Hello 2 all,
I'v set up a hyper V server on server 2012 R2 with an remotefx capable card inside. I can give the guests this graphic card (Nvidia Gforce gtx titan) But the card will not install inside of the guest which is a server 2012. Inside of an windows 8.1 it will install.
I don't now which part I'v missed.
Could you give me any help
Thank you
Hello Everybody,
I faced with very strange situation: trying to troubleshoot SSO for remoteApps on Windows Server 2012R2. Everything is installed and configured properly. I ran commands:
Import-module remotedesktop
Set-rdsessioncollectionconfiguration -collectionname "RemoteApps" -customrdpproperty "authentication level:i:0"
Set-rdsessioncollectionconfiguration -collectionname "RemoteApps" -customrdpproperty "alternate full address:s:remote.ccim.com"
Added <*.domainname.com> to the Allow Delegating Default Credentials policy and forced GPudate
Added the server name individually to the Allow Delegating Default Credentials policy
Checked and confirmed that the registry entry are updated as per the policy changes
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation]
"AllowDefaultCredentials"=dword:00000001
"ConcatenateDefaults_AllowDefault"=dword:00000001
"AllowDefCredentialsWhenNTLMOnly"=dword:00000001
"ConcatenateDefaults_AllowDefNTLMOnly"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation\AllowDefaultCredentials]
"1"="TERMSRV/<My Server1>"
"2"="TERMSRV/<My Server2>"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation\AllowDefCredentialsWhenNTLMOnly]
"1"="TERMSRV/<My Server1>"
"2"="TERMSRV/<My Server2>"
Made sure - "Always prompt client for password upon connection" policy located in Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security. is not set to "Not Configured". Changed it to "Disable"
However, still situation: I login to remote app web page with my credential and try to launch let's say Word, logon window appears saying:
Your credentials did not work.
when I enter my credentials they do not work and it asks to enter it again.
At the same time, strange record appears in the event viewer:
New RemoteApp and Desktop connection (RDS01.domain.com) is started for user (esy8OkZAZ94BHhbY+3+KU95NykY=) without authenticated credentials
Could you please hint me what to do next and do I miss something?
UPD: I did some tests. When I logging to remote.domain.com from outside organisation, I enter credentials on the first login webpage. Then I try to launch Word, it asks again for credentials, I enter them and everything is working. When I go to terminal server and go to remote.domain.com I enter credentials on the first login webpage. Then I try to launch word, the windows with "Your credentials did not work" appears. Certificate is signed by CA and shown as OK in IE.
UPD1: also when trying to launch published web app such event logged:
Subject:Hi there,
I've got a strange problem which i can'nt figure out.
A small introduction, my colleague and me manage multiple RDS environments as a Multi-tenant desktop from the cloud for our customer’s. The differences are:
RDS1 =
1. Hosted on ESX
2. Single Gateway and Broker
3. Al servers RDSH, RDCB, RDGW are Server 2012 R2.
4. Domain Functional level Windows Server 2008.
RDS2 =
1. Hosted on Hyper-V HA Cluster.
2. 2 Gateway servers (DNS Round robin) 2 HA Brokers.
3. Al servers are Windows Server 2012R2.
4. Domain Functional level Windows Server 2012 R2.
Our customer’s vary from 2 to 50 desktops, some have their own RDSH and collection, some have a shared (generic) collection with multiple RDSHs. Mostly we work with none joined
clients which vary from desktops, laptops, thin clients. All with a minimum of Windows 7 and RDP 8.0. Customer’s
connect from anywhere over the internet through our Web access/Gateway Servers to their desktop.
The problem:
Sometimes we migrate customers from a local domain and server park to our cloud solution. Mostly they will stop using their local domain in the end. The domain mostly exists for a couple of months before we bring it down.
When this is the case, we have problems connecting the clients with our RDS2 environment. We get the message “The connection was denied because the user account is not authorized for remote login”. I am not sure there is a relation but it looks like in most
cases there is a local RDSH involved. Although at the office we have a domain without a RDSH.
