Redhatcc

Hi all, Long time no see! I am running into a problem. I have a Windows Server 2012 R2 that does not allow you to RDP (mstsc.exe) from a Windows 7 VDI desktop. The exact error is (using an online image as a ref): I have checked the following: Launched mstsc from the Win7 desktop, clicked Show Options, navigated to the Experience tab, unchecked "Reconnect if the connection is dropped" (read that might cause it, idk why though). Ensured that the domain group is in the Remote Desktop Users group, and the server verified that I have permissions to RDP to it. Tried from several servers and VLAN's. Additional information: mstsc verion on the Win7 desktop is 10.0.14393 (shell version and control version). mstsc version on Server 2012 R2 is 6.3.9600 (shell version and control version). Both server and workstation use Network Level Authentication. I can RDP to other servers that use 6.3.9600 from a desktop with 10.0.14393. I can ping the server from my Win7 workstation. Consoling into the server from vSphere works properly. Nothing shows in the event logs when the RDP fails to work. The error in the picture above happens immediately when I try to connect vs waiting a few seconds to pop up. -------------------------------- Edit: Also verified the the following keys were set. Two of the three were set wrong (notated the ones I had to change): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server Had to change (was 1): fDenyTSConnections = DWord 0 Had to change (was 0): TSUserEnabled = DWord 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon (was correct): WinStationsDisabled = String 0

Going to try and add some information, and answer your questions: Could it be some conflict with the Hosts file: To my knowledge the host file in C:\Windows\System32\Drivers\etc\hosts is configured correctly. It hasn't been touched in 2 years. Checked it again just to make sure, and it looks good. Is there any chance that the addresses have been added in IE "Internet zone": Great point. Higher level GPO's are preventing me from checking the actual Internet Options, however I was able to run a gpresult, dump it to a html file, and check the GPO settings from the domain. It seems the the sites are only being listed in the HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings -> ProxyOverride as a REG_SZ. Can you run a trace route in the various cases (particularly the one with the 25 seconds delay): Yes. Traceroutes and Pathpings indicate that each hop is responding within ~1ms. Is the behaviour the same if you use web addresses like http://myniceweb/mypage.htmand iP addresses like http://192.168.0.100/mypage.htm : Those pages I was not able to visit. But I instead used google.com and 74.125.228.193 which is a google.com server. Both responded very promptly (1-2 seconds) I.e. could it be related to a DNS issue of some kind, are the result of running nslookup correct?: Nslookup on the URL/IP both match backwards and forwards. Is it possible that one of the Windows updates in the last two months caused this?: We have tried old VHD files (vDisk in our Citrix environment) that were 5 months old, attached to an empty Virtual Machine, logged in and it didn't work... so probably not a patch or a GPO (as hard as that is for me to say... gahh...) One thing someone in another shop sugggested us trying is setting the Local Intranet security settings from Medium-Low to Low. I also read about this online, as it might be specific to Citrix. I got the go ahead, but it seems every single thing I try either GPO or Local Policy will not change the Internet Options > Security Tab > Local Intranet > Security Level = Low . I have dug through the registry, and dug through the gpresult i exported to an html file, and can't find what is making it greyed out and preventing me from changing it. I changed it on the local level also i.e. local machine policy, but no luck. Any idea on how I can change the Local Intranet security settings from Medium-Low to Low? Weird as it sounds, from what I read online and from what someone in another shop told me, this might do the trick.

So our environment is configured as followed. We have XenApp 6.5 servers, all handing out desktops to users. Everything works smooth except for the Bypass Proxy for Intranet sites. When using IE you eventually get to to the site after about 25 seconds of waiting, and 25 seconds of waiting per each page to load for all INTERNAL websites. For EXTERNAL websites i.e. Google.com, it loads fast. I have two attachments. 1. NotWorking.png: Is the configuration we are running. Blacked out is our internal sites and proxy server, but they pull this from GPO. 2. Working.png: is the configuration that works. By works, I mean when you load an INTERNAL site it loads in 1-3 seconds. EXTERNAL sites i.e. Google.com quit working because you have to go through the Proxy Server to get outside (BlueCoat). Additional Info: * We have tried various versions of IE, but we currently run IE 9. * We are an environment that is intergraded with CAC authentication. * The desktops are Server 2008 R2 X64 patched all the way up. These desktops are Provisioned out by Citrix PVS and run XenApp 6.5. * This has been working for years until about 2 months ago and we can not figured out what changed. * To get to these options we are configuring is Internet Options > Connections > LAN Settings > X. * By simply unchecking "Use a proxy server for your LAN" box, we can access INTERNAL sites super fast. But then it takes away the ability to access all EXTERNAL sites i.e. Google.com.

So without going into detail, we have an exe and batch file that starts up at launch of someones desktop. It is a provisioned / Citrix environment and has to be done by GPO. How do I make the exe and batch file "Trusted" so they can run on startup of someone logging into their desktop? GPO style.

Throwing this in the mix. Put the echo first then set. @echo off echo|set /p"FN=FolderName"Pause

C:\Windows\Installer folder contains a lot of patches. You should clean that folder out if the patches are already installed, those files "should" only be used to uninstall the patches. Try cleaning that Installer folder out. Probably will find a lot of .msp files in there.

I don't have any studio's open in front of me, but sample the code below: dim proc as ProcessStartInfo("cmd.exe")dim pr as Processpr=Process.Start(proc)pr.StandardInput.WriteLine("taskkill /f /im iexplorer.exe")Add that between the try/catch. The application will still close afterwards too (at least it should).