Remote desktop services 2012 R2 remote(external) users having issues

Similar Messages

• RD Gateway - 404 - File or directory not found - Remote Desktop Services 2012 R2 - External users

  Hi All, 
  I’m currently deploying RDS to our network, I’ve installed and configured the RD Gateway role – accessing https://remote.external.com/RDWeb internally works fine but not externally. Externally https://remote.external.com reaches the servers default IIS page
  but once I put /RDWeb I get the error 404 – File or directory not found.
  I’m not sure what’s not configured properly but below is the setup – keep in mind that the internal domain is different to the external FQDN i.e. the server name of the GD Gateway is Server4.internal.pri and the FQDN to access RDS externally is remote.external.com 
  - Server1.internal.pri Internal Network
  RD Session Host
  - Server2.internal.pri Internal Network
  RD Session Host
  - Server3.internal.pri Internal Network
  RD Connection Broker, RD Licensing, RD Web Access
  - Server4.internal.pri DMZ Network
  RD Gateway DMZ IP/ Internal IP
  - Certificate for all servers is a wildcard *.external.com
  In the RDS Deployment Properties
  Deployment Properties> Certificates> all certificates are configured with a wildcard certificate e.g. *.external.com
  Deployment Properties> RD Web Access server= server3.internal.pri URL = https:// server3.internal.pri/RDWeb
  Deployment Properties> RD Gateway> Server name = remote.external.com – I’ve understood that this is the URL (FQDN) to access RDS and not the RD Gateway servername itself
  RD Gateway Manager Properties
  Browse and import certificate> *.external.com
  Transport Settings> IP address for HTTPS = 192.168.x.x (DMZ IP)
  Transport Settings> IP address for UDP = 192.168.x.x (DMZ IP)
  IIS
  Both the RD Gateway and the Connection Broker have https certificate as *.external.com and in the site bindings https is * for ip addresses, specifying the DMZ IP on the RD Gateway doesn’t fix the issue
  DNS, Network, Domain etc..
  remote.external.com points the Public IP in DNS with an A record – Public IP is NATed to the RD Gateways DMZ IP on the firewall – RD Gateway is joined to the domain – RD Gateway has another NIC with an internal IP
  Firewall
  Port 80, 443, 3391 is open from the internet to the RD Gateways DMZ IP, RD Gateway also has an internal IP with full access to the other RDS roles
  Errors I receive with the MS Best Practice Analyzer
  Problem:
  The Remote Desktop Gateway (RD Gateway) server Secure Sockets Layer (SSL) certificate may not have a valid certificate subject name.
  Impact:
  If the RD Gateway server is configured to use an SSL certificate with a certificate subject name that is not valid, users cannot connect to internal network resources (computers) through the RD Gateway server.
  Resolution:
  Use the RD Gateway Manager tool to select a valid SSL certificate for the RD Gateway server to use.
  Even though I did configure this… seems like it might be from the split DNS
  Other 
  I can access RDS from the RD Gateway box https://remote.external.com and client machines
  no certificate errors internally, either externally when I reach the default IIS page of the RD Gateway i.e. https://remote.external.com
  Any help is much appreciated!

  Thanks TP,
  I have many public IP's available. Do I need to install the RD Web access role on the DMZ server that has the RD Gateway role even if i have spare public IP's available? 
  I've basically have this setup "3.1. RD Gateway without AD DS in perimeter network deployment:"
  On the below link
  http://blogs.msdn.com/b/rds/archive/2009/07/31/rd-gateway-deployment-in-a-perimeter-network-firewall-rules.aspx
  currently there's an CNAME record in DNS for remote.external.com which points to Server3.internal.pri
  which holds the RD
  Connection Broker, RD Licensing and RD Web Access roles
  Are you saying to create an A record and point it to Server3.internal.pri
  internal IP? I'm not getting certificate errors (yet) so do i have to run the script? i ask this as the error message i'm getting (404 - File or directory not found) doesn't seem to be related to certificates, i'm making changes to a production environment
  so i have to be extra carefull!
  Cheers!

