REMOTE DESKTOP ON A DOMAIN CONTROLLER

I have a server 2012 with DC installed, i am trying to install Remote Desktop License to it so i can RDP to the server but it's not allowing me
is there any work around this or is it possible to do it.

Hi,
For RDL to install you need to activate the Remote Desktop License server and then install the purchased RDS CAL so that you can have successful connection.
Hope it helps!
Thanks.
Dharmesh Solanki
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

Similar Messages

Setting up remote sites with a domain controller at each

Hello, I am setting up offices at 2 locations for the first time and I was wondering where I should go to get the best step by step information. My goal is to have a Windows 2012 (standard) server at each location acting as primary and secondary DC. User
log in at each location would act as one and file sharing would be seamless. Since this is my first venture, it goes without saying that I have a lot of questions... To name a few; as I will be using DHCP, are the private IP's at each location the same or
different? Would it be faster and more efficient to keep user-A files at their home location or put all the data to be accessed on one server? The questions could go on but this is not the place for it. I have done extensive searching on the topic but either
I get bits and pieces or the sites assumes that you already know a step so much is overlooked in assumptions. Help

Hi,
For the 2 questions:
1. Generally we will setup 2 sites for different locations so that computers know which site they are located.
2. Local file server is much more efficient - users will always access a local server - access a remote server will be very slow unless you have high network connectivity.
In order to get users accessing local file server, site-cost need to be set (so we need to use different sites for different locations).
FYI, here is an article for AD design. As you said it may lead more questions so just feel free to discuss with us.
If you are going to discuss a different topic, it is recommended to post a new thread for avoiding confusion.
Best Practice Active Directory Design for Managing Windows Networks
https://msdn.microsoft.com/en-us/library/bb727085.aspx
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

Windows Remote Desktop (Mac)

Hello:
I'm trying to use Windows Remote Desktop (Mac) to connect from a Mac (OSX 10.9.5) to a pc (Windows 7 Pro). When both laptops are on the same network I can connect without issue (using the destination pc's IP4 address). However, when they are not on the same
network I get the error message below* (I use the ISP-provided IP address for this connection). I made sure the ISP router port forwarding settings had the open/end ports (which I got from running the necessary CMDs from my destination pc's dos prompt). I
made sure the destination pc firewall settings allowed Remote Desktop connections (public, domain, home/work). What could I be missing? Thanks!
*Error message:
Unable to connect to remote PC. Please verify Remote Desktop is enabled, the remote PC is turned on and available on the network, and then try again.

Hi Andy,
Which version of MRD MAC you are using for your case?
Please use the latest MRD v 8.0.15 and verify.
As you have commented, you check every network scenario. Suggest again to recheck the related setting for IP address, firewall, port, user permission access and other things. You can also refer beneath article for information.
https://technet.microsoft.com/en-us/library/dn473006.aspx
Hope it helps!
Thanks.
Dharmesh Solanki
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

Windows 2012 R2 Active Directory Domain Services and Remote Desktop services Role on the same server.

