Introduction:

The RemoteApp feature is a service integrated by Microsoft in its systems after Windows Server 2008. It allows users to access remote desktops and applications remotely, enabling users to utilize various desktops and applications published on remote servers without the need to install the operating system and applications on the client's local machine. JumpServer has developed RemoteApp based on this feature to provide various applications for users to securely use on RemoteApp machine.

If you have any questions about how to initialize a RemoteApp machine and how it works, please refer to this:   .

Tinkerd service trace files are stored in the C:\Users\Administrator\AppData\Local\Programs\Tinker\data\logs on RemoteApp machine,you may find it useful when troubleshooting issues.

Prerequisites

1. Ensure that the RemoteApp machine is Windows Server 2019, as some features may be restricted in other versions of Windows Server.

2. Ensure that your RemoteApp machine's Remote Desktop (RD) licensing is in a normal state and make sure RD licensing is device-based. Any issues with RD licensing can affect the functionality of RemoteApp. For further details regarding RD licensing, please consult Microsoft for further support.

3. Ensure that the RemoteApp machine has open communication on ports 80 and 443 to the JumpServer, and that the JumpServer can access ports 3389 and 22 (or 5985/5986 if you use winrm to initialize) on the RemoteApp machine for network connectivity.

4. Ensure that when configuring the RemoteApp machine, you add the Windows Administrator privileged account. Otherwise, RemoteApp Initialization may fail.

5. Ensure that the RemoteApp machine has a minimum configuration of 4 cores and 8 GB of RAM.

6. If you're using community editon(JumpServer-ee), please make sure RemoteApp machine can access Internet before initialization. 

7. It is not recommended to use a Windows Server within a domain controller as a RemoteApp machine, as domain-specific policies may cause issues with the proper functioning of the RemoteApp service.

Issues During Initialization:

1. Unable to Connect to the Remote Server.

Cause:

The reason for this issue is that you did not correctly set the core_host address when configuring the RemoteApp machine. You need to set the core_host address to the JumpServer address.

Troubleshooting tips: 

Recheck and configure the core_host address, then proceed with the initialization process again.

2. Celery Task Blocked.

Cause:

This issue may be caused by an abnormal state of the Celery component, which is preventing tasks from running.

Troubleshooting tips: 

1. Check celery's status using command: jmsctl status.

2. Restart celery using command:  jmsctl restart celery.

3. Wait Tinker Api Health Failed.

Cause:

The main reason for this issue is that the Tinkerd service installed on the RemoteApp machine is unable to register with JumpServer, or there are other reasons causing it to not communicate properly with JumpServer.

Troubleshooting tips: 

1.Switch on the component registration feature under the component settings in JumpServer's system settings, and then reinitialize the RemoteApp machine.

2. Login to the RemoteApp machine and check if the JumpServer Tinkerd service is working properly in the Windows Services. If it is not working , you can try manually starting it or investigate errors by checking the Event Viewer and Tinkerd logs.

4. Initialize RemoteApp Machine with WinRM Failed.

Cause:

The issue may be caused by the WinRM feature not being enabled on the RemoteApp machine or by a lack of network connectivity from the bastion host to the RemoteApp machine.

Troubleshooting steps:

1. Ensure that the RemoteApp machine has open communication on ports 80 and 443 to the JumpServer, and that the JumpServer can access ports 3389 5985/5986 on the RemoteApp machine for network connectivity.

2. To enable the WinRM feature on the RemoteApp machine, you can use the command winrm quickconfig.

Common issues while using:

1. Enable to Access Remote Desktop

Check and enable the appropriate network policies to ensure that the RemoteApp machine can access the URL of the managed webpage asset or the address of the other application.

Cause:

The issue may be caused by network connectivity problems between JumpServer and the RemoteApp machine, or it could be due to abnormal issues such as Windows RD licensing expiration.

Troubleshooting tips:

1. Check the network connectivity between JumpServer and the RemoteApp machine.

2. Verify the network connectivity from the RemoteApp machine to the web page or database.

3. Ensure RemoteApp machine's status is normal.If offline,please start JumpServer Tinker Service manually on RemoteApp machine. 

4. Check the status of accounts on the RemoteApp machine.

5. Ensure the connection method between the Web GUI and Windows clients is functioning correctly.

6. Refer to the troubleshooting documentation for Windows to ensure that the Lion component or Razor component(X-Pack) is functioning properly.

7. Ensure that your RemoteApp machine's Remote Desktop (RD) licensing is in a normal state and make sure RD licensing is device-based. Any issues with RD licensing can affect the functionality of RemoteApp. For further details regarding RD licensing, please consult Microsoft for further support.

2.  Get Auth Info http/https Failed:

Cause:

The main issue is likely due to incorrect time settings on the RemoteApp machinem.

Troubleshooting tips: 

Check the system time on the RemoteApp machine and set it to the correct time.

3.  No Host Account available

Cause:

The main reason for this issue is that the bastion host is unable to assign appropriate users or there are no available users to access the remote application.

Troubleshooting tips: 

1. Ensure RemoteApp machine's status is normal. If offline,please start JumpServer Tinker Service manually on RemoteApp machine. 

2. Check if there is an Administrator privileged account in the list of publishing machine accounts. If not, add one and redeploy the initialization.

3. Verify if there is a automatically generated common account (Accounts starting with "jms_") in the list of publishing machine accounts. If not, regenerate it and then initialize the RemoteApp machine again.

4. Can't Access Target Website or Other Target Applications.

Cause:

The main reason for this issue is that the network connection from the RemoteApp machine to the target webpage or other application is not functioning properly.

Troubleshooting tips: 

Check and enable the appropriate network policies to ensure that the RemoteApp machine can access the URL of the managed webpage asset or the address of the other application. 

5. Module Not Found Error: No module named 'win32ui'

Cause:

The main reason for this issue is that the RemoteApp autofill feature, which relies on Selenium, is missing some Python libraries. The cause of this problem may be related to the environment of RemoteApp machine.

Troubleshooting tips: 

Manually install the missing library on the RemoteApp Machine by running the following command:

pip install --upgrade exceptiongroup