Lab: Configuring and Troubleshooting TS Connections

L3-13

Module 3: Configuring and Troubleshooting Terminal Services Connections

Lab: Configuring and Troubleshooting TS Connections
Exercise 1: Configuring the TS Connection Properties Exercise 2: Configuring the TS Connection Properties by Using Server Group Policy Exercise 3: Configuring SSO by Using Client Group Policy Exercise 4: Troubleshooting Connectivity Issues

Logon Information: • • • Virtual Machine1: 6428A-NYC-DC1-01 Virtual Machine 2: 6428A-NYC-TS-03 User Names: Administrator/Bernard/Baris/Anton/Monika/Dana Password 1: Pa$$w0rd Password 2: Pass@word1


Estimated time: 70 minutes

you will configure the TS connection properties by using the Terminal Services Configuration snap-in.03 virtual machines and log on to these machines as Administrator. Start 6428A-NYC-TS-03 using the Lab Launcher tool. 2. Note: Wait for the domain controller 6428A-NYC-DC1-01 logon screen to appear before starting the 6428A-NYC-TS-03 virtual machine.L3-14 Module 3: Configuring and Troubleshooting Terminal Services Connections Exercise 1: Configuring the TS Connection Properties Exercise Overview In this exercise. 3. The main tasks for this exercise are as follows: 1. . The login ID is displayed as WOODGROVEBANK\Administrator. The Server Manager page is displayed by default. 2. and then press ENTER. and then press ENTER. Log on as WoodgroveBank\Administrator using the password Pa$$w0rd. Configure the TS connection properties by using the Terminal Services Configuration snap-in. f Task 1: Start the 6428A-NYC-DC1-01 and 6428A-NYC-TS. Log on by using the password Pa$$w0rd. 4. Start 6428A-NYC-DC1-01 using the Lab Launcher tool.03 virtual machines and log on to these machines as Administrator 1. Start the 6428A-NYC-DC1-01 and 6428A-NYC-TS.

Click the Advanced button below the Permissions for SYSTEM section. right-click RDP-Tcp. The Advanced Security Settings for RDP-Tcp dialog box is displayed. in the Permission entries list. To configure connection permissions: a b. click the Security tab. in the Connections section. point to Administrative Tools. In the middle pane.Lab: Configuring and Troubleshooting TS Connections L3-15 5. and then click Terminal Services Configuration. The Permission Entry for RDP-Tcp dialog box is displayed. Verify the remote control setting as follows: a. under Connection Name. click Start. On the Permissions tab. and then click the Edit button. f Task 2: Configure the TS connection properties by using the Terminal Services Configuration snap-in 1. select the record for Baris Cetinok. The Terminal Services Configuration message box is displayed. d. To start the Terminal Services Configuration snap-in on 6428A-NYC-TS-03. point to Terminal Services. On 6428A-NYC-TS-03. 3. 2. . click the Remote Control tab and verify that the Use remote control with default user settings option is selected. verify that TS is installed on this virtual machine by performing the following steps: • • • • In the Server Manager. On the Terminal Services page. Click OK. Under the Role Services section. In the RDP-Tcp Properties dialog box. click the Terminal Services link. Close the Server Manager console. In the RDP-Tcp Properties dialog box. verify that the Status of Terminal Services is shown as Running. and then click Properties. b. scroll down to the Roles Summary section. verify that the Status of Terminal Server is shown as Installed. under System Services section. c.