Findings:
Currently, Windows 2012 R2 AD DS role and RDS With Broker services can only seem to coexist properly in a new domain not an existing domain. Any attempt to add to an existing domain causes internal database user access denied issues and any attempt to
adjust rights and circumvent is dubious at best.
The escalation technician said it best. Out of 50 clients that want to do this, they end up not being able to help 5 right off the bat for whatever reason. As for the other 40 they might be able to help by running reports, adjusting rights and trying to add
the roles until it works. This can end up being a 20 day process. Basically they are playing whack-a-mole with user rights and permissions until something sticks.
We tried creating an OU where any other domain policies would not be inherited to see if that was the issue, a fresh install with different sequence of adding the Roles, no effect.
Given the errors I witnessed when running procmon and then trying to add the roles, the NT System and the Windows Internal database user had access denied issues on 100+ registry keys when trying to add the roles. After that the system is not behaving normally.
The errors displayed almost mirror the errors that would occur on Windows 2012 when those two roles would be added which of course is officially NOT supported on that system.
This blog needs serious revision:
http://blogs.msdn.com/b/rds/archive/2013/07/09/what-s-new-in-remote-desktop-services-for-windows-server-2012-r2.aspx
This is the excerpt from that blog: Single server RDS deployment including Active Directory. We now support running our RD Connection Broker role service on the same physical instance as an Active Directory Domain Controller. In addition, we published
guidelines for how RD Session Host could be used without the RD Connection Broker.
Microsoft Support was curteous and helpful and they were the ones who advised cutting our losses, which mirrored my hunch after seeing what was transpiring in the system. They refunded my money for the support call.
For me, it was an opportunity to find out if there was any way to configure Windows 2012 R2 in the Same manner that it was setup as Windows 2008 R2 and lay that to rest. The coexistence is poorly implemented. It is as if there was a reaction from all the deprecation
of bread and butter features such as shadowing in TS and the coexistence of AD DS and RDS to where those features were re-added haphazardly. (I have no complaints on shadowing on Windows 2012 R2 it works, just do not like having to go to server manager to
use it).
I opted for virtualizing the Domain controller to eliminate the incompatibility issues and that is what I will be doing from now on. I found free solutions for backing up and reporting for virtual machines as well as the suggested procedures for configruing
a Domain controller as a virtual machine on a Hyper-V environment and I will be sticking to those. Thus far the setup has been operational.
I am not allergic to virtualization, but for really small setups it adds additional time and considerations but if that is how it has to be done, so be it. Windows 2008 R2 days are numbered and since we can usually squeeze 5-7 years on quality server equipment,
buying a Windows 2008 R2 setup now is a borderline disservice in my opinion.
Hopefully someone finds this useful and saves some time.

Hi,
Thank you for posting in Windows Server Forum.
Do you need any other assistance?
Based on your description, you are describing your story of successfully implementing RDS server with AD role and more regarding all RDS related scenario. For shadowing feature, you can use with command also. Below is the syntax to shadow a session.
mstsc /v:<ServerName> /shadow:<SessionID>
Hope it helps!
Thanks.
Dharmesh Solanki
TechNet Community Support

Remote Desktop using Domain Credentials

I have two Domain Controllers (Windows Server 2k8 R2 with IIS and DNS role). Forest and Domain functional level is Windows Server 2008. They are in separate locations joined by a VPN. I also have Dev servers (also Win 2k8 R2 with IIS role).
I want to log into the Dev servers using my domain credentials. Can anyone tell me what I need to check or configure in order to achieve this?
Note:
- I do not have DHCP (yet), -> please confirm if this is an issue.
- I can RDP to the Dev servers using their respective local users.
- but network users (which are members of Domain Admin and Remote Desktop Users) cannot RDP.
- do I need to have Remote Desktop Services (Terminal Services)? -> if so, i need to raise my functional level, right?
- I am accessing them from Windows 7 (which is not a member of the domain)

