Learn how to a build a cloud-first strategyRegister Now


Remote Access





Remote access may refer to the connection to a data-processing system from a remote location, for example through a virtual private network remote desktop software, terminal emulation, or the activation of features of a business telephone system from outside the business's premises.

Share tech news, updates, or what's on your mind.

Sign up to Post

We have a brand new Microsoft RDS environment spun up on Server 2016.  We have two gateway servers, two connection brokers and three app servers.  When a user hits the url (https://myrds.mydomain.com/rdweb) about half of the time, they get just a screen with Work Resources and NO login.  The other half of the time, they get a login.  

Now, the gateway servers are behind a VIP and the connection servers are behind a VIP.  I'm thinking it's something with the connection server VIP being messed up.  

I need some help troubleshooting this and knowing where to start.

Any ideas?


Upgrade your Question Security!
LVL 11
Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Asked by a client that has contractors working for him and want to monitor their work is networklookout.com is a safe software.
I'm trying to allow us to be able to view the security cameras from outside of my LAN, the trouble is I can't get Dyn's ddns service to cooperate. I've port forwarded the cameras already but still can't access them. Any help is appreciated, thanks in advance!
Recently, the HR Department wanted me to prevent employees from being able to check their business email through OWA, as this (I guess) poses issues about overtime pay and employees accessing their business emails.  My question, is what is the best method to not allow access to business emails after hours?  I know that there are login settings that effect a user's time and day for logging onto the network, but not certain it that effects access to business emails as well.
I had this question after viewing RDP Error - An Internal Error Has Occurred.
Hi all -

I'm working with a new domain based upon Server 2012 R2 Datacenter Edition. All servers are VMs running on robust Hyper-V hosts. Among my VMs I have two DCs, a file server and 4 other servers that are setup as RDS Session Hosts - I want to use them to host various apps and databases. Users will connect to the various app and database servers from thin-clients via RDP. Each of these servers has a unique purpose - i.e. they are not meant to be a load balancing farm or any such thing. I would like users to be able to login to a particular session host by specifying its hostname or IP in the connection profile at the thin-client.

Unfortunately, it seems like I have inadvertently created a situation where the thin-clients connect randomly to any RDS Session host (rather than to the specific one whose hostname or IP is supplied at connection time). I am not quite sure how to get around this. In order to get the RDS licensing to work properly, I had to setup a server "collection". Could this be the source of the problem? Obviously, I need the Session Hosts to be able to communicate with the license server but I can't have them randomly accepting connections that weren't intended for them.

Can anyone shed some light?

I really appreciate any help you can provide.

Thanks much.
Description: We have a Java app configured to let uses run it from a server on one of our servers on our network via RDS. The issue is that the Java app does not have a built-in timeout, So the network admins set a timeout on the server for the users sessions.

Problem:  The server timeout sessions do timeout, but the java app running in a window does not report mouse and keystroke activity back to the remote server, and when the time-out expires your session  is just gone.
Usually mid something important !

Question: Is there someway to configure either the java session or the RDS session to report activity so that the app behaves like a windows developed application ?

Thanks, any help is appreciated.
I've been trying to get DirectAccess working for quite some time now without success.

I've discovered that if i disable the windows private networks firewall profile on the client computer that i am able to connect to DA and ping internal corporate servers.  I've enabled logging of dropped packets on the client windows firewall and i see dropped UDP 53 packets.  So i've created an outbound rule to allow udp 53 and its still logged as dropped.   I've also allowed all outbound and i'm still unable to connect.  If i disable the windows private firewall profile on the client, DA connects immediately.

The DA server is setup as basic as it can be, with a single nic and self-signed certs.  The corporate firewall is allowing internal 443.  We have a GPO that disables the "domain networks" firewall profile otherwise defaults plus the changes made by the DA getting started wizard GPOs

Any help would be greatly appreciated!!

Edit:  Server Currently Server 2016.  I've tried multiple deployments of 2012.  Client is Windows 10 1607 enterprise
Currently we have a client that has the following environment:
>> Server 2012 r2 which has all of the remote desktop service roles
>> 2 x server 2012 r2 session hosts

Users use thin clients, to then RDP onto session hosts.
However now on a daily basis, when users first login, 30MINS on the dot their session is disconnected.

We have scoured the logs, and cannot see any reason why this is happening.
One path we were going down was background processing of printers, or group policy updates.

