The initial launch of an app shows a logon screen with
title: Waiting for remoteapp programs to start
Please review any messages that appear
Showing our logon banner, and then loading profile etc...is there a way to not show this to each user on the initial app launch?
Edit: We are using Windows 2012 R2 for the gateway and hostHi All,
I hope someone out there can help us. We have a RDS 2012 deployment with the following configuration (.N.B. all servers are VMs on vSphere 5.5 Enterprise and brand new Dell servers and we have zero network issues as these have been fully checked several times)
2 x RD Connection Brokers (2012 R2)
2 RD Licence Servers (2012 R2)
1 x RD Web Access (2012 R2)
1 x RD Gateway server (2012 R2)
2 x Session collections, one with 10 Session Hosts and one with 4 session hosts (all session hosts are 2012, not R2)
We are experiencing a very very strange situation where the RDG simply stops procession connections randomly. there are absolutely no errors, warnings or critical events logged in ANY of the event logs (and we have trawled through every single one of them!(and the service does not stop or crash in the traditional sense. we also cannot launch the gateway manager console when this happens. if we restart the service then all is fine and users can reconnect. we have even replaced the gateway with a brand new box and the issue still prevails. All clients that connect through the RDG are a minimum on Windows 7 and have at least RDP 8.0 installed
Has anyone else seen this? it is becoming a real issue for us and people are losing faith, as they do
hello
it is a common need that in our RDSH server 2012 R2, we want to see from which computers are now connected to our session collections
i verified both server manager and powershell Cmdlet such as Get-RDUsersession, but none of them shows from which IP address or computer client's computer name or ip address. both only shows server's IP address.
i remember that tsadmin.msc in server 2008 had such ability.
any workaround ?
thanks in advanced
Hello,
This is my first post, and it's more of a "this is what worked for us and I couldn't find this fix ANYWHERE" thing.
We have recently setup a new RDS environment to replace a pathetic wheezing old TS system.
We are running 9 session host servers in three pools hosting three collections - A, B and C. All the session host servers appear in the pools, accept new connections, and apps are configured and working. No problems here.
We have 2 web front end servers in our DMZ, Port 443 is open, things work fine.
We have 2 gateway servers, also in our DMZ in a gateway farm. Work great, no problem. Connectivity is excellent, internal firewalls on but the necessary configuration has been done so everything is talking and happy.
We have two connection broker servers in a high availability configuration and a different namespace for the front end than the domain (we can't use our internal domain name for our externally facing RDS farm).
However, we would get intermittent failures upon logging in, no matter what collection we were accessing.The web servers present the login page and we could successfully authenticate (using ADFS proxies in our DMZ back into the domain) against AD - I verified this in the logs on the broker servers. The user would still fail to connect to the remote computer. The error we received was a generic "unable to connect to remote computer. If problem persists, contact your System Administrator" and the connection broker would record the following 3 alerts:
Event 802: RD Connection Broker failed to process the connection request for user domain\username. Error: Element not found.
Event 1296: Remote Desktop Connection Broker Client failed while getting redirection packet from Connection Broker.
User : domain\username
Error: Element not found.
Event 1306: Remote Desktop Connection Broker Client failed to redirect the user domain\username. Error: NULL
The user can try again, but the same error would likely be thrown, although sometimes they can log in and connect.
I googled constantly. Some had success modifying GPO Default Domain Policy: Computer Configuration / Administrative Templates / Windows Components / Remote Desktop Services / Remote Desktop Session Host / RD Connection Broker / Use RD Connection Broker load balancing - ENABLED. Didn't help; backed it out.
Others had success modifying a registry key on the broker servers: HKLM – System – Current Control Set – Control – Terminal Server – WinStations – RDP-TCP – Security Layer changed from 1 to 0.I didn't like doing this (not fully aware of the security "feature(s)"
this disabled). Made no difference - backed it out.
Deleting and recreating collections did not help. Tried adding the server farm to the "Windows Authorization Access Group" (really only helpful for systems that began as Win 2k boxes). No go.
Put in a call with Microsoft. They give me a hotfix (which makes me a bit dubious - I didn't install it), and about 7 patches to run (which had been - our servers were up to date). I wasn't feeling it.
