locked
Windows Server 2012 Virtual Desktop Template Issue RRS feed

  • Question

  • Hi

    I have created a two server VDI infrastructure using Server 2012 RTM I have one server hosting the RDS connection broker and RD Web Access roles and then a separate server with Hyper-V server installed hosting the server 2012 RD Virtualisation Host.  I am hosting Windows 8 VDI images on these servers

    When I create the virtual infrastructure from scratch I can created a new collection hosting pooled desktops and everything works no problem.  The issue arises when I need to update the template and re-create all the desktops.  For updating the desktops I am following the process below.

    1- Make a copy of the existing desktop and then start it up in hyper-v and make my changes

    2- Run sysprep with the /generalise /oobe /shutdown /mode:VM

    3- Go into my Collection on my connection broker server and run the recreate all desktops task

    4- Select my shutdown VM syspreped in step 2

    At this stage I get an error stating "The virtual desktop must be in a stopped state:  Could not identify the state of the virtual desktop.  Ensure that the RD virtualisation host server is available on the network and the virtual desktop is shut down"

    I have looked all over for errors in the logs and found nothing.  It look connection related or maybe something to do with WMI but I have run connection test between the servers and everything is ok.  The only solution I have found so far is if I remove the RD virtualisation host from my hyper-v server and then reboot and reinstall it then works again.

    Can anybody help as I am running out of ideas on this one.

    Thanks

    Tuesday, October 2, 2012 9:03 PM

Answers

  • All,
    After collecting MANY logs, Netmons, ProcMons and traces, it was finally discovered that the Connection Broker server's computer account MUST be a member of the local administrators group on the Virtual Host (RDS Host) machine.

    I added my Connection Broker's computer account to my Virtual Host machine's local administrators group, rebooted both servers and bingo, it all worked!

    What I find odd is that I was able to spin up two collections prior to the issue and then after the issue, nothing.

    Hopefully this will work for the rest of you guys as well.


    Will Smothers

    • Marked as answer by Mark_Skelton Wednesday, October 24, 2012 9:20 AM
    Monday, October 15, 2012 8:03 PM

All replies

  • Hi,

    My testing is ok.Is it possible that your server is working overload?When do the debugging,pls go to the event log,go to TerminalServices-TSV-VmHostAent to see whether there are any clues.Make sure that your syspreped template VM in your above pocess is powered off.

    Regards,

    Clarence

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Thursday, October 4, 2012 9:25 AM
  • Thank you Clarence for your reply.

    I have checked the VMHostAgent Log and there is nothing added when I run the template re-creation wizard. I have looked in both the Admin and Operational Logs.  I have also ensured the virtual desktop is shut down.  I am still getting the following error.

    Could not identify the state of the virtual desktop.  Ensure that the RD virtualisation host server HPV1-4 is available on the network and the virtual desktop WIN8-MASTER is shut down.

    Short of rebuilding the environment again I am not sure what the issue could be.

    Friday, October 5, 2012 3:15 PM
  • I have the EXACT same issue. I have a case open with Microsoft on this and as soon as they give me an answer I will post it here.

    Currently they have had me:

    • Create a brand new virtual machine template & sysprep it.
    • Delete my collection and attempt to create a new one.
    • Do Netmon captures from both the Connection Broker (where I am trying to recreate my collection) and the virtual host machine.

    I they have involved both the Window 2012 team, network team and the RDS team. I am hoping to have an answer from support by the end of this week (I have already had my ticket open for a week with no solution).


    Will Smothers

    Sunday, October 7, 2012 4:19 AM
  • thanks Will,  I had come to the assumption that this was a Bug.  Please do let me know when they come back to you.  I have also escalated through my contacts to try and see if I can find a fix.  I will post as soon as I find anything.
    Monday, October 8, 2012 8:17 AM
  • Did you upgrade a windows 2008 r2 or a clean install of windows 2012 server?

    I have the exact same problem after a windows 2008 r2 upgrade.

    I'll wait for the result in your support case before I do anything.

    Tuesday, October 9, 2012 11:14 AM
  • Mine was a completely clean install of Windows 2012.

