Hello,

I have new 2012 RDS enviornments with 2012 r2 gateways and 2012 session host. From Windows 7 machines, Ive been telling customers to use the latest client RDC 8.1 which works great. It wont work with RDC 7.1 which is fine.

Besides new features in the new clients and in windows 2012 R2, is there a scenario where rdc 7.1 might work connecting through a 2012 R2 gateway?

I was just curious as to exactly why 7.1 will not work. Is it just the new features, or does it have to with crypto as well?

I was thinking it might have to do with 7.1 using RPc over HTTP and 2012 R2 doesnt do that anymore.

Thanks

I have installed an RD Connection Broker, web access, and licensing server (12rdgate1).  I have linked this server to a public ip address and natted the standalone firewall to access ports 443, and 3389.

When I browse to the website, I am presented with a login.  After authenticating, I get presented with a published RemoteApp.  After clicking on the RemoteApp, I am presented with another login screen.  After logging in, it appears that it is doing something.  After a few moments, I get an error message:  "Your computer can't connect to the remote computer because an error occurred on the remote computer that you want to connect to.  Contact your network administrator for assistance."

I have checked the event viewer on 12rdgate1 for errors in the system, security, and application logs and can't find any entries relating to the time of the event.  I've even cleared the logs (after saving them), and re-tested with no entries relating to the problem being shown.

I only have one terminal server in the collection for the remote app.  I have also cleared those logs (system, security, and application), and re-tested, with no entries relating to the problem being shown.

If I attempt to do this internally, I don't get errors, and things work the way that they should (Using a laptop that is connected via wireless internally, and through a hotspot to get access externally).  I have even tested this from home with the same results.

I have seen in articles relating to Windows 2008 R2 about changing the security negotiation to a different level, but, can't find that to test here.

Certificates are from a separate certificate server that was created internally, and the certificate root has been imported into all machines, along with the intermediate certificate as well.

I've run out of things to check.  Can someone point me in a direction to find this problem and fix it?

Thanks for your time.

Jimmy

Hello, 

I have a very frustrating problem. I want to use Windows 2008 R2 Terminalserver with Outlook 2016. 

Unfortunately every time a user starts Outlook, he installs the 64 bit Components. It seems there is one solution: Installing Windows Search Role and starting Outlook in Installation Mode. 

Seems to work. With that solution, there is another problem: It is not possible to search in pst-files. Windows error log says event ID 3036. Looks like, Windows Search cannot index pst-files (in network). The possible solution to disable indexing for Outlook does not work because the configuration change got reseted after relogin. This might happen because of our Roaming users. 

As you can see, I have one problem. When Windows Search is installed, pst-files are not searchable. When Windows Search is not installed, Outlook 64 bit Components get installed every start of Outlook. 

Is there anybody who has other ideas for a solution? 

Thank you for your help. 

Jens

Hi,

How does Windows 10 IoT Enterprise supporting Remote Desktop Services - VDI and Session Deployments? Is there any documentation available? Dell is delivering Wyse Zero Clients with Windows 10 IoT Ent:

http://www.dell.com/us/business/p/wyse-d-class/pd?layoutvariation=MasterPageFileVariation2

Thanks,
Al

Hello, below mention error comes every 2nd day on windows 2012 R2 Standard and can not open any thing in server. Desktop goes black then only solution to restart server. Advice please.

