How enable remote desktop gateway manager server 2012 essentials

Similar Messages

• Remote Desktop Certificate Error - Server 2012 Essentials

  My remote desktop connection was working fine until the operating system installed some recent updates automatically. I had everything set up, and the certificate was installed and working fine and had no issues getting to my remote computer. Recently when
  I log into my remote web access and try to connect to any of the computers on the list I get an "Remote Desktop Connection" error. "Your computer can't connect to the remote computer because no certificate was configured to us the Remote
  Desktop Gateway server." Like I said the certificate was installed and working fine the other day. Any insight is appreciate. Thanks

  Hi ChrisCJK,
  Based on the error message, please refer to the following operations and then check if can help you to solve
  this issue.
  Locate to Remote Desktop Services folder in Administrative Tools, then please open the
  Remote Desktop Gateway Manager.
  Right click server name and select
  properties.
  Select the SSL Certificate tab.
  Then please click the “Import Certificate…” button.
  Select the trusted certificate and click Import again. And then click Apply and OK.
  If this issue still persists, please type the following command at the command prompt, then press ENTER:
  netsh http show sslcert
  Please check the value for
  Certificate Store Name.
  Meanwhile, please follow the path in Event Viewer:
  Applications and Services Logs-> Microsoft-> Windows-> TerminalServices-Gateway folder. Please check if you can find any error message. Please also check other related TerminalServices folder if you can find some other clues. It will help us to go
  further analysis.
  Hope this helps.
  Best regards,
  Justin Gu

• Is there a way to Report out Remote Desktop Gateway Manager Monitor data?

  We are running Windows Server 2012 R2 Remote Desktop Services configured to provide a managed pool of VMs through a RD Gateway server. Everything is working well. We would like to generate a regular report on the information that shows up in the Gateway
  Monitoring window about connections and users etc. Is there any way to generate such a report without purchasing 3rd party software?

  Hi,
  Based on my experience, you can use Remote Desktop Gateway Manager to view information about active connections from Remote Desktop Services clients to internal network resources through an RD Gateway server. However, there is no such options in
  RD gateway manager to create reports for that.
  It seems that System Center Operations Manager can monitor Remote Desktop Gateway Service and the number of sessions that run through the RD Gateway are monitored.
  Best regards,
  Susie
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Web Access for Remote Desktop on Windows Server 2012

  Hello,
  i've a Windows Server 2012 without a domain. So i installed the remote desktop session host, the remote desktop license server and the remote desktop gateway as a server role only. All is working fine. Without a domain, no management tools for remote
  desktop are available. So i configure the remote desktop via the registry. I define (via registry) some remoteapps, too. All values are copied from a running Windows Server 2008 R2. So the remoteapps are runing.
  Now i want to use the new Microsoft Remote Desktop client for Android. To use a remoteapp i must define a remote resource. To define a remote resource i need a url to the web access for remote desktop. So i installed the web access. But if i login to the
  web access, i don't see any remoteapp. What's wrong? I've set the ShowInTSWA to 1. What must i do to access an existing remoteapp via web access?
  Martin

  Hi Martin,
  Server 2012 RD Web Access is designed to retrieve published RemoteApps and Desktops from a Server 2012 RD Connection Broker and/or a Server 2008 R2 RD Session Host server.  From your description it doesn't appear that you are using either of the above.
  I know it is a more complicated set up, but you should consider having a domain, creating a RDS deployment, etc., so that you can use the full featureset as it was intended.  You can do it all on a single server if needed.  For Server 2012
  there is a hotfix that needs to be applied to permit RD Connection Broker to work on the same server instance as active directory.
  -TP

• How to allow more than two users on remote desktop on windows server 2012 foundation?

  i have a dell server power edge T300 with windows server 2012 foundation. I am unable to connect more than two remote desktop at once.

