Hi

I am using RSA to perform authentication and I would like to disable the FBA for RDWeb so that the SSO works. However after login from the RSA Form Based Portal, I am still presented with the FBA Logon page. How do I replace the FBA Page with those normal Pop Up Dialog Box for authentication?

Thanks

When you close a Remote Desktop Connection, you recieve a message like "This will disconnect your Remote Desktop Services sessions. Your programs will continue to run while you are disconnected. You can reconnect to this session later by logging on again."

Is there a way to turn this off - e.g. an option or registry setting?

Hi

I would like to make RDWeb FBA authentication against RSA SecureID instead of via AD. I have installed the RSA Web Agent 7.1 and created the agent profile.

However, I still can't login with the RSA account. Is there any thing I need to change on the web.config so that it will authenticate with RSA?

Thanks

I am creating and testing an RDS environment.  Currently, I have created three servers: an AppServ to house and publish applications, a FileServ to house redirected user folders, and a RDS Session Host.

I would like to use the RemoteApp web feed to publish applications to users on the RDS session host.  It actually works just fine.  However, the icons for applications on the Start screen show as blank.

If I open the file location, the icons still show as blank.  However, if I open the same location on my PC, I can see the proper icons.

Any help would be appreciated!  Thanks.

Hello,

I am in the process of implementing RADIUS based two factor authentication for the RDS gateway.  Its a phone based 2nd factor authntication and it adds a considerable amount of time required to authenticate, sometimes up to 60-90 seconds.  However, it looks like when remote desktop client is open and says "Initiating Remote Connection..." if the user does not pick up the phone and authenticate in the next 30 seconds, the connection will time out even if the authentication was successfull.  Is there a way to change amount of time that the gateway and RDP clients are waiting for the authentication attempt to succeed?

Our Environment:

Windows 2008 R2 RD Gateway + ISA 2005 on Windows 2003

Thank you.

Hello,

We have got a WDS running in our environment. Now we are in a process of implementing diskless workstation which will pxe boot into the Terminal server using a third party tool. But now the problem is both these services are conflicting. So when we press f12 button it is booting from the Terminal server not from the WDS. How do I troubleshoot this issue? Please help.

--

Tony

Hi all,

I've scoured the internet and nothing has come up so far. 

We have a 2012 RDS deployment consisting of the following:

1x AD / RD Licensing Server / Print / UPD

1x RDGW

3x RDSH

1x LOB DB Server / File Server

We are running between 80-120 RDS sessions on there and are using the new UPD (User Profile Disks) to connect users to their profiles.  These VHDX's are located on the AD.

We noticed this morning a number of disconnected sessions logging in and not seeing anything in their start menu, no pinned items on the taskbar and nothing on the desktop.

After logging the sessions off and back on again, the profile was good, but definitely pointed to a problem with mounting the UPD's. 

We then noticed later in the day that whilst the user would continue to work, if they attempted to access their desktop or click the pinned explorer button, they would receive a message stating that C:\Users\<username>\Desktop refers to a location that is unavailable, suggesting that the UPD had dismounted.

So now we have a recurring problem that doesn't want to go away.

The only error we see in the event logs at this stage is this:

Remote Desktop Services could not disconnect a user disk for the user account with a SID of <SID>. The error code is 0x80070005.0

This error message code, normally refers to an access denied message, which is obviously being caused by a loss of connectivity to the UPD's. 

We have checked network settings and there is no loss of network connectivity between the VM's.  

Any thoughts?  We are day 2 in to Go-Live and have only seen this issue since then after 4 weeks of testing.

Thanks - Jason.

Consultant | Nerd | Visionary. http://www.ethertech.com.au/ | http://www.deeperstates.com.au

I am looking for some guidance or documentation about designing a RDS 2012 environment both session hosted and virtual desktops.
Some actual questions I have around RDS 2012 are:

- Can RD Connection brokers shared over more than 1 datacenter with one collection of Session hosts? What connection is required between the datacenters?

