in my office, i have deployed a test VDI scenario with server 2012 R2.

all RDCB + RDWeb + RDVH are installed on one server.

i have a sysprepd Generation1 windows 8.1 VM as template VM in my hyper-V console which is in shut down state.

using create virtual desktop collection option, i am creating a "managed pooled virtual desktop collection" and i have selected that system creates 2 VMs for me.

at the end of the "managed pooled virtual desktop collection", system stops on the VM creation procedure.

i has created 1st VM and has turned it on and VM booted and mini-setup done. 

but it doesn't create the 2nd VM and stops in that state for ever.

i checked RDVH event log and i found this event 15090  :

'pool-vm2' failed to modify resources. (Virtual machine ID CF2DB197-613D-4E0E-9DC5-CB11B3286580)

i have to cancel the task and system removes that VM.

why system stops in that state ? what does it mean here :  failed to modify resources ?

really need help.

thanks in advanced

Hi everybody, 

unfortunately I wasn't able to find a conclusive answer to my question yet and https://support.microsoft.com/en-us/kb/2833839 only got me so far.

I need to set up a fairly basic RDS environment in which eight users need to connect to a Windows Server in order to run a number of applications in a remote session. Remote desktop sessions would suffice, I do no intent on deploying virtualized desktops.

Since we have an extremely tight budget, I'm looking for the 'smallest' solution possible in terms of licensing cost and hardware. So far, I came to the conclusion that I would need to get one Windows Server 2012 Standard licence with 8 RDS CALs. Unfortunately there is no DC in the network as of now. Can such a RDS environment be deployed on one instance of Server 2012 Standard? Would it make sense to use Hyper-V in order two virtualize two servers and how could that setup look like? 

Thank you in advance! 

HI,

I have a new VM Windows 2012 R2 (Vmware) and Office 2007.

Users are connected through RDP and through Cockpit.

using both methods users complains about performance issues when working with outlook (Ex. moving from one email to another can take 20-30 Sec.) also working with Word can be slow.

I have windows 2003 with office 2003 terminal server working with no issues on the same Virtual infrastructure.

Any Ideas?

Regards,

2012 RDS Setup

- 1 2012 Server with Gateway, Connection Broker, and Web Access roles on it

- 1 2012 Server acting as a Session Host

I was able to connect through Web Access to the desktop of the session host server. However, we receive a certificate error.

To fix the cert error we tried to change the published FQDN Name with the powershell command Script from TP/Microsoft: Set-RDPublishedName.ps1. This script worked and the FQDN name is changed, but the connection from Web Access doesn't work at all anymore. We are getting the error message "Your computer can't connect to the remote computer because the Remote Desktop Gateway and the remote computer are unable to exchange policies...".

If I configure a RDP connection instead of going through Web Access I do not get this error.  

Thank you in advance for any advice regarding these problems.

I've set up a single Server 2012 R2 Gateway/Session/RDWeb server. At some point during setup, the WebFeed stopped working and I can no longer connect using the RemoteApp and Desktop Connections control panel or the Remote Resources connection in the Mac RDC client.

Trying to connect to https://domainname.com/RDWeb/Feed/webfeed.aspx receives an Error code: "0x80040205, 0x1F4" on Windows connections and nothing on the Mac except an empty Remote Resources list.

Looking at the inetpub logs, the following events are recorded during the connection attempt:

------------------------------------------------------------------------

#Software: Microsoft Internet Information Services 8.5

#Version: 1.0

#Date: 2016-03-28 15:35:38

#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Referer) sc-status sc-substatus sc-win32-status time-taken

2016-03-28 15:35:38 172.xxx.xxx.xxx GET /RDWeb/Feed/webfeed.aspx - 443 - 50.xxx.xxx.xxx TSWorkspace/2.0 - 302 0 0 155

