I HAVE WINDOWS SERVER 2012 R2
LICENSES APEAR CONFIGURED OK ON LICENSING MANAGER BUT ON LICENSING DIAGNOSER I HAVE NO LICENSES Y CANT CONECT TO THE LICENSE SERVER
A MESSAGE TELS ME I HAVE FEW DAYS FOR THE LICENSES TO STOP WORKING
↧
RD LICENSING DIAGNOSER SHOWS NO LICENCES AVAILABLE WINDOWS SERVER 2012
↧
Enable Restricted Admin mode for RemoteApps
I need to enable Restricted Admin Mode for MSTSC across my 2008 R2/W7 domain. I need Authenticated Users (with RD access) to be able to access a Remote App available on RD Web Access Gateway. With RA mode enabled, they get a "restricted access" error when attempting to connect via MSTSC (prior to application launch). If I attempt this while logged in as Domain Admin I am able to connect over MSTSC and launch the application as normal.
I tried adding "remoteapplicationcmdline:s:/restrictedadmin" to the Custom RDP Settings in Session Host configuration, but I get an error that I "cannot override global settings".
Is it possible to apply this cmd line argument to a RemoteApp application, or is there another way to enable Auth Users to connect while still using Restricted Admin mode across domain MSTSC connections?
↧
↧
RemoteApp and Desktop Connections issue
Hello.
I try to setup new RemoteApp and Desktop Connection silently by command from c#. I use next code for setup connection:
var processStartInfo = new ProcessStartInfo
{
FileName = "cmd.exe",
Verb = "runas",
Arguments = "/C rundll32.exe tsworkspace,WorkspaceSilentSetup RemoteAppConfig.wcx",
UseShellExecute = false,
WindowStyle = ProcessWindowStyle.Hidden
};
Process.Start(processStartInfo);It works correctly(connection created) only if I launch application in debug mode. But if I install my application by msi, connection won't created. And I see next error in Event Viewer: "An error occurred. Contact your workplace administrator for assistance."
Could you help me please?
↧
When connecting to a locked (but not disconnected) session from same PC, RDP client does not ask for credentials and unlocks
Hello everyone!
Today, a customer asked me to fix a problem that they consider a high security risk, and I cannot seem to find a solution for them.
They have a Windows 2012 (first release) RDS farm (but have already confirmed same problem exists with Windows 2012 R2 RDS farm). Security is important to them, so they have disallowed saving passwords for their RDS sessions. When a user connects, he is asked for credentials. If they reconnect to a disconnected session, they also have to give their credentials. So far, so good.
However, recently users have discovered (you would think they have better things to do…), that you can reconnect to a connected session without credentials if reconnecting from the same client. The first RDP window will disconnect from the session as the second window connects.
So now consider this scenario:
- A user has logged in to RDS (using his credentials)
- The user goes to lunch and locks his screen with Ctrl - Alt – End. He does this because IT department has repeatedly asked him to do this. His session is locked but not disconnected.
- As soon as he is gone, his colleague walks over to his desk, and minimizes his locked session using the connection bar or Ctrl - Alt - Break. The session is minimized, but not disconnected.
- The user uses the same RDP file again to connect to RDS a second time. He is not asked for credentials.
- The first RDP window disconnects as a second RDP window comes up.
- The user finds the RDS sessionunlocked In the second RDP window, so he can use this method to unlock someone else's RDS session without credentials.
I have confirmed this problem exists with both type of clients they have: Windows 7 PC’s and Windows 10 PC’s.
The IT department has identified this as a major security problem in their company. I cannot find a way to force the Windows clients to ask for credentials in this situation. Also, I cannot find a way to prevent people from minimizing an RDS session. Ctrl - Alt - Break always works.
Do you have any suggestions?
↧
New RDS Environment
Excuse my ignorance as I am new to Microsoft RDS.
I used Microsoft RDS to setup a pool of virtual desktops in VMWARE. It works fine but I want to ramp things up as we will be taking on 50 remote resources who will need VDI access.
So, I am going to go with RDS and Hyper-V.
My question is, what is the best option to allow for 30 concurrent connections to the same desktop setup. They will be Developer workstations so they will be kid of beefy. Lets say 2CPU 8GB RAM and 100GB HD.
So, do I go with Session based or VDI based? I was going to go with a single host, 4 CORE, 256GB RAM and 3TB disk space.
I figured I would spin up 5 VMs in Hyper-V with the above desktop configuration using Session based.