- Can RD Gateway shared over more than 1 datacenter with one of more collections? What connection is required between the datacenters?

- Can we have 1 RD Gateway for more than 1 RDS Session host deployment in te same domain (not collections but complete seperated RDS environments)

- Can we have 1 RD Web Access for more than 1 RDS Session host deployment in the same domain (not collections but complete seperated RDS environments)

The only documentation I have found is the IPD of RDS 2008 R2, however there are a lot of changes in RDS 2012. Technet also doesn't have the RDS 2012 documentation online.

Thnx,

Hello,

I am in a bit of a fix.  Back when we were running our ERP software as a "Fat client" we were able to use the lockprint feature on our big copier without incident.  Since then we have move to a "Thin client" setup using RDP and now we can't lockprint our print jobs.

I have gone as far as to install numerous copies of the copier, each with a user name tacked onto the end, and setup all the lockprint settings that we had set when we were using the fat client.  Unfortunately, the ERP software seems to bypass the settings on the server and prints the jobs as if nothing was done to try and stop it.

Our server is a 2K8 r2 and the printers are installed on the server as well.

Thanks,

Matt

Selected users are connected to a Windows Server 2008 R2 running Remote Desktop Services, with Office 2007.  When they select Tools, Send/Receive, Download Address Book (Full Details) within Outlook, the process also deletes the contents of their .nk2 file.  How can I download the updated Offline Address Book without it removing the contents of their .NK2 file ??

Thank you,

David

Dobrý den,

potřebuji poradit, mám tiskárnu Bixolon (na účtečnky) ta mi přez RDP a Terminal Services Easy Print tiskne, v GPO povoleno... Ale připojil jsem tiskárnu HP1217nfw a nejde z ní tisknout ani zkušební stráku chyba 000x3e3, už doopravdy nevím co s tím.

WS 2008 + Win XP

Díky za rady, pročetl jsem hodně, ale řešení nenašel.

• RDP server: XP SP3 + all MS updates & AVAST antivirus (home desktop)
  
• RDP client: Win7 Enterprise SP1 (work laptop)
  
• Both machines on home intranet, both password protected, RDP is enabled on both
• RDP has worked fine, for 2 years, until two weeks ago...

Unexpectedly got XP (server) BSOD { STOP 0x0000007E (0xC0000005, 0x00000000, 0xAE0531A8, 0xAE052EA4) } on trying to paste a 1 kB text file, copied from Win7 (client), into the XP file explorer. Minidmp file says rdpdr.sys as the culprit:

rdpdr.sys rdpdr.sys+13f18 0xb821f000 0xb824ee80 0x0002fe80 0x480251d2 4/13/2008 2:32:50 PM

After trying many things (not mapping disk drives, deleting printers, etc.), I pulled out all disks from the XP box and did a clean installation (new disk) of XP SP3 + updates + AVAST. STILL get BSOD, *always* upon cut, paste, or clicking on a mapped drive in file explorer. (Yes, I've boot-scanned for viruses, etc: clean). At least the BSOD is reproducible!

I am sure it's not hardware: 1. It used to work just fine. 2. RDP works *in every respect*in the XP_client-to-Win7_server direction (including copy/paste, & drive mapping). 3. RDP works in every respect *except for copy/paste operations* in the Win7_client-to-XP_server direction. On this last point, I can use RDP for hours, as long as I don't try to save or open a file (e.g., I can run regedit, mmc, text editor, web browser --- you name it --- as long as I don't get a file dialog, or if I do get a dialog, I just cancel out of it).

I tried installing the latest rdpdr.sys file for XP (that I could access; KB972422, ver. 5.1.2600.5875, 4-SEP-2009). It made no difference. BSOD still says rdpdr.sys is the culprit (though some of the parameter addresses are different.) Although RDP using the old XP client was working fine, I also tried upgrading to XP's ver. 7 RDP client (KB969084; CredSSP [KB951608] enabled). This made no difference (not that I thought it would).