• Mac users having issues with my Site

  I just recently had a Mac user complain to me that my website wasn't working for him http://woodsshop.com/index.htm
  I'm wondering if the fact I edit my site using CS3 might be his problem?, but that's a wild guess on my part.
  he said
  " when I enter your web site...under "creative builders"  when I click on "kits", "plans" "japanese" "about us" or "contact us"  my computer freezes...in other words, it just see there, waiting for the site to come up and it never does.  No drop down windows or anything, its just that your site does not move from one area to the next smoothly.  Now this is on my 6 month new apple computer....and as I said, everwhere else I go, no problems....."
  I contacted my Host, they recommended he clear his cache, didn't help him.
  So I went and posted a question on the Mac Safari forum, asking if other Mac users were having issues, some of them are, some not, but enough are, and that has me concerne, how many others can't even access my site?
  Here's that discussion
  https://discussions.apple.com/thread/3880515
  I went and looked at my AW Stats and Mac users are just a small part of my traffic it looks like.
  [IMG]http://i11.photobucket.com/albums/a173/JoeWood_/Misc/AW-Stats.jpg[/IMG]
  So I'm Hoping someone here has some insight :-)

  Alright, this clears the air somewhat.
  Do one thing, if you have created the course, you must be aware about the answers, enroll yourself as a user and --
  Appear for the course, make sure, you answer all (or enough questions to score 85% marks.) Not just the quiz you have to make sure you view 50% of the slides completely. So that means, if the slide dureact for each slide is say 1minute and there are 40 slides, view a minimum of 20 slides completely to their 1 minute duration.
  Only then you would recieve a completed result.
  Please try the above scenario and verify you get a completion on your LMS. If you do, then check again your User reports and you will certainly find that your users had failed ne or the other criteria (Slide Views/ Quiz Score)
  Alternately, if you want to be linient enough to just mark completetion on Quiz Result, you can uncheck the Slide views option from Success/Completion Criteria, under Reporting.
  Good Luck!
  Anjaneai

• Changing Outlook Anywhere from NTLM to Basic Auth (remote users having issues)

  Hello All:
  We have a terrible vendor that is implementing our transition to Office 365. They told us we had to change the Client Auth method on the CAS to Basic (from NTLM) and all that might occur is for users to enter their creds and click "Remember my credentials".
  Not the case.
  We tested internally & on cell phones - everything went unnoticed. Then peeps from the outside started getting prompted for their UN/PW. Even when they put in their valid creds & check the box, no dice. Reboots, checking Outlook client for the proxy
  settings (which are now set to Basic) sometimes does, sometimes doesn't work. We are baffled as to where we force the setting (which they've received in Outlook), so the road warriors start working.
  Any feedback would be greatly appreciated.
  Thanks.

  Hi,
  Please confirm whether the issue only happens to your external Outlook Anywhere users in Exchange 2010.
  Please run the following command to check your Outlook Anywhere configuratioon:
  Get-OutlookAnywhere | fl
  Confirm that the ClientAuthenticationMethod parameter and IISAuthenticationMethod are both set to Basic. If this is any changes, please run:
  Set-OutlookAnywhere -Identity “E14-01\Rpc (Default Web Site)” -ClientAuthenticationMethod Basic -SSLOffloading $False -ExternalHostName mail.domain.com -IISAuthenticationMethods Basic
  Then restart IIS service by using running IISReset from a command prompt window.
  Regards,
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Winnie Liang
  TechNet Community Support

• For those users having issues syncing outlook exchange to iphone read this

  I just went through **** on my network getting iphone OS3.0 to sync with exchange and it was so easy once I figured out why,
  scenario: you go through the wizard, not the imap one but the exchange button, put in all your info, have it fail on the autodiscovery and enter in your webmail server address, and nothing, fails to verify or verifies and nothing appears but your inbox, heres why,
  if you go and run the tests from the exchange server (or have your IT folks do it)
  its http://testexchangeconnectivity.com
  run the exchange activesync test (lower one) not the with autodiscover - thats for 2007 exchange users,
  you will need the following ports open on your front end server or firewall
  80 143 443 465 and 993 (this covers all the iphone sync ports needed) you can open 25 if you choose imap, but you wont need imap
  run the test, and if it passes and you dont get mail here's why, theres a http://500 error on the sync feature, because Winblows uses kerberos authentication on the backend, so you need to enable IWA (or integrated windows authentication)to do this remote into or go to the exchange backend server you need to enable integrated windows authentication on the /exchange virtual directory inside IIS, i know microsloth states use the ESM, but dont, once the change is made on the backend server restart it or restart iis services through the iis snapin,
  if you do not have access to the exchange server backend you can buy your it guy some cookies or a food gift (we all love food) and they might be nice and do it,
  * update *I have recieved a few emails about certificates, there are (2) ways to do this,
  either use the iphone configuration utility - slow way
  or email your self signed certificate to yourself and download it on your iphone either through safari and the owa interface or an external gmail or other account. save the cert and it will automatically put itself on the iphone and all you need to do is click/touch install
  other issues, please respond. I am a Engineer with 21yrs experience, and vast experiences in multiple platforms, including the elusive iphone.