Would this facilitate the 30 concurrent connections I need to support or should I be going in a different direction?
Thanks in advance.
↧
↧
Keyboard Layout per User group
Hi,
I'm having some trouble setting different keyboard layouts for certain groups
Servers are all running 2012R2.
Qwerty - US INternational is suitable for most users.
Some users need AZERTY lay out.This is what i did:
Logged in with test user.
Set proper keyboard layout.
Tested the configturation
From GP Management console ran the registry wizard.
Imported HKEY_USERS\<GUID of Test User>\Keyboard Layout.
Configured item level targeting for test user.
Removed test users profile
Logged in again.
Verified that the policy is applied.
Registry items are in place, but it defaults back to the QWERTY layout.
In some test it even displayed the AZERTY layout in Language/layout, but still it was QWERTY
It also adds the QWERTY layout codes to the registry.
Why can I make the change manually (keeps working forever)
But when I make a GPO it never works and defaults backup to QWERTY?
Is there a default / remote keyboard thing messing around??
Hope my issue is clear and some one knows how to handle it.
↧
Windows Server 2008 R2 AD Users Roaming Profiles move to new server...
Thanks to anyone who may be of help to me on this issue! I have been frustrated for months on end now trying to find the correct method for moving user roaming profiles from one server to another and I’ve hit a brick wall every time I’ve tried to accomplish this task.
My environment is setup using (2) physical host servers, the old host server is running Windows Server 2008 R2 Standard (full GUI), and the new host server is running Windows Server 2012 R2 Standard (full GUI).
The hosts are setup as follows:
The new host 2012 R2 server current runs VM's that are all Windows 2012 R2 Standard Servers and the VMs are setup as follows:
VM#1) Primary AD server (DNS, WINS, DHCP)
VM#2) Backup AD server (DNS, other redundancy)
VM#3) WSUS & Symantec End Point Protection Server
VM#4) SQL Estimating and accounting software backend server, and shared data
VM#5) File and Data shared storage, server has the copied over private Users Profile Folders from the Old server/VM that currently has the user roaming profile folders on it, also has other misc. shared folders etc.
The old host 2008 R2 server runs only one VM currently, as I’ve moved all other VMs to the new host server without any issues. The only VM this old host runs is a Windows Server 2003 SP2 Standard server that holds the current copy of the private Users Profile Folders on it. Also I don't want to simply export and import the 2003 SP2 VM to the new host, as I feel this servers health is not in the best condition, and I prefer to dump 2003 and have all my VMs running the same OS (Windows Server 2012 R2 Standard).
All users desktop PC's are running Windows 7 Pro 64 Bit. After using several users as test dummies, I've come to the conclusion that moving the existing profile folders to a new server is much more complex process than my research has led me to believe. I have done endless research on Google, MS forums, Windows server forums etc. with no solid process producing results.
On my AD server I've changed the AD user settings, profile tab settings to the location of the new server for both the 'User profile, Profile path: and the 'Home folder, Connect: Drive - To folder’. I've used GPUpdate /Force at the desktops, I've Un-joined the PC from the Domain and re-joined it, I've deleted the local copy of the Profile (Roaming), I've renamed the existing profile folder on the old server, then get an error message saying can't load profile using temporary one, I've removed the registry entries on the PC that reference the profile list for this user and removed any .bak entries but then when I try to log on as this user it errors on the log in saying something such as the use profile entry is missing or corrupt etc. and returns to the log in screen.
I do notice that all throughout the registry on this PC the old server profile location is reference about a million times throughout the registry. So at this point I am through my hands up and say "any one that might be am to help I would greatly appreciated it"
↧
2012R2 RDS Gateway in front of a 2008R2 Session host farm
Hi.
Is it possible/supported to put a 2012R2 RDS Gateway in front of a 2008R2 session host farm with rds 2008R2 broker?
Ty
↧
Enable Virtualization Host role on a Virtual Machine
Hello,
A few months ago I installed RDS on a virtual Machine in HyperV and I had failed errors installing the Virtualization Host role, so Ia have to install RDS on a Physical Machine.
I want to ask if now is possible install Virtualization Host on a Virtual Machine on HyperV or still is a physical machine required?
I will appreciate any advice.
Best regards,
Manuel
Manuel´s Microsoft Forums Threads
↧
↧
Cert request
Hello:
When requesting a 3rd party cert for our RDS deployment, is it done in IIS, MMC/Certs, or other?
Any additional info will be appreciated!
