terminal services connection manager

Convert the RD Connection Broker In Server Manager click Remote Desktop Services and scroll down to the overview. some time has used Terminal Services and Terminal Services Manager at The command to invoke the terminal services connection is by. Terminal Server session management tasks were, in the opinion of many, very poorly integrated into the Remote Desktop Services Manager.

Thematic video

Securely Access Windows Instances Using RDP and AWS Systems Manager Session Manager

Remote Desktop Services

Components of Microsoft Windows

Remote Desktop Services (RDS), known as Terminal Services in Windows Server 2008 and earlier,[1] is one of the components of Microsoft Windows that allow a user to take control of a remote computer or virtual machine over a network connection. RDS is Microsoft's implementation of thin client architecture, where Windows software, and the entire desktop of the computer running RDS, are made accessible to any remote client machine that supports Remote Desktop Protocol (RDP). User interfaces are displayed from the server onto the client system and input from the client system is transmitted to the server - where software execution takes place.[2] This is in contrast to application streaming systems, like Microsoft App-V, in which computer programs are streamed to the client on-demand and executed on the client machine.

RemoteFX was added to RDS as part of Windows Server 2008 R2 Service Pack 1.

Overview[edit]

RDS was first released as Terminal Server in Windows NT 4.0 Terminal Server Edition, a stand-alone edition of Windows NT 4.0 which included Service Pack 3 and fixes. Starting with Windows 2000, it was integrated under the name of Terminal Services as an optional component in the server editions of the Windows NT family of operating systems,[3] receiving updates and improvements with each version of Windows.[4] Terminal Services were then renamed to Remote Desktop Services with Windows Server 2008 R2[5] in 2009.

Windows includes three client components that use RDS:

  1. Windows Remote Assistance - Windows 10 only
  2. Remote Desktop Connection (RDC)
  3. Fast user switching

The first two are individual utilities that allow a user to take control of a remote computer over the network. In case of Remote Assistance, the remote user needs to receive an invitation and the control is cooperative. In case of RDC, however, the remote user opens a new session on the remote computer and has every power granted by its user account's rights and restrictions.[2][6][7] Fast User Switching allows users to switch between user accounts on the local computer without quitting software and logging out. Fast User Switching is part of Winlogon and uses RDS to accomplish its switching feature.[8][9] Third-party developers have also created client software for RDS. For example, rdesktop supports Unix platforms.

Although RDS is shipped with most editions of all versions of Windows NT since Windows 2000,[3] its functionality differs in each version. Windows XP Home Edition does not accept any RDC connections at all, reserving RDS for Fast User Switching and Remote Assistance only. Other client versions of Windows only allow a maximum of one remote user to connect to the system at the cost of the user who has logged onto the console being disconnected. Windows Server allows two users to connect at the same time. This licensing scheme, called "Remote Desktop for Administration", facilitates administration of unattended or headless computers. Only by acquiring additional licenses (in addition to that of Windows) can a computer running Windows Server service multiple remote users at one time and achieve virtual desktop infrastructure.[5][8]

For an organization, RDS allows the IT department to install applications on a central server instead of multiple computers.[10] Remote users can log on and use those applications over the network. Such centralization can make maintenance and troubleshooting easier. RDS and Windows authentication systems prevent unauthorized users from accessing apps or data.

Microsoft has a long-standing agreement with Citrix to facilitate sharing of technologies and patentlicensing between Microsoft Terminal Services and Citrix XenApp (formerly Citrix MetaFrame and Citrix Presentation Server). In this arrangement, Citrix has access to key source code for the Windows platform, enabling its developers to improve the security and performance of the Terminal Services platform. In late December 2004 the two companies announced a five-year renewal of this arrangement to cover Windows Vista.[11]

Server components[edit]

The key server component of RDS is Terminal Server (), which listens on TCP port 3389. When a Remote Desktop Protocol (RDP) client connects to this port, it is tagged with a unique SessionID and associated with a freshly spawned console session (Session 0, keyboard, mouse and character mode UI only). The login subsystem (winlogon.exe) and the GDI graphics subsystem is then initiated, which handles the job of authenticating the user and presenting the GUI. These executables are loaded in a new session, rather than the console session. When creating the new session, the graphics and keyboard/mouse device drivers are replaced with RDP-specific drivers: and. The is the device driver and it captures the UI rendering calls into a format that is transmittable over RDP. acts as keyboard and mouse driver; it receives keyboard and mouse input over the TCP connection and presents them as keyboard or mouse inputs. It also allows creation of virtual channels, which winzip 22 activation - Crack Key For U other devices, such as disc, audio, printers, and COM ports to be redirected, i.e., the channels act as replacement for these devices. The channels connect to the client over the TCP connection; as the channels are accessed for data, the client is informed of the request, which is then transferred over the TCP connection to the application. This entire procedure is done by the terminal server and the client, with the RDP mediating the correct transfer, and is entirely transparent to the applications.[12] RDP communications are encrypted using 128-bit RC4 encryption. Windows Server 2003 onwards, it can use a FIPS 140 compliant encryption schemes.[2]