So I fired up procmon and monitored tssdis.exe on the broker servers. According to procmon, everything was a success - except for two keys missing from the registry on both broker servers: HKLM\Software\Policies\Microsoft\System\DNSClient. Procmon showed that key could not be read. Googling was useless, so I decided to manually create the key. Failed - procmon showed the key name as "New Key #1" no matter what I called it. Deleted it and used the following powershell command to successfully create the key: New-Item -Path HKLM:\Software\Policies\Microsoft\System -Name DNSclient -Value "Default Value"
The key was created. YAY! I still didn't know what needed going in there, it was just an empty key. I ran procmon again, and got a clue: tssids was trying to read a value: "PrimaryDNSSuffix" and returning blank. OK - inside of the "DNSclients" new key I created a new string value containing our internal domain name, doing this on both connection broker clients. The end result looked like this:
HKLM:\Software\Policies\Microsoft\System\DNSClient - "PrimarydnsSuffix" "yourdomainname.com"
INSTANTLY, everyone connected. I could access everything using my acct and my testing accounts. The errors cleared up in the event logs. The sun began shining and the IT gods were, for awhile, placated.
OK - if you are getting 802, 1296, and 1306 errors in RDS 2012 R2 - before lessening security, and before modifying global GPO settings, just check procmon against tssdis.exe on the broker service and see if that key is missing. It's the only thing that worked for us.
When creating RDS Quick Deploy, then trying to add a collection, I get an error:
Unable to configure RD Session Host Server <Server Name>. Invalid operation.
I've set every property I know, have a valid Licensed server, a wildcard Certificate installed properly, everything looks good. I've been three (3) days on this.
Any help would be appreciated.
Thanks.
I've set up a HA Connection Broker cluster, and in order to get the web gateway working again, I need to set up a new RAP policy that specifies the RD Broker RR Address, but every time I try, when I click 'Add' in 'User Groups' (And anywhere else in the MMC, it seems), the MMC crashes with the following output:
Problem signature:
Problem Event Name: BEX64
Application Name: mmc.exe
Application Version: 6.3.9600.17415
Application Timestamp: 54504e26
Fault Module Name: clr.dll
Fault Module Version: 4.6.1055.0
Fault Module Timestamp: 563c12de
Exception Offset: 00000000002fdbd8
Exception Code: c0000409
Exception Data: 0000000000000002
OS Version: 6.3.9600.2.0.0.400.8
Locale ID: 1033
Additional Information 1: 96f9
Additional Information 2: 96f9c5010a52aa0dfa6dd4f9281ffe93
Additional Information 3: 7b9b
Additional Information 4: 7b9b3ea08d2dac897bb696ccf51055a9
As far as I can tell from searching, it seems to be .NET that's crashing, but I haven't found any solutions.All three servers (Web Gateway and both Connection Brokers) are fully patched.
has anyone else sen this and/or have any ideas how to either fix it or maybe some kind of workaround?
When launching an app from TS Web Service, I get one command prompt that quickly exits, however another one is present. This one is appearing immediately and stay on screen with full rights. It dumps you right into System32 with full rights.
The file being ran is a BAT file with:
@echo off
powershell.exe c:\JUROR.ps1
start /I "Juror Menu" "c:\juror_practice\menu.exe"
exit
The powershell script runs correctly and the application launches correctly, but I cannot have the end user presented with a elevated command prompt.
Even if I add Microsoft Paint using the TS App Wizard, I still get the extra command prompt immediately when launching paint. It is like this is a global setting that got turned on somehow. It was not doing this until recently, possibly due to a windows patch maybe?
Any help is appreciated, this problem exhausted my searching skills looking for a reason.
We have a 2008 Terminal Server that is getting event ID 1515.
| Details | |
| Product: | Windows Operating System |
| Event ID: | 1515 |
| Source: | Userenv |
| Version: | 5.2 |
| Symbolic Name: | EVENT_PROFILE_DIR_BACKEDUP |
| Message: | Windows has backed up this user's profile. Windows will automatically try to use the backed up profile the next time this user logs on. |
| Explanation | |
A temporary user profile is loaded because Windows was unable to log you on with your local profile. A possible cause for this is if your local profile has been corrupted or you no longer have adequate privileges to the profile folders. Note: All changes made to the temporary profile are lost after you log off. | |
| User Action | |
Look for additional profile events in the Event log to obtain more information about why this occurred or contact the system administrator for additional help. Is there anyway that I can recover or repair the default users profile? | |
I'm configuring smartcard logon via RDP on domain controllers and have everything working from inside the network but as soon as I try from a VPN connection it fails with the NLA error
“The remote computer that you are trying to connect to requires Network Level Authentication (NLA), but your Windows domain controller cannot be contacted to perform NLA. If you are an administrator on the remote computer, you can disable NLA by using the options on the Remote tab of the System Properties dialog box.”
