This on the thin client model :
 - AX3000 M80/M85/M90: NT4 TSE to 2022 (Multipoint included)
 - AX3000 M80WMS: Multipoint
 - AX3000 M70/M75: NT4 TSE to 2012R2 (Multipoint included)
 - AX3000 M65: NT4 TSE to 2003 SP1

Security
Layer security (RDP standard encryption low, medium and high) is supported by all models.
Connection via SSL/TLS and NLA is supported by models M80, 80WMS, M85 and M90.

RemoteApp
RemoteApp is supported on M80, M85 and M90 with a 2008r2/W2012r2 server.

The Axel RDP client can't be directly compared with the generic Microsoft client. (RDP Client version 5, 6, 7 or 8).

Axel license RDP under license from Microsoft and re-write in low level machine code. We select the functions and features that are applicable to our product and thin clients, so we cannot claim to be fully compatible with any specific versions of RDP, but we endeavor to keep the client fully up to date. For example our current client (March 2014) supports the key feature of W2012/W8 (NLA, USB redirection, RemoteFX etc)

Two types of connection are available:

• Individual session: this is a dedicated connection to a server, a broker or a farm of servers. The target resource can be either an application or more often a desktop.

• RemoteApp Desktop: this feature allows a user, after authentication, to see the icons of his published applications on the terminal’s desktop. Launching a published application is simply done by clicking the associated icon whereupon an RDP session is automatically established to the resource.

For configuration only the name or the IP address of the server (http or https), needs to be entered. (No need of the path to 'rdweb').

Note: these two types of connection can be configured and used at the same time with the same thin client.

Usually a RDS session connects to a physical or virtual Windows terminal server (ie 2003, 2008, 2012, 2016, 2019 or 2022) and provides a session-based connection. This allows multiple thin clients to connect to a single server.

With VDI, the terminal connects to a virtual machine via an RDP connection, typically a virtual Windows7 or 8 pc.

For a VDI installation the thin client must use the RemoteApp Desktop to allow the user to authenticate. After successful authentication icons for the virtual machine(s) are displayed on the local Axel desktop.

After clicking in the icon a connection is established to the VM, or possibly a virtual machine is be created “on the fly”, depending on the VDI configuration.

The M80 and M85 support this method of operation

Note: A simple RDP session can manually be configured to point a session on a virtual machine/PC – but this would not take benefit of the dynamic nature of a true VDI deployment

Thin clients used with TSE/RDS require TSE CAL licenses.

If the licensing mode (on server side) is 'per user' the thin client is inert and inactive regarding the licensing mechanisms.

If the licensing mode is 'per device' a license token is sent to the thin client on the first login. This token must be presented by the thin client for subsequent connections. The information box (<Ctrl><Alt><i>) indicates whether a token has been received by the thin client.

In case of problems, you can delete this token (in thin client set-up, go to [Configuration]-[Advanced]-[Local Store]).

Microsoft servers allow the redirection of certain terminal resources (printers, USB, audio, smart cards, etc). Once redirected the resource is only available to the user of the thin client.

The server contains several drivers for generic classes of peripherals. You cannot add other drivers (Exception: see “other” below)

Note: By default all redirection is disabled. The administrator can specify in the set-up which resources are redirected.

Printer (serial, parallel , USB and network)
Redirecting a printer simply requires that the Microsoft driver for this printer is installed on the server. Just specify the name of this driver at the set up of the terminal.

Smart card reader
The reader must be PC/SC CCID compliant .

Storage devices ( USB flash drive , hard disk , CD / DVD ... )
A storage device can be redirected providing the filesystem is
- FAT ( 12, 16 or 32)
- ISO9660

Audio
A USB audio device must be used (including USB to phono convertors) .
Audio (recording and playback ) is supported by the models 80 and 85 80WMS and Windows 2008R2 server or higher.

COM ports
Serial ports ( AUX1/AUX2 ) Can be redirected to the Microsoft server. They are then seen as standard COM ports . (USB to serial converters are supported

Other
Other devices (webcams, scanners, smartphones, etc) are supported by 'USB port forwarding'. With this method the thin client maps the USB device to a user installed driver on the Microsoft server.
USB redirection is supported by the models 80, 85 and 80WMS.
For RDS/TSE, a W2012R2 server is required.
For Citrix, XenDesktop is required (not supported with XenApp).

Axel thin clients support the following types of printers:
 - Serial and parallel,
 -  USB
 -  Network: defined by their IP address and TCP port (default 9100).

There are two types of configuration, applicable to all printer types:
   - The printer is redirected within the session (TSE/RDS or Citrix)
   - The thin client acts as a network print server (independent to any sessions)

1 - Redirection within the Session (TSE/RDS or Citrix)

The redirected printer is private to the user and is automatically created when the session is established and removed when the session is closed.

