I have 2 Terminal Servers (TS4 and TS5) both running Remote Desktop Services. However, I can only see the connections on TS4 for both Terminal Servers. On TS5, I cannot see any of the connections.

Here is what I see on TS4

Here is what I see on TS5:

Hi,

Is there a way to restrict Remote Desktop Users from copying executable files to RD Server? FSRM blocks all users.

Thanks.

Hello,

We have a Windows Server 2016 box that is being used for users to remote in to their computers by way of RDWeb. Every time someone goes to the website to login we we get the following Warning logged in events:

Event code: 3005 
Event message: An unhandled exception has occurred. 
Event time: 10/26/2018 10:49:47 AM 
Event time (UTC): 10/26/2018 2:49:47 PM 
Event ID: 00f90daa62f94580925cf71413f5874d 
Event sequence: 5 
Event occurrence: 1 
Event detail code: 0 
Application information: 
    Application domain: /LM/W3SVC/1/ROOT/RDWeb/Pages-6-131850389869549350 
    Trust level: Full 
    Application Virtual Path: /RDWeb/Pages 
    Application Path: C:\WINDOWS\Web\RDWeb\Pages\ 
    Machine name: XXXXXX 
Process information: 
    Process ID: 5096 
    Process name: w3wp.exe 
    Account name: IIS APPPOOL\RDWebAccess 
Exception information: 
    Exception type: NullReferenceException 
    Exception message: Object reference not set to an instance of an object.
   at Microsoft.TerminalServices.Publishing.Portal.FormAuthentication.TSFormAuthTicketInfo..ctor(HttpContext objHttpContext)
   at ASP.en_us_default_aspx.<GetAppsAsync>d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Web.UI.PageAsyncTaskManager.<ExecuteTasksAsync>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Web.UI.Page.<ProcessRequestAsync>d__554.MoveNext()

 
 
Request information: 
    Request URL: https://XXXXXXXXX:443/RDWeb/Pages/en-US/Default.aspx 
    Request path: /RDWeb/Pages/en-US/Default.aspx 
    User host address: XXXXXXXX 
    User:  
    Is authenticated: False 
    Authentication Type:  
    Thread account name: IIS APPPOOL\RDWebAccess 
 
Thread information: 
    Thread ID: 115 
    Thread account name: IIS APPPOOL\RDWebAccess 
    Is impersonating: False 
    Stack trace:    at Microsoft.TerminalServices.Publishing.Portal.FormAuthentication.TSFormAuthTicketInfo..ctor(HttpContext objHttpContext)
   at ASP.en_us_default_aspx.<GetAppsAsync>d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Web.UI.PageAsyncTaskManager.<ExecuteTasksAsync>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Web.UI.Page.<ProcessRequestAsync>d__554.MoveNext()
Custom event details: 

Hi Community,

The company I am working for has multiple sites dotted around the globe. All offices have their own local domain but in one forest. In this scenario:

DomainA = Forest Root
DomainB = Global Office 1  <--- The RDS Farm is located within this domain
DomainC = Global Office 2
DomainD = Global Office 3

DomainB is a mix of Windows 7 and Windows 10 1703/1803 PCs and all can connect to the RD Farm fine.
DomainC consists entirely of Windows 10 1803 PCs and all can connect to the RD Farm fine.
** DomainD consists entirely of Windows 10 1803 PCs BUT NO MACHINES CAN CONNECT TO THE RD FARM ***

For DomainD, if a machine is NOT bound to the domain (i.e., a part of a workgroup), then access to the RDFarm works fine. It resolves the Gateway for the RDS Farm with it's external address, it takes a specific route (trace route) to that gateway and nslookups gives me back the correct info too. The DNS Servers specified on this workgroup PC is the internal domain controller and the Forest Root's DNS located on it's DC.

When I bind this PC to the domain, tracert, ping and nslookup against the gateway all resolve exactly the same, but I am UNABLE to connect to the RDS Farm. It sits on "Initiating Remote Connection", then times out after 90 seconds and displays the following:

Remote Desktop can't connect to the remote computer for one of the following reasons: not enabled, turned off, check network etc" (all of which I know aren't the issue, as all of the other global offices can connect without any issue).