Lastly, the Win7 System Administrator (it's my work computer) recently made, but then (supposedly) backed-out the following GPO:

Windows Components/Remote Desktop Services/Remote Desktop Session Host/Device and Resource Redirection
Policy                                          Setting
Allow audio recording redirection    Disabled    
Do not allow clipboard redirection   Enabled    
Do not allow COM port redirection  Enabled    
Do not allow drive redirection         Enabled    
Do not allow LPT port redirection    Enabled    
Do not allow supported Plug and Play device redirection    Enabled

Is it possible that this GPO is the culprit (assuming, for a moment, that it wasn't actually backed-out)? If so, shouldn't RDP from XP client to Win7 server also be failing (or error message? or just do nothing?) on copy/paste?

BOTTOM LINE: Tearing my hair out over unidirectional RDP-causing-XP-BSOD! Ideas?

Hi,

I have a 2012 RDS server setup.  I also have a java base web application that is launch through Internet explorer via webpage.  When I am on the physical machine via MSTSC client, I am able to visit the launch page that allow me to launch the java base software.  The webpage is program to check for the java runtime.  However, when I am trying to connect via RDWEB, I am able to browse the page but it not detecting the java runtime.  However, under the add on, the java runtime is enabled. 

Additional background:

1.  I am using the same users for testing. 

2.  during the remoteapp setup, I publish the Iexplore.exe from the program file directory. 

3. I have installed both 32 bits and 64bits Java runtime.

Any help would be appreciated. 

Update: when I add the user to the local Administration Group of the RDS server, I am able to launch the page.  how do I overcome this without give every RDS users administration right?

I am getting the following error on  a workgroup server when adding terminal services role:

Terminal Services: Installation succeeded with errors

<u5:p> </u5:p>

Hello everyone,

I am having an issue logging on to our connection broker farm. The farm will require me to enter my credentials two, and sometimes three times. I cannot find the solution to this problem on the net, since almost every post regarding double logons on server farms discusses enabling credssp on windows xp workstations, whereas my issue happens on every client (including windows 7, and thin clients with credssp/nla support).

When I login to my farm, the remote desktop client first asks me for my credentials before connecting. If I try to login with incorrect credentials, it will immediately say "login failed". If I enter correct credentials the client will connect, but I will get a login screen from the server. If I login there I will sometimes get yet another login screen, presumably because I'm being redirected to another server in the farm.

The servers are a windows 2008r2 domaincontroller, which also acts as the session broker, two windows 2008r2 remote desktop hostservers, which are added to farm managed by our sessionbroker, and another windows 2008r2 domaincontroller. The clients are mostly windows 7 machines (not joined to the domain) and Wyse thinos 7 clients. All exhibit the double logon problem.

I tried forcing NLA on the host servers, which did not solve the issue. Also I tried to enable credential delegation on the terminal servers via group policy setting. No luck.

Event viewer does not list any meaningfull errors or messages.

When I turn on netlogon debugging, I get the output attached at the end of this message. No obvious errors there as far as I can tell.

What can I do to solve this issue, and/or where can I find more information on debugging the logon process?

Thanks in advance!

