Remote Desktop Services (RDS) is a service that IT uses fairly often. Many of its components are well known to admins; however, there are a few RDS errors that seem to happen almost regularly. Let’s review a few of these to make managing RDS even easier.
User Profile Disks
User profile disks were added to RDS in Windows Server 2008, replacing the much more difficult system of saving each profile to separate file server. While it was meant to be assigned by Group Policies, it made management extremely difficult.
Now, however, user profile disks have established a single console for policy creation, making it much easier to manage and more efficient than just storing the data on your file server. It creates a virtual disk for each user and saves it on the server. These profile disks also store user documents and retain important user settings, like profile settings and the user’s desktop, for example.
In 2012 Server, another feature to the user profile disks was added: collections. Collections allow multiple permissions per RDS server, and even allow different permissions to be set for each different collection. Different profile disks can be stored in each collection, and it works much more efficiently than creating multiple group policies.
When you create an RDS environment, you also have to create SSL certificates. There are four required certificates: connection broker, single sign-on, web access, and gateway certificates. While you could create a public certificate for all four, that is an overabundance of certificates.
RDS generally has issues with certificates from internal certificate authorities. The best option is a wildcard certificate — or one certificate for all services — since a public certificate is preferred. Too often, people use self-signed certificates, which are untrusted and result in errors. To get around this, they might create a public certificate, but are then forced to create four when just one wildcard certificate would suffice.
Network Access Policies
The installation wizard creates a Network Access Policy (NAP). By default, it assigns domain users to access servers, which allows access to all domain computers. This is extremely compromising to general security.
It is possible to lock down access and specify only one group of computers by using the security group function in the NAP policy, which gives rights to designated RDS servers designated. This circumvents the default by only allowing access and permissions to a certain chosen group of users, which protects security much more effectively.
RDS Error: “Can’t Find Any Computers”
Occasionally, an error occurs when logging into RDS which reads: “Can’t find any computers.”
To remedy this, remember to add all of the computers that are associated with RDS to the server’s list. Remember, it is profile specific.