply same license? is the RD License is hardware based or IP based?
Thanks in Advance.
Regards,
Sandeep.
Regards, Sandeep.
I have a couple of questions related to the Windows Server 2012 R2 Remote Desktop Role:
1. User Profile Disk location on DFS:
In my home test lab, which includes one DC and one member server, both Windows 2012 R2, domain functional level 2012 R2, with only the default GPOs in place, I am able to store the User Profile Disks for a RDS Session Collection on a DFS path, with the DFS namespace being created with default values (win 2008 mode).
However, at client site, when attempting to use a DFS namespace (created also with same default options), I get:
"Could not create the template VHD. Error Message: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))"
I eliminated the possibility of it being an NTFS/share permission issue by granting "everyone" FULL access share and NTFS permissions. I am able to browse to the same DFS share location in Explorer, and manually create files in there with no problem.
A workaround is to use the direct UNC path that points to the share on the actual server itself rather than using the DFS path. This works fine.
Obviously there are many GPOs at client site and so I really wouldn't know where to start looking if it was a certain policy preventing the UPDs from being stored on DFS path. Can anyone provide any advice?
=============================================================================
2. I want to confirm where I need to apply certificates for the RDS solution in place. This is what we have:
2 RD Brokers working in HA mode with a SQL Database
4 Session Hosts, all part of one session collection
We are not using RD Gateway, nor are we using the RD Web Access (design choice by the TAs).
There are two DNS A Records set in DNS that points the Session Collection Name to the IP address of the primary broker and secondary broker, each being on a different subnet, which caters for users being connected to their site specific broker.
Users will have to open MSTSC, and connect to "SessionName", and this is where DNS will point them in the direction of the broker, which in turn will point them towards the next available session host. This works fine. Without any certificates in place, we see two certificate warnings:
1) From the broker server
2) From whichever session host server I've been redirected to.
There are plenty of blog posts online about which certificates to apply but they don't all match up as to what is required. If we want to eliminate both the above certificate warnings, what's the minimum we need to do? I believe we need to apply the right kind of certificate for both the "Enable Single Sign on" and the "Publishing". However under guidance we were told to apply only the "publishing" one. In addition, we have used Step 17 here: http://www.derekseaman.com/2013/01/creating-custom-remote-desktop-services.html to change the Remote Desktop Services certificate manually on the broker, to use our own CA issued cert.
The CA issued cert is issued to CN=*.domain.com with a SAN of "SessionName".
This eliminates warning 1) above but warning 2) still remains. Does this mean we have to also change the Remote Desktop cert manually for each session host, or is there a better way of doing it, perhaps by setting a cert for "Enable Single sign on" as above? PS we use no remote apps at all. Just MSTSC to the SessionName.
Thanks
We have multiple RDSH server in workgroup. These servers are in different vlan. We need to allow more then 2 RDS sessions on these servers. For some reason we do not have the option to add the servers in domain.
My question is if I install a new RDS license server in one vlan. Will the other RDSH servers in other vlan will be able to take license from the license server and grant it to the users or device connecting to those RDS servers. Firewall ports can be opened between these vlans for license server communication.
or
Do I need to have separate license server for every vlan?
Hi all,
I have set up a 2012 R2 server with RDS. Recently, when we try and browse portal.office.com (or any other Office 365 site) using Internet explorer 11, we get a blank page. It works fine with Chrome no problem.
Here is what I have tried up to now:
I am at a loss and do not know what can be causing this.
Any clues?
Thanks in advance,
Michael
MichaelB
win 10 client
win 2012 r2 server
publish an app NOT a desktop
On client:
new session created on server with correct user.
If you wait 20 seconds before running the second rdp file, then you'll get a new session.
If the rdp files contain remote desktops, the credentials work correctly.
Can this be fixed with config?
Is it a bug? How is it not a bug?
This is a huge security hole
Problem remains even if cmdkey / credmanager is used.
So, i recently upgraded my workstation to win10 and installed the RSAT Tools für Win10.
Since then the Remote Desktop Services Tab in Server Manager doesnt show RDS Collections anymore.
I tested this on 2 other win 10 machines (not showing up) and a few win 2012 r2 servers (collections do show up).
Whats the deal? What do I need to get my collections to show up again?
Hi,
we have an environment with 4 RDS Session Hosts, 2 Connection Brokers and 1 Remote Gateway. All machines are Windows 2012 R2. The users use Romaing Profiles and Folder Redirection.
Users, inside their RDS Session, launch a RDP connection to another server and enable the checkbox to save their credentials to RDP client. This works untill the servers are rebooted.
There is a method to save definitively their RDP credentials?
Thank You!!
-Davide S.-
Scenario:
Users assigned 3-4 RemoteApps and a Pooled Desktop during pilot phase. Connection Broker and RDWEB Server remain the same during production rollout. The test Session and Virtual Desktop Collections were removed, and new ones created.
