RDS 2012R2 strange problem

I have a RDS 2012 solution with the following

Domain Server with DNS

RAD web access RD Licensing RD Connection Broker RD Session host ( which has 2 session host servers and 2 different collections, 1 collection is on host server 1 and another collection is on host server 2)

I have created 2 security groups in which users have access to collection on 1 or 2.

When accessing RDweb and logging in with a user belonging to security group 1 he/she gets the collection he has been assigned to.

When accessing RDweb and logging in with a user belonging to security group 2 he/she gets the collection he has been assigned to.

This also works the same way for remote app and services with RD Client or Desktop integration.

But now for the fun part only collection 1 works executing a remoteapp in the collection. When I logging as user for collection 2 it does not work executing a remoteapp will not work, when using RD client on Windows Phone it is authenticating user is okay and more, but it get stuck on initiating connection resulting error 0x740 when through web access I really got stuck, with message with options 1 till 3, the remote computer cannot be reached and more, I really do not know what to do anymore.

And the strange part on my computer at work it works but other computers ???

Please help me out.

Best regards,

Ronald
LVL 3
Ronald BusterOwnerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rroncmeCommented:
1. Check your "TS WEB Access Computers" group on the non working server and make sure your Connection Broker server is listed there.

2. Check your CB server and make sure you've enabled the servers as "RD Web Access Servers" and "RemoveApp Resources"
3.Check your RD gateway server and make sure you've authorized the second server in the policies

4. Sometimes fixing the app path to look like this
"c:\program files\somefolder\some.exe"
instead of this,
"\\servername.domain.com\C$\program files\somefolder\some.exe"
gets it going.

5, Finally you may need to check this:
1. Check if the "TS Web Access Computers" security group on the RDSH server has incorrect permissions in DCOM and/or WMI:

For checking DCOM security settings:
1. Start the Component Services MMC snapin
2. Navigate to Component Services -> Computers -> My Computer
3. Right-click on My Computer and select properties
4. Go to the COM Security tab
5. Under Access Permissions, click the Edit Limits button
6. Ensure that TS Web Access Computers is in the list, with all of the permissions set to “allow”.
7. Under Launch and Activation Permissions, click the Edit Limits button
8. Ensure that TS Web Access Computers is in the list, with all of the permissions set to “allow”.
For checking WMI security settings:
1. Start the WMI Control MMC snapin
2. Right-click the WMI Control node and select properties
3. Go to the Security tab
4. Navigate to Root->CIMV2->TerminalServices
5. With TerminalServices selected, click the Security button
6. Ensure that TS Web Access Computers is in the list with Execute Methods, Enable Account, and Remote Enable set to "allow"
2. Verify the RD Session Host server's firewall allows WMI calls.
3. Verify that the RD Connection Broker hasn't lost its trust relationship with the domain.

4. See if non-RDS related WMI calls can be successfully made to the RDSH server. This can help differentiate between a general WMI issue and an issue calling the RDS WMI provider.
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ronald BusterOwnerAuthor Commented:
Hi maybe stupid but

1. where can I find the group "TS WEB Access Computers" on the non working server. I assume with local users and groups, but its not there.

2. do I need to have an RD-gateway server to add, because I did not add one ?

3. do all of the session-host servers need to be webaccess server ?

4. where do I find remove appsresources.

thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.