Remote Access





Remote access may refer to the connection to a data-processing system from a remote location, for example through a virtual private network remote desktop software, terminal emulation, or the activation of features of a business telephone system from outside the business's premises.


I have a forest trust between 2 domains. In domain A i have a RDS with a rdgw configured. I want users from domain b to be able to run remote apps on domains 1 RDS collection.
Users from domain b are able to log in to the rdweb, but when i run an app i get the following error
And in the NPS logs (that is on the rdgw server on domain 1) i get the following output:

Network Policy Server discarded the request for a user.
The Network Policy Server was unable to connect to a domain controller in the domain where the account is located. Because of this, authentication and authorization for the RADIUS request could not be performed.

I have added a user group from domain b to the able to authenticate to the rdgw and the RDS collection. So i dont really now why its not working
work for a medium size company.  We have a 5508x firewall with IPSEC Remote Access VPN setup on it and an AnyConnect setup too.  These work fine when an individual client logs in with client software.  
We have a remote warehouse that uses the VPN buy logging the same – as a client.
Sometimes they complain about the speed.  We were thinking if we bought a RV260 Remote VPN router that we could just put it at the warehouse and enter our public address and a few credentials and this would improve the speed and simplicity.  It is not that simple.  So, I have some questions.
Do we need two remote VPN routers, one at the main office and one at the warehouse?  Then, do we need a separate Internet connection?  Does the ASA act as the VPN router on our side?  
I have a simple guide to setup the VPN router, but I unclear about the general setup.
Do I need to setup a site-to-site tunnel , which I don’t know how to do?  I barely understand the IPSEC, IKE, Duff-Hillman, AES-192, etc.   I imagine both sides have to match?
Anyway, I am not very clear on how the device functions.  Do I need two, do I need to attach one to the firewall, what’s the general idea of how this works?  Could someone give me a quick bird’s eye overview?
Installed networked printers on Windows 2016 server shared printers.  Then used Print Management to deployed shared printers to RDS 2016.  When a user logged to RDS, the same shared printer showed up more than 1.  It came back after deleted it.  How do I prevent this from happening?

Thank you
Hi, I am hoping someone can help.

 I have a DC in AWS running Server 2019. I have installed routing and remote access onto to enable people to VPN in. I have installed routing and remote access before with no issue, but never with AWS.


MS VPN Only - not NAT
MS Firewall on / off - no change
AWS Ports open in security group (1723, 500, 4500) - also tried all ports opening
MS EAP & MS Chap2 enabled
MS Network policy checked, nothing obvious
MS Firewall log shows accepting connections from 500 & 4500 but nothing else
AWS Source / Destination check turned off

When trying to connect, just times out.
Replicated settings (the best I could on a 2016 server on test bed - not AWS) works fine.

Two errors found in MS logs:

The Secure Socket Tunneling Protocol service could not be configured to accept incoming connections. The detailed error message is provided below. Correct the problem and restart the SSTP service. Access is denied.


CoId={FF5DF464-E1D4-6134-CD72-E0129DDF54A2}: The following error occurred in the Point to Point Protocol module on port: VPN2-127, UserName: <Unauthenticated User>. Negotiation timed out

Going out of my mind with this, any ideas?
8 Microsoft RDS Hosts and 1 Connection Broker -User Disks are held as VHDX Files based on account SID  

recently we have had users unable to login or with a Temporary Profile -

The problem is quite similar to this

We have cleared the registry of any .bak files and rebooted

I've been trying numerous suggestions found on Experts Exchange and other forums, but have not been able to eliminate this issue yet.

Server 2012 R2 "The User Profile Service failed the sign-in.  User profile cannot be loaded.”  after imaging server from backup.
   System specs are Xeon X5670 2.93ghz and 64 GB RAM and about 25 users logging in via RDS.

Log seems to indicate it is error 1505, 1508, and 1509
    Windows cannot load the user's profile but has logged you on with the default profile for the system.
     DETAIL - Insufficient system resources exist to complete the requested service.
    Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.
    DETAIL - The process cannot access the file because it is being used by another process.
    for C:\Users\[user]\AppData\Local\Microsoft\Windows\\UsrClass.dat

   Windows was unable to load C:\Users\[user]\AppData\Local\Microsoft\Windows\\UsrClass.dat.

   Happens usually when users login after the weekend.  A server restart from the Admin account clears out the error.  We have
   not been able to recreate the error as of now.

