This has gotten extremely frustrating for my company.  

We work using RDP connections to our VM servers.  But we keep getting complaints about people losing connections after only 10-20 minutes of inactivity.

We have already checked the Terminal Services connection times and we have it set to disconnect users after 6 hours of idle.  And we have it set to log off any session that has been disconnected for more then a minute.  Everything else is set to never.

We have also adjust screensaver settings to never, adjust power management to never ask for any passwords, sleep and turning off the screen has also been disabled to never occur.  Keep-Alive is turned on and set to 2.  All this is controlled by the GPO.

What I have found so far is my own Laptop has the same issue.  I have tried disabling the system from powering down the network device (power savings) and still lose connection.

This also seems to happen almost exclusively when connecting to Windows2008 servers and Windows7 PCs.  

Edit:  Oh, found this seems to be associated to specific networks.  I just tested this from another network and not a single connection loss with 3 hours of testing scenarios.  

This seems like a combination of two points.  Since the problem doesn't occur while connecting to our Win2k3 servers, it would seem that the RDP version in Win2k8 has something different about it that causes certain networks to randomly lose connection while the connection is idle.

My main question is how do I stop the random disconnects from happening.

Hello,

Because we are going to migrate from hypervisors i need to add an extra rd gateway, rd connection broker and rd web access server to an existing deployment.

Can someone point in to some documentation about adding extra servers? Or is it as easy as adding these server in server manager --> remote desktop services --> overview --> deployment servers --> tasks --> add

Thanks!

LEVD

Hi,

I'm trying to configure my session host connections to be secured using a certifcate issued by a CA.  I've had no problems configuring the gateway or broker server but am getting the following error when I am configuring the session host:

Remote Desktop Session Host Configuration:
There are no certificates installed on this Remote Desktop Session Host server.

If you are not familiar, where to change this setting you must right click the "RDP-TCP" connction, select properties and then press "Select" on the General tab.

The certificate is installed in the personal certificates of the current user.

This is happening on both the servers in my farm and is causing an error message due to the certificate mismatch.  Any assistance or a workaround would be great.

Thanks
Soops

I'm using RDS/Remoteapp on generally windows 10 clients to fully patched server 2016 hosts. 

I'm getting Disconnected due to a protocol error and it's sometimes fixed by rebooting the host. Each host has 8GB of ram and max one user at a time. Even after a reboot it'll often stop working a few minutes later. 

Google seems to have no results on this platform and issue over RDS

Printing to redirected printers is not working anymore. (It's OK with W2008 R2).

RDP client being W7 (or Wyse ThinOS)

I tried with two different printers : Dymo Labelwriter 450 and Ricoh Aficio SP 4310N PS (and PCl5e).

- The driver is well present on the host side (the redirection occurs well).

- Easy Print disabled (GPO)

When trying to print, the popup message is "Error printing to ....", Then subsequent tries result in popups "Printer is in error state"

The Printservice log says at the end on the error entry   "...Win32 error code returned by the print processor: 50. The request is not supported."

When the RDP client is another W2016 RDSH, then printing to a redirected printer (network printer in that case)  works well.

Hi team, I'm running into problems with licensing. I get an error prompt upon login:

Remote Desktop licensing mode is not configured
Remote Desktop Services will stop working in 8x days. On the RD Connection Broker server, use Server Manager to specify the Remote Desktop licensing mode and the license server.

What I need is:

5 users to be able to Remote Desktop into my 2012 R2 server via the Remote Desktop tool.
Really have no idea how to make this works.

In addition, under Server Manager - Remote Desktop Services - Overview, it prompts below message:

- A Remote Desktop Services deployment does not exist in the server pool. To create a deployment, run Add Roles & Features Wizard and select the Remote Desktop Services Installation option (that's all the message).

FYI, I am trying to deploy 1 server solution to have this Remote Desktop Service running - is this possible?

Thanks......

Good Afternoon,

I have a new RDWeb farm built off Server 2016.  Architecture consists of:

1 Gateway Server - GW01 - Running RD Gateway and RD Web Access roles.
1 Connection Broker - CB01
1 Session Host - SH01
1 Licensing Server - LIC01
1 Active Directory Controller - AD01 - Domain: domain.contoso.com

I am only publishing applications through a Session Host, I am not using any RD Virtualization Hosts.

I have created another DNS zone (split brain) in my internal DNS to give all my servers a .example.com DNS entry (Eg: CB01.example.com).  This DNS name resolves without issue internally, but not externally.

RD Web URL: mystuff.example.com

I have it deployed and it seems to function properly.  I have a legitimate certificate installed for the *.example.com on all the Role Services.