However the disconnects are random, but they always happen after the user has logged into the server for 30mins

I got a dell thin client and got rdp set up in it to connect to the server.
I just want to know how to use usb drive in thin client, so I can access it in server ?
Is there any settings do I need to enable to make it work in thin client ?

Vote for the Most Valuable Expert
Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

I've asked this in several different ways on here and I never get a clear answer.  I know I need a group policy, but I'm not having any luck making it happen.

My setup is Microsoft RDS on server 2016.  I'm publishing one app.

When my users go to save, the drives on the server are visible, as are the libraries.  I need these to be hidden.

Can someone tell me what GP (computer or user) to use and whether or not it's loopback.


The above image shows members of a Resource Group 'WEB9'.

I want to remove the classic VM 'web9' from the resource group. So I click the web9 VM and choose Resource group (change).

However both VM's must be moved together - why is this?  Why must these related VM stay in the same resource group? How are they related? etc

Hello Team,

Hope all are doing well

 setup pre requisites  to implement  Multi-tenant Site-to-Site (S2S) VPN Gateway successfully.

Help greatly appreciated !!!
Hi Experts,

My server is Ubuntu 16.04 LTS.
I am following the steps of  https://poweruphosting.com/blog/setup-vnc-server-on-ubuntu/ to set up the VNC server.
However, I fail in the last step like below. Can you please help me with this VNC configuration.

hsu@hcavfb11:~$ sudo systemctl status vncserver@1
● vncserver@1.service - Start TightVNC server at startup
   Loaded: loaded (/etc/systemd/system/vncserver@.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Fri 2017-11-24 10:31:34 JST; 18min ago

Nov 24 10:31:34 hcavfb11 systemd[1]: Starting Start TightVNC server at startup...
Nov 24 10:31:34 hcavfb11 systemd[1]: vncserver@1.service: Control process exited, code=exited status=217
Nov 24 10:31:34 hcavfb11 systemd[1]: Failed to start Start TightVNC server at startup.
Nov 24 10:31:34 hcavfb11 systemd[1]: vncserver@1.service: Unit entered failed state.
Nov 24 10:31:34 hcavfb11 systemd[1]: vncserver@1.service: Failed with result 'exit-code'.

Open in new window

Hi all,
This is a bit of a wild ask, but just in case somewhere here has seen this error and can help, as zscaler themselves is not providing a timely answer.

We use the zscaler ZPA private access client to allow VPN like access back to our corporate network.
The ZPA client is on laptops and will allow access from external to all apps that we have defined as being allowed on the internal corporate network.
That works great, EXCEPT for DFS file shares.
Windows DFS just doesnt work at all.
Normal UNC fileshares work fine. No problems with UNC.
But as soon as users try to access DFS file shares, there is no access. The request fails on the laptop.

We have contacted zscaler and have an open job with them, but this is taking weeks to resolve.
So long that we are looking at dropping ZPA entirely and go with something we know works, like Microsoft Direct Access.

Moving all the remote users to UNC file shares isnt an option, as the file sharing environment is complex and the amount of manual work needed for a workaround of UNC paths is unacceptable.
I have a setup with 2 Checkpoint gateways (appliances) in a cluster and a virtual management. I have tried the below both with R77.30 and after upgrading to R80.10 with the same result.

I want to enable the https inspection blad. I have licenses and everything. My computers trusts an internal PKI root CA certificate and I have issued an issuing certificate to the gateways without any issues.

When I activate the https blade everything around https on the clients start to behave strange. It is very confusing. The moment I turn the blade off again everything works as a charm.

I am fully aware that https inspection takes a lot of fine tuning but I haven´t come to that stage yet. Right now, even when I have created a https decryption policy that bypasses *everything* the clients have issues.

In an earlier stage I created a decryption policy only to decrypt traffic from one test-client but the users started to scream instantly. And now I am at a stage where the configuration looks like no https should ever be touched but enabling the blade still breaks user traffic.

As I said above, this is tried both on R77.30 and R80.10.

One thing I have noticed is that the trusted root cert list seems a bit old. The newest trusted root cert is issued 2010! However, the dialogue below the cert list where an automatic update of certs should take place is empty. There never shows up any new trusted root certificates.

