RDS 2012 - Session Collection Timeout vs Group Policy Timeout

Similar Messages

• Listing RDS 2012 R2 collections from powershell remote fails

  I'm trying to list different informations of a RDS server farm => from a remote client PC <=
  I do following but when typing the last command - I get an error.
  Knowing that that same command runs correctly when launched from an RDS server
  enter-pssession RDS-SERVER-XYZ.contoso.net
  import-module remotedesktop
  get-command -module remotedesktop
   Get-RDSessionCollection -ConnectionBroker RDS-BRK-1.contoso.net
   => fails with message :
   Cannot index into a null array.
   At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\remotedesktop\Utility.psm1:54 char:9
   +     if ($_script_resource[$Id])
   +         ~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
      + FullyQualifiedErrorId : NullArray
   Cannot index into a null array.
   At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\remotedesktop\Utility.psm1:54 char:9
   +     if ($_script_resource[$Id])
   +         ~~~~~~~~~~~~~~~~~~~~~~
       + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
       + FullyQualifiedErrorId : NullArray
   Get-RDSessionCollection :
       + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
       + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Get-RDSessionCollection
  Listing RDS 2012 R2 collections from powershell remote fails / same commandlet from local RDS serevr works fine
  Am I missing something ?
  MCTS Windows Server Virtualization, Configuration

  Are the Windows Remote Management rules enabled on the inbound firewall of the RDSH server?
  If you are running multiple roles on the RDSH  server you may need to increase the size of the memory available for powershell remoting.
  Run Set-Item WSMan:\localhost\Shell\MaxMemoryPerShellMB 1000 with powershell as an admin and reboot.
  HTH,
  JB

• RDS 2012 R2 Collection - Published Remoteapps not visible

  Hello,
  I have a strange issue with a RDS Deployment I´m setting up for a customer.
  RDS Roles setup:
  Server1: RD Licensing / RD Gateway
  Server2: RD Connection Broker / RD Sessions Host / RD Web Access
  I´m all done with the LOB Apps as well as adding ~30 users and migrated their profiles, I have set up UPD etc. All is working great and I´m almost ready to take it into production...apart from this annoying thing.
  I have created a Session Collection and published some remoteapps.
  However when I log in to the rdweb site it doesn´t show the published Remote Apps.I have tried to unpublish / republish, reboot and so on to no avail.
  How can I troubleshoot and solve this?
  Sure I could delete the session collection and create a new one, but what will happen with the created UPDs that has all the customized settings for the users (store all ?
  Can those be redeployed to the new Session Collection ?
  Also, I cannot be sure that this will even fix the issue.
  Any advise are very welcome.
  Thx /Tony

  Hello Darmesh,
  I did not assign any specific permissions, domain users is set. I ended up moving the RDGW role to the RDSH server though I know it´s not BPA. However this customer does not have more than one available Public IP. And as they wan´t to use both RDWeb and
  RDP through RDGW that was the solution. Othern than that I had to fix 2 things in IIS on the RDSH.
  1. Change the RDWebAccess Application Pool identity from ApplicationPoolIdentity to NetworkService
  2. RDWeb/Pages-Applications
  Settings, put in remote.company.com as value for "DefaultTSGateway
  Volia it works. As a sidenote I also added the "reghack" ShowInPortal" value
  1 so the full desktop connection is also available in the RDweb portal, not supported I know, but will keep it for now.
  Any comments to this solution ?
  Thx /Tony

• RDS 2012 R2 Collection

  Hello,
  I Have 2 servers ( SRV1 and SRV2 ) both running Server 2012 R2 and are included in a single collection "Apps". 
  I wanted to know if it is possible to tell RDS that a specific application should be available from a specific server only ?
  For example, to publish notepad and calc, but calc should be available only from SRV1.
  Thank you
  regards,
  Alex

  Hi Alex,
  I agree with TP and I would like to check if you need further assistance.
  Thanks.
  Jeremy Wu
  TechNet Community Support

• [Forum FAQ] Restrict number of Active Sessions in RDS 2012 and 2012 R2

  As everyone knows with the introduction of Windows Server 2012 & 2012 R2, there are various changes and no more availability for RDSH configurations or Remote Desktop Service Manager;
  now we can manage all the settings under Server Manager and group policy.
  Configuration 1: Remote Desktop Timeout settings:
  Here, we will see the Remote Desktop timeout settings. You can maintain the settings under below mention path (Figure 1 and Figure 2).
  Open the
  Server Manager, select Remote Desktop Services.
