Tag Archives: Windows Server 2008R2

Create RDP Shortcuts for users to login to Windows Server

Users can create a shortcut on their desktop to the Remote Desktop Connection Client on their local PC to make it easier to login to their remote server. The shortcut can include customization like enabling printer redirection, enabling clipboard (to copy and paste between the server and local PC), hard drive redirection and more.  You can also choose to save your username so you don’t need to enter it each time.

If you are the local IT admin and want to make it easier for your users to login to their remote desktop session on the remote server, you can create the RDP shortcut for each of them on their local PC or create it on your PC and provide it to them to save on their desktop. This assumes that the users are on the same version of Windows/RDP.

Steps to create a shortcut on your desktop to your local Remote Desktop Connection Client:

  1. On your Windows PC, open your local remote desktop connection client by clicking the start button and typing mstsc, or browsing to the program in start, all programs, accessories, remote desktop connectionLocal_Remote_Desktop_Connection_Client
  2. Click on “Show Options” to view the settings that can be modified/customized.
  3. On the General Tab, you can enter the computer name field as the IP address of the remote server or dns name if setup. You can also enter the username if you want it to be saved. Do not click “save as” yet as you will want to make additional selections first and then come back to the general tab to “save as” the shortcut to the desktop.
  4. On the Display Tab, you probably want to keep it as Full Screen.
  5. On the Local Resources tab, you have several important options particularly in the “local devices and resources” section. Most users will want to make sure the boxes are checked by both Printers and Clipboard which will allow you to print to you local printer and copy and paste files between your local PC and the server. Under the “More” settings, you can select whether to redirect your local c: drive which will then show up in windows explorer on the server to make it easy to move files between your PC and server. We typically don’t recommend that you redirect your hard drives by default in the shortcut because it utilizes additional resources and bandwidth (and you can easily move files using clipboard – copy/paste instead), but rather you can redirect your hard drive only when necessary by changing the setting prior to connecting. If you intend to move files between your PC and server frequently, then you make want to redirect your c: drive by default.Local_Remote_Desktop_connection_client_Local_Resources
  6. After you have made your selections (usually you can leave the defaults on the remaining tabs), go back to the General Tab and click “Save As”, enter a shortcut name of your liking, and make sure to select your Desktop as the destination for the shortcut. (If you select “Save” instead of “Save As”, your choices will overwrite the default remote desktop connection profile on your local PC.) After saving it to your desktop, you should now see the shortcut on your desktop for easy access!
  7. We also have a video on creating RDP shortcuts that you can review:  https://www.youtube.com/watch?v=iLKSMcIrfqE

RemoteApp RDWeb website hosted on Windows Server 2008R2 does not work with Windows 10 Edge Browser

If you are using the RemoteApp RDWeb Access website feature (RDweb) in Windows Server 2008 R2 and have client/user PCs that have upgraded to Windows 10, read below. This does not apply if you are using full RDP desktop sessions to login and see a desktop which is what many/most people do – i.e. using RDP client to connect to a desktop session.

If users are accessing applications using the RD Web access website (i.e. https://IP or Hostname/rdweb ) to access applications instead of logging into the server via the remote desktop connection client, you will notice that the website doesn’t work from Windows 10 PCs using the new Microsoft Edge browser.  RemoteApp RDWEB hosted on a Windows 2008 R2 Server requires the client browser to have ActiveX enabled which basically limits usage to Internet Explorer (doesn’t work on Chrome, Firefox nor for MAC users).  (Note: Windows Server 2012R2 RemoteApp RDWEB no longer requires ActiveX).

Solution

The good news in this situation is Windows 10 still includes Internet Explorer and if you open the website using IE, you should be able to access it – see steps below.  In Windows 10, open IE separately and not within Edge (i.e. in Edge, you can click tools, and then say “open in IE” but don’t do it this way).  Follow the steps below to open IE, add rdweb URL to trusted sites in IE, then close IE and reopen IE, then it should work.

 

  1. CLICK START BUTTON and start typing “Internet Explorer” which should pop-up in search results and select – see screenshot below.  Don’t click the browser shortcut in taskbar because that will just open Edge.

Windows10startmenuforIE

2.  After IE opens, go to the url you use for RDweb.  Click Allow on popup to allow MS RDS web access – see screenshot.

RDweballowRDSWA

 

3.  Do not login yet – first we need to add to trusted sites in Internet Explorer (only need to do first time), then will need to exit all IE windows and start again.