Thanks
↧
Add custom RADIUS Server to RD Gateway for two factor authentication
Hi Technet
From a long term project we have developped a more or less RFC 2865 compliant RADIUS Server. It supports challenge/response in order to check an OTP sent by text message. For any RADIUS capable client (e.g. firewalls, SSL VPN, Direct Access) we may use our RADIUS Server to protect those appliances with a 2FA/MFA.
Now we would like to test our RADIUS Server with RDS 2012 R2.
We have set up a Demo LAB with a DC and a member server holding all the RDS roles (RD Web Access, Connection Brocker RD Session Host, RD Gateway). This setup works as expected.
There are a lot of partly documentations about NPS and RADIUS and RD Gateway Manager and RADIUS. But there is no how to implement a custom RADIUS Server.
So: which steps do we need to protect the RD Gateway with our RADIUS Server?
And it does look like our RADIUS Server does not respond correctly to the NPS request:
This is what we receive:
Code : 1 Access-Request
Identifier: 28
Length : 156
------------------------------------------
1 User-Name : lab\user1
6 Service-Type : 12
26 Vendor-Specific : Vendor-ID: 311 (Microsoft)
Data: 2F 06 00 00 00 01
30 Called-Station-Id : UserAuthType:PW
33 Proxy-State : ?? ?2??+??
61 NAS-Port-Type : 5 Virtual
80 Message-Authenticator : 3F 13 3F 3F 3F 56 3F 01 3F 3F 25 2A
------------------------------------------
And what we respond:
Code : 2 Access-Accept
Identifier: 28
Length : 40
------------------------------------------
18 Reply-Message : Welcome lab\user1
------------------------------------------
For every Firewall, Appliance, Direct Access, Citrix NetScaler our response works. But why won't it work with RD Gateway? It is resending its Access-Request 5 times and we are responding always with Access-Accept. But no Access to the RDP.
BTW: We have no information about RADIUS Service Type 12. RFC 2865 has values from 1-11, but MS RD Gateway sends 12?
Any Ideas?
↧
Cannot View Remote Desktop Configuration in 2012 R2 with an account from another domain
Hi
I have a 2012R2 Remote Desktop Services Installation on a machine in another domain (Let's call it Domain B). Domain B belongs to a 2 way trust with Domain A.
If I connect to the server with an administrator account from Domain B I can configure RDS without and issues as one would expect.
If I connect to the server with an administrator account from Domain A when I look at the Remote Desktop Services sub-menu in Server Manager the Overview section says "A remote Desktop Services deployment does not exist in the server pool" and no collections are shown. I also tried to see if i could see the collections via Power Shell. If i run Get-RDSessionCollection from my Domain A user i get:
Get-RDSessionCollection : A Remote Desktop Services deployment does not exist on
SERVER_NAME.domainB.fqdn. This operation can be performed after creating a deployment. For information
about creating a deployment, run "Get-Help New-RDVirtualDesktopDeployment" or "Get-Help New-RDSessionDeployment".
At line:1 char:1
+ Get-RDSessionCollection
+ ~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Get-RDSessionCollection
but using a Domain B user I get the list as expected.
Any help would be apprenticed and thank you in advance.
I have a 2012R2 Remote Desktop Services Installation on a machine in another domain (Let's call it Domain B). Domain B belongs to a 2 way trust with Domain A.
If I connect to the server with an administrator account from Domain B I can configure RDS without and issues as one would expect.
If I connect to the server with an administrator account from Domain A when I look at the Remote Desktop Services sub-menu in Server Manager the Overview section says "A remote Desktop Services deployment does not exist in the server pool" and no collections are shown. I also tried to see if i could see the collections via Power Shell. If i run Get-RDSessionCollection from my Domain A user i get:
Get-RDSessionCollection : A Remote Desktop Services deployment does not exist on
SERVER_NAME.domainB.fqdn. This operation can be performed after creating a deployment. For information
about creating a deployment, run "Get-Help New-RDVirtualDesktopDeployment" or "Get-Help New-RDSessionDeployment".
At line:1 char:1
+ Get-RDSessionCollection
+ ~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Get-RDSessionCollection
but using a Domain B user I get the list as expected.
Any help would be apprenticed and thank you in advance.
↧
How to not allow a user to disconnect the rdp user session
Dear all,
By default, just two user allowed for RDP. when third user to log into server, a windows appear to allow a user to disconnect the existing session : Select a user to disconnect so that you can sign in.
