Author Archives: RiptideHosting

Deleting a user profile on Windows Server 2016

Follow this two-step process to delete a user profile in Windows Server 2016 in workgroup mode:

  1. Go to advanced system settings (sysdm.cpl), advanced tab, click on settings in the user profiles box (middle of screen), under “profiles stored on this computer” click on the user profile you want to delete and press Delete.
  2. Then go into Computer Management, Local Users and Groups, Local Users, and select the user you want to delete and delete it.
  3. Reboot and confirm that user no longer exists in User Profiles, Computer Mgt, and c:\users.
  4. Note: If you only delete the username in Computer Management, the user will continue to shot up in advanced system settings in user profiles (label changed to unknown) and the c:\users\username folder should still exist. If you only delete the username in User Profiles, the c:\users folder should be gone but the user account will still show up in Computer Management.  This is why you should perform both steps to delete User Profile in Advanced System Settings first, then User account in Computer Management.

See this link from Microsoft:  https://support.microsoft.com/en-us/help/2462308/delete-a-user-profile-in-windows-server-2008-and-later

Logging off users on Windows Server 2016 with Remote Desktop Services

You may want to see which users are logged on to your Windows 2016 Server at any given time and may want to logoff a user. Users can be “active” on a server or in a “disconnected” session status which means they disconnected from the server but didn’t log off.  Since disconnected sessions continue to utilize server resources, we recommend you enable a group policy to log off disconnected sessions automatically after a specific time period such as 5 minutes or X hours – easiest method is to enable a group policy to set session time limits for all users as follows:

  1. Cmd prompt, gpedit.msc
  2. Computer Configuration, Admin Templates, Windows Components, Remote Desktop Services, Remote Desktop Session Host, Session Time Limits
    1. Enable appropriate group policies and modify as needed
    2. We recommend setting this one because it will prevent disconnected sessions from consuming server resources — “Set time limit for disconnect sessions”
  3. After modifying group policies, you can force an update without rebooting by typing “gpupdate /force” at cmd prompt

 

By default, we now release Windows 2016 Servers with the disconnected session limit set at 5 minutes.  We strongly recommend keeping this group policy at 5 minutes or change it to another time amount that you want.  We don’t enable a default policy to log off “idle” sessions after X period of time but it is recommended that you enable this at X hours or X days.

To see detail on each users session (how long it has been active, if disconnected or idle, etc.), you can open a command prompt and type in “quser” which will show each user with session stats.

We haven’t seen this happen very frequently, but if a user logs on to the server and the screen remains black, it is likely because the user has an existing disconnected session that has not be fully logged off. To resolve this, log into the server as an Administrator and log off the User’s disconnected session.  When the User logs in again, they should see their full desktop session without any issues.

Steps to view and log off users:

  1. Login as Administrator or account with administrator rights
  2. Open Task Manager by right clicking the bottom tool bar
  3. Click on “More” or “Detail” to view all tabs of Task Manager
  4. Go to the “Users” tab which will show the users that are logged on the server
  5. Right click on a username and select “Log Off”
  6. Task_manager_log_off_users

We recommend that users be educated to log off from the server when their tasks are completed (start, click on username, select log-off or sign-off) instead of just disconnecting the session by clicking the X in the upper right corner which doesn’t log the user off and only disconnects the session.

How to Shadow a user’s remote desktop session on Windows Server 2016 in workgroup mode

This post is about how to shadow a user session if the Windows Remote Desktop Server is not connected to a domain. If the server is connected to a domain, you can go to server manager, RDS Manager, and right click on current sessions to shadow and connect. When the server is in Workgroup mode (not connected to domain) the Remote Desktop Services Manager page is not accessible in Server Manager. To shadow another user’s sessions in Windows Server 2016 in Workgroup mode, use the following steps:

1) Open command window by clicking start, CMD. You must be using an account with administrative privileges. If you are using an account with administrative privileges that isn’t the named Administrator account, you must run in administrator mode (right click on cmd and click run as administrator)

2) Type quser.exe to determine the session number of the user session you want to shadow.
C:\Users\administrator.computer>quser.exe (note: typing “>qwinsta” without .exe will show similar information)
USERNAME SESSIONNAME ID STATE
administrator rdp-tcp#0 1 Active
user1 rdp-tcp#1 3 Active

3) In this example, the Administrator is going to shadow the user1 session which is session 3. You need to know the session number (“3”) for the next step.

