Quantcast
Channel: Remote Desktop Services (Terminal Services) forum
Viewing all 27765 articles
Browse latest View live

Azure RDS HTML5 Web Client Unable to Access Gateway

May 3, 2019, 3:49 pm
$
0
0

We have a RDS (Remote Desktop Services) deployment, and recently went through the process of installing the HTML5 web client as per the directions at:

https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/remote-desktop-web-client-admin

Our deployment is hosted on domain A, which has an active directory instance. There is also domain B with its own active directory instance, there is a two way trust between the two.

The problem we are having is that the traditional RD Web Access works fine for all users, but when users from domain B log on to the HTML 5 web client and try to open an app they get a message "We couldn't connect to the gateway because of an error". At the same time the browser console shows the following error:

Connection(ERR): The connection generated an internal exception with disconnect code=GatewayProtocolError(52), extended code=, reason=Gateway tunnel authorization failed with error code=2147965403

During troubleshooting we’ve tried:

  • Verified that required ports are opened.
  • Disabling all firewalls between gateways, brokers, and session hosts – same error.
  • Re-applied the publicly trusted cert to the HTML5 client (via Import-RDWebClientBrokerCert) – same error
  • Verified that the proper cert was bound to the HTML5 client – same error.
  • Enabled NTLM by setting the GPO: Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> Network Security: Restrict NTLM: NTLM Authentication in this domain. To “Disable” (within same domain as RDP) – same error.
  • Ran regsvr32 wksprtps.dll (dll was already registered, but tried it anyway)
  • Verified that the required KB4025334 from July of last year was installed or not necessary (OS was up to date)

Any ideas on other areas we can look at?

Search

2019 RDSH - not able reconnect to Disconnected session, every time new session (with fSingleSessionPerUser=0)

May 3, 2019, 10:46 am
$
0
0

Hello colleagues

When we are doing such config (enable multiple sessions per user):

Computer Configuration\ Administrative Templates\ Windows Components\ Remote Desktop Services\ Remote Desktop Session Host\ Connections

Restrict Remote Desktop Services users to a single Remote Desktop Services session     Disabled

We are not able to reconnect to any disconnected session that was running previously.

It seems that it was mentioned here for Inside build, but we have same...

https://techcommunity.microsoft.com/t5/Windows-Server-Insiders/Bug-no-reconnect-to-disconnected-session-with/m-p/282056/highlight/false#M829

Any solutions for this problem?

Regards,

Sergii V

batch file issue

May 3, 2019, 6:09 am
$
0
0

Hey

I have a few creative studens, who bypassed the blocking of cmd, and created some batch file.

One of them give the access to whole path c:/ trough the file explore .with this command:  start %windir%\explorer.exe "C:\"

Im running some batch files my self for all the users, so i wont block for batch file running. 

How do I stop or block for these creative studens. :-(

King Regards
Jerry


Remote Desktop Services - Windows 2016 - Printer Redirection Stops Working

April 30, 2019, 5:35 am
$
0
0
We have setup many Remote Desktop Services and Users who connect get their local printers redirected. Recently on a Windows 2016 Standard Remote Desktop Server Users find that after some days of working fine they login and no redirected printers are available. If we log into the Remote Desktop Server our printers are not redirected either. The only way we seem to be able to resolve the redirection is to restart the Remote Desktop Server. This is a pain because it is constantly in use until late in the day. Have never had this issue before on Windows 2012 R2 or previous Windows versions. Can anyone find a solution to stop this from happening?

RDS ISAPI Filters

April 30, 2019, 3:56 am
$
0
0

Hi,

I tried to install .net 1.1 on our Server 2016 RDP server, however it mucked up the ISAPI filters on IIS, so it was not working.

I have removed the one with the extra \ in it and recreated the default x86 and x84 ones, how do I know they are working though, and are they even used for our Remote Desktop Gateway?

Everything seems to be up and running by the way.

Certificate issue: the remote computer cannot be authenticated due to problems with its security certificate. " Error code - 0x80072f8f, 0x20

April 29, 2019, 7:52 am
$
0
0

Hello Team,

I have the below issue:

Here is my RDS environment:

I have only one server 2012 R2 standard with the below roles installed 

  • RD connection broker,
  • RDSH,
  • RD Licensing and
  • RD web access

I have published few remote apps and I was able to access them using RD web feed till yesterday. 

