Windows 7 Terminal Services Configuration

Convert

Below is a list of common configuration problems, ordered from thin client power on to Terminal Server Login.

Powering on the Thin Client

No Power

Perform the following steps to configure the Terminal Services Licensing Mode: From the Administrative Tools menu, click the Terminal Services entry and then click Terminal Services Configuration. In the middle pane of the Terminal Services Configuration console, double click Terminal Services Licensing mode. Windows 7, Windows 8, Windows 8.1, Windows 10 or Later Computer Configuration- Administrative Templates- Windows Components- Remote Desktop Services- Remote Desktop Session Host- Connections. At the location, find the policy named Allow users to connect remotely using Terminal Services or Allow users to connect remotely using Remote Desktop Services, and set it to Enable.

  • Check power cable, power supply and outlets.

No Video

  • Check video cable, monitor power cable and outlets.

Booting - ACP Network Boot Loader

Cannot get IP address using DHCP

  • Is the ThinManager Ready thin client set to DHCP? They are set to DHCP by default, but can be changed.
  • Is the Thin Client on the same side of the router as the DHCP server?
  • Does the DHCP server have addresses to give out?

Cannot get IP address using Static IP menu

  • Certain models like PXE boot ThinManager Compatible thin clients cannot use static IP.
  • Static IP hasn't been set. Use the spacebar when the 'Select any Key to Configure IP Settings' is displayed and set the client IP address

A Non-ThinManager Ready (PXE) Client Will Not Boot.

  • PXE-E32: TFTP open timeout
    • Verify that there is not a firewall preventing the client from downloading the boot file
    • Check that acpboot.bin is located in the ThinManager Installation directory (default of %PROGRAMFILES%Rockwell SoftwareThinManager)
    • If using a standard DCHP server with boot options
      • Verify option 67 is set to acpboot.bin in the DHCP server scope
  • PXE-E51: No DHCP or proxyDHCP offers were received
    • Make sure the client has a connection to the network with where the DHCP server resides
    • If 'Using Standard DHCP server with boot options':
    • Check that there is not a firewall preventing the DHCP requests from reaching the DHCP server
    • If the DHCP server is on a different subnet, make sure DHCP helpers (DHCP forwarding) are configured
    • If 'Using Standard DHCP server':
      • Check that there is not a firewall preventing the DHCP requests from reaching the DHCP server or the ThinManager servers
      • If the DHCP server or ThinManager server is on a different subnet, make sure DHCP helpers (DHCP forwarding) are configured
    • If 'Not using a Standard DHCP server':
      • Check that there is not a firewall preventing the DHCP requests from reaching the ThinManager servers
      • If the ThinManager server is on a different subnet, make sure DHCP helpers (DHCP forwarding) are configured
  • PXE-E52: proxy DHCP offers were received. No DHCP offers were received.
    • Verify that the standard DHCP server is functioning correctly
    • If you do not have a standard DHCP Server, configure the ThinManager PXE Server to 'Not using Standard DHCP Server'.
  • PXE-E53: No boot filename received.
    • Using a relay agent: verify that the relay agent is configured properly
    • Using a standard DHCP server with boot options: verify that option 67 in the DHCP Server is set to acpboot.bin
  • PXE-E55: ProxyDHCP service did not reply to request on port 4011
    • Install the latest service pack for your version of ThinManager
  • PXE-E61: Media test failure, check cable
    • Make sure the client has a physical connection to the network

Cannot Load Firmware

Is Thin Client connecting to the ThinManager Server?

  • Using DHCP
    • Has Option 066 been set to the ThinManager Server IP Address?
    • Is there a link light on the network port?
    • Check router address, IP Addresses, and Subnet Mask
  • Using Static IP
    • Has the ThinManager Server IP Address been entered in the IP Configuration Menu?
    • Check router address, IP Addresses, and Subnet Mask

Is the network blocked?