Log Name:      Application
Source:        Application Error
Date:          4/6/2016 5:17:00 PM
Event ID:      1000
Task Category: (100)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      WIN-QNQV536U26R
Description:
Faulting application name: cmd.exe, version: 6.3.9600.17415, time stamp: 0x545042b1
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18202, time stamp: 0x569e7d02
Exception code: 0xc0000142
Fault offset: 0x00000000000ecdd0
Faulting process id: 0x20d98
Faulting application start time: 0x01d1900efbdf6305
Faulting application path: C:\Windows\SYSTEM32\cmd.exe
Faulting module path: KERNELBASE.dll
Report Id: 3990b34b-fc02-11e5-80e7-2c44fd7e50ff
Faulting package full name:
Faulting package-relative application ID:
Event Xml:
< Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Application Error" />
    <EventID Qualifiers="0">1000</EventID>
    <Level>2</Level>
    <Task>100</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2016-04-06T14:17:00.000000000Z" />
    <EventRecordID>7247</EventRecordID>
    <Channel>Application</Channel>
    <Computer>WIN-QNQV536U26R</Computer>
    <Security />
  </System>
  <EventData>
    <Data>cmd.exe</Data>
    <Data>6.3.9600.17415</Data>
    <Data>545042b1</Data>
    <Data>KERNELBASE.dll</Data>
    <Data>6.3.9600.18202</Data>
    <Data>569e7d02</Data>
    <Data>c0000142</Data>
    <Data>00000000000ecdd0</Data>
    <Data>20d98</Data>
    <Data>01d1900efbdf6305</Data>
    <Data>C:\Windows\SYSTEM32\cmd.exe</Data>
    <Data>KERNELBASE.dll</Data>
    <Data>3990b34b-fc02-11e5-80e7-2c44fd7e50ff</Data>
    <Data>
    </Data>
    <Data>
    </Data>
  </EventData>
< /Event>

Hi,

I have an issue with shadowing, in that it doesnt work. Our IT provider insist on changing the RDP listening port to non default, eg 2888, so in order to RDP to a server I have to use 10.10.10.10:2888 in the mstsc gui, for command line this works fine too and I have setup RDS correctly to use this for the clients.

However when it comes to shadowing, it doesnt seem to work. I assume that the default shadow command just tries to connect to 3389

for example "mstsc /shadow:4 /control /V:10.10.10.10"

This brings up the accept dialogue for the user, but when they accept, nothing happens.

If I use "mstsc /V:10.10.10.10:2888" I can RDP to the server without any problem.

However if I use "mstsc /shadow:4 /control /V:10.10.10.10:2888" to shadow a user, it doesnt work and says invalid server name

what am i doing wrong?

Thanks

Hello,

We have been notified that our license is about to expire so after going to Administrative tools - Remote Desktop Services - RD licensing manager - Right clicking our server I have entered our license number and activated it.

Result: http://i.imgur.com/MJWgVUE.jpg

Thought we are good. Today again I saw a warning notification in event viewere that it's about to expire.

ID: 1068

ID: 1129

Still everything is green in RD licensing manager ( Imaage from before)

Upon checking on RD licensing manager ( Via server manager ) two warnings are shown:

http://i.imgur.com/hANj91i.png

Now since we are working in WORKGROUP I'm unable to find any way to set RD licensing mode.

Found a guide which tells me to edit two gpedit.msc settings :

Set the remote desktop licensing mode : per device
Sse the specified remote desktop license server: IP address of the server

I'm not too found with editing local group policy settings so I'm asking would this be our solution?

Hi

I have startet to setup the company i work for terminal setup.

The setup is like this 4 servers, 1 gateway, 1 connection broker and 2 RDS servers.

i have setup the rds servers to use User profile disk, now the issue is that then i logoff my admin, and look on disk management.

it still keeps the disk mounted. under logoff i get 2 events but no errors. Desktop Windows Manager has exited with code (0xd00002fe) Event id 9009 and 

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. 

DETAIL -

 1 user registry handles leaked from \Registry\User\S-1-5-21-606747145-261478967-682003330-10137:

Process 1260 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-606747145-261478967-682003330-10137\Printers\DevModePerUser

Event ID: 1530

hope that someone have a idear.

Hi all,

Some time ago I opened this thread:
https://social.technet.microsoft.com/Forums/en-US/08f91854-27c2-4bc8-8845-d2435db51c1f/hanging-upd-profiles-in-2012-r2-rds-environment?forum=winserverTS

Since then I've made some changes in the GPO's, but this seemed to have the affect that a lot of users now get TEMP profiles in de RDS environment regularly.