Once a client initiates a connection and is informed of a successful invocation of the terminal services stack at the server, it loads up the device as well as the keyboard/mouse drivers. The UI data received over RDP is decoded and rendered as UI, whereas the keyboard and mouse inputs to the Window hosting the UI is intercepted by the drivers, and transmitted over RDP to the server. It also creates the other virtual channels and sets up the redirection. RDP communication can be encrypted; using either low, medium or high encryption. With low encryption, user input (outgoing data) is encrypted using a weak (40-bit RC4) cipher. With medium encryption, UI packets (incoming data) are encrypted using this weak cipher as well. The setting "High encryption (Non-export)" uses 128-bit RC4 encryption and "High encryption (Export)" uses 40-bit RC4 encryption.[13]

Terminal Server[edit]

Terminal Server is the server component of Terminal services. It handles the job of authenticating clients, as well as making the applications available remotely. It is also entrusted with the job of restricting the clients according to the level of access they have. The Terminal Server respects the configured software restriction policies, so as to restrict the availability of certain software to only a certain group of users. The remote session information is stored in specialized directories, called Session Directory which is stored at the server. Session directories are used to store state information about a session, and can be used to resume interrupted sessions. The terminal server also has to manage these directories. Terminal Servers can be used in a cluster as well.[2]

In Windows Server 2008, terminal services connection manager has been significantly overhauled. While logging in, if the user logged on to the local system using a Windows Server Domain account, the credentials from the same sign-on can be used to authenticate the remote session. However, this requires Windows Server 2008 to be the terminal server OS, while the client OS is limited to Windows Server 2008, Windows Vista and Windows 7. In addition, the terminal server may be configured to allow connection to individual programs, rather than the entire desktop, by means of a feature named RemoteApp. Terminal Services Web Access (TS Web Access) makes a RemoteApp session invocable from the web browser. It includes the TS Web Access Web Part control which maintains the list of RemoteApps deployed on the server and keeps the list up to date. Terminal Server can also integrate with Windows System Resource Manager to throttle resource usage of remote applications.[4]

Terminal Server is managed by the Terminal Server ManagerMicrosoft Management Console snap-in. It can be used to configure the sign in requirements, as well as to enforce a single instance of remote session. It can also be configured by using Group Policy or Windows Management Instrumentation. It is, however, not available in client versions of Windows OS, where the server is pre-configured to allow only one session and enforce the rights of the user account on the remote session, without any customization.[2]

Remote Desktop Gateway[edit]

The Remote Desktop Gateway service component, also known as RD Gateway, can tunnel the RDP session using a HTTPS channel.[14] This increases the security of RDS by encapsulating the session with Transport Layer Security (TLS).[15] This also allows the option to use Internet Explorer as the RDP client. The official MS RDP client for macOS supports RD Gateway as of version 8. This is also available for iOS and Android.

This feature was introduced in the Windows Server 2008 and Windows Home Server products.

In October 2021, Thincast, the main contributor of the FreeRDP project, has published[16] the first Remote Desktop Gateway solution running natively on Linux.

Remote Desktop HTML5 Web Client[edit]

In late 2018 Microsoft released the Remote Desktop HTML5 Web Client. The client allows users to connect to their remote apps or to their remote desktops without using an installed remote desktop client.[17][18] The web client uses the TLS secured port 443 and does not use the RD Gateway to transport traffic, instead relying solely on the remote desktop session host aspect of remote desktop services.[19][20]

Roles[edit]

Remote Desktop Gateway
Enables authorized users to connect to virtual desktops, Remote-App programs, and session-based desktops over a private network or the Internet.
Remote Desktop Connection Broker Role
Allows users to reconnect to their existing virtual desktop, RemoteApp programs, and session-based desktops. It enables even load distribution across RD Session Host servers in a session collection or across pooled virtual desktops in a pooled virtual desktop collection, and provides access to virtual desktops in a virtual desktop collection.
Remote Desktop Session Host
Enables a server to host RemoteApp programs as session-based desktops. Users can connect to RD Session Host servers in a session collection to run programs, save files, and use resources on those servers. Users can access Remote Desktop Session Host server by using the Remote Desktop Connection client or by using RemoteApp programs.
Remote Desktop Virtualization Host
Enables users to connect to virtual desktops by using RemoteApp and Desktop Connection.
Remote Desktop Web Access
Enables users to access RemoteApp and Desktop Connection through the Start Menu or through a web browser. RemoteApp and Desktop Connection provides users with a customized view of RemoteApp programs, session-based desktops, and virtual desktops.
Remote Desktop Licensing
Enables a server to manage RDS client access licenses (RDS CALs) that are required for each device or user to connect to a Remote Desktop Session Host server. RDS CALs are managed using the Remote Desktop Licensing Manager application.[21]