Hi,
Thanks in advance. I can connect to my dev server (using domain credentials) when I am accessing it from my Domain Controller but when I am using my Windows 7 client, it produces these errors:
*I usually get this error
Remote Desktop can't connect to the remote computer for one of these reasons:
1) Remote access to the server is not enabled
2) The remote computer is turned off
3) The Remote computer is not available on the network
Make sure the remote computer is turned on and connected to the network, and that remote access is enabled.
---- OR ----
*Least frequent error
Configuration information could not be read from the domain controller, either because the machine is unavailable or access has been denied.
---- OR -----
*I get this whenever I entered the IP Address instead of the name (dev1):
Your credentials did not work
The credentials that were used to connect to 10.0.0.20 did not work. Please enter new credentials.
The logon attempt failed
2. There was no Security log when I got that error, but, a while ago, I was able to produce this security log:
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 4/13/2012 9:52:47 PM
Event ID: 4625
Task Category: Logon
Level: Information
Keywords: Audit Failure
User: N/A
Computer: dev1.domain.com
Description:
An account failed to log on.
Subject:
Security ID:
NULL SID
Account Name:
Account Domain:
Logon ID:
0x0
Logon Type: 3
Account For Which Logon Failed:
Security ID:
NULL SID
Account Name:
admindomain
Account Domain:
DOMAIN
Failure Information:
Failure Reason:
Domain sid inconsistent.
Status:
0xc000006d
Sub Status:
0xc000019b
Process Information:
Caller Process ID:
0x0
Caller Process Name:
Network Information:
Workstation Name:
DC-00
Source Network Address:
Source Port:
Detailed Authentication Information:
Logon Process:
NtLmSsp
Authentication Package:
NTLM
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon request fails. It is generated on the computer where access was attempted.
The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
The Process Information fields indicate which account and process on the system requested the logon.
The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>4625</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12544</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2012-04-14T02:52:47.862465000Z" />
<EventRecordID>139204</EventRecordID>
<Correlation />
<Execution ProcessID="808" ThreadID="4648" />
<Channel>Security</Channel>
<Computer>dev1.domain.com</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-0-0</Data>
<Data Name="SubjectUserName">-</Data>
<Data Name="SubjectDomainName">-</Data>
<Data Name="SubjectLogonId">0x0</Data>
<Data Name="TargetUserSid">S-1-0-0</Data>
<Data Name="TargetUserName">admindomain</Data>
<Data Name="TargetDomainName">DOMAIN</Data>
<Data Name="Status">0xc000006d</Data>
<Data Name="FailureReason">%%2314</Data>
<Data Name="SubStatus">0xc000019b</Data>
<Data Name="LogonType">3</Data>
<Data Name="LogonProcessName">NtLmSsp </Data>
<Data Name="AuthenticationPackageName">NTLM</Data>
<Data Name="WorkstationName">DC-00</Data>
<Data Name="TransmittedServices">-</Data>
<Data Name="LmPackageName">-</Data>
<Data Name="KeyLength">0</Data>
<Data Name="ProcessId">0x0</Data>
<Data Name="ProcessName">-</Data>
<Data Name="IpAddress">-</Data>
<Data Name="IpPort">-</Data>
</EventData>
</Event>
3. No Application Errors

Remote Desktop Session Host on Server 2012 not domain-joined

I have a server 2012 which is running Remote Desktop Session Host role without the Connection Broker like described here:
http://support.microsoft.com/en-us/kb/2833839
Now the client would like the Network Level Authentication (NLA) disabled. And since server 2012 does not have the Remote Desktop Session Host Configuration tool, I have to use the server manager console.
https://social.technet.microsoft.com/Forums/windowsserver/en-US/630cc818-69b0-4e1c-8d65-1b895b20e203/where-is-the-remote-desktop-session-host-configuration-tool-in-server-2012-?forum=winserverTS
But when I go to the remote Desktop Services of Server manager, it says “You are currently logged on as local administrator on the computer. You must be logged on as a domain user to manage servers and collections.”
So I tried finding some Powershell cmdlet could help me with the problem. I guess
Get-RDServer
or Set-RDSessionCollectionConfiguration would be the ones but I can’t seem to make them work.
Any help, or a hint that I going in the right direction or not?

Hi,
Have you configure the certificate for your server?
Add the user under Remote Desktop user local group, configure FQDN name of server. Please see that if we are using RDS server in workgroup then most of the tools provided to make managing/configuring RDSH servers easier in 2012 will not work in a workgroup
configuration including some PowerShell command. You can check the below article for information.
Deploying a RDSH Server in a Workgroup – RDS 2012 R2
Hope it helps!
Thanks.
Dharmesh Solanki
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

Best pracices for setting up Domain controller for our remote European offices

Hi,,
We have about 17 remote site across Europe (HQ in UK), I want to start revoking the offices local DC's and host them in a couple of Cloud servers in Germany with local NAS boxes for file storage. I will have MPLS network between the offices to the Cloud
DC.
Now what would be the best practices and tips for this situation in respect to the DC's. How can I prioritize the remote offices to use the Cloud DC/DNS and not our DC at our HQ in the UK. Would it be better to have a sub-domain created (europe.company.co.uk)
for the other offices.
Any suggestions on this setup for the DC

