RemoteApp rdp file connection restriction

Hi all,
So I have a RemoteApp deployment that gives users certain applications from the RDWeb site based on security groups. I've connected a few people using the RemoteApp and Desktop Connections in Control Panel on their Win7 workstations. I've noticed that these
users can retrieve the rdp file from their C:\Users\<user profile>\AppData\Roaming\Microsoft\Workspaces\{XXX}\Resource\ and pass around the rdp file which would bypass the security groups configured in the RDWeb site if they were to connect to the
RDWeb site. Is there a way to restrict the user from the application based on a security group if they were to connect using a retrieved rdp file?
Thanks
Victor

Hi Victor,
For your case, can’t find no such restriction policy. You need to apply RemoteApp User Assignment for the user and provide the access. If it’s like RDP file access then you can manually add the username and password under that RDP file so that only that user
can access the application. And if RDP file is to connect to server then you can restrict the user on server side to get access. After all it depends on your requirement.
You can check the below article for information.
Introducing RemoteApp User Assignment
http://blogs.msdn.com/b/rds/archive/2009/06/12/introducing-remoteapp-user-assignment.aspx
Hope it helps!
Thanks.
Dharmesh Solanki
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

Similar Messages

Renaming RDP file in RemoteApp Programs

Hello,
I would like to rename the Remote Desktop connection in RDS Web Access > RemoteApp Programs site. I would just like to change it to say something other than, "Remote Desktop". I added the Remote Desktop icon through the RemoteApp Deployment
Settings by clicking "Show a remote desktop connection to this RD Session Host server in RD Web Access".
I have tried looking into the default.aspx to see if the RDP file name is defined there, but no luck. Its strange, because when I am on the Web Access site and I view the HTML source of the site, I see where the RDP file is named, but when I open default.aspx
for editing I do not see the RDP file name there. I am guessing the RDP file name is in a webpart, but I can't seem to locate that webpart on my server.
So does anyone know if it is possible to rename that icon and how I would go about doing it?
Please let me know if you need any more clarification.
Thanks!

Maybe I'm an idiot, but why in the world would Microsoft not provide some other way of naming a Remote desktop access connection in Web Access other than hacking the registry or as even more strangely suggested (if your not comfortable with touching the registry)
use WMI? What planet does Microsoft live on? Do you really think users are more apt to use WMI (an unknowable interface) rather than a registry hack? Even more, if there is the ability to name RemoteApps anything you damn well please, why is there no
way to differentiate the multitude of possible Remote Desktop connections in the Web Access interface just as simply? Really, what planet does Microsoft live on? It seems every time someone at Microsoft opens their mouths, they make complete fools of themselves.
Please give someone, anyone, a reasonable explanation of how the ability to discreetly name Remote Desktop access connections in Remote Web Access was over looked so stupidly.

How can I Create a Client Configuration File for RemoteApp and Desktop Connection with Server 2012?

I have a working RDS RemoteApp site and looking to test out the feature in Windows 7 Control Panel\All Control Panel Items\RemoteApp and Desktop Connections
I came across this link: Create a Client Configuration File for RemoteApp and Desktop Connection and I believe this is what I need to do first, but these instructions are for
Server 2008, and I'm running 2012.
Any suggestions or tips on how I can begin testing this with Server 2012?

Hi,
You can manually enter the path to the 2012 feed and it will connect and download the RemoteApps and Desktop connections.
If you need a sample .wcx file I have posted one here a couple of times. If you want I will look for it and post a link.
-TP
I tried adding my URL's below, these are sample links that work for me right now for when I log into the web page, but neither of these work. And I'm not sure what I would need to do with or how to create a .wcx file.
When I type in my URL of: https://connect.mydomain.org/RDWeb, I get redirected to:
https://connect.mydomain.org/RDWeb/Pages/en-US/login.aspx?ReturnUrl=/RDWeb/Pages/en-US/Default.aspx

Since upgrade to Windows 8, cannot save .rdp files under the Remote Desktop Connection application on the Desktop

Since I upgraded to Windows 8, I am no longer able to save individual Remote Desktop Connection files as .rdp files. I am talking about the traditional Remote Desktop Connection application on the Desktop that was in previous Windows versions, not the
Remote Desktop App from the Windows 8 store.
When I try to click on the Save button I get "An error occurred while saving to file"
When I try to click on the Save As button I get "Unable to open connection file" with the file address being where I tried to save it with the file name at the end.
Also when I upgraded to Windows 8, my .rdp files disappeared from my Documents folder.
I need to create different .rdp files for different programs that my employees get into on my server. Now I have to hand type all the info each time into the Programs tap on the Remote Desktop Connection window, because I can't save to an
.rdp file.
I like the Remote Desktop App from the Windows store but it won't let me designate specific programs to use using standard dos notation (ie c:\program files\ etc..). It just goes to my server desktop.
I want to promote Windows 8 to my employees but I need either .rdp files for the traditional Remote Desktop Connection or the ability to open specific programs using dos notation in the Windows Store Remote Desktop App.