RemoteApp[edit]

RemoteApp (or TS RemoteApp) is a special mode of RDS, available in Windows Server 2008 R2 and later, where remote session configuration is integrated into the client operating system. The RDP 6.1 client ships with Windows XP SP3, KB952155 for Windows XP SP2 users,[22] Windows Vista SP1 and Windows Server 2008. The UI for the RemoteApp is rendered in a window over the local desktop, and is managed like any other window for local applications. The end result of this is that remote applications behave largely like local applications. The task of establishing the remote session, as well as redirecting local resources to the remote application, is transparent to the end user.[23] Multiple applications can be started in a single RemoteApp session, each with their own windows.[24]

A RemoteApp can be packaged either as a file or distributed via an Windows Installer package. When packaged as an file (which contains the address of the RemoteApp server, authentication schemes to be used, and other settings), a RemoteApp can be launched by double clicking the file. It will invoke the Remote Desktop Connection client, which will connect to the server and render the UI. The RemoteApp can also be packaged in a Windows Installer database, installing which can register the RemoteApp in the Start menu as well as create shortcuts to launch it. A RemoteApp can also be registered as handler for file types or URIs. Opening a file registered with RemoteApp will first invoke Remote Desktop Connection, which will connect to the terminal server and then open the file. Any application which can be accessed over Remote Desktop can be served as a RemoteApp.[23]

Windows 7 includes built-in support for RemoteApp publishing, but it has to be enabled manually in registry, since there is no RemoteApp management console in client versions of Microsoft Windows.[25]

Windows Desktop Sharing[edit]

In Windows Vista onwards, Terminal Services also includes a multi-party desktop sharing capability known as Windows Desktop Sharing. Unlike Terminal Services, which creates a new user session for every RDP connection, Windows Desktop Sharing can host the remote session in the context of the currently logged in user without creating a new session, and make the Desktop, or a subset of it, available over RDP.[26] Windows Desktop Sharing can be used to share the entire desktop, a specific region, or a particular application.[27] Windows Desktop Sharing can also be used to share multi-monitor desktops. When sharing applications individually (rather than the entire desktop), the windows are managed (whether they are minimized or maximized) independently at the server and the client side.[27]

The functionality is only provided via a public API, which can be used by any application to provide screen sharing functionality. Windows Desktop Sharing API exposes two objects: for the sharing session and for the viewer. Multiple viewer objects can be instantiated for one Session object. A viewer can either be a passive viewer, who is just able to watch the application like a screencast, or an interactive viewer, who is able to interact in real time with the remote application.[26] The object contains all the shared applications, represented as objects, each with objects representing their on-screen windows. Per-application filters capture the application Windows and package them as objects.[28] A viewer must authenticate itself before it can connect to a sharing session. This is done by generating an using the. It contains an authentication ticket and password. The object is serialized and sent to the viewers, who need to present the when connecting.[26][28]

Windows Desktop Sharing API is used by Windows Meeting Space and Windows Remote Assistance for providing application sharing functionality among network peers.[27]

Client software[edit]

Remote Desktop Connection[edit]

Remote Desktop Connection client on macOS

Remote Desktop Connection (RDC, also called Remote Desktop, formerly Microsoft Terminal Services Client, mstsc or tsclient)[29][30] is the client application for RDS. It allows a user to remotely log into a networked computer running the terminal services server. RDC presents the desktop interface (or application GUI) of the remote system, as if it were accessed locally.[2] In addition to regular username/password for authorizing for the remote session, RDC also supports using smart cards for authorization.[2] With RDC 6.0, the resolution of a remote session can be set independently of the settings at the remote computer.

With version 6.0, if the Desktop Experience component is plugged into the remote server, remote application user interface elements (e.g., application windows borders, Maximize, Minimize, and Close buttons etc.) will take on the same appearance of local applications. In this scenario, the remote applications will use the Aero theme if the user connects to the server from a Windows Vista machine running Aero.[4] Later versions of the protocol also support rendering the UI in full 32-bit color, as well as resource redirection for printers, COM ports, disk drives, mice and keyboards. With resource redirection, remote applications can use the resources of the local computer. Audio is also redirected, so that any sounds generated by a remote application are played back at the client system.[2][4] Moreover, a remote session can also span multiple monitors at the client system, independent of the multi-monitor settings at the server. RDC can also be used to connect to Windows Media Center (WMC) remote sessions; however, since WMC does not stream video using RDP, only the applications can be viewed this way, not any media.