Hiya,
on the conceptual level. The reason for having local DC's, is that if the local sites internet line is offline, people are still able to authenticate and access local resources. From that point of view, you might as well just run with your HQ DC's only. Note:
the cloud does offer availability on their services, that might not be matched by your HQ in terms of double internet lines.
That said.
The DNS server of the clients as well as the sites & services of Active Directory. Your clients will use the nearest domain controller available from sites and services information.
Managing Intersite Replication
http://technet.microsoft.com/en-us/library/cc794799%28v=ws.10%29.aspx

Best Practices for Setting up a Windows 2012 R2 STD Domain Controller in a Remote Site

So I'm looking for an article or writeup similar to the "Adding Domain Controllers in Remote Sites" TechNet article but for Windows Server 2012 STD R2. Here is my scenario:
1. I want to setup the domain controller at Site A where the primary domain controller is located. The primary domain controller is Windows Server 2008 R2.
2. Once the DC is setup I plan on leaving it on our network for a few days before shipping it to remote Site B for installation
Other key items:
1. The remote Site B will have a different IP range than Site A but will be connected to Site A via a single VPN tunnel. All the DCs that replicate with each other are on the same domain.
2. The 2012 DC that I setup for Site B (same domain in same forest) will be a DHCP, DNS, and WSUS server all replicating to the primary DC at Site A
Questions:
1. What items can I setup while it's at Site A without effecting or conflicting with the existing network and domain controller? Can I setup a scope once the DHCP role is added?
2. All of our DCs replicate through Sites and Services, do I have to manually add this to our primary DC for the new DC going to remote Site B? Or when does this happen automatically when I promote the DC?
All and all I'm just looking for a list of Best Practices for 2012 or a Step by Step Guide. Any help would be appreciated.

Hi,
Thanks for your posting.
When you install AD DS in the hub or staging site, disconnect the installed domain controller, and then ship the computer to the remote site, you are disconnecting a viable domain controller from the replication topology.
For more and detail information, please refer to:
Best Practices for Adding Domain Controllers in Remote Sites
http://technet.microsoft.com/en-us/library/cc794962(v=ws.10).aspx
Regards.
Vivian Wang

Connection Errors to Remote Desktop from OSX after Domain name change

We have an issue using Microsoft Remote Desktop from Macs in our school. All was well until we changed the domain name of our RDS servers and installed a new wildcard certificate. Connections work perfectly in Windows 7/8 and also iOS on iPads, but we cannot
get any Macs to connect having tried OSX 10.7 and 10.9. The error message says the connection failed to load but seems to add a spurious end to the connection string - TS/en-US/Default.aspx - but we cannot trace where this is being picked up.
We can get to the site in a web browser and sign in to receive the "browser not supported" message in Safari so traffic is obviously getting to the severs.
Has anyone else had a similar issue? We have spent days poking around with DNS etc but can't seem to make any progress here.