  In Remote desktop Services, in right side you can drop down to
  collections.
  Select the
  collection which you want to edit the settings.
  Under
  collections Properties, select Task and then Edit Properties.
  In Properties dialog box, select
  Session.
  You can find all the
  timeout settings under session collection properties; edit according to your requirements and then
  OK.
  Figure 1: Selecting Collection Properties
  Figure 2: Configuring screen for Timeout and reconnection Settings
  Group policy setting:
  The same settings can also be applied by Group Policy.
  You can also configure timeout and reconnection settings by applying the following Group Policy settings, you can check the figure 3 for graphical view.
  Set time limit for disconnected sessions
  Set time limit for active but idle Remote Desktop Services sessions
  Set time limit for active Remote Desktop Services sessions
  End session when time limits are reached
  In addition to this another group policy available with the help of which you can bale to set time limit for logging off the RemoteApp according to our desired time. This setting
  can be applied with addition to above mentioned policy.
  Set time limit for logoff of RemoteApp Sessions
  These Group Policy settings are located in the following locations:
  Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits
  User Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits
  These Group Policy settings can be configured by using either the Local Group Policy Editor or the Group Policy Management Console (GPMC).
  Note:
  These Group Policy settings will take precedence over the settings configured in Remote Desktop Session Host Configuration. If both the Computer Configuration and the User Configuration policy
  settings are configured, the Computer Configuration policy settings take precedence.
  Figure 3: Group Policy for setting Timeout and reconnection setting
  Configuration 2:
  Restrict & Enable user to a single & multiple session
  Under Windows Server 2012 & 2012 R2, there is no specific setting under RDP-TCP as it is not available.
  Restrict User to Single session:
  To restrict the user to single session (Disable Multiple RDP Session) you can configure the setting under group policy (Figure 4).
  Computer Configuration\ Administrative Templates\ Windows Components\ Remote Desktop Services\ Remote Desktop Session Host\ Connections
  Restrict Remote Desktop Services users to a single Remote Desktop Services session     Enabled
  Figure 4: Group policy for Restrict user to Single session
  Enable user to multiple session:
  To enable the user to multiple session you can configure the setting under below (Figure 5).
  Computer Configuration\ Administrative Templates\ Windows Components\ Remote Desktop Services\ Remote Desktop Session Host\ Connections
  Restrict Remote Desktop Services users to a single Remote Desktop Services session     Disabled
  Figure 5: Group Policy for Enable user to Multiple Session
  In addition you can also edit the registry setting for allowing multiple RDP session as per below (Figure 6).
  HKEY_Local_Machine\SYSTEM\CurrentControlSet\Control\Terminal Server
  fSingleSessionPerUser     REG_DWORD     0x00000000
  Note: By default the registry value is set to 1, but you need to change to 0.
  Figure 6: Display the registry settings
  Also you can edit the policy “Limit number of connections” and set RD Maximum collection as per your company
  requirements (Maximum limit: 999999) for above mention group policy path (Figure 7).
  Figure 7: Group Policy for Limit number of Connections
  Apart from this, if you have not specified any policy or registry setting and still you want to restrict the new session, then in Windows Server 2012 & 2012 R2 there is option where you
  need to follow below steps (Figure 8 and Figure 9).
  Right click a Remote Desktop Session Host in specified location of Host Server and select “Do not allow new connections”.
  After clicking that it will ask you for your confirmation, click yes and no new connection will be allowed.
  Figure 8: Setting displaying “Do not allow new connections”
  Figure 9: Confirmation popup
  RD Gateway Connection Properties:
  If you have deployed RD Gateway under your environment you can also limit the number of simultaneous connections through RD Gateway by configuring
  policy under RD Gateway Manager. For this you need to follow below mention path.
  Open RD Gateway Manager, select the server which you want to modify.
  Right click Properties.
  Under General Tab
  -Limit maximum allowed simultaneous
  connections to:Specify the number of connection you want to able to provide connection.
  -Allow the maximum
  supported simultaneous connections:This
  setting will allow maximum supported connections at a time.
  -Disable new connections:This
  setting will not allow new connections through RD Gateway but Active connection will not be automatically disconnected.
  Select the option as per requirement which able to allow the connection
  Figure 10: Connections setting under RD Gateway Manager
  Configuration 3: Configure keep-alive connection interval
  As per above mention in initial post you can able to change the setting for Keep alive connection interval. In addition to this also verify the
  registry setting must be set as per following (Figure 11 and Figure 12).
