Internal computers not accessible in RDWeb

When I tried to configure my Remote Desktop Web Access on Server 2012 I had a problem. I was unable to connect to the internal computers (they were not accessible on the network).
This is happens because RD Gateway configuration is missing (picture).

You can solve this issue in two ways. The first way is simply by typing RD Gateway in the IIS configuration. To see the configuration you have to open IIS and navigate to Sites > Default Web Site > RDWeb > Pages > en-US (or other language). There you have to click on Application Settings and write the public name of TS Gateway to the variable Default TS Gateway. You can also change some other setting like GatewayCredentialSource and others, but be careful.
The second way to correct this issue is editing web.config in the folder C:windowsWebRDWebPagesen-US. Here you can manually add TS Gateway. Web.config will look like this:
<?xml version=”1.0″ encoding=”UTF-8″?>
        <remove key=”PasswordChangeEnabled” />
        <remove key=”DefaultTSGateway” />
        <add key=”DefaultTSGateway” value=”” />
        <add key=”PasswordChangeEnabled” value=”true” />
After this change, try to connect to the internal computers. They should work..

Installing applications on terminal server

In many cases I still see, that administrators don’t install applications for publishing on terminal servers correctly.
I want to tell you once again, that the right installation of those applications is a crucial point for good working in Remote application mode. Here is the right way how to prepare the environment to install those applications from command prompt:

  • Before the installation, you must enable the “installation mode” with the command change user /install. This has to be executed from elevated command prompt.
  • Install the application (from command prompt …).
  • After you installed the applications successfully, you have to return into “running mode” with the command change user /execute.

Of course, you can also install applications true Control Panel and Add programs. This is also a right way to install applications..

Migrate RDP License server to Server 2012

One of the things we have to do when we upgrade our server environment, is to migrate licenses for the RDP clients. This job is done by the RDP Licensing server. I want to explain the process of migrating licenses from Windows Server 2008R2 to Server 2012.

The process is easy, but before you start the migration, is necessary to have the documentation for all licenses (you need authorization numbers or keys during the migration process).
The first step is the installation of the RDP Licensing role in Server Manager true Add Roles and Features Wizard.

Here you have to select Role-based or Feature-based installation and in the Server Role step you have to check Remote Desktop Services.

Later, on Remote Desktop Services, on the step Role Services, you have to check Remote Desktop Licensing (of course you can check also other functionalities if you need them).

Complete the wizard.
In the Server Manager menu Tools, Terminal Services, open the Remote Desktop Licensing Manager, right click on the installed server and select Activate server.

Add your data and complete the activation wizard.
The next step is transferring the licenses from the old server to the new one. To do this, you have to right click on the newly installed server and select Manage Licenses.

This will open the Manage licenses wizard. As the first step, select Migrate licenses form another server to this license server and select the reason (in most cases is The source server is begin replaced by this license server). Click Next.

In the next step, you have to identify the old, decommissioned server, by typing his name or IP address. Click Next.

At this point, you need to type your keys or agreement number and confirm the licenses with the Add button. When you have added all your licenses click Next.

The wizard will transfer your licenses to the new server. At this point you are ready to unauthorize and uninstall the old server..

Applications are not visible in RDWEB access

Sometimes applications can not be visible in Remote desktop web access. It looks that they are deployed and published correctly, you are able to connect to them via Remote app. In these cases I found mostly two different problems:
First problem
Server, that is hosting the RD Web application website, is not a member of Windows Authorization Access Group. RD Web Access server directly queries the servers and filters the retrieved list of RemoteApp programs based on the ACLs and needs permissions to do that. To solve or control this settings do the following steps:

  • Open the Active Directory Users and Computers, expand the console and find the name of RD Web Access server.
  • Right-click on it and select Properties, then in Member Of tab, add the Windows Authorization Access Group.

Second problem
Security settings in WMI control are not correct. Also this issue is easy to fix:

  • On the server, that is hosting RD Web Access, open start menu and run WMIMGMT.MSC.
  • Right-Click on WMI Control (Local) and select Properties.
  • Expand Root, CIMV2 and click on TerminalServices.
  • Click on Security and look for TS Web Access Computers (COMPUTERNAME TS Web Access Computers).
  • If TS Web Access Computers group is not present, then add it.
  • Add the Execute Methods, Enable Account and Remote Enable rights to this group.

After this check the RD Web Applications in most cases work.

Future reading:

Install Terminal server on Windows Server 2008R2 DC

For the first thing, I want to underline that installing a terminal server on a domain controller is not a best practice and is not a very good idea. But in some cases, in small environments, where you have maybe only one or two servers, you have no choice and you must to do that.
It’s not a problem to install a rule, but you will have a problem when you will try to logon through terminal services with a user who is not an administrator. There you will receive the error that this user is not the administrator and it has no logon true terminal services rights. On a non-DC server, this is simple to solve in local users and groups console, but this users and also the console is disabled on a DC.
You must do that in gpedit.msc. There you have to enable Allow Logon through Terminal services right to the desired group of users (look at the picture).


You must think also about the printing issue. There is a security issue on Spool folder, because the user does not have sufficient rights on it. To solve this problem, you must open a Command prompt as Administrator and go to the folder C:WindowsSystem32spool. Here you have to run the command Cacls.exe PRINTERS /e /g users:C and restart the computer. Now you are able to print.

Good luck..