Remote App GPO Permissions

Hi,

I am a network Administrator in the construction industry. There is a Program that I need to allow my users to access, this is done via RemoteApp from the people that own it. I as an administrator can access it without any problems.

when I test as a general user I get the following error

"RemoteApp Disconected"

This computer can't connect to the remote computer.

Try connecting again. If the problem continues, contact the owner of the remote computer or your network administrator.

Any help would be appreciated. I can provide more info regarding my environment as needed.
mataleao87Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

nappy_dThere are a 1000 ways to skin the technology cat.Commented:
Can you tell some more:
-is remote app licensed in full past the original 120 days?
- is the license server fully configured?
- please post any event log errors from around the time a non admin logs in.
- what is the application this error is occurring with?
0
mataleao87Author Commented:
-is remote app licensed in full past the original 120 days?-Yes
- is the license server fully configured?-Yes
- please post any event log errors from around the time a non admin logs in. - I have looked for Logs but found none corresponding to the time I tested with a non-admin user.
- what is the application this error is occurring with?-Its an application called EWBills Cloud, used for caltrans billing

I have created a Firewall exception to the Remote App Port to a set of load balancing servers that this remote app connects to but it seems that the connection doesn't even make it that far.
0
nappy_dThere are a 1000 ways to skin the technology cat.Commented:
Ok , can you make a screencideo of a login session using the EE tools so we can see what occurs when a non admin logs in?
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

joharderCommented:
It's possible that the app is not multi-user aware and/or that it requires admin privileges.

First, try testing based on two admin accounts and see if the app functions properly.  If that's successful, we can rule out multi-user awareness.

I suspect that the issue may be that local admin privileges may be required.  Often, full local admin is not really required but instead just write or admin privileges to specific area(s).  As a test, give a user local admin privileges on the server to see if it works.  If so, then it's a permissions issue.

The best way to test is to run a Process Monitor trace during application access.  Unfortunately, it can be tedious to review the trace, but the answer will be in there.  For example, sometimes it's just a registry key that needs elevated permissions.

If you want to try a few permissions changes, try granting elevated permissions to the app folder under c:\program files (x86) or wherever it is housed.  Also, if there is a centralized database or data repository, make sure that all users have write permissions.
0
mataleao87Author Commented:
It's possible that the app is not multi-user aware and/or that it requires admin privileges.

First, try testing based on two admin accounts and see if the app functions properly.  If that's successful, we can rule out multi-user awareness.

I suspect that the issue may be that local admin privileges may be required.  Often, full local admin is not really required but instead just write or admin privileges to specific area(s).  As a test, give a user local admin privileges on the server to see if it works.  If so, then it's a permissions issue.Do you mean Give Full Allow permissions or add  the user as a local admin??

The best way to test is to run a Process Monitor trace during application access.  Unfortunately, it can be tedious to review the trace, but the answer will be in there.  For example, sometimes it's just a registry key that needs elevated permissions.The trace only shows the connection being created nothing else.

If you want to try a few permissions changes, try granting elevated permissions to the app folder under c:\program files (x86) or wherever it is housed.  Also, if there is a centralized database or data repository, make sure that all users have write permissions.I updated the permissions on the folder to Allow for Everyone

The app is just very spotty. I know that they have load balancers and we have 3 licenses. It seems that the app works about 90% of the time when started by a member of the admins group. Otherwise for regular users it is very inconistent and doesn't seem to have a pattern. Besides not working most of the time.
0
mataleao87Author Commented:
I created a video to show what happens when I access this app. How should I share it. It the only real info it the IP address of the server I am trying to access.
0
joharderCommented:
Try adding a regular test user to the Local Admin group on the server.  It sounds like the app is looking for Local Admin privileges and is super fussy when the user doesn't have them.  But, it's also quite possible that if you can find exactly which aspect requires higher privileges, you can keep user permissions and just grant higher privileges where necessary.

Also, check with the app vendor and ask whether the app is Click Once app.  These apps will inconsistently function properly.
0
mataleao87Author Commented:
Try adding a regular test user to the Local Admin group on the server.  It sounds like the app is looking for Local Admin privileges and is super fussy when the user doesn't have them.  But, it's also quite possible that if you can find exactly which aspect requires higher privileges, you can keep user permissions and just grant higher privileges where necessary.I added the test users to the Admin Group and the function is still very irregular. The developer is not much use in supporting his app.
0
joharderCommented:
Try running Process Monitor again when a local admin logs in.  With Local Admin privileges, it may now show the exact reason why it doesn't work.

Because of the intermittent success, this may be a user profile issue.  Try creating a new user, give that user account Local Admin, and then login.  If that works, try deleting the user profile of an existing test user.  Does it now work correctly?
0
mataleao87Author Commented:
So create a new user. assign local admin.. test it.
Then Delete an existing user and recreate with Local admin rights?

Thanks,
0
joharderCommented:
Yes, exactly.
0
mataleao87Author Commented:
No change. still failing. I have a feeling its the RDP6 file that is failing..
0
joharderCommented:
When you were able to get the app to work, were you the only one on the system?  And was it when the server was fresh, before any users logged in?  If that's the case, the issue may be that the app is not multi-user aware.  

Alternatively, it may be a security setting: http://clintboessen.blogspot.co.uk/2015/01/remoteapp-disconnected-this-computer.html?_sm_au_=iVVS4WN0Sn7Dqk0q
0
mataleao87Author Commented:
This app belongs to a vendor of ours, He doesn't disclose much in regards to how many users are logged on, except that we are logging into a windows 7 machine and that he has load balancers in place.
0
mataleao87Author Commented:
Update to the scenario.

I added this app to the RDP server, created an installer and installed a rdp file on all the pcs that need this app. so effectively, the app's connection is being carried out by the RDP server and not by the individual computers as we had hoped.

Thank you all for the input.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Seth SimmonsSr. Systems AdministratorCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.