The Event Viewer System logs show these messages:
Event ID 16: The access history in hive \??\C:\Users\USERNAME\ntuser.dat was cleared updating 2157 keys and creating 297 modified pages.
Event ID 16: The access history in hive \??\C:\Users\USERNAME\AppData\Local\Microsoft\Windows\UsrClass.dat was cleared updating 367 keys and creating 47 modified pages.

Also there are a lot of these events logged:
Event ID 20499: Remote Desktop Services has taken too long to load the user configuration from serverboth DC's for user USERNAME

This leaves the User Profile Disk corrupt and the only way to resolve this is to restore the UPD from an earlier moment.

Any thoughts?
I see a lot of RDS logs and searching online give a lot of results (non-related) back.

Kind regards,

Matthijs

A single user is receiving a Runtime Error when logging into RD Web Access (Server 2012). I did notice an event pop up in the Application log:

Level: Warning

Source: ASP.NET 4.0.303190

Event ID: 1309

Task Category: Web Event

Event code: 3003
Event message: A validation error has occurred.
Event time: 8/5/2013 9:23:11 AM
Event time (UTC): 8/5/2013 1:23:11 PM
Event ID: db80b8f6c5f54803a050624241698c18
Event sequence: 3302
Event occurrence: 13
Event detail code: 0

Application information:
    Application domain: /LM/W3SVC/1/ROOT/RDWeb/Pages-2-130171705261678145
    Trust level: Full
    Application Virtual Path: /RDWeb/Pages
    Application Path: C:\Windows\Web\RDWeb\Pages\
    Machine name: VDICB12KDC01

Process information:
    Process ID: 1044
    Process name: w3wp.exe
    Account name: IIS APPPOOL\RDWebAccess

Exception information:
    Exception type: HttpRequestValidationException
    Exception message: A potentially dangerous Request.Form value was detected from the client (UserPass="sfjt<KADM").
   at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection)
   at System.Web.HttpRequest.ValidateHttpValueCollection(HttpValueCollection collection, RequestValidationSource requestCollection)
   at Microsoft.TerminalServices.Publishing.Portal.FormAuthentication.TSFormsAuthentication.ExtractInfoFromForm(HttpContext objHttpContext)
   at Microsoft.TerminalServices.Publishing.Portal.FormAuthentication.TSFormsAuthentication.OnAuthenticateRequest(Object source, EventArgs e)
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)



Request information:
    Request URL: https://<server>:443/RDWeb/Pages/en-US/login.aspx
    Request path: /RDWeb/Pages/en-US/login.aspx
    User host address: 10.77.110.77
    User:
    Is authenticated: False
    Authentication Type:
    Thread account name: IIS APPPOOL\RDWebAccess

Thread information:
    Thread ID: 14
    Thread account name: IIS APPPOOL\RDWebAccess
    Is impersonating: False
    Stack trace:    at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection)
   at System.Web.HttpRequest.ValidateHttpValueCollection(HttpValueCollection collection, RequestValidationSource requestCollection)
   at Microsoft.TerminalServices.Publishing.Portal.FormAuthentication.TSFormsAuthentication.ExtractInfoFromForm(HttpContext objHttpContext)
   at Microsoft.TerminalServices.Publishing.Portal.FormAuthentication.TSFormsAuthentication.OnAuthenticateRequest(Object source, EventArgs e)
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Good day!

So, i have a small problem understanding certificates for RDS environments.

HEres what I have:

a broker with the name RDSBroker.site1.contoso.com

several RDSHs with names like RDSHXX.site1.contoso.com, where the XX stand for the number of the server, for example RDSH01.site1.contoso.com. Currently i have 01-04, in the future there will be a lot more and i cant say right now how much.

my collection, which is named WTScollection is accessed through round robin DNS. meaning, my colletion name has a entry in the DNS for every RDSH's IP.