I have used this script to change the published FQDN to avoid certificate mismatch errors:

Change-published-FQDN (Powershell script. I can't link cause my account is too new)

What is odd about this tool, is I have to set the published name to the connection broker server.  Eg: cb01.example.com.  If I try to set it to mystuff.example.com, I get an error and no logins work when clicking the published application.

When users log in, they get the RD Web page.  They can log into that and see the published application.  When they click the published application, intermittently it will get stuck at "Loading Virtual Machine" at which point the user either needs to reboot, or kill their Remote Desktop process.  Other times, it will work properly and the application will load as expected.  The intermittent issue happens perhaps 25% of the time.  

I am a bit stumped.  I don't see any log entries that have helped me get past this issue.  I think my problem lies with the Change Published FQDN tool, but I am honestly guessing at this point.

Are there any logs I should be looking at when this issue happens?  Any idea what problem I am having?  

As the title states, I am having an issue connecting externally using Remote Desktop Connection to my Windows Server 2016.

Internally connections go through without issue, but as soon as I attempt to connect Externally (OffSite) I am met with the message "Remote Desktop Connection can't connect to the remote computer for one of the following reasons:

1) Remote access to the server is not enabled

2) The Remote Computer is turned off

3) The remote computer is not available on the network

Make sure the remove computer is turned on and connected to the network, and that remote access is enabled."

As stated if I am in office, I can access the server without issue, but accessing it OffSite returns the above can't connect message, I have gone through a large number of recommended fixes found on google and Technet to no avail.

Any and all help would be appreciated.

Ok guys, I have been chasing some weird issues with RemoteApp deployment.  I had abandoned the GUI to deploy RemoteApp as the session collection would fail every time when deploying the apps.  I have it narrowed down to a specific program that has an issue.  When trying to setup the new RemoteApp via Powershell without specifying an -IconPath this app fails with this error:"New-RDRemoteApp : Could not find the specified icon:"

 If I try to deploy this app with the -IconPath parameter the process will complete.  However, as soon as this hits the RDweb, IIS crashes out with a generic runtime error.  I have tried to place the icon in the same root folder as the executable, no luck.  I have even opened the exe with Resource Hacker and created a new Icon and exe.  Same problem every time.  I can use powershell to remove the app from the collection and IIS immediately gives me the working RDweb interface after a refresh.  I am at a loss as to why this one application refuses to allow a successful deployment.  Any help is greatly appreciated.

Windows Server 2016 Datacenter

Running on VMware ESXi6.5

****-License01.corp.contoso.com = RD License, Broker, Gateway and Web Access (Also handles application licensing)

****-APPS01.corp.contoso.com = RD Session Host (houses the applications and data)

Hi,

The new web client seems very limited when it comes to configuration.  I need to force a keyboard type (PC/UK) but I can't seem to find any way of doing this.  Are there some super secret options out there or is it a case of waiting for the next version and hope this functionality is included?

Thanks

Rob

正規ライセンスをもって、ドメイン参加したWindows 2016サーバマシンに、

RDS ライセンスサーバをインストールし、アクティベートを成功し、

CAL (user)ライセンスをインストールし、診断ツールでチェックしていても、正常。

ライセンス数が１０個に対して、ユーザ２つにそれぞれアサインされていて、残りのライセンスは８個。

RemoteAppの配布も、リモートPC接続も、同じドメインにある他のマシンから接続できている。

ライセンスの状態もアクティブとなっていて、有効期限は「期限切れなし」となっている。

しかし、CALライセンス情報は、有効期限として、発行日から6０日後となっている。

エラーも何も発生していないのですが、なぜ、CALライセンスの有効期限が「期限切れなし」とならないでしょうか？

i am trying to disable Hyper V (its not going well if anyone could help id appreciate that). So i tried to install Hyper v and then delete it, but when i deleted it i had to restart and it must have deleted the GUI with it. So my VPS is blank with only Administratoron the top of the box. I need to find a way to get back into the server. Now i did find a solution to it using "SConfig" and that method (heres the link to it https://www.howtogeek.com/111967/how-to-turn-the-gui-off-and-on-in-windows-server-2012/ ) . However with mine number 12 says "Log Off User". It doesnt say anything to do with GUI. I know or i think i deleted it but i need it back to get back into my vps. Thanks .

Hello,

we are running a RemoteApp environment using RDS Gateway running on Windows Server 2016 Standard. Our problem is that clients running on Windows 10 are not able to connect to RemoteApp at all. After entering the credentials, the login window pops up again after 1 second (it's an endless loop). 

An entry with the Server IP to our internal server name was created in the hosts file. Pinging it also works fine.

RDP Client logs show the following (unfortunately in German):

Clients running on Mac OS are able to connect just fine.

Thanks in advance for any help!