Example : https://contoso.com/RDWeb/Feed/webfeed.aspx

I do have installed the SSL certificate on my server and provided the same to RD web. 

But today while I use the same url to access the remote apps I get the below error message 

"The remote computer cannot be authenticated due to problems with its security certificate. security certificate problems might indicate an attempt to fool you or intercept any data you send to the remote computer"

Error code - 0x80072f8f,0x20

Now I can only access the remote apps through RD web access ( https://FQDN/RDWeb)

Please help me in fixing this issue. 

Any help would be much appreciated.

Thanks

SM

New to RDS with RDP

May 7, 2019, 6:43 am
$
0
0

I came from the VM Ware remote desk top services so stumbling a little getting up and running. I have a windows 2019 farm built and working with published apps and 2 windows 10 pools one pooled and one personal. Everything is working across HTTPS including html 5 where I have an issue is with some thin clients I am running ( RDP protocol ) . I point them at my RD Connection Broker server and added the reg entry to redirect to my  windows 10pooled pool everything works great. With only one RD Connection Broker ( in this case 2 clustered ) how can I redirect some thin clients to the personal pool and others to the pooled pool. Thanks for any help you can give me here.

Deleted MSLicensing key from registry, now can't log in.

April 18, 2012, 5:31 am
$
0
0

Hello,

I have accidentally removed HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSLicensing from registry. Now I have login errors - licensing issues. Can somebody help how to recreate this MSLicensing key to log to RDS Server. I have Server 2008R2 logging to server 2003. On server 2003 I have terminal license server . Sorry for bad english. I am not native speaker.

Search

Windows Server 2016 Remote App Loses focus

February 26, 2018, 3:34 am
$
0
0

I published two RemoteApp from Windows Server 2016.

Upon some action these apps loses the focus and other windows become active in the foreground: very annoying.

The only workaround I found at present is to keep all other windows minimized.

Both apps are "legacy apps" partially developed with Visual Basic that use legacy custom controls, I suppose.

I searched online resolutions but all methods seems related to previous version of Windows server, not fully patched.

The clients are Windows 10 Professional v1709. Both server and client are fully patched

What I tried, without success:

- several app compatibility modes

- the well-known registry tweak on client

- using two old version of mstsc.exe and mstscax.dll

Any help appreciated.



RD Desktop Environment - Shared Applications

May 7, 2019, 3:39 am
$
0
0

We have two W2019 Servers running both with the Server RD Session Host role installed. Lets call them Server A and Server B.

  • Server A is used as a RD Desktop Environment
  • Server B is used for Shared Applications like Word, Excel etc.

Our idea is that the user does logon on Server A, accessing the Applications from Server B.

Basically this does work well however file type association seems not to be working in this environment. We are getting the following event on Server A:

Event ID: 1026

Source: RemoteApp and Desktop Connections

 "The installation of the default connection has been cancelled. A default connection cannot be used on a system that is part of a Remote Desktop Services deployment."

Default connection to webfeed.aspx has be configured via GPO and has been applied successful, file type association is configured for the shared Application also.

On Server A the file type association is not working so the user can not open a file from Windows Explorer directly.

As the Event Log Warning does it say really clear is it not possible to use shared Applications on a Desktop Environment with working file type association ?

Per User RDS licensing on Windows Sever 2016 in Workgroup environment

May 8, 2019, 3:30 am
$
0
0

Hello to All!

We have a problem with RDS feature on 2016 Server.

Server was deployed with no CALs installed and worked some time in a trial mode. Then owners of this server bought 30 Per User licenses trough SPLA programm and I was asked to activate and install licenses in it.

Before I connect to server I saw that owners are now in procces of deleting grace period registry entry (because grace period has ended and they was in big hurry to make it work again).

After all this and mine (standart activation and installing licenses proccess) manipulations server now did not want to see legal licenses and continuing working in trial mode (grace period still ticking). Last manipulations was to delete grace registry again and reboot the sever (I found similar situation https://www.360ict.nl/blog/no-remote-desktop-licence-server-availible-on-rd-session-host-server-2012/) but it did not helped and now grace period start ticking from beginnig (120 days).

I found info that 2016 server is still can issue Per User CALs to local users in Workgroup environment and made all manipulations with local group policies https://digitalbamboo.wordpress.com/2017/04/05/deploy-remote-desktop-services-in-a-workgroup-easily/ and other stuff and now in diagnostics there have no warning and all green.