  Hi,
  Add to Brain, you cannot have more than 15 user accounts in Windows Server 2012 Foundation.
  In order to access a hosted application, such as Microsoft® Office, a license for Windows Server 2012 Remote Desktop Services is required for each user account (not to exceed 15 user
  accounts) that directly or indirectly uses RD Gateway to host a graphical user interface, including using Remote Desktop Connection (RDC) client. When using Remote Desktop Services, you may not install or use Remote Desktop Connection Broker or Remote
  Desktop Virtualization Host role services. For more information about Remote Desktop CALs , see http://go.microsoft.com/fwlink/?LinkId=140238.
  http://technet.microsoft.com/en-us/library/jj679892.aspx
  Hope this helps.
  Jeremy Wu
  TechNet Community Support

• Qos DSCP value 46 gone, after enabling Remote Desktop Services on Windows 2012 R2 Standard

  Hi,
  After installing a clean Windows Server 2012 R2 with
  all Windows updates I have setup Policy-Based QoS for tagging defined traffic,
  in the test case all traffic to one specific ip address. Whireshark logging
  displays the correct configured (46) dscp value so the group policy is
  working fine. After installing Remote Desktop Services the Policy-Based QoS is
  still in place but Wireshark results that the value is 0.
  Can somebody explain why this happens and how to solve
  it?
  Regards, Edward

  Hi Edward,
  Thank you for posting in Windows Server Forum.
  Did you find any related error for your case?
  By default, Windows traffic has a DSCP value of 0. Network routers use the DSCP value to classify network packets and to queue them appropriately. The number of queues and their prioritization behavior needs to be designed as part of your organization's QoS
  strategy. For example, your organization may choose to have five queues: latency-sensitive traffic, control traffic, business critical traffic, best effort traffic, and bulk data transfer traffic.
  More information, please see:
  Policy-based Quality of Service (QoS)
  http://technet.microsoft.com/en-us/library/dd919203(v=ws.10).aspx
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Enabling remote desktop access to a simple windows 2012 datacenter edition server

  Hi,
  I am a complete noob to server administration. I installed a windows 2012 server initially as a workgroup. All i need is to enable a user to remotely access my server(using remote desktop). The firewall that I use is Gibraltar.
  I read that to enable remote desktop services my server has to be part of a domain. So i promoted my server to a domain name controller. Using active directoty I added a user to the domain. I also read that to make remote desktop more secure, I have to request
  the user to login through a VPN. 
  Now here is where I am completely lost. Do i really need to move my server to a domain, if the user just wants access to this server and nothing else? Should i restrict remote desktop access only through VPN
  and if so, how can i do that? Further, the server dashboard gives me notifications about 'remote desktop licensing' not configured. We got the software as a campus licensing and I am not sure how to configure the remote license server. Any opinions are highly
  appreciated.

  If you're just trying to setup this to allow administration access then I don't believe you need it to be a member of a domain. There's a difference between allowing remote desktop access for administration, and setting up full terminal services access for
  multiple users. The latter requires a lot more work and licensing unlike the former.
  To simply allow admin access, open an explorer window and right click on Computer, then select properties. In the System window that appears, click Remote settings on the left. Now in the bottom half of the window select "Allow remote connections to this
  computer" and leave the option requiring NLA in place. Click Select Users..., you'll see that the administrator user already has permissions to connect, so if you're only planning to connect with that then you're finished, otherwise find those users you
  want to grant access.

• Remote Desktop Connection Manager can only open 6 sessions at a time on Server 2012

  I am only able to open, and view thumbnails, for a maximum of 6 RDP sessions on my Server 2012 box at a time in Remote Desktop Connection Manager (RDCM). If I add more sessions I just get a variety of connection errors for the additional sessions. If I activate
  a 7th session one of the existing 6 sessions goes off-line with a connection error message. Sometimes the error says 3334, sometimes the error says 0x8345000E, and sometimes it just says there is a connection error.
  I have checked Group Policy on the server to ensure I don't have any settings restricting the number of RDP sessions.
  In fact, I will often have 30 or 40 RDP simultaneous sessions opened, I am just not able to view them all in RDCM. I have seen reviews of RDCM with screenshots showing dozens of thumbnails so it seems to be something that's possible to do.
  Are there any settings I should make on the server to allow RDCM to connect to more than 6 simultaneous RDP sessions?
  Just to be clear, all these RDP sessions are running on the same server. Also, I am just using the trial license for Server 2012 and Remote Desktop Services right now. I don't think that should have an impact, but I wanted to be thorough.