and then click OK. f. select the Allow check box for the Disconnect permission and Deny check box for login permission. Click Yes. On the Object tab. On the Object tab. A Windows Security Warning dialog box appears. in the Permissions entries list. The Permission Entry for RDP-Tcp dialog box is displayed. in the Permissions list. h. on the Permissions tab. and then click OK.L3-16 Module 3: Configuring and Troubleshooting Terminal Services Connections e. In the Advanced Security Settings for RDP-Tcp dialog box. you should have configured the connection properties. select the Deny check box for the Disconnect permission. . Close the Terminal Services Configuration snap-in. Results: After this exercise. In the Advanced Security Settings for RDP-Tcp dialog box. in the Permission entries list. j. verify that the Allow check boxes for all permissions are selected. select the record for Anton Kirilov. and then click Edit. in the Permissions list. On the Object tab. Click Yes to close the RDP-Tcp Properties dialog box. in the Permissions list. select the record for Bernard Duerr. g. and then click Edit. 4. i. on the Permissions tab.

msc. and then click Create a GPO in this domain. To open the Group Policy Management snap-in on 6428-NYC-DC1-01. under Setting. expand Administrative Templates. Verify that a maximum of two clients can connect to the terminal server. In the Group Policy Management Editor page. and then click Edit. then right-click Marketing. 8. click Terminal Services. In the Limit number of connections properties dialog box. 6. select 2.Lab: Configuring and Troubleshooting TS Connections L3-17 Exercise 2: Configuring the TS Connection Properties by Using Server Group Policy Exercise Overview In this exercise. expand Domains. WoodgroveBank. right-click the GPO for TS Connection link. under the Computer Configuration node. expand Forest: WoodgroveBank. type the name of the policy as GPO for TS Connection. and Link it here. in the TS Maximum Connections allowed box. click Start. In the right pane. and under the Terminal Server node. double-click Automatic reconnection. 4. under Setting. In the right pane of the Group Policy Management Editor snap-in. expand Windows Components.com.com. select Enabled. and then click OK. . In the Group Policy Management snap-in. f Task 1: Configure the TS connection properties 1. and then click OK. In the New GPO dialog box that is displayed. 7. 2. click Run and in the Open box type gpmc. you will configure the TS connection properties by using Group Policy. 2. click Connections. 5. Configure the TS connection properties. expand Policies. The main tasks for this exercise are as follows: 1. NYC nodes. double-click Limit number of connections. on the Setting tab. 3. On the Marketing node. and then click OK.

select Enabled. select Enabled. under Terminal Services node. 13. select Enabled. In the left pane of the Group Policy Management Editor snap-in. click Terminal Server. and then click Session Time Limits. In the End a disconnected session box. and then click OK. expand the Terminal Server node. Close the Group Policy Management Editor page. 15. 10. In the right pane. 18. under Terminal Services node. and then click OK. In the Set client connection encryption level Properties dialog box. In the Automatic reconnection Properties dialog box. In the left pane.L3-18 Module 3: Configuring and Troubleshooting Terminal Services Connections 9. . verify that Client Compatible is selected. 12. Close the Group Policy Management snap-in. In the Set time limit for disconnected sessions Properties dialog box. 17. double-click Set client connection encryption level. From the Encryption level drop-down list. 11. 19. double-click Set time limit for disconnected sessions. and then click OK. select 5 minutes from the drop-down list. In the right pane of the Group Policy Management Editor snap-in. 16. and then click Security. under Setting. 14.

and then press ENTER. Note: If the Remote Desktop Connection is disconnected perform the following steps to create the remote connection: a. Open Control Panel. check whether NYC-DC is connected to WoodgroveBank. Click the Network and Sharing Center icon. click Manage network connections. b. 6. Log on with the login ID WOODGROVEBANK\Baris using the password Pa$$w0rd. in the Open box type mstsc. In the Remote Desktop Connection dialog box. and then click OK. verify that the Computer is Nyc-ts. Verify whether NYC-DC is connected to Unidentified network. 5. 3. Then right-click Local area Connection. Close the Network Connections window. in the Open box type mstsc. g. On 6428A-NYC-DC1-01. In the Network and Sharing Center window. Minimize the Nyc-ts Remote Desktop connection. d. and then click OK. f. Check the status of the Local Area Connection. In the Remote Desktop Connection dialog box. and then click Connect. and then click Disable. click Start. click Use another account. click Run. and then click Connect. e. verify that the Computer box displays Nyc-ts. In the Windows Security dialog box. c. 2. click Run.com. under Tasks.Lab: Configuring and Troubleshooting TS Connections L3-19 f Task 2: Verify that a maximum of two clients can connect to the terminal server 1. In the Network Connections window. click Start. and click Enable. . right-click Local Area Connection. 4. In the Network and Sharing Center window. To log on as the second user.

