Hello,

We have a pair of Windows 2008 servers that are running terminal services and all of the sudden we are no longer able to print to redirected printers on these servers.  We do, however, have other servers in the network where printer redirection is working no problem.

The same domain controller pair is in use for the terminal servers where the problem exists and for the servers where it does not exist.

We can add printers if we add the printer manually without the printer redirect working which makes sense but the redirects stopped working while no admins were present to make any changes that would affect this.

I'd be very grateful for any suggestions as we've tried everything we can find on technet short rebooting.

Thanks.

Dears,

i am having a problem redirecting the USB finger print device using RemoteFX,

i have a Windows 2008 R2 VM that is hosted in a VMWare ESX 5.5.

i have configured the client group policy, and selected the device in "local resources"

is there any extra configuration should be done to allow this device to be redirected.

regards,

Samer F. Mustafa Microsoft Technical Team Leader. sf_mustafa@hotmail.com

The users have a SSL cert installed with the private key so they can access a certain web site and when they access the site using the Windows 2012 R2 RDP server they are getting prompted with a Windows Security dialogue (Confirmation Certificate) and they press ok. Another user will now get the next message asking if to allow or deny access to the cert. If they click allow the web site will appear for the original user. 

'Client Certificate Private Key release prompt is incorrectly shown on a different session desktop rather than on the session desktop of the active user who has selected the client certificate to submit to a website.'

I have a client who is have a few issues with personal identify certificates for secure login to various websites through a Remote Desktop server (Unipass). Having read around on the issue I found a few who encountered a similar issue in various technical forums but could find no resolution mentioned in the posts. (I will post these after my account has been verified)

This is a Server 2012 R2 RDS and doesn't seem to be an issue based on the browser which is accessing the website. It has been tested with IE11 and the latest Google Chrome both of which have the same effect.

The behaviour can be replicated while shadowing the user session on an admin login. The user goes to the website, the certificate prompt appears and the user clicks ok to continue. For the user the website then pauses, seemingly processing the logon, however it is waiting for a certificate release prompt to be pressed to allow the website to use the certificate which has appeared on the admin session desktop that I am using, without any visibility of the user. Obviously this does not work in day to day operation.

Just to confirm the following also:

The client certificate is correctly imported and shows up in the personal certificate store of the user. The Third party CA has also been imported into the LM store.

Tried adding websites to Trusted sites in IE to raised integrity level from Low to Medium but that seemed to have no effect.

The issue isn't prevalent on Server 2008 and the personal certificates operate as you would expect, any prompts are directed at the user who is trying to use the certificate to identify themselves.

After Proc Mon traces the issue seems to be because read/write access to the certificate store/registry is denied so it reverts to LM which requires higher privileges and therefore appears on the admin desktop and not the desktop of the user who wants to use the certificate to connect to the website.

Can anyone point me in the direction of a fix for this issue?

IT architect - Terminal servers, virtualizations, SQL servers, file servers, WAN networks and closely related to software devleopment (8 years + experience in VB, C++ and script langugaes), MCP for SQL server and CCAA for Xenapp 6.5

Hi,

We have two Windows Server 2012 R2 RDS servers and one session broker since about a year back with about 30 users daily is working on.

Since yesterday four users on both servers have experienced a black screen while logging in through RDP, and my first though was a client side problem with persistent bitmap cache, but this is not the case. I've tried the following without success:

• Disable persistent bitmap cache.
• Change RDP client colors, resolutions and performance settings.
• Using multiple client computers to connect from.
• Force logoff the user and reconnect.
• Ctrl + Alt + End does nothing, if I repeatedly press this with a combination of escape and mouse clicks, the picture sometimes appears. But almost half the screen is still a black strip, and any windows places her can not be seen. Opening up Metro start menu also makes the screen completely black.
• Removing the synchronized user profile on the RDS session host and let it synchronize the next logon.
• Change Windows theme on the RDS server.

What seems to work is making the user domain administrator and connecting with mstsc /admin, after doing this it continue working without these permissions and the console session.

No changes have been made the last weeks on the servers, and it has been working before. The event log gives me no information what so ever.

What can I do more to find the cause of this, and solve it permanently? I fear more users will call regarding this during the day.

Thanks.

Hi all,

I have come across an error while using RemoteFX for Remote Desktop Session Host and would like some help in understanding it better.  As far as I can tell the error occurs when Remote Desktop Connection receives an RDP surface command while running within a locked session. This causes RDC to crash with the message "An internal error has occurred". I have only seen this error since upgrading Remote Desktop Connection to version 6.3.9600.  I don't believe this is a server issue as I can recreate the same problem connecting to an open source FreeRDP server using the same client.