The same issue on the domain bound PC is also apparent when DNS is over-ridden and I just specify 8.8.8.8.

Looking through the event logs on the client, I see the following:

On the Server side, I see a 3 logs associated with this connection attempt, all of which are along the lines of:

The user "me@company.com", on client computer "IP:Port", has initiated an outbound connection. This connection may not be authenticated yet.

The RD Farm is configured in a HA setup; 2 servers both hosting the WA and GW roles / 2 servers both acting as Connection Brokers and 2 Session Hosts. This is exactly the same set up in this office (DomainD) and it is in DomainC which works perfectly. All Domains can see DomainA (Forest Root), but selective traffic enabled between child domains (which I cannot control!)

Any assistance would be greatly appreciated!!!

Many Thanks,
D

Hi all, 

We have 2 remote applications running on Server 2016 that is accessed by 150+ users. Recently there have been reports that when hovering over certain areas in the application, local apps that they have running in the background come to the foreground over the Remote applications. 

I have been unable to find any solutions to this issue, any insight would be appreciated.

hello guys,

i'm having this problem only when trying to log into windows 2012 RDS servers(2003,2008 are fine) were space and backslash is added to the front of the UPN.

For example:

I save my UPN david@mydomain.com in my remote desktop connection settings. Then when i try to remote into my RDS windows 2012 servers this what is added in the username field " \david@mydomain.com" without the double quotes and therefore i get the error message "The user name or password is incorrect. Try again.". When i remove the space and backslash i can remote in just fine. I have looked everywhere and no one has been able to bring up solution. Please help!

yes

I have a relatively simple setup.  I have a previous 2012 R2 deployment that I am replacing with this 2016 deployment.  1 Gateway, 1 Broker, and 2 Load Balanced Hosts.  Everything is working fine for users connecting from the local network.  Users connecting remotely are getting a Code 0x607 authentication error when they are redirected to the second host.

Our gateway server is using a 3rd party certificate.  This server is running 2012 R2.  It is still part of the 2012 R2 deployment, but my understanding is that it should continue to work just fine.  The eventual plan is to replace this server with a 2016 that is part of this deployment, once I have transitioned my users.

Our Broker server also serves as a host.  This server is using a cert issued by our local domain CA.  All is well on this machine.  The RDWeb service is also installed here. I should mention that our users do not use the RDWeb service.  Rather, I use the RDWeb to get an RDP file that I distribute to the users.

Our 2nd Host is where we are seeing the issue.  This server is also using a cert issued by our local domain CA.  When users are redirected to this serverwhile connecting remotely, they are getting the error I mentioned above.  

My clients require TLS.  The RDP files are directed toward the Broker and have all of the load balancing details and use  redirection server name set to 1.

The 0x607 error seems to indicate that I have a certificate issue when the client is trying to connect to the host.   What has me confused is the the fact that they work just fine locally, when only one of my servers has issues remotely (both using local domain cert).

It is my understanding that we should not be using a DNS Farm name with 2012+ versions of RDS.  Perhaps I am breaking that logic by handing out a static RDP File.  If that is the case how do I fix it?  I have thought about getting a 3rd party cert for my internal domain servers, but that is an expensive guess if I am wrong about the issue.  

What have I done wrong?

Hi there,

I'm a left-handed person. So I use the mouse with my left hand and naturally I use "Switch primary and secondary buttons" mouse control panel option.

When it comes to RDP connections, I almost always connect to the desktops where "Switch primary and secondary buttons" is set for right handed people. When I'm inside an RDP session the mouse stops respecting my mouse settings and apply guest desktop settings which creates a lot of confusion to me.

Is there a way to setup my RDP client so that it automatically handles right vs. left buttons translation ?

We setup Remote Desktop Services and made sure options were selected to redirect the local printers on each user's setting. We also made sure the option to block it was unchecked. They can print to networked printers at their location but can't print to local printers at their location. These are printers that are plugged in directly to their computers or laptops. The drivers are installed on the server.

