Client Machine Cannot Launch RDS Apps. Event 4625 Status 0xC000035B.

My help desk gave me a shout today saying that a particular user could not launch an RDS app from their computer.  Naturally I checked all the basics with test account and all was operating as expected so I knew it had to be something with the client machine.

I did a bunch of more basic troubleshooting (I didn’t have a lot of faith in this particular technician) and then started digging through the logs on the RDS Gateway box until I found the following little bugger (Event 4625):

Naturally this doesn’t tell me anything, but with a little Google-Fu I came up with this source.  I changed the LmCompatibilityLevel value to 3 or higher as directed, gave the machine a reboot, and wha-lah it worked.  The value can be found at HKLM\SYSTEM\CurrentControlSet\Control\Lsa.

Enable “Single-Click” with GPO

If you have ever worked with touchscreen computers, you will certainly understand how much of a pain it is to try and double-click a desktop icon without dragging it.  As I have many kiosks in my environment currently, I hunted down how to enable the single-click option by pushing a couple registry updates with GPO (see comment by Sergio Calderón here).  The registry updates are as follows:

The second is optional, it just underlines the icon when is selected.  Little quality of life feature.

Connect to Specific Wireless SSID Pre-Logon

Just one of those good to know things I learned back when I was on the Help Desk.  Push this little regedit with GPO, or add it by hand (gross), and the computer will connect to the specified wireless network prior to logon.

Add a new string value here and call it whatever you want (ex. ConnectPre-Logon).  Add the following as its value:

 

Specific Windows 7 Computer Unable to Access File Share

Ran into a bit of a weird one today.  Had one of my Help Desk guys call me up saying that no matter what a particular user cannot access a specific file share on a certain computer, always receiving an Access Denied message.  On any other computer this issue is not occurring.  He tells me he has checked all group assignments, removed the profile, removed and re-added it to the domain to no avail.  Quite the weird one.

I hop on and confirm all that needs confirming and see that there was definitely not an access issue.  Tried to hit it from a different profile with some administrator creds with no change.  Here’s the kicker though, I could UNC to the actual drive that held the share and manually navigate to access it no problem.  Okay time to talk to Uncle Google, this doesn’t make any sense.  Long story short I finally stumbled upon the solution from Microsoft (found here).  It has to do with the local CSC (offline files) database on the computer, and you fix it by wiping that joker.  You do this by adding the registry key found below and bouncing the box.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CSC\Parameters

DWORD (32-bit)Value – FormatDatabase – Value = 1

After the box finishes restarting, log in and wa-lah!  You can access all shares normally again.  Yay!  You can also do this via batch/cmd if you wish with the following:

 

Windows 7 Not Connecting to Wired Network Prior to Login

This is an issue that historically I have found often with wireless network connections, but very rarely with wired connections. This has always been easily resolved by simply pushing the pretty standard GPO found below:

Computer Configuration\Policies\Administrative Templates\System\Logon

Always wait for the network at computer startup and logon

Naturally I stumbled upon a case where this was not the case. I pushed the GPO and even changed the local GPO to no success (the main indicator being an error in the event log saying it couldn’t contact DC during logon). One Google search later I found the answer (here). Set the following local GPO:

Computer Configuration\Administrative Templates\System\Group Policy

Startup policy processing wait time = 120

You can play with the wait time numbers, but 2 minutes worked for me.  As one would expect this does slow the boot time significantly (by two minutes, who would have thought), but it will get you up and running.