Maybe some one faced similar problem or have any suggestions I would be very graceful. I'm desperate already.

Specify a Program to Start Automatically When a User Logs On Does Not Work in 2016 Server

December 22, 2016, 2:26 pm
$
0
0

By default, Remote Desktop Services sessions provide access to the full Windows desktop, unless a program has been specified to start when the user logs on to the remote session.If an initial starting program has been specified, it will be the only program that the user can use in the Remote Desktop Services session. The Start menu and the Windows Desktop are not displayed when the user logs on to the remote session, and when the user exits the program the session is automatically logged off. This feature does not work 2016 server it ignores whatever we specify and always starts a Desktop Session. We are running a work group so group policy is not an option as a workaround. In the 2012 server, 2008 Server it works. Kindly please advise how to get this basic feature to run in Server 2016.

Specify a Program to Start Automatically When a User Logs On Does Not Work in Server 2016

Windows 2016 RDS event 1306 Connection Broker Client failed to redirect the user... Error: NULL

December 31, 2016, 11:06 am
$
0
0

I'm attempting to setup a Windows 2016 RDS Standard Deployment for Session Hosting.  The layout is as follows:
RDS01 - RDS Connection Broker and Web Access
TS02 - RDS Session Host
TS03 - RDS Session Host

The domain these servers are part of has (1) Windows 2008 Server and (2) Windows 2016 Servers acting as DCs.  The domain is running at Windows 2003 Functional Level.

All servers are on a single routed network with no firewall between them.  All DNS A and PTR records for all servers exist and resolve on all hosts.  All servers can be pinged by each other. In other words, there are no network connectivity issues.

I've setup the RDS deployment several times w/ the same results.

The Issue
I can login via the RDWeb interface on RDS01 from a Win10 desktop and connect to the published RDP desktop without issue (i.e. no error messages to the user) and no errors in the logs.  When I try to directly RDP to RDS01, I successfully authenticate as a user (per the event log) but get an error stating that the user doesn't have access to the system.  In the event log I get event id 1306 with the message of "Remote Desktop Connection Broker Client failed to redirect the user <domain>\<test user>.  Error: NULL".  

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="Microsoft-Windows-TerminalServices-SessionBroker-Client" Guid="{2184B5C9-1C83-4304-9C58-A9E76F718993}" />
  <EventID>1306</EventID>
  <Version>0</Version>
  <Level>2</Level>
  <Task>104</Task>
  <Opcode>13</Opcode>
  <Keywords>0x2000000000000000</Keywords>
  <TimeCreated SystemTime="2016-12-29T16:47:27.634726700Z" />
  <EventRecordID>47</EventRecordID>
  <Correlation ActivityID="{F4209120-29ED-44E4-845A-25A2570F0000}" />
  <Execution ProcessID="828" ThreadID="3668" />
  <Channel>Microsoft-Windows-TerminalServices-SessionBroker-Client/Operational</Channel>
  <Computer>rds01.[redacted.domain]</Computer>
  <Security UserID="S-1-5-20" />
  </System>
- <UserData>
- <EventXML xmlns="Event_NS">
  <param1>[redacted.domain]</param1>
  <param2>[redacted.user]</param2>
  <param3>NULL</param3>
  </EventXML>
  </UserData>
  </Event>


If I RDP to RDS01 as an administrator, I get the same error message but the RDP session opens and presents the desktop on RDS01.

I can RDP directly to TS02 or TS03 and login as a user and open the RDP session.  Redirection to some degree appears to be working in that I can disconnect a user session from TS02 and RDP to TS03 and the session is redirected back to TS02.  The event logs on RDS01 record this happening as well.

What I've tried already
1. In searching this event 1306 issue, I found several posts with this exact same behavior in WS 2012/R2.  Most "solutions" suggested point to the fact that the RDS Session Broker doesn't have sufficient authority to look up the users AD group membership via the tokenGroupsGlobalAndUniversal attribute or AuthzInitializeContextFromSid API function which leverages the tokenGroupsGlobalAndUniversal attribute.  (Example: https://social.technet.microsoft.com/Forums/windowsserver/en-US/29733a87-dbda-47bc-8b37-6eeac5ab5a0a/2012-rds-nonadministrators-can-not-access-vdi-pool?forum=winserverTS#97d883f1-7a64-4d02-9492-309638f92e79 )

The service is running as "Network Service" which does have network access via the Computer Object's authority in AD.  So following Microsoft's instructions (https://support.microsoft.com/en-us/kb/331951), I've added RDS01 to both the Windows Authorization Access Group and Pre-Windows 2000 Compatibility Access groups and rebooted RDS01 with the same results.  