I know this is an old post but others might still be having the problem. Here's what I did.
Create a new text file and open it in notepad. Copy the below into it and edit for your environment. (IP, screen size).
screen mode id:i:2
desktopwidth:i:1920
desktopheight:i:1080
session bpp:i:24
auto connect:i:0
full address:s:192.168.x.x
compression:i:0
keyboardhook:i:2
audiomode:i:2
redirectdrives:i:1
redirectprinters:i:1
redirectcomports:i:1
redirectsmartcards:i:1
displayconnectionbar:i:1
username:s:USERNAME
domain:s:DOMAIN
alternate shell:s:
shell working directory:s:
disable wallpaper:i:1
disable full window drag:i:1
disable menu anims:i:1
disable themes:i:1
bitmapcachepersistenable:i:1
use multimon:i:0
winposstr:s:0,3,0,0,800,600
audiocapturemode:i:1
videoplaybackmode:i:1
connection type:i:7
networkautodetect:i:1
bandwidthautodetect:i:1
enableworkspacereconnect:i:0
allow font smoothing:i:0
allow desktop com:0
disable cursor setting:i:0
redirectclipboard:i:1
redirectposdevices:i:0
drivestoredirect:s:*
autoreconnection enabled:i:1
authentication level:i:2
prompt for credentials:i:0
negotiate security layer:i:1
remoteapplicationmode:i:0
gatewayhostname:s:
gatewayusagemethod:i:4
gatewaycredentialssource:i:4
gatewayprofileusagemethod:i:0
promptcredentialonce:i:0
gatewaybrokeringtype:i:0
use redirection server name:i:0
rdgiskdcproxy:i:0
kdcproxyname:s:
You don't need to worry too much about what's in here. Save the text file as
filename.rdp then rightclick on the file and select edit. The familiar GUI rdp session editor will open. You can make changes in the GUI and
save or save as a different session.
Hope this helps.

RemoteApp and Desktop Connection - Default Connection URL - Windows Server 2012 R2

Hi,
I'm building an Remote Desktop envoirement for our organisation wich includes the following servers:
2 Domain controllers with Remote Desktop Gateway, Licensing and Broker (1 broker functional, no HA, still in progress of building), RDWeb installed.
2 Remote Desktop Host Servers for the user logins (no applications just the desktop).
2 Remote Desktop Application Servers (RemoteApp) with all of our applications installed.
2 File Servers using DFS replication.
All of those servers are Windows 2012 r2.
Our purpose is to deploy RemoteApp's to the Remote Desktop Host servers using the GPO Default Connection URL.
The problem is that it won't apply to the users who log on to the Remote Desktop Host servers. I'm struggling with this issue for a while now and tried different possible solutions. Such as the delegation credential GPO, making the users local admin, making
the users domain admin etc etc.
My guess is that the GPO hangs on the fact that when i try to manually run the wizard to connect to the RemoteApp and Desktop connections, my credentials are asked. Which i think is odd because i'm already logged in as an domain user. I'm having the exact same
problem with the domain administrator account.
When i'm connecting manually by entering the credentials in the connection wizard everything is working as it should, it just won't connect automatically
Does someone has an solution for this?
Kind Regards,
Geoffrey van Meurs

so am I correct to assume that your issue is really with RemoteApps single sign-on (SSO)?
You have users which RDP to RDSH and again you're attempting to publish RemoteApps in that same environment?
I haven't done SSO but there is a lot of info about it on the web:
http://social.technet.microsoft.com/Forums/windowsserver/en-US/ed4447b5-2958-404b-883c-9aefa038ad61/single-sign-on-remoteapp-and-desktop-connection?forum=winserverTS
Secondly, you may need to look at your GPO loopback settings to ensure the policies are being properly applied. Use RSOP as well. Try using a local GPO to see if it makes a difference with a non-admin test user. Check event logs for GPO
processing errors/conflicts. Use gpresults, etc.
Something else worth noting here is that RemoteApp publishing is really not meant to be done inside RDSH, it's usually done on the user's workstation, therefore eliminating the need for them to even login to RDSH, reducing the number of hops and complexity.
For what you're doing, you're better off using RDWeb to publish the applications to them or using the old school method of just having app. shortcuts on the Desktop/Start menu in RDSH since they're already getting a published desktop anyway. Or just
use RemoteApps on their workstations via GPO. Just some thought if I'm understanding your goals here, but it sounds like you would need to read up on RemoteApp SSO.