When I look on the server the printer shows that there are documents in the print queue that have error - printing.

I look in the event log and there are error entries for TerminalServices-Printers:

An internal communication error occurred. Redirected printing will no longer function for a single user session. Check the status of the Remote Desktop Device Redirector in the System folder of Device Manager.

Log Name: System

Source: TerminalServices-Printers

Evenr ID: 1103

Level: Error

I look in Device Manager and the Remote Desktop Device Redirector Bus Properties status says, "This device is working properly."

What could be causing these printers to error and not print?

Thank you,

Jessica

Hi,

We are having an issue with redirected printers. Our RDS host is running Windows Server 2012 x64, our clients; Windows 10 x64 & Windows 7 x64.

For testing purposes we have shared WordPad through RDS, which is working fine. Our client printers (Brother MFC-9120CN and a DYMO LabelWriter 450 Turbo) are correctly showing on the host (Devices and Printers) and clients (Print Dialog) with the "(redirected X)" suffix, where X is a number.

The Brother is a network printer. The DYMO is connected via USB on a client.

When we try and print to any of the redirected printers nothing happens on the client, there are no messages or event logs. On the host there is the following Error in the PrintService event log:

"The document Print Document, owned by rdstest, failed to print on printer Brother MFC-9120CN Printer (redirected 2). Try to print the document again, or restart the print spooler.
Data type: RAW. Size of the spool file in bytes: 97316. Number of bytes printed: 76398. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\SERVER Win32 error code returned by the print processor: 5. Access is denied."

We receive the same error with the DYMO printer which is more important to us. Additionally we get the same error using an admin account, with both printers.

We do not receive this issue using Microsoft XPS Document Writer (redirected X).

Things we have tried without success:

• Logging into RDS using an admin account
• Installing identical printer drivers on host and clients for each printer
• Restarting the spooler service on the host and clients
• Checking the System32/Spool/PRINTERS folder on host and clients - no files to delete
  
• Adding 'Everyone' (including write and modify access) to the System32/Spool folder (including sub-folders)
• Adding the RDS user (including write and modify access) to the System32/Spool folder (including sub-folders)
• Using the "CD\Windows\System32\Spool Cacls.exe PRINTERS /e /g users:C" command via command line (run as admin)
• Disabling "Use Remote Desktop Easy Print printer driver first" in the Group Policy Management Editor
• Disabling various other settings in the "Printer Redirection" section of the GPME
  
• Restarting the server
• Restarting the clients

We still receive the access denied error.

Furthermore, on the host, if we go to devices and printers and select a redirected printer and print a test page, the same error appears in the event log.

We've exhausted all of the solutions we could find. Could someone please offer us any other solutions?

Ok guys, I have been chasing some weird issues with RemoteApp deployment.  I had abandoned the GUI to deploy RemoteApp as the session collection would fail every time when deploying the apps.  I have it narrowed down to a specific program that has an issue.  When trying to setup the new RemoteApp via Powershell without specifying an -IconPath this app fails with this error:"New-RDRemoteApp : Could not find the specified icon:"

 If I try to deploy this app with the -IconPath parameter the process will complete.  However, as soon as this hits the RDweb, IIS crashes out with a generic runtime error.  I have tried to place the icon in the same root folder as the executable, no luck.  I have even opened the exe with Resource Hacker and created a new Icon and exe.  Same problem every time.  I can use powershell to remove the app from the collection and IIS immediately gives me the working RDweb interface after a refresh.  I am at a loss as to why this one application refuses to allow a successful deployment.  Any help is greatly appreciated.

Windows Server 2016 Datacenter

Running on VMware ESXi6.5

****-License01.corp.contoso.com = RD License, Broker, Gateway and Web Access (Also handles application licensing)

****-APPS01.corp.contoso.com = RD Session Host (houses the applications and data)

i am trying to disable Hyper V (its not going well if anyone could help id appreciate that). So i tried to install Hyper v and then delete it, but when i deleted it i had to restart and it must have deleted the GUI with it. So my VPS is blank with only Administratoron the top of the box. I need to find a way to get back into the server. Now i did find a solution to it using "SConfig" and that method (heres the link to it https://www.howtogeek.com/111967/how-to-turn-the-gui-off-and-on-in-windows-server-2012/ ) . However with mine number 12 says "Log Off User". It doesnt say anything to do with GUI. I know or i think i deleted it but i need it back to get back into my vps. Thanks .