Of course we checked if the users are member of the “Remote Desktop Users” group form the RDSH they should connect with. But still we get the message. In the end we found out that the local client is somehow trying to setup a remote desktop connection with the Gateway server. When we add the user to the “Remote Desktop Users” group from the GW server the user successfully logs on to the GW server!?
At the office we have multiple vlans, 1 which has a domain in it and 1 without (Just a guest vlan) but share the same connection (IP) to the internet. In the first vlan we have the problem in the second we don’t. At Home I have my own local domain and also a stand-alone RDS server, I am also experiencing the same problem.
We can’t figure out why this is happening. Does anybody here experienced the same problem?
Hello
3 sites - 6 Server 2 DC+ 2 DC + 2 DC
1 DC has a failure (called the server), I remove from AD, reset the system and enter to AD + install DNS + global catalog.
All replication from server go to the other DC is good.
From one site can not connect on the RDP - error the connection can not be completed because remote computer was reached is not one you specified
What could be the problem?
I do ipconfig/flushdns - don't help
Hi all.
I have one PC with only one user account on it. This PC is configured to accept remote desktop connections. This PC is 150 km away and teamviewer hangs on login, hence the RDP connection.
Last night I logged onto the PC to find 3 drives had been bitlocked :( 2 out of the 3 recovery files are in the recycle bin on one of the bitlocked drives (I found this by the properties of the .lnk files in the app data roaming folder)
After trawling through the event viewer I have noticed that many people have logged into the PC over the past few days from multiple countries except the usernames they provided are all over the place. (curt, test, test123, chandler, colin, admin, etc etc)
As a test I tried to log in using one of the usernames and the correct password and was denied.
How are they able to log into the PC by using those usernames that are not the username of the primary user account???
Hey there.. weird one here.. I am testing RemoteApps with Server 2012. All is fine except for when I try and grant access to user in another forest where we have a two-way\forest transitive trust. The error is below.. What is interesting is the trust works fine otherwise. For example, if I try and add a user to the local admin group on the server it works great.. I can even authenticate via RDweb portal from a user in the trusted domain.. any ideas?
I just upgraded to Windows 10 from Windows 8.1 using the upgrade in place provided by Microsoft. Overall the experience has been fantastic, but the Remote Desktop "Full Screen" mode appears to have a bug in it, unless someone can help me fix it. In essence, when "Full Screen" AND you use all of your monitors is used, when the cursor is moved to the very bottom of your smaller resolution monitor the whole session "scrolls" upwards showing the taskbar for the underlying OS (Win 10.) My laptop monitor is 1600x900 and my regular monitor is 2560x1080 or 1680x1050 (one at work, other at home.)
EDIT: It's not destination OS depending. Does the same whether I'm connecting to Windows 7, 8 or 10.
Attached is an example of what it looks like. Any ideas?
Hi,
Where can I find Security Settings in the Session Host Properties? I need to set SSL and Encryption level for Single Sign On. As of now when the user get connects to the Virtual Machine resides on this server, they have to enter their domain credential again which DO NOT want. Please advise.
Tuan
Hi technet community,
in Windows Server 2008 R2, it was easy to specify a program to start automatically when user remotely logs on.
https://technet.microsoft.com/en-us/library/cc770821.aspx
Is there anything in Windows Server 2016 Technical Preview 4, which enables the same functionality or is it required to use RemoteApps?
Thanks and regards!
Hi Everyone.
We run an internal facing Remote Desktop Services server. It is only accessible if you are inside our network or have VPN'd in. The person who configured this server has long since left and for all purposes, it works fine. That is until the turn of the year when we started to get errors that the cert is not trusted and refuses to allow connections stating the server address and the certificate subject do not match.
I cant see any need for SSL but appreciate that it is best practice. However, for this purpose I cant see any reason against removing the need for SSL, am I missing something?
If not can you help in removing the need for it or if I do, help in getting this issue resolved?
Thanks for the help!!!
Hello
We are experiencing an issue with our Win 2012 R2 RDS setup. We are using this to run Dynamics NAV for a number of locations. Just adding our Sweden location but we are having a problem with Swedish users when trying to switch databases. They receive the following error message:
'The time zone with ID 'vasteuropa, normaltid' was not recognised on the server. Update your computers time zone definitions'
We had exactly the same issue with our 2008 RDS system and the following hotfix resolved the issue:
https://support.microsoft.com/en-us/kb/2870165
The hotfix does not mention Win 2012 and I could not find anything for 2012. Should I use the same hotfix for 2012?
