Just started experiencing this out of the blue today.

Connecting to server 2012 virtual machine with latest RDP program.

RDP users (including me) seem to suddenly be unable to connect to the server intermittently.

Getting the below error messages on several tries. Sometimes it will ask for password and connect normally.

Event viewer shows many instances of:
RemoteDesktopServices-RdpCoreTS
The server security layer detected an error (0x80090308) in the protocol stream and the client (Client IP:XXX.XXX.XXX.XXX) has been disconnected.
EventID 139
User: NETWORK SERVICE
OpCode: ProtocolExchange
Task Category: RemoteFX module

Hi,

I manage my home theatre and music servers via remote desktop. Both have wired connections to the router.

All has been well for many years.

Recently our old modem/router was replaced with a new one. There have been no other changes.

While I can still remote into the home theatre server I am no longer able to remote into the music server:

Remote Desktop can't connect to the remote computer....

What I can do is:

• ping the music server
• bring up shares on the music server on another computer
• access the music server using TeamViewer

Does anyone have any suggestions how I can use remote desktop to manage my music server again please?

Hello, I just setup a RDS licensing server on Server 2016. I got it setup and it appeared to be working so I signed in with a test account and it worked. However I noticed that I now have only 19 of 20 RDS licenses left. Does this mean it assigned a license to my test user and that only that user can use it? If so is there a way to un assign it and allow it to be used by an actual user?

If this is the case what happens when an employee quits is their license just gone?

Thank you

Hello,

I upgraded our RDS infrastructure to Server 2019 and ti seems any kind of right click context menu or admin prompt will eventually crash the session after about 15-20 seconds. For instance, with an admin prompt after you enter the credentials, a remaining white box will hang around until the remote session crashes. No settings were changed between Server 2016 and Server 2019 however the infrastructure is in VMWare. Also, If I turn off Remote FX the box is then black and the same thing occurs. Please Help!

Thanks!

We have a Dell R620 Server which after the last set of updates we installed on Monday 5/27/2019 started behaving strangely.

It is primarily a Host for Remote Desktop Users and starting the next day when some users tried to save Word or excel documents they generated - the document would hang in the save window of excel or word where they were trying to select the folder to save the file.

Once this hang occurred, as Administrator from the task manager, I couldn't kill the task or even logoff the user.  It then affected the administrative account.  Any users affected get a perpetual signing off screen if they try to log off.

Eventually nothing works right and I have to physically restart the server - I cant' restart as the Admin.

After reboot things seem to work OK for a while , but eventually this reappears.  I have a support case going with Microsoft since the 28th but they seem preoccupied.

We uninstalled the patches and even upgraded word and excel - to no avail.  Dell  checked the Hardware and its OK.

Does anyone know anything about this - is it happening to others??  Any suggestions?

Glenn Barber

Hi everybody,

I have stand-alone Windows Server 2012 configured as DC (for further scalability) with appropriate domain and valid SSL Certificate. The machine is VIRTUAL.

Therefore, it's the same machine for every role (RD Gateway, RD Licensing etc).

Logging on as remote desktop user takes a few seconds and is quite OK.

Logging on of the same user(s) as a remote app always adds 60 secs of extra time.

I talk about the time after password prompt pops up, which happens almost immediately.

The following minute after confirming the password the logon dialog presents the message

"configuring remote desktop".

Those 60 seconds are well documented in the Event Log and the sequence is always the same.

It looks like two consecutive time-outs of 30 seconds each.

Below is an example of events sequence:

Event 1:

Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:53:51
Event ID:      312
Task Category: (3)
Level:         Information
Keywords:      
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "user@domain", on client computer "xx.xxx.xx.xxx:58554", has initiated an outbound connection. This connection may not be authenticated yet.
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>312</EventID><Version>0</Version><Level>0</Level><Task>3</Task><Opcode>30</Opcode><Keywords>0x4000000000000000</Keywords><TimeCreated SystemTime="2019-06-02T06:53:51.283267000Z" /><EventRecordID>31003</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="15348" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>user@domain</Username><IpAddress>xx.xxx.xx.xxx:58554</IpAddress></EventInfo></UserData></Event>

