Remote Desktop Web – Session Timeouts (Altering)

KB ID 0001215 

Problem

Timeouts for the RDWeb portal are defined by the choice you made when you logged in, if you selected ‘private’ or ‘public’ on the PC options, this sets the timeout. The default is 240 mins for private, and 20 minutes for public connections.

Solution

To alter these values you need to make changes in the ‘Internet Information Services Management Console’ on the RDWeb server.

Navigate to {Server-name} > Sites > Default Web Site > RDWeb > Pages > Application Settings.

You need to alter;

PrivateModeSessionTimeoutIn… AND PublicModeSessionTimeoutIn…

Edit the values according to your requirements.

If you find that the changes don’t take effect immediately drop to command line and issue an ‘iisreset’ command.

Related Articles, References, Credits, or External Links

NA

Windows RDWeb – Remote Desktop Shortcut Missing

KB ID 0001208 

Problem 

As soon as you start publishing apps to your RDWeb server the ‘Remote Desktop’ icon disappears. Now there’s a good reason for this, it stops users having a desktop open, then opening apps on multiple different servers, and the whole thing turning into a resources nightmare. But what if you only have one RDS server? 

Solution

To get the shortcut back you need to change a registry key. Navigate to;

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\CentralPublishedResources\PublishedFarms\{collection-name}\RemoteDesktops\{collection-name}

Locate the ShowInPortal value and change it to 1.

At this point it’s worth noting that you might want to change the ‘name’ of the shortcut back to ‘Remote Desktop’.

You don’t need to restart anything, simply refresh the web page and the application will re-appear.

Remote Desktop Keeps Disappearing Again?

Each time there’s an update, or you publish some new applications it can revert back again. To stop this I simply create a Group Policy Preference, (make sure you have changed the key(s) before you do this).

Create or edit an existing policy that’s linked to the RDS server, and navigate to;

Computer Configuration > Preferences > Windows Settings > Registry > New > Registry Wizard > Another Computer

Navigate to the RDS server, you have set the registry keys on.

Select the ‘Name‘ and ‘ShowInPortal‘ Value > Make sure the policy is set to ‘update’.

Related Articles, References, Credits, or External Links

NA

Remote Desktop Web Access – Connection Error

KB ID 0001141 

Problem

Eleven days! That’s how long it took to fix this, after seven days, I bit the bullet and logged a call to Microsoft. I spent hours on the phone to the Remote Desktop Team, The Web Application Proxy Team, and the Networking Team. I replicated the error by building a complete new domain, PKI, ADFS, Remote Desktop Deployment and Web Application Proxy Server. Then today I got a call from the ‘Connectivity Team’ who had it fixed in about 45 minutes.

Symptoms:

I had the entire deployment built in VMware, and it was deployed behind a Cisco ASA 5510, (it was a proof of concept for a client). The Web Application Proxy was in a DMZ. All this was sat on my test bench, and I was remote VPN connected. To test, I was using a Windows 10 client that was running on my laptop, (in VMware Fusion). I had all the public DNS names in the remote clients ‘Hosts file’.

Your computer can’t connect to the remote computer because the Remote Desktop Gateway server’s certificate has expired or has been revoked. Contact your network administrator for assistance.

After trying to get a rid of this error Microsoft asked me to put another client in the DMZ, and try connecting though the Web Application Proxy from there. Then I got this error;

Your computer can’t connect to the remote computer because an error occurred on the remote computer that you want to connect to. Contact your network administrator for assistance.

Solution

I had the remote Desktop Web Access, and the Remote Desktop Gateway roles installed on the same server, (which is fine). You will notice if you look at the examples I posted above, that the URL for web access was https://remote.smoggyninja.com (1), and the Gateway is set to rdg.smoggyninja.com (2), both these resolved to the public IP address of the Web Application Proxy. Then on the Web Application proxy they resolved to the internal IP address (192.168.100.114 set in the servers hosts file).

This was the problem! Simply changing the advertised name of the Remote Desktop Gateway server from ‘rdg‘ to ”remote‘, fixed all the problems.

