[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Remote Desktop not working from Remote Workplace

Posted on 2012-08-27
17
Medium Priority
?
1,473 Views
Last Modified: 2012-09-04
Having an issue with Remote Workplace on SBS 2011 Standard. The webpage loads fine and every other aspect works, except for the Remote Desktop functionality.

It doesn't work internally or externally and eventually times out.

The following is displayed in the event log:

Log Name:      Application
Source:        MSExchange OWA
Date:          27/08/2012 8:43:27 AM
Event ID:      54
Task Category: ADNotifications
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      <Server name>
Description:
The Active Directory system configuration session couldn't be retrieved.
Exception message:
"Web object 'IIS://<Server name>/W3SVC/1/ROOT' can't be found.".
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="MSExchange OWA" />
    <EventID Qualifiers="49152">54</EventID>
    <Level>2</Level>
    <Task>8</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2012-08-27T12:43:27.000000000Z" />
    <EventRecordID>265825</EventRecordID>
    <Channel>Application</Channel>
    <Computer><Server name></Computer>
    <Security />
  </System>
  <EventData>
    <Data>Web object 'IIS://<Server name>/W3SVC/1/ROOT' can't be found.</Data>
  </EventData>
</Event>


Remote Desktop does work for all the computers in the list if you use VPN or are working on the internal network, just not through Remote Workplace.
0
Comment
Question by:neolore
  • 9
  • 8
17 Comments
 
LVL 13

Expert Comment

by:Norm Dickinson
ID: 38336424
Make sure the port forwarding is set correctly on your router and that your Sharepoint configuration is working correctly as well. You may also have to involve your ISP or web developers to point the remote access URL to the correct IP.
0
 

Author Comment

by:neolore
ID: 38336492
This is the built in Remote Workplace site so its already pre-configured. DNS is working fine and can resolve the FQDN.
Port forwarding is still enabled from the Cisco.

Everything else works on the site except this one function. And it doesn't work internally either.
0
 

Author Comment

by:neolore
ID: 38336693
This log might also be relvant. DCOM errors from System

Log Name:      System
Source:        Microsoft-Windows-DistributedCOM
Date:          27/08/2012 10:14:22 AM
Event ID:      10016
Task Category: None
Level:         Error
Keywords:      Classic
User:          NETWORK SERVICE
Computer:      <Server Name>
Description:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{61738644-F196-11D0-9953-00C04FD919C1}
 and APPID
{61738644-F196-11D0-9953-00C04FD919C1}
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
    <EventID Qualifiers="49152">10016</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2012-08-27T14:14:22.000000000Z" />
    <EventRecordID>258627</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>System</Channel>
    <Computer><Server Name></Computer>
    <Security UserID="S-1-5-20" />
  </System>
  <EventData>
    <Data Name="param1">application-specific</Data>
    <Data Name="param2">Local</Data>
    <Data Name="param3">Activation</Data>
    <Data Name="param4">{61738644-F196-11D0-9953-00C04FD919C1}</Data>
    <Data Name="param5">{61738644-F196-11D0-9953-00C04FD919C1}</Data>
    <Data Name="param6">NT AUTHORITY</Data>
    <Data Name="param7">NETWORK SERVICE</Data>
    <Data Name="param8">S-1-5-20</Data>
    <Data Name="param9">LocalHost (Using LRPC)</Data>
  </EventData>
</Event>
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:neolore
ID: 38336890
This shows up in RemoteAccess.log


[17216] 120827.105655.2022: Storage: Exception System.UnauthorizedAccessException:

[17216] 120827.105655.2022: Exception:
---------------------------------------
An exception of type 'Type: System.UnauthorizedAccessException, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' has occurred.
Timestamp: 08/27/2012 10:56:55
Message: Retrieving the COM class factory for component with CLSID {90DCAB7F-347C-4BFC-B543-540326305FBE} failed due to the following error: 80070005 Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)).
Stack:    at Microsoft.WindowsServerSolutions.Storage.Common.SBSSharedFoldersInfo.GetSharedFoldersInternal()
0
 
LVL 13

Expert Comment

by:Norm Dickinson
ID: 38339158
Sorry for the delay in responding.

You may need to add more roles / features if your installation was done using the wizard. Try adding the entire list of features for IIS to see if something there is missing.

Is there a group policy for the users for this feature? Are you sure everything that is necessary has been enabled?

You can try running the built-in diagnostics and tools for Exchange, SharePoint and SQL as well as the Best Practices Analyzer tools. Several links follow...

Also see http://technet.microsoft.com/en-us/library/dd759260.aspx for information.