4.  Under the tools icon, click internet options like this, which will open the Option windows, then go to Security Tab, Trusted Sites (the green checkbox), then click on the “Sites” button and then add the url which may be pre-populated – see screenshots.

TrustedSites

5.  Next, close all Internet Explorer windows and start over except this time login to the RDS site.

 

RemoteApp and options for MAC users

REMOTEAPP

 

For remote desktop (terminal server) application hosting where the user is logging into a full desktop session, MAC users should have a good experience and there are Remote Desktop Connection Clients that can be downloaded for MACs, iphone, and ipad. (The Remote Desktop Connection Client is preloaded on all Windows machines and doesn’t require a download to use it).  The Clients for MACs/Apple can be found here:  http://www.RiptideHosting.com/blog/remote-desktop-connection-client-for-macs/

 

RemoteApp is an optional feature of Remote Desktop Services where users are not provided a desktop session but rather can only open a specified application.  This feature doesn’t work well with MAC users in Windows 2008R2 due to the limitations below.  It should work better in Windows 2012R2 for MAC users but only if using the RDweb login option.   We have many MAC users using our Remote Desktop hosting although most are using full desktop sessions instead of RemoteApp.  There are other options instead of RemoteApp as described toward the end of this post.

 

With RemoteApp, you can distribute a RDP file to a user (Windows 2008R2 only – “RDP distributable file” – this option is not available in Windows 2012R2) or you can set it up for users to access the specified program  via a URL.  The user can open the specified application but does not get a full desktop session to save/share files, etc.

  1. RD Web URL – When enabled, you can access the RD Web Access Web site at https://IPaddress/rdweb .  In 2008R2, the website requires that the client browser has ActiveX enabled which basically limits usage to Internet Explorer and therefore excludes MAC users.  (as noted here — https://technet.microsoft.com/en-us/library/cc731508.aspx).  In 2012R2, the RD Web Access website no longer requires ActiveX  and is supposed to work with many more browser options.  However, Server 2012R2 does require that the Active Directory Domain Controller role be installed to use RemoteApp whereas it is not required in Windows 2008R2.
  2. Create RDP file via the RemoteApp Wizard to distribute to users.  This works easily to create the file and other PC users should be able to open it easily.  MAC users generally have issues when they try to open the file where the system doesn’t recognize it.  Note: Windows Server 2012R2 no longer has this option to create the RemoteApp distributable file.

If you are going to use RemoteApp in 2008R2, contact us for additional instructions and tips that we can provide.

 

 

OTHER OPTIONS

 

  • User full desktop sessions but configure group policies to limit access to certain things, remove icons, prevent access to drives, etc.

How to set time limit for disconnected sessions Windows Server 2012R2

By default, Remote Desktop Services allows users to disconnect from a remote session without logging off the server and ending the session. When a session is in a disconnected state, running programs are kept active even though the user is no longer actively connected. A disconnected session continues to consume server resources and we recommend that you set policies to end disconnected session after a period of time. Sessions are ended/closed out if the user Logs Off from the server (start -> logoff) but are not ended if the user simply clicks the X in the upper corner to close the RDP window.

You can limit the amount of time that active, disconnected, and idle sessions remain on the server. Two methods are described below:

#1 — User Properties to set session time limits per user:

In each user’s properties window, under sessions tab, you can change the default of “end a disconnected session” from NEVER to X hours/days as well as change the other settings.

User_Properties_Picture

#2 — Group Policy to set session time limits for all users:

  1. Cmd prompt, gpedit.msc
  2. Computer Configuration, Admin Templates, Windows Components, Remote Desktop Services, Remote Desktop Session Host, Session Time Limits
    1. Enable appropriate group policies and modify as needed
    2. We recommend setting this one because it will prevent disconnected sessions from consuming server resources — “Set time limit for disconnect sessions”
  3. After modifying group policies, you can force an update without rebooting by typing “gpupdate /force” at cmd prompt

 

#3 — If Windows Server 2008R2, you can modify these settings in RD Session Host Configuration too

To configure session settings on a windows 2008R2 server with Remote Desktop Services role installed, go to start -> administrative tools -> remote desktop services -> RD Session Host Configuration. Then right click RDP-Tcp properties, Sessions tab, and enter value to end a disconnect session after a specific period of time, end an idle session, etc. (tsconfig.msc also opens the RD Session Host Configuration window). More details can be found here: http://technet.microsoft.com/en-us/library/cc754272.aspx

 

 

 

How to launch a program automatically when logging into Remote Desktop Server

Automatically launching a program or application upon login to a Remote Desktop Session.  See below for methods to use the “start program at login” policy which can be configured per user.  Another method to limit specific programs to a user is via RemoteApp.  We have several other posts regarding RemoteApp and how to set it up and its limitations (i.e. RemoteApp setup is easier in 2008R2 (works in Workgroup mode) than 2012R2 but RDweb requires ActiveX (so IE only) and it doesn’t work for MAC users, while use of RemoteApp in 2012R2 requires joining to a Domain).