  Thanks Jakub for "corflags" info.
  Unfortunatelly it doesn't work because running mRemoteNG.exe process in 64bit can't load MSTSC ActiveX component (referenced assemblies) because original files were assembled from 32bit dll [mstscax.dll]?
  Error message when making RDP connection:
  Could not load file or assembly 'Interop.MSTSCLib, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. An attempt was made to load a program with an incorrect format.
  I was able to create new AxInterop.MSTSCLib.dll and Interop.MSTSCLib.dll assemblies from 64bit dll version and now it works with "AnyCPU":-)
  http://www.filedropper.com/axinteropmstsclib-mremoteng
  Using AxImp.exe and TlbImp.exe didn't worked for me because it creates assemblies in wrong namespace "MSTSCLib" instead of "Interop.MSTSCLib" (AxImp.exe) and TlbImp.exe for changing namespace generated many "marshaled errors"
  so final .dll wasn't working.
  Adding MSTSCAX.dll reference in Visual Studio directly created correct and functional assemblies. Who don't know how to create 64bit compatible assemblies or don't have Visual Studio, feel free to check linked file.
  Hope it helps
  P.S. Sorry for possible technical misinterpretation, I am not programmer so creating new assemblies was trial-error process...

• Remote Desktop Gateway on Windows Server 2012 R2 and IPAD

  Hi guys,
  Would love some help with an issue I been struggling for a couple of days now.
  I have a RDS 2012 R2 Gateway configured and it works great with all Windows clients both internal and external communication. The problems comes now when my I want to use  IPAD
  from APPLE. I installed latest RD Client from Microsoft and it works great from the internal network but as soon the device is moved to an external network the client get an error while connecting. Gateway is located in the domain network.
  The error is “Failed to parse authorization Challenge”,
  This is what I see in the log file from the RD Client.
  [2014-Mar-06 16:53:49] RDP (0): --- BEGIN INTERFACE LIST ---
  [2014-Mar-06 16:53:49] RDP (0): lo0 af=18  addr= netmask=
  [2014-Mar-06 16:53:49] RDP (0): lo0 af=30 (AF_INET6)  addr=::1 netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
  [2014-Mar-06 16:53:49] RDP (0): lo0 af=2 (AF_INET)  addr=127.0.0.1 netmask=255.0.0.0
  [2014-Mar-06 16:53:49] RDP (0): lo0 af=30 (AF_INET6)  addr=fe80::1%lo0 netmask=ffff:ffff:ffff:ffff::
  [2014-Mar-06 16:53:49] RDP (0): pdp_ip0 af=18  addr= netmask=
  [2014-Mar-06 16:53:49] RDP (0): pdp_ip0 af=2 (AF_INET)  addr=10.25.216.171 netmask=255.255.255.255
  [2014-Mar-06 16:53:49] RDP (0): pdp_ip1 af=18  addr= netmask=
  [2014-Mar-06 16:53:49] RDP (0): pdp_ip2 af=18  addr= netmask=
  [2014-Mar-06 16:53:49] RDP (0): pdp_ip3 af=18  addr= netmask=
  [2014-Mar-06 16:53:49] RDP (0): pdp_ip4 af=18  addr= netmask=
  [2014-Mar-06 16:53:49] RDP (0): en1 af=18  addr= netmask=
  [2014-Mar-06 16:53:49] RDP (0): ap1 af=18  addr= netmask=
  [2014-Mar-06 16:53:49] RDP (0): en0 af=18  addr= netmask=
  [2014-Mar-06 16:53:49] RDP (0): awdl0 af=18  addr= netmask=
  [2014-Mar-06 16:53:49] RDP (0): --- END INTERFACE LIST ---
  [2014-Mar-06 16:53:49] RDP (0): Not using any proxy
  [2014-Mar-06 16:53:49] RDP (0): Protocol state changed to: ProtocolConnectingNetwork(1)
  [2014-Mar-06 16:53:54] RDP (0): Resolved 'MB-RDS-01.contoso.LOCAL' to 'ERROR: Unable to connect to remote PC. Please provide the fully-qualified name or the IP address of the remote PC, and then try again.' using NameResolveMethod_Unknown(0)