  • ThinManager Ready thin client that communicate through routers, gateways, or firewalls may need some ports opened to allow data flow through these devices. See the Ports Page for a complete list of ports utilitized by ACP Products.
Terminal services configuration tool windows 7

Loads firmware intermittently/slowly

  • Check for IP conflicts
  • Check cable connections
  • Make sure ThinManager Server CPU usage is below 100%

Thin Client Loads Firmware but fails to load configuration

'Please Define on Server'

Windows server 2019 terminal services
  • Enter ThinManager and define the terminal.

'License Not Available'

  • Check your license usage in ThinManager. You are out of an ACP-supplied License.
  • The Installation ID may come from the motherboard serial number, the MAC address on the network cards, or the GUID from the operation system. Don't change or disable the network cards after licensing to prevent changing the Installation ID, which can affect the validity of the license.

'This Terminal Disabled'

  • A ThinManager administrator has disabled this terminal. Re-enable it.

'Network Error - Check Network Connections'

  • Check the network cable, link light, and network.

Was Disabled, but did not go on when re-enabled.

  • Reboot the thin client.

Is WinTMC Loaded on ThinManager Server?

Open Terminal Services Configuration Windows 7

  • Make sure that the WinTMC client is not installed on the ThinManager Server. The WinTMC client will try to open the 2031 port that ThinManager needs to communicate with thin clients, causing a port conflict. WinTMC is for PCs, not servers. Uninstall the WinTMC client if it is present.

Terminal Selection menu is shown, but keyboard does not work

  • Check keyboard and reboot
  • Use PS/2 splitter if the unit has only one PS/2 port
  • Switch the mouse and the keyboard if plugged into a PS/2 splitter.

Graphical ACP Logo is shown, but boot process stops

Does not attempt to connect to the terminal server

  • Check Terminal Configuration Wizard to make sure a terminal server is specified

Cannot Connect to Server xxx (0.0.0.0)

  • The terminal server doesn't have an IP address configured in the Terminal Server Configuration Wizard.
  • If using DNS, check the terminal server's registration.
  • If you are using a Citrix Published Application, you may need to specify the ICA browser.

Cannot Connect to Server xxx (w.x.y.z)

  • Check the event viewer on the terminal server. If it says 'Could not issue client license', you need a Microsoft Terminal Server Client Access License (MS TS CAL) and/or a Microsoft Terminal Server Licensing server.
  • Check the Subnet Mask in the ACP Boot Loader on the thin client. If it is set to 255.255.255.255 instead of 255.255.255.0, it will fail to connect to the terminal server.

Reboot the thin client and use the spacebar when the 'Select any Key to Configure IP Settings' is displayed. Change the subnet mask in the ACP Boot Loader menu.

  • Error 50 - Disconnected
  • Check the event viewer on the terminal server. If it says 'Could not issue client license', you need a MS TS Cal / MS TS Licensing server.

Attempts to connect to terminal server, but dies

  • Some servers (Dell and its Dellwall.bmp, for example) load a complex bitmap background that can interfere with loading. Find the offending wallpaper file on the console session and rename it so that it doesn't load at login

Connects to connect to terminal server, but cannot login

  • Is the user a valid user? Is the password correct?
  • Does the user have permission to connect through Terminal Services (user properties in the User Manager)
  • Is the user a member of the Administrators or Remote Desktop Users Group?
  • Check the event viewer. If it says 'Could not issue client license', you need a Microsoft TS Cal and or a Microsoft TS Licensing server.
  • When terminal server is in 2 domains and an administrator logs into the console with a domain account, it sets that as the default domain. If the terminals are configured to use the other domain they will be unable to login. Login to the console with the domain of the terminals to reset the default domain.
  • Is NLA turned on? Support for NLA was released with Firmware 7.1.113 found in Firmware Package 7.1.3.