--

Rien Broekstra

----------------8<----------------------

   1.
      02/03 16:06:43 [MISC] DbFlag is set to ffff
   2.
      02/03 16:06:45 [INIT] Group Policy is not defined for Netlogon
   3.
      02/03 16:06:45 [INIT] Following are the effective values after parsing
   4.
      02/03 16:08:12 [SESSION] I_NetLogonGetAuthData called: (null) mydomain (Flags 0x1) 
   5.
      02/03 16:08:12 [SESSION] I_NetLogonGetAuthData called: (null) mydomain (Flags 0x1) 
   6.
      02/03 16:08:33 [LOGON] SamLogon: Network logon of mydomain\rien from STEAKDIANE Entered
   7.
      02/03 16:08:33 [LOGON] SamLogon: Network logon of mydomain\rien from STEAKDIANE Returns 0x0
   8.
      02/03 16:08:34 [LOGON] SamLogon: Network logon of mydomain\rien from STEAKDIANE Entered
   9.
      02/03 16:08:34 [LOGON] SamLogon: Network logon of mydomain\rien from STEAKDIANE Returns 0x0
  10.
      02/03 16:08:38 [MISC] DsGetDcName function called: Dom:mydomain Acct:(null) Flags: RET_DNS
  11.
      02/03 16:08:38 [MISC] NetpDcInitializeContext: DSGETDC_VALID_FLAGS is c01ffff1
  12.
      02/03 16:08:38 [MISC] NetpDcGetName: ad.mydomain.tld. using cached information
  13.
      02/03 16:08:38 [MISC] DsGetDcName function returns 0: Dom:mydomain Acct:(null) Flags: RET_DNS
  14.
      02/03 16:08:38 [MISC] DsGetDcName function called: Dom:mydomain Acct:(null) Flags: NETBIOS RET_DNS
  15.
      02/03 16:08:38 [MISC] NetpDcInitializeContext: DSGETDC_VALID_FLAGS is c01ffff1
  16.
      02/03 16:08:38 [MISC] NetpDcGetName: ad.mydomain.tld. using cached information
  17.
      02/03 16:08:38 [MISC] DsGetDcName function returns 0: Dom:mydomain Acct:(null) Flags: NETBIOS RET_DNS
  18.
      02/03 16:08:38 [MISC] DsGetDcName function called: Dom:mydomain Acct:(null) Flags: DS NETBIOS RET_DNS
  19.
      02/03 16:08:38 [MISC] NetpDcInitializeContext: DSGETDC_VALID_FLAGS is c01ffff1
  20.
      02/03 16:08:38 [MISC] NetpDcGetName: ad.mydomain.tld. using cached information
  21.
      02/03 16:08:38 [MISC] DsGetDcName function returns 0: Dom:mydomain Acct:(null) Flags: DS NETBIOS RET_DNS
  22.
      02/03 16:08:38 [MISC] DsrEnumerateDomainTrusts: Called, Flags = 0x1
  23.
      02/03 16:08:38 [MISC] mydomain: DsrEnumerateDomainTrusts: Domain List collected from \\ALUMINIUM.ad.mydomain.tld
  24.
      02/03 16:08:38 [DOMAIN] Setting LSA NetbiosDomain: mydomain DnsDomain: ad.mydomain.tld. DnsTree: ad.mydomain.tld. DomainGuid:8147dc44-60b8-415c-ba0f-16a766013191
  25.
      02/03 16:08:38 [LOGON] NlSetForestTrustList: New trusted domain list:
  26.
      02/03 16:08:38 [LOGON]     0: mydomain ad.mydomain.tld (NT 5) (Forest Tree Root) (Primary Domain) (Native)
  27.
      02/03 16:08:38 [LOGON]        Dom Guid: 8147dc44-60b8-415c-ba0f-16a766013191
  28.
      02/03 16:08:38 [LOGON]        Dom Sid: S-1-5-21-3123937195-2119858977-960326834
  29.
      02/03 16:08:38 [MISC] DsrEnumerateDomainTrusts: returns: 0
  30.
      02/03 16:08:43 [MISC] DsGetDcName function called: Dom:mydomain Acct:(null) Flags: DS NETBIOS RET_DNS
  31.
      02/03 16:08:43 [MISC] NetpDcInitializeContext: DSGETDC_VALID_FLAGS is c01ffff1
  32.
      02/03 16:08:43 [MISC] NetpDcGetName: ad.mydomain.tld. using cached information
  33.