From the VPN connection:
This is a test domain so it’s not resolvable by our normal DNS servers (the ones that are assigned to my VPN adapter). However, if I change my VPN adapter’s DNS to those of the test domain then smart card authentication works.
It’s weird because NLA should be enabled for both username/password and smartcard but when I’m using a foreign DNS server only username/password authenticates.
I’m pretty sure I have the certificates and smartcard configured correctly but a second set of eyes are welcome.
Any ideas?
Thanks!!
Hello,
I managed to lockdown a RDS server (Windows Server 2012r2), but the policy is also applying to users desktops. Loopback Policy has been set in the policy. Also removing the policy does not help.
I linked the GPO to an RDS-Server OU, removed authenticated users and added the RDS server and RDS-USERS security group. So I can see nothing wrong.
Any ideas?
Best Regards,
Robin
I am using windows server 2012 r2 with MS Exchange 2010. After installing Exchange, The RDP app(Mac) keeps having connection drops.
I can ping the server and it answers(with a reasonable ping of 15-20 ms).
I don't know if exchange is running.
Does anyone have ideas? It's driving me crazy!!
* I do not have direct access with the server - it's somewhere else
We encounter a reconnection problem to disconnected RDP sessions.
We have 9 users connecting to a RemoteApp this works.
All the 9 users close the app and leave a disconnected session, disconnected sessions are not logged off and is set to 'Never'.
When all the 9 users reconnect to the RemoteApp approx 6 to 8 users reconnect to their disconnected, we see on the broker it redirects them to their disconnected session on the terminal server.
But approx 1 to 3 users are redirected to their session by the broker to their session on the terminal server but they get almsot disconnected instant , the remoteapp does not start/open.
When we click for a second time on the remoteapp in the RDWeb it opens instant.
In eventvwr on the TS we see "The Desktop Window Manager has exited with code 0xd00002fe"
Problem: broker redirects user to their session on the TS but user gets disconnected.
What we tried:
- Use TCP only for RDP
- NTLM v2
- installed all updates on all TS servers
- installed all applicable recommended hotfixes on all TS and broker and RDweb server
- disabled NLA
- disable Receive Side Scaling
- disable chimney
- http://support.citrix.com/article/CTX117374
Hi there,
We inherited a client configuration where they run Terminal Services with a 2012 Essentials DC. They are getting a error stating that the Terminal Server cannot contact the DC. Error ID 85. The license server is published in DC and I can ping the DC.
We suspect that the error is caused by the DC as it is currently running on 29 users the limit being 25. There is also issues with shares where it does not display and when you refresh this starts working again. Which indicates that there is a possible authentication error. These issues comes and goes, the terminal server issue appeared and has disappeared again.
When users login via RD they get the error The Remote Computer that you are trying to connect to requires NLA, but your domain controller cannot be contacted.
Has anyone experienced these kind of errors particularly the issue with TS and can this be related to the Essentials DC?
Regards,
Pierre Vermeulen
i'm running a Win 2012R2 RDS/TS in the local domain everything is working just fine
then i tried to connect a few clients from another location (clients all run win7 sp1)
i configured the remoteapps
logged in with name and password,
its showing the apps etc
but when i try starting them i get the error
"rds gateway server temporarily not available"
pings between the client and the TS work fine
added my server to the host file at the client
added the routes to the gateways at the client
installed neccesary certificates to the clientthe IIS seems ok and in the defaultapppool the 32bit is disabled
anyone has a clue why its not working? did i miss anything?
