Hello, I have a user trying to connect to a virtual machine through RDP.
VM is running Server 2012
She receives an error saying An authentication error has occurred, The local security authority cannot be contacted.

I tried resetting her password. Same error.
Tried deleting the account and recreating. Same error.

The only way I can get her to connect is to check "Password never expires" on her account.
If I reset the password and select that the user needs to reset on next login, I get the local security authority error from her computer (she's a remote user)
However, on a local network computer, I get "You must change your password before logging on the first time." and it doesn't connect. I'm expecting it to connect and present the password change interface, but it doesn't.

Other users seem to be connecting without issue.

Hello,

I am trying to locate somebody based in the USA that is willing to do some consulting and IT work related to RDS.

We need someone who is familiar with Remote Desktop Services and creating a Gateway server with SSL certificates.

Need to strategize a plan for our existing clients using RemoteApp and either switching to Remote App or using VDI or both.

I am not sure if it is okay to post that request here, but I can't seem to find any good resources to find a freelancer in this department anywhere.

I am setting up a RDG server and need help with ports. I am reading this article:

https://techcommunity.microsoft.com/t5/Enterprise-Mobility-Security/RD-Gateway-deployment-in-a-perimeter-network-Firewall-rules/ba-p/246873

and

https://support.microsoft.com/en-us/help/224196/restricting-active-directory-rpc-traffic-to-a-specific-port

I understand that i need to make some registry changes on the Domain controller. I currently have 3 domain controllers and they all authenticate user logins. Is it necessary to set the RDG NTDS RPC service port number on all of the DCs and do both registry entries have to be changed, or just the value in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters? Also, would i have to set all 3 to the same defined port? 

Hi,

Is it possible to use MsRdpClient9NotSafeForScriptingClass in .net console application or .net form application? If yes how can I do it? Are there any Samples?

Thanks in Advance!

Best,

Sumit

Hi All.

I just thought I would share my recent Windows Server - RDS2016 Hellish nightmare with you.

I have now resolved our issue after an exhaustive search, implementing every possible potential fix for this issue we finally discovered that the black screen disconnecting | server crashing | logoff processes hang & ability to no longer login thereafter were all caused by a Cisco Wireless 8821 Phone being plugged into our client device USB. (Dell Wyse Terminals).

This particular phone was being plugged in by our users to charge the device. However; the device then installed as a NIC on our RDSH. If you then unplugged\plugged in the device eth1 would then disappear and eth2 would appear and so on. It would eventually get to around eth17 and the server was completely deadlocked in terms of logon\logoff and shutdown. Users still working and active were able to continue to do so however the only way the server could be restored was by a reboot.

I also found literally hundreds of NICs listed under HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards

Right before the issue occurred for any particular server in the event log TerminalServices-LocalSessionManager > Event 36

> An error occurred when transitioning from DisconnectedLoggedOn in response to EvConnected. (ErrorCode 0x80070102)

> An error occurred when transitioning from CsrConnected in response to EvCsrInitialized. (ErrorCode 0x80070102)

We eventually tied the 2 together after seeing a common device installation on affected collections vs unaffected collections event log TerminalServices-ServerUSBDevices shortly before each reported server deadlock.

I now have a GPO in place to disable installation of this particular device after obtaining the HID (Hardware ID) from my local machine with it plugged in.

I know there are many other causes of black screen particularly in 2016 RDS and believe me we have implemented every other solution for reported black screens thanks to these forums. None of them worked for us until this so i thought i'd share just in case anyone else has similar issues - worth looking at what is being re-directed\installed via the client!

Any additional questions please reply below - I’d be happy to help. I wonder if Microsoft need to patch for this issue in future KBs.

Hello,

We are using the Remote Desktop ActiveX Control to write our own RDP application. In case there is an error in RDP connection, we want the application to close and return an error code. 

The control in case of error(e.g wrong user/password) displays the message and remains there. We want to handle the authentication error and close the application in case of error by logging the error.

Also how can we handle wrong Host details and close the application.

How can this be accomplished?

Thanks in Advance.

Best,

Sumit

Hello,

       I have an issue with RDWEB, request if any one could assist.