2. I've verified the Windows Authorization Access Group has rights to read the tokenGroupsGlobalAndUniversal property/attribute on my test users and the computer objects of the servers.

3. I've setup an AD Service account following Microsoft's instructions (https://support.microsoft.com/en-us/kb/842423) with a similarly described access issue.  The service account user was added to the Windows Authorization Access Group.  This was unsuccessfully as well w/ the same event 1306 error.

4. I ran the following powershell commands to verify access of the Connection Broker to the OU (https://technet.microsoft.com/en-us/library/jj215512.aspx#)

Test-RDOUAccess -Domain [redacted.domain] -OU "Computers" -ConnectionBroker rds01.[redacted.domain] -verbose


This failed so I ran the following to grant access

Grant-RDOUAccess -Domain watsons.local -OU "Computers" -ConnectionBroker rds01.watsons.local -verbose


The Test-RDOUAccess then succeeded.

I repeated this for the OUs that contained the users and the server computer objects.

I've disabled all GPOs to ensure there's no conflicts but have seen no change in the behavior or error messages.

With all that, I've exhausted every option that I can find to resolve this error to gain the expected functionality.  As a work around for the moment, I've setup a round-robin DNS A record that points to TS02 and TS03 w/ a very short TTL.  This gives the test users the ability to login and atleast test the desktop functionality.

Sorry for being so long winded with this but I thought it better to put all the cards on the table.

I'm open to any and all suggestions.

Thx!

Adding another icon/ rdp shortcut to the RDWEB Page

May 7, 2019, 5:13 am
$
0
0

Hi,

I have set up a Windows Server 2016 RDS environment which is as follows:

1 RD Gateway Server (RDGW1)

1 RD Web Server (RDWeb1)

5 RD Session Hosts (RDS1 to 5)

1 RD Broker (RDBroker1) - also does licensing.

gateway url is: gateway.domain.com which points internally and externally to the RDGW1 server.

The RD gateway and RD Web servers are in the DMZ.

We now want to implement Azure MFA using the NPS Extension as described here: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension-rdg  

To minimize impact, I set up another Gateway server in the DMZ called RDGW2, along with an NPS server in the LAN (NPS1). Following the documentation linked to above, I was able to successfully set this up.

To test, I have downloaded the RDP icon from the RDWeb page and edited it to direct via RDGW2 rather than RDGW1. I also created an External DNS entry for gateway2.domain.com pointing to the WAN IP for RDGW2.  This works fine from outside of the network and I get MFA prompts and can see connections going through RDGW2.

I now need to publish 2 RDP shortcuts. One would be using the old non MFA gateway (RDGW1)  - this is already there. The second would be the edited RDP Shortcut that uses the new MFA configured Gateway (RDGW2).

Is there any way I can publish the second RDP icon? Perhaps by editing the relevant web page or locating where the original icon is located? Publishing via RemoteApp is not an option. The reason for having both is to provide a transition environment and possible future DR environment (in case there are issues with Azure).

Thanks,

2016 RDS issue - Single user | Windows cannot find local profile.

May 8, 2019, 10:00 am
$
0
0

Hello, 

I'm receiving a few errors with my RDS 2016 build. Randomly a user, upon logging in will be given a temporary profile. I do the normal remediation steps by deleting the temp profile in the registry and Advance User options, the server is rebooted and they can log in fine. But after a while the error comes back again. All other users can remote in fine with no issues, it only effects one user at a time. A few errors I see....

1. Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

2. 

The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user (xxxxxxxxxxxxxxxxxx) SID (S-1-5-21-3444666529-4500789-23435591xx-xxxxx) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

The RDS server shows this error

3. Remote Desktop Services could not apply a user desktop for a user account with a SID of S-1-5-21-3444666529-4500789-23435591xx-xxxxx. A temporary profile was enforced for the user. Verify that the user profile disk settings are correct. The error code is 0x15.135

4. Remote Desktop Services could not attach a user profile disk for a user account with a SID of S-1-5-21-3444666529-4500789-23435591xx-xxxxx. The error code is 0x15.135

Thanks.