Hi,
I have trouble logging in remote desktop to a Windows 2008 STD SP1.The server is in the domain. Something strange happens, often I can not login with a domain user but only with the local administrator, and sometimes use the same user domain without any problems in accessing remote desktop.Event viewer when the machine fails to login, I find the following error:
EVENT ID: 4625
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 8/24/2010 10:52:04 AM
Event ID: 4625
Task Category: Logon
Level: Information
Keywords: Audit Failure
User: N/A
Computer: wbrdvpx40.webred.personal
Description:
An account failed to log on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: Administrator
Account Domain: WEBRED2000
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xc000006d
Sub Status: 0xc000006a
Process Information:
Caller Process ID: 0x0
Caller Process Name: -
Network Information:
Workstation Name: ANTONIO
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon request fails. It is generated on the computer where access was attempted.
The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
The Process Information fields indicate which account and process on the system requested the logon.
The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
<EventID>4625</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12544</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2010-08-24T08:52:04.983Z" />
<EventRecordID>120934</EventRecordID>
<Correlation />
<Execution ProcessID="696" ThreadID="788" />
<Channel>Security</Channel>
<Computer>wbrdvpx40.webred.personal</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-0-0</Data>
<Data Name="SubjectUserName">-</Data>
<Data Name="SubjectDomainName">-</Data>
<Data Name="SubjectLogonId">0x0</Data>
<Data Name="TargetUserSid">S-1-0-0</Data>
<Data Name="TargetUserName">Administrator</Data>
<Data Name="TargetDomainName">WEBRED2000</Data>
<Data Name="Status">0xc000006d</Data>
<Data Name="FailureReason">%%2313</Data>
<Data Name="SubStatus">0xc000006a</Data>
<Data Name="LogonType">3</Data>
<Data Name="LogonProcessName">NtLmSsp </Data>
<Data Name="AuthenticationPackageName">NTLM</Data>
<Data Name="WorkstationName">ANTONIOZAZZARO</Data>
<Data Name="TransmittedServices">-</Data>
<Data Name="LmPackageName">-</Data>
<Data Name="KeyLength">0</Data>
<Data Name="ProcessId">0x0</Data>
<Data Name="ProcessName">-</Data>
<Data Name="IpAddress">-</Data>
<Data Name="IpPort">-</Data>
</EventData>
</Event>
How can I fix this problem??
I have a server that showed these counts in the RD Licensing Manager list (ignoring windows 2000 entry):
Windows Server 2012 - Installed RDS per User CAL Program: Open Total Licenses: 5 Available: 0 Issued: 0 keypack id: 7
Windows Server 2012 - Installed RDS per User CAL Program: Open Total Licenses: 5 Available: 0 Issued: 0 keypack id: 4
Windows Server 2012 - Installed RDS per User CAL Program: Built-in Overused Total Licenses: 0 Available: 0 Issued 13
The firm that set this server up (long gone) probably bought ten licenses, is that how I interpret?
Does built in overused count 13 mean that the normal licenses are not being used, and up to 13 sort of temporary licenses have been issued? The license server and the rd host are both o windows 2012.
The site has at most 10-12 users active at any time. The other day a person could not log on; I think there were ten listed users at the time; and after I logged off a disconnected user he was able to log on. I might guess that we need to buy some additional licenses...but, does server 2012 rd license server stop issuing licenses after it exceeds 10 in our case? I just want to make sure that is the reason he was able to log on after I dumped an inactive user.
I don't understand about the overused licenses and why the two sets of 5 don't seem to be used?
Lee
My scenario:
Only one poole virtual desktop collection created with 3 windows 8.1 VMs (VDI-0, VDI-1 and VDI-2)
I have 5 users (test1 to test5 )to use this VDI pool 1, and using automatic VM assignment.
test1 login to VDI-0
test2 login to VDI-1
test3 login to VDI-2
test 4 &5 are rejected (so far test was going well by this point)
----------
I logged off test1 from VDI-0
I logged off test2 from VDI-1
I assume that VDI-0 and VDI-1 VMs were released and back to the VDI pool 1
When I tried to use test4 and test5 user account to login, I got no VM is available in the pool error message
I tried to use test1 and test2 account to login, it was working.
Look at the Collection management console, I found VDI-0 was assigned to user test1, VDI-1 was assigned to user test2 and VDI-2 was assigned to user test3.
My question:
Is there any way to create a collection without remembering User Assignment. each time when a user log off, VDI release the VM back to the pool and allow other user to use the VMs. Does anybody know MS VDI solution support this function or feature?
Any good ideas?
Note: I have 150 application users and only have 25 VMs (due to application licenses). I need a shared VDI VM pools
Thanks,
Robert