To reproduce this issue I have the following setup:

Windows Server 2008 R2 Standard SP1 configured with Remote Desktop Session Host and RemoteFX enabled via group policy
Windows 7 Professional SP1 running Remote Desktop Connection 6.3.9600

I open a connection from the Windows 7 machine to the server using Remote Desktop Connection.  I confirm RemoteFX is enabled for the session by viewing the RemoteDesktopServices-RemoteDesktopSessionManager logs using Event Viewer. At this point the session appears to be operating normally.
I then lock the Windows 7 session with Remote Desktop Connection still running and visible on the desktop.  After a couple of minutes, I unlock the session and Remote Desktop Connection shows a dialog with "An internal error has occurred".  I believe that the error appears when the clock in the remote session changes, causing a surface update to occur.

Is this a known issue with the Remote Desktop Connection application?  It did not appears to be a problem with previous versions.  Are there any workarounds or will a new version of the client be made available in the future?

Thanks,

Duncan Williams

Hi,

I have a session host in a Windows 2012 farm which has issues with a certain software.
So I need to troubleshoot and test with this specific account and point it to a certain session host.
I can disallow new sessions to other servers and open only the one for the particular server but that's not workable + I have the risk users who just logon will get on the server and I don't want them to.

Tried to logon with mstsc option /admin but that doesn't work either.

Please advise.
J.

Jan Hoedt

Hi,

I have recently built a new Windows 2012 R2 domain for a client, all of the servers reside on a virtual ESXi platform, only a few of the servers actually have internet access, for patching WSUS and anti virus downloads.

The plan is to use use "jump hosts" to only show the RDWEB portal giving users the ability only to run the required applications they need, this is a highly secure environment. Everything is deployed and working as it should with no errors and all of the applications work fine, on the first Jump Host which has internet access the RDWEB page takes just over a second to load the logon screen, BUT the 2nd jump host which does NOT have internet access due to a range of IP's being blocked reaching the proxy server the RDWEB page takes over 2 minutes to load.

If I change the IP address of the 2nd jump host, still on the same subnet using the same gateway, but is allowed internet access due to a range of IP's being allowed to reach the proxy server then the logon screen takes just over a second to load, so it cannot be the config of the server or of the RDWEB, as the ONLY difference is that the "jump host" can or cannot get to the Internet via an IP address change.

I need to deploy the same system to an enclosed environment that has NO internet access so need to understand why the "jump host" needs internet access for the RDWEB logon screen to appear in under a second.

I have a domain-joined Windows 2012 R2 server with Remote Desktop services installed. It's the only RD session host in a collection. I'm using sessions on servers, not VDI, not RemoteApp.

Domain users placed in the groups given access to the Session Collection can log into the server and use it fine, but shortcuts/documents at C:\Users\Public\Public Desktop\ do NOT show on the desktop of some of these users.

I'm looking for reasons why this might be the case. I've tried changing permissions on the folder chain without success.

Hi,

Is it no longer possible to publish remoteapps using MSI?

The problem with this is that it's not possible to do file associations unless you use the Remote Desktop Web Connection.

Best regards

Kjartan

Hello,

I want to install 10 rds cal licenses on windows server 2008 r2, the server already has 20 licenses installed.

I go to RD licensing manager - install license - select desired method, but at some point i have to fill a box "Quantity" ( the number of licenses that will be available from this license server ), the question is :

What number i have to fill there ?  10 ? ( these are new purchased ) or 30 ( 10 new + 20 old ?)

Hi All

This may be a bit of a long one so please bear with me here.

We have an issue with 2012 R2 RD Gateway Services and UDP transport, specifically when using RD Gateway Services that are Load Balanced with Windows Network Load Balancing.

Before I go on, the RD Gateways are configured correctly. UDP port 3391 is public facing as is TCP port 443. Our lines are also not a cause for concern and I can wholeheartedly say that the issues I am about to describe are not bandwidth related. I believe this to be a genuine problem. The RD CAPs and RAPs are also fine and correctly configured and NLB is configured in Single affinity mode. The Load balancers VIP is then the publishing point through our firewalls out to the Internet.

Granted, Windows NLB is not the best choice here, however we simply cannot justify the cost of a hardware load balancer for our environment at present.

On to the specifics…

When connecting to a single, standalone 2012 R2 RD Gateway server from an RDP 8.1 compliant client device, one HTTP channel and two UDP side channels are established. One UDP channel for reliable UDP transport and one for best effort UDP transport. We can see that in RD Gateway Manager under monitoring, all three connections are active and the performance of the actual session is beautiful.

Now introduce Windows NLB into the mix. Session affinity is important here, as both UDP channels need to reside on the same RD Gateway, so this discounts any use of technologies such as DNS Round Robin, as this cannot make any guarantees that these UDP channels will actually end up on the same Gateway.

With the above configuration, we are seeing some very odd behaviour. When connecting to a remote desktop session, we see in RD Gateway Manager that under Monitoring, the HTTP control channel is established, however one of the UDP channels is either A) not active (i.e, the idle time continues to climb throughout the duration of an active session) or B) not even present. Whilst in both of these states, performance of the RDP Session (we’re talking session responsiveness / quality, not connection time) is very poor, even on the fast links that we have. Interestingly, the inactive UDP channel can then be disconnected from within RD Gateway Manager, the session then continuing on, albeit still in its continuing low performance state.

