Look for the “pdc32.dll” and the “wps32.dll” within the WindowsSystem32 (and/or WindowsSysWoW64) directory and rename them to *.old. Then run the Nsetup again to correct this issue.
Windows Small Business Server – TS Gateway Authentication issue
We recently implemented a new SBS 2008 server for one of our clients. A user was going to be working from home and wanted to utilize thier corporate office desktop to get some tasks done. They were able to authenticate to the Remote Web Workplace webpage successfully, but were unable to connect to their Windows 7 desktop computer. Every time they attempted to do so, their account was rejected with an error message: “The logon attempt failed”
I discovered the problem was due to an incorrect setting within IIS.
Here’s what I did to correct the problem:
I went to IIS Manager → Sites → SBS Web Applications → Rpc → Authentication. There I found only “Basic Authentication” was enabled.
Enabled “Windows Authentication” then ran an IIS reset. When IIS came back online, I was able to connect via TS Gateway to the server and at least one workstation. I connected and disconnected multiple times and it had no problems. The end user verified they were also able to authenticate without error, and gained remote control of their Windows 7 computer.
Terminal Server Printing Resources
Links to sources for Terminal Server printing issues/fixes
Microsoft Technet – Configure settings for mapping client devices – link
Brian Madden – The Ultimate Guide to Terminal Server Printing – Design and Configuration – link
Brother Printers – Universal print drivers for Terminal Servers and Citrix – link
MS Terminal Services Blog – Windows Terminal Services Printing – link
Microsoft – Terminal Server Printer Redirection Wizard Tool – link
Microsoft – Choosing the right printer drivers – link
KTS – Terminal Server category – link
Configuring printer registry settings for Windows Terminal Server
Following the installation of a printer driver on at Windows 2003 Terminal Server, it’s good practice to check out the registry to make sure the driver is not using an unsupported Monitor or Print Processor.
To check for the presence of a print monitor:
1) Open Regedit
2) Navigate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlPrintEnvironmentsWindows NT x86DriversVersion-3
3) locate the newly installed driver by name, click on the key (folder)
4) In the right hand pane you will see a series of settings, look for the Monitor string
5) The Monitor data field should be clear as print monitors are not supported in a TS environment, if you see anything listed there, delete it.
For the print processor:
1) The printer should been connected at least once to the Terminal Server in order for it to show up in the list at HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlPrintPrinters
2) Navigate to that key in the registry and locate the printer by name in the list
3) In the right hand pane you will see a series of settings, look for the Print Processor string
4) The only supported Terminal Server print processor is the default, WinPrint – if the driver you installed is using a different print processor, replace it with WinPrint.
Once you’ve made these changes, test the printer to make certain it functions via TS.
Autocreated Terminal Services Printers not deleting after user logs off
In order for printers to be completely autodeleted from both the registry and Print Manager users may need Full Control over the following registry key and subkeys:-
HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Print
Users also need Change permissions to the following:
%systemroot%system32spool
Printers not showing up on Terminal Server
Issue: When connecting to a Windows 2003 Terminal Server over RDP, some or all of your local printers (LPT or Parallel printers seem to always autocreate), ie USB, local TCP/IP printers don’t autocreate when logging on. Some of the multifunction devices and other USB printers use DOT4 printing which isn’t recognized by default by Windows Server.
Cause:This problem occurs because the printer port does not begin with COM, LPT, or USB. By default, printer port names that do not begin with COM, LPT, or USB are only redirected in Windows Server 2003. By default, multifunction print devices may not be redirected unless you are running Windows Server 2003 on your local computer because they use DOT4 ports.
Solution: To resolve this problem on a computer that is not running Windows Server 2003, force all ports (including DOT4) on the client computer to be filtered for redirection. To do this, open regedit and add a DWORD value named FilterQueueType to HKEY_CURRENT_USERSoftwareMicrosoftTerminal Server ClientDefaultAddInsRDPDR and set its value data to FFFFFFFF. Log on to the Terminal Server and all local printers should be redirected to the server. To make sure that printing works normally, install the same printer driver on the Terminal Server so that the printer is mapped to the right driver.
Printer Mapping File in Windows Terminal Server
There is a way to use an .inf file to manage the mapping of printer drivers on Terminal Server (similar to how Citrix manages printer mapping). To enable this feature, the following two registry keys need to be created:
HKLMSYSTEMCurrentControlSetControlTe
HKLMSYSTEMCurrentControlSetControlTe
Each of these is a string (REG_SZ) type. The first refers to an inf file that you create and store in C:WINDOWSSYSTEM32. The value only needs to be the name of the file, not the entire path. The second refers to the section within that file that will deal with the printer driver mapping (in the example below, “Printers”). An example would look like this:
[Version]
Signature=”$Windows NT$”
;
[Printers]
;
; ***Client Driver Name*** ***Server Driver Name***
;
“Brother HL-1250” = “HP LaserJet 5
Move the Documents and Settings folder
Microsoft Tech article on how to move Documents and Settings folder – link
Modify the following key HKLMSOFTWAREMicrosoftWindows NTCurrentVersionProfileListProfilesDirectory
Group Policy for Locking Down a Terminal Server
Microsoft Whitepaper to lock down a Terminal Server
How to lock down a Windows Server 2003 or Windows 2000 Terminal Server session
Printers That Use Ports That Do Not Begin With COM, LPT, or USB Are Not Redirected in a Remote Desktop or Terminal Services Session
Download and extract this registry modification and Merge it on the end users PC. https://www.kazmarek.com/links/printer.zip
Or do it manually:
Follow these steps, and then quit Registry Editor:
| 1. | Click Start, click Run, type regedit, and then click OK. |
| 2. | Locate and then click the following key in the registry:
HKEY_CURRENT_USERSoftwareMicrosoftTerminal Server ClientDefaultAddInsRDPDR |
| 3. | On the Edit menu, point to New, and then click DWORD Value. |
| 4. | Type FilterQueueType, and then press ENTER. |
| 5. | On the Edit menu, click Modify. |
| 6. | Type FFFFFFFF, and then click OK. |