RDWeb and Remote App access - Server 2012 R2

Hi Folks,
Here is my scenario. I currently have 1 RDS 2K12 server with all roles but licensing installed. I have configured the gateway to use server.externaldomain.com as its address. I have also set the SSL port in the gateway config to use something other than
the standard 443 port. I have the firewall set to forward the non standard SSL port, the standard SSL port and the UPD port of 3391 to the RDS server.
I can get to the RDweb page and log in with no problems, but i can't connect successfully when i launch a remote app. it simply gives me an error saying that the gateway address is incorrect. When i set the gateway back to use the standard SSL port, things
work fine.
Has anyone gotten a non standard SSL port to work?
Thanks.
Colin Stewart

Hi Colin,
Based on my research, Remote Desktop Protocol version 7.x does not support changing default SSL port for RD Gateway Server.
You may verify this by connecting from a Remote Desktop Client that supports Remote Desktop Protocol 8.x.
More information for you:
Running RD Gateway on a different port then 443 (Windows Server 8)
http://microsoftplatform.blogspot.com/2011/10/running-rd-gateway-on-different-port.html
Changing the Default Port of RD Gateway in Windows Server 2012
http://social.technet.microsoft.com/wiki/contents/articles/10972.changing-the-default-port-of-rd-gateway-in-windows-server-2012.aspx
Best Regards,
Amy
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

Similar Messages

How do I change the URL to the Remote Web Access server in Windows Server 2012?

Hallo!
I have set up a Remote Dexktop Service using the "Quick" deployment method in Server Manager and everything is working greate internally, but I cannot start an app published in Remote Web Access from outside our network.
The problem is that it wants to start the using the internal URL, for example, server.domain.local, instead of the external one, for example remote.server.com.
I therefore want to know how I can change the default URL for the Remote Web Access server and all the Remote Web Apps in Windows Server 2012?
I have allready looked in Server Manager and I can change some of the deployment settings in server manager, but there is no way to alter the URL of the Remote Web Access server. See below images:
Pressing the internal URL only results in opening the internal URL.
This was very simple to do in Windows Server 2008 R2 using the tsconfig tool, but it does not seam to be any way of solving this in server manager.
A possible sollution would be to alter the registry someware in HKLM->Software->Microsoft->Windows NT->Terminal Services. But this can easaly lead to problems due to wrong format, etc. and is probably not supported.
Is there a simpler and supported way?

That option can be used to connect to any machine that you want. The error message indicates that the client machine cannot resolve the name "server.domain.local" to an IP address that it can connect to.
You have several options for configuring that tab on the RDweb site. You can even remove it entirely.
Customization of RD Web Site
RD Web provides a number of customization options for the RD Web interface, including the ability to control default Gateway server settings and redirection settings. These settings
are controlled by editing the web.config file located in %SYSTEMROOT%\Web\RDWeb\Pages.
Displaying Local Help
To display local help for users instead of the web-based help, edit the LocalHelp value and change the value from false to true.

<add key="LocalHelp" value="false" />
When this value is changed, a user that clicks on Help in the upper right corner of the RD Web login page will open the local help file instead of web-based help.
Hiding the Connect to a Remote PC Tab
The RDWeb page
Connect to a Remote PC tab can be hidden from users to prevent connections to any servers through RD Web other than the servers configured in a collection. By default, this setting is set to true and the
Remote Desktops tab is displayed. To hide the tab, set the value to false.

<add key="ShowDesktops" value="true" />
When the value is set to false, a user will not see the Connect to a Remote PC tab when logged on to the RD Web page
RD Gateway Settings
If the Connect to a Remote PC tab is enabled, an administrator can configure RD Web to use a Gateway server when connecting to remote computers. To specify a gateway, edit the below
value with the name of the RD Gateway server:

<add key="DefaultTSGateway" value="" />
The default authentication method for the RD Gateway server can also be configured by editing the following section of the web.config:

<add key="GatewayCredentialsSource" value="0" />
Devices and Resources
By default, only Printers and Clipboard are redirected on connections made using the Connect to a Remote PC tab. If the user clicks the
Options << button, the redirection settings for a specific connection can be modified
To configure each specified redirection option to be enabled or disabled by default, edit the following section in the web.config file:

<add key="xPrinterRedirection" value="true" />
<add key="xClipboard" value="true" />
<add key="xDriveRedirection" value="false" />
<add key="xPnPRedirection" value="false" />
<add key="xPortRedirection" value="false" />
LAN Experience Defaults
Windows Server 2012 RD Web Access can display a new user selectable option for optimizing the connection for a LAN experience. This option is displayed at the bottom of the RD Web
page and can be controlled by the administrator using the following section of the web.config file:

<add key="ShowOptimizeExperience" value="false" />
<add key="OptimizeExperienceState" value="false" />
This value is set to false by default, but when changed to true, the following checkbox will display at the bottom of the webpage. The LAN experience
checkbox can also be set as enabled by default.
Each setting can also be modified using the IIS Manager user interface:
Don Geddes - SR Support Escalation Engineer - Remote Desktop Services - Printing and Imaging

Administrator cannot change printer properties on "Advanced" tab from "Devices and Printers" on Windows Server 2012 R2

Hello, dear Colleagues.
User with administrators rights cannot change printer properties on "Advanced" tab from "Devices and Printers" on Windows Server 2012 R2.
If to launch "Devices and Printers" on server, all printer properties on "Advanced" tab are inactive (see screen below).
But I can change it manually with "Print Management". Features become active.
The main purpose - to uncheck "Enable advanced printing features" with powershell
scripts.
$erroractionpreference = "continue"
$colPrinters = Get-Wmiobject -Class win32_printer -computername print_server -Filter "Name like 'printer1' or Name like 'printer2' or Name like 'printer3' or Name like 'printer4' or Name like 'printer5' or Name like 'printer6'" # get printers on server and filter with names
ForEach ($objPrinter in $colPrinters) { # get printer details from WMI
If ($objPrinter.RawOnly -ne "True") { # check that Advanced printing fetaures is turned on
Write-host $objPrinter.Name
Write-Host $objPrinter.RawOnly
$objPrinter.RawOnly = "True" # Untick and update the object in WMI
$objPrinter.Put()
It works on Windows 7 workstation, but does not on print server Windows Server 2012 R2 with error
Exception calling "Put" with "0" argument(s): "Generic failure "
At \\print_server\c$\DisableAdvancedPrintingFeatures.ps1:8 char:17
+ $objPrinter.Put()
+ ~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodException
Can you help me with that? Look like somethings with rights.
Thank you.

Hello, Alan
Morris.
Thanks for your reply.
I've tried to runs PS Script both locally and remotely, previously running Powershell ISE as Administrator.
I've noticed interesting thing - if to
check "Enable advanced printing features"
manually thru Print Management snap-in, script works fine. But, time to time after some manipulations on print server, this advanced feature returns to enabled state automatically by system, I think. In this case PS Script does not work. Next, if to disable
feature manually again (thru Print Management snap-in),
and enable manually again, PS Script will work. Very strange situation.
Thanks.

How do I get mail on my iPhone and computer to sync automatically, so e.g. messages read on one appear read on both? I am working in VN and the microsoft access server is in the USA.

How do I get mail on my iPhone and computer to sync automatically, so e.g. messages read on one appear read on both? I am working in VN and the microsoft access server is in the USA.

If you created as an Exchange account on the iPhone (not IMAP or POP) and you have Push on it should all work smoothly; Reading a message on either client should mark the other read (it does on mine). Try deleting the account from the phone, rebooting the phone (to clear out old settings), then go to Settings/Mail,Contacts,Calendar, add an account and tap Microsoft Exchange and add the account back.
There is a fundamental difference between BB and iPhone that you should be aware of; on the BB you do not sync directly with Exchange; you sync with the RIM server which then syncs with your Exchange server. The iPhone syncs directly with Exchange using Microsoft's ActiveSync protocol. So in some ways they will behave differently. But ActiveSync should manage marking messages as read correctly.

HT1947 Apple TV (2nd gen) and Remote App - no more connection

Since updating to the latest version of Apple TV (2nd gen) and Remote App for iPhone or iPad I can't connect any more. Worked for a short moment after restarting a few times but now no more. Must be a new bug, because it always worked before updating to iOS 5.1!
I tried with an iPhone 4S and and iPad 2.