Update for Best Practices Analyzer for Network Policy and Access Services for Windows Server 2008 R2 x64 Edition (NPAS) (KB977239)
http://www.microsoft.com/en-us/download/details.aspx?id=3345

Update for Best Practices Analyzer for DHCP Server
http://www.microsoft.com/en-us/download/details.aspx?id=7385

Update for Best Practices Analyzer for HYPER-V
http://www.microsoft.com/en-us/download/details.aspx?id=25229

Update for Best Practices Analyzer for Application Server
http://www.microsoft.com/en-us/download/details.aspx?id=3941

Update for Best Practices Analyzer for Windows Server Update Services
http://www.microsoft.com/en-us/download/details.aspx?id=9054

Update for Best Practices Analyzer for Active Directory Rights Management Services
http://www.microsoft.com/en-us/download/details.aspx?id=1460

Rules Update for Remote Desktop Services Best Practice Analyzer
http://www.microsoft.com/en-us/download/details.aspx?id=9978

Update for Best Practices Analyzer for File Services
http://www.microsoft.com/en-us/download/details.aspx?id=4077

Microsoft DNS (Domain Name System) Model for Microsoft Baseline Configuration Analyzer 2.0
http://www.microsoft.com/en-us/download/details.aspx?id=5468

http://www.msigeek.com/6591/download-best-practices-analyzers-exchange-unified-communications

http://www.msigeek.com/6594/download-best-practices-analyzers-forefront-isa-and-security

http://www.msigeek.com/6599/download-guides-sbs-mobile-device-manager-commerce-server-biztalk
0
 

Author Comment

by:neolore
ID: 38340581
In IIS everything is checked, except for FTP. I'll see if there is a BPA for the RWW but I don't think so.
This was working up until recently. Just not sure what has changed.
0
 
LVL 13

Expert Comment

by:Norm Dickinson
ID: 38340599
Any recent Windows updates you can roll back?
0
 

Author Comment

by:neolore
ID: 38340920
Last updates were done about a month ago.
0
 
LVL 13

Expert Comment

by:Norm Dickinson
ID: 38341026
No new software or updated drivers or network equipment or firmware updates either?
0
 

Author Comment

by:neolore
ID: 38341106
Nope.
And everything else works fine in RWW, except connecting through RDP.

It shows in the log:
(C:\Program Files\Windows Small Business Server\Logs\WebApp\RemoteAccess.log)


[27028] 120828.095823.6515: RemoteDesktop: action: downloadRDPFile
[27028] 120828.095823.6535: RemoteAccess: [SQM] Recording SQM data for non-IE browser numbers
[27028] 120828.095823.6565: RemoteAccess: [RemoteDesktop] Populating the computer list for Remote Desktop
[27028] 120828.095823.6575: ClientSetup: Initialize ([neoloreadmin], [], [], [], *
[27028] 120828.095823.8386: RemoteAccess: [SQM] Recording SQM data for RDP to computer attempt
[27028] 120828.095823.8686: RemoteAccess: [SQM] Recording SQM data for RDP options
[27028] 120828.095823.8716: CoreNet: Leaf Cert Thumbprint is: 88BADCD967AAF1DE270D76DFE0DE231FAF81D4D6
[27028] 120828.095823.8736: CoreNet: ThumbPrint: 88BADCD967AAF1DE270D76DFE0DE231FAF81D4D6
[27028] 120828.095823.8736: CoreNet: Calling FindCert()
[27028] 120828.095823.8776: CoreNet: ThumbPrint: 88BADCD967AAF1DE270D76DFE0DE231FAF81D4D6
[27028] 120828.095823.8786: CoreNet: Look for cert in My
[27028] 120828.095823.8786: CoreNet: Opening Store
[27028] 120828.095823.8796: CoreNet: Finding cert
[27028] 120828.095823.8796: CoreNet: certcoll.Count: 1
[27028] 120828.095823.8796: CoreNet: Closing Store
[27028] 120828.095823.8796: CoreNet: Getting Hash
[27028] 120828.095823.8816: RemoteDesktop: Writing unsigned RDP file G:\Temp\tmpBCFA.tmp
[27028] 120828.095823.8856: RemoteDesktop: Signing RDP file G:\Temp\tmpBCFA.tmp
[27028] 120828.095824.0247: RemoteAccess: Operation exit with code 0
[27028] 120828.095824.0247: RemoteAccess: Output: All rdp file(s) have been succesfully signed.

[27028] 120828.095824.0247: RemoteDesktop: Reading signed RDP file G:\Temp\tmpBCFA.tmp



But it still times out.
0
 
LVL 13

Expert Comment

by:Norm Dickinson
ID: 38341170
Is there any kind of rights or permission problems on g://temp? Can you create / access / edit a text file from there?
0
 
LVL 13

Expert Comment

by:Norm Dickinson
ID: 38341178
Make that, g:\temp
0
 

Author Comment

by:neolore
ID: 38341225
No access problems or rights issues on g:\temp. I can create files with the same account.
0
 
LVL 13

Expert Comment

by:Norm Dickinson
ID: 38341351
I am running out of things to have you try. Some stuff is just in the realm of Microsoft paid support, but feel free to post the question again and include a llink to this thread so you don't have to repost everything. Sorry! Others are often reluctant to answer in the middle of a thread this long. I will ignore the folliwup question.
0
 

Accepted Solution

by:
neolore earned 0 total points
ID: 38350734
Looks like Basic Authentication was not enabled on /Remote in IIS. It works when this is turned on.
0
 
LVL 13

Expert Comment

by:Norm Dickinson
ID: 38350762
Seems like the Best Practices Analyzer should have picked up on that if it had been run as suggested in http://#a38339158.
0
 

Author Closing Comment

by:neolore
ID: 38362885
no reason except that its the answer.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When using a search centre, I'm going to show you how to configure Sharepoint's search to only return results from the current site collection. Very useful when using Office 365 with multiple site collections.
A while back, I ran into a situation where I was trying to use the calculated columns feature in SharePoint 2013 to do some simple math using values in two lists. Between certain data types not being accessible, and also with trying to make a one to…
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question