I am using windows 2008 R2..

RDP role installed..  I can connect with more than 10 users.

but Roaming user can't use printer.

This has been going on for years and I've just accepted it, but it seems too weird and makes auditing difficult.  We have 5 load-balanced terminal servers and 2 connection brokers.  Once a week, I audit all 7 servers for event ID 4625.  The week that Windows Updates have been staged through our WSUS, I get literally hundreds of 4625 Events on the Connection Brokers.  The events pop up 8 at a time within 1 second.  The terminal servers themselves don't have any issues.

This is an event from one of the Connection Brokers:

An account failed to log on.

Subject:
	Security ID:		NULL SID
	Account Name:		-
	Account Domain:		-
	Logon ID:		0x0

Logon Type:			3

Account For Which Logon Failed:
	Security ID:		NULL SID
	Account Name:		<CNBRKR COMPUTER NAME>
	Account Domain:		<DOMAIN>

Failure Information:
	Failure Reason:		Unknown user name or bad password.
	Status:			0xc000006d
	Sub Status:		0xc0000064

Process Information:
	Caller Process ID:	0x0
	Caller Process Name:	-

Network Information:
	Workstation Name:	<CNBRKR COMPUTER NAME>
	Source Network Address:	fe80::39b9:306b:5224:fd9
	Source Port:		62951

Detailed Authentication Information:
	Logon Process:		NtLmSsp 
	Authentication Package:	NTLM
	Transited Services:	-
	Package Name (NTLM only):	-
	Key Length:		0

This event is generated when a logon request fails. It is generated on the computer where access was attempted.

The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).

The Process Information fields indicate which account and process on the system requested the logon.

The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
	- Transited services indicate which intermediate services have participated in this logon request.
	- Package name indicates which sub-protocol was used among the NTLM protocols.
	- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

After the Windows Updates are installed, the 4625 events go back to normal where my users can't remember their passwords.

Any ideas?

Hello,

In our environment, we have an application published RemoteApps on the RDWeb page. This RemoteApp from the application there is a print button which will call a Batch file on the Terminal server.

Example:  User with a receipt printer attached to his workstation. goes the RDWeb and logins. Launches the RemoteApp then the user wants to print which will trigger batch file in the background and it should print on the local receipt printer. But this scenario is not working.

However, the same goes to RDWeb and logins. Goes to connect to Remote PC gives the Session host server name and then gets the RDP session and from there the User launches the same Application and then select the Print option which also calls the Batch file which is printing on the local receipt printer.

FYI all the plug and play devices, ports and others pnp devices are allowed. Please suggest if I have to make any changes in the Published app

I don't understand why it is not printing from the Published app and it is working from full RDP session

These are the settings given for Collection

On RemoteApp Parameters. Do I need to change anything

Pls suggest me any ideas



Shekar

Hello, we have 25 Windows 2008 R2 servers not joined to a domain, they are in workgroup, but they can communicate with each other over the network. We use Remote Desktop Licenses - per User, and actually we installed licenses on each server. Some server needs more licenses, some less, so we'd like to optimize Licenses use by installing the Remote Desktop Licensing Server Service on a centralized server, and setting each Windows 2008 R2 server to point to that as Licensing Server.

Do you know if this is possible, since they are in workgroup? Or is there another way?

Thank you

Valeria

Hi,

Anybody can help me to find a backup system for this server OS please....

Windows Server@Standard

Copyright (c) 2007 Microsoft Corporation. All rights reseved.

Service Pack 2

I googled a famous backup software but cannot see a compatible for this server OS version.

I need to have an automatic running scheduled backup for the data on server.

Thanks.

Hi,

Is it possible to publish applications if the Remote Desktop Services RDWEB are installed on a stand alone server Windows 2012 Standard?