Hi Jeremy,
I have tried removing connections and also re-installing the App. We have been using this App since January with no real issues until we made our domain name change - I really don't understand why it works fine in Windows and iOS but not OSX. We are doing
nothing different to what we have done from day 1.
Log file from our old connection when it was working looked like this:
[2014-Mar-24 10:41:43] RDP (0): Final rdp configuration used: redirectcomports=1
server port=3389
use multimon=1
redirectdrives=1
promptcredentialonce=1
authentication level=0
full address=rdsfarm.xxxxxxx.internal
session bpp=16
prompt for credentials on client=1
redirectprinters=1
drivestoredirect=*
alternate shell=||OpenMind
gatewayusagemethod=2
alternate full address=rdsfarm.xxxxxx.internal
workspace id=rdsgw.xxxxxxx.internal
allow font smoothing=1
redirectposdevices=0
audiocapturemode=1
gatewaycredentialssource=0
remoteapplicationname=OpenMind 2.0
devicestoredirect=*
remoteapplicationmode=1
remoteapplicationprogram=||OpenMind
enablecredsspsupport=1
redirectsmartcards=1
redirectclipboard=1
span monitors=1
gatewayprofileusagemethod=1
gatewayhostname=rds.xxxxxxx.sch.uk
remoteapplicationcmdline=
The log file looks very different now, all I am getting is:
[2014-Jun-17 10:26:41] RDP (0): --- BEGIN INTERFACE LIST ---
[2014-Jun-17 10:26:41] RDP (0): lo0 af=18 addr= netmask=
[2014-Jun-17 10:26:41] RDP (0): lo0 af=30 (AF_INET6) addr=fe80::1%lo0 netmask=ffff:ffff:ffff:ffff::
[2014-Jun-17 10:26:41] RDP (0): lo0 af=2 (AF_INET) addr=127.0.0.1 netmask=255.0.0.0
[2014-Jun-17 10:26:41] RDP (0): lo0 af=30 (AF_INET6) addr=::1 netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
[2014-Jun-17 10:26:41] RDP (0): gif0 af=18 addr= netmask=
[2014-Jun-17 10:26:41] RDP (0): stf0 af=18 addr= netmask=
[2014-Jun-17 10:26:41] RDP (0): en0 af=18 addr= netmask=
[2014-Jun-17 10:26:41] RDP (0): en1 af=18 addr= netmask=
[2014-Jun-17 10:26:41] RDP (0): en1 af=30 (AF_INET6) addr=fe80::21f:5bff:feb8:3f72%en1 netmask=ffff:ffff:ffff:ffff::
[2014-Jun-17 10:26:41] RDP (0): en1 af=2 (AF_INET) addr=192.168.0.65 netmask=255.255.255.0
[2014-Jun-17 10:26:41] RDP (0): fw0 af=18 addr= netmask=
[2014-Jun-17 10:26:41] RDP (0): --- END INTERFACE LIST ---
[2014-Jun-17 10:26:41] RDP (0): ----- BEGIN ACTIVE CONNECTION -----
[2014-Jun-17 10:26:41] RDP (0): client version: 8.0.24875
[2014-Jun-17 10:26:41] RDP (0): Protocol state changed to: ProtocolConnectingNetwork(1)
[2014-Jun-17 10:26:41] RDP (0): correlation id: 9f18df13-7c84-dc4b-a780-e6b77a280000
[2014-Jun-17 10:26:41] RDP (0): Protocol state changed to: ProtocolDisconnected(8)
[2014-Jun-17 10:26:41] RDP (0): ------ END ACTIVE CONNECTION ------
[2014-Jun-17 11:44:15] RDP (0): *** Application terminated ***
[2014-Jun-18 09:51:37] RDP (0): *** Application terminated ***
[2014-Jun-19 12:00:19] RDP (0): *** Application terminated ***
[2014-Jun-19 12:15:32] RDP (0): *** Application terminated ***
[2014-Jun-19 12:16:21] RDP (0): *** Application terminated ***