I have a relatively simple setup.  I have a previous 2012 R2 deployment that I am replacing with this 2016 deployment.  1 Gateway, 1 Broker, and 2 Load Balanced Hosts.  Everything is working fine for users connecting from the local network.  Users connecting remotely are getting a Code 0x607 authentication error when they are redirected to the second host.

Our gateway server is using a 3rd party certificate.  This server is running 2012 R2.  It is still part of the 2012 R2 deployment, but my understanding is that it should continue to work just fine.  The eventual plan is to replace this server with a 2016 that is part of this deployment, once I have transitioned my users.

Our Broker server also serves as a host.  This server is using a cert issued by our local domain CA.  All is well on this machine.  The RDWeb service is also installed here. I should mention that our users do not use the RDWeb service.  Rather, I use the RDWeb to get an RDP file that I distribute to the users.

Our 2nd Host is where we are seeing the issue.  This server is also using a cert issued by our local domain CA.  When users are redirected to this serverwhile connecting remotely, they are getting the error I mentioned above.  

My clients require TLS.  The RDP files are directed toward the Broker and have all of the load balancing details and use  redirection server name set to 1.

The 0x607 error seems to indicate that I have a certificate issue when the client is trying to connect to the host.   What has me confused is the the fact that they work just fine locally, when only one of my servers has issues remotely (both using local domain cert).

It is my understanding that we should not be using a DNS Farm name with 2012+ versions of RDS.  Perhaps I am breaking that logic by handing out a static RDP File.  If that is the case how do I fix it?  I have thought about getting a 3rd party cert for my internal domain servers, but that is an expensive guess if I am wrong about the issue.  

What have I done wrong?

Hi All,

I am using windows 10 & build 1809 PC as hardened PC , All the port closed in  PC through firewall inbound and outbound rule.

And explicitly allowed only RDP port 3389 and windows defender firewall is off mode ,i am able to take RDP  from other system.

When I turned on the windows defender Firewall in windows PC ,unable to take remote desktop from other PC.

For testing purpose ,we have enabled the TCP and UDP all port ,i am able to take RDP,at moment blocking all TCP & UDP port

and allowed RDP port-3389 in firewall facing same issue.

Please help me how to resolve issue and capture event logs in windows firewall .

Thank in advance 

- Regular users being able to install update and restart a *** server *** (https://support.microsoft.com/en-za/help/4014345/how-to-block-user-access-to-windows-update-on-windows-server-2016)  ; 

- "Dual scan" feature resulting in the lovely GPO "Do not allow deferral policies to cause scan against Windows Update". It tooks me 30 min to understand the latter (and I'm not sure I get it right).

I just can believe the Windows Update mess we're in....

Man, I just want updates being downloaded only and being able to install them on *** servers *** when I decide by clicking "install updates".

Hence the "3 - Auto download and notify for install" former option.

And, of course I don't want users being able to install updates nor restart a *** server ***.

What was wrong with that ?

We have completed RDS deployment and now trying to add RD Gateway role. The wizard fails with no information. Checking the event logs and it says the role was successfully installed, but it is not. Have enabled debug logs and checking RdmsUI-trace.log, it also says the role was successfully installed, but it is not.

According to this article, we should also have an RDMSDeploymentUI.txt file in Windows\Logs, but none has been created (yes registry entry is added and server has been rebooted multiple times).

Have run the wizard several times, including several reboots and get the same every time. When adding the RD Gateway role, the instructions on certificate is exceedingly confusing, conflicting itself. We don't want to use a self-signed certificate - we have a proper certificate, but it's not clear whether we can specify the real certificate or must use a temporary self-signed certificate initially. In any case, I have tried both, specifying the actual public certificate common name we will use (rds.ourdomain.co.uk) as well as the local server name (our-rds.domain.local). Same failure every time.

With zero information on why the wizard says it failed while other parts say it succeeded, but didn't because the role is most definitely not installed, how can we determine what the issue is?

For information, this 2016 server is a member server on a network controlled by an SBS 2011 box, if that has any bearing.

Adam@Regis IT

Hi,

we host multiple clients with highly standardized environments but on the servers of a single customer i have the following behaviour:

• a User logs on to the RDS Server
• the User Profile Service (profsvc) writes the assigned FTAs (in this case protocols) into the user registry (observed in procmon)
• the User gets promted for which application to use for opening assigned type

The associations xml is right since it works with every other customer. The only FTAs (or protocols) included are http and https.

The values get written to the correct reg key: HKU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http(s)\UserChoice

There ProgID and Hash are also written but it seems like the Hash is wrong.

If i set the default Program in the dialog (OpenWith), another Hash is written and this Hash seems to be correct since opening Hyperlinks works then. But since UsrClass.dat doesn't roam after a logoff the settings are gone.

If I take a hash value that has been set through the OpenWith dialog that is working and replace it with the hash set from profsvc it also works.