4) Start shadow session by typing “mstsc /shadow:# /control” where # is the session number to shadow and /control allows you to control the session.
C:\Users\administrator.computer>mstsc /shadow:3 /control

5) The other user (user1 in this example) will get a popup called “remote control request” and must press Yes before shadow session will open.

6) The shadow session will open and you’ll be able to view the user1 session desktop screen.

IF YOU WANT TO SHADOW A USER SESSION WITHOUT NEEDING THEIR CONSENT FOR THE SHADOW SESSION TO OPEN:

  • Enable the following group policy by going to gpedit.msc and then Local Computer Policy, Computer Configuration, Administrative Templates, Windows Components, Remote Desktop Services, Remote Desktop Session Host, Connections.
  • Enable the setting “set rules for remote control of Remote Desktop Services user sessions” and select the option for “Full Control without user’s permission” in the dropdown.
  • Reboot the server to make the group policy take effect (or open elevated command prompt and type in gpupdate.exe /force)
  • Then using the same command as in the section above add “/noconsentprompt” like this:
  • mstsc /shadow:3 /control /noconsentprompt
  • It will still prompt the user to authorize control but if they don’t within 5-10 seconds, the shadow session will open even without their authorization.

Deploy your MS Access Database, MS Access Application online to the cloud with Remote Desktop Services (terminal services)

The quickest and easiest method to move your MS applications/databases online (to the cloud) is to deploy it on a hosted Windows Remote Desktop Server.  We have been providing terminal server (remote desktop) hosting solutions for over 15 years.  Most clients are able to deploy their Access application on a Windows Server with Remote Desktop Services within a few hours.  Contact us and to discuss your options, pricing, MS licensing, etc.

As previously announced by Microsoft, Access-based web apps (Access Web Apps) and Access web databases in Office 365 and Sharepoint Online were shut down last month (April 2018).  See link here:  https://support.office.com/en-us/article/Access-Services-in-SharePoint-Roadmap-497fd86b-e982-43c4-8318-81e6d3e711e8?ui=en-US&rs=en-US&ad=US

You can also review our pricing calculator here:  http://www.riptidehosting.com/Remote-Desktop-Hosting-Pricing.aspx

When comparing options for hosting your Access application online, ask the hosting provider if it will be a Windows Server with Remote Desktop Services or if they are hosting the Access application on a Sharepoint server.  We do not provide hosting services on Sharepoint.  If your MS Access application has VBA coding, it may not work in a sharepoint environment.  You should also ask if your application is hosted in a dedicated OS environment (dedicated VM for you) or if it is on a shared server environment.

RDP authentication error due to CredSSP encryption oracle remediation after May 2018 Windows Updates

 

If you are getting an error using RDP to connect to a Windows Server and error say “Remote Desktop Connection: An authentication error has occurred.  The function requested is not supported. This could be due to CredSSP encryption oracle remediation”, this is because you are connected from an unpatched client to a patched server or a patched client to an unpatched server.

To fix this issue, install the May 2018 Windows Updates on both the server and the local PCs.

Microsoft has been patching a vulnerability in RDP/CREDSSP with the patches released this month (May 2018) and previous month or two, and as of the May 8 updates, it requires BOTH the client PCs and the Windows Server to both have the May patches installed.

