I help manage a hosted server for 20+ customers and everything works fine for the remote sessions of 700+ users for weeks and then every so often local drives and local printers are suddenly not showing up in the remote session. So far the only
solution I have found that works is to reboot the server. I have done web searches for possible causes and tried restarting various services and nothing ever does any good other than a reboot. Obviously GPO and RDP configurations have not changed.
At the same time the server manager cannot connect to the RD Connection Broker yet just restarting all the RDP services does no good. So the reboot is obviously doing something that so far I can't figure out how to do manually and it would
be great to find and fix the cause to prevent it from happening at all. I realize this could just be something in Server 2012 that MS needs to fix, but if anyone has experienced this and found a definite solution to this problem please advise.
↧
Server 2012 suddenly stops creating RDP redirection for printers and drives
↧
Problems with User Remote Desktop Home Folder not mapping
I have 2 forests with an External Trust configured between them. Trust works perfectly for Authentication and DNS resolution. Using a MS Internal CA for RDS certs (actually seems to be working). The RDS Farm is 2 servers running 2016 w/ Gateway on RDS1. I can login and launch the appropriate applications successfully. All of that is working great. Client Local Drives and Printers map successfully.
My Problem.
I need a Home Folder (H Drive) to map to a share in the hosting domain (trusting domain). I have set Group Policy Computer config to map the H drive. I have GPO Loopback Processing enabled as well as Apply Trusted Domain GPOs.
.
What am i missing? It will NOT map the H drive.
↧
↧
WindowsServer 2016 RDS CertPropSvc error
One of our customers has the following problem:
If a user using a smart card logs on to the terminal server, the CertPropSvc has an error.
Then the "User Profile Service" restarts.
After that, all other users are only logged in with temporary profiles.
The problem first appeared after the following Windows Server 2016 updates were installed:
- KB4091664 (2018-09 Update for Windows Server 2016 for x64-based Systems)
- KB4487038 (2019-02 Security Update for Adobe Flash Player for Windows Server 2016 for x64-based Systems)
- KB4485447 (2019-02 Servicing Stack Update for Windows Server 2016 for x64-based Systems)
- KB4487026 (2019-02 Cumulative Update for Windows Server 2016 for x64-based Systems)
After we noticed the error, the following update was installed:
- KB4487006 (2019-02 Cumulative Update for Windows Server 2016 for x64-based Systems)
However, this did not improve the situation.
At first only one of the servers was affected by the error as it was the only one that got the updates installed.
But the other ones got the same problem after installing the updates.
We currently needed to disable smartcard redirection for the affected rds farm and would
Event Viewer:
- 07:28:40 -> User logs on with the smartcard connected via usb (and smartcard enabled on the rds-server)
- 07:28:46 -> CertPropSvc error #1
- 07:28:47 -> desktopshellext.dll / sihost.exe error
- 07:27:47 -> user profile service restart
- 07:28:57 -> twinui.dll / explorer.exe error
- 07:29:33 -> user profile service logging in a user with a temporary profile
CertPropSvc Error:
Event 1000, Application Error
- Faulting application name: svchost.exe_CertPropSvc, version: 10.0.14393.0, time stamp: 0x57899b1c
Faulting module name: ntdll.dll, version: 10.0.14393.2608, time stamp: 0x5bd133d4
Exception code: 0xc0000008
Fault offset: 0x00000000000a975a
Faulting process id: 0x47c
Faulting application start time: 0x01d4d1f5f8b67d6b
Faulting application path: C:\Windows\system32\svchost.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 35e736e3-1a95-4370-8182-06acccf78d28
Faulting package full name:
Faulting package-relative application ID:
Event 1001, Windows Error Reporting
- Fault bucket , type 0
Event Name: APPCRASH
Response: Not available
Cab Id: 0
Problem signature:
P1: svchost.exe_CertPropSvc
P2: 10.0.14393.0
P3: 57899b1c
P4: ntdll.dll
P5: 10.0.14393.2608
P6: 5bd133d4
P7: c0000008
P8: 00000000000a975a
P9:
P10:
Attached files:
These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_Cert_26a6b2b3886758ea49d9b56135f8ec6a67e4e8_4de58e77_7009cbd6
Analysis symbol:
Rechecking for solution: 0
Report Id: 35e736e3-1a95-4370-8182-06acccf78d28
Report Status: 4
Hashed bucket:
User Profile Service:
Event 1531, User Profile Service
- The User Profile Service has started successfully.