Accessing either the RDweb page through a browser or via the Start Screen Remote Desktop App, users who participated in both the pilot and production phases are presented with both the new working remoteapps and desktops, as well as their former assigned ones. The old ones do not actually work, giving an instant "can't connect" error, but because many of the assigned apps are the same as those used in production, the resulting duplicate tiles / icons are problematic to say the least.
How does one clear these from the users' RDS assignments?
heuristik
Hello,
We're building and RDS environment and are running into a use issue we don't like. We're going to serve RemoteApps strictly from the Web interface. We have the login working without requiring the domain to web but can't seem to get the RDP login to work without requiring the domain.
I've tried to set the customRDP settings but they never make it to the RDP file that is downloaded.
Set-RDSessionCollectionConfiguration -CustomRdpProperty "use multimon:i:0`nusername:s:DOMAIN\"
I've also added to the RDS HA Database and tried the domain custom property as well. Nothing seems to work.
I followed these directions for the web, and they worked great: msfreaks.wordpress.com/2014/07/22/properly-removing-the-domain-prefix-requirement-from-rd-web-access-2012-r2/
Does anyone know if it's possible to get this to work?
Where is the certificate stored on the RD Connection Broker?
Lee
We are building a Remote Desktop Services environment using Windows 2012 R2 servers.
What is the significance of "Apply the certificate that is stored on the RD Connection Broker server" option in "Select Existing Certificate" dialog when configuring "Role Service" certificates?
It seems that Remote Desktop Services can be configured using the Server Manager from any domain member server so why the emphasis on RD Connection Broker server?
Thank you in advance.
Ben
All,
I am trying to get a new 2012 RDS farm up and running. The setup I am going for is a 3 server setup with 1 Connection Broker and 2 RDSH servers.
My question is does the 2012 CB behave the same way the 2008 Dedicated Redirector did? Meaning should the farm point (DNS) to the 2012 Connection Broker and does it forward the connection request to the RDSH servers?
Thank you for your help and time, Robert Jaudon
Currently, I am running 2 servers in a High Availability config. Both have NAP installed. Users in the local domain have no issue getting through the RD Gateway. We have another domain connected by VPN and a 2-way trust. The users from this connected domain do not get authenticated. I have tried both through the Web Access page and directly through RDC (with both the domain\username andusername@domain format). Also, I can do a "runas" command with the connected domain user and have no problem authenticating. I have added both of the gateway servers to both AD domains RAS and IAS servers group. When I user attempts to log in, I get this error (#6274) in the Event Viewer / Security logs:
Network Policy Server discarded the request for a user.
Contact the Network Policy Server administrator for more information.
User:
Security ID: NULL SID
Account Name: WM\user
Account Domain: WMC
Fully Qualified Account Name: WM\user
Client Machine:
Security ID: NULL SID
Account Name: ***SurfacePro4
Fully Qualified Account Name: -
OS-Version: -
Called Station Identifier: UserAuthType:PW
Calling Station Identifier: -
NAS:
NAS IPv4 Address: -
NAS IPv6 Address: -
NAS Identifier: -
NAS Port-Type: Virtual
NAS Port: -
RADIUS Client:
Client Friendly Name: -
Client IP Address: -
Authentication Details:
Connection Request Policy Name: TS GATEWAY AUTHORIZATION POLICY
Network Policy Name: -
Authentication Provider: Windows
Authentication Server: WMC-AX-***-2.WMC-AX.***
Authentication Type: Unauthenticated
EAP Type: -
Account Session Identifier: -
Reason Code: 5
Reason: The Network Policy Server was unable to connect to a domain controller in the domain where the account is located. Because of this, authentication and authorization for the RADIUS request could not be performed.
Any help would be greatly appreciated.
I've set up a HA Connection Broker cluster, and in order to get the web gateway working again, I need to set up a new RAP policy that specifies the RD Broker RR Address, but every time I try, when I click 'Add' in 'User Groups' (And anywhere else in the MMC, it seems), the MMC crashes with the following output:
Problem signature:
Problem Event Name: BEX64
Application Name: mmc.exe
Application Version: 6.3.9600.17415
Application Timestamp: 54504e26
Fault Module Name: clr.dll
Fault Module Version: 4.6.1055.0
Fault Module Timestamp: 563c12de
Exception Offset: 00000000002fdbd8
Exception Code: c0000409
Exception Data: 0000000000000002
OS Version: 6.3.9600.2.0.0.400.8
Locale ID: 1033
Additional Information 1: 96f9
Additional Information 2: 96f9c5010a52aa0dfa6dd4f9281ffe93
Additional Information 3: 7b9b
Additional Information 4: 7b9b3ea08d2dac897bb696ccf51055a9
As far as I can tell from searching, it seems to be .NET that's crashing, but I haven't found any solutions.All three servers (Web Gateway and both Connection Brokers) are fully patched.
has anyone else sen this and/or have any ideas how to either fix it or maybe some kind of workaround?