Below is a link about it but best is to apply the patches….
https://blogs.technet.microsoft.com/yongrhee/2018/05/09/after-may-2018-security-update-rdp-an-authentication-error-occurred-this-could-be-due-to-credssp-encryption-oracle-remediation/

 

UPDATED 5/10/2018 –

Additional links discussing this issue below.  Best approach is just install Windows Updates on both Servers & Client/local PCs  and everything should work.  If you are unable to patch your server immediately, there are some suggested workarounds (registy/GPO modifications, disable NLA (not recommended due to lower security), etc.  We strongly recommend you apply the May 2018 Windows Updates.

https://blogs.technet.microsoft.com/askpfeplat/2018/05/07/credssp-rdp-and-raven/

https://community.spiceworks.com/topic/2120195-get-patching-cve-2018-0886-credssp-flaw-in-rdp-affects-all-versions-of-windows?page=3

 

Adjusting Server Manager settings on 2016 so it doesn’t automatically start upon login

Adjusting Server Manager settings to it doesn’t automatically start upon login (or turn it back on)

Update: the steps below for modifying auto-start for server manager within the server manager GUI will only affect the user account under which it is being set.  To change the auto-start behavior for all users to not automatically start, you can enable a group policy by going to gpedit.msc, local computer policy, computer configuration, administrative templates, system, server manager, enable the policy for “do not display Server Manager automatically at logon”.

For Windows Server 2016: You may want to adjust the settings for Server Manager so that the Server Manager window opens automatically (or doesn’t open automatically) when logging into a Windows Server 2016 desktop session via RDP. You may want to turn it off so that it doesn’t consume resources during login or if it isn’t useful to users.  You can follow the steps below to turn auto-start on or off.

Open Server Manager by clicking the Server Manager icon on the bottom taskbar right next to the start button or clicking start and type “server manager” or look at tiles under start button.

  1. Under the “Manage” drop-down in upper right corner, select Server Properties, then click the box by “Do Not Start Server Manager Automatically…” (or uncheck it is you want it to start automatically upon login)
  2. You can always open Server Manager by clicking on the icon in the task manager next to the start button that looks like a toolbox

ServerManager

MS Access Services retired in Office 365 and Sharepoint Online – Look at MS Access Hosting with Riptide Hosting

 

Microsoft announced earlier this year that  Access-based web apps and Access web databases in Office 365 and SharePoint Online will be shut down by April, 2018.  See link here:

https://support.office.com/en-us/article/Access-Services-in-SharePoint-Roadmap-497fd86b-e982-43c4-8318-81e6d3e711e8?ui=en-US&rs=en-US&ad=US

This does not affect Access Desktop databases (.accdb).

One alternative you should consider is use of a Windows Remote Desktop Server with Access or Access runtime installed.  Riptide Hosting has been providing terminal server (remote desktop) hosting solutions for over 15 years.  Contact us to discuss pricing and options. 

No Remote Desktop License Servers available

Terminal Server Remote Desktop the remote session was disconnected because there are no remote desktop license servers available to provide a license

The fix we have used for “the remote session was disconnected because there are no remote desktop license servers available to provide a license” on Windows Server 2012 is to have the server look for the IP of the license server and not the server name.

For a single Remote Desktop Server which Is NOT connected to a domain setting the group policy “Use the specified Remote Desktop license servers” to the IP address of the server instead of the server name fixes the connection error.

To change this setting to the IP we use GPEdit.msc

Browse down to the key under:

Local Computer Policy
–Computer Configuration
Administrative Templates
Windows Components
Remote Desktop Services
Remote Desktop Session Host
Licensing

Then in right hand pane – double click “Use the specified Remote Desktop license servers”

This should be “enabled” and in the text box under “License servers to use”  enter the IP of the server “xxx.123.123.123”

We then forced a Group Policy restart and also rebooted the server AND it still took about 20 minutes before the users could again login to the Terminal Server / Remote Desktop Server.

