Failed to create kvp sessions string. RDS Shadow Connection from PowerShell

Error may occur when trying to send emails through Windows Live Mail... This utility is used to manage Email-accounts and emails.

Currently, there is a conflict between Windows Live Mail and One Drive, due to which many users are faced with this error. Most receive it when they send a letter with an image attached to it.

The image you submit is uploaded to OneDrive(previously SkyDrive). But more recently, users Windows Live Mail cannot send images attached in letters due to this conflict. Users could not send images as Album but you can always send them as Attached file.

Now let's look at the methods for solving the error. .

Method # 1 Sending an image by an "application", not an Album

This method is for those who have an error when trying to send an image in an email. In order to resolve the situation, do the following:

  • Compose a new letter to send.
  • Press " Insert«.
  • Now click on " Attach file“(Paper clip icon).
  • Navigate to your image that you want to select.

Using this method of sending, you can easily get around the error .

Method # 2 Remove letters from Outbox that are pending approval

This method is for those who get the error in Windows Live Mail when sending even a simple text message. Do the following:

  • Go to " Outbox«.
  • Select emails from image added as Albums.
  • Delete them all (make a copy if necessary).
  • Now compose a new letter with the text you want to send.

This time, when you send a letter, then you can do it without any complications.

On Windows 2012 R2 and Windows 8.1 Microsoft returned functionalityRemoteDesktopShadowing(shadow connection). Recall that the Shadow mode (shadow session) - can be used by the administrator to view and manage the existing RDP session of any user. This mode of operation has been supported almost since the first versions of Microsoft's terminal server and was unexpectedly removed in Windows Server 2012 (due to the transfer of the rdp stack from kernel mode to user mode). RDS Shadow functionality works in the following OS versions: Windows Server 2016 / Windows 10.

In addition, the RDS Shadow mode and RDP client have a number of interesting new features. A complete list of parameters of the RDP client mstsc.exe that determine the ability of remote shadow connection to an end user's session:

Mstsc.exe ]

/ shadow: ID- will connect to the RDP session with the specified ID.

/ v: servername- name of the RDP / RDS terminal server (if not specified, the current one is used).

/ control- the ability to interact with the user's session (if not specified, the user session view mode is used).

/ noConsentPrompt- do not ask the user to confirm the connection to the session.

/ prompt - used to connect under different credentials. The username and password are requested to connect to the remote computer.

Limitations of RDS Shadow Sessions in Windows 2012 R2

  • Only the server administrator can connect to other people's sessions. You cannot delegate these rights as a regular user.
  • RDSShadowwill not work on workgroup based networks

Using Remote Desktop Shadow from a graphical GUI

You can connect to a user session using the mstsc.exe utility or directly from the Server Manager console. To do this, open the QuickSessionCollection in the Server Manager console

Click on the session of the user of interest and select Shadow from the context menu.

The Shadow Connection Options window appears. It is possible to view ( View) and control ( Control) session. Alternatively, you can enable the option Promptforuserconsent(Request user consent to connect to the session).

If the "Request user consent" option is selected, the user will be prompted in the session:

Remote Monitoring Request

Winitpro \ administrator requests a remote view of your session. You accept this request.

Winitpro \ administrator is requesting to view your session remotely. Do you accept the request?

If the user confirms the connection, in view mode the administrator will see his desktop, but will not be able to interact with it.

Advice... To disconnect from the user session and exit the shadow mode, press ALT+* at a workstation or Ctrl+* on a terminal server (if no alternative combinations are specified).

If the user rejects the connection, a window will appear:

Shadow Error:


If you try to connect to the user's session without asking for confirmation, an error will appear stating that this is prohibited by group policy:

Shadow Error: The Group Policy setting is configured to require the user’s consent. Verify the configuration of the policy settings.

The parameters of remote control of RDS user sessions are configured by policy Set rules for remote control of Remote Desktop Services user sessions (Set Remote Control Rules for Custom Remote Desktop Services Sessions) located under Policies -> Administrative Templates -> Windows components -> Remote Desktop Services -> Remote Session Host -> Connections in the user and "computer" sections of the GPO. This policy corresponds to the dword registry value Shadow in a branch HKLM \ SOFTWARE \ Policies \ Microsoft \ Windows NT \ Terminal Services.

With this policy, you can configure the following shadow connection options over RD Shadow connection:

  • No remote contol allowed - remote control is not allowed (value of the Shadow registry key = 0);
  • Full Control with users’s permission - full control with user permission (1);
  • Full Control without users’s permission - full control without user permission (2);
  • View Session with users’s permission - monitoring the session with user permission (3);
  • View Session without users’s permission - monitoring the session without the user's permission (4).