Has anybody experienced this issue and have a solution?
Thanks
Nick
Dear all,
I'm trying to create a Virtual Desktop Collection as a prototype for a future project, but I'm unable to deploy the collection. My enviroment is Windows Server 2012 R2, with separate machines for the broker and the hyper-v server.
We tried deploying a Windows 10 image and now a Windows 7 image (both Professional version). The deployment starts and is able to create the template, but then fails without specifying the reason.
The log shows the following error:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System><Provider Name="Microsoft-Windows-Rdms-UI" Guid="{XXXXXXXXXX}" /><EventID>8198</EventID><Version>0</Version><Level>2</Level><Task>6</Task><Opcode>0</Opcode><Keywords>0x2000000000000000</Keywords><TimeCreated SystemTime="2016-01-26T14:41:36.652449900Z" /><EventRecordID>8</EventRecordID><Correlation ActivityID="{FD27D6DF-583C-0000-246E-28FD3C58D101}" /><Execution ProcessID="1084" ThreadID="4036" /><Channel>Microsoft-Rdms-UI/Admin</Channel><Computer>XXXXXXXXX</Computer><Security UserID="XXXXXXXXXXXXXX" /></System>
- <EventData><Data Name="arg1">DVBasico</Data><Data Name="arg2">DVBasico</Data><Data Name="arg3" /></EventData></Event>In general view, the message is:
DVBasico: Pool DVBasico creation failed. Reason:
Any ideas - I've enabled the RDMS UI Log according to this site but nothing usefull is recorded.
Kind regards,
Rodrigo
Hello,
I have an RDS deployment where I have the following machines:
Domain Controller 1
Domain Controller 2
RD Connection Broker / RD Licensing Server
RD Gateway Server 1 / RD Web Access 1
RD Gateway Server 2 / RD Web Access 2
RD Session Host 1
RD Session Host 2
File Server (SMB share for User Profile Disks)
The problem is every time the a user remotes in and it gets into Session Host 1 the user cannot delete any files on that user's profile, but if the user logoff and login again an it's assigned into Session Host 2 then the user can delete files. I have check the permission on the SMB share and they look the same that it was before this issue appear.
Have anyone has this issue before?
Thanks in advance for any help.
Hi there,
I have set up an RDS 2012R2 RemoteApp/ RDS proof of concept for a client. The environment is as follows:
Domain and Forest functional Levels: Windows 2003
2DCs: Server 2008R2.
1 RD Managment and Licensing Server (2012 R2)
1 RD Gateway (2012 R2)
1 RD Broker (2012 R2)
1 RD Web Access (2012 R2)
4 Session hosts split up as follows:
RDS1 and 2: For RemoteApps. Collection is called RemoteApp
RDS 3: For Full Desktops. Collection is called Full Desktops
UAT: For User Acceptance Testing. Collection is called UAT1 and is configured for remote apps.
All 3 collections are enabled to allow users from the RDS_UAT group to access them. The RDS_UAT group consists of myself and 4 other testers. Within the collections (for testing):
RemoteApp collection: all apps are configured to be visible to users in the apps_sg security group (myself only). There are several folders which house the apps.
UAT Collection: All apps are configured to be visible to the RDS_UAT group. These all reside in the UAT Apps folder.
I have 2 issues:
1) A user who is not a member of either security group can log in and see all three collections. To test, I created a new user (user A) who is a member of only domain users. The user could see all the folders and collections. When the user tries to run the application, he is denied permission. Simillarly, the other members RDS_UAT group can see the apps they should not be seeing in the RemoteApp collection.
2) The remoteapp web feed (when added to Windows 7 and windows 2008R2 machines) shows all the applications, even applications the user does not have access to. For example, for user A, I can see all the applications but not access any of them. Furthermore, the folder structure in RD Web Access is lost and all apps are listed alphabetically from top to bottom across all three collections.