2016-03-28 15:35:38 172.xxx.xxx.xxx GET /RDWeb/FeedLogin/WebFeedlogin.aspx ReturnUrl=%2fRDWeb%2fFeed%2fwebfeed.aspx 443 - 50.xxx.xxx.xxx TSWorkspace/2.0 - 401 2 5 144

2016-03-28 15:35:38 172.xxx.xxx.xxx GET /RDWeb/FeedLogin/WebFeedlogin.aspx ReturnUrl=%2fRDWeb%2fFeed%2fwebfeed.aspx 443 - 50.xxx.xxx.xxx TSWorkspace/2.0 - 401 2 5 12

2016-03-28 15:35:50 172.xxx.xxx.xxx GET /RDWeb/FeedLogin/WebFeedlogin.aspx ReturnUrl=%2fRDWeb%2fFeed%2fwebfeed.aspx 443 domain\username 50.xxx.xxx.xxx TSWorkspace/2.0 - 200 0 0 105

2016-03-28 15:35:50 172.xxx.xxx.xxx GET /RDWeb/Feed/webfeed.aspx - 443 - 50.xxx.xxx.xxx TSWorkspace/2.0 - 500 0 0 188

-----------------------------------------------------------

The 401 entries lead me to believe authentication is being denied somewhere for some reason, but I haven't been able to figure out where.

Looking at the server's Security log, I see the logon attempt followed immediately by a logoff notification. I see the logon attempt is using NTLM:

-----------------------------------------------------------

Detailed Authentication Information:
    Logon Process:        NtLmSsp
    Authentication Package:    NTLM
    Transited Services:    -
    Package Name (NTLM only):    NTLM V2
    Key Length:        128

-----------------------------------------------------------

Any help is appreciated.

Additional information

I looked at another server that has a working feed, and found this series of events in the inetpub log file:

-------------------------------------------------

#Software: Microsoft Internet Information Services 8.5

#Version: 1.0

#Date: 2016-03-28 16:24:41

#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Referer) sc-status sc-substatus sc-win32-status time-taken

2016-03-28 16:24:41 192.xxx.xxx.xxx GET /RDWeb/Feed/webfeed.aspx - 443 - 50.170.136.41 TSWorkspace/2.0 - 302 0 0 799

2016-03-28 16:24:41 192.xxx.xxx.xxx GET /RDWeb/FeedLogin/WebFeedlogin.aspx ReturnUrl=%2fRDWeb%2fFeed%2fwebfeed.aspx 443 - 50.xxx.xxx.xxx TSWorkspace/2.0 - 401 2 5 102

2016-03-28 16:24:41 192.xxx.xxx.xxx GET /RDWeb/FeedLogin/WebFeedlogin.aspx ReturnUrl=%2fRDWeb%2fFeed%2fwebfeed.aspx 443 - 50.xxx.xxx.xxx TSWorkspace/2.0 - 401 2 5 36

2016-03-28 16:24:54 192.xxx.xxx.xxx GET /RDWeb/FeedLogin/WebFeedlogin.aspx ReturnUrl=%2fRDWeb%2fFeed%2fwebfeed.aspx 443 foundation\mcsadmin 50.xxx.xxx.xxx TSWorkspace/2.0 - 200 0 0 1580

2016-03-28 16:24:55 192.xxx.xxx.xxx GET /RDWeb/Feed/webfeed.aspx - 443 S-1-5-21-484763869-xxxxxxxxxx-xxxxxxxx-xxxx 50.xxx.xxx.xxx TSWorkspace/2.0 - 200 0 0 1483

2016-03-28 16:24:55 192.xxx.xxx.xxx GET /RDWeb/Feed/rdp/mstsc256.ico - 443 S-1-5-21-484763869-xxxxxxxxxx-xxxxxxxx-xxxx 50.xxx.xxx.xxx TSWorkspace/2.0 - 200 0 0 519

2016-03-28 16:24:55 192.xxx.xxx.xxx GET /RDWeb/Feed/rdp/cpub-Remote_Server_Co-Remote_Server_Co-CmsRdsh.rdp - 443 S-1-5-21-484763869-xxxxxxxxxx-xxxxxxxx-xxxx 50.xxx.xxx.xxx TSWorkspace/2.0 - 200 0 0 47

---------------------------------------------------

The same 401 status codes are there, but it looks like the feed is supposed to return with the user SID and allow access. Instead, I'm getting a 500 status code on the non-working server.