  HKEY_Local_Machine \ SOFTWARE \ Policies \ Microsoft \ Windows NT \ Terminal Services
  KeepAliveEnable       REG_DWORD           0x00000001 (1)
  KeepAliveInterval     
  REG_DWORD           0x00000001 (1)
  Figure 11: Group Policy setting for Keep alive
  Figure 12: Registry setting for keep alive
  If you need further assistance, welcome to post your questions in our
  Remote Desktop Services (Terminal Services) forum.
  If you would like to achieve this in Windows Server 2008 or Windows Server 2008 R2, please move on to the next post.

  Applies to Windows Server 2008 and Windows Server 2008 R2
  Configuration 1: Remote Desktop Timeout settings:
  1. Open the property dialog for RDP-Tcp connection in Remote Desktop Services Manager.
  2. In the Sessions tab, you can configure the following settings:
  Active Session Limit
  Idle session limit
  Action when session limit is reached or connection is broken
  End a disconnected session
  Additionally, you can configure the settings with the help of Group Policy also by below mention path.
  Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits
  User Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits
  Configuration 2: Restrict each user to a single session
  By using this configuration or policy setting, each user can only maintain one session to the certain terminal server; when another session is started by the same user, the original one will
  lose the connection. In that way, the total number of possible active sessions won’t exceed the total remote users. You can implement this as below mention steps.
  Remote Desktop Host (RDP-Tcp) configuration:
  Edit Settings – Restrict each user to a single session: Yes
  Group Policy: Computer Configuration\Administrative Templates\Windows Components\Remote Desktop
  Services (Terminal Services)\Remote Desktop Services Session Host (Terminal Server)\Connections\
  Restrict Remote Desktop Services (Terminal Services) users to a single remote session:    Enabled
  Configuration 3: Configure keep-alive connection interval
  By specifying the minutes that the TS holds a remote session actually disconnected, the server will detect the session status after each period. The session that are actually offline will
  be changed to disconnected status:
  Group Policy:  
  Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services (Terminal Services)\Remote Desktop Services Session Host (Terminal Server)\Connections\
  Configure keep-alive connection interval:         Enabled and Specify the Value
  Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

• RDS 2012 The WinRM service failed to create the following SPNs: Additional Data The error received was 1355

  Hi,
  I have RDS 2012 session deployment in Azure with connection broker high availability.
  The "Remote Desktop Management" service does not start automatically when the connection broker virtual machines are stopped and started.
  I see the below error in event logs of both the connection broker VMs
  Note: WHen i manually start the "Remote Desktop Management" service after this error, it all works without issues.
  I get 
  Error ID 46 - Crash dump initialization failed!
  Warning 10154 - in Microsoft-Windows-Windows Remote Management
  The WinRM service failed to create the following SPNs: 
   Additional Data 
   The error received was 1355

  Hi,
  Thank you for posting in Windows Server Forum.
  In respect to error 46, this issue may occur if the computer boots without a configured dump file. The default dump file is the pagefile. During a clean Windows OS installation, the very first boot will hit this condition as the pagefile has not been set up
  yet. 
  To resolve this issue, you may want complete the paging file configuration.
  More information:
  Event ID 46 logged when you start a computer
  http://support.microsoft.com/kb/2756313/EN-US
  In regards to error 10154, you need to create the SPN specified in the event using the
  setspn.exe utility and also need to grant the “Validated Write to Service Principal Name” permission to the NETWORK SERVICE.
  For more information refer beneath articles.
  Event ID 10154 — Configuration
  http://technet.microsoft.com/en-us/library/dd348559(v=ws.10).aspx
  Domain Controllers Warning Event ID: 10154
  http://srvcore.wordpress.com/2010/01/02/domain-controllers-warning-event-id-10154/
  Hope it helps!
  Thanks,
  Dharmesh

• RDS 2012 R2 - RemoteApp - Certificate Mismatch

  Hi!
  We have a newly built RDS 2012 R2 setup.
  It consists of the following:
  1 x Server with the Gateway and the Web Access role
  2 x Servers running a Connection Broker HA cluster
  3 x Servers running as Session Hosts
  The internal domain name is example.local
  We have purchased a wildcard certificate for the entire setup. (called *.example.com)
  An external DNS record - RDS.example.com - has been created and it NAT to the Gateway and Web Access server.
  We have used the script from
  https://gallery.technet.microsoft.com/Change-published-FQDN-for-2a029b80 to publish the FQDN. The name we have publised is Broker.example.com. We have created a split-brain DNS internally so that the clients can resolve external names internally.