RDC prioritizes UI data as well as keyboard and mouse inputs, as opposed to print jobs or file transfers. so as to make the applications more responsive. It redirects plug and play devices such as cameras, portable music players, and scanners, so that input from these devices can be used by the remote applications as well.[4] RDC can also be used to connect to computers which are exposed via Windows Home Server RDP Gateway over the Internet.[31] Finally, few shortcuts that will be handy

  • To achieve ++ effect on remote desktop, you can use the ++ key combination.
  • To alternate between the full screen and window mode of remote desktop, you can use ++ ( +++ on certain HP laptops).

Other clients[edit]

Microsoft produces an official client for a variety of non Windows platforms:

  • MacOS: Microsoft Remote Desktop for Mac
  • Android: Microsoft Remote Desktop
  • iOS and iPadOS: Microsoft Remote Desktop

There have been numerous non-Microsoft implementations of clients that implement subsets of the Microsoft functionality for a range of platforms. The most common are:

  • FreeRDP - Open Source under Apache license
  • rdesktop for Linux/Unix and Microsoft Windows
  • Remmina for Linux (based on FreeRDP)
  • CoRD for macOS (Discontinued in April 2020)
  • Thincast Client for Linux, macOS and Windows

See also[edit]

References[edit]

  1. ^"Windows Remote Desktop Services spotlight". Retrieved 2010-11-18.
  2. ^ abcdefgh"Technical Overview of Terminal Services in Windows Server 2003". Archived from the original on 2003-01-26. Retrieved 2007-07-23.
  3. ^ ab"Remote Desktop Connection". PC World. IDG. 17 August 2011.
  4. ^ abcde"Whats new in Terminal Services in Windows Server 2008". Retrieved 2007-07-23.
  5. ^ abRussel, Charlie; Zacker, Craig (2009). "4: Remote Desktop Services and VDI: Centralizing Desktop and Application Management"(PDF). Introducing Windows Server 2008 R2. Redmond, WA: Microsoft Press. Retrieved 11 January 2014.
  6. ^"How to change the listening port for Remote Desktop". Retrieved 2010-11-18.
  7. ^"Frequently Asked Questions about Remote Desktop". Retrieved 2007-07-23.
  8. ^ abRussinovich, Mark; Solomon, David A.; Ionescu, Alex (2012). Windows Internals (6th ed.). Redmond, WA: Microsoft Press. pp. 20–21. ISBN .
  9. ^"Architecture of Fast User Switching". Support. Microsoft. 15 January 2006. Retrieved 11 January 2014.
  10. ^"Remote Services". Log me in 123.
  11. ^"Citrix and Microsoft Sign Technology Collaboration and Licensing Agreement". Citrix. 2004-12-21. Archived from the original on 2011-07-05. Retrieved 2012-04-13.
  12. ^"How Terminal Services Works". Microsoft. 2003-03-28. Retrieved 2007-07-23.
  13. ^"Connection Configuration in Terminal Server". Support (5.0 ed.). Microsoft. 22 June 2014.
  14. ^"Terminal Services Gateway (TS Gateway)". Microsoft TechNet. Retrieved 2009-09-10.
  15. ^"Remote Desktop Protocol". Microsoft Developer Network (MSDN). Retrieved 2009-09-10.
  16. ^"RD Gateway Terminal services connection manager. Thincast. Retrieved 2021-10-17.
  17. ^Waggoner, Rob. "Microsoft Has Released the HTML5-Based RDP Web Client". blog.mycloudit.com. Retrieved 2020-05-10.
  18. ^"Remote Desktop HTML5 client on Windows Server 2019". msfreaks. 2018-10-06. Retrieved 2020-05-10.
  19. ^"RD Web Client (HTML5) – New Features In 1.0.11". www.rdsgurus.com. Retrieved 2020-05-10.
  20. ^Berson, Freek (2018-01-12). "The Microsoft Platform: HTML5 client terminal services connection manager Microsoft Remote Desktop Services 2016: Remote Desktop Web Client". The Microsoft Platform. Retrieved 2020-05-10.
  21. ^TechNet: Remote Desktop Licensing
  22. ^"Description of the Remote Desktop Connection 6.1 client update for Terminal Terminal services connection manager in Windows XP Service Pack 2". Retrieved 2010-11-18.
  23. ^ ab"Terminal Services RemoteApp (TS RemoteApp)". Retrieved 2007-07-23.
  24. ^"Terminal Services RemoteApp Session Termination Logic". Retrieved 2007-10-02.
  25. ^"How to enable RemoteApp (via RDP 7.0) within VirtualBox or VMWare running Windows 7, Vista SP1+ or Windows XP SP3". Retrieved 2010-11-18.
  26. ^ abc"Windows Desktop Sharing". Retrieved 2007-10-11.
  27. ^ abc"Windows Desktop Sharing API". Retrieved 2007-10-11.
  28. ^ ab"About Windows Desktop Sharing". Retrieved 2007-10-11.
  29. ^"Why doesn't the New Folder command work in the root of a redirected drive resource in a Remote Desktop session?". The Old New Thing. Microsoft. 17 December 2013. Retrieved 18 December 2013.
  30. ^Savill, John (1 October 2008). The Complete Guide to Windows Server 2008. Pearson Education. p. 1752. ISBN . Retrieved 1 June 2012.
  31. ^"Remote Desktop Connection". Remote Support.