  I'm not sure if this fits with the problem I'm having (but I really hope it fixes it!)
  I have a 3G, upgraded to 3.0 the day it was released. Everything was fine until 3 days ago. I have 2 accts set up through the mail app, one is a Yahoo and one is Exchange (for work). Both accounts have always worked perfectly. Suddenly, the iphone Exchange acct stopped accessing my inbox. Yahoo is fine. My calendar and contacts are still syncing to exchange. I can open the mail in my outbox,trash,sent folders. I can send mail from the exchange account on my iphone. It will show me names of the subfolders in my inbox on the iphone - but everytime try to get to the incoming mail, it tries to connect and says it can't est connection. IT says no changes to server. Tried hard reset, restor, delete acct. No luck.

• Installed a SSD in my 2012 MBP and I'm having issues with waking up from long periods of sleep.

  It keeps restarting instead of waking up from sleep. I've read that downloading a new firmware driver migtht help but I'm not sure how to do this exactly. I've also read about creating a new user account? Any other ideas? Thanks friends!

  Update to the latest version.  (There are several than can be called CC.)

• Some SBS 2011 users having issues with s/mime messages containing attachments

  We have a contact from the outside world who is obligated to send emails that have attachments as S/mime. Whenever he sends the Executive Staff here an email containing (let's say) a Microsoft Office file, they instead get an attachment named smime.p7m that
  contains a winmail.dat file or instead just get a winmail.dat file attached instead.
  As someone with administrative rights (and I think that's what the deciding factor is), if he sends me the same email and I open it in my client of choice (Eudora in this case), I get the attachment he wants received and also a smime.p7m file with certificate
  information in it. However, if he sends the email with me as a cc: to one of the other users, instead of recipient, I only see what the other user sees.
  If I go into OWA as any of the affected users, it takes a bit of maneuvering (in that I have to click on a dialog that reads "This type of message isn't fully supported in Conversation mode.
  Click here to open the full version, which may show you more details or features"), but I can eventually get to the attachment once the full version pane opens.
  If get into Outlook 2010 as the user "Journaling", I can open the copy that Journaling's mailbox receives and see the attachment just fine too.
  I honestly have no clue what the problem might be, and would be very grateful for any help.

  Hi ,
  Thank you for posting your issue in the forum.
  I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.
  Thank you for your understanding and support.
  Best Regards,
  Andy Qi
  Andy Qi
  TechNet Community Support

• Users having issue filling out form

  It appears that when you first access the below form on our website, there can be a delay in the fillable boxes appearing within the form but once you move the mouse they will appear.  So what is happening is that applicants are printing the application without the boxes and then completing filling them out by hand.  Is there a reason that the boxes do not always appear right away or a change that can be made so that they do?  Please let me know.
  http://www.dos.ny.gov/forms/licensing/1206-f-a.pdf

  I was not able to reproduce your issue on Adobe Acrobat XI. What version of Adobe Acrobat is installed? Which browser are they using?