Event 2:
Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:53:51
Event ID:      313
Task Category: (3)
Level:         Information
Keywords:      
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "user@domain", on client computer "xx.xxx.xx.xxx:58558", has initiated an inbound connection. This connection may not be authenticated yet.
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>313</EventID><Version>0</Version><Level>0</Level><Task>3</Task><Opcode>30</Opcode><Keywords>0x4000000000000000</Keywords><TimeCreated SystemTime="2019-06-02T06:53:51.971015500Z" /><EventRecordID>31004</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="3132" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>user@domain</Username><IpAddress>xx.xxx.xx.xxx:58558</IpAddress></EventInfo></UserData></Event>

Event 3:
Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:53:52
Event ID:      313
Task Category: (3)
Level:         Information
Keywords:      
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "user@domain", on client computer "xx.xxx.xx.xxx:58558", has initiated an inbound connection. This connection may not be authenticated yet.
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>313</EventID><Version>0</Version><Level>0</Level><Task>3</Task><Opcode>30</Opcode><Keywords>0x4000000000000000</Keywords><TimeCreated SystemTime="2019-06-02T06:53:52.033537700Z" /><EventRecordID>31005</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="15348" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>user@domain</Username><IpAddress>xx.xxx.xx.xxx:58558</IpAddress></EventInfo></UserData></Event>

Event 4:
Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:53:52
Event ID:      200
Task Category: (2)
Level:         Information
Keywords:      Audit Success,(16777216)
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "domain\user", on client computer "xx.xxx.xx.xxx", met connection authorization policy requirements and was therefore authorized to access the RD Gateway server. The authentication method used was: "NTLM" and connection protocol used: "HTTP".
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>200</EventID><Version>0</Version><Level>4</Level><Task>2</Task><Opcode>30</Opcode><Keywords>0x4020000001000000</Keywords><TimeCreated SystemTime="2019-06-02T06:53:52.174207400Z" /><EventRecordID>31006</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="3132" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>domain\user</Username><IpAddress>xx.xxx.xx.xxx</IpAddress><AuthType>NTLM</AuthType><Resource></Resource><ConnectionProtocol>HTTP</ConnectionProtocol><ErrorCode>0</ErrorCode></EventInfo></UserData></Event>

Event 5:
Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:53:52
Event ID:      300
Task Category: (5)
Level:         Information
Keywords:      Audit Success,(16777216)
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "domain\user", on client computer "xx.xxx.xx.xxx", met resource authorization policy requirements and was therefore authorized to connect to resource "computer_name.domain.example.com".
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>300</EventID><Version>0</Version><Level>4</Level><Task>5</Task><Opcode>30</Opcode><Keywords>0x4020000001000000</Keywords><TimeCreated SystemTime="2019-06-02T06:53:52.236734600Z" /><EventRecordID>31007</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="1984" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>domain\user</Username><IpAddress>xx.xxx.xx.xxx</IpAddress><AuthType></AuthType><Resource>computer_name.domain.example.com</Resource><ConnectionProtocol></ConnectionProtocol><ErrorCode>0</ErrorCode></EventInfo></UserData></Event>

Event 6:
Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:53:52
Event ID:      302
Task Category: (3)
Level:         Information
Keywords:      (16777216)
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "domain\user", on client computer "xx.xxx.xx.xxx", connected to resource "computer_name.domain.example.com". Connection protocol used: "HTTP".
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>302</EventID><Version>0</Version><Level>4</Level><Task>3</Task><Opcode>30</Opcode><Keywords>0x4000000001000000</Keywords><TimeCreated SystemTime="2019-06-02T06:53:52.252342300Z" /><EventRecordID>31008</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="1984" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>domain\user</Username><IpAddress>xx.xxx.xx.xxx</IpAddress><AuthType></AuthType><Resource>computer_name.domain.example.com</Resource><ConnectionProtocol>HTTP</ConnectionProtocol><ErrorCode>0</ErrorCode></EventInfo></UserData></Event>

Event 7:

Log Name:      Microsoft-Windows-TerminalServices-SessionBroker/Operational
Source:        Microsoft-Windows-TerminalServices-SessionBroker
Date:          02/06/2019 09:54:05
Event ID:      819
Task Category: RD Connection Broker processes connection request
Level:         Verbose
Keywords:      
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
This connection request has timed out. User could not log on to the end point within the alloted time. Remote Desktop Connection Broker will stop monitoring this connection request.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-SessionBroker" Guid="{D1737620-6A25-4BEF-B07B-AAC3DF44EFC9}" /><EventID>819</EventID><Version>0</Version><Level>5</Level><Task>101</Task><Opcode>11</Opcode><Keywords>0x2000000000000000</Keywords><TimeCreated SystemTime="2019-06-02T06:54:05.832911900Z" /><EventRecordID>534539</EventRecordID><Correlation ActivityID="{F420F4EE-0602-48B0-BB7C-BEDE86130000}" /><Execution ProcessID="4596" ThreadID="13724" /><Channel>Microsoft-Windows-TerminalServices-SessionBroker/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><EventData></EventData></Event>