External links[edit]

Источник: https://en.wikipedia.org/wiki/Remote_Desktop_Services

How to Enable & Disable Remote Desktop Protocol (RDP) on Windows Cloud Servers

RDP (Remote Desktop Protocol) is the protocol that allows a user to connect to a Windows Server through a graphical interface over any network.

rdpdiagram

This guide will describe the steps to enable and disable Remote Desktop service in the Windows server through the graphical interface as well as Windows Powershell.

Enable RDP through graphical interface

  1. Click on button and then on .

    windowsrdp1

  2. In the window, click on in the left side panel and wait for few minutes for the server status to get refreshed. The option will be shown as in Windows 2019 version.

    windowsrdp2

  3. Click on the option and this will open up the tab in the window.

    windowsrdp3

    NOTE: The window can also be accessed from option by clicking on and then on in the left panel or from the Windows command prompt by executing the below command.

    windowsrdp4

    windowsrdp5

  4. From under section, select the option .

    The sub-option can be left enabled or disabled, depending upon the machines from which Remote Desktop connection is being established to the server. If the local machine is Linux-based, then this option needs to be disabled.

    windowsrdp6

  5. Once this option is selected, a warning message window will appear notifying the user that the required firewall rules will be enabled in the server for allowing Terminal services connection manager connections to the server from any source network. Click on to proceed.

    windowsrdp7

  6. Click on in the System Properties window to complete the process of enabling Remote Desktop in the server.

  7. The status of the Remote Desktop service can now be confirmed back from Server Manager, where it will show as Enabled once the Server Manager is refreshed.

    windowsrdp8

Enable RDP through Windows Powershell

  1. The registry value that enables/disables Remote Desktop can be modified using the cmdlet.

    windowsrdp9

  2. Once this is completed, the cmdlet can be used to set the Windows firewall to allow remote desktop connections.

    windowsrdp10

Testing allowed Remote Desktop connection service

Once Remote Desktop is enabled in the server, remote connections to the server can be tested using the app (Windows) or the command (Linux).

Windows:

  1. Click on option and search for and click on the application.

  2. Type in the IP address of the server that needs to be connected to remotely in the field and then click on .

    If the server has any custom RDP port, then the IP needs to be typed in the below format (replace 123.123.123.123 with the exact server IP address and 1234 with the custom port number).

    windowsrdp11

  3. Type in the username and associated password with which the server is to be accessed remotely in the window and then click on to connect to the server remotely.

    windowsrdp12

Linux:

In all Linux distributions, the most common command that can be used to connect to the remote desktop of a server is. Another command that can be used is .

  1. Type in the below command in the Linux command line to remotely connect to a server with the command (replace 123.123.123.123 with the exact IP address of the server).

  2. Once the command is entered, a remote desktop connection window will appear, in which the username and associated password are to be entered to access the server remotely.

    windowsrdp13

Disable RDP through graphical interface

  1. Access the server and Click on button and then on .

    windowsrdp1

  2. In the window, click on in the left side panel and wait for few minutes for the server status to get refreshed. Terminal services connection manager option will be shown as .

    windowsrdp14

  3. Click on the option and this will open up the tab in the window.

    windowsrdp19

    NOTE: The System Properties window can also be accessed from Control Panel option by clicking on System and then on Remote settings in the left panel or from Windows command prompt by executing the below command.

    windowsrdp4

    windowsrdp20

  4. From under section, select the option .

    windowsrdp15

  5. Click on to proceed.

  6. The status of the service can now be confirmed back fromwhere it will show as once the is refreshed.

    windowsrdp16

Disable RDP through Windows PowerShell

  1. The registry value that enables/disables Remote Desktop can be modified using the cmdlet.

    windowsrdp17

Testing restricted Remote Desktop connection service

Once Remote Desktop is disabled in the server, remote connections to the server can be tested using the app.

Windows:

  1. Click on option and search for and click on the application.

  2. Type in the IP address of the server that needs to be connected to remotely in the field and then click on .

    If the server has any custom RDP port, then the IP needs to be typed in the below format (replace 123.123.123.123 with the exact server IP address and 1234 with the custom port number).

    windowsrdp11

  3. The warning message will receive as shown below.

    windowsrdp17

Related LayerStack Product

Related Tutorials

Источник: https://www.layerstack.com/resources/tutorials/How-to-Enable-and-Disable-Remote-Desktop-Protocol-on-Windows-Cloud-Servers
Set-RDRemoteApp -IconPath "c:\windows\system32\shell32.dll" -IconIndex 46    

Creating Subfolders in the Application

Using the The RemoteDesktop PowerShell module we’re also able to add subfolders in RD Web Access and “move” specific Remote Apps to specific folders.

