ITPT
asked on
Connecting to Server 2012 R2 Remote Desktop Services Collection
we are building a Server 2012 R2 Remote Desktop Services Collection, with a single connection broker and two session broker servers. We find that we can only connect to the session brokers if we use the RDP shortcut generated by the Web access component within our deployment. if we try a "normal" RDP connection, it tries to connect to the connection broker only, and fails as the user is not a member of the remote desktop users group. if we try the RDP link generated by the RD Web Access component, it connects as it should do. is there something I am missing that is contained in the generated RDP link that a normal RDP connection doesn't have?
ASKER
when I try the normnal RDP connection, I go to the connection broker (and yes, session hosts :)), this bombs with a message about the user not being in the remote desktop users group. having looked at the connection details in notepad++ they appear quite different:
normal RDP:
use multimon:i:0
desktopwidth:i:1680
desktopheight:i:1050
session bpp:i:32
winposstr:s:0,1,362,94,138 6,822
compression:i:1
keyboardhook:i:2
audiocapturemode:i:0
videoplaybackmode:i:1
connection type:i:7
networkautodetect:i:1
bandwidthautodetect:i:1
displayconnectionbar:i:1
enableworkspacereconnect:i :0
disable wallpaper:i:0
allow font smoothing:i:0
allow desktop composition:i:0
disable full window drag:i:1
disable menu anims:i:1
disable themes:i:0
disable cursor setting:i:0
bitmapcachepersistenable:i :1
full address:s:sptcb01.mycompan y.DOMAIN
audiomode:i:0
redirectprinters:i:1
redirectcomports:i:0
redirectsmartcards:i:1
redirectclipboard:i:1
redirectposdevices:i:0
autoreconnection enabled:i:1
authentication level:i:2
prompt for credentials:i:0
negotiate security layer:i:1
remoteapplicationmode:i:0
alternate shell:s:
shell working directory:s:
gatewayhostname:s:gateway. pantek.co. uk
gatewayusagemethod:i:2
gatewaycredentialssource:i :4
gatewayprofileusagemethod: i:1
promptcredentialonce:i:0
use redirection server name:i:0
rdgiskdcproxy:i:0
kdcproxyname:s:
gatewaybrokeringtype:i:0
smart sizing:i:1
devicestoredirect:s:*
drivestoredirect:s:
generated RDP (from web access)
redirectclipboard:i:1
redirectprinters:i:1
redirectcomports:i:1
redirectsmartcards:i:1
devicestoredirect:s:*
drivestoredirect:s:*
redirectdrives:i:1
session bpp:i:32
prompt for credentials on client:i:1
server port:i:3389
allow font smoothing:i:1
promptcredentialonce:i:1
gatewayusagemethod:i:2
gatewayprofileusagemethod: i:0
gatewaycredentialssource:i :0
full address:s:SPTCB01.mycompan y.DOMAIN
gatewayhostname:s:gateway. mycompany. co.uk
workspace id:s:SPTCB01.mycompany.dom ain
use redirection server name:i:1
loadbalanceinfo:s:tsv://MS Terminal Services Plugin.1.Pantek_RDP
use multimon:i:1