I could provide other logs if needed.
↧
Issue with creating account for RD.
I have Windows 2008 R2 server with Network level authentication enabled. I can use remote desktop it by administrator account normally. I created a user account and assigned to administrator group. However, I can use remote desktop to connect it by the user account, the error message is
We couldn't connect to the remote PC. This might be due to an expired password. If this keeps happening, contact your network administrator for assistance.
Error code: 0x207"
However, once I disable Network level authentication, the user account can be used to remote it. Is there any way to fix it?
↧
mstsc crash
I have a problem with mstsc.
I run the mstsc in the HP thin clint to login the server remotely,but it doesn't work. The detail problem is shown as follows.
Problem name:APPCRACH
APP name:mstsc.exe
6.3.9600.16415
524b4de4
mstscax.dll
6.3.9600.16415
52901 d9b
c0000005
T he os is wes 7 in thin clint and server 2012 in server.
↧
↧
Set local installed printer as default for all users
Hi,
For some reason I had to install a local printer queue on my Windows Server 2016 XENAPP server. We use RES Workspace Manager as well.
Now i can set a network printer as default, but how can i achieve this with a local printer queue?
↧
One session, multiple processes
Hay,
i'm trying to move my application to work as RA.
When a user is login to the RA he go to the Broker, from the Broker he go to the Remote Application server.
I can see the user login to the Application Server and the application open on his PC.
When he try to run the same application again I can see that in the Remote Application server open one more session(The same user is login twice... and the application process runs one time in each session)
How can I make the RA "understand" that the user is already login and just to start the process in the same session?
↧
Local user connected through Remote Gateway Server
Hello Everyone,
I recently took over our Remote Desktop Services and am trying to familiarize myself with it. I am noticing that some of our users while on the local network connect through the gateway server. I noticed some of them are Mac users and use the MS RDP client to connect to Remote Desktop Services. I realized that the latest update of the client forces users to go through the gateway no matter if they are on the local network or at home. Where the RDP client before the latest update didn't do that.
Also, I have a few windows users going through the remote gateway server when they are on the local network. I am not able to explain why that is happening. If someone could help me understand that it will be greatly appreciated.
Third I have noticed after the last windows updates the shift key when opening an Acess database is no longer working when using Remote Desktop. Is there a workaround for opening the Access database using the shift key?
Thank you,
Vince
↧
Task manager user control prompting for password
Hello,
I got a problem concerning Windows Server 2019 RDC. No matter how we configure the GPO, we can't connect to users over the Task Manager without the password prompt. Got any ideas how to work around that? Both I and my colleague are Administrators on the network and got all permissions.
I know you can shadow people over the RDC manger tool, but the user we're trying to have assist with insists to doing it over task manager...
I got a problem concerning Windows Server 2019 RDC. No matter how we configure the GPO, we can't connect to users over the Task Manager without the password prompt. Got any ideas how to work around that? Both I and my colleague are Administrators on the network and got all permissions.
I know you can shadow people over the RDC manger tool, but the user we're trying to have assist with insists to doing it over task manager...
↧
↧
Roaming profile users getting temporary profile message
Several users across two different terminal servers are being forced into using a temporary profile. I have no way of knowing if they are logging off (despite continued re-education) or if they are just disconnecting, leaving the session to be interrupted later. The only way I've found to fix it is to reboot the Terminal server.
If I check regedit under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList, I don't see a .bak. I can sometimes see the ProfileImagePath is to a temp folder.