Adding a Server 2008 R2 Domain Controller at a remote site

Hello. I have been trying to set up a hot site at a remote location. The story is long and involved but a few weeks ago it seemed to be finally working. Our setup is two mirrored 2008 R2 servers at main site, mirrored with Double Take.
The hot site is the same except that so far I only had one server working. The two sites connected via site to site VPN.
About a week later our primary server basically crashed. At first it worked but very slowly. I was on vacation at the time and so I am not sure of the sequence of events, or exactly what errors were presented, but my associate first tried rebooting.
It took over 20 minutes to boot and then it said something to the effect that no domain controllers were available (not sure about this message). He then discovered that the server at the remote site had some fsmo roles assigned to it. He transferred
the roles to the primary at the main site and then demoted the remote server to a workstation (but still a domain member).
After that, rebooting the primary was much faster and everything at the primary site is working again. Now I want to set the remote site up again, but avoid the problem. The way I originally set up the remote server was to use an IFM file, generated
from our primary. This should have made the remote server a catalog server, with DNS (which it did), but as far as I know should not have transferred any fsmo roles.
The remote server(s) are wanted to be in the same domain as the primary. They will also be mirrored from the primary (with Double Take). If we had total failure at the main site, we wish to be able to immediately begin operations at the hot site
(after a fail over). I freely admit that I am swimming out of my depth here. I am not sure that I have selected the correct architecture or used the correct options in setting up the remote servers. I am looking for information about what
went wrong, and whether some other setup is more desirable.
Thanks for any help, Russ
Russ

Philippe, thank you for you answers. I do not understand everything you said but I will address each point as best I can:
1. "In the remote site do you simply do a dcpromo / add the ADDS's role to make the server a active Domain Controller ?" Yes, but I use the method described at
http://technet.microsoft.com/en-us/library/cc753720(v=ws.10).aspx, The GUI method. At step #8 I specified to use advanced mode so I could use the IFM file.
2. "In your AD' Site and Service MMC, do you configured the remote site ?" R do not know what you mean by this. How does one configure the site as 'remote'?
3. "Do you added that remote server as a Global catalogue ?". Yes, when I built the IFM file I specified to add the global catalog.
4. "Do you added the PC in site 1, the IP of those DNS server in them ? (last of course) So the computer in the main site will talk to the remote server in case of a crash." I am not sure I understand this item. After the remote server
was added, all of the members of both domain servers automatically appeared in the DNS of all servers in the domain. I do not recall if the new items were last, but I expect that they would be.
I have since reviewed the happenings with my associate and have a little more information. The order of the problems and the actions taken are:
1. Our primary (production) system was still working but extremely slow, and he observed that the slowness was caused by a lot of traffic with the remote site. Rebooting the production server took over 25 minutes and the server to came up saying
that domain information was not available. After another 30 minutes or so he discovered that the domain data was now available and the server worked, but still slow.
2. He did not check to verify that roles were held by the remote server, but he transferred all roles from the remote to the production server using ntdsutil. I would expect that if the role was not held by the remote, the transfer command would have
shown that fact.
3. He then tried to demote the remote server but had an error that it could not be demoted because "the active directory service is missing mandatory configuration information".
4. He forcefully demoted the remote server.
5. After rebooting the production server again performance was slightly better but still slow (and the rebood was still very slow).
6. After some research he removed the remote domain controller's meta data from the production server and then rebooted the production server again.
At that point reboot was fast (under 5 minutes) and the production system was working at normal speed again.
All of the above leads me to believe that somehow the FSMO roles got added to, or moved to the remote site when I used the IFM file to create the new domain controller. However nothing I have read says that this should happen. I hope someone
here can give me a better answer as to what caused the problem, as I do not wish to interrupt our production system like this again.
Thank you, Russ
PS: Sorry for the delay in getting back to this but some other priorities took me away from it for a week.
Russ

Only One domain controller, Remote Registry service keeps DISABLING itself. Where in the registry could this be set?

This is killing my remote management. I have 4 server 2012R2 domain controllers. Only one of them is being affected with this problem. Almost everytime I check, the remote registry service is disabled again. It seems like there is a corrupt
group policy preference that keeps on attacking during a policy refresh, but I can't imagine setting a group policy to disable this service. It is needed for our remote management. Also the IP Tunnel service is also disabling. Another strange
artifact is that when I set a Windows Firewall policy to add an exception for remote administration in a group policy to my Admin workstation, it seemed to set a firewall rule in other computers to block remote administration. I can not figure out where
else this strange Windows Firewall rule Blocking remote administration could have come from. These may be related or they may not, but they are occuring on the same domain controller. I am able to set the RemoteRegistry service to enabled and to
start it (which I have done too many times now), but it constantly is being changed back to disabled. I am searching the registry to find any invalid entries or artifacts that may be affecting these two annoying effects, but I cannot find anything yet.
Any ideas? I need to know what policies will disable the remoteregistry service OR the IPTunelling service, or where in the registry this could be set to enact this during a policy refresh. Of course, any other ideas are welcome, I have spent
several days troubleshooting this, and need to conquer this by tomorrow if possible, thank you. James