Attempted Fixes:
   1. Changed permissions on c:\Users\Default to "Replace all child object permission entries with inheritable permission entries
   from this object"

   2. Ran DISM to cleanup image - image health was restored.

   3. Ran system file …

 I have SBS2011 network and I connect to my work PC from home using remote desktop connection. In Remote desktop RD Gateway server settings, I enter "remote.domain_name" that points to public static IP address of the office network and that has been working just fine. In my internet router, Port 443 is forwarded to IP address of SBS2011 server -

 Now the situation:

 I am in the process of migrating SBS2011 to Windows Server 2019. As first part of process, I created a couple of new domain controllers - DC1 and DC2 - to current SBS domain, but I have NOT transferred   FSMO roles to DC1 yet and I still have as Preferred DNS server in TCP/IPv4 properties.  

  Today, I wanted to install RD Gateway in DC1 and see if I can connect to my office PC via DC1 instead of SBS2011 and I did the following:

 1. Since was already used by SBS2011 certificate, I created a new sub domain "" and pointed it to the same public static IP address.
 2. I installed RD Gateway role in DC1
 3, After creating SSL certificate using  Certifiytheweb, I opened Remote Desktop Gateway Manager, imported the certificate and created RD CAP and RD RAP policies.
 4. In my internet router, I changed IP address port forwarding from SBS2011 to DC1 on port 443 & 80.  (Although only port 443 was forwarded to SBS2011 currently in the router, but in the past whenever I set up RD Gateway Server in other W2019 Server networks, I …
Windows server 2016 essentials - access anywhere - RDP to server
wants to run the dashboard instead of full RDP session to server.
We have a 2016 RDS terminal server environment. We set Outlook to work for all users off of cached Exchange mode, but no we can see that some users are missing unread emails that are older than a week. To explain it another way, whenever the click on their Unread view they are only seeing emails from the current week and not past weeks. If they then search for a user under Unread they see all the unread emails from that user.

Do you know what could be causing this?
Dear Experts,

I installed the RDS services and I created the site, all went well but now I want to publish RDP for different servers and I do not how to do this. Right now I only published the RDP file with the current server that the RDS is on. Can you please let me know how to publsh the RDP files , I created serveral RDP files for those server but when I publish them I have few issues.

1. The RDP icon does not show up.
2. When I click on the ICON I get a message the server is not found.
I just began to test users connecting via Remote Desktop.  

When I log in as a user they can see all the folders, but cannot access the ones they do not have permission to.

In Active Directory they cannot see the folders they do not have access to.

I have ABE set correctly but users can still see the files

Access Based Enumeration

Until recently I was able to right click on the users in
Remote Desktop Services > Collections > Connections and either select Disconnect, Send Message, Shadow, Log Off

I now get these errors:

Trying to log off a disconnected user:
Unable to disconnect session 0 on

Trying to send a message to a user:
Unable to send a message to session 0 on

Trying to Shadow a user:
Failed to enumerate sessions on server Error 1722

Any suggestion on how to fix?

I finally have had it with LogMeIn sticking it to us.  I tried Splashtop as a replacement and that works fine, but weirded me out, being a Chinese funded company.  Finally landed on RemoteToPC and that seems to work fine, and, it is a US based company.  Can any of you tell how secure it is?  I am using the 2 factor authentication, but wonder about other area that I have no idea how to check.

Got a rather odd situation here.

There is three servers and the setup is this -
2019 Domain Controller
2019 Connection broker running RD Gateway and RD licensing server
2019 Remote desktop session host

This is a brand new environment setup from scratch. The 2019 1809.2 ISO was used for all Windows installation.

When I open up RD licensing diagnoser on the RDSH, it thinks that my session host is running 2016 when there are no 2016 servers anywhere (attached screenshot). The same thing happened to all 2019 environments I've come across so far as well. All relevant regkeys, group policies, etc are pointing the session hosts to use the correct RD licensing server. In all cases, the RD licensing servers are issuing 2019 RDS user CALs correctly as well.

We have done hundreds of RD environment setups with 2012 and 2016 before and had never encountered this. Our RDSHs are all domain joined.

I've done some Googling already and looks like I'm not the only one seeing this, but I can't see any solution so far. Is this a new bug with 2019?
I built a RedHat server in AWS that runs an application that has 3 IPs and 3 URLs (1 URL per IP), in ifcfg-eth0 I have the config listed as:


I had it working for some time, but for whatever reason I can't access the RDS database anymore, and not sure what happened to the server.

I can ping externally ( but when I try to ping the RDS which is 172.30.72.x network, I get no route to host, when it used to work.  Thoughts?

Here' the scheme

3 interfaces
DMZ (Wifi public access)

Is it possible to configure  VPN  for remote access for a client PC located in the DMZ to the outside interface so it can access a server in the Inside

If so any example ?
I need recommendations for best desktop configuration for video editing.
preferably branded HP/Dell in INDIA.