Event 8:

Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:54:22
Event ID:      303
Task Category: (3)
Level:         Information
Keywords:      (16777216)
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "domain\user", on client computer "xx.xxx.xx.xxx", disconnected from the following network resource: "computer_name.domain.example.com". Before the user disconnected, the client transferred 229 bytes and received 156 bytes. The client session duration was 30 seconds. Connection protocol used: "HTTP".
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>303</EventID><Version>0</Version><Level>4</Level><Task>3</Task><Opcode>44</Opcode><Keywords>0x4000000001000000</Keywords><TimeCreated SystemTime="2019-06-02T06:54:22.319436200Z" /><EventRecordID>31009</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="15348" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>domain\user</Username><IpAddress>xx.xxx.xx.xxx</IpAddress><AuthType></AuthType><Resource>computer_name.domain.example.com</Resource><BytesReceived>156</BytesReceived><BytesTransfered>229</BytesTransfered><SessionDuration>30</SessionDuration><ConnectionProtocol>HTTP</ConnectionProtocol><ErrorCode>1226</ErrorCode></EventInfo></UserData></Event>

Event 9:

Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:54:22
Event ID:      300
Task Category: (5)
Level:         Information
Keywords:      Audit Success,(16777216)
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "domain\user", on client computer "xx.xxx.xx.xxx", met resource authorization policy requirements and was therefore authorized to connect to resource "computer_name.domain.example.com".
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>300</EventID><Version>0</Version><Level>4</Level><Task>5</Task><Opcode>30</Opcode><Keywords>0x4020000001000000</Keywords><TimeCreated SystemTime="2019-06-02T06:54:22.397561300Z" /><EventRecordID>31010</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="5640" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>domain\user</Username><IpAddress>xx.xxx.xx.xxx</IpAddress><AuthType></AuthType><Resource>computer_name.domain.example.com</Resource><ConnectionProtocol></ConnectionProtocol><ErrorCode>0</ErrorCode></EventInfo></UserData></Event>

Event 10:

Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:54:22
Event ID:      302
Task Category: (3)
Level:         Information
Keywords:      (16777216)
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "domain\user", on client computer "xx.xxx.xx.xxx", connected to resource "computer_name.domain.example.com". Connection protocol used: "HTTP".
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>302</EventID><Version>0</Version><Level>4</Level><Task>3</Task><Opcode>30</Opcode><Keywords>0x4000000001000000</Keywords><TimeCreated SystemTime="2019-06-02T06:54:22.397561300Z" /><EventRecordID>31011</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="5640" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>domain\user</Username><IpAddress>xx.xxx.xx.xxx</IpAddress><AuthType></AuthType><Resource>computer_name.domain.example.com</Resource><ConnectionProtocol>HTTP</ConnectionProtocol><ErrorCode>0</ErrorCode></EventInfo></UserData></Event>

Event 11:

Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:54:54
Event ID:      302
Task Category: (3)
Level:         Information
Keywords:      (16777216)
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "domain\user", on client computer "xx.xxx.xx.xxx", connected to resource "computer_name.domain.example.com". Connection protocol used: "UDP".
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>302</EventID><Version>0</Version><Level>4</Level><Task>3</Task><Opcode>30</Opcode><Keywords>0x4000000001000000</Keywords><TimeCreated SystemTime="2019-06-02T06:54:54.123103000Z" /><EventRecordID>31012</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="3132" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>domain\user</Username><IpAddress>xx.xxx.xx.xxx</IpAddress><AuthType></AuthType><Resource>computer_name.domain.example.com</Resource><ConnectionProtocol>UDP</ConnectionProtocol><ErrorCode>0</ErrorCode></EventInfo></UserData></Event>

Event 12:

Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:54:54
Event ID:      205
Task Category: (2)
Level:         Information
Keywords:      (16777216)
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "domain\user", on client computer "xx.xxx.xx.xxx", successfully connected to the remote server "computer_name.domain.example.com" using UDP proxy. The authentication method used was: "Cookie".
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>205</EventID><Version>0</Version><Level>4</Level><Task>2</Task><Opcode>30</Opcode><Keywords>0x4000000001000000</Keywords><TimeCreated SystemTime="2019-06-02T06:54:54.123103000Z" /><EventRecordID>31013</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="15808" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>domain\user</Username><IpAddress>xx.xxx.xx.xxx</IpAddress><AuthType>Cookie</AuthType><Resource>computer_name.domain.example.com</Resource><BytesReceived></BytesReceived><BytesTransfered></BytesTransfered><SessionDuration></SessionDuration><ConnectionProtocol></ConnectionProtocol><ErrorCode>0</ErrorCode></EventInfo></UserData></Event>

Event 13:

Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:54:54
Event ID:      302
Task Category: (3)
Level:         Information
Keywords:      (16777216)
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "domain\user", on client computer "xx.xxx.xx.xxx", connected to resource "computer_name.domain.example.com". Connection protocol used: "UDP".
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>302</EventID><Version>0</Version><Level>4</Level><Task>3</Task><Opcode>30</Opcode><Keywords>0x4000000001000000</Keywords><TimeCreated SystemTime="2019-06-02T06:54:54.123103000Z" /><EventRecordID>31014</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="3132" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>domain\user</Username><IpAddress>xx.xxx.xx.xxx</IpAddress><AuthType></AuthType><Resource>computer_name.domain.example.com</Resource><ConnectionProtocol>UDP</ConnectionProtocol><ErrorCode>0</ErrorCode></EventInfo></UserData></Event>

Event 14:

Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:54:54
Event ID:      205
Task Category: (2)
Level:         Information
Keywords:      (16777216)
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "domain\user", on client computer "xx.xxx.xx.xxx", successfully connected to the remote server "computer_name.domain.example.com" using UDP proxy. The authentication method used was: "Cookie".
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>205</EventID><Version>0</Version><Level>4</Level><Task>2</Task><Opcode>30</Opcode><Keywords>0x4000000001000000</Keywords><TimeCreated SystemTime="2019-06-02T06:54:54.123103000Z" /><EventRecordID>31015</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="12344" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>domain\user</Username><IpAddress>xx.xxx.xx.xxx</IpAddress><AuthType>Cookie</AuthType><Resource>computer_name.domain.example.com</Resource><BytesReceived></BytesReceived><BytesTransfered></BytesTransfered><SessionDuration></SessionDuration><ConnectionProtocol></ConnectionProtocol><ErrorCode>0</ErrorCode></EventInfo></UserData></Event>

Event 15:

Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:54:54
Event ID:      303
Task Category: (3)
Level:         Information
Keywords:      (16777216)
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "domain\user", on client computer "xx.xxx.xx.xxx", disconnected from the following network resource: "computer_name.domain.example.com". Before the user disconnected, the client transferred 637 bytes and received 4567 bytes. The client session duration was 0 seconds. Connection protocol used: "UDP".
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>303</EventID><Version>0</Version><Level>4</Level><Task>3</Task><Opcode>44</Opcode><Keywords>0x4000000001000000</Keywords><TimeCreated SystemTime="2019-06-02T06:54:54.466828900Z" /><EventRecordID>31016</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="3132" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>domain\user</Username><IpAddress>xx.xxx.xx.xxx</IpAddress><AuthType></AuthType><Resource>computer_name.domain.example.com</Resource><BytesReceived>4567</BytesReceived><BytesTransfered>637</BytesTransfered><SessionDuration>0</SessionDuration><ConnectionProtocol>UDP</ConnectionProtocol><ErrorCode>1226</ErrorCode></EventInfo></UserData></Event>

Event 16:

Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:54:54
Event ID:      303
Task Category: (3)
Level:         Information
Keywords:      (16777216)
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "domain\user", on client computer "xx.xxx.xx.xxx", disconnected from the following network resource: "computer_name.domain.example.com". Before the user disconnected, the client transferred 1641 bytes and received 7160 bytes. The client session duration was 0 seconds. Connection protocol used: "UDP".
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>303</EventID><Version>0</Version><Level>4</Level><Task>3</Task><Opcode>44</Opcode><Keywords>0x4000000001000000</Keywords><TimeCreated SystemTime="2019-06-02T06:54:54.529322500Z" /><EventRecordID>31017</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="15808" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>domain\user</Username><IpAddress>xx.xxx.xx.xxx</IpAddress><AuthType></AuthType><Resource>computer_name.domain.example.com</Resource><BytesReceived>7160</BytesReceived><BytesTransfered>1641</BytesTransfered><SessionDuration>0</SessionDuration><ConnectionProtocol>UDP</ConnectionProtocol><ErrorCode>1226</ErrorCode></EventInfo></UserData></Event>

Event 17:

Log Name:      Microsoft-Windows-TerminalServices-SessionBroker/Operational
Source:        Microsoft-Windows-TerminalServices-SessionBroker
Date:          02/06/2019 09:54:54
Event ID:      800
Task Category: RD Connection Broker processes connection request
Level:         Verbose
Keywords:      
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
RD Connection Broker received connection request for user domain\user. 
Hints in the RDP file (TSV URL) = tsv://MS Terminal Services Plugin.1.RemoteApps 
Initial Application = rdpinit.exe 
Call came from Redirector Server = computer_name.domain.example.com 
Redirector is configured as Virtual machine redirector
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-SessionBroker" Guid="{D1737620-6A25-4BEF-B07B-AAC3DF44EFC9}" /><EventID>800</EventID><Version>0</Version><Level>5</Level><Task>101</Task><Opcode>11</Opcode><Keywords>0x2000000000000000</Keywords><TimeCreated SystemTime="2019-06-02T06:54:54.669933800Z" /><EventRecordID>534540</EventRecordID><Correlation ActivityID="{F420EE10-A030-485A-8B06-EFE8C1E30000}" /><Execution ProcessID="4596" ThreadID="13724" /><Channel>Microsoft-Windows-TerminalServices-SessionBroker/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventXML xmlns="Event_NS"><param1>domain\user</param1><param2>tsv://MS Terminal Services Plugin.1.RemoteApps</param2><param3>rdpinit.exe</param3><param4>computer_name.domain.example.com</param4><param5>Virtual machine redirector</param5></EventXML></UserData></Event>

Event 18:
Log Name:      Microsoft-Windows-TerminalServices-SessionBroker/Operational
Source:        Microsoft-Windows-TerminalServices-SessionBroker
Date:          02/06/2019 09:54:55
Event ID:      801
Task Category: RD Connection Broker processes connection request
Level:         Verbose
Keywords:      
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
RD Connection Broker successfully processed the connection request for user domain\user. Redirection info: 
Target Name = COMPUTER_NAME 
Target IP Address = XXX.X.XX.XXX, a000:b000:c000::d000:e000 
Target Netbios = COMPUTER_NAME 
Target FQDN = computer_name.domain.example.com 
Disconnected Session Found = 0x0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-SessionBroker" Guid="{D1737620-6A25-4BEF-B07B-AAC3DF44EFC9}" /><EventID>801</EventID><Version>0</Version><Level>5</Level><Task>101</Task><Opcode>11</Opcode><Keywords>0x2000000000000000</Keywords><TimeCreated SystemTime="2019-06-02T06:54:55.091773200Z" /><EventRecordID>534541</EventRecordID><Correlation ActivityID="{F420EE10-A030-485A-8B06-EFE8C1E30000}" /><Execution ProcessID="4596" ThreadID="6204" /><Channel>Microsoft-Windows-TerminalServices-SessionBroker/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventXML xmlns="Event_NS"><param1>domain\user</param1><param2>COMPUTER_NAME</param2><param3>XXX.X.XX.XXX, a000:b000:c000::d000:e000</param3><param4>COMPUTER_NAME</param4><param5>computer_name.domain.example.com</param5><param6>0x0</param6></EventXML></UserData></Event>

I have numbered the events for ease of reference.

As can be seen from event #7  and #14 the user disconnects twice after 30 sec timeout.

From some research it seems like a possible problem may be in the VM settings, which is not in my control so if it is the case I would have to know what exactly to ask from the hosting service.

Any idea/solution will be greatly appreciated!

Hi all

I am in the process of migrating users out of an RDWeb environment and would like to see if there are any users still connecting with the RDWeb URL

Does anyone know of some sort of powershell script to determine which users are connecting via Web URL and which users are connecting via RDP?