Hi,
Please type
services.msc in RUN to open Services panel, navigate to the Remote Registry service. Then open its Properties and set
Startup type: Automatic. Then please check if this issue still exist.
In addition, please refer to mlippold’s suggestion (the last reply) in following thread and configure relevant
value in RemoteRegistry registry key, then check if can help you to solve this issue.
For registry items, please back up all registry items before all operations. That will help us to avoid some unexpected issue.
Remote
Registry Service stops automatically if we do not use it above 10 minutes
By the way, did you open Event Viewer and check if find any relevant errors?
If any update, please feel free to let me know.
Hope this helps.
Best regards,
Justin Gu
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

Installing Domain Controller certificates remotely - private key remains on local server!

Using a 3rd party CA (Entrust), I have successfully requested and installed Domain Controller certificates via the Certificates MMC snap-in.
I did this from one Domain Controller, and then just used the (right click) "Connect to another computer" option to do the rest. Everything looks absolutely fine, the certificates look ok.... certificate chain is complete, and valid (all
CA certs are installed) and the certificates say "You have the private key that corresponds to this certificate".
If I do a LDAPS bind using LDP.exe, it works fine on the first DC.
Do this on the next and I get the error:
Cannot open connection
Error 81 = ldap_connect(hLdap, NULL);
Server error: <empty>
Error <0x51>: Fail to connect to DCHostname.
After some checking I looked in the folder C:\ProgramData\Microsoft\Crypto\Keys
This contains a lot of files on the DC I was logged onto when installing the certs, and no files on any of the other DCs. I am guessing this is the private key file and it has stored all of them on the local machine I was running MMC from rather than
on the machines I connected to from MMC.
Is there any way to get these keys onto the correct DCs now - or will I have to re-request all of the others. The private key was not exportable.
I figured copying and pasting them was probably not going to work with a private key, but I tried it anyway just to be sure!
It is pretty annoying as no clue was given during the process of requesting and installing the certificates, and there is no error when you look at the certificate - they all think they have the private key associated to them, even though it rather looks
like they don't!
It's a bit painful requesting certificates here, so any help in avoiding this would be appreciated! Thank you

Thank you Elke,
So I copied the key files across from the server where they were all generated to the server I remotely connected to (which had no key files at all). Copied all just to be sure, though I’m
pretty sure which one actually relates to that server as I did them all in order - reflected by the time stamps.
Ensured all the permissions were the same, and that they were marked as ‘system’ files.
Ran the command
certutil -repairstore my [SerialNumber of cert]as
you suggested, but no luck unfortunately.
So firstly, I get the same error message:
Cannot find the certificate and private key for decryption.
CertUtil: -repairstore command FAILED: 0x80090010 (-2146893808)
And then I get:
CertUtil: Access denied.
Not sure why the access denied, I am running elevated with full local and domain administration rights.
Toby

Allow log on through Remote Desktop Services Group Policy for Domain Controllers

Hello,
We want to allow our Helpdesk Operators to be able to connect to Domain Controllers with the Remote Desktop Services. This is by default not allowed but according to many sites, it should be able to configure by using a Group Policy.
We made a new Group Policy with the setting 'Allow log on through Remote Desktop Services' and 'Allow log on locally' (as an extra for testing) and applied Security Filtering to only use it for a specific Security Group. Our test user is a member of this
security group and should be able to access the Domain Controllers now. However this isn't working.
The error message we receive upon trying to connect:
The connection was denied because the user account is not authorized for remote login.
For troubleshooting, we also applied the Security Group for that setting in the Default Domain Controllers Policy but that doesn't seem to work either. We want to avoid customization on our Default Domain Controllers Policy but this was just a test case
for solving our problem.
What should we do to solve our problem?
I hope to hear from you soon.
Thanks in advance.