In order to do so we use the same command as above, Set-RDRemoteApp. For example, to create a subfolder called “My tools” and move the Remote App MSpaint to that folder you can use the following command:

Set-RDRemoteApp -CollectionName “Application 1” -Alias clustermvp -FolderName “My tools” -ConnectionBroker mvpdc01.mvp.local

 

Creating File Extensions

A common setting is configuring the file extensions for Remote Apps. Inside the ServerManager GUI, file extensions are configured as a property of a RemoteApp, therefore you would expect that setting a file extension using PowerShell should be done using the command Set-RDRemoteApp. Instead, we need to use a different command called Set-RDFileTypeAssociation.
For example if we want to add the file extension .pdf or .txt to a Remote App Acrobat Reader or Wordpad we can use the following command:

Set-RDFileTypeAssociation –CollectionName “Application 1” -AppAlias AcrobatReader -FileExtension .pdf -IsPublished $true –ConnectionBroker mvpdc01.mvp.local

  

More about using Powershell to manage RemoteApp programs.

Get-RDRemoteApp (http://technet.microsoft.com/en-us/library/jj215454.aspx) is used to list properties for RemoteApps.
Example:

Get-RDRemoteApp -alias “wordpad”

End Of Service Life (EOSL) Zebra no longer provide services or support for MC75A, MC9000, MC9060 CE, MC75, MC70, MC55, MC50, MC9190-G, MC65, MC9090 WM, MC9090 CE, MC9000 and 9060 WM, ES400, and MC45 products. This knowledge article is for your reference only and is no longer proactively updated.
For more details, refer to Discontinued Mobile Computers. If you are interested to upgrade your products, Contact Zebra.


There are three sections to the article:  

 

Devices/Client Issues 


Connection Issues 

The Date and Time is set incorrectly on the device

  • Set the date and time on the device.


The domain is not specified when connecting (Error 0xc000018b)


If you are using a Windows CE device,

  • Try this method: In the Advanced settings of the client, change the authentication setting to Connect, even if authentication fails.


If you are using a Windows CE 7 device,

 

If your server uses a SHA2 or 2048-bit certificate:

  • For Windows CE 5, Windows Mobile 5, 6: You will not be able to connect to your server with this device.
  • For Windows Mobile 6.1, 6.5, 6.5.3, and Windows Embedded Handheld (WEH) build less than 29299: You must update your OS to WEH build 29299 or higher. These are available on the product page for your device.
If you receive the error: Because of a security error, the client could not connect to the remote computer. Verify that you are logged on to the network, and then try connecting again.” See Server Issues below.

If you are having any other connection issues, capturing a network trace of the connection attempt may reveal additional terminal services connection manager within the RD protocol. Provide the trace to support for analysis.


Client Issues

Windows CE 5
  • The unit does not go to sleep with no activity while the RDP client is running - SPR 15909

Windows CE 6
  • GUI Errors (SPR 18709)
  • Redraw issue  (SPR 23637)
  • 14-character max in the username field (SPR 23637 or SPR 20465 or SPR 23317 or 26247)
  • RDP in CE6 doesn't show the reconnect message immediately after disconnection (SPR 21371)

Windows  CE7
  • WT41N0 Client not visible (Update to the latest OS or contact support regarding SPR 18709)
  • MC92N0 Client not visible (Update to the latest OS or contact support regarding SPR 18709)
  • Redraw issue (SPR 24637 or SPR 25142)

Windows Mobile 6.1
  • The client is missing (Update to the latest OS or SPR 16551)

​Windows Mobile 6.5
  • RDP displays grid on remote windows applications (SPR 23112)
  • White bar left when RDP client screen is opened - SPR25677
  • The client does not support TLS
  • The client does not support CredSSP
  • The client does not support Early User Authorization Result PDU


Server Issues

After each step, check to see if the error has changed or the issue has been resolved.

Windows Server 2008

For Server 2008 and below, the security settings, in general, may be too strict to allow the client on the device to connect. Hence, you will need to downgrade to enable it. 

  1. Navigate to Start > Administrative Tools > Remote Desktop Services > Remote Desktop Session Host Configuration.
  2. With RD Session Host Configuration selected view under Connections.
  3. Right-click RDP Listener with connection type Microsoft RDP x.y and select Properties.
  4. Under the general tab of properties dialog box under Security, select RDP Security Layer as the Security Layer.
  5. Click OK.