We have windows 2012 R2, with RDWeb. on the RD Session Client Settings, if I enable to option of Drive redirection, and if I try to open My Computer from the published app in browser, the application hangs and then eventually I have to restart the server, as cannot end or terminate the application even through powershell/cmd, get Access Denied.

If I disable the drive settings there are no issues, but then it becomes a problem to copy any PDF Generated files from the RD server to the local PC.

Would appreciate any workaround or assistance on this please.

Regards,

Huzefa

Something is broken with RD Easy Print Driver in (at least) Spanish Installatons of Window Server 2016 and 2019. It will NOT show no  matter what you try to configure (spent a lot of hours and headakes). I have tested the same steps installing Windows Server with English ISO file an it works perfectlly!!!. The problem is with the Spanish ISO es-ES (at minimum), maybe if you install Windows Server 2016 or 2019 with any non-english ISO.

This problem is known by some people in the spanish "community", but no one on Microsoft is scalating this problem properly because it is not fixed yet since a couple of YEARS!!! This is happening since the launch of Window Server 2016 at least, I think it works with 2012r2 if I remember well, but I am not sure..

I hope someone can scalate this Bug with support  services. THANK YOU!!!

For brief explanations of several of the most common Remote Desktop Services (RDS) issues, see Frequently asked questions about the Remote Desktop clients. This article describes several more advanced approaches to troubleshooting connection problems. Many of these procedures apply whether you are troubleshooting a simple configuration, such as one physical computer connecting to another physical computer, or a more complicated configuration. Some procedures address issues that occur only in more complicated multi-user scenarios. For more information about the remote desktop components and how they work together, see Remote Desktop Services architecture.

Troubleshooting Remote Desktop connections

Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

Event log did not find IP

Image add Error - -  

• Body text cannot contain images or links until we are able to verify your account.

But log perse found

Image add Error - -  

• Body text cannot contain images or links until we are able to verify your account.

Forgive me for bad English
I just want to know the truth.

Hello,

This is my first post, and it's more of a "this is what worked for us and I couldn't find this fix ANYWHERE" thing.

We have recently setup a new RDS environment to replace a pathetic wheezing old TS system.

We are running 9 session host servers in three pools hosting three collections - A, B and C. All the session host servers appear in the pools, accept new connections, and apps are configured and working. No problems here.

We have 2 web front end servers in our DMZ, Port 443 is open, things work fine.

We have 2 gateway servers, also in our DMZ in a gateway farm. Work great, no problem. Connectivity is excellent, internal firewalls on but the necessary configuration has been done so everything is talking and happy.

We have two connection broker servers in a high availability configuration and a different namespace for the front end than the domain (we can't use our internal domain name for our externally facing RDS farm).

However, we would get intermittent failures upon logging in, no matter what collection we were accessing.The web servers present the login page and we could successfully authenticate (using ADFS proxies in our DMZ back into the domain) against AD - I verified this in the logs on the broker servers. The user would still fail to connect to the remote computer. The error we received was a generic "unable to connect to remote computer. If problem persists, contact your System Administrator" and the connection broker would record the following 3 alerts:

Event 802: RD Connection Broker failed to process the connection request for user domain\username. Error: Element not found.

Event 1296: Remote Desktop Connection Broker Client failed while getting redirection packet from Connection Broker.
User : domain\username
Error: Element not found.

Event 1306: Remote Desktop Connection Broker Client failed to redirect the user domain\username. Error: NULL

The user can try again, but the same error would likely be thrown, although sometimes they can log in and connect.

I googled constantly. Some had success modifying GPO Default Domain Policy: Computer Configuration / Administrative Templates / Windows Components / Remote Desktop Services / Remote Desktop Session Host / RD Connection Broker / Use RD Connection Broker load balancing - ENABLED. Didn't help; backed it out.

Others had success modifying a registry key on the broker servers: HKLM – System – Current Control Set – Control – Terminal Server – WinStations – RDP-TCP – Security Layer changed from 1 to 0.I didn't like doing this (not fully aware of the security "feature(s)" this disabled). Made no difference - backed it out.