When I connect to WTScollection i get the first certificate warning from on of the RDSHs, for example RDSH03.site1.contoso.com. And if the Breoker decides to redirect me i get a second certificate warning from another RDHS.

What kind of certificate do i need exactly (i assumed wildcard vertificate or SAN certificate?) and on which Servers does this need to be imported and in which location?

Has succesfully installed Office on both the session hosts as specified in artichle https://technet.microsoft.com/en-us/library/dn782858.aspx. 

As long as i only use one host it all work prefect, but if I get logged onto host 2 I get this error.

It still works if i press OK. but the message keeps popping up if I happends to switch host again.

Any help or suggestions is appreciated.

Hello,

i have a curious problem which i am not able to properly solve...we have some clients which are connected through vpn client connection or even vpn site to site connection

We have the following infrastructure

LoadBalancer (one VIP listening for port TCP/443, TCP/3389, UDP/3391)
VIP DNS Names = rdpbroker.local + +rdweb.local + rdpgw.de
-> rdpbroker address accessed by the Clients (rdpbroker.local) AND rdp Gateway address (rdpgw.local)

RDP Brokers (rdweb, Gateway and Broker installed)
rdpbroker01.local
rdpbroker02.local

RD Session Hosts
DNS Name = rdsh01.local
DNS Name = rdsh02.local
DNS Name = rdsh03.local
DNS Name = rdsh04.local

IP(!) is permitted for the Clients to all Systems, all Server Systems are in the same subnet (VIP included). This are the Settings for the collection

And this is a sample application rdp file

redirectclipboard:i:1
redirectprinters:i:1
redirectcomports:i:0
redirectsmartcards:i:0
devicestoredirect:s:*
drivestoredirect:s:C:
session bpp:i:32
prompt for credentials on client:i:1
span monitors:i:1
use multimon:i:1
remoteapplicationmode:i:1
server port:i:3389
allow font smoothing:i:1
promptcredentialonce:i:1
videoplaybackmode:i:1
audiocapturemode:i:1
gatewayusagemethod:i:2
gatewayprofileusagemethod:i:1
gatewaycredentialssource:i:0
full address:s:rdpbroker.local
alternate shell:s:||calc
remoteapplicationprogram:s:||calc
gatewayhostname:s:RDPGW.de
remoteapplicationname:s:Rechner
remoteapplicationcmdline:s:
workspace id:s:rdpbroker.local
use redirection server name:i:1
loadbalanceinfo:s:tsv://MS Terminal Services Plugin.1.FARM_Name
alternate full address:s:rdpbroker.local
signscope:s:Full Address,Alternate Full Address,Use Redirection Server Name,Server Port,GatewayHostname,GatewayUsageMethod,GatewayProfileUsageMethod,GatewayCredentialsSource,PromptCredentialOnce,Alternate Shell,RemoteApplicationProgram,RemoteApplicationMode,RemoteApplicationName,RemoteApplicationCmdLine,RedirectPrinters,RedirectCOMPorts,RedirectSmartCards,RedirectClipboard,DevicesToRedirect,DrivesToRedirect,LoadBalanceInfo
signature:s:

I tried Telnet on the ports, ping, mstsc on the address rdpbroker.local...everything works like expected but when i use the applications through radc they try to connect to the Gateway...but i dont know why?

Can someone explain why the Client doesnt recognise he is in the lan?