Hi and thanks for your suggestion. Unfortunately this didn't solve the issue. I tried almost everything now:
- I rebooted the WIFI rooter
- I resettled the apple TV
- I removed the cables of apple tv for a minute (I have a switch anyway to cut power off completely)
- I killed the remote app on the iPhone and iPad a few times
- I removed my account settings both on the i-devices and apple tv for home sharing a few times and activated them again
All of the devices are in the same wifi network and every device can connect perfectly to the internet.
The screen on the iPhone/iPad always just shows that I should activate home sharing on iTunes on the computer or on the apple tv with my account (what I did as mentioned above)
Any ideas, someone from Apple maybe?
Any ideas appreciated!
Markus

My home sharing and remote app does not work. How do I fix it? I am on a university network.

My home sharing and remote app does not work.
Here is my setup:
Macbook 2009 running Mac OS X 10.6.8
Itunes 10.6.1
Ipod Touch 4th gen Mac OS X 5.1
I am on a university secured network.

Hi Charles, chinese may be difficult, see our resident language ecxpert, Tom's reply here...
https://discussions.apple.com/message/20061347#20061347
On the slowness...
See if the Disk is issuing any S.M.A.R.T errors in Disk Utility...
http://support.apple.com/kb/PH7029
Open Activity Monitor in Applications>Utilities, select All Processes & sort on CPU%, any indications there?
How much RAM & free Disk space do you have also, click on the Memory & Disk Usage Tabs.
Open Console in Utilities & see if there are any clues or repeating messages when this happens.
In the Memory tab of Activity Monitor, are there a lot of Pageouts?
https://discussions.apple.com/servlet/JiveServlet/showImage/2-18666790-125104/AM Pageouts.jpg

Routing and Remote Access Server 2012 r2 Help

Hi all, I just setup a new 2012 R2 server with DHCP, DNS and Routing and Remote Access. When a user logs in to the VPN the DHCP is assigning the wrong IP address. My DHCP Scope is 10.0.10.100 to 10.0.10.199 but it's setting it to 169.254.X.X.
How do I fix this.

169.254.x.x are APIPA addresses which are allocated when the guest cannot see the DHCP server/allocator. Basically there is something wrong with your RRAS setup.
You should never run a remote access server on a DC. It will give you all sorts of name resolution problems. As soon as a client connects, the server acquires an additional IP for the VPN connection and the DC is multihomed. That has been a problem
since NT days and still is.
Bill

Cannot run more than one instance of a remote app in remote desktop services Server 2012

All,
I installed "Remote Desktop Services (RDS) Quick Start Deployment for RemoteApp, Windows Server 2012 Style" using the instructions here http://blogs.technet.com/b/yungchou/archive/2013/02/07/remote-desktop-services-rds-quick-start-deployment-for-remoteapp-windows-server-2012-style.aspx
I need to set up an image viewing program (Olyvia) to allow students using Macs and iPads access to this windows only application in order for them to get their work done. We may have 12 or more students accessing and trying to run the Olyvia application
at any one time.
All works good, except that I cannot run the Olyvia application (setup as a remoteapp program) more than one instance at a time. That is, when I start up "olyvia" on a Mac, it works great. If I leave it up and running, and then try
and start up "olyvia" on an iPad (using different accounts), I get the following error message:
"Cannot run more than one instance of this program simultaneously. Either the program is already running, or it has not been terminated completely."
I need to understand the root issue.
1. Is this a licensing issue? So, I need to add some CALs to the RDS server?
2. Is this a application issue with "olyvia"? So, no matter what I do, it is not going to be able to be used by more than one person at a time when configured as a remoteapp?
3. Did I not "publish" the application correctly?
4. Is this happening because I followed the "quick start" guide?
Appreciate any help I can get on this. We have no problem getting CALs, I just need some help with the root issue.
Thanks,
Geoff Weatherford
CVMBS, CSU

Hi Geoff,
Each application uses different techniques for determining if multiple instances are running. If you can determine what method it is using then perhaps you could use App-V or other virtualization software.
In the best case you really should direct your question to the maker of Olyvia. The reason I said that is they specifically designed their software to prevent multiple instances, so the first question is, why? Is it related to Licensing?
Compatibility? If you knew the specific reason(s) why they are doing it and the technique used then at the point using a virtualization technique may be the best option.
-TP

SCCM 2012 SP1 with remote WSUS on Server 2012 and SQL Server 2012

I am rebuilding my SCCM 2012 lab on Server 2012 R2 x64 OS now.
I have 1 primary site, remote SQL server 2012, and remote WSUS server.
Is the WSUS console still required on my primary site running server 2012? If so are the below the correct steps to get this working?
Install Console on primary server:
Go to Server Manager à Add Roles and features, Navigate to the features section.
Remote Server Manager tools
>Role Administration Tools
--Select Windows Server Update Services Tools Only
Are there any post hotfixes to install?
Intalling WSUS full version on remote server:
Go to Server Manager à Add Roles and features, Server Roles section.
Windows Server Update Services
Do I need to select this as well on the remote wsus server? >Role Administration Tools -Select Windows Server Update Services Tools Only
Since my SQL server is on a remote server do I select the below only?
Are there any post hotfixes to install?