Login to Terminal Server prompts for password even though the username and password are filled in ThinManager

  • The password may be entered wrong in ThinManager.
  • Always Prompt for Password may be setup and should be disabled:
    • Start > Programs > Administrative Tools > Terminal Services Configuration (2003, 2008) or Remote Desktop Session Host Configuration (2008 R2)
    • Double click on RDP-tcp Properties in the right-hand window.
    • Uncheck the Always Prompt for Password checkbox on the Login Settings tab.
      • Note: In 2012, this must be done via Group Policy or Registry Key.
      • Computer Configuration > Policies > Administrative Template > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security > Always prompt for password upon connection change to false.
      • HKLMSoftwarePoliciesMicrosoftWindows NTTerminalServices create a new 32-bit DWORD key fPromptForPassword with a value of 0.

After the session is established, it will disconnect randomly

  • Make sure each user is logging on with a unique user name. Windows will only allow one session per name by default.
  • Check the physical network connection.
  • Check for a different computer (e.g. a laptop) with the same IP address.
  • Slow down the Monitoring Interval on the Monitoring Connection page of the Terminal Configuration Wizard by increasing the timeout and retry values.

Mouse works but the application is unresponsive

Application on terminal server is locked up - kill the application and let the thin client reconnect to terminal server and restart the application.

Sound doesn't work

  • Make sure that Audio Mapping is allowed on the Client Settings of the RDP-tcp Properties in the Terminal Server Configuration Console (2003, 2008) or Remote Desktop Session Host Configuration (2008 r2).
  • Make sure that you are using a ThinManager Ready thin client that has sound capability.
  • Use the Sound Module for that specific thin client.
  • Connect a powered speaker to the 'Line Out' plug. Line Out isn't amplified so it requires a powered speaker.
  • Properly working sound will play a sound at boot and at login.

The touch screen doesn't work

  • Make sure you are using the right Touch Screen Module for the touch screen controller.
  • Make sure that the serial cable is plugged into the correct serial port
  • Make sure that the Touch Screen Module is using the correct baud rate.
  • Use the USB Touch Screen Module if the touch screen is USB, or set the Connection Type to USB on the regular touch screen module.

The touch screen mouse doesn't match the touches

  • Calibrate the touch screen by highlighting the unit in the ThinManager tree and select Tools > Calibrate Touch Screen.
  • If the touches are 180 degrees out of phase, enable the 'Swap XY Coordinates' parameter on the touchscreen module.

Changes to the configuration in ThinManager don't show up on the thin client

  • Restart or Reboot the thin client. Changes are only sent to a thin client at bootup.

The configuration of the primary ThinManager Server and the secondary ThinManager Server are different

  • Enable automatic synchronization by selecting Manage > ThinManager Server List or manually synchronize the configurations by selecting Manager >Synchronize in the ThinManager menu bar.

The terminals in the tree on the primary ThinManager Server show green while the terminals on the secondary are all red

  • Enable automatic synchronization by selecting Manage > ThinManager Server List or add both ThinManager Servers to the ThinManager Server Monitor List in the Terminal Configuration Wizard. Reboot the terminals and synchronize the ThinManagers as above.

The client is showing the time of the terminal server in a different time zone and not the local time

  • Use the Time Zone Redirection Module on the client with the local time zone selected.
  • Make sure that the security policy of the terminal server or domain allows it:
    • Start > Run > secpol.msc > OK
    • Expand: Computer Configuration > Administrative Templates> Windows Components > Terminal Services > Client/Server data redirection > Allow Time Zone Redirection
    • Change to Enabled

When 'Terminal Servers' is highlighted in the ThinManager tree, the Details pane doesn't show OK for the connections

“No login information supplied”

  • Run the Terminal Server List Wizard and add an administrative user name and password on the Terminal Server Name page of the Terminal Server List Wizard.

“User specified does not have permission to connect”

  • This indicates that the Terminal Server had an invalid username and password added on the Terminal Server Name page of the Terminal Server List Wizard. Run the Terminal Server List Wizard and change to an administrative user name and password on the Terminal Server Name page of the Terminal Server List Wizard.
  • Use the domain in the Domain field on the Terminal Server Name page of the Terminal Server List Wizard.
  • If not in a domain, try using the terminal server name in the Domain field on the Terminal Server Name page of the Terminal Server List Wizard.