RemoteApp and Desktop Connections update returns Error code: 0x80070003

I had RemoteApp and Desktop Connections working in Windows 7, but it recently started returning the following event log error.
An error occurred. Contact your workplace administrator for assistance.
Connection name: My Apps
Connection URL: https://<externalfqdn>/RDWeb/Feed/webfeed.aspx
Error code: 0x80070003, 0x0
How do I troubleshoot this? When I enter
https://<externalfqdn>/RDWeb/Feed/webfeed.aspx, I am prompted for a user name and password. When I enter the user name and password, a string of characters is returned. Is there a way to decode these characters? The only unusual
element of my install is that the <externalfqdn> is different than the windows FQDN. Both point to the same IP address. I'm not seeing any event log errors on the server. If I delete the existing RemoteApp connection, recreation of
the connection fails and no event is logged on the server OR the client.

@Raymond Thanks for your reply! I made the configuration changes you suggested and attempted to logged 3 different activities.
1. On a client, enter
https://<externalfqdn-removed>/RDWeb/Feed/webfeed.aspx into "Set up a new connection with RemoteApp and Desktop Connections" and click Next. I received the error message, "An error occurred. Contact your workplace administrator for assistance."
Nothing was logged in C:\inetpub\logs\LogFiles\W3SVC1\*.log or C:\Windows\Web\RDWeb\App_Data\RDWeb.log.
2. On a client, enter
https://<externalfqdn-removed>/RDWeb/Feed/webfeed.aspx into Internet Explorer 9. An encrypted security ticket is returned. Nothing was logged in C:\Windows\Web\RDWeb\App_Data\RDWeb.log. The following was logged in C:\inetpub\logs\LogFiles\W3SVC1\*.log.
2011-09-08 18:42:39 192.168.0.124 GET /RDWeb/FeedLogin/WebFeedlogin.aspx ReturnUrl=%2fRDWeb%2fFeed%2fwebfeed.aspx 443 - <clientip-removed> Mozilla/5.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+WOW64;+Trident/5.0) 401 2 5 94
2011-09-08 18:42:39 192.168.0.124 GET /RDWeb/Feed/webfeed.aspx - 443 - <clientip-removed> Mozilla/5.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+WOW64;+Trident/5.0) 302 0 0 288
2011-09-08 18:42:39 192.168.0.124 GET /RDWeb/FeedLogin/WebFeedlogin.aspx ReturnUrl=%2fRDWeb%2fFeed%2fwebfeed.aspx 443 <domain-removed>\<user-removed> <clientip-removed> Mozilla/5.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+WOW64;+Trident/5.0) 200 0 0 300
3. On a client, enter
https://<externalfqdn-removed>/RDWeb/ into Internet Explorer 9, login, and start an RemoteApp application. The following was logged in C:\inetpub\logs\LogFiles\W3SVC1\*.log.
2011-09-08 18:22:37 192.168.0.124 POST /RDWeb/Pages/en-US/login.aspx - 443 <domain-removed>\<user-removed> <clientip-removed> Mozilla/5.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+WOW64;+Trident/5.0) 302 0 0 343
2011-09-08 18:22:42 192.168.0.124 GET /RDWeb/Pages/en-US/default.aspx - 443 <domain-removed>\<user-removed> <clientip-removed> Mozilla/5.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+WOW64;+Trident/5.0) 200 0 0 5959
The following was logged in C:\Windows\Web\RDWeb\App_Data\RDWeb.log.
2011/09/08 13:22:36 [Verbose] SecurityDescriptorPtr is not NULL.
2011/09/08 13:22:36 [Verbose] Page Requested : login.aspx, Request Type : POST.
2011/09/08 13:22:36 [Info] ExtractInfoFromForm returning : True.
2011/09/08 13:22:36 [Info] CreateClientSideCookieInResponse - DomainUserName : <domain-removed>\<user-removed>.
2011/09/08 13:22:36 [Info] CreateClientSideCookieInResponse - WorkspaceId : <externalfqdn-removed>.
