Hello and please help me solve this mystery of the universe.

We have a citrix farm we recently upgraded from win2003 to win2012r2.  First time they logged on to new server, they'd get a new roaming profile with the format "username.V2".  So far so good.

In an attempt to troubleshoot intermittent reports of profile permission issues, I deleted all the old win2003 "username" profiles from the roaming profile server.  For some reason, this caused new profiles to be created for subsequent logons, and after logout a 3rd roaming profile "username.domainname.V2" was created on the roaming profile server. 

In every case, "username.V2" still has the correct permissions, so I have no idea why a 3rd one is being created.  And it makes no sense that deleting the win2003 profs is the thing that caused it.  Any theories?

 - Jaime

As the title states when trying to connect to one of my VMs all of a sudden I get a generic Can't connect, Contact your system administrator error.

If I look in the event logs I see...

Event 36871, SCHANNEL

 - A fatal error has occurred while creating an SSL server credential. The internal error state is 10011.

Googling for info I found this post. 

https://social.technet.microsoft.com/Forums/en-US/7a10b7bb-92fb-4a20-bfc6-eee3a6ee6752/windows-2008-r2-rdp-issue-this-computer-cant-connect-to-the-remote-computer-help?forum=winserverTS

This seems to be the exact issue I'm having. Enabling the client authentication to "RDP Security Layer" will bypass this error. But my only question is... Would this setting be enabled on the client or the host? I'm just confused because everywhere I read says "on the client side" but the setting is nested within "Remote Desktop Session Host Configuration". Makes me think it would be on the VM I'm connecting to and not the client? Just asking in advance before making the situation worse(Though I'm pretty sure lowering the encryption method won't lock me out.)

EDIT: Just FYI. I am going to be setting these through GPO. So would I set Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Require use of specific security layer for remote (RDP) connections SET to RDP Layer on the Client or the Host?

Hi all,

I have tried implementing RDSH for Edge browser as it is supported in 2016 TP3 according to the post: http://blogs.msdn.com/b/rds/archive/2015/08/19/remote-desktop-services-in-windows-server-2016-technical-preview-3.aspx

But there is no how to...

So fully patched 2016 TP3, single server deployment, quickwizzard for RDSH.

There is no easy way to simply publish "Edge Browser" in RDSH. So I have tried publishing Explorer.exe and changing parameters to "microsoft-edge:" which launches the browser when logged on locally.

However when tried launching the app from via RDP (RDWeb) Win8.1U1 all I get is full white screen with: "you’ll need a new app to open this microsoft-edge"

So the questions is how exactly is Edge browser supported? And how exactly are we supposed to configure it?

Thank you very much for any ideas

I would like to get rid of the secondary popup shown above when a user chooses to connect to a Remote PC.   If I can't get rid of it I would like to have it default to enable all of the redirection check boxes.  I have already enabled these in IIS \ Application settings and they are showing enabled n the Connect to a Remote PC screen as shown, the secondary popup is redundant.

Hi Everyone,

I got a strange issue with RDS environment, On one fine morning , we are not able to view the pooled managed collections under collections tree, however if we click on collection you can see it as unknown( below screenshot ). I am able to manage other pooled collection apart from one with 140 VMs with the help of PowerShell. Apart from this everything is running as it should be , however now we are not able to manage it and this is major problem that we are not able to manage settings. 

This checked till now.

1.       All Pooled Managed VDIs are showing unknown.

2.       Only  One Pooled Managed Collection having issue.

3.       Collections are working and behaving normally, Only one Collection with 140 VMs having issue while updating the collection and rest of the collection are accessible and working fine from command line.

4.       No changes in RDSCB SQL database, no job are pending to execute in DB as well.

5.       No Major events related to VDI connection broker.

Getting Below error while managing with powershell.

New-Object : Cannot convert argument "2", with value: "", for "RDVirtualDesktopCollectionJobStatus" to type "System.DateTime": "Canno
t convert null to type "System.DateTime"."
At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\RemoteDesktop\VirtualDesktopCollection.psm1:2167 char:22
+         $jobStatus = New-Object  Microsoft.RemoteDesktopServices.Management.RDVi ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [New-Object], MethodException
    + FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand

Hi,

When working with Roaming profiles we have some strange behavior on windows 2008r2 servers that doesn't happens on windows2003 Servers.