To configure a redirected printer (for example USB):
Enter the set-up and go to [Configuration]-[Ports]-[Logical Ports USB]-[USB1]
Enable  'Redirection RDP/ICA'  and under "Printer Settings" :
 • Printer Name: enter name of the printer
 • Printer  driver: enter name of the printer driver.
   Note: The driver must be installed on the server - and the spelling in the terminals setup of the driver name must be exact.
 • Time_out value (sec): This parameter represents the time after which a printer error (no paper, printer busy) is sent to the server.
 • Cache printing options: Various printer settings can be saved locally on the terminal and sent to the server if required (passwords, default printer settings etc)
 
2 - Using the Thin Client as a Printer Server

In this case the printer is available to all network users as soon as the terminal is powered on.
 
The printer entry must be created on the Microsoft server using the "Add printer wizard".

To configure the terminal (for example with a USB Printer):
Enter the set-up and go to [Configuration]-[Ports]-[Logical Ports USB]-[USB1]
Service = set to LPD.
Port Name = enter name for printer

On the Microsoft server create an 'LPR Port'  which will require the IP address/DNS name of the thin client and the "Port Name"  as entered in the terminal as above

When an RDS/TSE session is established, a local logon box may be displayed (instead of the usual Windows graphical logon).
Is it possible to remove this local logon box to return to the Windows logon?

But before doing so certain factors should be taken in account. The local logon is displayed in the following cases :
  - The ‘local authentication’ of the TSE/RDS session is enabled (to avoid multiple authentications due to broker usage – See article P6 of this section)
  - A gateway is set-up  
  - The NLA security layer is enabled (Default for Windows 2012/2016)

The local logon can be disabled only for the last case. Disabling NLA at both the thin client and the server levels will allow the Windows logon to be displayed.

Note: if NLA is disabled "User Profile Disks (UDP) do not operate.

At the server level:
Run the policy editor and select :
  Computer ConfigurationPoliciesAdministrative TemplatesWindows ComponentsRemote Desktop ServicesRemote Desktop Session HostSecurity
Disable the policy 
  Require user authentication for remote connections by using Network Level Authentication.

At the thin client level:
Enter the set-up and go to [Configuration]-[Sessions]-[Session 1]-[Additional Parameters].
Set 'Default Security Layer' to 'RDP'.

AX3000 M70 and M75 are certified for servers 2012R2. If the connection is refused, please check the following:

1 - Firmware must be up to date
If not, download the last firmware revision from our web site.

2 - On the server side, NLA must be 'not mandatory'
By default a server 2012R2 requires the NLA support (Network Level Authentication). With NLA, the RDP protocol is included in a SSL tunnel. But no SSL client is embedded with AX3000 M70/M75. Then, the requirement of NLA must be disabled.
This is done with the 'Server Manager' (go to RDS collection settings)

The possible cases are:

1 - The screen stays on message 'Connecting' for 20 seconds, then the session closes.
This means that the IP address of the Microsoft server is unreachable. Check the IP address or routing tables of the thin client. (Try to ping the server from the terminal)
 
2 - RDS/TSE session closes immediately
Possibly the TCP port (default 3389) is not accessible from the Microsoft server side (due to firewall problem or RDS not configured properly)
 
If SSL/TLS (with or without NLA) is activated potential problems may be experienced:
- AX3000 M70/M75: do not support this security layer. It must be disabled on the server side.
- AX3000 M80/M85: update to latest firmware (available from www.axel.com)

After log-off, the RDS or Citrix session does not close (a blue screen is displayed)

Explanation:
The session is not closed by the server because there is a process still running, and the process prevent the session from closing
 
Solution:
The first step is to identify the process that does not terminal with the 'task manager'.
This process must be added to the list of processes that Windows can ' kill ' if necessary.
This list is accessible via the registry. If the process is called 'myprocess.exe', add a REG_DWORD (value 0) called 'myprocess.exe' to [HKEY_LOCAL_MACHINE]-[System]-[CurrentControlSet]-[Control]-[Terminal Server]-[SysProcs].

Explanation:
The terminal intercepts certain key combinations for its own local operation (eg <Ctrl> <Alt> <Esc> to enter the set-up).
Common key combinations such as <Alt><F1> to <Alt><F6> are used to change sessions. This is why <Alt><F4> does not work in the session, as it is used to hotkey to session 4.

Solution:
Change the session "introducer key"
Enter the set-up and go to [Configuration]-[Terminal]-[Local Desktop] and choose a different value for the introducer. For example change to "Cntl" - than <Cntl><F4> will change session, leaving <Alt><F4> for Windows to process

Problem:
The user is requested to authenticate themselves multiple times before being able to login
 
Explanation:
As part of the  'Load balancing' mechanism  the RDP connection can be passed around several servers, each one requiring the user to login.
 
Solution:
Enable the “Local Authentication” setting in the terminals configuration. This will allow the terminal to temporarily cache the credentials and automatically offer them when requested.