1) USING ENVIRONMENT TAB OF EACH USER’S PROPERTIES ON SERVER:  If you want a program to automatically start when a user logs on to the RDP server instead of showing a full desktop session, you can configure this in the Environment tab of the Properties window for each particular user. 

 User_Properties_Environments

After you have made the changes, you should test that it works properly for your users by logging into the server using the accounts you changed/created including testing it with simultaneous sessions and to verify the sessions close properly when the application is closed.

We highly recommend enabling policy to log off disconnected sessions:

  • Enable policy to log off disconnected sessions immediately or within a few minutes so you don’t have a blank screen if users don’t properly exist a program.  Existing the program (instead of clicking X in upper right corner of program) will properly log off the session but enabling this policy will ensure that an improper disconnected session is automatically logged off.  See block post here for instructions on how to enable this policy on both 2012R2 and 2008R2 http://www.riptidehosting.com/blog/how-to-set-time-limit-for-disconnected-sessions-windows-server-2012r2/

2) USING PROGRAMS TAB ON REMOTE DESKTOP CLIENT – Another method is to use the programs tab on your local remote desktop client prior to logging in to the server.  On the programs tab, you can enter the path for program to start upon login.  You can also create a RDP shortcut with this information saved on to your desktop.  We have a video on our website on creating RDP shortcuts – https://youtu.be/iLKSMcIrfqE .  A disadvantage to this method versus the first method above is that each user can edit the shortcut and change the settings.  Your IT person can create these shortcuts and provide them to each user.  

If you use this method on Windows 2008R2, you may have to change settings in RemoteApp under RDP Settings Change and allow access to unlisted programs.

3) USING GROUP POLICY – Another method to configure this is to configure programs to automatically start in the RD Session Host Configuration settings and in Group Policy, although then the logon settings could be applied universally to all users, including the Administrator (which means Administrator may not be able to access the desktop, start button, etc.) whereas the method above allows configuration by User.  You could also create a separate group policy that would be applicable for a specific group, such as non-administrators, so the group policy change wouldn’t affect all users. 

4)  REMOTEAPP – Another method is to configure the RemoteApp feature in Remote Desktop Services (RDS).  In 2008R2, this feature works great (either the RemoteApp distributable file or RD Web) for PC users but not for MAC usersIn 2012R2, the RemoteApp features requires the Active Directory / Domain Controller service to be install on the server before RemoteApp can be used

 

 

Using Task Scheduler to schedule recurring automatic reboot of Windows Server 2008R2

Use the steps below to schedule a task which can automatically reboot your Windows 2008 R2 server on a recurring basis.  Please beware that users that are logged on will be kicked off when the server reboots.

  1. Go to administrative tools, task scheduler.  
  2. Then right click on Task Scheduler and select Create Task
  3. Name the task, possibly something like “Reboot Weekly Saturday midnight”
  4. Change settings to run whether user is logged in or not.  Change User/Group and type in SYSTEM.
  5. On the Triggers tab, select New and fill in your schedule and make sure to check Enabled at bottom of screen
  6. On the Actions tab, select New, Start a program, and browse to “c:windowssystem32shutdown.exe” and add “/r” in the arguments box
     

If users are logged on when the server is about to reboot, it will show a message “you are about to be logged off, windows will shut down in less than a minute”.  It reboots in about 30 seconds from our experience.  If you do this, you’ll want to schedule this when users are not in the server so unsaved data is not lost. 
 

Reducing size of WinSxS directory on Windows Server 2008 R2

UPDATE FOR 2012 R2: The Desktop Experience feature is still required to be installed for Disk Cleanup to be available.  The Desktop Experience feature is listed under “User Interfaces and Infrastructure” when installing the feature – see Microsoft TechNet link here:      http://blogs.technet.com/b/rmilne/archive/2013/07/11/install-desktop-experience-on-windows-server-2012.aspx    Disk Cleanup can then be found on the Tools menu in Server Manager.