Hi,
One Part of the question is already answered. The second part is: If you want to use a remote SQL Server you need to select exactly what you selected in your screenshot.
Regards,
Thomas
Thomas Hanrath [MCT | Regional Lead Germany] |
http://www.hanrath.de
Microsoft Learning Blog |
http://blog.microsoftlearning.de

Remote App Access from Firefox and Android Phone

Dear Team,
Please let me know the way to access remote app application using Firefox and android browser.
Thank you
Mahesh Leema

3rd party solutions provide connectors in combination with a Desktop Virtualization Suite. That way you won't get Web Access but Apps from an AppStore to connect to an RDS environment e.g. vWorkspace by Quest Software
http://www.quest.com/vworkspace/
To give you an idea, they provide:
Windows XP to 7, 2003, 2008 (32 and 64 bit)
Mac OS X 10.5.5 or later
Linux: Ubuntu 8.04, 9.04, and 9.10; Debian 5.0 (Lenny), Fedora Core 10, Red Hat Enterprise Linux Desktop 5.5
Java
Thin clients from HP, Wyse and many other manufacturers
iPad 3.2 or later
Zero PCs (Repurposed PCs) – 512MB RAM, 1GHz Pentium or better
Android tablets and cell phone devices
Ericom AccessNow for vWorkspace – HMTL5 RDP client
Kind regards,
Freek Berson
The Microsoft Platform
Twitter
Linked-in
Wortell company website