Deleting and recreating collections did not help. Tried adding the server farm to the "Windows Authorization Access Group" (really only helpful for systems that began as Win 2k boxes). No go.

Put in a call with Microsoft. They give me a hotfix (which makes me a bit dubious - I didn't install it), and about 7 patches to run (which had been - our servers were up to date). I wasn't feeling it.

So I fired up procmon and monitored tssdis.exe on the broker servers. According to procmon, everything was a success - except for two keys missing from the registry on both broker servers: HKLM\Software\Policies\Microsoft\System\DNSClient. Procmon showed that key could not be read. Googling was useless, so I decided to manually create the key. Failed - procmon showed the key name as "New Key #1" no matter what I called it. Deleted it and used the following powershell command to successfully create the key: New-Item -Path HKLM:\Software\Policies\Microsoft\System -Name DNSclient -Value "Default Value"

The key was created. YAY! I still didn't know what needed going in there, it was just an empty key. I ran procmon again, and got a clue: tssids was trying to read a value: "PrimaryDNSSuffix" and returning blank. OK - inside of the "DNSclients" new key I created a new string value containing our internal domain name, doing this on both connection broker clients. The end result looked like this:

HKLM:\Software\Policies\Microsoft\System\DNSClient - "PrimarydnsSuffix"  "yourdomainname.com"

INSTANTLY, everyone connected. I could access everything using my acct and my testing accounts. The errors cleared up in the event logs. The sun began shining and the IT gods were, for awhile, placated.

OK - if you are getting 802, 1296, and 1306 errors in RDS 2012 R2 - before lessening security, and before modifying global GPO settings, just check procmon against tssdis.exe on the broker service and see if that key is missing. It's the only thing that worked for us.

HI,

We have an RD Server (2008R2) in production that is used by about 20-25 users on a daily basis. Recently, some of the users are getting this error when they try to lunch Explorer.exe from their desktop. "Remote procedure call failed and did not execute". And Explorer cannot be started.

Not all of the users are getting this message, only 1 user might have the problem while others don't seem to have any issues. The problem might go away after 10-15 minutes of waiting and explorer.exe can be launched again.

When this happened for the first time, I just restarted the server and we did not see the problem again for almost 2-3 weeks but here it comes again.

I'm running out of ideas and your helps will be greatly appreciated.

Thanks

Kubilay Elmas MCITP (Enterprise Desktop Administrator Windows 7)

When you try to install RDS role on server 2012 R2 using standard deployment, this issue may occur (Figure 1).

“Unable to connect to the server by using Windows PowerShell remoting”.

Figure 1: Unable to connect to the server by using Windows PowerShell remoting

First of all, we need to verify the configurations as it suggested:

1. The server must be available by using Windows PowerShell remotely.

2. The server must be joined to a domain.

3. The server must be running at least Windows Server 2012 R2.

4. The currently logged on user must be a member of the local Administrators group on the server.

5. Remote Desktop Services connections must be enabled by using Group Policy.

In addition, we need to check if the “Windows Remote Management “service is running and related firewall exceptions have been created for WinRM listener.

To enabling PowerShell remoting, we can run this PowerShell command as administrator (Figure 2).

Enable-PSRemoting -Force

Figure 2: Enable PowerShell Remoting

However, if issue persists, we need to check whether it has enough memory to work.

By default, remote shell allots only 150 MB of memory. If we have IIS or SharePoint App pool, 150 MB of memory is not sufficient to perform the remoting task. Therefore, we need to increase the memory via the PowerShell command below:

Set-Item WSMan:\localhost\Shell\MaxMemoryPerShellMB 1000

Then, you need to restart the server and the issue should be resolved.

You can get more information regarding Remote Troubleshooting by below link:

about_Remote_Troubleshooting

If you need further assistance, welcome to post your questions in the RDS forum.

Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

Posting this for the benefit of everyone who comes across this issue.

Environment: Windows Server 2016 RDS

Issue: After applying Windows updates, Remote Desktop Management service fails to start.

Errors: 

eventID 7036 - The Remote Desktop Management service entered the stopped state.

event ID 1: The Remote Desktop Management service failed to start. Error code: 0x88250003

Fix: 

Uninstall KB4493470 Windows update and reboot. It takes about an hour to uninstall and apply rollback so don't panic when you see status stuck on "Working on updates 100% complete"

Hope this helps.