    Will Smothers

    Tuesday, October 9, 2012 11:49 AM
  • I have tried both an upgrade and a clean install and getting the same problem across three separate Hyper-V servers.  It seems to work the first time you try it on a hyper-v server and from that point on I get the error.  It even happens when I delete the image and start from a brand new windows 8 image and make all my setting changes.
    Wednesday, October 10, 2012 6:29 PM
  • We are investigating this issue, but can you do the following and post the results to help with the investigation?

    Enabling Clear Text Log Files

    There are two logs files that provide a detailed log of the actions performed by Remote Desktop Services installation and the RDMS user interface. These log files are clear text and do not need to be formatted or converted before they are analyzed, and they provide the input parameters as well as the completion status of each phase of the installation or configuration of a Remote Desktop deployment in Windows Server 2012.

    To enable these logs, do the following:

      •        Create a new registry key named RDMS under HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT.
      •        Create two DWORD (32-bit) values under RDMS key with value name and value data set as below:  

    Value name: EnableDeploymentUILog

    Value data :   1

    Value name: EnableUILog

    Value data :   1

    Enabling RDMS UI Tracing

    When troubleshooting any problem with Remote Desktop Services installation or Collection Creation, the RDMS UI Logs should be enabled. RDMS UI clear text logs logs must be enabled by setting the registry key listed above.

    To RDMS UI Debug Event Logs, do the following:

    1.        Open Event Viewer, click View in the Menu Bar, and then click Show Analytic and Debug Logs.
    2.        In Event Viewer, navigate to the following path: Applications and Services Logs\Microsoft\Windows\RDMS-UI\Debug. Right click on Debug log and select Enable Log.

    Verify that the template VM has a simple, one word name with no special characters, spaces, or hidden characters contained within it. Verify that the template VM has does not have multiple snapshots and is connected to a valid Hyper-V VMSwitch. Verify that the template VM is shutdown and has been sysprep'd.

    Reproduce the error message with the above logging enabled, and then look in the RDMS-UI Debug event log.  Post any events that you see.

    Thanks!


    Don Geddes - SR Support Escalation Engineer - Remote Desktop Services - Printing and Imaging

    Wednesday, October 10, 2012 7:34 PM
  • dgeddes - My support engineer already had me do this and still does not have any answers. Please reference Microsoft Support Case REG:112100153682525.

    Will Smothers

    Wednesday, October 10, 2012 8:02 PM
  • Thanks Will, I am aware of your case, I was hoping to get some supporting data from others that might be seeing the same issue.

    We don't know what is causing the issue right now, so sorry for a lack of answers.  There are several different reasons why this particular error might be coming up.


    Don Geddes - SR Support Escalation Engineer - Remote Desktop Services - Printing and Imaging


    Wednesday, October 10, 2012 8:17 PM
  • Don,
    Hate to do this here but is there anyway I can work directly with you instead of going through Israr? He is doing a great job but I think the troubleshooting would go smoother and quicker with a more seasoned support engineer working directly with me.

    Just a thought.


    Will Smothers

    Wednesday, October 10, 2012 8:51 PM
  • Don thanks for helping out.  Below is the errors that I see go through the debug log when I try to recreate my virtual desktops:

    10:03:18 Event ID 40963: Component RdmsUI: Error in script execution on SCRDS01.xldh.nhs.uk :

    10:03:18 Event ID 40963:

    Component RdmsUI: Failed to fetch local DB connection string from server: SCRDS01.xldh.nhs.uk : System.Management.Automation.RemoteException: Property DBConnString does not exist at path HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tssdis\Parameters.

       at Microsoft.RemoteDesktopServices.Common.DeploymentModel.ExecutePowerShellScript(String serverName, String script, Object argumentList, Boolean isLocalhost)

       at Microsoft.RemoteDesktopServices.Common.DeploymentModel.IsHighAvailabilityConfigured(String managementServer)

    10:03:25 Event ID 40963: 

    Component RdmsModel: GetVMstate for Vm WIN8TMP11102012 failed with error 4099

    10:03:25 Event ID 40963: 

    Component RDExceptionHandler: Could not identify the state of the virtual desktop. Ensure that the RD Virtualization Host server HPV1-2.xldh.nhs.uk is available on the network and that the virtual desktop WIN8TMP11102012 is shut down.