ASA and RADUIS on Windows server 2012

hi i have ASA5505 i want to get the Authentication from Raduis Server using NPS on windows Server 2012 i test the Raduis Server over "Kerio Control VMware Virtual Appliance" its work Perfect for testing my Setting on Raduis but with the ASA5505 i get this message "Error authentication rejected aaa failure"
Running Config
: Saved
ASA Version 9.1(3)
hostname NazcoFW
domain-name default.domain.invalid
enable password XgEKS9WizHnI9IUJ encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd XgEKS9WizHnI9IUJ encrypted
names
interface Ethernet0/0
switchport access vlan 22
interface Ethernet0/1
interface Ethernet0/2
switchport access vlan 12
interface Ethernet0/3
interface Ethernet0/4
shutdown
interface Ethernet0/5
shutdown
interface Ethernet0/6
shutdown
interface Ethernet0/7
switchport access vlan 32
shutdown
interface Vlan1
nameif NAZCO
security-level 100
ddns update hostname OSI
dhcp client update dns server both
ip address 172.16.200.1 255.255.255.0
interface Vlan12
nameif outside4
security-level 0
ip address 172.16.4.254 255.255.255.0
interface Vlan22
nameif Outside20
security-level 0
ip address 172.16.20.254 255.255.255.0
boot system disk0:/asa913-k8.bin
ftp mode passive
dns domain-lookup NAZCO
dns server-group DefaultDNS
name-server 10.1.1.1
name-server 10.1.2.1
domain-name default.domain.invalid
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network HP5220
host 10.10.10.105
object network ak20
host 10.10.10.110
object network hp5520
host 192.168.2.105
object network HP7000
host 192.168.2.106
object network HP5520
host 192.168.2.105
object network ak04
host 10.10.10.110
object network HP400
host 192.168.2.107
object network out04
range 192.168.2.200 192.168.2.220
object network AK04
host 10.10.10.110
object network oooo
subnet 10.10.10.0 255.255.255.0
object network 444
host 10.10.10.110
object network OSITOINT
subnet 10.10.10.0 255.255.255.0
object-group network OSItoOUT04
network-object object out04
access-list outside20_access_in extended permit icmp any4 any4
pager lines 24
logging enable
logging asdm-buffer-size 512
logging trap informational
logging asdm informational
logging host NAZCO 10.10.10.10 17/6161
logging debug-trace
logging permit-hostdown
mtu NAZCO 1500
mtu Outside20 1500
mtu outside4 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-721.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (NAZCO,outside4) source dynamic any interface dns
nat (NAZCO,Outside20) source dynamic any interface dns
route Outside20 0.0.0.0 0.0.0.0 172.16.20.1 1
route outside4 0.0.0.0 0.0.0.0 172.16.4.1 11
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server Keefa-Raduis protocol radius
aaa-server Keefa-Raduis (NAZCO) host 172.16.200.10
key *****
radius-common-pw *****
user-identity default-domain LOCAL
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication serial console LOCAL
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 NAZCO
snmp-server host NAZCO 10.10.10.196 community ***** version 2c
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown
snmp-server enable traps syslog
snmp-server enable traps ipsec start stop
snmp-server enable traps entity fru-insert
snmp-server enable traps remote-access session-threshold-exceeded
snmp-server enable traps connection-limit-reached
snmp-server enable traps cpu threshold rising
snmp-server enable traps ikev2 start stop
snmp-server enable traps nat packet-discard
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpoint _SmartCallHome_ServerCA
crl configure
crypto ca trustpool policy
crypto ca certificate chain _SmartCallHome_ServerCA
certificate ca 6ecc7aa5a7032009b8cebcf4e952d491
308205ec 308204d4 a0030201 0202106e cc7aa5a7 032009b8 cebcf4e9 52d49130
0d06092a 864886f7 0d010105 05003081 ca310b30 09060355 04061302 55533117
30150603 55040a13 0e566572 69536967 6e2c2049 6e632e31 1f301d06 0355040b
13165665 72695369 676e2054 72757374 204e6574 776f726b 313a3038 06035504
0b133128 63292032 30303620 56657269 5369676e 2c20496e 632e202d 20466f72