2011/09/08 13:22:36 [Info] CreateClientSideCookieInResponse - objHttpContext.Response.Cookies[strTSWAAuthClientSideCookie].Value : Name=<domain-removed>%5C<user-removed>&MachineType=private&WorkSpaceID=<externalfqdn-removed>.
2011/09/08 13:22:36 [Info] Info from Form or Auth Cookie extracted : True.
2011/09/08 13:22:36 [Info] User Name : <user-removed>, DomainName : <domain-removed>, Password : Non-NullOrEmpty, Private logon : True, LogonUser returned : True.
2011/09/08 13:22:36 [Info] objWindowsIdentity.Name : <domain-removed>\<user-removed>, objWindowsIdentity.User : S-1-5-21-515967899-1364589140-725345543-1146.
2011/09/08 13:22:36 [Info] objWindowsBuiltInRole : Administrator.
2011/09/08 13:22:36 [Info] CheckTSWAAdministratorAccess returned : True.
2011/09/08 13:22:36 [Info] SetupHttpContextUser returning : True.
2011/09/08 13:22:36 [Verbose] RDWebAccessConfigPath : C:\Windows\Web\RDWeb\App_Data\RDWebAccess.Config.
2011/09/08 13:22:36 [Verbose] WebFeed ServerType : rdserver.
2011/09/08 13:22:36 [Verbose] Workspace attribute 'ID' has '<externalfqdn-removed>' value.
2011/09/08 13:22:36 [Verbose] Workspace attribute 'Name' has 'HL Apps' value.
2011/09/08 13:22:36 [Verbose] Workspace ID : HL Apps
2011/09/08 13:22:36 [Verbose] Workspace Name : HL Apps
2011/09/08 13:22:36 [Verbose] RDWebAccessConfigPath : C:\Windows\Web\RDWeb\App_Data\RDWebAccess.Config.
2011/09/08 13:22:36 [Verbose] WebFeed ServerType : rdserver.
2011/09/08 13:22:36 [Verbose] WebFeed ServerType : rdserver.
2011/09/08 13:22:36 [Verbose] WebFeed ServerName : <internalserver-removed>.
2011/09/08 13:22:36 [Verbose] Thread 10 Calling constructor
2011/09/08 13:22:36 [Verbose] Thread 10 Total of 1 specified Terminal Servers.
2011/09/08 13:22:36 [Verbose] Thread 10 0. Terminal Server: <internalserver-removed>.
2011/09/08 13:22:36 [Verbose] RDWebAccessConfigPath : C:\Windows\Web\RDWeb\App_Data\RDWebAccess.Config.
2011/09/08 13:22:36 [Verbose] WebFeed ServerType : rdserver.
2011/09/08 13:22:36 [Verbose] Workspace attribute 'ID' has '<externalfqdn-removed>' value.
2011/09/08 13:22:36 [Verbose] Workspace attribute 'Name' has 'HL Apps' value.
2011/09/08 13:22:36 [Verbose] Workspace ID : HL Apps
2011/09/08 13:22:36 [Verbose] Workspace Name : HL Apps
2011/09/08 13:22:36 [Verbose] Thread 10 Setting up access check.
2011/09/08 13:22:36 [Verbose] Thread 10 Exiting constructor
2011/09/08 13:22:36 [Verbose] Got Rdp Certificate from cache
2011/09/08 13:22:36 [Verbose] GetRdpSigningCertificateHash returning : 84847B2B52291C737211302419B6697E45F400F9
2011/09/08 13:22:36 [Error] Windows Group : TS Web Access Administrators already exisits.
2011/09/08 13:22:36 [Error] Windows Builtin Role : Administrator already exisits.
2011/09/08 13:22:36 [Verbose] SecurityDescriptorPtr is not NULL.
2011/09/08 13:22:36 [Verbose] Page Requested : default.aspx, Request Type : GET.
2011/09/08 13:22:36 [Info] objFormsAuthenticationTicket.Name : DomainUserName=<domain-removed>\<user-removed>&TSWAAdministratorAccess=True.
2011/09/08 13:22:36 [Info] DomainUserName : <domain-removed>\<user-removed>.
2011/09/08 13:22:36 [Info] TswaAdministratorAccess : True.
2011/09/08 13:22:36 [Info] UserSid : S-1-5-21-515967899-1364589140-725345543-1146.
2011/09/08 13:22:36 [Info] ExtractInfoFromCookies returning : True.
2011/09/08 13:22:36 [Info] Info from Form or Auth Cookie extracted : True.
2011/09/08 13:22:36 [Info] SetupHttpContextUser returning : True.
2011/09/08 13:22:36 [Verbose] RDWebAccessConfigPath : C:\Windows\Web\RDWeb\App_Data\RDWebAccess.Config.
2011/09/08 13:22:36 [Verbose] WebFeed ServerType : rdserver.
2011/09/08 13:22:36 [Verbose] Workspace attribute 'ID' has '<externalfqdn-removed>' value.