This assumes you have licensing installed and configured for your Remote Desktop Users.
Including “Specify the licensing mode for the RD Session Host Server” as Per Device or Per User.

No Remote Desktop License Servers available

the remote session was disconnected because there are no remote desktop license servers available to provide a license

How to modify timing of Windows Updates in Windows Server 2016 to control timing of updates and restarts

Our standard template for Windows Server 2016 enables a group policy to automatically download, install and apply (restart if needed) Windows Updates classified as important on a nightly basis around 3am.  You can modify and confirm the setting as shown below.

Modify the group policy settings located here. Open Local Group Policy Editor by typing Gpedit.msc. Go to: Computer Configuration / Administrative Templates / Windows Components / Windows Update.

  1. Enable the “Configure Automatic Updates” group policy. Use value of 4 for auto download/install. Select the scheduled and time (screenshow below shows every Monday at 3am; we usually use Every Day at 3am). Do NOT check the automatic maintenance box.
  2. Enable the “Always automatically restart at the schedule time” group policy. This will allow reboots/restarts approximately 15 minutes after the updates are installed. NOTE: The restart timer can’t be postponed once started and a restart will occur even if users are signed on.

SCREENSHOTS BELOW:

Installing .net 3.5 on Windows Server 2012 R2

You can follow the steps below to install .net 3.5 on a Windows Server running 2012R2:

  1. Insert Windows Server 2012R2 installation media into DVD-rom (Riptide will have to do this for your remote server)
  2. Follow instructions on this link and as described below https://technet.microsoft.com/en-us/library/dn482071.aspx?f=255&MSPPError=-2147217396
  3. Open Server Manager, add Roles and Features
  4. Select .NET Framework 3.5 Features
  5. On the “confirm installation selections” screen, click on the “specify alternative source path” link at bottom of screen
  6. Type in d:\sources\sxs
  7. Install
  8. Remember to remove the installation media DVD (Riptide will have to do this)

Azure RemoteApp discontinued – use Riptide Hosting as alternative to Azure RemoteApp and Citrix

Azure RemoteApp discontinued – use Riptide Hosting as alternative to Azure RemoteApp and Citrix

Microsoft announced this month that it is discontinuing its Azure RemoteApp service and no new purchases will be available after October 1, 2016. Here is a link to their announcement

Azure RemoteApp shutting down

Riptide Hosting provides Remote Desktop (Terminal Server) Hosting using Windows Server 2012 R2 (soon Windows Server 2016) with Remote Desktop Services for publishing user customizable desktop sessions or RemoteApps.   We have several options for delivering cloud hosted remote desktops and applications and can include monthly licensing for Windows Server, RDS user licenses, MS Office, SQL Server and more.  You can start with as little as 2 users (not 10 or 20 users minimum as with other hosting provders).  Give us a call or email and we will talk with you regarding your specific situation.

Logging off users on Windows Server 2012R2 with Remote Desktop Services

You may want to see which users are logged on to your Windows 2012R2 Server at any given time and may want to logoff a user. Users can be active on a server or in a disconnected session status which means they disconnected from the server but didn’t log off.  Since disconnected sessions continue to utilize server resources, we recommend you enable a group policy to log off disconnected sessions automatically after a specific time period such as 1,2,4, or 8 hours – see our blog post here on how to enable this group policy http://www.RiptideHosting.com/blog/how-to-set-time-limit-for-disconnected-sessions-windows-server-2012r2/

We haven’t seen this happen very frequently, but if a user logs on to the server and the screen remains black, it is likely because the user has an existing disconnected session that has not be fully logged off. To resolve this, log into the server as an Administrator and log off the User’s disconnected session.  When the User logs in again, they should see their full desktop session without any issues.