Users have Roaming Profiles and there is a logon script that checks for previous installed printers (WMI Query). Depending of the user groups, printers will be added or removed.
Each time a user logged off from the server the local profile on the server is removed.

Now each time a user login, the roaming profile is copied to the server and the logon script is executed.
The result of the WMI Query in the logon script during logon is empty (No printers available)

Executing the logon script when login is completed, give me ALWAYS the correct number of Printers.

It seems that the logon script (and WMI query) starts to early and printers are not available due to Roaming Profile Copy.

Anyone an idea how to delay the execution of the logon script? 
Or how to detect printers are available to Query via WMI?

Regards

Kurt

I am running a Remote Desktop Services deployment with HA on Windows Server 2012 (not R2).  This occurs weekly for me, a user will be logged into server running a remote application, the user will report that they were disconnected during their session and when they try to reconnect they are unable to do so.  On the server side the user will either have a disconnected OR a couple days old active session (which should not be possible as I have GPO session time limits configured to kill the session in 12 hours).  I have tried to kill the session may different ways:
1) Task Manager > Users Tab > Right click logoff

2) Server Manager > RDS > Collection > Right click user and select logoff

3) Open CMD run - rwinsta ##  (## being the user session ID)

4) Open CMD run - logoff ## (## being the user session ID)

5) Open CMD run - reset session rdp-tcp#XX  (XX being the user rdp-tcp# session ID)

All of this yields no result, i have also opened task manager and killed all running applications however this leaves a few running applications: rdpclip.exe, taskhostex.exe, rdpinit.exe, rdpshell.exe, mstsc.exe

when i try to kill these, I get a warning that this may cause the server to shutdown OR access denied.

Has anyone found a solution to this problem?

We have migrated from Device CALs to User CALs (with MS assistance, will DM case number on request) - now several users are getting the following error: "the session was disconnected because license store creation failed with error access denied"

I've seen several answers to this for different versions of 8/8.1, all of which are similar to

https://social.technet.microsoft.com/Forums/windows/en-US/598acb64-644d-426f-b129-10e3061db786/the-remote-session-was-disconnected-because-license-store-creation-failedwindows-81?forum=winserverTS.

The summary is to back up and delete HKLM/SW/MS/MSLicensing

The problem we run into is that that key does not exist in the first place. Any help is appreciated!

Thanks,

JD 

Hi....

On one of our Windows 2012 Remote Desktop Host servers we have the following problem.

--Not working example:

-- Working example:

---

So black boxes all over the place. When I troubleshooted this as admin I found that switching the theme to "Windows" under Windows standard theme  made the black boxes go away. But switching to the "Windows Basic" them makes them appear again.

So:

-- How do I fix the basic theme? As this is the theme regular users uses and they have no option of changing theme. RemoteApp technology is used.

-- Or possibly, as I think it works fine with the "Windows" theme, how do I apply this to all users logging in to the server?

Also, I have tried to find a solution on this on the forum, the internet and be general troubleshooting. No errors in the event log in Windows......

Looking forward to hear from you. Thank you in advance.

Red Baron

Problem

I have setup an RDS environment with a connection broker and RDGateway on one server, and then two RDSH servers. When configuring a domain crossover issue (our external URL is a different domain than our internal) I kept getting the following error-

"The identity of the remote computer cannot be verified. Do you want to connect anyways?

This Problem can occur if the remote computer is running a version of Windows that is earlier than windows Vista, or if the remote computer is not configured to support server authentication

For assistance, contact your network administrator or the owner of the remote computer"

Now PLEASE, PLEASE, PLEASE READ THAT WHOLE ERROR and checkout the attached image

I know the first line is the same that you see with cert/domain mismatches, or with untrusted certificates, but this is not the generic certificate error. This error persists if I just remote directly to one of the RDSH, though not the other, it is a settings issue on the RDSH server.

After I isolated it to the RDSH I reverted it to an earlier snapshot and not only did this error no longer appear, but connection times through the RD Web Access portal were maybe 15 seconds quicker. Everything ran beautifully, certs configured so that there wasn't a single error internally or externally for multiple devices and different users... and then I restart the RDSH server and BAM its back again, both the error and the long login times.

Background Details

At first I thought this was caused by a Group Policy object that I deployed when I shouldn't have-

Computer>Policies>Administrative Templates>Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security > Server Authentication  Certificate Template

I deleted the GPO link and reverted to my snapshot as stated above. Since this seemed to resolve the issue I thought it was solved but as I stated the issue crops back up after a restart. The GPO is definitely gone though so it must be an issue somewhere else.