click Use another account. Click OK. click Start. To log on as the third user. The Disconnect Terminal Services Session dialog box is displayed. In the Windows Security dialog box. 12. Minimize the Nyc-ts Remote Desktop connection. Observe that a message displaying “The requested session access is denied” appears on the screen. and then click OK. 15. Click OK. 14. Results: After this exercise. and then click Connect. verify that the Computer is Nyc-ts. in the Open box type mstsc. Close all the remote connections. click Run. 9. 10.L3-20 Module 3: Configuring and Troubleshooting Terminal Services Connections 7. 8. 11. click Use another account. 13. . and then click OK. log on with the login ID WOODGROVEBANK\Anton using the password Pa$$w0rd. Log on as WOODGROVEBANK\Bernard with the password as Pa$$w0rd and then press ENTER. In the Remote Desktop Connection dialog box. In the Windows Security dialog box. you should have configured the TS connection properties by using Server Group Policy.

click OK. 5.msc.Lab: Configuring and Troubleshooting TS Connections L3-21 Exercise 3: Configuring SSO by Using Client Group Policy Exercise Overview The main task for this exercise is to configure SSO by using client Group Policy. and then click Show to add servers to the list. select SSL (TLS 1.0) from the drop-down list. Results: After this exercise. Close the Terminal Services Configuration snap-in.msc. In the middle pane. on the General tab. click Run. type gpedit. f Task 1: Configure the SSO setting by using client Group Policy 1. and then click OK. In the RDP-Tcp Properties dialog box. In the Allow Delegating Default Credentials Properties dialog box. In the Allow Delegating Default Credentials Properties dialog box. Click OK to close the Show Contents dialog box. . under Connections section. click Enabled. Close the Local Group Policy Editor. under Setting. click Start and in the Start Search box. 8. 9. in the Open box type tsconfig. 10. 3. you should have configured SSO by using client Group Policy. 11. In the Add Item dialog box. click Add to add servers to the list.03. and then click Credentials Delegation. in the Security layer box. In the left pane. in the Enter the item to be added box. In the Show Contents dialog box. 13. under the Computer Configuration node. To open the Local Group Policy Editor. type 6428A-NYC-TS. To open the Terminal Services Configuration snap-in on 6428A-NYC-DC101. and then click OK. 12. 4. click Start. double-click Allow Delegating Default Credentials. 7. right-click RDP-Tcp. and then click Properties. under Connection Name. expand the Administrative Templates node. expand System node. and then click OK. In the right pane. 6. on the Setting tab. 2. and then press ENTER.

click the Change link. point to Administrative Tools. Verify the RDP settings. 10. click Run. Verify that the users are able to log on with the updated settings. 2. click Start. The main tasks for this exercise are as follows: 1. . In the TS RemoteApp Manager page. In the Event Viewer dialog box. and then click OK to close the RemoteApp Deployment Settings dialog box. ensure that the Server name box has NYCTS. On 6428A-NYC-TS-03.L3-22 Module 3: Configuring and Troubleshooting Terminal Services Connections Exercise 4: Troubleshooting Connectivity Issues Exercise Overview In this exercise. 7. click Start. and check the event logs. point to Terminal Services. Click Application. On the Terminal Server tab. To display the Event Viewer dialog box. press ENTER. under the Overview section for RDP Settings. in the Open box type eventvwr. Verify the user and group permissions and policy settings. and then click TS RemoteApp Manager. In the RemoteApp Deployment Settings dialog box. and check the details of any error in the events. 8.Com. 3. 5. Close the TS RemoteApp Manager. 6. Ensure that the port number in RDP Port is 3389. 4. Close Event Viewer. expand the Windows Logs node. you will troubleshoot connectivity issues. 3. click the Terminal Server tab. 9.WoodgroveBank. Shut down the virtual machines. 4. 2. f Task 1: Verify the RDP settings and check the event Logs 1.