Steps to view and log off users:

  1. Login as Administrator or account with administrator rights
  2. Open Task Manager by right clicking the bottom tool bar
  3. Click on “More” or “Detail” to view all tabs of Task Manager
  4. Go to the “Users” tab which will show the users that are logged on the server
  5. Right click on a username and select “Log Off”
  6. Task_manager_log_off_users

We recommend that users be educated to log off from the server when their tasks are completed (start, click on username, select log-off or sign-off) instead of just disconnecting the session by clicking the X in the upper right corner which doesn’t log the user off and only disconnects the session.

Create RDP Shortcuts for users to login to Windows Server

Users can create a shortcut on their desktop to the Remote Desktop Connection Client on their local PC to make it easier to login to their remote server. The shortcut can include customization like enabling printer redirection, enabling clipboard (to copy and paste between the server and local PC), hard drive redirection and more.  You can also choose to save your username so you don’t need to enter it each time.

If you are the local IT admin and want to make it easier for your users to login to their remote desktop session on the remote server, you can create the RDP shortcut for each of them on their local PC or create it on your PC and provide it to them to save on their desktop. This assumes that the users are on the same version of Windows/RDP.

Steps to create a shortcut on your desktop to your local Remote Desktop Connection Client:

  1. On your Windows PC, open your local remote desktop connection client by clicking the start button and typing mstsc, or browsing to the program in start, all programs, accessories, remote desktop connectionLocal_Remote_Desktop_Connection_Client
  2. Click on “Show Options” to view the settings that can be modified/customized.
  3. On the General Tab, you can enter the computer name field as the IP address of the remote server or dns name if setup. You can also enter the username if you want it to be saved. Do not click “save as” yet as you will want to make additional selections first and then come back to the general tab to “save as” the shortcut to the desktop.
  4. On the Display Tab, you probably want to keep it as Full Screen.
  5. On the Local Resources tab, you have several important options particularly in the “local devices and resources” section. Most users will want to make sure the boxes are checked by both Printers and Clipboard which will allow you to print to you local printer and copy and paste files between your local PC and the server. Under the “More” settings, you can select whether to redirect your local c: drive which will then show up in windows explorer on the server to make it easy to move files between your PC and server. We typically don’t recommend that you redirect your hard drives by default in the shortcut because it utilizes additional resources and bandwidth (and you can easily move files using clipboard – copy/paste instead), but rather you can redirect your hard drive only when necessary by changing the setting prior to connecting. If you intend to move files between your PC and server frequently, then you make want to redirect your c: drive by default.Local_Remote_Desktop_connection_client_Local_Resources
  6. After you have made your selections (usually you can leave the defaults on the remaining tabs), go back to the General Tab and click “Save As”, enter a shortcut name of your liking, and make sure to select your Desktop as the destination for the shortcut. (If you select “Save” instead of “Save As”, your choices will overwrite the default remote desktop connection profile on your local PC.) After saving it to your desktop, you should now see the shortcut on your desktop for easy access!
  7. We also have a video on creating RDP shortcuts that you can review:  https://www.youtube.com/watch?v=iLKSMcIrfqE

Adjusting Server Manager settings on 2012R2 so it doesn’t automatically start upon login

Adjusting Server Manager settings to it doesn’t automatically start upon login (or turn it back on)

Update: the steps below for modifying auto-start for server manager within the server manager GUI will only affect the user account under which it is being set.  To change the auto-start behavior for all users to not automatically start, you can enable a group policy by going to gpedit.msc, local computer policy, computer configuration, administrative templates, system, server manager, enable the policy for “do not display Server Manager automatically at logon”.

For Windows Server 2012R2: You may want to adjust the settings for Server Manager so that the Server Manager window opens automatically (or doesn’t open automatically) when logging into a Windows Server 2012R2 desktop session via RDP. You may want to turn it off so that it doesn’t consume resources during login or if it isn’t useful to users.  You can follow the steps below to turn auto-start on or off.