20617574 686f7269 7a656420 75736520 6f6e6c79 31453043 06035504 03133c56
65726953 69676e20 436c6173 73203320 5075626c 69632050 72696d61 72792043
65727469 66696361 74696f6e 20417574 686f7269 7479202d 20473530 1e170d31
30303230 38303030 3030305a 170d3230 30323037 32333539 35395a30 81b5310b
30090603 55040613 02555331 17301506 0355040a 130e5665 72695369 676e2c20
496e632e 311f301d 06035504 0b131656 65726953 69676e20 54727573 74204e65
74776f72 6b313b30 39060355 040b1332 5465726d 73206f66 20757365 20617420
68747470 733a2f2f 7777772e 76657269 7369676e 2e636f6d 2f727061 20286329
3130312f 302d0603 55040313 26566572 69536967 6e20436c 61737320 33205365
63757265 20536572 76657220 4341202d 20473330 82012230 0d06092a 864886f7
0d010101 05000382 010f0030 82010a02 82010100 b187841f c20c45f5 bcab2597
a7ada23e 9cbaf6c1 39b88bca c2ac56c6 e5bb658e 444f4dce 6fed094a d4af4e10
9c688b2e 957b899b 13cae234 34c1f35b f3497b62 83488174 d188786c 0253f9bc
7f432657 5833833b 330a17b0 d04e9124 ad867d64 12dc744a 34a11d0a ea961d0b
15fca34b 3bce6388 d0f82d0c 948610ca b69a3dca eb379c00 48358629 5078e845
63cd1941 4ff595ec 7b98d4c4 71b350be 28b38fa0 b9539cf5 ca2c23a9 fd1406e8
18b49ae8 3c6e81fd e4cd3536 b351d369 ec12ba56 6e6f9b57 c58b14e7 0ec79ced
4a546ac9 4dc5bf11 b1ae1c67 81cb4455 33997f24 9b3f5345 7f861af3 3cfa6d7f
81f5b84a d3f58537 1cb5a6d0 09e4187b 384efa0f 02030100 01a38201 df308201
db303406 082b0601 05050701 01042830 26302406 082b0601 05050730 01861868
7474703a 2f2f6f63 73702e76 65726973 69676e2e 636f6d30 12060355 1d130101
ff040830 060101ff 02010030 70060355 1d200469 30673065 060b6086 480186f8
45010717 03305630 2806082b 06010505 07020116 1c687474 70733a2f 2f777777
2e766572 69736967 6e2e636f 6d2f6370 73302a06 082b0601 05050702 02301e1a
1c687474 70733a2f 2f777777 2e766572 69736967 6e2e636f 6d2f7270 61303406
03551d1f 042d302b 3029a027 a0258623 68747470 3a2f2f63 726c2e76 65726973
69676e2e 636f6d2f 70636133 2d67352e 63726c30 0e060355 1d0f0101 ff040403
02010630 6d06082b 06010505 07010c04 61305fa1 5da05b30 59305730 55160969
6d616765 2f676966 3021301f 30070605 2b0e0302 1a04148f e5d31a86 ac8d8e6b
c3cf806a d448182c 7b192e30 25162368 7474703a 2f2f6c6f 676f2e76 65726973
69676e2e 636f6d2f 76736c6f 676f2e67 69663028 0603551d 11042130 1fa41d30
1b311930 17060355 04031310 56657269 5369676e 4d504b49 2d322d36 301d0603
551d0e04 1604140d 445c1653 44c1827e 1d20ab25 f40163d8 be79a530 1f060355
1d230418 30168014 7fd365a7 c2ddecbb f03009f3 4339fa02 af333133 300d0609
2a864886 f70d0101 05050003 82010100 0c8324ef ddc30cd9 589cfe36 b6eb8a80
4bd1a3f7 9df3cc53 ef829ea3 a1e697c1 589d756c e01d1b4c fad1c12d 05c0ea6e
b2227055 d9203340 3307c265 83fa8f43 379bea0e 9a6c70ee f69c803b d937f47a
6decd018 7d494aca 99c71928 a2bed877 24f78526 866d8705 404167d1 273aeddc
481d22cd 0b0b8bbc f4b17bfd b499a8e9 762ae11a 2d876e74 d388dd1e 22c6df16
b62b8214 0a945cf2 50ecafce ff62370d ad65d306 4153ed02 14c8b558 28a1ace0
5becb37f 954afb03 c8ad26db e6667812 4ad99f42 fbe198e6 42839b8f 8f6724e8
6119b5dd cdb50b26 058ec36e c4c875b8 46cfe218 065ea9ae a8819a47 16de0c28
6c2527b9 deb78458 c61f381e a4c4cb66
quit
telnet timeout 5
ssh scopy enable
ssh 172.16.200.0 255.255.255.0 NAZCO
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
management-access NAZCO
dhcp-client update dns server both
dhcpd dns
dhcpd update dns both
dhcpd address 172.16.200.20-172.16.200.89 NAZCO
dhcpd dns 172.16.20.1 172.16.4.1 interface NAZCO
dhcpd lease 1048575 interface NAZCO
dhcpd update dns both interface NAZCO
dhcpd enable NAZCO
threat-detection basic-threat
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
username admin password bZmVDHuxUzzxS3yz encrypted privilege 15
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
inspect icmp error
class class-default
user-statistics accounting
service-policy global_policy global
prompt hostname context
service call-home
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
hpm topN enable
Cryptochecksum:357b7c6f861e8aa9bb3a3674a789b39b
: end
asdm image disk0:/asdm-721.bin
no asdm history enable