WS2012 RDSH/RDCB/RDG/RDWEB. The RDSH is dedicated; other RDS roles are on another server.

On the RDSH, the logs have many of these events:

Log Name:      Microsoft-Windows-RemoteApp and Desktop Connections/Admin
Source:        Microsoft-Windows-RemoteApp and Desktop Connections
Date:          4/10/2016 11:50:36 PM
Event ID:      1026
Task Category: None
Level:         Warning
Keywords:     
User:          DOMAIN\Username
Computer:      RDSH.DOMAIN.LOCAL
Description:
The installation of the default connection has been cancelled. A default connection cannot be used on a system that is part of a Remote Desktop Services deployment.

User: DOMAIN\Username

They repeat every 1.5-2 hours for each logged on user.

My web searches so far have turned up only one way this can happen: If a user tries to use RemoteApp and Desktop Connections to set up a feed from the RDCB...but that's not happening.

Misconfiguration? Or just log noise?

TIA

We currently have 3 RDS servers in production and all servers have Office 2013 installed. What we have found is that this software also has Lync (Skype for Business) and One Drive installed. We need to remove these applications from Office 2013.

My question is "Do we have to put the RDS servers in install mode before proceeding" or could we just make the change in the software w/o doing this first. We need to select "change" for Office 2013 and then select these 2 applications and mark as "not installed".

I know there are many documents about putting these servers into install mode when installing software, but there really isnt anything for uninstalling software on a RDS server

Thank you in advance for your help with this.

Hi,

We are running several RDS 2012R2 servers and some users need to use the on-screen keyboard.
I've created a tile linked to OSK.exe and they can also use the search field on the right-hand side to type and search for OSK.

On all servers users will get the error: On-screen Keyboard does not work any more / Cannot start on-screen keyboard

When an administrator starts the osk it works fine.

How can we make sure users can use the OSK?

We are running Thin Client Remote Terminals to a Windows Server 12r2. Everyday between 3:15 pm and 3:45 pm our Sage MAS100 Accounting software shuts down and I have to reboot the server.  This is the error information we get.

Problem signature:

  Problem Event Name:                        InPageError

  Error Status Code:                              c00000c4

  Faulting Media Type:                         00000000

  OS Version:                                          6.3.9600.2.0.0.16.7

  Locale ID:                                             1033

  Additional Information 1:                 8f57

  Additional Information 2:                 8f576e02d4f9fa20886d32d3ed351da3

  Additional Information 3:                 8f57

  Additional Information 4:                 8f576e02d4f9fa20886d32d3ed351da3

Read our privacy statement online:

 http://go.microsoft.com/fwlink/?linkid=280262

If the online privacy statement is not available, please read our privacy statement offline:

  C:\Windows\system32\en-US\erofflps.txt

I have checked the server logs looking for a program attempting to run at that same time but I am not that Server savvy. I was good with our old domain server but Terminal Services is Greek to me.  

I have never used RDS so this is where I need the help.  We have a requirement to stand up a small RDS farm in our PCI compliant zone.  But we don't want to do more than we have to regarding overall server footprint.  We have a federated AD Azure presence now and want to make use of RemoteApp for our call center agents.

Their application desktop would have the O365 Pro suite, a few other MS available RemoteApps and then we have a few applications that would have credit card information and we need to keep those isolated on premises.  I know Azure has been doing more for PCI compliance but I thought at this point, keep it simple and isolated.