alternate full address:s:SPTCB01.mycompan y.DOMAIN
signscope:s:Full Address,Alternate Full Address,Use Redirection Server Name,Server Port,GatewayHostname,Gatew ayUsageMet hod,Gatewa yProfileUs ageMethod, GatewayCre dentialsSo urce,Promp tCredentia lOnce,Redi rectDrives ,RedirectP rinters,Re directCOMP orts,Redir ectSmartCa rds,Redire ctClipboar d,DevicesT oRedirect, DrivesToRe direct,Loa dBalanceIn fo
signature:s:AQABAAEAAADXBA AAMIIE0wYJ KoZIhvcNAQ cCoIIExDCC BMACAQExCz AJBgUrDgMC GgUAMAsGCSqGSIb3DQEHAaCCA0 AwggM8MIIC JKADAgECAh A2B0Og1QLL uUcGSnBB HlnHMA0GCSqGSIb3DQEBCwUAMC AxHjAcBgNV BAMMFXNwdG NiMDEucGFu dGVrLmRv bWFpbjAeFw0xNDExMjExNTM1MT haFw0xNTEx MjExNTU1MT haMCAxHjAc BgNVBAMM FXNwdGNiMDEucGFudGVrLmRvbW FpbjCCASIw DQYJKoZIhv cNAQEBBQAD ggEPADCC AQoCggEBAMGBVXeenbJ3hFpAiG HEY6WKKzoW XfefOmwxpS sHvIogiE5p sJlxoMxp iA1wUn6HiwAqB8XUFQGmuRQOBo OluuQZCE/E jLOHDhmAuN 3SCTzQ62Cv J2V4Iekz YavLCUOKO25TtUXSF81kB0Mzlq TD1UuaissW o18xcBHN2T 3kYUB19WtQ PMQ+QkD/ JGZ1diQcYOHSXtI9DX7ryD10iy y5D8ydxISW Z2mLHWSJ9i J+eWSly9xk XU520YA5 7B7N9iknSHbvBtnz5jNTnVFLZi /F6OV5QrsU Xjv81mQNV/ VROVYjcqp8 ot3mXyUp RGeBNBPAsME556KWo0PBFY1IU8 fcVvMCAwEA AaNyMHAwDg YDVR0PAQH/ BAQDAgWg MB0GA1UdJQQWMBQGCCsGAQUFBw MCBggrBgEF BQcDATAgBg NVHREEGTAX ghVzcHRj YjAxLnBhbnRlay5kb21haW4wHQ YDVR0OBBYE FLGGiohM1b YNY1W8aNMY LkF1lt/v MA0GCSqGSIb3DQEBCwUAA4IBAQ CNhZUVaLKc uShdSkc1f2 g0lV4lJrdD fG1lA4Nu H8RZ03hrVCKF7Xk19Fnc8Q6gW/ j/8sX6TG9z 0+Bto286Hn v2BZ8G898f HmQb7X6F olBAl3keekF3KF6MvygKTnyx/Y 5cclLU7qnn vdV0Lm9Yoy w6jeM8Ehuo JDuDUo7Z 3kFVr/naZ/O8utRNOhsJrmgGR/ uulJy4E3oH R8UCQe4btu efd7sv2zSS ck+hOA8K a9epZwkBzGhyhBU2AUpZI/T6el GC3HumPDYu yw5ky+QwRL fm5Ps3RTob qqNN6ZJ1 /5qki/Cek7MePA9NjyLmokESSX P+r5neAwUV KTtdX8BnO6 WaMYIBWzCC AVcCAQEw NDAgMR4wHAYDVQQDDBVzcHRjYj AxLnBhbnRl ay5kb21haW 4CEDYHQ6DV Asu5RwZK cEEeWccwCQYFKw4DAhoFADANBg kqhkiG9w0B AQEFAASCAQ BOTXXWmUXI NPyfdhnN Lo04tQQ4U2z2/dHb1T6wnx3YnB jLBTHPuRQ0 zWvoEAVlFp snhY5KzFUn PaPtbprv rZLQfbzQnVTWl1UhykN4dCMPhT aH1j71+kRC YXxslDBlAR w7zlCIk57T z6eMNBOD 8pH+CcxkYMw3OqnIegwARXB5U5 mkee4aRNhH UiBjuNKWQA r/9jpUYxzI fUni3lTs 5vB13STvXD7if1x5BREgxdYY7G 0LOPuqdYgU Eg2zjhMs+/ 8kw/LnQGzn Dw8EdvkP X+wGHN3U+zLSfCTjFzTc+5+atS TwOSremvFU O+/yuUrxXh 0SiwNCsb7o IBykApxS eOh5
screen mode id:i:2
desktopwidth:i:800
desktopheight:i:600
winposstr:s:0,3,0,0,800,60 0
compression:i:1
keyboardhook:i:2
audiocapturemode:i:0
videoplaybackmode:i:1
connection type:i:7
networkautodetect:i:1
bandwidthautodetect:i:1
displayconnectionbar:i:1
enableworkspacereconnect:i :0
disable wallpaper:i:0
allow desktop composition:i:0
disable full window drag:i:1
disable menu anims:i:1
disable themes:i:0
disable cursor setting:i:0
bitmapcachepersistenable:i :1
all addresses resolve in DNS. at this point, we're still using self cert SSL in the deployment (no need for remote access outside the domain)