  [2014-Mar-06 16:53:54] RDP (0): Error message: Unable to connect to remote PC. Please provide the fully-qualified name or the IP address of the remote PC, and then try again.(phase: 0, type: 0, reason: 0, systemCode: 0, systemMessage: )
  [2014-Mar-06 16:53:54] RDP (0): Protocol state changed to: ProtocolDisconnected(8)
  [2014-Mar-06 16:53:54] RDP (0): Final rdp configuration used: {
      activeUsername = " Contoso\\User01";
      arcTimeout = 1800;
      cacheId = 12BF328DD1C8B841;
      certificatesUseRedirectName = 1;
      configurationVersion = 8;
      font = 1;
      gatewayId = F2EE288CD1C8B841;
      gatewayMode = 2;
      gwAutodetectState = kConnectionGwAutodectedForceGW;
      host = "MB-RDS-01.CONTOSO.LOCAL";
      label = "Murbiten - Terminal Server";
      loadBalanceInfo = "tsv://MS Terminal Services Plugin.1.Contoso_-_Termi";
      mouseMode = "-1";
      port = 3389;
      temporary = 1;
      type = rdp;
      useAlt = 0;
      utilityBar = "-1";
      webFeedVersion = "Windows 2008 R2 or newer";
      connections =     (
          F4BF288CD1C8B841,
          12BF328DD1C8B841
      host = "remote.customer.com";
      id = F2EE288CD1C8B841;
      port = 443;
      temporary = 1;
      type = rdp;
      kCFProxyTypeKey = kCFProxyTypeNone;
  [2014-Mar-06 16:53:54] RDP (0): --- BEGIN INTERFACE LIST ---
  [2014-Mar-06 16:53:54] RDP (0): lo0 af=18  addr= netmask=
  [2014-Mar-06 16:53:54] RDP (0): lo0 af=30 (AF_INET6)  addr=::1 netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
  [2014-Mar-06 16:53:54] RDP (0): lo0 af=2 (AF_INET)  addr=127.0.0.1 netmask=255.0.0.0
  [2014-Mar-06 16:53:54] RDP (0): lo0 af=30 (AF_INET6)  addr=fe80::1%lo0 netmask=ffff:ffff:ffff:ffff::
  [2014-Mar-06 16:53:54] RDP (0): pdp_ip0 af=18  addr= netmask=
  [2014-Mar-06 16:53:54] RDP (0): pdp_ip0 af=2 (AF_INET)  addr=10.25.216.171 netmask=255.255.255.255
  [2014-Mar-06 16:53:54] RDP (0): pdp_ip1 af=18  addr= netmask=
  [2014-Mar-06 16:53:54] RDP (0): pdp_ip2 af=18  addr= netmask=
  [2014-Mar-06 16:53:54] RDP (0): pdp_ip3 af=18  addr= netmask=
  [2014-Mar-06 16:53:54] RDP (0): pdp_ip4 af=18  addr= netmask=
  [2014-Mar-06 16:53:54] RDP (0): en1 af=18  addr= netmask=
  [2014-Mar-06 16:53:54] RDP (0): ap1 af=18  addr= netmask=
  [2014-Mar-06 16:53:54] RDP (0): en0 af=18  addr= netmask=
  [2014-Mar-06 16:53:54] RDP (0): awdl0 af=18  addr= netmask=
  [2014-Mar-06 16:53:54] RDP (0): --- END INTERFACE LIST ---
  [2014-Mar-06 16:53:54] RDP (0): Not using any proxy
  [2014-Mar-06 16:53:54] RDP (0): Protocol state changed to: ProtocolConnectingNetwork(1)
  [2014-Mar-06 16:53:54] RDP (0): Resolved 'remote.customer.com' to '194.71.11.69' using NameResolveMethod_Unknown(0)
  [2014-Mar-06 16:53:54] RDP (0): Resolved 'remote.customer.com' to '194.71.11.69' using NameResolveMethod_Unknown(0)
  [2014-Mar-06 16:53:54] RDP (0): Exception caught: Exception in file '/Users/build/jenkins/workspace/rc-ios-develop/protocols/RDP/librdp/librdp/private/httpendpoint.cpp' at line 346
      User Message : Failed to parse authorization Challenge
  [2014-Mar-06 16:53:54] RDP (0): Exception caught: Exception in file '/Users/build/jenkins/workspace/rc-ios-develop/protocols/RDP/librdp/librdp/private/httpendpoint.cpp' at line 346
      User Message : Failed to parse authorization Challenge
  [2014-Mar-06 16:53:54] RDP (0): Error message: Failed to parse authorization Challenge(phase: 0, type: 0, reason: 0, systemCode: -1, systemMessage: )
  [2014-Mar-06 16:53:54] RDP (0): Protocol state changed to: ProtocolDisconnecting(7)
  [2014-Mar-06 16:53:54] RDP (0): Protocol state changed to: ProtocolDisconnected(8)
  [2014-Mar-06 16:53:54] RDP (0): ------ END ACTIVE CONNECTION ------
  en → en
  authorization
  Adam Bokiniec