Several times a day users of RDS - whether session host or just a RDP session to a server - are getting an issue where the connection freezes for a few seconds and then disconnects. Reconnecting can be done and the session is still active. The event logged in Remote Desktop Services1 is "RDP ClientActiveX has been disconnected (Reason= 4)". This disconnecting seems to be random as to timing or usage so I am baffled. The servers that I know are affected are 2012r2 and 2016 sitting on a VMware / ESXi hypervisor.

Does anyone have any idea why this might be occurring and a possible fix?

Working on an environment with all 2016 servers.  Parent.local domain and child.parent.local domain.  If I log into RD-sessionhost.child.parent.local session host with a user in the parent.local domain everything works except group policy.  On the session host server I see event ID: 1053 processing of group policy failed.  Windows could not resolve the user name.  The RDSH is joined to the child.parent.local domain but is on a separate VLAN and only allowed to communicate with the child.parent.local network but not the parent.local network.  The child.parent.local network can fully communicate with the parent.local network and no issues there.  Does the session host in child.parent.local network need to communicate directly with the parent.local network for group policy to work? 

Thanks in advance!!

Hi,

I have set up a brand new 2012R2 RDS farm but I have a strange behavior that I am unable to fix : 

"Idle session limit" and "End a disconnected session" are set by GPO  ( 1 hour, each)

But each time a user reach one of this limit, this cause an issue on the terminal server service : 

 - svchost process ( attached to terminal service) becomes unresponsive

- no more users are able to login  ( login process goes fine, no error message; but users get a black screen... CTRL+ALT+DEL works and permits to launch some commands ( calc, notepad...) 

- connected users can't close their session : they get stuck at " waiting for user profile service"

Any idea of what is happening ?

Thank you.

So I am having a little issue.  Made a single session server setup. Ran it as a local LAN setup and was successfully deployed.

Cool I thought, it was ready to meet the internet.

generated a cert  session.domainnamehere.com. Added the cert to trusted storage, then exported to create pfx and tried to add to the RDWeb services.  I was given an error that only one of the two servers could be contacted. 

There is no indication as to what the second server was to be.

ran set-RDPublishedName.ps1 and it reported success however the URL showing in the services management window still indicates the URL as https://machinename.domain.local rather than session.domainamehere.com

Verified that IIS default site, RDWeb, Pages, DefaultTSGateway was set to the correct URL.

I did not think that I needed to run RD Gateway setup in this scenario, but ran it anyway.  Added the external domain name as requested. Added cert with a trusted blessing but a warning that the same cert has to be applied for the RDWeb service as well. Tried to add the cert to RDWeb service and same cannot contact one of two servers error showed up.

removed Remote services role.  Re added Remote services role.  Was not given opportunity to input URL as I was given on the first time through.  Still showed up with the old URL ready to cause me havoc. 

RDWeb now does not show any thing to choose in the user window. Not even the quickstart apps, nor newly created ones. 

So It looks like I have two issues.  How to get the RDWeb service talking as if it is on the same server as it is (with the correct URL expressed). And issue two how to clean up the RDWeb collection data.

Hello all, I have a weird issue that's got me banging my head against the wall. So thought I would put it out there.  We have a VM running Server 2012 R2 that people RDP into and use IE and Chrome on.  Sporadically both IE and Chrome will just close by themselves automatically with no warning and no message. 

I have tried going into the antimalware on that server and putting in all appropriate exceptions.  I have tried doing Windows updates. I have tried uninstalling and reinstalling Chrome.  I have even tried an sfc /scannow.   Everything I can think of even if it doesn't seem related. 

The only common denominator is the URL's involved when it happens.  There are a handful of URL's they are visiting which connect to internal dev systems/portals.  The issue does not occur on their local computers when visiting these URL's though, it only happens on the VM.  So while the URL's are what's in common they are not causing the issue outside of that VM.

This issue just has me stumped both because it is intermittent and because it is happening on multiple browsers.  If anyone has ever run into anything related please let me know.

Hello All.

I'm busy with an installation for a clien using "Server 2019" as the Hyper-V Host Server.

On the host I am running two (2) Hyper-V OSEs, also Server 2019 Standard. One acts as the AD Domain Controller, the other is acting as an APP Server for their Financial software on which they need remote access. Everything runs fine through the entire configuration right up to the point after I added the Remote Desktop Services Role. From there on the whole thing goes bonkers. 