  Whenever we try to launch a RemoteApp externally we get the dreaded "Name mismatch" (and it takes about 30 seconds before we get the prompt):
  Any ideas how to solve this issue?

  Hi TP.
  Thank you for your advice.
  I've updated the Windows 7 client to RDP 8.1 and it did the trick! Thank you.
  But we have several external users - and we don't have any chance of controlling if they are running RDP 8.1. I tried to import the wildcard certificate to all RDSH servers
  - using the script in this link: https://social.technet.microsoft.com/Forums/windowsserver/en-US/475fb55f-e394-45d9-a6bd-a37e2a5fe86c/rds-2012-session-host-certificate-assignment?forum=winserverTS
  However - that is when I see the "Name mismatch" warning when launching a RemoteApp (as mentioned in my original post). I suppose this is because the certificate is valid
  only for *.example.com - and not for *.example.local?
  Is there any solution to this?

• How to disable via Group Policy - "Any user who has a password doesn't need to enter it when waking this PC"

  The setting can be found in the following location:
  From the “Charm” bar, Settings>Change PC Settings>Users>Sign-in Options> click the “Change” button next to “Any user who has a password must enter it when waking this PC”.
  I am looking to disable this option via Group Policy on our domain, but am unable to find a default policy related to this setting.  I am searching Group Policy on a Server 2012 machine, and in local Group Policy in Windows 8, but have found nothing. 
  Hoping I'm just missing the location of this and someone can point me to the right place.
  Regards,
  -BN

  There is no specific policy for this item. Please set “Require a password on wakeup” policy instead.
  Niki Han
  TechNet Community Support
  I'm using Windows Server 2012 R2, and I can't find the above quoted policy, and don't know where to anymore where to look. I searched for "Require a password when the computer wakes up", but it took me to the "Define Power Buttons and Turn On
  Password Protection" page of System Settings, but there's NOTHING there except the "When I press the power button".  I really want to stop having to enter a password every time I wake up the monitor screen.
  Capt. Dinosaur

• How to tweak Web-Auth Policy timeout on WLC?

  Hello,
  Is it possible to change Web-Auth Policy timeout? Currently I am talking about 5508, but it could be WiSM also.
  Thank you.

  You need to be clear on what thing though, the webauth policy timeout has nothing to do with authenticated users.
  This is time we will wait on a client to perform a Webauthentication and move to a RUN state.
  If a user is hitting webauth timeout, they are going to be removed because they aren't a working client anyhow.
  The only exception to this pre-auth ACL I suppose where you want users do webauthenticate if they go outside of a specific webpage, but have unlimited access to that one page.
  Either way, I agree the timer needs to modifiable, but you need to make sure you're fighting for the right timer.
  If your clients are going to sleep and they Dissasocciate, of course they will have to reauth, the disassociate removed them from the enterprise network entirely.
  If they are sleeping though, and timing out because of a normal IDLE timeout (not web policy timeout), that is modifed on the Controller TAB of the GUI for "User Idle Timeout".

• 2012 RDS Group Policy - Adobe Reader and Acrobat to Co-exist

  I have a 2012 RDS session host that 20 users terminal in to.We have always had Adobe Reader installed for users to open PDF files.10 of the users required Adobe Acrobat Pro, so we obtained a license for 10 users to access Acrobat Pro.We installed Acrobat Pro on the RDS session host, which also has Reader installed.The problem is, when a user opens a PDF file, it is opening with Acrobat Pro.I need to set the the default PDF program to Adobe Reader. I tried configuring a GPO per the article below:http://www.grouppolicy.biz/2011/09/how-to-use-group-policy-to-change-open-with-file-associations/However, the default is still Acrobat Pro.What is the best way to accomplish this task at hand?
  This topic first appeared in the Spiceworks Community

  Hey, what you have described is normal behaviour for the way you have written your Custom ADM file.
  Because you are not using Proper Windows Policies, i.e. Setting them in the policy location in the registry, then once you apply a setting, it will not get over written again ever unless you made a group policy change or do a gpupdate.
  Normal group policies will get re-applied depending on the time frame set in the policy its self.

• RDS 2012 R2 Separate Session Collection Behavior

  Hi everyone!  I should start by saying that I've found a number of threads which are semi-related to this topic, but they just don't seem to address my particular complaint.  I'm not sure if this is a bug, a configuration error on my part, or if
  it is expected behavior (which would be unfortunate for my intended use cases).