I read that the generation of the hash also includes the timestamp of the reg key. If this is true replacing the hash with an older version should not work right?

Since this behaviour only occurs on one of our clients i do not rule out the possibility of customizations made by the customer but i can not find any further clues to pin down the culprit. 

Said Server is a 2012 R2 with latest patches, Citrix VDA 7.6, Citrix UPM 5.5. The issue occurs on all tested clients (Win7, Win10, IGEL ThinClients)

What are other areas i could look or tools i could use to do any further analysis? My traces so far involved monitoring the activity on said registry keys and the mentioned associations.xml in procmon. In both cases only svchost with UserProfileService on the Stack accessed said items.

Thanks in advance!

associations.xml:

<?xml version="1.0" encoding="UTF-8"?><DefaultAssociations><Association ApplicationName="Internet Explorer" ProgId="IE.HTTP" Identifier="http"/><Association ApplicationName="Internet Explorer" ProgId="IE.HTTPS" Identifier="https"/></DefaultAssociations>

Stack of the RegSetValue Operation on the hash on User login:
0	ntoskrnl.exe	RtlEqualUnicodeString + 0x1f00	0xfffff8033d425d80	C:\WINDOWS\system32\ntoskrnl.exe
1	ntoskrnl.exe	SeAssignSecurity + 0x2d77	0xfffff8033d45d5cf	C:\WINDOWS\system32\ntoskrnl.exe
2	ntoskrnl.exe	setjmpex + 0x6523	0xfffff8033d1d51a3	C:\WINDOWS\system32\ntoskrnl.exe
3	ntdll.dll	NtSetValueKey + 0xa	0x7ffaead70d5a	C:\WINDOWS\SYSTEM32\ntdll.dll
4	KERNELBASE.dll	RegCreateKeyExW + 0x187	0x7ffae8161477	C:\WINDOWS\system32\KERNELBASE.dll
5	KERNELBASE.dll	RegSetValueExW + 0x141	0x7ffae8161601	C:\WINDOWS\system32\KERNELBASE.dll
6	SHELL32.dll	OpenRegStream + 0x2daf	0x7ffae97924df	C:\WINDOWS\system32\SHELL32.dll
7	SHELL32.dll	Ordinal714 + 0x32ad	0x7ffae9840f2d	C:\WINDOWS\system32\SHELL32.dll
8	SHELL32.dll	SHGetFolderPathAWorker + 0x74b	0x7ffae98568fb	C:\WINDOWS\system32\SHELL32.dll
9	SHELL32.dll	SHGetFolderPathAWorker + 0xa5c	0x7ffae9856c0c	C:\WINDOWS\system32\SHELL32.dll
10	SHELL32.dll	SHGetFolderPathAWorker + 0x904	0x7ffae9856ab4	C:\WINDOWS\system32\SHELL32.dll
11	SHELL32.dll	SHGetFolderPathAWorker + 0x148a	0x7ffae985763a	C:\WINDOWS\system32\SHELL32.dll
12	SHELL32.dll	SHGetFolderPathAWorker + 0xdde	0x7ffae9856f8e	C:\WINDOWS\system32\SHELL32.dll
13	SHELL32.dll	Ordinal891 + 0x17a36	0x7ffae98c6ae6	C:\WINDOWS\system32\SHELL32.dll
14	profsvc.dll	profsvc.dll + 0x4ad8	0x7ffae59b4ad8	c:\windows\system32\profsvc.dll
15	profsvc.dll	profsvc.dll + 0x499b	0x7ffae59b499b	c:\windows\system32\profsvc.dll
16	profsvc.dll	UserProfileServiceMain + 0xe69	0x7ffae59c2079	c:\windows\system32\profsvc.dll
17	profsvc.dll	UserProfileServiceMain + 0x16f1	0x7ffae59c2901	c:\windows\system32\profsvc.dll
18	profsvc.dll	profsvc.dll + 0x7d3d	0x7ffae59b7d3d	c:\windows\system32\profsvc.dll
19	profsvc.dll	profsvc.dll + 0x68da	0x7ffae59b68da	c:\windows\system32\profsvc.dll
20	ntdll.dll	TpSimpleTryPost + 0x1be	0x7ffaeacf679e	C:\WINDOWS\SYSTEM32\ntdll.dll
21	ntdll.dll	RtlFreeUnicodeString + 0x17ed	0x7ffaead18e8d	C:\WINDOWS\SYSTEM32\ntdll.dll
22	KERNEL32.DLL	BaseThreadInitThunk + 0x22	0x7ffae8c213d2	C:\WINDOWS\system32\KERNEL32.DLL
23	ntdll.dll	RtlUserThreadStart + 0x34	0x7ffaeacf54f4	C:\WINDOWS\SYSTEM32\ntdll.dll