WTSAPI32.dll connection failed

  • This occurs when the terminal server is off or unreachable. Try pinging the terminal server.
  • For additional information regarding WTSAPI32.dll errors, see the DCOM_Errors Page.

The Users, Sessions, and Processes tabs don't show data for a terminal server

  • Shorten the name of the terminal.
    • Microsoft truncates the terminal names to 15 characters. The Process information won't display for terminals with a name longer than 15 characters.

The Users and Sessions tabs show data for a terminal server, but the Processes tabs shows no data

  • Shorten the name of the terminal.
    • Microsoft truncates the terminal names to 15 characters. The Process information won't display for terminals with a name longer than 15 characters.

When shadowing a client the mouse doesn't work in the shadowed session

  • The user must be logged into the shadowing computer as an administrator, or as a ThinManager Administrator, or member of a security group that is given permission to use interactive shadowing in the ThinManager Server Configuration Wizard.
  • The interactive shadow must be checked in RemoteView on the ThinManager menu.
  • A terminal using the Share Keyboard and Mouse module will only be interactive if the mouse is active in that session.
Retrieved from 'https://kb.thinmanager.com/index.php?title=Common_Configuration_Problems&oldid=8920'

Optimizing RDP client/server for casual use. Make it use less bandwidth. Get higher throughput and adaptive transfers.

Back in 2011 I wrote a blog post on optimizing RDP in Windows 7. I’ve been thinking of updating that post for some time, and now finally got around to it.

Since sometime around 2000 I have been working remotely over RDP. It is my preferred way of working since it allows me to have one main computer and my laptops are just a terminal. I have worked on low bandwidths, high bandwidths and everything in-between. For the most part the default settings served me well, but in some cases you may want to optimize it a bit further – and this is where this guide may be of help.

Terminal For Windows 7

If you do not want to dig into the dirty details then just follow this list.

  1. Open up UDP port 3389 in your firewall/port forwarder. Both TCP and UDP should be open.
  2. Open Group Edit: gpedit.msc
  3. Navigate to “Computer ConfigurationAdministrative TemplatesWindows ComponentsRemote Desktop ServicesRemote Desktop Session Host”
  4. Set “Configure compression for RemoteFX data” to “Enabled” and “Optimized to use less network bandwidth” (if you have enough RAM, or “Balances memory and network” or “Optimized to use less memory” if not.)
  5. If you always connect through LAN/VPN then disable host-to-client encryption: Go to “Security” and set “Set client connection encryption level” to “Low level”. (Warning: Do not do this if you are not on a secure network.)

Enable UDP

Of course you have to open/forward TCP port 3389 to enable RDP. Since RDP 8.0 (came as an update to Windows 7 and Windows Server 2008 R2) there has been some additional improvements to the protocol. Notably an UDP connection has been added for adaptive/lossy transfer. Microsoft describes it as: “This feature offers advanced techniques such as intelligent and adaptive UDP transports, network loss tolerance, and recovery to provide a fast and fluid experience to users on a WAN.” The immediate effect I spotted when opening the UDP port was that sound and picture was synced in videos, and that I could run a fullscreen 1080p (cartoon) video smoothly over a remote connection. The video was encoded in lower quality than its source, but it still played and the RDP connection worked smoothly.

Enable/forward UDP port 3389. Meaning that you will have both TCP and UDP port 3389 open/forwarded to your RDP host.

PS! If it is unclear what “enable/forward” means: The ports have to be opened in any firewall (local or on network), and in the case of NAT the port has to be forwarded.

PS2! This feature is default set to “on”. For information about this feature and where you can disable it on the host computer go here.

Configure compression

Under group policy “Computer ConfigurationAdministrative TemplatesWindows ComponentsRemote Desktop ServicesRemote Desktop Session HostRemote Session Environment”.