————————————————————————————————————-

 

As noted on the Microsoft technet link below, a Disk Cleanup option on Windows Server 2008 R2 is available to clean up the WinSxS directory which will reduce its size by cleaning up previous versions of Windows Update files.

 http://blogs.technet.com/b/askpfeplat/archive/2014/05/13/how-to-clean-up-the-winsxs-directory-and-free-up-disk-space-on-windows-server-2008-r2-with-new-update.aspx

Disk Cleanup is a component of the Desktop Experience feature which is not installed by default on Windows Server 2008 R2 so if you haven’t installed it already, you are generally required to do so (see alternative below although MS recommends installing Desktop Experience).

Here is a link to an overview of Desktop Experience on Windows Server 2008 R2 https://technet.microsoft.com/en-us/library/dd759187.aspx

(Note:  You can run cleanmgr.exe by following the steps in this article without installing Desktop Experience. https://technet.microsoft.com/en-us/library/ff630161%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396
SEE LINK – Cleanmgr.exe should go in c:WindowsSystem32.
SEE LINK – Cleanmgr.exe.mui should go in c:WindowsSystem32en-US.
After copying files, you can run cleanmgr.exe by typing it into the start box. This may be a good option to get Disk Cleanup without all the other components of Desktop Experience.)

To Cleanup WinSxS directory:
Run Disk Cleanup
Select c: and click on Clean Up System Files
You should see a row labeled “Windows Update Cleanup” with potential space savings of X GB.
Run – takes several minutes to clean up files.
Then on reboot (which was not forced immediately), it reboots to a Windows screen message “cleaning up” for several minutes

From our experience,

  • We have seen it reboot twice on occasion during the process.
  • This often reduces the WinSxS folder by 3 GB to 5GB.
  • For us, the reboot process at “cleaning up” screen has taken anywhere from 5-15+ minutes
  • One time while performing this, we noticed that the DNS fields on the network connection were changed back to default and internet access didn’t work properly until it was updated.

Outlook file corruption for one user on remote desktop server

We had a user who was having issues sending email in an older version of outlook on their remote desktop terminal server hosted with Riptide Hosting.  The error message upon pressing the send button in Outlook was errors have been detected in the user’s outlook.pst file.  This issue was only affecting one user on the terminal server.   We ran the Inbox repair tool (scanpst.exe) which took almost 30 minutes to run the scan, after which we pressed repair (which also took a long time and sometimes said “not responding” but eventually completed with the message “Repair Complete”).  This repair tool fixed the issue but also erased the smtp account settings in outlook which then needed to be re-entered prior to being able to send/receive email.

FTP service on remote desktop server or 2008 r2 windows server

Generally we don’t recommend installing FTP on a server unless it is necessary.  In some cases, it can be easier to transfer files through RDP.  If installing FTP on a remote desktop terminal server and after installation it seems like it is still blocked even though the ports were open on the Windows firewall, try restarting the FTP service.    Restarting the FTP service solved this issue.  If you are having a similar situation, checks to see that the FTP service is started/running and try restarting it.    Also, you should check that the required ports are open on any firewalls used which may be internal and external to the server.

If you are using a remote desktop terminal server, you can transfer files through RDP, by redirecting your local hard drive or via clipboard (cut & paste from local machine to server) without having to install FTP, etc.

Installing applications / programs on remote desktop terminal server 2008R2 or 2012R2

When you add programs on a Terminal Server, you should follow the directions below by going to Control Panel -> Programs -> “Install Application on Remote Desktop…”  You can see the Microsoft article on this here:  http://technet.microsoft.com/en-us/library/cc742815.aspx (shown for 2008R2, same process in 2012R2)

Also see this: https://technet.microsoft.com/en-us/magazine/ff432698.aspx

See our RDP youtube video here: https://www.youtube.com/watch?v=G5Wx0i8Mv60

<iframe width=”854″ height=”480″ src=”https://www.youtube.com/embed/G5Wx0i8Mv60” frameborder=”0″ allowfullscreen></iframe>

If you don’t install your application using special install mode for multi-user environment, some applications will not work properly and you will see permission errors for non-admin users and other error.