What would I need on prem to make these separate farms look or act like one seamless desktop to our users?

Hi Guys,

Need Help...

The Scenario.  

*Upgrading the existing 2003 terminal servers to Remote Desktop Services 2012 R2 *

1) Have installed two servers with Windows Server 2012 R2 on our VM enviroment ( ABC1.domain.com and ABC2.domain.com )

2) Have created a server group for these servers under server manager dashboard.

3) Configured RDS roles on these servers ( Designated each servers for different roles such as RD Connection  Broker, RD Web access role, RD Session host role's accordingly based on each servers capacity).

4) Activated the installed terminal licences on ABC1.domain.com using RD Licensing Manager.

I am now stuck at this stage,

Create and install certificates for server authentication, single sign on, and establishing secure connections.

( Creating CSR's and installing certificates)

Configuring round robin /load balancing for the RDS Server.

Could some one please help on this..

Thanks in Advance

Murugupandian Pandi

We have a Windows Server 2012 R2 Standard. We have remote users that have physical dedicated computers at the office, and we need them to be able to remote in and be authenticated through Active Directory and also be able to have access to a shared drive, private drive, Word, Excel, Internet Browser etc..
Currently they are using Teamviewer to log into their own dedicated office work computers but going forward they will have a few remote employees that wont have dedicated computers at the office location. How can we setup the network so they can remote in?

What do we need to make this happen? Remote Desktop Services with RDS Cals? Hyper-V Machines with .vdi templates? what would be the most conventional and cost effective way to go? Looking for a "somewhat simple" best practice that we can standardize for future projects.  Thanks for taking the time to read this. We have googled the question and haven't come up with anything substantial to work with. Thanks Again

I have an interesting situation. I have a test system that I am learning how to configure RemoteApp and Desktops. The system is a 2012 R2 Server. A while back I had installed the service and made some configuration changes, once of them was removing the QuickSessionCollection and replacing it with another. I ran into some issues and ended up uninstalling the Remote Desktop Services. Tonight I decided to try again and again installed the Remote Desktop Services and configured it. All seemed to be working according to plan until I went on to RDWeb. I noticed that some of the Applications were duplicated. Of the applications that were duplicated only one of the 2 would work. The one that would not work would give the following error.

What I think is happening is that these applications are somehow the remains of my previous install. I searched hi and low but no one else seems to have encountered this issue. I think that if I locate the source, I should be able to remove these entries and all should be well. If anyone has any ideas, please let me know as I am anxious to understand how this works.

Thanks in advance for any help or suggestions.

Hi,

I'm trying to understand the limits of the screen resolutions of the mstsc /multimon option of the remote desktop client. I have 2 displays at 3840x2160, Win8.1Pro with a 2012R2 RDSH server. If i understand it, the supported resolutions are 4096 X 2048 per monitor with a maximum of 16 monitors, those were the specs for Win08R2 in 2009 at least.

But i have some results that are a bit puzzling to me;
- if i use 2x 3840x2160 with /multimon, i only get one RDS display
- if i set my main display to 2560x1440 and the second to 3840x2160, /multimon works as expected (showing 2 RDS displays)
- if i set my secondary display to 2560x1440 and the main to 3840x2160, i only get one RDS display.
- if i use /span, i get a session with 7680x2160 (not sure thats relevant, but mentioning it).
- if i use xfreerdp on ubuntu, i get the same results.

So why can't i use 2x 3840x2160 and why does it work when i set my main display to 2560x1440 (with the second being 3840x2160). Can anyone enlighten me?

Hi,

I have installed 2 monitors with 4K resolution on my Windows 10 PC. I have tried to get both screens to work bye using Remote Desktop Services on at Terminal Server (Windows 2012 Server). It Works verry well on the Windows 10 PC. I have check the button for Connect all screens.

It will only Connect 1 monitor with this high resolution.