2011/09/08 13:22:36 [Verbose] Workspace attribute 'Name' has 'HL Apps' value.
2011/09/08 13:22:36 [Verbose] Workspace ID : HL Apps
2011/09/08 13:22:36 [Verbose] Workspace Name : HL Apps
2011/09/08 13:22:36 [Verbose] RDWebAccessConfigPath : C:\Windows\Web\RDWeb\App_Data\RDWebAccess.Config.
2011/09/08 13:22:36 [Verbose] WebFeed ServerType : rdserver.
2011/09/08 13:22:36 [Verbose] objRDWebAccessConfig.IsRADCMServer : False.
2011/09/08 13:22:36 [Verbose] WebFeed ServerType : rdserver.
2011/09/08 13:22:36 [Verbose] WebFeed ServerName : <internalserver-removed>.
2011/09/08 13:22:36 [Verbose] objRDWebAccessConfig.webFeedServerName : <internalserver-removed>.
2011/09/08 13:22:36 [Verbose] UseCPUB : False.
2011/09/08 13:22:36 [Verbose] TSServerName : localhost.
2011/09/08 13:22:36 [Verbose] WebFeed ServerType : rdserver.
2011/09/08 13:22:36 [Verbose] WebFeed ServerType : rdserver.
2011/09/08 13:22:36 [Verbose] WebFeed ServerName : <internalserver-removed>.
2011/09/08 13:22:36 [Verbose] Sharepoint assembly not found:Could not load file or assembly 'Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c' or one of its dependencies. The system cannot find the file specified.
2011/09/08 13:22:36 [Verbose] ASP.NET location:/RDWeb/Pages
2011/09/08 13:22:36 [Verbose] Saving icon to:C:\Windows\Web\RDWeb\Pages\images\rapwait.gif
2011/09/08 13:22:36 [Verbose] Saving icon to:C:\Windows\Web\RDWeb\Pages\images\erroricon.png
2011/09/08 13:22:36 [Verbose] Saving xsl to:C:\Windows\Web\RDWeb\Pages\images\RapApplicationsPart.xsl
2011/09/08 13:22:36 [Verbose] UseCPUB : False.
2011/09/08 13:22:36 [Verbose] TSServerName : <internalserver-removed>.
2011/09/08 13:22:36 [Verbose] UserSid : S-1-5-21-515967899-1364589140-725345543-1146.
2011/09/08 13:22:36 [Verbose] Thread 10 Calling constructor
2011/09/08 13:22:36 [Verbose] Thread 10 Total of 1 specified Terminal Servers.
2011/09/08 13:22:36 [Verbose] Thread 10 0. Terminal Server: <internalserver-removed>.
2011/09/08 13:22:36 [Verbose] RDWebAccessConfigPath : C:\Windows\Web\RDWeb\App_Data\RDWebAccess.Config.
2011/09/08 13:22:36 [Verbose] WebFeed ServerType : rdserver.
2011/09/08 13:22:36 [Verbose] Workspace attribute 'ID' has '<externalfqdn-removed>' value.
2011/09/08 13:22:36 [Verbose] Workspace attribute 'Name' has 'HL Apps' value.
2011/09/08 13:22:36 [Verbose] Workspace ID : HL Apps
2011/09/08 13:22:36 [Verbose] Workspace Name : HL Apps
2011/09/08 13:22:36 [Verbose] Thread 10 Setting up access check.
2011/09/08 13:22:36 [Verbose] Thread 10 Exiting constructor
2011/09/08 13:22:36 [Verbose] Getting Fresh Gateway Info
2011/09/08 13:22:36 [Verbose] GatewayName:<externalfqdn-removed>
2011/09/08 13:22:36 [Verbose] GatewayUsage:1
2011/09/08 13:22:36 [Verbose] GatewayAuthMode:4
2011/09/08 13:22:36 [Verbose] GatewayUseCachedCreds:True
2011/09/08 13:22:36 [Verbose] Thread 10 Stopping Event Watchers...
2011/09/08 13:22:36 [Verbose] Setting up WMI Eventwatchers with the following identity: IIS APPPOOL\RDWebAccess
2011/09/08 13:22:36 [Verbose] Setting up WMI Eventwatchers SID: S-1-5-82-604604840-3341247844-1790606609-4006251754-2470522317
2011/09/08 13:22:36 [Verbose] Setting up WMI Eventwatchers Owner: S-1-5-82-604604840-3341247844-1790606609-4006251754-2470522317
2011/09/08 13:22:36 [Verbose] Setting up WMI Eventwatchers Token: 2384
2011/09/08 13:22:36 [Verbose] Thread 10 Attempting to setup watcher for: <internalserver-removed>
2011/09/08 13:22:36 [Verbose] Thread 10 Succeeded setting up event watcher for: <internalserver-removed>
2011/09/08 13:22:37 [Info] Received 39 apps from <internalserver-removed>
2011/09/08 13:22:37 [Info] Received 1 desktops from <internalserver-removed>