An oddity is that even though the issue is definitely just with just one of the session hosts the error and delayed connection time occurs whenever I connect through the connection broker until I revert the problem server. After reverting just that single server the problem goes away for all of the servers.

Cert Setup Details

This is not directly the cause of the problem, as I stated there are no certificate errors after I finished configuring our cert setup, but our setup is a bit non-standard so I'll describe it below.

RD Connection Broker/RDGateway/RD Webaccess server is signed with a wildcard cert . This does not match our internal domain, so I made a DNS entry that does which the connection broker bounces to and then to the internal IP address of the connection broker server.

Website - remote.domain.com signed with *.domain.com -

internal dns record pointing connectionbroker.domain.com to ip address of connection broker server.

The RDS environment is signed with *.domain.com certificates

The published FQDN is changed with the PS script found here to match the external domain - https://gallery.technet.microsoft.com/Change-published-FQDN-for-2a029b80

to the "connectionbroker.domain.com" address.

---

Update: After testing this a bit more I realized it is not actually the restarting that triggers the problem, it seems to be activating windows following which I was restarting. Restarting without activating Server 2012 R2 Standard Edition does not cause this error to appear.

Hi,

We have an existing RDS 2008 farm which is configured with 1 Connection Broker and two Session Host servers. There is a single name record (rdfarm) that RR to Session Host 1 and Session Host 2. The users open a mstsc and type "rdfarm" and they are connecting to session host 1 or session host 2.

I have been told that the broker server is managing the connections but I don't know how? Like I said they mstsc to "rdfarm" directly and no Connection Broker is specified anywhere.

Are they really using the Connection Broker server?

My understanding in Windows 2012 RDS is that in a scenario where you have 1 Connection Broker and 2 RDSH that if a broker wants to be used to establish the connections then the RDP settings have to be modified (Explained in this blog). Otherwise the only way to avoid changing the settings will be using the RDP through the Web Access.

Is this different in RDS 2008? I am totally confused can someone please help me understand.

Thank you!

I just upgraded to Windows 10 from Windows 8.1 using the upgrade in place provided by Microsoft.  Overall the experience has been fantastic, but the Remote Desktop "Full Screen" mode appears to have a bug in it, unless someone can help me fix it.  In essence, when "Full Screen" AND you use all of your monitors is used, when the cursor is moved to the very bottom of your smaller resolution monitor the whole session "scrolls" upwards showing the taskbar for the underlying OS (Win 10.)   My laptop monitor is 1600x900 and my regular monitor is 2560x1080 or 1680x1050 (one at work, other at home.)

EDIT: It's not destination OS depending.  Does the same whether I'm connecting to Windows 7, 8 or 10.

Attached is an example of what it looks like.  Any ideas?

Server 2012 R2 RDS deployment, all virtual, and 1 component shy of proper functionality. This is strictly for use with RemoteApp, and there are no hosted VDIs.

I'm reusing a known working mandatory profile, but they are not being deleted after users are logged off by the system. My investigation has come to the following state:

1. All user profiles from system/advanced properties are shown as 'Local'.

2. HKLM\..\ProfileList\<sid>\CentralProfile = the UNC path specified in my GPO (with .v2 appended)

3. HKLM\..\ProfileList\<sid>\State = 518  ? .. unknown. what state this profile is in.

4. DelProf2 sees all profiles as 'Roaming Profiles' and is able to programatically detect and delete roaming profiles.

Now... I could certainly do a simple triggered task on Security event 4647 to run DelProf /r  ... but

Any ideas on why system advanced properties is showing these profiles as local, and why the GPO option would be failing to remove them on logoff? Specifically, GPO settings are

- System/User Profiles/Delete cached copies of roaming profiles = Enabled

- Windows Components/Remote Desktop Services/Remote Desktop Session host/Profiles/Set path... = UNC path of profile

- Windows Components/Remote Desktop Services/Remote Desktop Session host/Profiles/Use Mandatory profiles... = Enabled

I'm trying to setup a Remote Desktop server to get licensing information from another server in another forest. Both are Windows 2012R2 servers

1- Full tow way transitive trust is present and working between the forests/domains.

2- Licensing server is part of Terminal Server License Servers group in all domains.

3- RDS Host Servers is part of the Terminal Server Computers group on the RDS Licensing servers.

