Link to home
Start Free TrialLog in
Avatar of David Haycox
David HaycoxFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Unable to install Remote Desktop Session Host on Server 2012

We have the same problem on two otherwise totally unrelated servers.  After choosing to add roles and features, then selecting Remote Desktop Session Host (it's the same if you choose a role-based installation and select the option manually, or the Remote Desktop Services installation option) the server does the first part as expected then asks for a reboot.  Here's what happens next:

1. "Configuring Windows features" (as expected), plus automatic reboot.
2. "Configuring Windows updates"
3. "Failure configuring Windows updates, reverting changes", reboot.
4. "Failure configuring Windows updates, reverting changes", reboot.
5. "Failure configuring Windows updates, reverting changes", reboot.

Then you finally get back to being able to log on, at which point you're back where you started with no Remote Desktop Session Host.

I was able to install Remote Desktop Licensing fine on each server, but only by itself (normally you just tick both and install at the same time, right?).

Both servers are running Server 2012 standard, they're on different domains, one is physical (HP Proliant ML310e Gen8), the other virtual (running in Amazon Web Services).

My guess is that if I hadn't installed any Windows updates before attempting to add Remote Desktop services, it wouldn't be a problem.  The only other configuration I've done is to install AV (only on one of the servers though), configure the keyboard and regional settings to UK English, and join the relevant domain.

Relevant application log entries I can find are pasted in below.  These three events appear during each of the "reverting changes" reboots.  How can I get Remote Desktop Session Host successfully installed?  Thanks in advance for any advice.

Source: Winlogon
Event ID: 6004
The winlogon notification subscriber <TrustedInstaller> failed a critical notification event.

Source: Windows Error Reporting
Event ID: 1001
Fault bucket , type 0
Event Name: WindowsWcpOtherFailure3
Response: Not available
Cab Id: 0

Problem signature:
P1: 6.2.9200
P2: componentstore\com\advancedinstallers.cpp
P3: LoadHandlerDll
P4: 177
P5: 8007007e
P6: 0x39c6e321
P7:
P8:
P9:
P10:

Attached files:
C:\Windows\Logs\CBS\CBS.log
C:\Windows\Logs\CBS\CbsPersist_20130625114434.log
C:\Windows\Logs\CBS\CbsPersist_20130624175057.log
C:\Windows\Logs\CBS\CbsPersist_20130624161337.log
C:\Windows\Logs\CBS\CbsPersist_20130624160145.log
C:\Windows\Logs\CBS\CbsPersist_20130621162819.log
C:\Windows\servicing\Sessions\Sessions.xml
C:\Windows\WinSxS\pending.xml
C:\Windows\WinSxS\poqexec.log
C:\Windows\System32\LogFiles\Scm\SCM.EVM
C:\Windows\Logs\CBS\FilterList.log
These files may be available here:
Analysis symbol:
Rechecking for solution: 0
Report ID: 44af7062-dd8d-11e2-944c-0e3288e13d8d
Report Status: 262144
Hashed bucket:

Source: Windows Error Reporting
Event ID: 1001
Fault bucket , type 0
Event Name: WindowsWcpOtherFailure3
Response: Not available
Cab Id: 0

Problem signature:
P1: 6.2.9200
P2: componentstore\com\advancedinstallers.cpp
P3: LoadHandlerDll
P4: 177
P5: 8007007e
P6: 0x39c6e321
P7:
P8:
P9:
P10:

Attached files:

These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_6.2.9200_567334a349b518f8bb4abacbfc8d448c2be7e84_0a14445f

Analysis symbol:
Rechecking for solution: 0
Report ID: 44af7062-dd8d-11e2-944c-0e3288e13d8d
Report Status: 4
Hashed bucket:
Avatar of dheiert
dheiert
Flag of United States of America image

Actually sounds like some kind of authentication issue.  Have you tried as local admin?
Avatar of David Haycox

ASKER

Was using domain admin account, trying as local admin now....  

Alas, same problem again.  Thanks anyway.  Any other ideas?
Sounds like it is something MS frowns upon, but this looks like an answer:
I have found a simple solution to this issue that I also believe to have no security implications for AD. If anyone thinks this is not the case, please tell.
The problem is that Network Service does not have access rights to WID. So why don't we give it those rights?
Do the following:

1) Connect to \\.\pipe\MICROSOFT##WID\tsql\query using SQL Management Studio.
2) Under Security\Logins, add a new login.
    On the General page:
    Login name: NT AUTHORITY\NETWORK SERVICE
    Default database: RDCms
    On the User Mapping page:
    Check RDCms, select the entry and check db_owner.
   
That's it. All services should start fine now.
Update:
After this step, create a new login for NT AUTHORITY\SYSTEM. You will see a message that the login already exists, however it will add NT AUTHORITY\SYSTEM to the list of users. Following a reboot of the machine, everything will work as expected.
If you omit this last step, you will run into said "Object reference is not set to an instance of an object" error. ResolutoR and I could both verify that these steps make a setup of RD Connection Broker on a Domain Controller possible.
WARNING: Please be aware that the setup of a DC and RDCB on one server is entirely unsupported. The above steps can make it work in some extend, but that's it. Also be aware that RD Gateway won't work this way.

YOU SHOULD NEVER RUN THIS ON A PRODUCTION SERVER.
USE THIS FOR EVALUATION PURPOSES ONLY.
Thanks for that. I may snapshot the machine and give it a try, but as you suggest it's not a good idea on a production server.  I think I'll be giving Microsoft a call...
Well, I agree with the posters on that board.  MS is claiming to centralize computing and then says not to do RDP??  WTF?
ASKER CERTIFIED SOLUTION
Avatar of David Haycox
David Haycox
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
That's just f'in ridiculous!
Yes, you would have hoped the update had been tested before release.  Still, they gave me a straight answer, apologised, didn't charge me for the support request, and promised to inform me when the fix is available.
I've requested that this question be closed as follows:

Accepted answer: 0 points for DavidOHaycox's comment #a39281179

for the following reason:

Answered own question.
Avatar of PatrickNance
PatrickNance

I have the same issue on a production server.  I would prefer this not be closed until there is a solution either a workaround that is reasonable for a production server or notification here that Microsoft released a fix.
Fair enough - it will serve as a reminder to me to post a link to the fix, when it comes.
Answered own question.  Moderator suggests question should be closed.
Microsoft sent me a tested (but not yet public update) which appears to have fixed the problem (Windows8-RT-KB2821895-v2-x64.msu).

I can post it if anyone would like, but of course it's at your own risk; I would advise obtaining it from Microsoft directly just to be certain, and they will be publishing it soon I would imagine.
Just had notification from Microsoft that they now have a publicly available version of this:

http://support.microsoft.com/kb/2871777/EN-US