At one place in the gui there is a dialoge with three …
what special licensing is required to allow users to use Remote Access Desktop sessions to their office PCs via VPN or portal?  if MS Office is licensed on the office desktop, is there additional licensing required to access that same installation remotely?  after discussing with colleagues, i hear varying answers...  some say a Software Assurance subscription is required for each seat, and others say we simply need RDS CALs...  does anyone know the licensing implications, if any?
I have a lab environment based on vmware ESXi. Part of that is a number of virtual Kali 2017.2 machines that needs to be remotely accessible. Users on internet must be able to access the console GUI of the Kali, the desktop. Security is not an issue since they will use VPN.

I have tried using the built-in tightvncserver but whenever I connect the VM will freeze. I have reinstalled Kali numeous of times but it´s still the same issue. Probably something inside of the Kali distribution and/or my vmware environment that behaves strangely...

I have also tried installing xrdp but it seems not to be available for Kali 2017.2. Also, when reading about it I see that it depends on the same tightvncserver and I don´t think that´s the solution for me.

What other options do I have? I want inbound connection from the clients, which means that all cloud based solutions like Teamviewer is out of the question.

vmware has its built-in remote console application that can be used from vcenter web frontend but it requires both installation of the client software as well as flash in order to work properly so I have ruled that out aswell.

What other options do I have?
If I configure sonic wall tz300 to get WAN ip from Comcast GW DHCP, will I still be able to configure the VPN for remote access?   I am mulling several different topologies, and if this could work this seems like the easiest way.
Concerto Cloud for Software Providers & ISVs
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

We use SCCM 2012 to remote our user computers.
RDP works on all computers but Remote Control only works on some ones.
I check some of these failing computers and SCCM client is installed and the Remote Control setting enable.
If I run "Msiexec /i Client.msi SMSFULLREMOTETOOLS=1" this fix the problem.  Apparently the Remote Tool component is missing in these computers.
Is it a way to fix this problem remotely?
i want FULL permission to a folder located in C:\Windows but have a problem,,when i try to log says: wroong user or pass,why?logged in in RDP with: CTRLWS05\admin2:pass
what domain??
i don't understand, i have administartors rights

someone have a scirpt to do this automatically?
Good morning. I’m trying to mimic a Remote Desktop gateway and session broker without using Microsoft.

We are going to have about 30 windows 10 desktops in azure. I don’t want to setup a RDG/Session broker. I’ve thought about kemp but I don’t know if other options exist.

I would like the user to be able to use RDC and put in the computer name and the gateway. Trying to make it simple.
We have a Windows server 2012 for a small office of 5 users. There is also a retail store as part of the office,  that uses a POS system. We are trying to setup the ability to use gift cards, and for some reason the POS company/tech (that is handling the setup) needs to make it so Remote web access is turned on so they can access the server by browser/IP address, something having to do with setting up gift cards for the retail store. I'm being told from the POS company, that setting up remote web access on the server is only for internal use, and the server will not be accessed remotely. As it is now, if you type the server IP into the browser, you get a message saying "Remote Web Access is turned off - To turn on remote web access..." - So, if I run thru the steps of setting up "remote web access", and its looking for me to purchase/install a certificate, which as far as I knew was related to accessing the server from outside of the office, which isnt needed in this scenario. Are certificates used internally as well? Does anyone have experience in setting this up? Any help would be greatly appreciated.
We have an Access application running on a remote server.  This server is locked down and opens our application at login.  When they exit the application - it runs the Logoff function and takes them back to their local desktop.  

I have put several functions into the Access application that will allow users to logoff - should an issue occur.  However, I do see a possibility of something going wrong and the user not being able to log out.  The Taskbar/Desktop/TaskManager are all hidden, so if something did get to the point where they were looking at a black screen - they would need someone else to log them off of the server, which is not acceptable.

I was thinking of writing a small c# process, that is triggered by the Access application once it has loaded.  It would pass the process ID the the c# app, which would then monitor the process ID, to see if it's still running.  If not (i.e a crash has taken place), it would log the user off.

Is this a good idea, and as I'm pretty new to c#, does anyone have any pointers (or better suggestions)?
Hi Experts,

Please advise which will be more secure, SonicWALL SSL VPN or MS Terminal Server for accessing internal application server remotely.


Remote Access





Remote access may refer to the connection to a data-processing system from a remote location, for example through a virtual private network remote desktop software, terminal emulation, or the activation of features of a business telephone system from outside the business's premises.