RemoteApp and Desktop Connection "Reconnect to RD WebAccess" errors

I have a Server 2008R2 with RDS setup on our network for 7 users. We have a seperate RDSH server holding the RemoteApp programs. The users all have Windows 7 x64 bit computers and they VPN into our internal network from home and once they are in, they can access
the RemoteApps via the webfeed. All applications show up correctly and display properly when clicking on them in the Start Menu and under RemoteApp and Desktop Connections menu. If I however go to my system tray and right click on the rdp icon and select the
"reconnect to remote desktop web access" I get 4 errors and it doesn't connect. Here are the errors I receive:
There was an error communicating with the endpoint at 'https://servername/RDWeb/Feed/RDWebservice.asmx' The server returned HTTP Status code 404 (0x194) with text 'Not found'. The requested resource was not found.
There was an error communicating with the endpoint at 'https://servername/RDWeb/Feed/RDWebService.asmx'.
There were connectivity issues with the web service. Report this error to your Administrator.
The webfeed address I setup on the 7 client computers is https://servername/RDWeb/Feed/webfeed.aspx.
Why is it not letting us reconnect that way but letting us connect if going through the start menu and/or opening the RemoteApp and Desktop Connections---> View Resources---> Double clicking on the .rdp file?
Any help would be greatly appreciated. Thanks.

The "Reconnect to Remote Desktop Web Access" requires a Windows Server 2012 RD Web Access server, it is not supported by Windows Server 2008 R2 RD Web Access. Unfortunately there is a known bug in our client where it still shows the option to reconnect
in the taskbar icon even if the server does not support it.
Hope that helps,
Travis Howe | RDS Blog: http://blogs.msdn.com/rds/default.aspx

Deploying RemoteApp and Desktop Connections certificate...

     Hello,
   I am currently trying to deploy a certificate for remoteapp and desktop connections and continue to receive a certificate error. We are running a 2012r2 developement RDS Farm. We have one Connection Broker, 2 session hosts, gateway,
web access etc...we have about 15 applications published and the user's can access them via web access, however, when we try and setup (RADC-RemoteApp and Desktop Connections) it errors out due to security issue with the certificate. If we manually install
the cert in the client's Trusted Root Certificate Authority for the local machine, it works flawlessly....however, we do not want to have to install this cert for 500 users +....we would rather deploy through GP.
    We have it narrowed down to the point of the certificate is not being deployed to all of the clients. We have attempted many GPO policy edits that we have found from other technet articles and other websites online...but I cant seem
to find any solid GPO instructions that seem to work for this environment to properly deploy the certificate to all of the clients.
These clients are running windows 7 and windows 8 & 8.1. All the clients that are running windows 7 have RDP 8.0....
Any help would be greatful....thanks in advance.     JCT

Hi,
You need to request the necessary certificates from your CA, export each certificate and its private key to a .pfx file, then use these files for the RDS in Server Manager -- RDS -- Overview -- Tasks -- Deployment Properties -- Certificates.
To do this you can use certlm.msc. For example, start on the broker, open certlm.msc, request a new cert using Computer template, before clicking enroll go into the details and edit the properties of the request so that the private key will be marked
as exportable, then enroll. Once it is done the certificate will be in the Personal store, right-click on it and export it as well as the private key to a .pfx file.
In Server Manager -- RDS -- Overview -- Tasks -- Edit Deployment Properties -- Certificates tab, select RDCB SSO, select existing certificate, choose the .pfx, etc., then click Apply. Select RDCB Publishing, select existing certificate, choose .pfx,
OK, click Apply.
At this point you should be finished with 2 out of the 4 RDS purposes. Log on to the RDWeb server, request the certificate and export it (and its private key) to .pfx file as described above, and copy the file over to the broker. Repeat
the process I described above to assign this certificate to the RDWeb and RDG purposes in deployment properties.
Now you should have all 4 purposes set and showing as trusted in deployment properties. The client PCs should not get any certificate errors since they should trust the certificates issued by your enterprise CA. Additionally the client PCs need
to be able to reach the path defined in CRL Distribution points and AIA on the certificates so that they can do revocation checking.
-TP

Thin PC - Remoteapp and Desktop Connections

Hi this is a copy of my post in the Windows 7 misc forum where it's getting no relevant replys.
Has anyone been able to get this working?
All I get is error 1000 which is that the thin pc can not find the rdgateway or app server.
I know that they are both working and accessible from this machine, I can drag an rdp to the desktop and it runs, I can go to the rdweb site and run applications from there.
I have a full windows 7 test bed and running the wcx config file poulates the remote app programs and I can go to the control panel and type in the url and that works.
I have turned off all the firewalls, the thin pc is configured for hyper-v management and just about everything else works.
As this is the pricnipal use of thin pc - a hyper-v client has anyone got any ideas ?

