AXEL Thin Clients models M70 and M75 are certified for servers 2012R2. If the connection is refused, please check the following:
The error message "Invalid Client “ indicates a licensing issue and is caused by the scenarios below:
This error is displayed because the encryption level of the thin client session is lower than the minimum required by the Microsoft server. Either the encryption level on the thin client side should be increased or the server’s level reduced.
Note : For the encryption setting of the terminal, enter the set-up and select the [Configuration]-[Sessions]-[Session X]-[Additional Parameters].
Two types of connection are available:
For configuration only the name or the IP address of the server (http or https), needs to be entered. (No need of the path to 'rdweb').
Note: These two types of connection can be configured and used at the same time with the same AXEL Thin Client.
This message can be displayed when connecting an RDP session.
Explaination:
The Microsoft password expiry mechanism does not work when the terminal and the server have negotiated to use NLA, so when the user's password has expired the login will fail.
Solution:
NLA (SSL tunnel with an NTLM authentication) is a security layer negotiated by both the RDP server and the AXEL Thin Client.
To allow the expiry mechanism to operate, NLA must be disabled:
For the next RDP connection, the 'Microsoft logon screen' will let the user's password to be changed.
Usually a RDS session connects to a physical or virtual Windows terminal server (ie 2003, 2008, 2012, 2016, 2019 or 2022) and provides a session-based connection. This allows multiple thin clients to connect to a single server.
With VDI, the terminal connects to a virtual machine via an RDP connection, typically a virtual Windows7 or 8 pc.
For a VDI installation the thin client must use the RemoteApp Desktop to allow the user to authenticate. After successful authentication icons for the virtual machine(s) are displayed on the local AXEL desktop.
After clicking in the icon a connection is established to the VM, or possibly a virtual machine is be created “on the fly”, depending on the VDI configuration.
The AXEL Thin Clients models M80 and M85 support this method of operation
Note: A simple RDP session can manually be configured to point a session on a virtual machine/PC – but this would not take benefit of the dynamic nature of a true VDI deployment
When an RDS/TSE session is established, a local logon box may be displayed (instead of the usual Windows graphical logon).
Is it possible to remove this local logon box to return to the Windows logon?
But before doing so certain factors should be taken in account.
The local logon is displayed in the following cases :
The local logon can be disabled only for the last case. Disabling NLA at both the thin client and the server levels will allow the Windows logon to be displayed.
Note: if NLA is disabled "User Profile Disks (UDP) do not operate.
At the server level:
Run the policy editor and select :
Computer ConfigurationPoliciesAdministrative TemplatesWindows ComponentsRemote Desktop ServicesRemote Desktop Session HostSecurity
Disable the policy
Require user authentication for remote connections by using Network Level Authentication.
At the thin client level:
Enter the set-up and go to [Configuration]-[Sessions]-[Session 1]-[Additional Parameters].
Set 'Default Security Layer' to 'RDP'.
Problem:
The user is requested to authenticate themselves multiple times before being able to login
Explanation:
As part of the 'Load balancing' mechanism the RDP connection can be passed around several servers, each one requiring the user to login.
Solution:
Enable the “Local Authentication” setting in the terminals configuration. This will allow the terminal to temporarily cache the credentials and automatically offer them when requested.
With an RDP session on server 2012/2012R2, the keyboard indicator LEDs (Caps Lock or Num Lock) may be reversed.
For example, Caps Lock LED is lighted on, but data input is in lowercase.
Explanation:
This is due to the RDP server and can be experienced with any RDP client (PC or AXEL Thin Client). Unfortunately Microsoft doesn’t plan to release a fix for this issue.
Solution:
The workaround is a special hot-key available for AXEL Thin Clients: <Ctrl><Alt><L>.
This allows the RDP server to be synchronized with the thin client keyboard indicator LEDs
Note: This hot-key is available from 1236d.16011 firmware.
The possible cases are:
If SSL/TLS (with or without NLA) is activated potential problems may be experienced:
AXEL Thin Clients used with TSE/RDS require TSE CAL licenses.
If the licensing mode (on server side) is 'per user' the thin client is inert and inactive regarding the licensing mechanisms.
If the licensing mode is 'per device' a license token is sent to the thin client on the first login. This token must be presented by the thin client for subsequent connections. The information box (<Ctrl><Alt><i>) indicates whether a token has been received by the thin client.
In case of problems, you can delete this token (In AXEL Thin Client's Setup, go to [Configuration]-[Advanced]-[Local Store]).
Pressing <Ctrl><Alt><i> provides a dialog box that displays information about the current connection : encryption, possible gateway, license token, resolution, number of colors, list of redirected resources, compression....
The AXEL RDP client can't be directly compared with the generic Microsoft client. (RDP Client version 5, 6, 7 or 8).
AXEL license RDP under license from Microsoft and re-write in low level machine code. We select the functions and features that are applicable to our product and thin clients, so we cannot claim to be fully compatible with any specific versions of RDP, but we endeavor to keep the client fully up to date. For example our current client (March 2014) supports the key feature of W2012/W8 (NLA, USB redirection, RemoteFX etc)
This on the thin client model :
Security :
Layer security (RDP standard encryption low, medium and high) is supported by all models.
Connection via SSL/TLS and NLA is supported by models M80, 80WMS, M85, M90, M95, G10 and G15.
RemoteApp :
RemoteApp is supported on M80, M85, M90, M95, G10 and G15 with a server 2008r2 up to server 2022.