The users have a roaming profile that's saved to the fileserver upon logoff. I can get into the folder, but if I try to go to a sub folder, I don't (as a domain admin) suddenly have access. So the profile server isn't able to do anything either. I could probably TAKEOWN on the folder, but that's not telling me what's causing this issue.
Is there anyway to fix this without rebooting? Also, what could be causing this? We've had more in the past 3 months than since I've started working here.
Ben Rollman
↧
Printing Issue with Remote Desktop
2012 R2 is the OS. Client machines range from Windows 7 to Windows 10. We have some recent reports lately that when users go to print it looks like
it's passing through but doesn't print. Same users on the server can print. We noticed this started after recent updates. Is there an update that cause this issue? I am noticing more on one machine than the others but still an issue.
↧
Azure MFA only for external users coming from RD Gateway and no MFA for internal Users
Team,
Thanks in advance, I've configured RDS environment with session host, web access, connection broker and a RD gateway server.
I've enabled MFA calling through Azure MFA Server using the below link which Microsoft suggests. But I wanted MFA calling for external users and not when users coming from internal IPs.
In MFA console we have trusted IPs tab where we have to put in the users IP or IP range, but here as the authentication is sent by the RD gateway server everything is ignored by the MFA server and for internal users as well I'm getting MFA Calling.
Has anybody tried it before? This cannot be achieved through Azure MFA but can be achieved through NPS policies but unable to achieve it.
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfaserver-nps-rdg
↧
Black Screen on Windows Server 2016 RDS
Running Windows Server 2016 Remote Desktop Services (session-based desktops).
Multiple session host servers, one DC, all running as VMs under Citrix XenServer 7.1. The servers are fully updated to present time as of 7 March 2019.
Every few days a user reports that after logging in to an RDS session he does not see his desktop but sees a black screen. When this happens, I can see that some users on that same RDS server still have their session working normally, but every user logging in after this also gets this black screen.
There are numerous references to this problem on the internet. It is apparently occuring since Server 2012 and has never been fixed.
Some people recommend to restart the Windows Audio service. Does not help in my case, never does when it happens to me. Other recommendations were to remove Firefox browser from the RDS session host servers. I did that two months ago and it seemed to help for one week but then it came back. I have not found any other recommendation - there seems to be simply no solution, except restarting that RDS session host server, which is a major inconvenience, it throws out the other users which still work, it takes 10 minutes or more to restart that server, and it can only be done manually. Most often it has to be force-restarted on top of it, as the server is totally unresponsive, and then some users may loose their user profile. Then I have to delete that user and recreate his user profile. Major trouble.
In the last few months I have rebuilt all RDS session host servers from scratch - total new installation, all updates, totally clean. It STILL happens.
The only applications installed on the RDSH servers are Chrome browser, Thunderbird email client, Libre-Office.
From what I can find on the internet this problem occurs since the release of Windows Server 2012. This is seven years ago. I do not know if this happens to everyone, but there seems to be no common denominator from what I can find, it seems to happens on all sorts of environments, pointing to a bug within Windows Server itself.
Is there ANYTHING I can do about this?
WHEN IS THIS GOING TO GET FIXED? THIS IS A PROBLEM SINCE 2012 - 7 YEARS! WHICH COMPANY CAN AFFORD TO NOT FIX A GLARING BUG IN THEIR SOFTWARE FOR SEVEN YEARS? THE LICENSES ARE EXPENSIVE AND THEN IT DOES NOT EVEN WORK.
I keep researching for non-Microsoft solutions for RDS type because I simply cannot tolerate non-functional software. To the users it looks like it is me as admin who is not doing his job!
Atradius
↧
↧
2012 Server RDSWEB - Certificate mismatch error
I've seen this error discussed, but need little more detail. I want to understand how to create RDS Farms with correct initial settings to avoid this.
When clicking on a Remote Desktop Icon for a remote collection (Sage_Sales). I enter my credentials and see this dialog.
Then I see this warning about the certificate mismatch.
Then I see this error if I click [Yes]
Can someone explain why each dialog/error is displayed?