  Hi Jeremy,
  I found a solution, thanks for you effort. The solutions is the following.
  First thing that needs to be done is either solution from options below, I did the Solution 1 in my case and added a NPS server to AD. (https://blogs.technet.com/b/networking/archive/2010/01/14/remote-desktop-gateway-client-fails-authentication-with-your-user-account-is-not-authorized-to-access-the-rd-gateway.aspx)
  Solution 1
  Register the NPS server in Active Directory:
  In Server Manager, browse to the following location: Roles\Network Policy and Access Services\NPS (Local).
  Right click on the NPS (Local) node and choose Register server in Active Directory.
  Click OK to authorize the server when prompted.
  Solution 2
  Open Active Directory Users and Computers on any Domain Controller of the same domain as the Remote Desktop Gateway.
  Add the Computer Name of the Remote Desktop Gateway to the RAS and IAS Servers group.
  Situation B
  Restart the RDS host and Gateway server.
  Secondly and the most important is to configure an alternate address that match your public certificate. My public certificate CNAME is “remote.domain.se”.
  All commands need to be run as administrator in PowerShell
  To show you current configuration run the following commands:
  CollectionName is the Collection Name you created for the RDS deployment.
  To get your collection name type
  Get-RDSessionCollection
  When you got the collection name type
  Get-RDSessionCollectionConfiguration -CollectionName "RDS - Terminal Server" | FL *
  The default configuration will look like this:
  CustomRdpProperty     : use redirection server name:i:1
  No to add you public domain name that match the certificate run the following command
  Set-RDSessionCollectionConfiguration –CollectionName " RDS - Terminal Server " -CustomRdpProperty "use redirection server name:i:1 `n alternate full address:s:remote.domain.se
  Run again to verify your settings
  Get-RDSessionCollectionConfiguration -CollectionName "RDS - Terminal Server" | FL *
  Now it show look something like this
  CustomRdpProperty     : use redirection server name:i:1
                           alternate full address:s:remote.domain.se
  IPADs and iPhones can now connect to your environment.
  Adam Bokiniec

• Server 2012 R2 Remote Desktop Gateway. Most Simple and Secure Design For Small Environment?

  We would like users to be able to connect remotely over the Internet from their personal devices to their primary Windows 7 workstation (a physical box on their desk) by using the Microsoft RDP Client For Windows, Mac, iOS and Android.  There is no
  plan to use RDWeb or Remote Apps, or VDI.  Just plain remote access to their desktop PC without VPN plus a third party 2nd factor authentication product that can text them back a code to enter with their AD credentials (AuthAnvil or Duosecurity)
  We do not have TMG or ISA.
  We would like to get these services all running in a single server and be as simple as possible while still being very secure.
  The recommendations I see seem to suggest putting the RDG in a DMZ with either a domain controller on a new domain with a one-way trust to your internal domain or else a read-only domain controller on your domain and then RD Session Host and License server
  located on different servers on your internal LAN.
  http://blogs.msdn.com/b/rds/archive/2009/07/31/rd-gateway-deployment-in-a-perimeter-network-firewall-rules.aspx
  That sounds like a lot of separate servers and cost for not a lot of users in our environment.
  Do we even need a separate session host server if there are no RDP sessions being hosted directly on the servers because  the users are only being redirected to connect to their workstations and will never be using terminal sessions on the server?
  Can the RODC or the Domain controller on new domain with the one-way trust be the same server as the Remote Desktop Gateway server and not separate servers?
  What is the most minimalist way to set this up with good security when opening all the ports needed to authenticate with internal DC is not secure enough?

