Connecting to Server 2012 R2 Remote Desktop Services Collection
we are building a Server 2012 R2 Remote Desktop Services Collection, with a single connection broker and two session broker servers. We find that we can only connect to the session brokers if we use the RDP shortcut generated by the Web access component within our deployment. if we try a "normal" RDP connection, it tries to connect to the connection broker only, and fails as the user is not a member of the remote desktop users group. if we try the RDP link generated by the RD Web Access component, it connects as it should do. is there something I am missing that is contained in the generated RDP link that a normal RDP connection doesn't have?
ASKER
when I try the normnal RDP connection, I go to the connection broker (and yes, session hosts :)), this bombs with a message about the user not being in the remote desktop users group. having looked at the connection details in notepad++ they appear quite different:
normal RDP:
use multimon:i:0
desktopwidth:i:1680
desktopheight:i:1050
session bpp:i:32
winposstr:s:0,1,362,94,138
compression:i:1
keyboardhook:i:2
audiocapturemode:i:0
videoplaybackmode:i:1
connection type:i:7
networkautodetect:i:1
bandwidthautodetect:i:1
displayconnectionbar:i:1
enableworkspacereconnect:i
disable wallpaper:i:0
allow font smoothing:i:0
allow desktop composition:i:0
disable full window drag:i:1
disable menu anims:i:1
disable themes:i:0
disable cursor setting:i:0
bitmapcachepersistenable:i
full address:s:sptcb01.mycompan
audiomode:i:0
redirectprinters:i:1
redirectcomports:i:0
redirectsmartcards:i:1
redirectclipboard:i:1
redirectposdevices:i:0
autoreconnection enabled:i:1
authentication level:i:2
prompt for credentials:i:0
negotiate security layer:i:1
remoteapplicationmode:i:0
alternate shell:s:
shell working directory:s:
gatewayhostname:s:gateway.
gatewayusagemethod:i:2
gatewaycredentialssource:i
gatewayprofileusagemethod:
promptcredentialonce:i:0
use redirection server name:i:0
rdgiskdcproxy:i:0
kdcproxyname:s:
gatewaybrokeringtype:i:0
smart sizing:i:1
devicestoredirect:s:*
drivestoredirect:s:
generated RDP (from web access)
redirectclipboard:i:1
redirectprinters:i:1
redirectcomports:i:1
redirectsmartcards:i:1
devicestoredirect:s:*
drivestoredirect:s:*
redirectdrives:i:1
session bpp:i:32
prompt for credentials on client:i:1
server port:i:3389
allow font smoothing:i:1
promptcredentialonce:i:1
gatewayusagemethod:i:2
gatewayprofileusagemethod:
gatewaycredentialssource:i
full address:s:SPTCB01.mycompan
gatewayhostname:s:gateway.
workspace id:s:SPTCB01.mycompany.dom
use redirection server name:i:1
loadbalanceinfo:s:tsv://MS
use multimon:i:1
alternate full address:s:SPTCB01.mycompan
signscope:s:Full Address,Alternate Full Address,Use Redirection Server Name,Server Port,GatewayHostname,Gatew
signature:s:AQABAAEAAADXBA
screen mode id:i:2
desktopwidth:i:800
desktopheight:i:600
winposstr:s:0,3,0,0,800,60
compression:i:1
keyboardhook:i:2
audiocapturemode:i:0
videoplaybackmode:i:1
connection type:i:7
networkautodetect:i:1
bandwidthautodetect:i:1
displayconnectionbar:i:1
enableworkspacereconnect:i
disable wallpaper:i:0
allow desktop composition:i:0
disable full window drag:i:1
disable menu anims:i:1
disable themes:i:0
disable cursor setting:i:0
bitmapcachepersistenable:i
all addresses resolve in DNS. at this point, we're still using self cert SSL in the deployment (no need for remote access outside the domain)
normal RDP:
use multimon:i:0
desktopwidth:i:1680
desktopheight:i:1050
session bpp:i:32
winposstr:s:0,1,362,94,138
compression:i:1
keyboardhook:i:2
audiocapturemode:i:0
videoplaybackmode:i:1
connection type:i:7
networkautodetect:i:1
bandwidthautodetect:i:1
displayconnectionbar:i:1
enableworkspacereconnect:i
disable wallpaper:i:0
allow font smoothing:i:0
allow desktop composition:i:0
disable full window drag:i:1
disable menu anims:i:1
disable themes:i:0
disable cursor setting:i:0
bitmapcachepersistenable:i
full address:s:sptcb01.mycompan
audiomode:i:0
redirectprinters:i:1
redirectcomports:i:0
redirectsmartcards:i:1
redirectclipboard:i:1
redirectposdevices:i:0
autoreconnection enabled:i:1
authentication level:i:2
prompt for credentials:i:0
negotiate security layer:i:1
remoteapplicationmode:i:0
alternate shell:s:
shell working directory:s:
gatewayhostname:s:gateway.
gatewayusagemethod:i:2
gatewaycredentialssource:i
gatewayprofileusagemethod:
promptcredentialonce:i:0
use redirection server name:i:0
rdgiskdcproxy:i:0
kdcproxyname:s:
gatewaybrokeringtype:i:0
smart sizing:i:1
devicestoredirect:s:*
drivestoredirect:s:
generated RDP (from web access)
redirectclipboard:i:1
redirectprinters:i:1
redirectcomports:i:1
redirectsmartcards:i:1
devicestoredirect:s:*
drivestoredirect:s:*
redirectdrives:i:1
session bpp:i:32
prompt for credentials on client:i:1
server port:i:3389
allow font smoothing:i:1
promptcredentialonce:i:1
gatewayusagemethod:i:2
gatewayprofileusagemethod:
gatewaycredentialssource:i
full address:s:SPTCB01.mycompan
gatewayhostname:s:gateway.
workspace id:s:SPTCB01.mycompany.dom
use redirection server name:i:1
loadbalanceinfo:s:tsv://MS
use multimon:i:1
alternate full address:s:SPTCB01.mycompan
signscope:s:Full Address,Alternate Full Address,Use Redirection Server Name,Server Port,GatewayHostname,Gatew
signature:s:AQABAAEAAADXBA
screen mode id:i:2
desktopwidth:i:800
desktopheight:i:600
winposstr:s:0,3,0,0,800,60
compression:i:1
keyboardhook:i:2
audiocapturemode:i:0
videoplaybackmode:i:1
connection type:i:7
networkautodetect:i:1
bandwidthautodetect:i:1
displayconnectionbar:i:1
enableworkspacereconnect:i
disable wallpaper:i:0
allow desktop composition:i:0
disable full window drag:i:1
disable menu anims:i:1
disable themes:i:0
disable cursor setting:i:0
bitmapcachepersistenable:i
all addresses resolve in DNS. at this point, we're still using self cert SSL in the deployment (no need for remote access outside the domain)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
bingo - that's done the trick, many thanks for this :)
Also, when you say session brokers, I'm assuming you mean session hosts. "Session broker" is the old (pre-2012) name for the connection broker. (Microsoft and their ever-changing terminology...)