All Windows Versions

If you have recently configured Remote Desktop Licensing or receive the error: Because of a security error, the client could not connect to the remote computer. Verify that you are logged on to the network, and then try connecting again.
Follow these steps below:

  1. Go to RD Licensing Manager.
  2. Right-click on your Licensing Server name and select Properties.
  3. Change Connection Method to Web Browser.
  4. Go back to the Licensing Server and right-click on your server.  Select Advanced > Reactivate Server.
  5. Reactive server via the given Wizard and web browser.
  6. Delete the following registry keys. (They will be reset when you reboot). HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM
  • Certificate
  • X509 Certificate
  • X509 Certificate ID
  • X509 Certificate2​
  1. Perform a reboot. 
If you receive the An internal error has occurred error message from the remote desktop client, there are four ways to resolve this error:
  1. Disable Network Level Authentication (NLA):
    There are three ways to disable NLA:
  1. System Properties:
Windows Vista, 7, Server 2008, and Server 2008R2.
  1. Navigate to Control Panel. Ensure that the control panel is showing items by Category (i.e. not in Classic View). Click on System and Security and under System click on Allow remote access.
  2. Under the Remote Desktop group, select Allow connections from computers running any version of Remote Desktop (less secure).

Windows 8 and Windows Server 2012 and Server 2012R2

  1. Navigate to Control Panel. Ensure that the control panel is showing items by Category. Click System and Security and under System click Allow remote access.
  2. Under the Remote Desktop group, unflag the checkbox for Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended).

Windows 10 and Server 2016

  1. Navigate to Control Panel. Ensure that the control panel is showing items by Category (i.e. not in Classic View). Click System and Security and under System click Allow remote access.
  2. Under the Remote group, select Allow remote connections to this computer.
  1. System Properties With the RD Session Host Role
Server 2008 and Server 2008R2
  1. On the RD Session Host server, open Remote Desktop Session Host Configuration. To open Remote Desktop Session Host Configuration, click Start, select Administrative Tools, select Remote Desktop Services, and then click Remote Desktop Session Host Configuration.
  2. Under Connections, right-click the name of the connection, and then click Properties.
  3. On the General tab, unflag the Allow connections only from computers running Remote Desktop with Network Level Terminal services connection manager checkbox. (For maximum compatibility ensure that Terminal services connection manager Layer is set to Negotiate).
  4. If the Allow connections only from computers running Remote Desktop with Network Level Authentication checkbox is selected and is not enabled, the Require user authentication for remote connections by using Network Level Authentication Group Policy setting has been enabled and has been applied to the RD Session Host server.
  5. Click OK.
Windows Server 2012, 2012R2, and Server 2016
  1. For the RD Session Host server, open the Server Manager.
  2. Click on Remote Desktop Services, then under Collections click on the name of the session collection name that you want to modify. Click on Tasks and select Edit properties.
  3. Under the Security tab unflag the option Allow connections only from computers running Remote Desktop with Network Level Authentication. (For maximum compatibility ensure that Security Layer is set to Negotiate).
  4. If the Allow connections only from computers running Remote Desktop with Network Level Authentication checkbox is selected and is not enabled, the Require user authentication for remote connections by using Network Level Authentication Group Policy setting has been enabled and has been applied to the RD Session Host server.
  5.  Click OK.
  1. For Group Policy, contact your system administrator to set your group policy.
  1. Disable CredSSP on the server

    The following has been excerpted from this Microsoft article.
The Disable-WSManCredSSP cmdlet disables Credential Security Support Provider (CredSSP) authentication on a client or on a server computer. When CredSSP authentication is used, the user credentials are passed to a remote computer to be authenticated.

Use this cmdlet to disable CredSSP on the client by specifying the Client in the Role parameter. This cmdlet performs the following actions:
  1. Disables CredSSP on the client. This cmdlet sets the WS-Management setting \Client\Auth\CredSSP to false.
  2. Removes any WSMan/* setting from the Windows CredSSP policy AllowFreshCredentials on the client.
Use this cmdlet to disable CredSSP on the server by specifying Server in Role. This cmdlet performs the following action:
  1. Disables CredSSP on the server. This cmdlet sets the WS-Management setting \Service\Auth\CredSSP to false.
CAUTION CredSSP authentication delegates the user credentials from the local computer to a remote computer. This practice increases the security risk of the remote operation. If the remote computer is compromised, when credentials are passed to it, the credentials can be used to control the network session.
  • Example 1: Disable CredSSP on a client PowerShell PS C:\> Disable-WSManCredSSP -Role Client This command disables CredSSP on the client, which prevents delegation to servers.
  • Example 2: Disable CredSSP on a server PowerShell PS C:\> Disable-WSManCredSSP -Role Server This command disables CredSSP on the server, which prevents delegation from clients.
  • Required Parameter: Role Specifies whether to disable CredSSP as a client or as a server. The acceptable values for this parameter are Client and Server.
If you specify Client, this cmdlet performs the following actions:
  1. Disables CredSSP on the client. This cmdlet sets WS-Management setting \Client\Auth\CredSSP to false.
  2. Removes any WSMan/* setting from the Windows CredSSP policy AllowFreshCredentials on the client.
If terminal services connection manager specify Server, this cmdlet performs the following action:
  1. Disables CredSSP on the server. This cmdlet sets the WS-Management setting \Service\Auth\CredSSP to false.
Type:String
Position:1
Default value:None
Accept pipeline inputFalse
Accept wildcard characters:False
 