5. click the General tab. 6. On 6428A-NYC-DC1-01. 7. Close Active Directory Users and Computers snap-in. Click OK to close the message box. point to Administrative Tools. In the RDP-Tcp Properties dialog box. 3. select the record for Dana Birkby. click OK. right-click RDP-Tcp. 2. . and then click OK. point to Terminal Services. In the right pane. and then click Terminal Services Configuration. In the Encryption level box. click Start. In the Reset Password dialog box. 10. expand the NYC node. Click Advanced. click Edit and verify that the check box under Deny for Remote Control is not selected. 13. and then click OK twice. 14. 9. In the Connections section. click Start. Close the Terminal Services Configuration snap-in. in the New password box type Pass@word1. select Dana Birkby. 12. under the WoodgroveBank. In the Active Directory Domain Services confirmation box. point to Administrative Tools. The Terminal Services Configuration message box is displayed. To start the Terminal Services Configuration snap-in on 6428A NYC-TS-03. verify that the value is Client Compatible. On the Security tab.Lab: Configuring and Troubleshooting TS Connections L3-23 f Task 2: Verify the user and group permissions and policy settings 1. In the left pane. under Connection Name. right-click Monika Buschmann and then click Reset Password. and then click Marketing. 15. under Group or user names section. If selected. click the Security tab. clear the check box. and then click Active Directory Users and Computers.com node. and then click OK. 8. 4. In the Confirm password box type Pass@word1. 11. and then click Properties. In the RDP-Tcp Properties dialog box.

L3-24 Module 3: Configuring and Troubleshooting Terminal Services Connections f Task 3: Verify that the users are able to log on with the updated settings 1. In the Remote Desktop Connection dialog box. . In the Windows Security dialog box. click Run. In the Network and Sharing Center window. click Start. verify that NYC-DC is connected to WoodgroveBank. d. and then click Log off. e. click Start. In the Network and Sharing Center window. 4. verify that the computer is Nyc-ts. To log off Monika. click Connect. c. point to the arrow key next to the lock computer button. 6. Then. 5. b. and then click Connect. right-click Local area Connection and click Enable. in the Open box type mstsc. To log on as the second user. 3. Note: If the Remote Desktop Connection is disconnected. type mstsc. On 6428A-NYC-DC1-01. click Manage network connections. f.com. Click the Network and Sharing Center icon. Check the status of the Local Area Connection. and then click Disable. click Start. and then click OK. and then click OK. g. Verify that NYC-DC is connected to Unidentified network. In the Remote Desktop Connection dialog box. click Run. Close the Network Connections window. 2. In the Network Connections window. under Tasks. perform the following steps to create the remote connection: a. right-click Local Area Connection. Open Control Panel. click Use another account. log on as WOODGROVEBANK\Monika with the password as Pass@word1 and then click OK.

10. In the Close window. 9. 3. Click OK. f Task4: Shut down the virtual machines 1.Lab: Configuring and Troubleshooting TS Connections L3-25 7. you should have used troubleshooting techniques to resolve connectivity issues. Results: After this exercise. Log on as WOODGROVEBANK\Dana with the password as Pa$$w0rd and then click OK. The Disconnect Terminal Services Session dialog box is displayed. Close the remote connection. . 2. Exit the Lab Launcher tool by clicking the close button. Click OK. 8. In the Windows Security dialog box. click Use another account. click Turn off machine and discard changes.