Any help is very welcomed

Thanks in advance

Kind regards

Hello,

normally we use published applications (remote apps) for our Clients, but we have thinclients which are not capable to use remoteapps, so we need to provide them remote desktop sessions

While we do not want to place more remote desktop session Hosts, we want to run our rdsh as remoteapps and remote Desktop Hosts

So far no Problem
- Remoteapp Clients use RDWeb or RDAC rdp files to access everything. Works flawless, no Problem. Selected certificate for deployment is used for everything.
- Remotedesktop Clients just use our Broker Adress to Access the farm. Works so far...but the Clients throws warnings about the certificate.
-> This can be solved running the following command
wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="<hash of our certificate>"

This sets the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
SSLCertificateSHA1Hash

But if i have this value, i run on remotedesktop Gateway (with Windows Application Proxy) on Error 0x607...so solve this Problem i have to remove this key (see https://social.technet.microsoft.com/Forums/windowsserver/en-US/e0f8f58f-58c9-49fc-9d48-f6bfde830f17/rdweb-authentication-error-0x607 )

But now i have again the untrusted self signed certificates when i connect to the Desktop...so?

I deleted the self signed certificate from the remotedesktop cert store...changes nothing, after reboot it is there again. The certificate i want to use is in the "remotedesktop cert store", the Network Service has access to the private key.

Does anyone know how to prevent the generating the self signed certificate and force the well known certificate not only for remoteapps without the SSLCertificateSHA1Hash key? The certificate i want to use is a SAN certificate which includes the session host Name as fqdn and short name

Thanks in advance.

Hello

is it possible to use out-gridview on application in remoteAPP ?

Get-Service | Out-GridView work fine in TSE connection

but don't work on remoteApp session

Hi guys

I have this issue in RDS 2008 where users keep getting disconnected and prompted for credentials.

I have checked:

• Configuration Properties > Sessions "Active session limit" to Never (force it by overriding user settings).
  This has been set through group Policy
• The licensing appears to be correct with no errors
• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server
  fDenyTSConnections and all RDSH servers have set to 0.
• No HTTP redirection on default web site.

I checked a few other things, but nothing has prevailed.

I found the Event 4634 where accounts were being logged off on the AD server.

Im not too sure what the cause is, anything to look for?

Thanks
NN

My laptop with windows 10 with MRD is ok, but my my MacPro with latest operating system give the error when opening remote : "The requested session access is denied". 

The password is verified by the owner of the server. 

Jonny

Hi,  We have a Server 2008R2 Term server setup.  Have the sessions settings to never disconnect.  But users are still getting disconnected after 10 minutes or so if Idle time.  No idea why it starting doing this.  It just started happening about a week ago and I can't figure it out.  It's a member server in a SBS 2011 domain. 

Thanks

Brian

We have deployed Work Folder for our user with Folder redirection for some folder like desktop or documents.

This work well however when those user need to connect to the Remote Desktop Server, they have no way to access their document since the folder redirection will point to the right location, but will not sync with the server copy since there is no Work Folder client for R2012 R2.

So since Work Folder is deployed per gpo, using a user gpo, there is no way to detect using the GPO if the user is logging to his laptop or the RDS session, therefore beside using loginscript, I have no way to fix that, or create a different folder redirection base on the computer.

Does anyone have a solution for this?

Hello,

Is there anyway to change the default level of tls 1.0 for gateway server. I noticed that once I disable tls 1.0 in the registry on the gateway server, windows 7 machines with  RDC 8.1 cannot connect to the gateway. however, win10 machines still can connect. Once I turn tls 1.0 back on win 7 machines can connect great.

So can i have the gateway use a different encryption level?

Let me know if i need to provide more details.

Reference:

https://technet.microsoft.com/en-us/library/dd320345%28v=ws.10%29.aspx

"By default TLS 1.0 is used to encrypt communications between Remote Desktop Services clients and RD Gateway servers over the Internet. TLS is a standard protocol that helps to secure Web communications on the Internet or intranets. For TLS to function correctly, you must install an SSL-compatible X.509 certificate on the RD Gateway server."

**update: So it might not be the gateway that handles that handshake between client and gateway. As I mentioned, I tested connecting from windows 2012 R2 machine. In the logs, the handshakes were tls 1.2 all the way. however, on a win7 with rdc 8.1, it drops back to tls 1.0 on the gateway connection. Not sure why.

Thoughts?