Hi Alan,
Steps taken.
ThinPC is a clean install, everything default except time and country set to UK. Hyper-v configured using the technet script for VDI. Local admin account enabled and joined to domain.
Log in as domain admin, go to control panel, remoteapp and desktop connections.
enter string for remote app feed -
https://natag.-*-.-*-.-*-/RDWeb/Feed/webfeed.aspx
Accept warning, screen changes to adding connection resources, screen changes to : An error has occured. Contact your workplace administrator for assistance.
Error in event log under remote app and desktop connections - Error 09/06/2011 09:44:31 RemoteApp and Desktop Connections 1000 Setup
Log Name:      Microsoft-Windows-RemoteApp and Desktop Connections/Admin
Source:        Microsoft-Windows-RemoteApp and Desktop Connections
Date:          09/06/2011 09:44:31
Event ID:      1000
Task Category: Setup
Level:         Error
Keywords:
User:          DOMAIN\ADMINACC**
Computer:      w7pool-thin.DOMAIN***
Description:
An error occurred. Contact your workplace administrator for assistance.
Connection name: Darnells Remote Access
Connection URL: https://natag.-----***/RDWeb/Feed/webfeed.aspx
Error code: 0x80070005, 0x0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
    <Provider Name="Microsoft-Windows-RemoteApp and Desktop Connections" Guid="{1B8B402D-78DC-46FB-BF71-46E64AEDF165}" />
    <EventID>1000</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>100</Task>
    <Opcode>0</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime="2011-06-09T08:44:31.311646500Z" />
    <EventRecordID>44</EventRecordID>
    <Correlation />
    <Execution ProcessID="2360" ThreadID="2852" />
    <Channel>Microsoft-Windows-RemoteApp and Desktop Connections/Admin</Channel>
    <Computer>w7pool-thin.DOMAIN****</Computer>
    <Security UserID="S-1-5-21-1454471165-602609370-725345543-1290" />
</System>
<UserData>
    <EventXML xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="Event_NS">
      <ConnectionName>Darnells Remote Access</ConnectionName>
      <ConnectionURL>https://natag.----*****/RDWeb/Feed/webfeed.aspx</ConnectionURL>
      <ErrorCode>2147942405</ErrorCode>
      <ErrorCodeAdditional>0</ErrorCodeAdditional>
    </EventXML>
</UserData>
</Event>
The RD Gateway is responding correctly as I can go to the RDWeb site log in and launch programs, I can copy a created rdp file for an application to the desktop and run that as well.
The webfeed.aspx is working correctly as I can run that on a Win7 full client in both hyper-v and a hardware one and they populate the apps as expected.
Regards,
Kane.

Error when launching .rdp file from RDWebAccess with RD Gateway "NtlmWebAuthException: 2" on Mac Version 8.0.8 (Build 25010)

When launching a .rdp file that has been download from an rdwebaccess session, the following error is generated "NtlmWebAuthException: 2". I have tested this on the Mac Microsoft Remote Desktop client version 8.0.8 (Build 25010).
The following is the use case:
Download the .RDP file for a published app "notepad.exe", on rdwebaccess (2012R2), accessed through the gateway (2012R2) VIA the connection broker (2012R2) on a RDSH server (2012R2). NLA is enabled everywhere.
This same setup works on Windows using the Remote Desktop Connection client.
I found that if you edit the .rdp file and add the following line (no quotes):
"username:s: "
Then the user is prompted for credentials. You may also set it to be "username:s:domain\username".
This issue here appears that the Mac client is either ignoring the "prompt for credentials on client:i:1" setting, or it is passing blank credentials... or both.
I appreciate all the work the MS team (and iTap) have done on this product... keep up the great work.
Example failing RDP file:
redirectclipboard:i:1
redirectprinters:i:1
redirectcomports:i:0
redirectsmartcards:i:1
devicestoredirect:s:*
drivestoredirect:s:*
redirectdrives:i:1
session bpp:i:32
prompt for credentials on client:i:1
span monitors:i:1
use multimon:i:1
remoteapplicationmode:i:1
server port:i:3389
allow font smoothing:i:1
promptcredentialonce:i:1
videoplaybackmode:i:1
audiocapturemode:i:1
gatewayusagemethod:i:1
gatewayprofileusagemethod:i:1
gatewaycredentialssource:i:0
full address:s:RDCB.COMPANY.COM
alternate shell:s:||Notepad
remoteapplicationprogram:s:||Notepad
gatewayhostname:s:rdgateway.COMPANY.com
remoteapplicationname:s:Notepad
remoteapplicationcmdline:s:
workspace id:s:RDCB.COMPANY.com
use redirection server name:i:1
loadbalanceinfo:s:tsv://MS Terminal Services Plugin.1.Notepad
alternate full address:s:RDCB.COMPANY.COM
signscope:s:Full Address,Alternate Full Address,Use Redirection Server Name,Server Port,GatewayHostname,GatewayUsageMethod,GatewayProfileUsageMethod,GatewayCredentialsSource,PromptCredentialOnce,Alternate Shell,RemoteApplicationProgram,RemoteApplicationMode,RemoteApplicationName,RemoteApplicationCmdLine,RedirectDrives,RedirectPrinters,RedirectCOMPorts,RedirectSmartCards,RedirectClipboard,DevicesToRedirect,DrivesToRedirect,LoadBalanceInfo
signature:s:ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB ABCXXX123xDummyDataHerex321XXXCAB