      02/03 16:08:43 [MISC] DsGetDcName function returns 0: Dom:mydomain Acct:(null) Flags: DS NETBIOS RET_DNS
  34.
      02/03 16:08:43 [MISC] DsrEnumerateDomainTrusts: Called, Flags = 0x1
  35.
      02/03 16:08:43 [MISC] DsrEnumerateDomainTrusts: returns: 0
  36.
      02/03 16:08:43 [MISC] DsGetDcName function called: Dom:AD.mydomain.tld Acct:(null) Flags: DS RET_DNS
  37.
      02/03 16:08:43 [MISC] NetpDcInitializeContext: DSGETDC_VALID_FLAGS is c01ffff1
  38.
      02/03 16:08:43 [MISC] NetpDcGetName: AD.mydomain.tld using cached information
  39.
      02/03 16:08:43 [MISC] DsGetDcName function returns 0: Dom:AD.mydomain.tld Acct:(null) Flags: DS RET_DNS
  40.
      02/03 16:08:43 [MISC] DsGetDcName function called: Dom:INDIUM Acct:(null) Flags: DS NETBIOS RET_DNS
  41.
      02/03 16:08:43 [MISC] NetpDcInitializeContext: DSGETDC_VALID_FLAGS is c01ffff1
  42.
      02/03 16:08:43 [MAILSLOT] Sent 'Sam Logon' message to INDIUM[1C] on all transports.
  43.
      02/03 16:08:43 [MISC] DsGetDcName function called: Dom:GALLIUM.ad.mydomain.tld Acct:(null) Flags: LDAPONLY RET_DNS
  44.
      02/03 16:08:43 [MISC] NetpDcInitializeContext: DSGETDC_VALID_FLAGS is c01ffff1
  45.
      02/03 16:08:43 [CRITICAL] NetpDcGetNameIp: GALLIUM.ad.mydomain.tld: No data returned from DnsQuery.
  46.
      02/03 16:08:43 [MISC] NetpDcGetName: NetpDcGetNameIp returned 1355
  47.
      02/03 16:08:43 [CRITICAL] NetpDcGetName: GALLIUM.ad.mydomain.tld: IP and Netbios are both done.
  48.
      02/03 16:08:43 [MISC] DsGetDcName function returns 1355: Dom:GALLIUM.ad.mydomain.tld Acct:(null) Flags: LDAPONLY RET_DNS
  49.
      02/03 16:08:43 [SITE] DsrGetSiteName: Site name 'Default-First-Site-Name' is old. Getting a new one from DC.
  50.
      02/03 16:08:43 [MISC] NetpDcInitializeContext: DSGETDC_VALID_FLAGS is c01ffff1
  51.
      02/03 16:08:43 [MAILSLOT] NetpDcPingListIp: ad.mydomain.tld.: Sent UDP ping to 10.7.1.36
  52.
      02/03 16:08:43 [MISC] NlPingDcNameWithContext: Sent 1/1 ldap pings to ALUMINIUM.ad.mydomain.tld
  53.
      02/03 16:08:43 [MISC] NlPingDcNameWithContext: ALUMINIUM.ad.mydomain.tld responded over IP.
  54.
      02/03 16:08:43 [PERF] NlSetServerClientSession: Not changing connection (0000000000388778): "\\ALUMINIUM.ad.mydomain.tld"
  55.
          ClientSession: 00000000003A76C0DsGetDcName function called: Dom:ad.mydomain.tld Acct:(null) Flags: LDAPONLY RET_DNS
  56.
      02/03 16:08:43 [MISC] NetpDcInitializeContext: DSGETDC_VALID_FLAGS is c01ffff1
  57.
      02/03 16:08:43 [MISC] NetpDcGetName: ad.mydomain.tld using cached information
  58.
      02/03 16:08:43 [MISC] DsGetDcName function returns 0: Dom:ad.mydomain.tld Acct:(null) Flags: LDAPONLY RET_DNS
  59.
      02/03 16:08:44 [SESSION] I_NetLogonGetAuthData called: (null) ad.mydomain.tld (Flags 0x1) 
  60.
      02/03 16:08:45 [CRITICAL] NetpDcGetNameNetbios: INDIUM: Cannot NlBrowserSendDatagram. (1C) 53
  61.
      02/03 16:08:45 [MISC] NetpDcGetName: NetpDcGetNameNetbios returned 1355
  62.
      02/03 16:08:45 [CRITICAL] NetpDcGetName: INDIUM: IP and Netbios are both done.
  63.
      02/03 16:08:45 [MISC] DsGetDcName function returns 1355: Dom:INDIUM Acct:(null) Flags: DS NETBIOS RET_DNS