Please assist, 

Seneb

Search

cant launch remote app

May 8, 2019, 1:08 pm
$
0
0

Hello i have everything on single server 2016

rdweb, rd gateway, session host

i am forwarding 443 thru my firewall to my server

when i go to launch a remote app i get the following, working internally, just not externally.




Remote Desktop web client exception with disconnect code GatewayProtocolError 52 , extended code=, reason = Gateway tunnel authorization failed with error code = 2147965403

May 1, 2019, 11:33 am
$
0
0

Scope of this is that out of dozens of accounts that work fine for rdwc sessions, there are two that do not.  The connection starts but within a few seconds fails with, user facing side, 'we couldn't connect to gateway because of an error.'  When running a capture, the key error appears to be:

"The connection generated an internal exception with disconnect code=GatewayProtocolError(52), extended code=<null>, reason=Gateway tunnel authorization failed with error code=2147965403"


This is what’s in the nps log from the RD server:

"orgRD","RAS",04/05/2019,15:22:31,1,"DOMAIN\SAMACCOUNTNAME",,"UserAuthType:PW",,,,,,,,,,,,5,,,12,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"TS GATEWAY AUTHORIZATION POLICY",2,"TS GATEWAY SERVER GROUP","xxx.xx.xxx.xx",,
"orgRD","RAS",04/05/2019,15:22:31,11,,,,,,,,,,,,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"TS GATEWAY AUTHORIZATION POLICY",2,"TS GATEWAY SERVER GROUP","xxx.xx.xxx.xx"",,

And this is from the NPS server:

"FILES","IAS",04/05/2019,15:22:31,1,"DOMAIN\USERNAME","domain.org/Users/FirstnameLastname","UserAuthType:PW",,,,,,,0,"xxx.xx.xxx.xx","orgrd",,,5,,,12,7,"RDpolicy",0,"311 1 xxx.xx.xxx.xx 03/19/2019 04:54:59 292",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"RDGWauth",1,,,,
"FILES","IAS",04/05/2019,15:22:31,11,,"domain.org/Users/FirstnameLastname",,,,,,,,0,"xxx.xx.xxx.xx","orgrd",,,,,,,7,"RDpolicy",0,"311 1 xxx.xx.xxx.xx 03/19/2019 04:54:59 292",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"RDGWauth",1,,,,

Any pointers in the right direction, or if anyone else has seen these errors, would be much appreciated!

Need to Move 2016 RDS Roles from one Server to Another

May 8, 2019, 1:33 pm
$
0
0

Have a functional Server 2016 RDS Deployment consisting of RD Web Access (not using), RD Gateway, RD Connection Broker, RD Session Host on TS-01, RD Licensing on DC-01, and a 2nd Session Host on TS-02.  There is one existing Collection serving up one RemoteApp program to both Session Hosts.

The TS-01 server needs to be redeployed from scratch due to an OS issue so I need to move the RD Web, RD Gateway, RD CB roles to the DC-01 server first, leaving the Session Host role in place on TS-01 for now.

I've seen articles about migration which I don't think apply here.  I do not want to enable HA on this since I know you can't go back to non-HA.  Can each role be deployed on the other server and then removed from the TS-01 server?  Or is this a deploy from scratch scenario?

2019 RDSH - not able reconnect to Disconnected session, every time new session (with fSingleSessionPerUser=0)

May 3, 2019, 10:46 am
$
0
0

Hello colleagues

When we are doing such config (enable multiple sessions per user):

Computer Configuration\ Administrative Templates\ Windows Components\ Remote Desktop Services\ Remote Desktop Session Host\ Connections

Restrict Remote Desktop Services users to a single Remote Desktop Services session     Disabled

We are not able to reconnect to any disconnected session that was running previously.

It seems that it was mentioned here for Inside build, but we have same...

https://techcommunity.microsoft.com/t5/Windows-Server-Insiders/Bug-no-reconnect-to-disconnected-session-with/m-p/282056/highlight/false#M829

Any solutions for this problem?

Regards,

Sergii V

Using Remote Desktop Services instead Teamviewer

May 8, 2019, 2:41 pm
$
0
0

Hello,

I would like to access the server without Teamviewer. I`ve been told that we need to set up terminal services and that I need a licence. Are there any tutorial on this?

Many Thanks,

Viewing all 27765 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>