• Is there a forum for Studio Creator users having issues migrating to NB6.1

  I have followed the "Migration Guide" for converting my Studio Creator project over to NetBeans 6.1. It migrated over fine. I am able to compile and deploy my application just fine. The problem is that my jsp pages can no longer be opened in design mode. I get "Loading, please wait" and the following error if you click the red circle in the lower right-hand corner of the screen:
  java.lang.ClassNotFoundException: com.sun.jsfcl.util.DesignTimeComponentBundle
       at java.net.URLClassLoader$1.run(URLClassLoader.java:200)
       at java.security.AccessController.doPrivileged(Native Method)
       at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
       at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
       at java.lang.ClassLoader.loadClass(ClassLoader.java:251)
       at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
       at java.lang.Class.forName0(Native Method)
       at java.lang.Class.forName(Class.java:164)
       at com.sun.jsfcl.util.ComponentBundle.getBundle(ComponentBundle.java:103)
  Caused: java.lang.RuntimeException: Could not create instance of com.sun.jsfcl.util.DesignTimeComponentBundle
       at com.sun.jsfcl.util.ComponentBundle.getBundle(ComponentBundle.java:106)
       at com.sun.jsfcl.util.ComponentBundle.getBundle(ComponentBundle.java:74)
       at com.sun.jsfcl.data.ResultSetPropertyResolver.<clinit>(ResultSetPropertyResolver.java:37)
  Caused: java.lang.ExceptionInInitializerError
       at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
       at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
       at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
       at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
       at com.sun.faces.util.Util.createInstance(Util.java:458)
       at com.sun.faces.config.ConfigureListener.configure(ConfigureListener.java:584)
       at com.sun.faces.config.ConfigureListener.configure(ConfigureListener.java:487)
       at com.sun.faces.config.ConfigureListener.contextInitialized(ConfigureListener.java:381)
       at org.netbeans.modules.visualweb.jsfsupport.container.RaveConfigureListener.contextInitialized(RaveConfigureListener.java:93)
       at org.netbeans.modules.visualweb.jsfsupport.container.FacesContainer.initialize(FacesContainer.java:174)
       at org.netbeans.modules.visualweb.jsfsupport.container.FacesContainer.<init>(FacesContainer.java:119)
       at org.netbeans.modules.visualweb.insync.models.FacesModelSet.getFacesContainer(FacesModelSet.java:574)
       at org.netbeans.modules.visualweb.insync.models.FacesModelSet.<init>(FacesModelSet.java:411)
  Caused: java.lang.reflect.InvocationTargetException
       at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
       at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
       at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
       at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
       at org.netbeans.modules.visualweb.insync.ModelSet.createInstance(ModelSet.java:265)
  Caused: java.lang.RuntimeException
       at org.netbeans.modules.visualweb.insync.ModelSet.createInstance(ModelSet.java:269)
       at org.netbeans.modules.visualweb.insync.ModelSet.getInstance(ModelSet.java:250)
       at org.netbeans.modules.visualweb.insync.ModelSet$1.run(ModelSet.java:217)
  [catch] at java.lang.Thread.run(Thread.java:595)
  Any ideas anyone?

  Did you get an answer for this?

• TS3276 computer illiterate mac user having issues with "mail"

  hello, we are having problems with our mail account.  the "gmail 2" account will only send through the primary gmail account.  i can see in preferences that the gmail 2 appears to be offline.  in the "account information" section of settings, the outgoing mail server is listed as (offline) following the address. how do i change that to online?  or... is that even the problem???

  Reference the article, what did Connect Doctor show and was there any information in the Show Details box if the server showed red and you selected it?

• Remote Desktop Service Manager - configure permissions for Remote Desktop Users to Send Message, Disconnect, Logoff

  Hello, dear colleagues.
  We are using Windows Server 2012 R2 as Remote Desktop Server. Also use Windows Server 2008 R2 with Remote Desktop Service Manager to control RDS user sessions (Send Message, Disconnect, Logoff, Query Info). 
  Send Message, Disconnect, Logoff options works only for users in Administrators group.
  I can't to configure permissions for Remote Desktop Users, specific user or AD group. 
  To set permissions I'm running RDS Host Configuration on Windows Server 2008 R2 and connect to Windows Server 2012 R2. Then double-click
  RDP-Tcp, Security tab, add specific user account , AD group or configure
  advanced permissions
  for Remote Desktop Users.  
  But, as I sad above, these options works only for users in Administrators group. How to make it work for Remote Desktop Users or specific user, AD group?
  Thanks.
  P.S. If move specific user from Remote Desktop Users group to Administrators group on
  Windows Server 2012 R2 - it works. 

  Hi,
  You can prevent administrators from changing the permissions for a connection by applying the
  Do not allow local administrators to customize permissions Group Policy setting. 
  This Group Policy setting is located in Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security
  Apart there is one command with which you can set the permission for that check the related
  article. Additionally checkthis
  thread for more detail.
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Can't log on with administrator user by finding the message "The task you are trying to do can't be completed because Remote Desktop Services is currently busy. Please try again in a few minutes. Other users should still be able to log on.