Terminal Services Configuration

In “Configure compression for RemoteFX data” change the compression level to what suits you best. Note that “Do not use an RDP compression algorithm” will use a lot of bandwidth. Set this to “Optimized to use less network bandwidth” if you suspect bandwidth is your bottleneck.

Up to Windows 7 this option was called “Set compression algorithm for RDP data”.

Configure encryption

Windows Server 2019 Terminal Services

Under group policy “Computer ConfigurationAdministrative TemplatesWindows ComponentsRemote Desktop ServicesRemote Desktop Session HostSecurity”.

The setting “Set client connection encryption level” allows you to change the encryption level of your connections. For most cases it is strongly recommended to keep encryption enabled. Setting it to “Low level” will encrypt data sent from the client to the server (mouse/keyboard), while not encrypt data sent from the server to the client. The setting “Client Compatible” will attempt to negotiate the strongest supported encryption by both ends. The setting “High level” (recommended) will use 128-bit encryption in data both sent and received.

Note that decrypting data is not a CPU-intensive operation, therefore encryption has very little/no impact on the client.

  • If you minimize your RDP window (on the client) it will not use any bandwidth. Useful if you are working over a metered connection (mobile).
  • Default setting is for the client to cache bitmaps. This is nice for slower connections, but on a LAN connection it can quickly lead to slowdowns when reading/writing cache on disk.
  • It could be worth checking out other vendors
    • Ericom Blaze RDP Accelerator http://www.ericom.com/ericom_blaze.asp
    • Riverbed https://splash.riverbed.com/thread/5874 (network level compression, requires disabling RDP compression and encryption)

Enable Terminal Services Windows 10

If you are the admin of a RDP host server and you want to put certain limitations on your users there is a whole set of options you can change. To mention some:

  • Under group policy “Computer ConfigurationAdministrative TemplatesWindows ComponentsRemote Desktop ServicesRemote Desktop Session HostConnections”
    • Restrict users to a single RDP session
    • Limit number of connections
    • Automatic reconnection
  • Under group policy “Computer ConfigurationAdministrative TemplatesWindows ComponentsRemote Desktop ServicesRemote Desktop Session HostDevice and Resource Redirection”
    • Disable audio/video redirect
    • Limit audio quality
    • Disable clipboard, COM/LPT-ports, drives, plug and play devices and smart card redirection
  • Under group policy “Computer ConfigurationAdministrative TemplatesWindows ComponentsRemote Desktop ServicesRemote Desktop Session HostPrinter Redirection”
    • Disable/configure printer redirection (printing from RDP to local printer)
  • Under group policy “Computer ConfigurationAdministrative TemplatesWindows ComponentsRemote Desktop ServicesRemote Desktop Session HostProfiles”
    • Enforce and limit roaming profiles for RDP users
  • Under group policy “Computer ConfigurationAdministrative TemplatesWindows ComponentsRemote Desktop ServicesRemote Desktop Session HostRemote Session Environment”
    • Limit colors, resolution, number of monitors
    • Start a program on connection
    • RemoteFX settings for virtual hosts
  • Under group policy “Computer ConfigurationAdministrative TemplatesWindows ComponentsRemote Desktop ServicesRemote Desktop Session HostSecurity”
    • Always prompt for password
    • Require encryption
  • Under group policy “Computer ConfigurationAdministrative TemplatesWindows ComponentsRemote Desktop ServicesRemote Desktop Session HostSession Time Limits”
    • Configure session timeouts

Windows 7 Terminal Services Configuration Chart

If your desktop host is a Windows 7 or higher running as a HyperV virtual machine guest OS then you can enable RemoteFX. RemoteFX requires a compatible graphics card, and in short it gives your RDP session into the virtual host access to GPU hardware. For example I successfully started Battlefield 4 by RDP’ing into a Windows 8 virtual guest OS. It ran remotely (around 20Mb network connection) and it was very laggy (around 10 fps), but it did run nevertheless.

Note that RDP settings for RemoteFX is a separate set of options located side-by-side with the options described above.