- Log in to your PDC Server and open the command prompt as administrator.
- Configure the external time sources, type: w32tm /config /syncfromflags:manual /manualpeerlist:0.pool.ntp.org
- Make your PDC a reliable time source for the clients. Type: w32tm /config /reliable:yes
- Restart the w32time service: net stop w32time && net start w32time
- The windows time service should begin synchronizing the time.
- You can check the external NTP servers in the time configuration by typing: w32tm /query /configuration
The default Remote Desktop (RD) Gateway encapsulates RDP in HTTPS packets listens on port 443 (for TCP) and port 3391 (for UDP). Many times you are limited to one public IP address and the port 443 is already occupied by some other service.
In that case you should change the port 443 to something else. Bellow is the procedure of doing it:
Open Remote Desktop Gateway Manager (Start > Administrative Tools > Remote Desktop Services):
- Right-click the Remote Desktop Gateway server name and select Properties.
- Select the Transport Settings tab.
- Modify the HTTP and/or UDP port number and click OK.
Now, when accessing with the RDP client you have to specify the RD Gateway server name with the custom port you have to specified before.
In case you are using also published Remote Web Apps you have to use a powershell trick to change the TCP port to your custom. Remote Desktop Gateway Port. On your RD Connection Broker use powershell commands below to change the published gateway to include your custom port:
Set-RDSessionCollectionConfiguration -CollectionName “MySessionCollection” -CustomRdpProperty “gatewayhostname:s:my.gateway.server:4343”
Remove the RDS licensing time-bomb registry entry with the help of Sysinternals PSExec (Regedit alone couldn’t do it because it had to be run under highest privileges):
psexec -s -i regedit.exe:
Locate the registry key: HKLM\system\CurrentControlSet\Control\Terminal Server\RCM\GracePeriod
Remove the registry key GracePeriod and reboot the computer.
Force-removing the RDS licensing time-bomb registry entry:
RegEdit alone couldn’t do it. It had to actually be run under highest privileges with the help of Sysinternals: psexec -s -i regedit.exe
After another reboot things seem to be working now.