  Hi,
  Now, my Windows 2008 R2 Enterprise server are running in the domain. It have problem about some one in my team have remote my server with the user administrator while I'm remote it now. It make my session loss. I tried to remote it again but I found
  the message at the log on screen about "The task you are trying to do can't be completed because Remote Desktop Services is currently busy. Please try again in a few minutes. Other users should still be able to log on."
  Now, nobody can't remote with administrator user into this server. I have check the application log. I found the error message like this.
  ++++++++++++++++++++++++++++
  Source: Desktop Window Manager
  Event ID: 9003
  Detail: None The Desktop Window Manager was unable to start because a composited theme is not in use
  ++++++++++++++++++++++++++++
  Source: Microsoft-Windows-Winsrv
  Event ID:10002 
  Detail: The following application was terminated because it was hung: mmc.exe.
  ++++++++++++++++++++++++++++
  Source: Microsoft-Windows-Winsrv
  Event ID:10002 
  Detail: The following application was terminated because it was hung: javaw.exe.
  ++++++++++++++++++++++++++++
  Source: Microsoft-Windows-Winsrv
  Event ID:10002 
  Detail: The following application was terminated because it was hung: Explorer.exe.
  ++++++++++++++++++++++++++++
  Source:Desktop Window Manager
  Event ID:9009
  Detail:The Desktop Window Manager has exited with code (0x40010004)
   ++++++++++++++++++++++++++++
  Source:Microsoft-Windows-Winlogon
  Event ID:6005
  Detail:The winlogon notification subscriber <Sens> is taking long time to handle the notification event (Logoff).
  ++++++++++++++++++++++++++++
  In addition, I can log on this server with other user but I can't log off by it's showing the message "please wait for the system Event Notification service". Normally, the problem can solve by reboot the server. But how can be solve this problem
  by we do not reboot the server?

  Hi,
  The cause of unable to remote back to the server seems to be services hung, please try to reset session as the article below guides to see if it works:
  Windows Server: Remote Desktop Error: The task you are trying to do can't be completed because Remote Desktop Services is currently busy
  http://social.technet.microsoft.com/wiki/contents/articles/28636.windows-server-remote-desktop-error-the-task-you-are-trying-to-do-can-t-be-completed-because-remote-desktop-services-is-currently-busy.aspx
  If the issue can always be re-produced, then I would suggest you fully patch the system.
  More information for you:
  The task you are trying to do can't be completed because Remote Desktop Services is currently busy. Please try again in a few minutes. Other users should still be able to log on
  https://social.technet.microsoft.com/Forums/windows/en-US/c58bfbd5-1d63-47e3-a489-6d8c8778b76b/the-task-you-are-trying-to-do-cant-be-completed-because-remote-desktop-services-is-currently-busy?forum=winserverTS
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Remote Desktop Services Manager Hangs / Crashes

  Hi,
  I have windows server 2008 R2 based remote desktop environment. When i access remote desktop services manager to manage domain users session, it hangs / crashes. I am not unable to add any other computer to manage as well. Same was working fine in Windows
  server 2003.
  Any valuable suggestion????
  Regards
  Rox_Star

  Hi,
  As a test, please create a new domain admin user account, log on to the server with it, and then open RDS Manager.  Do you see the same issue with the new account?
  Thanks.
  -TP

• UCES licensing - External Users

  Has anyone had experience in regards to external user licensing and UCES. For example, I have a customer that will want to use the customer e Services. I have them create the user id and password, and they are able to perform the e services. Is this external user considered an SAP user and impacts to my licensing ? for example I may have 5000 people sign up for e Services in one month, ? how does that impact licensing from an SAP/Database level. Do I need a specific SAP License for this type of external user ?  I have an SAP UCES solution and it's using an Oracle Db, and the UME to manage the users ?
  Any help appreciated. ...

  Andrew:
  With the caveat that I am not in licensing...
  E-services users are not considered users for licensing purposes (at least in terms of for SAP seats - vaguely similar to how HR ESS is licensed - people enter time but are not considered professional users unless they .  The individual e-services account users have identities but map in the backend to a generic e-services user.

• Limit external users

  Is it possible to hide the All site content button and shared with button?
  Although the external users don't have rights to browse user information it is still possible to see user information when you hover on a person en from there you can browse the rest of the organization. How can I hide this on hover information. 

  Hi ,
  Based on your description, my understanding is that you want to hide user information to prevent
  external users  having access to browse user information.
  To hide the All site content button, you can limit logged person only have permission to a
  special library and set the permission as edit.
  For the Shared With button, I suggest you make it unavailable instead of hiding it. You can set the logged user
  have Edit permission.
  Best Regards,
  Lisa Chen