normal RDP:
use multimon:i:0
desktopwidth:i:1680
desktopheight:i:1050
session bpp:i:32
winposstr:s:0,1,362,94,138
compression:i:1
keyboardhook:i:2
audiocapturemode:i:0
videoplaybackmode:i:1
connection type:i:7
networkautodetect:i:1
bandwidthautodetect:i:1
displayconnectionbar:i:1
enableworkspacereconnect:i
disable wallpaper:i:0
allow font smoothing:i:0
allow desktop composition:i:0
disable full window drag:i:1
disable menu anims:i:1
disable themes:i:0
disable cursor setting:i:0
bitmapcachepersistenable:i
full address:s:sptcb01.mycompan
audiomode:i:0
redirectprinters:i:1
redirectcomports:i:0
redirectsmartcards:i:1
redirectclipboard:i:1
redirectposdevices:i:0
autoreconnection enabled:i:1
authentication level:i:2
prompt for credentials:i:0
negotiate security layer:i:1
remoteapplicationmode:i:0
alternate shell:s:
shell working directory:s:
gatewayhostname:s:gateway.
gatewayusagemethod:i:2
gatewaycredentialssource:i
gatewayprofileusagemethod:
promptcredentialonce:i:0
use redirection server name:i:0
rdgiskdcproxy:i:0
kdcproxyname:s:
gatewaybrokeringtype:i:0
smart sizing:i:1
devicestoredirect:s:*
drivestoredirect:s:
generated RDP (from web access)
redirectclipboard:i:1
redirectprinters:i:1
redirectcomports:i:1
redirectsmartcards:i:1
devicestoredirect:s:*
drivestoredirect:s:*
redirectdrives:i:1
session bpp:i:32
prompt for credentials on client:i:1
server port:i:3389
allow font smoothing:i:1
promptcredentialonce:i:1
gatewayusagemethod:i:2
gatewayprofileusagemethod:
gatewaycredentialssource:i
full address:s:SPTCB01.mycompan
gatewayhostname:s:gateway.
workspace id:s:SPTCB01.mycompany.dom
use redirection server name:i:1
loadbalanceinfo:s:tsv://MS
use multimon:i:1
alternate full address:s:SPTCB01.mycompan
signscope:s:Full Address,Alternate Full Address,Use Redirection Server Name,Server Port,GatewayHostname,Gatew
signature:s:AQABAAEAAADXBA
screen mode id:i:2
desktopwidth:i:800
desktopheight:i:600
winposstr:s:0,3,0,0,800,60
compression:i:1
keyboardhook:i:2
audiocapturemode:i:0
videoplaybackmode:i:1
connection type:i:7
networkautodetect:i:1
bandwidthautodetect:i:1
displayconnectionbar:i:1
enableworkspacereconnect:i
disable wallpaper:i:0
allow desktop composition:i:0
disable full window drag:i:1
disable menu anims:i:1
disable themes:i:0
disable cursor setting:i:0
bitmapcachepersistenable:i
all addresses resolve in DNS. at this point, we're still using self cert SSL in the deployment (no need for remote access outside the domain)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
bingo - that's done the trick, many thanks for this :)
Also, when you say session brokers, I'm assuming you mean session hosts. "Session broker" is the old (pre-2012) name for the connection broker. (Microsoft and their ever-changing terminology...)