Steps on Remote Desktop Server (Terminal Server) Windows Server 2008 R2 and Windows Server 2012 R2

  1. Login to server as Administrator
  2. Download your application (executable file) to the desktop or other location on the server and make a note of that location (alternatively can place media in your local CD/DVD drive if drive re-direction is on).  If you are downloading your application file from the internet, you may need to turn off “Internet Explorer Enhanced Security Configuration” (IE ESC) if using Internet Explorer (or add URLs to trusted sites) or use a different browser such as FireFox or Chrome.
  3. Open Control Panel, then Programs, then click on “Install Application on Remote Desktop…”
  4. Click ‘next’ and browse to location to where your application file is located
  5. Let application install and click “finish”

 

 

Disable Internet Explorer Enhanced Security Configuration

Our Hosted Windows servers with Windows Server 2008R2 or 2012R2 include Microsoft Internet Explorer (you are also free to download another browser of your choice such as Chrome or Firefox). Internet Explorer Enhanced Security Configuration (IE ESC) is usually enabled by default. When you open Internet Explorer, the window will show something like this “Internet Explorer Enhanced Security Configuration is enabled” and when you type in a website, you may see a popup with “Content from the website listed below is being blocked by the Internet Explorer Enhanced Security Configuration”. According to Microsoft, IE ESC is a security feature which “reduces the exposure of your server to potential attacks from Web-based content”.   IE ESC will probably block your ability to download programs or applications to the server.

If you need to temporarily disable this feature, you can do so using the following steps:

  1. Open “Server Manager” – click on the icon that looks like a ‘tower computer with toolbox next to it’ in taskbar next to the start button
  2. In Windows Server 201R2, go to the “local server” section in left side menu.  In Windows Server 2008R2, go top menu in left side menu called “server manager”
  3. Next, for Windows Server 2012R2, look for “IE Enhanced Security Configuration” in the middle windows, right column, click on the OFF hyperlink.  In Windows Server 20082, look for “Configure IE ESC” in the second section of the middle window called “Security Information”. click on the Configure IE ESC hyperlink.
  4. Here you can disable Internet Explorer Enhanced Security Configuration for Administrators or Users or Both. This is where you can enable IE ESC too.  Usually the new settings will take place when you close out the existing IE sessions and reopen the browser; otherwise reboot the server for the changes to take effect.

To protect your hosted remote desktop server (terminal server), we recommend security measures such as anti-virus, backing up your data, requiring strong / complex passwords, etc. Riptide Hosting can provide licensing for MS Endpoint Protection stand-alone for $20/server or $5/user. We also offer Veeam full server image backup that goes beyond just file/folder backup. Our licensing is monthly with no long-term commitment.

RDP connections exceeded in Windows Server 2008R2

If you are prevented from logging on to your server via RDP and receive a message that the maximum number of connections have been exceeded, see steps below to login to the special session to then disconnect the other user sessions:

1. Open Command Prompt on your local windows computer
2. Type: mstsc /admin
3. Hit ‘Enter’ key and login
4. This will open a new session enabling you to log off other sessions.
5. Open task manager, go to the users tab and log off idle or disconnected users

The special session you are using to login has restrictions. Once you have logged off the other users, you should log back into the sever in the normal way.

Remember that remote desktop sessions are closed out from the server if the user Logs Off from the server and not when they simply close the session from clicking the X in the upper corner.

To configure session settings on a windows 2008R2 server with Remote Desktop Services role installed, go to RD Session Host Configuration, RDP-Tcp properties, Sessions tab, and enter value to end a disconnect session after a specific period of time, end an idle session, etc. (tsconfig.msc also opens the RD Session Host Configuration window). More details can be found here: http://technet.microsoft.com/en-us/library/cc754272.aspx

Can I delete files in the WERReportQueue folder on Windows Server 2008R2

If you have noticed that your windows server has a lot of files in the folder ProgramDataMicrosoftWindowsWERReportQueue you can delete them to free up space on your drive.

It is recommended using “Disk Cleanup” to free up the space.

To disable the files from accumulating you can turn Windows Error Reporting off.

On a Windows 2008R2 server open “Server Manager”
Open “Resources and Support”
Click “Configure Windows Error Reporting”
In the “Windows Error Reporting Configuration” box
Select “I don’t want to participate, and don’t ask me again”

 

See the steps from Microsoft below

http://technet.microsoft.com/en-us/library/cc754364.aspx#BKMK_enableWER_RMT

Windows Server 2008 R2 stuck on windows update at 32%

Last week we had a customer who’s Windows 2008 R2 server stopped responding after selecting to restart the server.  If updates are allowed to be applied when rebooting your server will try updating.  In this case the server started applying server updates and was stuck at 32% for several hours and displayed the following

Please do not power off or unplug your machine

With the customers permission we did reboot the server and it came back to the same screen but proceeded to finish the updates after a few minutes.

A reboot may not fix your server but after several hours or days you will need to take action to proceed.  You may end up needing to repair windows or remove certain files if the reboot does not work.