When I log back in after a restart, the profiles under C:\Users are all messed up. "domain\Administrator" is gone and there are folders like "Administrator.000", a file that looks like a VHD, I'm guessing this is a Remote Desktop User Profile.

Sometimes it would all of a sudden block my login attempts saying: "To sign in remotely, you need the right to sign in through Remote Desktop Services. By default.... blah blah bla." So I am physically logging into that server "on" Hyper-V, but it is treating the login as a "Remote" login.

I thought it might be a bug in Server 2019, so I installed 2016, and it is doing exactly the same. I am doing the RDS configuration to the letter as per Microsoft, I am just not using the RD Gateway. 

Could someone "pleaaaase" tell me why this is happening? I have to deliver the server to site in two days.

Kind Regards and thank you in advance.

Hentie

Hello, 

I have two HA broker and RDSFARM DNS entry as round robin that points to two broker servers.

I am getting "Load Virtual Machine.." message for at least 30 secs when I am redirected to second broker but first broker has no issue. I do not have Virtualization Host role in my servers.

Did some body have this issue before?

Thanks

I've got a few questions I am hoping to get help with. We have roughly 20 sites and a main corp office. We plan on setting up a rds farm in our corp office and using VM's to host session host servers and the connection brokers. In all 20 sites we are going to have a site to site vpn tunnel so a connection gateway isn't required to my understanding. Then in one of the 20 remote sites we are going to setup another rds server with a dc and connection broker.

So here are my questions

1. We will probably have 6-8 session host VM's. When I ran this in a lab I set it up with DNS round robin for each of the session host, is that the best way to do it. Basically if VM 1 is named sessionhost1 and vm 2 is named sessionhost2 I made an A record in DNS with the name SessionHost and gave it the IP of sessionhost1 and then created another A record with the same name and called it sessionhost and gave it the IP of sessionhost2.

2. If we setup high avail for the connection broker where is the best place to store the sql database? Lets say I have 3 broker servers, 2 at corp and one in the failover site and I reboot the one that has the sql database what happens? Also if I want to have a 3rd one at the remote site for failover are there anythings I should be aware of?

Thank you for your input

Can anyone help Windows 2016 RDS Single Server solution. 

Sorry I see this was asked as 1000 times. I get two prompts to login to RDS

RemoteApp - Login - Gateway never passes credentials to Server. 

I authenticate via the RemoteApp (RDP) - Established a connection the the RDS Server. I get the Splash screen to the server (as RemoteApp configures the remote session) I hit OK to accept the corporate warning we have on the RDS splash screen. Then the RemoteApp closes, I get Windows Security "Enter your credentials" for the remote server (not the gateway) there is no option to remember credentials....  I log in again - I get the corporate warning splash screen again. Hit OK - finally get to desktop. 

I have updated the System/Credentials Delegation - setting in the RDS GPO. Adding RDSSERVER/* to both Allow Delegating default cred w/ NTLM-Only Server and Allow Delegating default creds

I have also tried to play with rdp settings

promptcredentialonce:i:1

gatewayusagemethod:i:1

gatewayprofileusagemethod:i:1

gatewaycredentialssource:i:4

full address:s:TS.DOMAIN.COM

gatewayhostname:s:gw.DOMAIN.com

workspace id:s:TS.DOMAIN.com

use redirection server name:i:1

gw.DOMAIN.com matches my SSL Cert

Hi, we're experiencing a strange issue with our RDS environment. 

It takes exactly 30 minutes after entering the username and password during a RDP login for the desktop to show. In the mean time, the desktop ispitch black. Only the cursor is shown.

This happens basically every day, and one it started it cannot be stopped unless we reboot the session host.

After a reboot, users can login just fine. Later that day at a random moment the issue occurs again and users are presented with a black screen for the next 30 minutes.

James Bristow, Software Configuration Manager

Hi All, 

A virtual server (with Terminal Server role) based on Windows Server 2016 was upgraded several times in attempts to rectify the issue with users logging on to temp profiles. The number of connected users roughly 30-35.

It now has 20vCPUs and 72GB or RAM and at the moment CPU usage is about 30% and RAM usage is about 70%. This means the server is not running out of resources.

Now that I can exclude the resources related factor what else might be the root cause of this issue which recur literally every day?

Regards