  The issue is that I need to provide two separate collections of RemoteApps, and I only want the collection appropriate to the logged-in user to be displayed in Web Access (or in the feed, for that matter).  One collection includes an expansive set of
  RemoteApps, and the other collection includes a limited subset of those published in the first.
  Now, I know that a SH can only belong to one session collection.  That makes sense, and in my case, I wouldn't want it any other way.  It offers better separation between the user environment intended for use by employees, and the user environment
  intended for use by non-employees, which is a bit more restrictive.  (Those are the actual purposes of the two collections described earlier.)  So far, so good.  Now, it seems to me like every other role beside the SH role should be able to
  do its job for all collections.  What other purpose could the concept of a "Collection" possibly serve, after all?  If I had to stand-up Connection Broker, Web Access, Gateway, and Session Host for every collection of RemoteApps, then there
  wouldn't need to exist any concept in RDS 2012 R2 called "Collections".  So, I figured that Connection Broker, Web Access, and Gateway could serve all collections, and Session Host is of course limited to serving one single collection.  And,
  I guess, that's largely the way it works, with one exception.
  My issue is that in Web Access, all RemoteApps from all published RemoteApp collections are presented to every user who has access to one collection OR the other, despite my best intentions of having provisioned each collection with seprate user group assignments
  using two separate AD groups.  I don't want to advertise all RemoteApps from all collections in the Web Access namespace!  To me, the presence of "User Group" configuration at both the Collection level and at the RemoteApp level implies
  that there is some user group filtering going on, but so far that's looking like a false assumption.  Why would the RemoteApp list in one collection bleed into the RemoteApp list in the second collection?  Why would I want the users of one collection
  to see the applications of the other, even when they're not going to be able to launch them anyway?
  Does anyone have anything to add to the equation?  Is there something I'm missing?  Thanks ahead of time.

  This is now resolved.  There is obviously some additional configuration necessary in some relatively odd places when you want your RemoteApp collections to work as advertised.  I hope this thread can help others in that regard.
  The relevant (error) event generated for each "populate list of RemoteApps for Web Access" process (refreshing the web access portal was my test case), when my IIS application pool is provisioned by the new AD account is Event ID 10, Source: RDWebAccess. 
  In the body, it says "[...] unable to access rdcb1.[local]" and suggests that the RD Web Access server needs to be added to the TS Web Access Computers security group on the connection broker.  However, that was obviously already the case.
  Although not 100% correct in its suggested resolution, this error was helpful, because it shows that the break is occurring when Web Access tries to populate RemoteApps, and is shows that the break is occurring en-route to the CB server.  So, I added
  the new service account (for the Web Access application pool identity) to the Administrators group on the server with the CB role, and all is now resolved.  I now have two separate collections, the list of each appearing for the appropriate user scopes,
  but not for both user scopes like before. 
  Obviously, adding an account as an administrator fixes a lot of access related things very easily, but it is probably not the least-privileged way of doing things.  To that end, I'd like to know the least privileged way, but can certainly live with
  this much improved functionality as-is.
  Thanks for all your help, Razwer.

• RDS 2012 R2 - How do I lockdown access to Local Computer Management and Windows Backup via Group Policy

  Greetings all,
  I am needing assistance in how to lockdown access to Local Computer Management and Windows Backup via Group Policy for users that access RDS service. I have followed this awesome guide - h t t p://w w w.it.ltsoy.com/windows/lock-down-remote-desktop-services-server-2012/
    - but it is missing two important resources that I would like to lock down.Currently, I have successfully locked down Control Panel for users via Group Policy, but I cannot find any group policy or guide on how to restrict user access
  to Computer Management (different to Server Manager). When using Win-X shortcut to open the 'Administrator's shortcuts' near the windows icon, I have locked down everything except Computer Management. Computer Management gives direct access to Disk Management,
  Shares etc, which are locked down for users. But Windows Server Backup is still accessible. Can someone please guide me on how to restrict access to both Computer Management and Windows Server Backup.
  Thanks in advance.
  Terry.

  Prevent running of Windows Server Backup
  Computer Configuration\Policies\Windows Settings\Security Settings\File System
  Right click on File System - Add File - Drill down to \System32\wbadmin.msc
  On the Database Security ACL that pops up - Remove Creator Owner, Remove Users and check Adminstrators have Full Access.
  On the Object window - choose Propagate inheritable permissions to all... (Default)

• New Group Policy not working on 2008 RDS in 2012 Domain - Security Filtering problem?