If i reduce the resolution on one monitor (one with 2560x2048 and one with 3840x2160), then both monitors will work in the Terminal Server Connection. But this is not good to work with.

It seems that the Remote Desktop Connection can`t use 2 monitors with 4K resolutions (3840x2160)?

Anybody that has a solution for this?

We have a terminal server farm configured with a few RDS session hosts, and a gateway server. All servers are 2012 R2. The Gateway server is named "RDGateway". The Gateway server hosts the roles of connection broker, gateway, and RDWeb. 

In our monthly audit reports we see there is a very high volume of failed login attempts on the gateway server using the computer name account. Our reports show the account of 'ourdomain\RDGateway' has had over 2000 failed login attempts over the past month. 

It is normal for us to see user accounts have some failed login attempts as it is usually a legitimate authentication failure (ie wrong password). However, we are concerned about the high number of failed attempts, and not sure how to track as it shows the computer account, not a user name. 

Is this normal expected behavior for a public facing gateway server? I was considering throwing on the EVLWatcher software but was interested in opinions first.

The event shown thousands of time is below:

-----------------

An account failed to log on.

Subject:
Security ID: NULL SID
Account Name: -
Account Domain:-
Logon ID: 0x0

Logon Type:3

Account For Which Logon Failed:
Security ID: NULL SID
Account Name: RDGateway$
Account Domain:OURDOMAIN

Failure Information:
Failure Reason:An Error occured during Logon.
Status: 0xC000006D
Sub Status: 0x0

Process Information:
Caller Process ID:0x0
Caller Process Name:-

Network Information:
Workstation Name:RDGateway
Source Network Address:-
Source Port: -

Detailed Authentication Information:
Logon Process:
Authentication Package:NTLM
Transited Services:-
Package Name (NTLM only):-
Key Length: 0

This event is generated when a logon request fails. It is generated on the computer where access was attempted.

The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).

The Process Information fields indicate which account and process on the system requested the logon.

The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

------------------

Hi,

I've deployed yesterday a windows 2012 server (RTM) and set up the license server for my 10-CAL licenses. That's ok.

But I can not see a way to point my server to see the license server. Every time I log in, I receive a message that the RD services will expire in 119 days.

Using the diagnosis tool it says that licensing mode isn't set up.

Where I can find the tool to set up this licensing mode? In windows server 2008 this question was asked in the setup wizadr.

Thanks a lot!

Ricardo Almeida

Through reading web pages and this forum, I have found that you can configure a license server by doing the following...

but I can't find descriptions for the settings for the last command?  what are they

I recently had a PCI Compliance scan on our system we had one vulnerability that I am having issues with.  When the scan was done this is what came up.

Microsoft Windows Remote Desktop Protocol is affected by a private key disclosure vulnerability.

Now I have added a 3rd party certificate for extra security and have set the Security layer to SSL (TLS 1.0) and the Encryption level to high.

I don't have the "Allow connections only from computers running Remote Desktop with Network Level Authentication" check box ticked off but I didn't think that would change anything.  If I do check that off what settings would I have to do on the users side.  Last thing I want is to have the user not be able to get onto the system.

If you know of any way of fixing this please let me know so I can get things cleared up and not have to worry about having this issue.

I have attached a picture of how I have my settings set up for our RDP.  We are currently using Windows Server 2008

Our long term goal is to configure RDS to work with  Kerberos Authentication as provided by our APM module in our F5 Big-IP.  As we see it the first step is to get RDS to function by itself with Kerberos authentication End to End without password prompts.  We have tried following multiple documents on the web, but none of them get us to where we want to be. 

We currently have one Windows 2012 R2 test server providing the Web, gateway, broker and session host roles.  We are testing with Windows 10 clients.  We are able to get RDWeb to do Windows Authentication, but once that works we get prompted for credentials when we launch an application. 

Is this configuration even possible?

Thanks for your Help

Brent