Hi, I just found out what the problem was. This site helped me alot:
http://blogs.technet.com/b/askperf/archive/2011/09/09/allow-logon-through-terminal-services-group-policy-and-remote-desktop-users-group.aspx
In my case, I had the group added to the Allow Logon Through Remote Desktop Services but was not added to the Builtin\Remote Desktop Users group. After knowing this I made some changes to our situation and are now using the builtin\Remote Desktop Users group
rather than a new self made Security Group. I also added the Remote Desktop Users to the Allow Logon Through Remote Desktop Service in the Default Domain Controllers Policy as this is not done by default. By default only the Domain Administrators are able
to logon through remote desktop services.
You do not need the 'Log on Locally' permission within the Group Policies.
In short:
Add the desired users/groups to the 'Builtin\Remote Desktop Users' security group.
Add the 'Builtin\Remote Desktop Users' security group to the 'Allow Logon Through Remote Desktop Services' within the 'Default Domain Controllers Policy'.
Thank you anyway for the fast reply.
Have a nice day!

Ports for Creating Additional Domain controller at my remote DRC site

Hello Expert,
I have my disaster recovery center (DRC) at a remote place, now I want to configure Additional domain controller (ADC) at my DRC, kindly share me the list of ports that I need to open at my firewall to configure this ADC. I am having Server 2008R2 environment.
Swaprakash..

Hi,
The blelow link has a detailed information of the required port should be open for AD communication
Active Directory Firewall Ports - Let's Try To Make This Simple
http://msmvps.com/blogs/acefekay/archive/2011/11/01/active-directory-firewall-ports-let-s-try-to-make-this-simple.aspx
http://technet.microsoft.com/en-us/library/dd772723(WS.10).aspx
http://social.technet.microsoft.com/wiki/contents/articles/584.active-directory-replication-over-firewalls.aspx
Regards,
Rafic
If you found this post helpful, please give it a "Helpful" vote.
If it answered your question, remember to mark it as an "Answer".
This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!

Server 2012 RDS - Remote Desktop Connection Broker Client failed to redirect the user domain\username. Error: NULL

Seeing the error listed here.
The Remote Desktop Connection Broker server could not enumerate the targets for the provider named NULL from the database.
Pooled virtual desktop collection name: NULL
Error: Error code: 0xFFFFFFFF.
Broker and Hyper-V are on the same physical machine.
Any ideas on where to start troubleshooting this?
Used the happy wizard to create everything, and got no errors.
I have created a small pool collection, and given rights to domain users. Everything "looks" good.

I have the same problem.
(Making this long hand for those who come after)
I have installed SQl Management Studio Express 2012 SP1
http://www.microsoft.com/en-us/download/details.aspx?id=29062
(You only need the one file "SQLManagementStudio_x64_ENU.exe")
Ran this as Administrator
And typed in the Server Name field
\\.\pipe\MICROSOFT##WID\tsql\query
Then hit connect.
Expanded Databases (+sign)
Expanded RDCms
Expanded Tables
Right Clicked on rds.target, select Edit top 200 rows
Right Clicked and copied, then pasted this into a notepad file on the desktop (As a backup)
Right Clicked and selected Delete to delete the row with the data in it (and PoolID was set to Null in this row)
Did the same for rds.pool
Manually added Remote Desktop server into the MEMBER OF tab of
“Windows Authorization Access Group” via Active Directory Users and Computers. As this domain was Windows 2003 Native when the RDS server was first installed.
Rebooted server and same issue>
Checked SQL again and rows had come back.
Is that what you meant by "delete
the rds.target and rds.pool with pool id = NULL"?
Not a SQL guru, so any help appreciated.

REMOTE DESKTOP ON A DOMAIN CONTROLLER

Similar Messages

Maybe you are looking for