Hi all,

Cannot figure this out. Here is the scenario.

1. User creates a file on a shared mapped drive on the local computer eg \\server\shared\newfile.txt

2. They also have an open RDP session on their desktop to another computer which also has the same mapped shared drive \\server\shared\

3. On the RDP session they cannot see the new file that was just created sitting under \\server\shared, even if they refresh the folder.

4. They need to log off the RDP session and then log back in to be able to see the new file under \\server\shared.

This user needs to create a lot of files locally and access the files from the RDP session immediately, so they have to log off each time to see the files (very annoying for them).

If anyone can help, that would be great!

Peter.

I am having trouble setting up Remote Desktop for our Windows 2008r2 server that is also a domain controller. I can login to the system as an administrator but a normal domain user gets the error "The connection was denied because the user account is not authorized for the remote login." I have looked into every policy and setting I could find to make sure the user has rights to connect. 

The "Allow log on through Remote Desktop Services" is enabled and the group the user is in has been added/

The "Allow users to connect remotely using Remote Desktop Services" is enabled.

Remote desktop role and licensing services are installed on the server. (I do not have the cals installed yet but I am still under the grace period, and wouldn't I get a different error if that was an issue?)

I do not see any event error logs.

Hi all,

This one is driving me NUTS! The problem itself is when I go to connect to a session host using a web access server I get the error in the title.  This is only happening to some of my session hosts and not all.  I have compared them and can't find a single difference.  I also cant find anything useful in the event logs about this.  Below is my setup.

A full RDS environment using all Windows Server 2012 Data Center.  Nothing 2008 R2.  All Clean installs.

I have 6 servers a VM's split evenly between 2 ESXi 5.1 Hosts.
1. MP-RDP-CB1.inucoda.net (Connection Broker 1)
2. MP-RDP-CB2.inucoda.net (Connection Broker 2)
3. MP-RDP-GW1.inucoda.net (Gateway Server 1)
4. MP-RDP-GW2.inucoda.net (Gateway Server 2)
5. MP-RDP-WA1.inucoda.net (Web Access Server 1)
6. MP-RDP-WA2.inucoda.net (Web Access Server 2)

inucoda.net is an network that is the Domain that all servers are joined to via 2 Domain Controllers splits between each ESXi Host.
My outside domain that you can get to from the web is ucoda.net

The connection brokers have all servers used including session hosts added to the server pool and are configured in HA mode. They use a SQL Server 2012 Fail-over cluster that is on a separate set of VMs for their database and the DNS is configured as round robin. MP-RDP-CB.inucoda.net.  There are two entries of this each with one of the two IPs of the CB1 and CB2 servers.

On each CB server there is a RDS License server role installed with CALs installed and activated/registered. Both LIC servers have been added to the RDS deployment properties.

The GW servers each have the NLB role installed with an extra network adepter for NLB use. There is a DNS name of MP-RDP-GW.inucoda.net that points to the NLB IP of the GW Cluster.  Also both GW servers were added to the GW Server Farm part of the the GW properties.  

The WA servers are also in a NLB Cluster with an extra adapter and a DNS of MP-RDP-WA.inucoda.net pointing to the NLB IP.

Up steam from our inside Windows Domain at our ISP level there is a DNS entry of MP-RDP-WA.ucdoa.net and it points to the NLB IP of the WA NLB Cluster.  (This is not a public IP, we require you be on our VPN to be able to access the IP).