Launch Server Manager > Remote Desktop Services > Collections > {Collection-name} > Tasks > Edit Deployment Properties > RD Gateway > Change > Apply.

Related Articles, References, Credits, or External Links

Special thanks and kudos to Nathanaël Stassart who tested the whole concept for me, and stayed engaged in the Microsoft Forum.

Remote Desktop Services – RemoteApp Error ‘The remote computer could not be found. Please contact your helpdesk about this error’

KB ID 0000768

Problem

While attempting to launch a web app from a Windows Server 2012 Remote Desktop Services (Terminal) server. Clients were greeted with the following;

RemoteApp Disconnected The remote computer could not be found. Please contact your helpdesk about this error.

Solution

1. On the Server, Start > RD Gateway Manager > Locate your server > right click > properties > Server farm > Type in the FQDN of the server* (Your remote clients must be able to resolve this name!) > Add > Make sure it gets listed as ‘OK’ > Apply > OK.

*Note: This assumes you have one RDS server, if you have many then obviously enter the FQDN of the one fulfilling the RD Gateway role.

2. Start > Internet Information Services (IIS) Manager > Expand the server > Sites > Default Web Site > RDWeb > Pages > Application Settings.

3. Open DefaultTSGateway > Set its value to the FQDN of the RD Gateway server (as above) > OK.

4. Finally restart IIS with an iisreset command.

Related Articles, References, Credits, or External Links

NA

Install and Configure Remote Desktop Services (Web Access)

KB ID 0000104

Problem

Originally we had TS Web in 2003, and while I had a little play with it, it basically just gave you RDP over web, which would have been good if it ran over HTTP or HTTPS, but it didn’t. Also, as anyone who has ever done a complex Google search for “/tsweb” will testify, left a nice big security hole in to your servers.

With the release of Server 2008 we got TSWeb 2008, this was a whole different beast, and the web portal was very similar in operation to Citrix Web Presentation Server.

With Server 2008 R2, Terminal Services became Remote Desktop Services, so if you only have a couple of clients (i.e. don’t need an application farm etc,) then this might be just what you need, and buying licences for Remote Desktop Services is a LOT cheaper than buying the same licences plus Citrix licences that are about three times the price per seat.

I originally wrote this for TSWeb 2008, and updated it for Remote Desktop Services 2008 R2, I’ll leave the older information at the bottom for anyone who is still running 2008 R1.

Solution

Setup Remote Desktop Services Web Access on Server 2008 R2

1. In this example I’ve got a fresh server which is a domain member, and I’m going to put the Licensing server and the same box. From server manager (ServerManager.msc) >Roles > Add Roles > Next > Remote Desktop Services > Next > Next.

2. Everything is going on one server, you may want to split roles up in a larger production environment, but here we are adding Remote Desktop Session Host, Remote Desktop Licensing, Remote Desktop Gateway > Remote Desktop Web Access > Next > Next.

Note: When selecting role services, you will be prompted to “add required role services”, please do so.

3. I’m choosing the least secure method (choose this if you have older client running older versions of the RDP client) > Next > Either select a Licensing model (per user or per device, or select configure later) > Next.

Note: The licensing model chosen MUST match the CALS that will be in the licensing server. (If you are unsure configure it later, then you will have 120 days grace period to sort it out).

4. Add in which user groups to want to allow access to the host server > Next.

5. Decide which options you want to allow, to enrich your end user experience > Next > I dont need a scope as all my RD Servers will be 2008 R2, it you have TS servers as well you will need to configure a scope > Next.

6. If you already have a certificate you can select it here, I’m going to manually import the certificate into IIS at the end of the procedure > Select “Now” to configure the access policies > Next.

7. Add in which user groups you want to allow through the Remote Desktop Gateway > Next.

8. At the RD CAP screen, I’m just going to use passwords > Next > Then at the RD RAP screen, I’m going to allow connections TO ANY computer > Next > Next > let it install the Network Policy Server component > Next.