    Thursday, October 11, 2012 9:09 AM
  • I had the same Error. It was a firewall issue. Please make sure all proper ports are open between the ip address of the pooled virtual desktop and your Broker.  For testing purposes I put all three roles onto one server (broker, gateway, webaccess) and I opened that server up completely in the firewall to that VDI pool and it worked just fine.  I believe you need just the broker to have access to the virtual desktop though. 

    So in summary I had to poke a hole in my firewall for my broker (DMZ lan) to have access to the subset of IP's being used in the VDI pool (PC LAN). Soon as I did that the error went away.  

    Hope this helps.  

    Thursday, October 11, 2012 1:53 PM
  • Thanks Mark, the first two errors are not part of the problem and can be ignored.  The last two errors are what I am after.

    What kind of network (vmswitch) is the template VM attached to and can the host (RDVH server) and Connection Broker (RDMS) communicate with it?


    Don Geddes - SR Support Escalation Engineer - Remote Desktop Services - Printing and Imaging


    Thursday, October 11, 2012 2:42 PM
  • All,
    After collecting MANY logs, Netmons, ProcMons and traces, it was finally discovered that the Connection Broker server's computer account MUST be a member of the local administrators group on the Virtual Host (RDS Host) machine.

    I added my Connection Broker's computer account to my Virtual Host machine's local administrators group, rebooted both servers and bingo, it all worked!

    What I find odd is that I was able to spin up two collections prior to the issue and then after the issue, nothing.

    Hopefully this will work for the rest of you guys as well.


    Will Smothers

    • Marked as answer by Mark_Skelton Wednesday, October 24, 2012 9:20 AM
    Monday, October 15, 2012 8:03 PM
  • That is a workaround, I hope that was explained to you?  The Connection Broker machine account should not normally need to be added to that group.  It should be a member of the local RDS Management Servers group on the RDVH server, and then we also setup some permissions for Hyper-V and WMI during the Remote Desktop Services installation process.

    What we don't know is what is breaking the Hyper-V or WMI permissions, as we can't repro this issue. 


    Don Geddes - SR Support Escalation Engineer - Remote Desktop Services - Printing and Imaging

    Monday, October 15, 2012 8:53 PM
  • Hi sorry for the delay.

    I have checked and all firewalls are disabled on the RDS Virtualisation hosts and the RDS connection broker.  In addition all servers are on the same subnet so there is no external firewall in the way.

    The Virtual switch configured on the RDS virtualisation hosts are all the same.  They are External Networks bound to a teamed adapter with the "allow management OS to share this adapter" enabled.  The team has been created with the built in server 2012 teaming software not any third party products.

    I can confirm though if I follow Will's post about adding the RDS connection broker computer account to the administration group on all servers the template re-creation wizard runs through as it should without errors.  I am sure this is not by design.

    Let me know if you need any more information

    Tuesday, October 16, 2012 10:09 AM
  • At this point it doesn't seem firewall related but let me be a little more clear just to make sure.

    Please make sure that the IP address of the actual virtual machine you are trying to create a collection with is accessible from the broker.

    So, If you are trying to add a PC sitting in your PC LAN to a collection make sure your broker (DMZ) has proper access to this IP address in your PC LAN.

    I didn't initially have this because generally the two don't have access to one another.

     
    Tuesday, October 16, 2012 3:00 PM
  • the broker server can definitely contact the IP address on the VM's I am also remotely connect to WMI once the VM is up so to me there doesn't seem to be anything blocking it on the network.  Also if there were network issues when I add the computer account of the connection broker to the admin group of the RDS virtualisation host the issue disappears so again this leads to me thinking this issue is not network related.
    Tuesday, October 23, 2012 10:11 AM
  • Please see my post earlier in the thread.

    The issue is somewhere either in WMI permissions or Hyper-V Authorization Manager permissions.  These get setup for you when you install using Remote Desktop Services installation, and sometime later something breaks them.  Adding the CB machine account to administrators is a workaround, and we have not yet been given the opportunity to investigate where the permissions have been messed up and what is doing it. This sort of troubleshooting needs to be done on a system that has the problem, and we are not able to reproduce the issue internally. 