I want to be able to look back at this thread, and correct my configurations.
Regards
↧
Domain A (ADFS) Authentication to Domain B(RDS) with no domain trust
Hi,
Hoping someone could answer my question. We have a customer on Domain A currently with a domain trust to our environment Domain B, we host an RDS collection and they authenticate with their Domain A credentials to be able to access their Remote Apps over a site-to-site VPN. They wish to remove the Two-Way domain trust now and suggested using ADFS for authentication.
Is this possible? Without a domain trust how can we authenticate their users to our environment without their users needing to log in multiple times?
Thanks
C
↧
Can a computer be added to RD Gateway Local Computer group using Powershell?
Hi,
Is it possible to add a computer to a local computer group in RD Gateway using Powershell commands.
I want to be able to do this via a script e.g.
import-module RemoteDesktopServices
cd RDS:
cd GatewayServer
cd GatewayManagedComputerGroups
cd "<resource group name>"
cd computers
However if I DIR at this level the Permissble Options are only Get-Item or Remove-Item.Is there a way adding a computer using similar commands another way that I could automate this process?
Many thanks.
Scott.
Scott S.
↧
Using a wildcard cert for remote desktop servers
Hello everyone!
Please note: All the servers in this case are WS2008r2 unless otherwise stated.
I've got a client whose active directory domain is let's say "int.domain.com". However the only 3rd party ssl cert I have to work with is a wildcard certificate for "*domain.com".
When users connect to the remote desktop service, ie they connect via rds.domain.com - they initially get the wildcard certificate, but when they are then directed to the individual remote desktop servers, they get an error because they then receive the self signed cert for the servers - rds1.int.domain.com and rds2.int.domain.com.
I've added the hostnames for rds1 and rds2 to the domain.com DNS on my domain controller, so that rds1.domain.com points to the IP address of rds1.int.domain.com etc.
I need a way of getting the rds service to use the rds1.domain.com and rds2.domain.com dns names so I can authenticate them using the wildcard cert.
Is this possible!?
↧
↧
Server 2016 RDS Farm Certificate
Getting to where I HATE certs.
2 node 2016 RDS farm. Generated a SAN cert from my MS CA. It contains common name *.xxx.xxx. The SAN names are the Farm FQDN and the FQDN of both servers.
Imported this into the Server Manager RDS Deployment Properties successfully.
It WORKED properly after I imported those 2 certs that afternoon, several times.
Then, the next day, the 2nd server (not the first) decided it would use the Self-Signed RDS cert it has rather than the SAN cert assigned the previous day.
So, I have 1 server (which is a Gateway and session host) use the SAN cert, but the 2nd (session host only) uses a self-signed.
WHY? Any suggestions on how to fix?
↧
2012 RDS Collections and Domain Groups
I have an rds farm with three rds_host servers. I have defined three domain user groups for sage_sales, sage_admin and sage_outside.
I have three collections pointing to the three rds host servers; sage_sales, sage_admin and sage_outside.
In my tests:
When I setup a user Joe in the Domain user manager, and make him a member of the sage_admin group, he can log into the RDWEB portal by entering his domain.user/password and clicking sign in. He is presented with the collection icon as shown below.
Clicking on the Sage_Admin icon takes the user to a successful remote session on the correct rds host configured for sage_admin users.
When my test user Joe is a member of two groups (sales_group and admin_group), he is presented with two collection icons after signing into the rdweb portal as shown below:
However Joe can only connect using the Sage_Admin icon. When clicking the Sage_Sales icon, the following error dialog is displayed.
What is happening here? I can't find any difference in the group rights.
Does the Set Primary Group in the Domain User settings effect which icons are available in an rdweb session?
Comments on these configuration options would help. What a battle!!
↧
Collections tab missing under my profile for Remote Desktop Services
When I log in RDS servers to try and publish applications to RD Web Access. The Collection tab is missing under my profile. Other users log into the server and the Collection tab is visible. Does anyone know the fix for this?
↧