RDS Shadow Connection from PowerShell

You can also use the functionality of a shadow connection to a user session through a Remote Desktop Services shadow connection from Powershell.

First of all, we will show how to get a list of sessions on the terminal server (user sessions will be grouped into groups depending on their status):

Get-RDUserSession | ft Username, UnifiedSessionId, SessionState, HostServer, ApplicationType -GroupBy Sessionstate

We found three active terminal sessions on this server. Let's connect to the user session with session ID 3:
Mstsc / shadow: 3 / control
Also, to get a list of all sessions on the server, you can run the command

The screen will display a list of RDP sessions, their ID and status: active session (Active) or disconnected (Disconnected).

To get a list of sessions on a remote server, run the command:

query session / server: servername

For more convenient shadow connection to sessions, you can use the following script. The script prompts you to enter the name of the remote computer and displays a list of all sessions and prompts you to specify the session to which you want to connect:

shadow.bat

@echo off

query session / server:% rcomp%
set / P rid = "Enter RDP user ID:"

You can put this file in the% Windir% \ System32 directory, as a result, for a shadow connection, you just need to run the command shadow.

To connect to the console session, you can use the following script:

@echo off
set / P rcomp = "Enter name or IP of a Remote PC:"
for / f "tokens = 3 delims =" %% G in ("query session console / server:% rcomp%") do set rid = %% G
start mstsc / shadow:% rid% / v:% rcomp% / control

How to allow regular users to use a shadow connection

In the above examples, to use a shadow connection to terminal sessions, you need local administrator rights on the RDS server. However, you can allow the use of a shadow (shadow) connection to connect to user sessions and ordinary users (without giving them local administrator rights on the server).

For example, if you want to allow members of the AllowRDSShadow group to use a shadow connection to user sessions, run the command:

wmic / namespace: \\ root \ CIMV2 \ TerminalServices PATH Win32_TSPermissionsSetting WHERE (TerminalName = "RDP-Tcp") CALL AddAccount "corp \ AllowRDSShadow", 2

In January 2018, after installing update KB4056898 (), users encountered shadow access stopped working in Windows Server 2012 R2. When trying to make a shadow connection to someone else's session, the message "Unidentified error" appears (there is a STATUS_BAD_IMPERSONATION_LEVEL error in the logs). A similar problem occurred on an RDS farm based on Windows Server 2016.

To solve the problem, you need to install separate updates:

  • for Windows Server 2016 - KB4057142(dated January 17, 2018)
  • for Windows Server 2012 R2 - KB4057401 (dated January 17, 2018)

Question: Clients cannot create a DRP session, while authorization at the gate of remote desktops occurs


I greet all those present.

There is the following incomprehensible glitch.
There is a server for 2012r2 with the role of a terminal server.
The server is in a farm with a domain controller and an RD Gateway server, on which the external ip is raised.
Sometimes clients cannot create a DRP session to this terminal server.
In this case, authorization at the gate of remote desktops occurs and then transparent authorization should take place on the terminal server, but the connection process hangs on "initializing a remote connection"
The RDP session does not appear on the terminal server.

The problem floats from user to user, while the same user may not connect from one computer, but connect without problems from a neighboring one.
There is nothing in the logs about terminal session errors.

I don’t know where to dig any more and therefore I appeal to the help of the IT community.

Answer: I did it as written in the article, but the problem remained
Swears

Remote Desktop Services failed to join the Connection Broker on server ts02
Error: Current async message was dropped by async dispatcher, because there is a new message which will override the current one.

Remote Desktop Connection Broker Client failed to redirect the user domain \ user
Error: The remote procedure call failed and did not execute.

Failed to create KVP sessions string. Error Code 0x8007007A

Remote Desktop Services has taken too long to load the user configuration from server \\ dc01 for user

I really do not want to disassemble the stack of terminal servers.

Q: Restrict Remote Desktop Service Users to One Session


Hello.
There is an NLB cluster of 3 terminal servers (load balancing). The "Remote Desktop Connection Broker" is the domain controller. In the GPO in a policy that applies only to terminal servers is Restrict Remote Desktop Service Users to One Remote Desktop Services Session - Enabled... But some users you still manage to work simultaneously with several remote clients!
Why?
Help prevent users from doing multiple sessions.
Maybe this policy should also apply to the "connection broker"?

Answer:

Message from Maks

The number of sessions is set on the terminal server in the Remote Desktop Manager.

I rummaged in the Remote Desktop Services Manager, I did not find anything similar there. Where is it located?
And surely it will help? If I set "the maximum number of sessions to 1" on all Terminal servers, the user will log in to server # 1, then what will prevent him from making a login on terminal server # 2? On the second server, there is no session of such a user - it will just be the first.
By the way, this is what happens to me: if a user logs in twice, then sessions are required on different terminal servers.