    Don Geddes - SR Support Escalation Engineer - Remote Desktop Services - Printing and Imaging

    Tuesday, October 23, 2012 6:31 PM
  • Hi Geddes,

    I to facing the same issue The virtual desktop must be in a stopped state:  Could not identify the state of the virtual desktop.  Ensure that the RD virtualisation host server is available on the network and the virtual desktop is shut down.

    When trying to create Virtual Desktop collection, i see the error, below are the steps taken to troubleshoot the issue.

    • Win8 VM is in shutdown mode.
    • Firewall is disabled on both host and VM.
    • Added Connection Broker Computer account to Hyper-V host local administrators group.
    • Analyzing the logs - in progress.
    • Created Snapshot of Win8 VM and joined to the domain and tried creating collection, no luck.
    • When selected personal desktop and unchecked 'automatically manage and create Virtual Desktop collection' , i can move to the next screen and then error at the time of creating the collection.
    • Check event logs, could not find anything specific to the above error

    Will work on WMI and Hyper-V authorization manager permissions and let u know the status. 

    Regards,

    Ajaykumar

    • Edited by AjayFRW Tuesday, November 6, 2012 7:38 AM
    Tuesday, November 6, 2012 7:32 AM
  • Greetings all...

    I have this same issue... I create two collections that worked fine..  I deleted them.. and am now attempting to create a new collection with a new image..  POOF ! No worky.. so the issue definitely gets "introduced" at some point (i.e. permissions get changed)..  I have not attemped adding the CB machine account to admins of the VH role server yet..   Will give that a shot just verify its the same exact issue...

    Friday, November 9, 2012 2:47 PM
  • Any update on this issue?  I have added the   CB host machine to the local admin group on the virtualization host and still no joy....


    Steve Lithgow

    Wednesday, November 28, 2012 8:57 PM
  • We're running into the same issue. I've checked to see if it was a permissions issue on the drive because we moved the location of the VMs and VHDs to a larger drive on the system and I wondered if that might have broke it.

    Creating a non-managed pool works.

    I'm also getting a denied from the local IP to the connection broker server. We tried the machine acct in the admins group and it was no dice for us too. Do our friends from MSFT have any suggestions?


    Friday, January 4, 2013 2:19 AM
  • I thought it would be helpful to follow up with my solution to this issue.

    After giving this A TON of time diagnosing what the potential problem was, I realized that with my template that I was trying to use snapshots existed of the machine in a turned on state. The way the Connection Broker saw the system was, essentially, turned on because of those snapshots existing. I recreated my template and when I took snapshots, *the machine was off*. After I got done and generalized the machine, I was golden.

    I hope this helps someone, I think I grew a few gray hairs after this issue with all the time I had to spend on it.

    • Proposed as answer by Peter Juvinall Friday, January 4, 2013 7:32 PM
    Friday, January 4, 2013 7:32 PM
  • All,
    After collecting MANY logs, Netmons, ProcMons and traces, it was finally discovered that the Connection Broker server's computer account MUST be a member of the local administrators group on the Virtual Host (RDS Host) machine.

    I added my Connection Broker's computer account to my Virtual Host machine's local administrators group, rebooted both servers and bingo, it all worked!

    What I find odd is that I was able to spin up two collections prior to the issue and then after the issue, nothing.

    Hopefully this will work for the rest of you guys as well.


    Will Smothers


    This solved the same problem I've faced
    Thursday, May 29, 2014 5:11 PM
  • This solved the same problem I've faced
    Thursday, May 29, 2014 5:11 PM
  • I have same problem. VM need to be first generation. 

    "Test-MasterVm : Failed to validate the virtual desktop template. Error: Generat
    ion 2 virtual machines are not supported as a virtual desktop template. Select
    a valid Generation 1 virtual machine to use as a virtual desktop template, and
    then try again..
    Verify that the virtual desktop template is sysprep generalized, in stopped sta
    te, and connected to the network, and that it has at least 1 GB of RAM.
    "
    Monday, November 17, 2014 2:46 PM
  • thanks...worked like charm!

    But can you tell me the reason, how it resolved the issue?

    • Edited by aman_007 Saturday, July 4, 2015 3:13 AM
    Saturday, July 4, 2015 3:12 AM
  • thanks Will, saved me some time by the sounds of it
    Tuesday, November 10, 2015 4:18 AM