Can anyone please advise as I can't seem to figure out why this is happening? I can't see anything in the event logs that would indicate any issues. There was one error on the broker (Remote Desktop Connection Broker server could not enumerate the targets for the provider named NULL from the database) which I resolved by adding the broker to "Windows Authorization Access Group" as per https://social.technet.microsoft.com/Forums/windowsserver/en-US/aef50c99-0f0e-4da2-bc4c-d5435692cb8b/server-2012-rds-remote-desktop-connection-broker-client-failed-to-redirect-the-user?forum=winserver8gen
Thanks,
HA
Hi Folks,
sorry if i will be asking stupid questions. I am pretty new to windows server operating systems, so far i have only used linux for servers, and windows 7 for the occasional game.
I have a program, that i need (want) to run on a terminal server, and have 6 clients accessing the program (via RemoteApp if possible). As far as i have understood, i will need the following Licenses for that: 1 Windows Server license (e.g. 2012 R2), 6 CALs for accessing the server, 6 RDS-CALs (really? i need an extra license to use the RDS?) and of course the os licenses for the clients (they have windows 7 & windows 8 installed, this should suffice right?).
My questions are:
1. Is this correct or do i need more/less/different licenses? Is it ok if i buy OEM-CALs? I find cheaper offers for them on the internet. Is there any drawback when using them?
2. I haven't gotten that far with my research yet, but it seems that i need some kind of an extra server (or virtual instance) as a Domain Controller. Do i really need that? Will i need an extra license for that?
3. Is there any way to test this whole setup before buying all those licenses? Or do i need all the CALs and so on from the beginning on? I have access to Server licenses (for the server os) from my university, but of course i would not be allowed to use them for use in a non-educational environment. I could use them to test the setup first though, but i can not find CALs in my university's microsoft store.
Thank you very much for taking the time to answer my (beginner) questions!
Lasse
Hi,
I have an RDS 2012R2 environment with the option to bypass the gateway for local connections enabled. It works great until you try and access from a Windows 10 client. We have Azure MFA securing the apps and this is kicking in inside the network for windows 10 clients only, 7 and 8\8.1 clients are bypassing the gateway correctly and are not receiving the additional auth step.
The only item I see in event viewer on the gateway is this
The RD Gateway client supports HTTP proxy protocol but connected using Legacy RPC-HTTP.
If you authorise the MFA request it functions correctly.
I'd appreciate any advice or assistance with this.
Thanks
Hello,
We have changed our Remote Desktop Connection Broker to High Availability, but there was still only one Remote Desktop Connection Broker. Therefore the next step was to add a second Remote Desktop Connection Broker.
I added the server by wizard and the installation started, but failed with error message (original/translated):
Die Windows-Firewallausnahme für die Windows-Verwaltungsinstrumentation konnte nicht auf "SRV2.FOB.LOCAL" erstellt werden.
The Windows Firewall exception for the Windows Management Instrumentation failed on "SRV2.FOB.LOCAL" are created.
You see, we have a german installation. However, I see on the server, all new services were installed without problem. All services, like internal database started and are running. If I try the wizard again, it stop exactly with the same error message. I tried a restart of the server with no help. Windows Firewall is running and I see six firewall rules for Windows Management Instrumation. That is the same number with the other server which already have "Remote Desktop Connection Broker".
We use only Windows Server 2012 R2 for Remote Desktop Services. There are no older systems. By the way, our DC use also Windows Server 2012 R2 - forest and domain level is the same.
Please for help.
regards, Reisenhofer Andreas
Is is possible to use an IPv6 address to connect to a Remote Desktop Session host (Terminal Server) that is listening on a custom port?
Using an IPv4 address, the syntax would be 10.0.0.1:45001 where 45001 is the custom port. But since IPv6 addresses have embedded colons, it seems like the colon used to distinguish the port from the IP address is mis-parsed.
This question comes up because my company is using DirectAcess, which gives ISATAP IPv6 addresses to computers on the corpnet (LAN), which register them in DNS. When an RDP client on the LAN tries to connect to an RD session host, also on the LAN, using the RD session host's FQDN, it apparently resolves the FQDN to an IPv6 address first because the RD connection dialog hangs for about 15 seconds with a message "Initiating remote connection...", and then connects using an IPv4 address.