Open Server Manager by clicking the Server Manager icon on the bottom taskbar right next to the start button

  1. Under the “Manage” drop-down in upper right corner, select Server Properties, then click the box by “Do Not Start Server Manager Automatically…” (or uncheck it is you want it to start automatically upon login)
  2. You can always open Server Manager by clicking on the icon in the task manager next to the start button that looks like a toolbox

ServerManager

VDI, Desktop as a Service (DaaS), Hosted Desktop and Remote Desktop Hosting

Summary – Hosting desktops in the cloud goes by many names and can be setup in several methods depending on your needs.  As you can see below, some setups can be costly from a Microsoft licensing perspective and some setups are better if you wish to share applications among users or alternatively have a completely isolated virtual machine for each user.  As a hosting provider in the Microsoft SPLA program, Riptide Hosting can provide Windows Server and Remote Desktop Services (RDS) user licenses but not Windows Desktop (Windows 7,8,10) licensing.  In the discussion below, you will see that Windows Server with RDS for individual user desktop sessions can be a very cost effective solution to provide users with a customizable desktop session and ability to share applications between users.

Method 1: Remote Desktop Services on Windows Server – You can utilize a Windows Server OS (2008r2/2012r2) with Remote Desktop Services (RDS) to provide each user their own customizable desktop session.  Applications such as an access databases, accounting applications, business software, and MS Office can be installed on the server once and accessible by each user session simultaneously.  Users have access to both a private folder (i.e. my documents) and apublic folder to easily share documents between users.  The Desktop Experience feature can be installed to make Windows Server 2012R2 look like Windows 8.1 (or on Server 2008 R2 to look like Windows 7).  A Remote Desktop server is often the cheapest method for providing desktop sessions.  At Riptide, a VM with licensing for Windows 2012R2 starts at $90 plus RDS user licenses at $7.75 each.

Method 2: Windows VMs with Desktop OS 7, 8.1, 10 – Windows desktop licenses are not available in the SPLA program so hosting providers like Riptide cannot provide these licenses although you may be able to utilize your own licensing.  Windows 7, 8.1, and 10 cannot be used as a Remote Desktop Session Host like Windows Server can be.  If you are looking to provide individual (isolated) VMs to each user with a Windows Desktop OS, an option is to use one of our Dedicated Servers upon which to install your own Volume Licensed version of Windows 2012R2 Server OS along with the “virtual machine based desktop” deployment method of RDS where each hyper-V VM utilizes a desktop OS.  Licensing in this scenario requires that each user or device accessing the VM have either the Windows Desktop Enterprise License with Software Assurance or a Windows Virtual Desktop Access (VDA) license.  VDA device licenses are approximately $100/device/year.  Many users do not have the Windows Enterprise license because it is available in Volume Licensing and not OEM/Retail and requires Windows Professional or better.  Typically this is much more costly or cost prohibitive versus method 1 above.  The rights to utilize the Desktop OS VM cease when either the Software Assurance or VDA license expires. For a client to use their own Volume Licensing, it must be on a fully Dedicated Server and must have the proper type of licensing.  Here is a link to a good article on Microsoft licensing: https://community.spiceworks.com/how_to/124053-licensing-windows-10-with-virtualization-technologies-how-to

 

Method 3: individual VMs on Windows Server OS – if you want isolated VMs without the ability to share programs/documents between users, another option is to use Windows Server with individual hyper-V VMs with a Server OS instead of a desktop OS.  This would allow you to license the underlying host machine/server with Windows Server Datacenter licensing which provides unlimited VMs on a server OS.  In some cases this would be cheaper than method 2 above but almost certainly more expensive than Method 1 of Windows Server with RDS desktop sessions.

Things to think about:

  • Do you want a Desktop OS or Server OS / Server OS with Desktop Experience?
  • Who is providing the licensing? Do you have Desktop Enterprise with Software Assurance or VDA Licenses? Hosting providers via SPLA can provide Server OS and RDS licensing but not Desktop.