For certificates we have a Comodo issued wildcard of *.ucoda.net with the corresponding Comodo Root Trust and Intermediate Certs. We also have a wildcard *.inucoda.net created by our inside CA.

The *.inucoda.net cert is used for the CB SSO, CB Publishing, and GW while the *.ucoda.net cert is used for the WA.

All session hosts have been configured to use the *.inucoda.net for their RDP sessions.

I can confirm that the *ucoda.net cert is used for the WA part and all other parts are reporting the *inucoda.net, all with no errors or warnings.

For each session collection only one session host is used with no apps, (just RDP).  Security is set to only use NLA, SSL 1.0, High.

On each session host I have verified that the *inucoda and *ucoda certs are installed and the internal CA and Comodo CA/Intermediate CA is installed in the correct stores.  I have also verified that COM Security has the domain\TS Web Access group set with full perms for the Access and Launch/Activation. Also for WMI  Root\CMIV2\TermicalServcies Security has the domain\Ts Web Access group set with full perms. Lastly each group/user that has access to RDS is listed in the Remote Desktop users.

I've checked that both WA servers are listed in the TS Web Access group.

The GW servers RAS/RAP policies are set to be pretty open for testing with using any port, any network resource, and Domain Users and Domain Admins listed.

I have been trying to connect with Windows 8 and Windows 7 clients as the domain\administrator account.  Some of my session hosts connect fine and other don't .  It's always the same ones that connect and don't connect.  I can't find any difference  between the.   I've also blown away my entire RDS and started over with just a 3 server single node model with no NLB or RR DNS and the same exact error happens on certain servers.  I have sense gone back to the 6 server setup described here and again the same error on the same session hosts.

I have also tried Negotiate and RDS Compatible and disabling NLA only for security.  No change.  Now here is the interesting part. If I remove GW servers from RDS by just saying not to use them (not actually uninstalling them or anything), all session hosts connect just fine every time.  When I first did my RDS setup I got he same error with code 0x607 for every connection attempt and found i had to set the RAS/RAP to use any network resource instead of Domain Computers.  However, it is currently set like that and some still don't connect.   So it works with out the GW servers just fine.  It also works without them in the 6 node setup as well as the 3 node setup. 

I don't want to use it without the GW servers because since I am using all inside subnets with a VPN I have to add the CB IP/Name to my host file or it will not resolve and give an error about reaching the Connection Broker. Because I want to use a HA setup this is no good as there are two servers for it.  That's why I use the NLB IP of the WA and publish it with outside DNS with our ISP. 

Any ideas at all??

Thanks,
Chris

I don't want to cloud the discussion with the mention of Citrix, so I won't.

I've installed Office Professional 2010 with volume license on an RDS-enabled server image.

I reseal the image and deploy it to my server VMs.  Although I've run Office (initiating the "Configuration Process") once before "resealing" the image, as soon as I run it again (just for the first time) on the provisioned VM, the"Configuration Process" runs again, but only once.

If I have to modify and reseal the image, as soon as I run it on a provisioned VM, the "Configuration Process" runs again, but just the first time on each of the provisioned servers.

I want to avoid the RDS client users from encountering this "Configuration Process" if they happen to be the first to launch an Office product from the newly provisioned server using the resealed image.

David

This is the setup

2012 server

windows 8 Client

Group Policy sets the Default Connection URL

If I log on to the windows 8 client with an account that is part of the local administrators group it works.  The start screen is updated with Work Resources and if you launch an apps.

If I log on to the windows 8 client as normal user it doesn't work.  The start screen is not updated with Work Resources/apps.  I have looked in the registry and the policy is setting the Default URL Location for the user that doesn't have admin rights.  I have checked "Control Panel/RemoteApp and Desktop Connections" and there isn't anything listed.  If I give the user admin right and log back in it will work.

Is there some service or app this is not starting for the basic user?

Any ideas what would cause this and the next place I should look?

Thanks