This issue has been a thorn in my side for the past several months. While investigating I've read every post/article I could find on the topic and wanted to share my findings, as well as include instructions how to recreate the issue which I haven't seen elsewhere. 

Symptom:

In Server 2012r2 and Server 2016 RDS environments, while in published RemoteApp applications, the Caps lock/Numlock keys become inverted from the local computer. For example, the keyboard indicator shows Caps Lock is off, but capitalizes all characters in the RemoteApp application.

Cause:

The Caps Lock/Num Lock keys are inverted when the application opens a new window, a text field is selected, and the “Caps Lock” or "Num Lock" keys are the first input. It appears that when new Windows are generated from the published application they don't get keyboard sync information until text is input. For instance, if you launch a published instance of File Explorer, click the search bar, and hit the "Caps Lock" key, the issue doesn't happen. However, if you right click a folder, select"open in new window", click the search bar in the new window, then hit the caps lock key, it will. Again, only if the Caps Lock/Numlock keys are the first input.

You can recreate the problem easily by doing the following:

1. Publish "Notepad" in your RemoteApp environment
2. Launch "Notepad
3. Go to File -> Open
4. Select the "File name:" field
5. Press the "Caps Lock" or "Num Lock" key before pressing anything else
6. The caps lock/num lock key will now be out of sync

I have tested this in several applications including: Adobe, WordPad, Word, Excel, PowerPoint. This also works in clean installations on both Server 2012r2 and 2016.

Solution:

Currently none. We placed a paid ticket with Microsoft Support where we explained the issue and provided instructions on how to recreate. The ticket was escalated, and we were eventually informed that this is a known issue that hasn't been documented. We were then provided a refund and informed that they would let us know when a fix is in place.

Workaround: 

Clicking anywhere outside of the RemoteApp applications will correct the inversion. We typically recommend clicking the task bar. Another option is minimizing and maximizing the application manually or by pressing Win+D twice. Many of our users use the caps lock key in place of the shift key. I'm not sure how effective it has been but we are instructing users to use the shift key, especially when entering credentials. 

Even though there isn't currently a solution I hope that this is at least informative and someone finds it helpful.

I have seen many threads in regards to this issue but no legit or inexpensive fixes.  Sorry Microsoft, not paying $500 for a support call of a product that is buggy.  

I've read some solutions saying to install the roles via Server Manager and choose RDS then choose quick setup, etc.  The problem is, the people who have this issue already did that.  I tried doing that multiple times with reboots but no luck.  It looks like a bug in the Server Manager where it doesn't do a complete install and no connection is made to the database.  If you run theGet-RDServer cmdlet, no server information gets returned.  

FIX:  Run the Powershell command to install the roles (yes I know that was already done in Server Manager) 

First, Run Powershell as administrator

Second, import the remote desktop module > import-module remotedesktop

Third, install the roles > 

New-SessionDeployment -ConnectionBroker FQDN Server -WebAccessServerFQDN Server -SessionHost
FQDN server

Where it says "FQDN server", fill that value in with the fully qualified domain name of your server.  That fixed my issue and the deployment is now showing in Server Manager.  

old reliable 2008 R2 remote desktop server hosts RD Web Access and Remote Desktop Connection. lately RDC not so reliable. clients cannot connect to log in but the RD Web Access page is always easy to connect to.

if client is persistent they will connect with RDC and have a reliable session.

it is a random but common error and server logs not helpful.

Remote Desktop Connection error is the old message:

Remote Desktop Connection can't connect to the remote computer for one of these reasons

1) Remote access to the server is not enabled (IT IS)

2) the remote computer is turned off (GUESS WHAT? IT IS ON)

3)the remote computer is not available on the network (BUT THE RD WEB ACCESS WEBPAGE IS UP AND WORKS)

Make sure the remote computer is turned on and connected to the network and that remote access is enabled.

I can connect to the RD Web Access by domain or public IP so can I rule out DNS?

any suggestions appreciated. thanks in advance.