Event ID 1011 — Personal Virtual Desktop Availability
Applies To: Windows Server 2008 R2
Personal virtual desktop assignments are stored in Active Directory Domain Services (AD DS). AD DS must be available for the RemoteApp and Desktop Connection Management service to display a user's personal virtual desktop by using RemoteApp and Desktop Connection or RD Web Access.
Event Details
Product: | Windows Operating System |
ID: | 1011 |
Source: | Microsoft-Windows-RemoteApp and Desktop Connection Management |
Version: | 6.1 |
Symbolic Name: | TSCPUBSVR_AD_ERROR |
Message: | Error accessing Active Directory. Error Code: %1 |
Resolve
Identify and fix communication issues with Active Directory Domain Services
To resolve this issue, do the following things:
- Identify and fix network connectivity issues.
- Check the Active Directory Domain Services functional level.
- Check that a personal virtual desktop is assigned to the user account.
- Ensure that you can log on to the RD Web Access server by using domain credentials.
- Ensure that the domain credentials are formatted correctly in a non-Microsoft application.
- Add the RD Connection Broker computer account to the Windows Authorization Access Group.
To perform these procedures, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.
Identify and fix network connectivity issues
The following are some troubleshooting steps that you can perform to help identify the root cause of the problem:
- Ping other computers on the network to help determine the extent of the network connectivity issue.
- If you can ping other servers but not the RD Connection Broker server, try to ping the RD Connection Broker server from another computer. If you cannot ping the RD Connection Broker server from any computer, first ensure that the RD Connection Broker server is running. If the RD Connection Broker server is running, check the network settings on the RD Connection Broker server.
- Check the TCP/IP settings on the local computer by doing the following:
- Click Start, click Run, type cmd, and then click OK.
- At the command prompt, type ipconfig /all, and then press ENTER. Make sure that the information listed is correct.
- Type ping localhost to verify that TCP/IP is installed and correctly configured on the local computer. If the ping is unsuccessful, this may indicate a corrupt TCP/IP stack or a problem with your network adapter.
- Type ping IP_address, where IP_address is the IP address assigned to the computer. If you can ping the localhost address but not the local address, there may be an issue with the routing table or with the network adapter driver.
- Type ping DNS_server, where DNS_server is the IP address assigned to the DNS server. If there is more than one DNS server on your network, you should ping each one. If you cannot ping the DNS servers, this indicates a potential problem with the DNS servers, or with the network between the computer and the DNS servers.
- If the RD Connection Broker server is on a different subnet, try to ping the default gateway. If you cannot ping the default gateway, this might indicate a problem with the network adapter, the router or gateway device, cabling, or other connectivity hardware.
- In Device Manager, check the status of the network adapter. To open Device Manager, click Start, click Run, type devmgmt.msc, and then click OK.
- Check network connectivity indicator lights on the computer and at the hub or router. Check network cabling.
- Check firewall settings by using the Windows Firewall with Advanced Security snap-in.
- Check IPsec settings by using the IP Security Policy Management snap-in.
Check the Active Directory Domain Services functional level
To use personal virtual desktops in your environment, your functional level must be at least Windows Server 2008. To use the Personal Virtual Desktop tab in the User Account dialog box within Active Directory Users and Computers, your functional level must be at Windows Server 2008 R2.
To check the Active Directory Domain Services functional level:
- On the domain controller, open Active Directory Domains and Trusts. To open Active Directory Domains and Trusts, click Start, point to Administrative Tools, and then click Active Directory Domains and Trusts.
- Right-click Active Directory Domains and Trusts, and then click Raise Forest Functional Level.
- Ensure that Current forest functional level displays either Windows Server 2008 or Windows Server 2008 R2.
- Click OK to close the Raise Forest Functional Level dialog box.
Check that a personal virtual desktop is assigned to the user account
You can check if a personal virtual desktop is assigned to the user account on a domain running at the Windows Server 2008 R2 functional level by using Active Directory Users and Computers.
To check that a personal virtual desktop is assigned to the user account:
- On the domain controller, open Active Directory Users and Computers. To open Active Directory Users and Computers, click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
- Navigate to the user account object, and then click Properties.
- Click the Personal Virtual Desktop tab.
- Ensure that the Assign a personal virtual desktop to this user check box is selected, and the FQDN of the personal virtual desktop is displayed in the Computer Name box.
- Click OK to close the user account dialog box.
Ensure that you can log on to the RD Web Access server by using domain credentials
The RD Web Access server that is configured to use the RD Connection Broker server must be available to communicate with the RD Connection Broker server.
To log on to the RD Web Access server that is configured to use the RD Connection Broker server:
- On the RD Web Access server, open Remote Desktop Web Access Configuration. To open Remote Desktop Web Access Configuration, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Web Access Configuration.
- In the Domain\user name box, type a valid domain and user account name.
- In the Password box, type the password for the user account.
- Verify that you can successfully log on to the RD Web Access server by using Remote Desktop Web Access Configuration.
Ensure that the domain credentials are formatted correctly in a non-Microsoft application
The RemoteApp and Connection Management service queries RemoteApp programs, session-based desktops, and virtual desktops that are available to a specific user. This error can occur in a non-Microsoft application if the domain credentials are not properly formatted. For more information about the RemoteApp and Connection Management service API reference, see https://msdn.microsoft.com/en-us/library/dd401668(VS.85).aspx.
Add the RD Connection Broker computer account to the Windows Authorization Access Group
The Windows Authorization Access Group is a security group included in the Active Directory Domain Services domain.
To add the RD Connection Broker computer account to the Windows Authorization Access Group:
- On the domain controller, open Active Directory Users and Computers. To open Active Directory Users and Computer, click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
- Click Builtin, and then double-click Windows Authorization Access Group.
- Click the Members tab, and then click Add.
- In the Enter the object names to select box, type the name of the RD Connection Broker computer account, and then click OK.
- Click OK to close the Windows Authorization Access Group dialog box.
Verify
To verify that the RemoteApp and Desktop Connection Management service can read the personal virtual desktop assignment for a specified user account, you can log on to the RD Web Access server and verify that the personal virtual desktop is displayed for the user.
To verify that the personal virtual desktop is displayed for the user:
- On a client computer, click Start, click All Programs, and then click Internet Explorer.
- In the Internet Explorer address bar, type the fully qualified domain name of the RD Web Access server, and the press ENTER.
- In the Domain\user name box, type the domain and user account.
- In the Password box, type the password of the user account.
- Click RemoteApp Programs.
- Verify that the personal virtual desktop for the user appears.