Remote Desktop Services logon issues

Hello,

I will preface this question by saying this is my first foray into Terminal Server/Remote Desktop Server configuration, so I may have done something obvious wrong that is causing my issues.

I am attempting to configure a Remote Desktop Serivces server for our remote offices to connect in to the network and run our accounting app.

Our network is configured as follows:

DC1 - Windows Server 2003 Standard, R2, SP2
DC2 - Server 2008 Enterprise, R2 (Virtual)
TS1 - Server 2008 Enterprise, R2 (Virtual)

The Remote Desktop Session Host and Remote Desktop Web Access roles are installed on TS1.  
The Remote Desktop Licensing role is installed on DC2.  The licensing server has been activated, and the RD User CALs have been applied.

I chose to not use Network Level Authentication, as my remote users have a mixture of XP Pro and Windows 7 workstations.

Here is where things get strange...

If I try to log on to the RD Web page (https://cspvmts/rdweb) from a workstation on the domain, using IE8, I am first prompted with a Windows Security logon.  However, I cannot log on with any domain accounts (user or administrator).  After 3 tries I am directed to a '401 not authorized' page.  However, I CAN log on to the RDWeb if I use the machine administrator account and password.  Once in, I can then log on to the RDS Default Connection and launch the accounting app from the RemoteApp tab.

If I try to log on to the RD Web page from a workstation on the domain using Mozilla Firefox v. 3.6.13, I CAN log in at the Windows Security logn with a domain user or admin account.  I can also log in to the RDS Default Connection login.  However, my RemoteApp tab is missing the launch icon for our accounting software.  I have verified using RemoteApp Manager on the RDH that the RemoteApp program is set to show in RD Web Access.

Creating the .rdp file works ok.  I haven't yet tried to create a Windows Installer Package.


Any thoughts would be appreciated....

Thanks!
LVL 1
meelnahAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Fingo11Commented:
Try this:  Open Internet Explorer and go to Tools and Internet Options.  On the Advanced tab click on the REST button on the bottom. You then need to close and reopen IE and try to visit your RemoteApp site again.  Also check and make sure that the Properties of your RemoteApp say that the App is visible in RD Web Access and that the User Assignment is set properly.(see pic)  Another thing to check is in the RemoteApp Manager console make sure there is a green nexto to all the sections especially the "Distributing with RD Web Access" section.

When this works it is great, but troubleshooting it can be a pain sometimes. RDS
Let us know if these things work or not.

Hope it helps!
meelnahAuthor Commented:
No go... reset IE and no change to the problem.  I looked at the RemoteApp properties, and they were set to 'All authenticated users'.  Just to try, I changed it to 'specified users' and inserted the remote users group here, but the issue with Mozilla didn't change, so I set it back to 'All authenticated users'.
Fingo11Commented:
Is TS1 a member of the TS Web Access Computers group?  Also check to see if the Remote Desktop Users group on TS1 is populated.(add Domain users as a starting point)

Just for fun check and see if the ActiveX control for RDS sessions is being used on the IE8 machines as well.  Strange issue.

Just for fun Restart IIS too.  Sounds almost like IIS isn't talking to active directory for IE8 users.

Exploring SharePoint 2016

Explore SharePoint 2016, the web-based, collaborative platform that integrates with Microsoft Office to provide intranets, secure document management, and collaboration so you can develop your online and offline capabilities.

meelnahAuthor Commented:
TS1 is a member of the Web Acess Computers group (local group that resides on the RDS Host, in this case TS1, correct?).

Our remote user group was added to the Remote Desktop Users Group on TS1.

I don't know how to check to see if the ActiveX control for RDS sessions is being used on the IE8 machines.

I tried restarting IIS and the RDS services, again with no change.

Your last thought about IIS not talking to AD got me to thinking though... there are a couple of weird things going on with IIS as well... one of them being a DCOM error that I am getting because IISWAMReg can't complete the local activation (the settings for this are greyed out for some reason)... the second is that if I log into the IIS admin site, I can't log on with a domain account at this point, either.  

I am wondering if something in IIS may be broken... I think I will try removing the IIS and RDS roles and reinstalling them... it may be the quicker solution, even if I can't find out exactly what the root cause is...
Fingo11Commented:
I think you might have found your solution.  Let us know...

For what it's worth I have configured quite a few RDS servers over the past 6 months and every one of them has had some sort of little nagging issue to work out.  Like you I have uninstalled and re-installed more times than I would have liked to admit.  Just be thankful you aren't working with RDSFarms and Session Brokering and Certificates.  That brings back bad memories just mentioning it.

Good Luck
meelnahAuthor Commented:
if you're still monitoring, here is where I am at now...

formatted, reloaded, and joined the RDS server to the domain with a different name, just in case I had some active directory issues causing me headaches.

Installed the remote desktop host and remote web role on my RDS Server (licensing server is on another box).  Installed the application on the RDS Host.

at this point, the RD works perfectly over the intranet.  I can connect to it internally and launch my application with no problems.  However...

Since I have the box set up on the internal network, I used the wizard in my SonicWALL NSA240 firewall to create a Terminal Services rule (configured a NAT policy to route any 3389 traffic to a specific external ip inside to the internal ip of my RDS host).  This setup didn't work because I used the RDWeb functionality, so I removed the 3389 services and directed based on port 443.  At this point I can connect to the RDWeb site from outside the network.

However (again), I can see my RemoteApps, but when I try to run them I get the message 'The remote computer could not be found.  Please contact your helpdesk about this error.'

Because the RDS Host sits inside the network, I don't think I should need to open the terminal services ports (I tried it just in case, but it didn't help).  

I don't have a Remote Desktop Gateway installed, but according to the documentation, and from other postings, it isn't necessary.  I did go into the RemoteApp Deployment Settings screen and change the RDGateway settings from from 'Automatically detect RD Gateway server settings' to 'Do not use an RD Gateway Server', but it didn't have any effect.

I am stumped here... any suggestions?
Fingo11Commented:
Sorry for the delay in replying. Been super busy at work.  This is going to sound strange but you will need to redirect port 443 AND 3389 again to that IP address for it to work.  I found out the hard way that this is the case.  What is happening on that web page when you click on your app icon is your local computer wherever it is starts up an RDP connection to the listed server.  See if that helps ad let me know...

Fingo11

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
meelnahAuthor Commented:
Hi Fingo,

well, when all was said and done, I was able to get it to function properly.  I had been leaving the RD Gateway Configuration to automatically detect gateway server.  When I manually specified my RD Host as the gateway, it took off...

However, from that point on, the enterprise portal (we run a Microsoft Dynamix AX ERP system, which uses IIS on this server to host it's portal website) has been broken.  The guy in charge of it thought it was a problem with RDS corrupting something within IIS7.0, so he uninstalled and reinstalled IIS.  This solved his problem, but broke my RDS Host.

NOW...  :)

I am attempting to uninstall RDS and reinstall it (i cannot get the default rdweb pages to even display, and I am not proficient enough with IIS to be able to troubleshoot why), but I receive the following error:

attempt to un-install remote desktop web access failed with error code 0x80070643.

This error is a generic windows installer error, with nothing else being logged in the event viewer.  I would really hate to break IIS and bring back the developer who is reponsible for the portal to reconfigure again...

any suggestions?


Scott
meelnahAuthor Commented:
Still having issues, but I think i am on the right track.  Thanks for your help.  I am going to close this question and submit another for the IIS problems I am having.

Thanks
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.