Hi,
I too have this problem but I am unsure of how you fo about adding the "username:s:domain\username"
into the file as it is downloaded via the RD Web Access page.
I know that I can edit the RDP file after the event and then send it to my users but I don't want the
hassle of doing this,
The weird thing is that ver 8.0.8 release notes say that there is a "Fix for the issues of starting remote connection from RDP files that included gateway information"
Anybody have any ideas?
Thanks,
Jaggie

Any updates on Mac client RDP file issue

I've seen various posts along with mine, but haven't found any response from Microsoft regarding an update to this.
Is there a status on fixing the bug that prevents using an rdp file, at least when using a Gateway? Or at least a confirmation from Microsoft?
To restate, if I manually configure a connection, I can connect to it fine. If I export that from the client to an rdp file, I cannot connect via that rdp file. This affects Mountain Lion (10.8.5) and Mavericks at a minimum.

Hi,
The Remote Desktop Client 8.0.3 for Mac has been released, please install it and see how it works.
8.0.3
https://itunes.apple.com/us/app/microsoft-remote-desktop/id715768417
This is the update note which we show the users in the app store:
•Choose between custom or OS X native full screen mode
•Crash on quit, fixed
•A number of bug fixes
Thanks.
Jeremy Wu
TechNet Community Support

Cannot double click RDP files in Mac RDP 8

When I double click an RDP file to launch a connection that has to connect through a RDS Gateway the connection fails.
If I import the same RDP file the I am able to connect through the RDP client, double clicking to connect however does not work.

Hi,
What error message do you receive when you double click the .rdp file?
I suspect that there is something missing when we launch .rdp file directly. We can check the log files for details.
Microsoft Remote Desktop -> About Microsoft Remote Desktop -> Send log via email
In addition, in the help document, we can only see import remote desktops.
Thanks.
Jeremy Wu
TechNet Community Support

TS Workspace/RemoteApp and Desktop Connections not updating after update(KB2830477 and KB2857650)

Hi,
we are using the "RemoteApp and Desktop Connections" to Access our RDP-Infrastructure with Windows 7 Clients. We have a Windows Server 2012 with RD Web Access Role installed and i changed the authentication Settings on the RDWeb page to use Windows
Authentication so that we don't get any extra Password prompt.
Prior Update KB2830477 and KB2857650 the feed was downloaded/updated via
https://rdweb.domain.com/rdweb/feed/webfeed.aspx without any Problem. If i check the Wireshark logs i see two http get requests without credentials (401 Unauthorized) and the third with a valid Kerberos Ticket which passes through. The tsworkspace.dll
Version is 6.1.7601.17514 and the update Command is "%SYSTEMROOT%\System32\RUNDLL32 tsworkspace,TaskUpdateWorkspaces"
After i installed the updates mentioned above tsworkspace.dll has Version 6.1.7601.18270 and the automatic update doesn't work anymore. If i try a Manual update via the gui i get two 401 Unauthorized in Wireshark and after that a Password prompt.
If i type in my credentials it is working fine, but the automatic one doesn't ask for credentials.
Is there any way i can fix this?
Thanks in advance
A.Bauer

Hi All
There is another feed regarding this which seems to have more momento,,
http://social.technet.microsoft.com/Forums/windowsserver/en-US/412bf0e3-885e-4b3c-bf28-8a9715a98a50/remoteapp-and-desktop-connections-error-0x800401f0-when-updating-remoteapp-connections-from-rds?forum=winserverTS

RD Client and RDWeb 2012 - RDP file is not valid when run from chrome browser on Android

After signing into the RDWeb using Android Chrome, I see the published remoteapp. If I click to
run remoteapp, it tries to open the RDP file with the installed RD Client but I got this error "Import Error - The RDP file is not valid. Notify your network administrator."
I have google about this error. One of the forum suggest to use RD client remote resources tab to access the apps but in our environment our user want to use their
own web browser to access the apps. Is there any way we can solve this issue?.

Hi,
I’m afraid that we have to configure Remote Resource.
Thanks for your understanding.
Jeremy Wu
TechNet Community Support

RDS 2012 - Embed username/password in RDP file

Hi all,
I have tested editing an RDP file internally and embedding a username/password(hashed) in it so that it automatically logs on.
This works fine from a PC on the network.
I've tried to do the same from a PC connecting in through an RDS Gateway but it prompts for a password when launching the RDP file. Is it possible to embed the username/password(hashed) when connecting via a gateway?
Thanks,
Paul.

Hi Paul,
No, the credentials in the rdp file cannot be used for RD Gateway.
-TP

RemoteApp rdp file connection restriction

Similar Messages

Maybe you are looking for