4- Domain admins or the Host servers are admins of the RDS Licensing server.

5- The following ports are open between both servers: UDP 137 UDP 138 TCP/135 TCP/139 TCP/445 TCP/49152-65535

I still have a “licence server …… Unavailable” error.

What I’m a missing?

Thanks.

I have a 2012 R2 RemoteApp environment with the following servers:

Server1 - Session host, internal web gateway, connection broker (HA configured)

Server2 - Session host, internal web gateway, connection broker (HA configured)

Server3 - Session host

Server4 - External web gateway (published to web on port 443)

Server5 - External web gateway (one should always have redundancy right?)

Servers 1,2,3 are all in a single RDSH collection, lets call it RemoteApps. All apps work properly from the inside and outside through all connection methods from desktop RDC clients to web interface to iOS and Android devices. (this still seems like magic to me)

Now let me introduce our new friend Server6. Server6 is just session host. It has been added to a new collection, lets call it AdminDesktop. Server6 has exactly the same programs installed as Servers 1,2,3 but is in a new collection so I can access the full desktop remotely from my tablet when I travel. It is also there so I can isolate it and any work done on it will not effect the production sessions on Servers 1,2,3.

Server6 rarely gets attention. Most of my connections to the published AdminDesktop service are instead directed to one of the application session servers (1,2,3). Since they are all identical I have to check every time I connect to make sure I'm not on a production server before I begin working.

The reverse situation never happens. If I launch an individual application I am always 100% of the time directed to one of the proper RemoteApps collection servers (1,2,3).

I have verified all servers are in the proper AD RDS groups, and my gateway policy has been setup (for testing purposes) to allow me to access any domain computer through the gateway. 

How can I configure this so the AdminDesktop sessions will always go to Server6 in the AdminDesktop collection?

Hello, 

We have Windows 2008 R2 servers with SP1 fully patched and Windows 7 SP1 desktops also fully patched. We enabled NLA (Network Level Authentication) via group policy recently after we decommissioned our last 2003 R2 server. We can connect to all of our 2008 R2 servers via remote desktop except for one. We get the error: 

“The remote computer requires Network Level Authentication, which your computer does not support.”

We are using other 2008 R2 servers and Windows 7 desktops to try to connect to the server. They all support NLA. But we still get the message. We rebooted the server from the console. That still did not resolve it. We could turn NLA off in the group policy at least for this server but we need it turned on for compliance reasons. 

Any suggestions on what the issue is? 

Thanks. 

Hello

I have an intermittent problem with RDP connection to a Windows 2012 R2 server.

when  I connect to a server1 host name via RDP client executed on Windows 7 Ent, not always I'm able to connect to this server.

I have to connect to server1 passing via RDP executed on server2, then from my client I'm able to connect directly to server1.

both server1 and server2 have one NIC, one IP address for each, on the same VLAN.

I'm able to ping server1 or server2 always.

the same behavior happen from other PC on the network, be Win7 or Win2012 or other.

the workaround used is shutdown  the server, wait one minute, than restart it. now it is possible to connect in RDP from any PC without passing before from server2. It works until next reboot. 

server2 was created as clone of server1 (and then sysprepped). Server1 and server 2 are joined a domain.

Anyone have an idea on why of this behavior and how to fix it ?

Thanks in advance

Regards

GB

Hello everyone,

We host a remote desktop environment for customers consisting of a Windows 2012 R2 Session Broker connecting to Terminal Servers 2012 R2. Clients run mostly Windows 7 and some Windows 8 machines (up-to-date) with Remote Desktop Connection 6.3.9600.

The following situation occurs:
When clients connect through the Remote Desktop Gateway (our Session Broker) and try copying a file from \\tsclient to the terminal server, the RDP connection disconnects and reconnects. The file transfer has been aborted with error message"Error 0x800703E3: The I/O operation has been aborted because of the closing of a thread or because of a command from an application" (Freely translated into English). Choosing Retry from the dialogue option results in a different error message: "Insufficient memory is available to complete this operation."(Again, this is a translated message.)

This problem only occurs when copying files larger than 2,5MB (estimation). Smaller files will be copied correctly. 
This problem does not occur when connecting directly (no RD Gateway) to the terminal server.
Using drag-and-drop to copy the files has no different effect.

Can anyone assist me resolving this issue? If there is need for more information, please let me know.

Auke, Netformatie