Hi
Looks like the AAA configuration is set for local
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication serial console LOCAL
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
Change it to Radius
aaa-server Keefa-Raduis protocol radius
aaa-server Keefa-Raduis (NAZCO) host 172.16.200.10
key *****
radius-common-pw *****
for example :
aaa authentication telnet console Keefa-Raduis LOCAL
Now when you will do telnet to using Radius credentials, Its Should work, If radius goes down you can use LOCAL username and password as fallback method.
Cheers!
Minakshi(Do rate the helpful post)

Direct Access Server 2012 R2 Single NIC DNS problem with 8.1 Enterprise

Dear helpers,
I am beginning to rip my hair over the following problem and I am asking for some guidance:
I have setup DA on a server 2012 R2 with the simple wizard using one NIC. I have opened up port 443 to my DA Server and operations status is showing green on everything. I have used Djoin to join a remote win 8.1 enterprise client to our domain and
setup DA. I can see that my tunnel is established and the client shows up as an IPHTTPS client on my server:
Role                       : client
URL                        : https://vpn.ourdomain.com:443/IPHTTPS
Last Error Code            : 0x0
Interface Status           : IPHTTPS interface active
Connection status on client is stuck in connecting and the eventlog on client gives me following error:
The system failed to register host (A or AAAA) resource records (RRs) for network adapter
with settings:
           Adapter Name : {424F50B4-BF1A-4D96-81FA-7D7436A99F07}
           Host Name : TEST
           Primary Domain Suffix : ourdomain.com
           DNS server list :
                172.16.8.1
           Sent update to server : <?>
           IP Address(es) :
             172.16.8.110
The reason the system could not register these RRs was because the update request it sent to the DNS server timed out. The most likely cause of this is that the DNS server authoritative for the name it was attempting to register or update is not running at
this time.
I understand why this is failing because it seems like it is contacting the local DNS to register and that's wrong.
Get-DaConnectionStatus gives me the following:
Status    : Error
Substatus : CouldNotContactDirectAccessServer
I can ping the name on the DA server and also the IPv6 address, I can also do nslookup if i set the server used to my internal DNS-servers IPv6 address(DNS and DA server = same machine). My DA Client GPO is being applied to the client and i get an NRPT table
looking as follows:
Settings for DirectAccess-NLS.ourdomain.com
DirectAccess (Certification Authority) :
DirectAccess (IPsec)                    : disabled
DirectAccess (DNS Servers)              :
DirectAccess (Proxy Settings)           : Use default browser settings
Settings for vpn.ourdomain.com
DirectAccess (Certification Authority) :
DirectAccess (IPsec)                    : disabled
DirectAccess (DNS Servers)              :
DirectAccess (Proxy Settings)           : Use default browser settings
Settings for .ourdomain.com
DirectAccess (Certification Authority) :
DirectAccess (IPsec)                    : disabled
DirectAccess (DNS Servers)              : fd1f:6801:cc14:3333::1
DirectAccess (Proxy Settings)           : Bypass proxy
I cannot reach any internal resources by name or IPv4 address except the DA server.
I will gladly provide more info if needed
Please help!
//Cris

Hi,
Thanks for your reply.
Firstly, computer certificates are necessary for DirectAccess.
In addition, it is no need to assign an IPv6 address on all the servers. In Windows server 2012/R2, the
Built-in NAT64 and DNS64 support for accessing IPv4-only resources.
If you select Configure DirectAccess Clients with DNS client suffix search list and add additional suffixes to the list,
you can search for short, unqualified computer names in more than one specified DNS domain.
For more detailed information about DNS suffix search list, please refer to the link below:
Step 2: Configure the DirectAccess Server
Best regards,
Susie

Remote Desktop in Server 2012 is inaccessible from outside of LAN

We have a server 2012 machine it was setup and accessible via Remote Desktop for months. A few days ago we wiped it and did a fresh install of Server 2012. Now we can not remote to the server from outside of the LAN, even though it is setup exactly
as it was before.
Here is a checklist of things I have checked while trying to figure out the break:
Router/firewall is forwarding port 3389 to the correct internal static IP of the server. Port forward test tools online confirm the port is open.
Windows firewall is set to allow all connections for Remote Desktop on 3389. Also tried turning off firewall completely, does not fix the issue.
Allow remote connections is enabled in System Properties, and users have been added to the list of allowed user
Additional info: The server is also a standalone Active Directory and Domain Controller.
Remote desktop connections work fine while in the office on the LAN. When remoting to the external IP, it doesn't work, even though it did only days before we re-did the server.
Thanks!

What should I check in AD? I am by no means an expert with AD.
Yes, I am using the same client OS.
I am talking about RDP over the internet, like from home to the office. We have a static IP assigned to the router from ISP. A static internal IP assigned to the server on the LAN. And the router port forwards 3389 to the assigned IP.
It was working fine before we reinstalled Server 2012. These are the steps I took when reinstalling:
1. format drive and install OS
2. rename the server
3. install SQL server
4. Install TFS and SharePoint
5. Add Active Directory role and promote to Domain Controller
6. Add domain users
7. Enable remote access on the server and add users to remote access list

RemoteApp and Desktop Connections from server 2012 std

Hi
i am trying to deploy the RemoteApp and Desktop Connections to my win 7 from my app server (server 2012)
and i am getting all the time this error
what cert i have to add and where ???
(on the server iis i have tried to add 2 cert but no success)\
thanks

Hi,
Please import the RD Web Access server certificate to your clients and see how it works.
Event ID 1012 — RemoteApp and Desktop Connection Configuration
http://technet.microsoft.com/en-us/library/ee891358(v=ws.10).aspx
Hope this helps.
Jeremy Wu
TechNet Community Support