Now if we disconnect the RDP session and reconnect a few times, on about the fifth attempt, we will actually get a good quality, responsive session. Coupled with this, we can see in RD Gateway Manger that both UDP channels are now active as well as the corresponding HTTP channel. All of this is taking place form a Windows 8.1 client I hasten to add.

Please note that this is not a connection time issue. I have seen people post a couple of similar cases in various forums, only to be told to do things like disable auto detection of the RD Gateway to use for the connection. This is not our issue here. This is performance related and the connection time is actually very rapid (about 3 – 4 seconds typically).

I hope somebody can shed some light on this. If you need any more details, please ask away.

Kind Regards

Matt

I will put the question just as it was put to me.

"trying to see if remote desktop web access requires a registered domain name

my dad moved his server windows 2008 from his office to his house

he is now on a residential (dynamic IP) connection"

Like I said, pressed for time on this, just need pointer.  I honestly don't know that much about it, this is the first place I thought to come.

Thanks for the help.

Hi all, we have this issue on multiple servers:

Customers with their own local terminal servers (15 users, RDP to a server sessio) that have office 365 mailboxes are having issues with the windows search EDB file where it becomes HUGE (80+gbs).

Reason for this is because all these users have large ost files in which they share the same shared mailboxes (site specific for example) and there goes something wrong with the windows search index database file.

Temporarly we solve this by deleting and rebuilding the search index but in mere weeks the database edb file itself is back consuming a lot of space.

We CAN NOT AFFORD to work in ONLINE mode of outlook: the whole experience for end user is horrible. the outlook clients just react real slow because you're constantly working in mailboxes of sizes larger than 20gbs combined. So we managed to cache it for one month. 

is there any permanent fix to tihs, how can we make our outlook mailboxes work fine on this terminal server without caching? the experience is horrible if we don't cache.

Problem:
I can sometimes connect using my 2008R2 RDG (Remote Desktop Gateway), and sometimes not.  When I can connect, the connection is typically stable and performs as expected and will be so for hours at a time given that the connection is used (avoiding inactivity timeouts, etc.)  When I cannot connect, my only recourse is to keep trying, wait a few hours maybe, try again, try the other gateway, and eventually it'll work again.  Both gateways were setup the same, and they both behave the same.

When I look on the logs of the RDG servers (Event Logs > App/Svc Logs > Microsoft > Windows > Terminal Services-xxx) I see many "Info" logs that only indicate clients connecting and disconnecting.... in many cases the clients disconnect after 0 seconds; no errors/warnings.

When I look at the client logs (I've tried RD Conn Mgr v2.7 and mstsc.exe v6.3.9600) I see several entries similar to:
RDPClient_TCP: An error was encountered when transitioning from TcpStateConnectingTransport to TcpStateDisconnected in response to 2 (error code 0x80004004).  I'm identifying the RDG by IP address from the clients (certs are issued to the IP address).

I can ping RDGs no problem, and accessing https://<rdg_IPaddress>/ works just fine with no security warnings at all times.

When already connected to a client, a new connection attempt will sometimes trigger the functioning sessions to freeze, and I can no longer connect/re-connect to any internal clients.

Setup:
I have 2 2008R2 RDGs (Remote Desktop Session Host, License Server, Gateway roles/features installed) that are NOT farmed together (unique IPs/hostnames), but are part of a small local DMZ domain.  These are using self-signed certs that have been installed on the relevant remote clients.  They are used to connect to many different 2008R2 nodes on an 'internal' network.

Firewall is forwarding TCP 80, 443 for remote RDG sessions, and 3389 for the internal RDP nodes.

Some clients experience this more than others.  It's not consistent between clients... one client may be functioning properly, and another may be unable to connect.  Typically one RDG will be working, and the other not, however sometimes they both work.

Help!!!  Any other logs to look at?

Hi,

I've had some certificate warnings in the past and thought it was a good idea to fix it by assigning my public wildcard certificate to my internal RDSH servers.
as it turned out in this topic https://social.technet.microsoft.com/Forums/en-US/6a70ed2e-46af-4891-92ff-c8bab6ec94a3/customrdpproperty-use-redirection-server-name?forum=winserverTS it wasn't that good idea.

So that was rolled back.

But now the certificate warnings are back.
'This certificate is not from a trusted authority'

When I take a look at the certificate that is linked to the RDP-TCP listener it was issued to server1.domain.local and issued by server1.domain.local.
We have an internal CA, but that is currently not set up to provide certificates automatically.

To get rid of these warnings I need to request a certificate from the CA and again change the certificate linked to the RDP-TCP listener. (http://www.vkernel.ro/blog/replace-the-default-self-signed-certificate-on-a-rd-session-host-server)

Or is there a better way?