How can I to disable this windows and not allow the third user to disconnect the existing session?
thanks
john
↧
↧
Local client drive is missing in Windows 2012 RDS published app
I used to see my local client C drive of my workstation when I launched a Windows 2012 published app. But not any more.
I tried disable the "Do not allow drive redirection" in Computer Configuration>Administrative Templates>Windows Components>Remote Desktop Services>Remote Desktop Session Host>Device and Resource Redirection but local client drive is still not showing up.
Please advise.
Thanks.
I tried disable the "Do not allow drive redirection" in Computer Configuration>Administrative Templates>Windows Components>Remote Desktop Services>Remote Desktop Session Host>Device and Resource Redirection but local client drive is still not showing up.
Please advise.
Thanks.
↧
Remote desktop CAL license apply issue
Hi,
I encountered a Remote desktop license issue, my O/S is Windows servere 2008, since the 120 days grace period expired so I purchase a "Microsoft WinRmtDsktpSvcsCAL 2012 Sngl OLP 1License NoLevel UsrCal 5 Quantity' from my vendor.
I have applied the license to my server through Licensing Manager, however when I checked the remote desktop session host configuration, it still show the grace period for remote desktop session host server has expired. I tried access the server through remote desktop, not work. Can anyone advise anything missing? thanks.
↧
RemoteApp Window disappers immediately after application opens
We have Windows Server 2012 R2 RDS with the latest updates. We have single app that has proplems. It opens two windows when starting the RemoteApp. One of these windows goes hidden. This happens only when using RemoteApp from android device. When using
same RemoteApp from Windows PC there is no problem. Any ideas how this can be fixed? This started few months ago and previosly everything worked.
↧
Warning event-42, TerminalServices-Licensing
I did setup an new RDS License server in oud RDS/Citrix environment on a Windows 2012 server.
We are using RDS Per Device CAL. Everytime a license has been requeted we automatically get a warning:
Log Name: System
Source: Microsoft-Windows-TerminalServices-Licensing
Date: 9/4/2015 9:11:57 AM
Event ID: 42
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: Test.com
Description:
An error occurred in policy module "Policy Module for company Microsoft Corporation product A02 has denied new license request with error code 14.
".
Does anyone knows what this warning means and how to solve it?
Regards,
AJ Dubach
↧
↧
Windows Server 2008 R2 RDP Blue Screen No Desktop
Hi,
Just looking for some advice, regarding windows server 2008.
Im currently having a problem logging into your server at work. ever time i try and rdp into the server i can enter my login details. then will load up but stop at a blue screen will not show nothing on the desktop. i can CTRL ALT DEL but thats about it. The it department in india can rdp into the machine no problem with admin, but my domain account will not. we have tried removing my account. i have been added to the group polices. but still having the same trouble.
Any help will be good.
Thanks Dylazz
↧
Open file with RemoteApp, file association problem on Windows 2012 R2
Hello everyone,
I'm doing a solution for RemoteApp. Based on the question asked in this thread:
I want to make a RemoteApp published on the server, and from the local machine, when right click on a document file (Word, Excel, PDF or any type of document file) there is an option (context menu) to open that file with the RemoteApp published on the server (the RemoteApp will detect the file type and do the job) . I'm testing the solution with Excel, Word, .txt, .pdf it works fine. However, when I try with .bmp (and .png too), the default associated program on the server (Windows 2012 R2) is mspaint but I always get the error "Network error, cannot access to \\tsclient\c\Temp\myfile.bmp" , but that's not possible because other text, word, pdf files are in the same folder and all work very well. I think the problem is the file association with bitmap file. In the registry on the server, I have seen the .bmp has been mapped with a key like PBrush, that was the old Paint Brush program in the very first versions of Windows, I think.
Do you have any idea how to fix the problem file type association with mspaint program on the server (Win 2012 R2)?
Thanks a lot
Thomas Tran
====================
Free tools for Citrix & RDS
↧
Remote Access Denied not working
Hi all.
I need help with some on windows server 2008
I need that one account doesn't have permissions make remote desktop. All of these is in windows server 2008 NOT R2 and it applies to Windows server 2003 , 2008 , 2012. the problems is, this works only on 2003 and 2012 Server but not in 2008.
The ticket applied in active directory is:
Deny this user permissions to log en to Desktop Session Host server
Best Regards - Saludos cordiales Juan Carrillo Vaccaris Engineer - Management, IT Professional Services, DATCO Chile S.A. E-Mail: Juan.Carrillo@datco.cl Website: http://www.datco.cl
↧