Where do I find Offer Remote Assistance on Server 2012 Essentials

Where the heck do I find the Offer Remote Assistance capability in Server 2012 R2 Essentials? (I'm guessing this a just plain Server 2012 thing, but in my case I'm specifically using Server 2012 R2 Essentials.)
From the server console, I want to be able to offer remote assistance to workstations joined to the Essentials domain.
I have the Remote Assistance Feature installed on the server, and I have the group policy configured and active for workstations to allow Remote Assistance. I just cannot find in the Server 2012 user interface (which is of course based on the Windows
8 interface which I have not used yet), where the Remote Assistance option is.
In Windows 7, and Small Business Server 2011 Essentials, which is of course built on top of Windows 2008, I could click Start, then All Programs, then Maintenance, and "Windows Remote Assistance" was a shortcut there.
In Server 2012 R2 Essentials I can't find it anywhere. Even when I display the full Start "Menu" list on the new Start screen I can't find it. "Remote Assistance" does not show up as an option when I try to search for it in
the Start screen search box.
Thank you.

Thanks everyone. I finally found it, but it's far less than obvious in any way. But first to address some of the other comments...
That's funny. The only way I've been able to find the tool on Win7 or Win8 has been to type "remote assistance" at the start menu, and then select the appropriate program.
I just rechecked 3 different Windows 7 PCs and both of my older Small Business Server 2011 Essentials servers (which of course are based on Server 2008). On all of them in the Start Menu, I can click Start, then All Programs, then I have a folder called
"Maintenance", then inside of that I have a "Windows Remote Assistance" shortcut along with several other shortcuts. Of course I know the interface changed in Windows 8 and Server 2012, but it seems odd they'd remove access to the tool
entirely without any way to get to it.
I just did this on my Windows Server 2012 Essentials, and it offered me the right selection, but then when I clicked that I got the message "Windows cannot find 'C:\Windows\system32\msra.exe'. Make sure you typed the name correctly, and then try again."
Funny that it obviously had the shortcut installed, but not the underlying program.
Wim.
I believe it may have been removed from the Server OS in 2012 in favour of using a Desktop to Offer Remote Assistance.
http://blogs.msdn.com/b/hyperyash/archive/2013/01/18/remote-assistance-in-windows-8.aspx
It was 'put back' in R2 so it seems.
Anyway, i went to Server Manager, installed Remote Assistance. Rebooted.
Went to search and found remote assistance.
Yes, mine is specifically 2012 R2 Essentials. After some additional Google searching, it does appear that there is no direct "shortcut" to Remote Assistance in Windows 8, and thus I'm guessing in Server 2012 R2. Everything I find on Windows 8 indeed
says to "search" for "remote assistance" as you guys have suggested and select it from the search results. The problem is that on my 2012 R2 Essentials server, when I search for "remote assistance" I only get one result, as shown
in the first screen shot here, which if I click it takes me to the 2nd screen shot, which is of course not what I want. (That's the settings for the server itself to allow remote connection into the server from outside. I'm trying to go from the server
out to workstations.)
Then i had to go to 'get help' which may be a change from before.
Chose to help from an invite.
Go to advanced options.
Not sure if this is what you want, or need?
Yeah, I knew how to get to the Advanced settings within the basic Remote Assistance tool. The "Invite someone..." option is not showing up in my search results when I search for "remote assistance" as you can see in the above screen
shot.
If I remember correctly, the feature had already to be installed manually in Windows Server 2008 R2, so this is not a new behavior...
Correct, yes, on my SBS 2011 Essentials servers I did have to manually install the Remote Assistance "Feature". But as mentioned above, once I did install the feature, then the "Windows Remote Assistance" shortcut still showed up
under Start/All Programs/Maintenance. At the very least I would have expected it to show up in the search results, which you can see by the above screen shot, it doesn't.
SO HOW DID I SOLVE IT?
I found that if I actually search for "invite someone" then that option shows up in my search results and I can click on it and it launches the remote assistance tool as in Robert's message and screen shots above. I don't know why this
option doesn't show up when I search for just "remote assistance" as in Robert's screen shot above, but it doesn't.
In the end, creating the desktop shortcut for msra.exe /offerra seems to be the most efficient.

RDWeb and Remote App access - Server 2012 R2

Similar Messages

Maybe you are looking for