  #2 sounds like we would need 2 Essentials servers and we will not have that.
  We currently have Server 2008 R2 and have 2012 Standard licenses that are not yet used.
  We have much more than 75 users total, but 75 is more than the number of users that will probably take advantage of using RD Gateway any time soon.  It will probably take time to catch on.
  If RD Gateway usage was to get super popular and more than 75 users were depending on access to it, then we could financially justify paying to buy all the CALs needed to run RD Gateway without Essentials.  Right now, they are skeptical that it will
  be worth spending much money on this and don't want to invest a lot  of money up front.
  My understanding is that if we have 75 or fewer users using RD Gateway then we need to by no CALs, just apply a Server Standard Edition License to the server, but if we had 76, we would need to turn off Essentials and buy 76 new CALs.
  Or would we need to add 50 CALs to the 25 that automatically come with Essentials?
  Also does "turning off" Essentials mean we would have to reinstall and redeploy the RDG or is it just a matter of enabling the RD license server and adding purchased CALs?
  No, when you buy essentials you get the right to create 25 users that access the server, when you create the 26th user you will need to have 26 CAL and RDS CAL. 

• Server 2012: Remote desktop licence manager not issuing licences

  Hi,
  I am battling with an problem which i cannot seem to resolve and no other forums actually come to a conclusion on how to resolve this problem!
  I have a windows server 2012 server which is NOT part of a domain.
  I have installed Remote Desktop Services and also installed the Remote Desktop License manager and i just cannot get the license manager to issue cals when users connect remotely via RDP
  I have installed an extra two CAL's and tried using them as both a "Per User" and also "Per Device" but still does not work.
  I have now run out of my grace period and cannot connect to the server at all
  I have also tried changing some gpo's with no luck, 
  Computer Policy -> Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Licensing
  "Use the specified RD license servers" = myservername
  "Set the Remote Desktop licensing mode" = Per User
  How can i fix this?
  Thanks

  Hi,
  Thank you for posting in Windows Server Forum.
  Have you seen that you have activated RDS License server before installing CAL?
  Please check that the License Server should be part of ‘Terminal Server License’ group in Active Directory Domain Services. You can also configure RD License server manually by powershell commmand. Please check below article for information.
  RD Licensing Configuration on Windows Server 2012
  http://blogs.technet.com/b/askperf/archive/2013/09/20/rd-licensing-configuration-on-windows-server-2012.aspx
  In addition, please install below Hotfix and verify the result.
  No RDS license when you connect to an RDS farm in Windows Server 2012
  http://support.microsoft.com/kb/2916846
  Hope it helps!
  Thanks.
  Dharmesh Solanki

• Remote desktop connection manager on windows 8.1, can't connect to windows server 2012 R2, Socket closed

  remote desktop connection manager on windows 8.1, can't connect to windows server 2012 R2, Socket closed each time i try to open remote connection to the server,
  does remote desktop connection manager V2.2 not compatible with windows 8.1, and if so, is there are any other compatible versions
  or what's the problem,
  Mahmoud Sabry IT System Engineer

  this issue maybe will be fix by latest version, we still waiting for it
  maybe your issue can be fix using this methods
  https://social.technet.microsoft.com/Forums/windowsserver/en-US/61f218a5-5ef8-49da-a035-90cdd64fc9a0/problem-with-remote-desktop-connection-manager-error-3334?forum=winserverTS
  http://shawn.meunier.com/?p=1#comment-43

• How to issue a self-signed certificate to match Remote Desktop Gateway server address requested

  I have an RDG server named gw.domain.local with port 3389/tcp forwarded from
  gw.example.com.
  Using RDGM snap-in I created a self-signed SSL certigicate with FQDN gw.example.com.
  But when I connect over RDP from outside the local network I'm getting an error:
  Your computer can't connect to the computer because the Remote Desktop Gateway server address requested and the certificate name do not match
  Because certificate subject name is gw.domain.local indeed.
  So there question is: how to issue a certificate properly, or how to assign an existing one the name to match?