Inputs None: This cmdlet does not accept any input.
Outputs None: This cmdlet does not generate any output.
  1. You may need to set up or enable a domain for the server. Contact your system administrator for more information.
  2. You may need to set up or enable a remote desktop licensing server for the server you are connecting to. Contact your system administrator for more information.

Data Collection for Terminal services connection manager a Ticket
  1. Record any errors.
  2. Capture a screenshot or video of the connection attempt and any errors.
  3. Capture a netlog of the connection attempt.
Источник: https://supportcommunity.zebra.com/s/article/Remote-Desktop-Connection-Troubleshooting-and-Terminal-Services-Server-Common-Issues-and-Fixes

Unable to connect to Windows Server via RDP (Remote Desktop Protocol)

In order to solve this problem, follow these steps:

Note: This solution contains steps that tell you how to modify the server registry. However, if the registry is not properly modified serious problems might occur. Make sure you follow these steps carefully.

  1. Make sure that all Windows updates and service packs have been successfully applied to the server.
  2. Log into the server as an Administrator.
  3. Open the Remote Desktop Licensing Manager: Go to 'Start' > 'Administrative Tools' > 'Remote Desktop Services' > 'Remote Desktop Licensing Manager'.
  4. Select the Licensing Manager name where the CAL licenses have been installed and right click on it. From the pop-up menu, click on "Properties".
  5. Change the connection method to "Web Browser", and click on "Ok".
  6. Select again the Licensing sever, right click on its name and from the pop-up menu click on 'Advanced' > 'Reactivate Server'.
  7. This will start the "Reactivate Server Wizard", follow this wizard. Since the reactivation method has been changed to "Web Browser" this wizard will ask the use on an internet browser. It can be done on the same server, but also another server can be used. The information requested by Microsoft website is provided by the wizard except for some personal information like First name, Last name and Company name. Enter here the information used when the CAL licenses were installed. After finishing this wizard, the process will be completed.
  8. Now open the registry editor of the server: Go to 'Start' and type "regedit" in the "Search programs and files" text box.
  9. Go to the following registry subkey: 'HKEY_LOCAL_MACHINE' > 'SYSTEM' > 'CurrentControlSet' > 'Control' > 'Terminal Server' > 'RCM'.
  10. Delete the following values (they will be re-created when the server restarts) and close the regedit tool:
    • Certificate
    • X509 Certificate
    • X509 Certificate ID
    • X509 Certificate2
  11. Reboot terminal services connection manager server.

This method has been also tested on a Windows Server 2012 R2 with success. However, steps from 3 to 7 can be skipped.
On a Windows Server 2012 R2, make sure that the following settings on the Session Collection are also applied:

  • Security Layer: RDP Security Layer.
  • Encryption Level: Client Compatible.
  • Option "Allow connections only from computers running Remote Desktop with Network Level Authentication" should be un-checked.
Important notes:

This information has been extracted from a TechNet forum thread. Click here to go to this forum thread. In most cases, the problem has been resolved. This has been successfully tested in our internal test environment and also with production server from a customer. It is important to note that:

  • These servers were not part of a server forest.
  • These servers had the Remote Desktop Licensing Manager installed on the same server.
  • These servers did not have the Active Directory role installed.

This entry from Microsoft KB is also available. However, the "Phone" reactivation method didn't work as we were expecting. The concept is the same, however, this solution implies the reactivation of the licensing server after deletion of the keys.

Also this link shows the steps to follow in order to go around this issue on a Windows Server 2012 R2.

Источник: https://support.honeywellaidc.com/s/article/Unable-to-connect-to-Windows-Server-via-RDP-Remote-Desktop-Protocol

3 Replies to “Terminal services connection manager”

  1. Chase did the same shit to me, suppose I was going to send $350 dollars to my friend after he was going to refund my bank account with $11,000 like really he has spoken off. And my current balance account was $387.95 and after that it’s still there. Once I made it to Chase bank I thought he could unlock my account but it didn’t workout because after that that’s how it froze my account due to transaction fraud for sending money to someone and someone sends me money. We’re in the craziest time and the crazy world.

Leave a Reply

Your email address will not be published. Required fields are marked *