Q: A persistently active Remote Desktop session on Windows Server 2012


Good day to all, there is a Windows Server 2012 r2 server, I have raised a bot (clicker) on it for an online game. As long as I am connected to the server via RDP, the robot is working fine, that is, as long as there is an active remote desktop session. As soon as I disconnect from the server, the robot stops seeing the game and the "Cannot find Window ..." errors appear. Apparently this happens because the graphics mode is turned off after the session ends.

At the moment, I found such a solution (perversion) of the problem: I created a second user on the server and connected to it via RDP (localhost) and already raised the bot under it, in this mode everything works as it should. But that's not an option. I think there is a more rational way. How do I get the Windows visual experience to work even after my Remote Desktop session ends?

Answer:

Quote ILNUR17021992:

Option is to run the program in an active session of the local user.
To do this, you need to connect to the server using the VNC protocol (there are many third-party server programs) or through the "Remote Assistant"
Or use RDP with a shadow connection to the local user session

Question: Can't connect to Remote Desktop (RDP)


Good day.

Doesn't connect to remote desktop

In services RDP is enabled.
Firewall enabled - port 3389 is open.
Port forwarding is configured on the router.
IPishnik - static and there is a domain name, both respond.
On the computer from which the connection is made - Windows XP SP3 32bit, the connection goes to someone with Windows 7 SP1 64 bit maximum.
Both computers have KIS2013 installed. I tried to disconnect both there and on the other and only on one - it still does not connect.
Channel - 100 Mbps, not loaded.

The connection was made via a standard remote desktop in Windows 7 and XP, in both cases it is not connected.

Where to dig?

Also RDP doesn't work on client on smartphone / tablet

Answer: What is the error text? Is the user with whose credentials you are trying to log in to the server in the "Remote Desktop Users" group?

Q: How do I configure my firewall to not block Remote Desktop?


Good day! Please help me with the following situation. It became necessary to create a firewall rule on the server (Windows Server 2008 located in a local area network with a domain structure) so that it would block the connection on a specific port. So after turning on the firewall (in the "Domain networks" section), ping and the ability to connect via a remote desktop disappear. When the firewall is just running, the created rule does not work, and when you set the "Turn on Windows Firewall" option in the Control Panel -> Check the firewall status -> Turn on or off b. -> Hosting parameters in the domain network, - the rule works, but the remote control is disabled. What can be done?

Answer: uel, after disabling remote access, resetting the firewall settings, and enabling remote access, no ports were requested to open. However, the problem was solved in a different way. It turned out to be the fault of the antivirus. When it was turned off, the remote desktop started working even with the firewall turned on (only you had to adjust the rules). The strange thing is that with the firewall turned off, the antivirus did not block the remote in any way.

Question: Remote Desktop does not work


Hello. Configured a remote desktop on the server. It is running Windows Server 2008. A web server and a file server are running. Forwarded the ports on the router, as expected, with the endpoint 3389. From the local RDP network, when the login goes through the server name, everything works fine. But when I go through IP, I just don't want to go in. The user selection box appears. I tried to enter the account name in the name field - Administrator and password and the full address of the server name in the local network / Administrator. It still doesn't work. Tell me where to look for the problem. Thanks.

Answer: What's on your Remote Desktop Licensing servers?
Have you tried running mstsc on the client as administrator?

Question: [Solved] Printing from Remote Desktop


Hello!
There is a dedicated server that stores 1c databases and all documents. The accountant connects to it from two machines - one has Win XP SP3 with an HP2055dn printer, the other has Win7 x64 with a Samsung SCX-4200 printer
The accountant connects to the session and his local printers are forwarded to him, he prints from the server to local printers. When I set it up for the first time, everything took off instantly. But then the problems started on the Win7 machine.
In general, now the situation is as follows: the printer is seen on the server, we send it to print, the document becomes visible on the local printer in the print queue with the name "Redirected Remote Desktop Printer Document", you can see how the data is transferred. In the C: \ Windows \ System32 \ spool \ PRINTERS folder, you can see that job files with the extensions. SHD and .SPL are created and disappear (and if you put the saving of documents in the settings, they do not disappear)
There are no errors, but nothing is printed in the end! Prints locally, from a remote location to any.
I think I’m already trying TS Easy Print, but I would like to figure it out first, because it seems to me an error on the local machine, but which I can’t determine = (

Answer: Thank you all, I solved the problem with the help of piracy and ScrewDrivers
Out of harm's way, after installing the server and client parts, I disabled printer forwarding in the remote desktop settings, rebooted the server after installation, everything was hooked up and prints.
If anyone is interested, I installed ScrewDrivers 4.7.5.60 on Windows Server 2012 R2, in the manual it was written about using virtual channels, but this is for older server versions, nothing is needed here