When you try to connect to your SBS server via Remote Web Access you get the following error:
“Your computer can’t connect to the remote computer because the Remote Desktop Gateway server is temporarily unavailable. Try reconnection later or contact your network administrator for assistance.”
In this case it happened because there was installed a third party web application. This application needed to run as a 32-bit application. So the DefaultAppPool in Internet Information Server (IIS) was set to Enable 32-Bit Applications to True.
Solution: Start Administrative Tools, Internet Information Server Manager, choose Application Pools and select DefaultAppPool and choose Advanced Settings… on the right menu.
To get the Remote Web Access working again you need to change the Enable 32-Bit Applications setting to Disabled again.
Please note, this would probably destroy your web application, so before changing the setting contact you third party web application supplier to make sure there is a solution available or you have to move the application to another server.
Posted in Blog
, SBS 2011
at February 6th, 2012. 3 Comments
When using remote desktop connection to connect to windows server 2008, 2008 R2, sbs 2008, vista or windows 7 and would use saved credentials. This doesn’t work when you start the connection you get the following error:
“Your system administrator does not allow the use of saved credentials to logon to the remote computer computername/ipadress because its identity is not fully verified. Please enter new credentials.” “The logon attempt failed”
Solution: This happens when trying to connect to a computer / server in another domain and no trust relationships exists. Windows then steps back to use NTLM and the default domain machine policy prohibits use of saved credentials. You can change this domain based or for a individual machine:
Start local group policy editor, start – run – gpedit.msc
Go to Local Computer Policy –> Computer Configuration –> Administrative Templates –> System –> Credentials Delegation
Edit “Allow Delegating Saved Credentials with NTLM-only Server Authentication”
Enable the policy, click Show and enter the value “TERMSRV/*” into the list.
Do the same thing for the following policies:
“Allow Delegating Saved Credentials”, “Allow Delegating Default Credentials with NTLM-only Server Authentication” en “Allow Delegating Default Credentials”
Close the policy editor,
open a command prompt and use “gpupdate /force” to apply the policy directly
When starting a windows 2008 (R2) RemoteApp from or depends on a network mapped drive you get the error “The program did not start on the remote computer.”
Solution: The problem is caused because the program is hosted on or depends on a network mapped drive. When starting a RemoteApp the program doesn’t wait till the logon script script is finished but just start the program directly and cannot find the right drive or program.
Workarround is to map the network drive persistant so it’s available before the RemoteApp program starts or create a batch file as RemoteApp so you can first map the network drive and then start the program.
When you close a Windows 2008 terminal server or Windows 2008 R2 remote desktop services RemoteApp the sessions stays in disconnected state.
Solution: Since Windows 2008 there is a local / group policy called ‘Set time limit for logoff of RemoteApp sessions’. You can set the policy for both computer as user configuration.
For windows 2008: Administrative Templates \ Windows Components \ Terminal Services \ Terminal Server \ Session Time Limits
For windows 2008 R2: Administrative Templates \ Windows Components \ Remote Desktop Services \ Remote Desktop Session Host \ Session Time Limits
Problem 1: When logging on to a Windows 2008 R2 Remote Desktop Services (former known as Terminal Services) you get the a balloon messages saying a temporary profile is loaded. Changes to the profile are not saved by exiting.
Solution: Backup all data in “%SystemDrive%\Users\UserName” or just rename the folder with .bak at the end. (if this is the first time you try to logon with this account there will be no folder with this username.)
Then start the registry editor and browse to HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ ProfileList here you will find all user SID’s logged on to this RDS server. You will find here a subkey know as SID.bak take a look probably this will be the key of the user you get this error.
Delete this key and close registry editor (If you are not sure, first make a backup/export of the key before deleteing is). Then logoff and logon again.
Problem 2: When you try to logon to a Windows 2008 R2 Remote Desktop Services (former known as Terminal Services) server, you get the error: “The Group Policy Client service failed the logon.” “Access is denied.” and you are automatically logged off.
Solution: In my case this problem was caused by a corrupted NTUSER.Dat file. I solved it by logging on as a Administrator changed the user profile to local via Control Panel\User Accounts\User Accounts Configure advanced user profile properties. Then I replaced the NTUSER.Dat from the user by the NTUSER.Dat from the temp profile.
Probably this is caused by using a Terminal Server profile that is corrupted. Another Solution could be deleting this profile and building a new profiles for this user.
Posted in Blog
, Windows 2008R2
at August 25th, 2010. 8 Comments