  We have a Windows 2008 R2 RDS in a Windows 2012R2 Domain. We want to lockdown the 2008 RDS for Domain users that we have added to a new  security Group--named "Data Collection Users". These users are "Domain Users" and login to the
  2008 RDS using Windows XP SP3 machines to run a specific application -they do not use their local desktops for anything. WE added this group to the local RDU group on the RDS.  We do not have any other users that login to the RDS through terminal,
  including any Domain Admins.
  So far we have done these steps:
  On the DC, created new OU (called Terminal Servers) and moved the RDS into it.
  Opened Group Policy on the DC, and under GP Objects, created a new policy called "TS Users Lockdown".
  Linked the Policy to the OU.
  Under Security Filtering we removed the Authenticated Users, added the RDS computer account (called QS2), added the "Data Collection Users" and chose Allow for "Read" and "Apply Policy"
  Under Security Filtering, for Domain Admins, we chose Deny for "Apply Group Policy"
  We edited the Policy (under Computer Configuration>AT>SYS>GP) to Enable Loopback processing - Replace mode.
  We first tested the policy by trying to remove the "Run" from startup menu and "prohibit access to Control Panel".
  We ran the Group Policy force update from within GP Management - ran successfully.
  We did not reboot the RDS.
  Neither of the settings we tried in Step 7 worked.  Why Not?
  Here are images from the Security Filtering:

  Ok--Do I reboot the RDS or the DC?  or both?
  Does it look like my Security Filtering is correct?  I have seen posts where you should not remove the "Authenticated users"?

• RDS 2012- connect to session collection trough mstsc.exe on XP SP3

  Hi!! i need to connect to a session collection based on rds 2012 directly trough mstsc.exe on xp sp3 clients... xp don't support remoteapp and desktop connection and my users can't use internet explorer to connect trough rd web Access..
  Thanks!

  Hi,
  What you could do is upgrade Windows XP with the latest Remote Desktop Client available for Windows XP (http://support.microsoft.com/kb/969084)
  Then extract the .RDP file you want from the RDS 2012 environment (or specify the properties manually in a .RDP) file.
  Recently I wrote on article on the distribution of Remote Apps and desktops in Windows Server 2012, that might be useful:
  http://virtualizationadmin.com/articles-tutorials/vdi-articles/general/distribution-of-remote-apps-and-desktops-in-windows-server-2012.html
  Also, more info on the .RDP properties specifically needed for RDS 2012:
  http://microsoftplatform.blogspot.nl/2012/04/rd-connection-broker-ha-and-rdp.html
  Kind regards,
  Freek Berson
  The Microsoft Platform
  Twitter
  Linked-in
  Wortell company website

• RDS 2012 (non-R2) Unable to Logoff/Reset/Kill A Disconnected Session

  I am running a Remote Desktop Services deployment with HA on Windows Server 2012 (not R2).  This occurs weekly for me, a user will be logged into server running a remote application, the user will report that they were disconnected during their session
  and when they try to reconnect they are unable to do so.  On the server side the user will either have a disconnected OR a couple days old active session (which should not be possible as I have GPO session time limits configured to kill the session in
  12 hours).  I have tried to kill the session may different ways:
  1) Task Manager > Users Tab > Right click logoff
  2) Server Manager > RDS > Collection > Right click user and select logoff
  3) Open CMD run - rwinsta ##  (## being the user
  session ID)
  4) Open CMD run - logoff ## (##
  being the user session ID)
  5) Open CMD run - reset session
  rdp-tcp#XX  (XX being the user rdp-tcp# session ID)
  All of this yields no result, i
  have also opened task manager and killed all running applications however this leaves
  a few running applications: rdpclip.exe, taskhostex.exe, rdpinit.exe, rdpshell.exe, mstsc.exe
  when i try to kill these, I get a warning that this
  may cause the server to shutdown OR access denied.
  Has anyone found a solution to this problem?

  Hi,
  Did you receive any useful event id during this issue?
  Have you applied group policy session setting for computer configuration or User configuration?
  Note: If both the Computer Configuration and the User Configuration policy settings are configured, the Computer Configuration policy settings take precedence.
  Also recheck whether there is setting applied under collection properties. In addition, try below PowerShell command with sysinternal tools (psexec) whether it will work for you.
  psexec [\\computer[,computer2[,...] | @file]][-u user [-p psswd][-n s][-r servicename][-h][-l][-s|-e][-x][-i [session]][-c [-f|-v]][-w directory][-d][-<priority>][-a n,n,...] cmd [arguments]
  You can download the Software from here.
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]