  Hi,
  Thanks for your post in Windows Server Forum.
  The certificate error which you are facing seems like certificate mismatch error, something like the security certificate name presented by the TS Gateway server does not match the TS Gateway name. You can try reconnecting using the FQDN name of the TS Gateway
  server. You can refer below article for more troubleshooting.
  TS Gateway Certificates Part III: Connection Time Issues related to TS Gateway Certificates
  And for creating a SSL certificate for RD gateway, you can refer beneath articles.
  1.  Create a Self-Signed Certificate for the Remote Desktop Gateway Server
  2.  Obtain a Certificate for the Remote Desktop Gateway Server
  Hope it helps!
  Thanks,
  Dharmesh

• How can I Deny permissions to logon to Remote Desktop Session Host server in powershell script?

  I am need of some assistance please. I am a system admin and I am trying to create a script that will assist with the tedious tasks I have to do with disabling a user that no longer works for the company.
  I have created a script so far that will reset the users passwords and remove them from all groups (minus domain users).
  I am trying to make it where it will deny permissions to logon to Remote Desktop Session Host server as well as give full mailbox permission to the manager in Exchange Server 2010.
  I know with Exchange 2010, I will need to add the Powershell snapin. Is there a way for this to be added into the script? I am thinking to add the code:
  add-pssnapin Microsoft.exchange.management.powershell.e2010
  Is there another way to do this? Any help or recommendations would be much appreciated.
  $ou = Get-ADUser -SearchBase "<*OU info here*>" -Filter * |
  Set-ADAccountPassword -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "<*Password here*>" -Force)
  foreach ($user in $ou) {
  $UserDN = $user.DistinguishedName
  Get-ADGroup -LDAPFilter "(member=$UserDN)" | foreach-object {
  if ($_.name -ne "Domain Users") {remove-adgroupmember -identity $_.name -member $UserDN -Confirm:$False} }

  Why not just disable the account?Why are you searching an OU foro users when you just want to terminate one user?
  You can remotely connect an exchange session and manipulate the mailbox permissions.  You do not load a snap-in except on the Exchange server.
  $Session=New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://<FQDN of Exchange 2013 Client Access server>/PowerShell/
  Import-PSSession $Session
  # exchange commands here
  \_(ツ)_/
  We have a checklist we have to go through with the tasks listed. We have to keep to the account enabled until HR changes
  the status which is usually 30-90 days depending. Managers sometimes need to access the accounts to retrieve information, etc. We put the users in an OU; once we are given permission from the manager we move forward in the removal. 

• Windows Server 2012 The licensing mode for the Remote Desktop Session Host server is not configured

  Hi
  I have a standard Windows Server 2012 that is hosted in the cloud by a hosting provider -
  This server has been up and running fir 6 months - recently we have been getting a warning
  "The licensing mode for the Remote Desktop Session Host server is not configured" - The Remote Desktop Session Host server is within its grace period, but the RD Session Host server has not been configured with any license server.
  Yet, we only use this with 2 connections as part of the standard licence agreement and this server is not used as a user's desktop only an ftp and web server- do therefore we do not need to purchase any cal licences (we have another server with the same
  hosting company that does not have this issue and has been up for 18months)
  Please can someone advise how I resolve this issue, the hosting company states that I must resolve it as they only host and resell the server licence
  Thank-you
  Richard Steele

  Hi Richard,
  You need to uninstall Remote desktop session host feature. After removing it, you will default two connections which does not need to purchase RD CALs'.
  Thanks,
  Umesh.S.K