My requirements:
- Ability to do video editing for our company activities.
- We will work on 4k editing as well
- Ability to run multiple softwares for video and photo editing
- Ability for ssd, we also want to use this as a backup system for our entire office data.
- I should be able to give remote access to engineers from remote location
- should be able create vms to install ubuntu vms and give remote access to allow.

Its a 2 priority question one for video editing capability with huge storage capability and other should be powerful enough to allow VMs to work
I have window login credential like below.


I have password for this machine how can i login in to this windows  is that via remote desktop if yes what ip or computer i use?

Looking for a group conference call system where 10 people can ask questions to the presenter in an orderly way - any recommendations?  Can be paid or free.  It will be used for business meetings.  The conference call system needs to allow raised hands for questions to be seen by the whole group not just the organizer.  I would appreciate your help.  Thank you
Coming back to this, a while ago i was looking to set up a  2016 RDS farm.

  • We do not want staff to access the terminal server or apps directly externally.
  • We want them to authenticate via VPN first.

Internally we have modified a RDP shortcut that connects staff to the RD session host via the RDS broker. And that works as fine if they are already in the system. But this option is not viable for the remote users. We are using Barracuda SSL VPN and it has a built in RDP client within itself. I see no way to edit the built in RDP client or upload a custom RDP client. If we put in the RDS broker address in the built RDP client users will not get redirected to the RDS session hosts instead they will be logging onto the broker itself.

the other option is to bypass the broker completely, we'll leave everything as is but we take the load balancing over to our physical LB and have it to decide which RD session host clients will be redirected to. While it may not be the ideal setup i do not see any adverse effects unless I'm missing something.

Currently RDS Web access, Gateway, Broker & licensing is installed on 1 server. Host session is on another server.
I have done an upgrade on a RD Server from 2008R2 to 2012R2.  Since the upgrade no clients are able to start the remote app using the downloaded remote app link from the internal website.  

A user is able to start the app link, it request credentials, then it returns a remote computer can not be reached error.

The same user is able to connect using the standard RDP connection and can start the program from the remote desktop.  The error only happens with the published remote app link.
Hi Experts, need to secure connection to a RDS server from users accessing it via RDP. I was thinking of going the SSL route. This is a one server 2019 RDS environment with all roles on it - RD Gateway, Host session etc. What I needed to know is which role will require the SSL cert? Do I need to generate CSR from IIS? Users will be accessing the server via domain name - and then click on RDP to access. There is no chance of having VPN since all users are remote and client does not want to setup a VPN solution

Local domain matches external domain -
DFL and FFL - 2019

Thanks in advance
Problem: Windows 2012 Server Hyper-V VM slowly has a delay in name resolution both internal and external. Example: If I ping, or the local DC there is a delay of about 12 seconds before responding. If I ping the ip addressee directly the response is immediate. I first thought it is a dns problem however, nslookup resolves any request instantly. I also tried making host table entries which also are delayed. Rebooting tends to resolve the issue but the delay time slowly builds up to a point where Outlook will time out when connecting. This results in RDS users not being able to connect to Office365 Exchange server impacting business.

The environment is a VM Running on a Windows 2016 Hypervisor with 4 onboard gigabit network ports teamed to a single dynamic network card.
Good evening experts,
     I am looking for a way to automate the log off of any users on an RDS Session Host whose username contains the word kiosk. There are many variations of the kiosks but all contain the word kiosk. We need this in preparation for evening maintenance. Below is a batch script I have been working on. Basically it checks for any kiosks being logged in. If there are any it goes to the section I am writing about. If not it continues to another check for any ACTIVE users. If there aren't any it restarts the server. If there are it just quits. Any help you can offer would be appreciated!

@echo off

quser | find "kiosk"
if %errorlevel% == 0 GOTO LOGOFFKIOSKS
if %errorlevel% == 1 GOTO CONTINUE

quser | find "kiosk"
if %errorlevel% == 0 {something to logoff kiosks}
if %errorlevel% == 1 GOTO CONTINUE

quser | find "Active"
if %errorlevel% == 0 GOTO END
if %errorlevel% == 1 shutdown /r /f /t 1

we have put in a new domain controller for a client so we can decommission their old one, and they also have an RDS server.  the RDS needs to change domains.  i tried it and then i got an error in server manager on the RDS saying "the following servers in this deployment are not part of the server pool.

can anyone assist on how to resolve this so the RDS can work as it should with the new domain controller?

i have attached a screenshot of the error message.  Capture.jpg

Remote Access





Remote access may refer to the connection to a data-processing system from a remote location, for example through a virtual private network remote desktop software, terminal emulation, or the activation of features of a business telephone system from outside the business's premises.