9. Install > Then go and have a coffee.

10. When completed, select yes to reboot which it will do (twice).

11. After you log back into Windows the installation will complete > Close

Import and Enable a Digital Certificate in IIS7

12. Start > Administrative tools > Internet Information Services Manager > Select the {server-name} > Server certificates > From here you can either create a certificate request, or complete a request, and import a certificate.

13. Here is my certificate with the “friendly name” WebServer.

14. To enable my certificate right click the “Default Web Site” (Assuming that’s where you have RDWeb installed) > Edit Bindings.

15. Select HTTPS > Edit > And select your SSL certificate > OK.

16. Restart the website (or run “iisreset /noforce” from command line).

17. Start > Administrative Tools > Remote Desktop Services > RemoteApp Manager.

18. Anything that needs configuring will have a yellow warning triangle, or a red cross over it. First you will see it’s complaining that there are no computers in the “TS Web Access Computer ” group.

19. That’s just a LOCAL group on the server itself, launch ServerManager >Configuration > Local Users and Groups > Groups > Locate the group.

20. Add in your groups as required > Apply >OK.

21. Back in the RemoteApp Manger > Check the RD Session Host Server >Settings (on the menu on the right) > Make sure the PUBLIC name (which will be the CN on your digital certificate) is displayed NOT the LOCAL FQDN of the server. You can also tick the option (shown with the arrow) to display the RDP shortcut to your users on the web portal. > Apply > OK.

22. To do the next step, you need to have the applications you want to give to your users, actually installed on the server. > Either right click at the bottom, or select “Add RemoteApp Programs”.

23. Follow the wizard, and select the programs as required.

24. Click refresh > Make sure there’s no more red/yellow warnings > Close RemoteApp Manager.

25. To test it, connect to your server on https://{servername}/RDWeb and log in.

26. You applications should be shown, give them a test, here I’ll launch Outlook.

27. I already have Outlook configured on the Remote Desktop Server so mine just opens (your users will need to setup Outlook, if they don’t have a profile on the RD server already).

Setup Terminal Services Web Access on Server 2008 R1

1. Start > Server Manager (or Start > run > CompMgmtLauncher.exe (Enter) > Add Roles..

2. Next.

3. Tick Terminal Services > Tick Web Server IIS.

4. As soon as you select IIS > In the Pop up Select “Add Required Features”.

5. Next.

6. Next.

7. Select Terminal Server > TS Licensing > TS Gateway > At The Popup Select “Add Required Roles Services”.

8. Select TS Web Access > At the Popup Select “Add Required Roles Services”.

9. Next.

10 Next.

11 I’m going to select “Do Not require Network Level Authentication” > Next.

12. Next.

13. Next.

14. .I’m selecting “Configure Later” for the licensing (Like previous versions you get 120 days grace to sort this out) > Next.

15. Allowing Access to TS > By default the “Remote Desktop Users” group on the TS server is allowed access you can add additional groups here > Next.

16. Connect externally to https://{public_IP} (Note this has to be in the browsers trusted site list) > Enter a username and password > Login.

17. Select the scope you require for TS Licensing > Next.

18. Later > Next.

20. Next.

21. Next.

22. Next.

23. Next.

24. Install.

25. The Roles will install.

26. Close.

27. Click Yes to reboot.

28. After reboot installation will continue.

29. Close.

Deploying Applications

1. Start > Server Manager (or Start > run > CompMgmtLauncher.exe (Enter)) > Expand > Roles > Terminal Services > TS Remote App Manager > Select “Add Remote App Programs” (Right hand window).

2. Next.

3. Select the application you require or browse to its Executable > Next. >

4. Finish.

Connecting from a client

1. On a Client PC open internet explorer > Navigate to http://{serverIP or name}/ts > Note: If you do not have ActiveX enabled and the latest RDP client you may see this error.

2. There’s your applications > simply select one.

3. Enter your login credentials.

4. Wait for the application to deploy.

5. And there you go 🙂

Related Articles, References, Credits, or External Links

Windows Server 2008 R2 Deploying Applications with RemoteApp /p>

Original Article Written 02/11/11