A single TIMEOUT drops Remote-Desktop Session on ASA
Hello Guys,
Just recently we replaced our HQ Cisco-Pix with Cisco-ASA 5510. where we have many branches connecting to our HQ through site-to-site vpn.
Since putting this new ASA5510 at HQ , while we are getting a Remote-Desktop session into our branches clients, and at the time when even a single TIMEOUT occurs on the vpn-link so the remote-desktop session gets completly lost. then we have to re-connect the session.
This issue happens as i said above when a single timeout occurs on the vpn link. please tell me what is the issue with the ASA5510. because with pix we didnt have this issue, remote-desktops were never geting lost / reset with single timeout
Imran,
Thank you for posting this question. Now, we need a little bit more clarification into what you call TIMEOUT, The ASA wont drop a flow unless there is no data passing through within an Hour (If it is TCP). Does the tunnel goes down completely and the SA has to be rebuild?
What are the logs that you are seeing? What is the ASA saying about that terminated connection? As you rightly pointed, there should not be mayor differences between the devices (Assuming they were running version 8.2 or below).
Mike
Similar Messages
-
I need windows 7 screensaver to activate after terminating a remote desktop session
I need windows 7 screensaver to activate after terminating a remote desktop session
Ok, so this one is slightly complex.
I have a monitor at work which needs to display company info via a screensaver set to scroll through a series of images. This is a pretty standard thing, but where my problem occurs is that the screensaver must be updated remotely each
day via Remote Desktop, and not by a local user sitting at the PC itself. This works on XP with a bit of hacking and playing with settings. But it won't work on W7.
Ok, so the XP setup first:
When terminating the remote session, on the XP machine the system looks here:
C:\windows\system32\config\defaultprofile\administrator’s documents\administrator’s pictures
OR
C:\WINDOWS\system32\config\systemprofile\ administrator’s documents\administrator’s pictures
for the images to display during the screensaver, so I placed a shortcut to this folder (whichever one of the two it is on either of the two PCs i am doing this on; for some reason it isn't always the same path across all machines)
on the desktop and had the user place the images in there. I also do a small registry hack so that after a timeout of 60 seconds, the screensaver looked in this location, found the images, and displayed as you'd expect. It always looks here after a remote
session, and ignores the screensaver configured in the control panel UI, hance these stpes were necessary.
So, now the PCs are being upgraded to W7, but this isn't working. I think it's because on W7 the desktop isn't simply being locked when a remote session is started, the entire user is being logged off. Once the session is terminated,
the W7 PC sits at the login screen indefinitely and no screensaver ever displays.
Does anyone know a workaround here? Sorry for the overly complex explanation, and if it doesn't make sense I'd be happy to elaborate. Thanks.Hi,
Please see if the Screen saver timeout setting helps:
Group Policy Settings for Personalization
http://technet.microsoft.com/en-us/library/ee617164(v=ws.10).aspx
Thanks.
Nicholas Li
TechNet Community Support -
The grace period for the Remote Desktop Session Host server has expired
<p>I'm running Windows Server 2012, we only have 1 server and it's a DC. I'm trying to RD to the server from my Windows 7 laptop. It was working fine on Friday but when I came in on Monday I got message saying that 'The remote session was disconnnected
because there are no Remote Desktop License Servers available to provide a license'
So after a bit of digging I found out my 'grace period' had expired, so ordered a new license which I got today, installed this all ok but still i cannot connect via RD I get the same message....went into the RD License Diagnoser and it said the problem
was as follows
'The grace period for the Remote Desktop Session Host server has expired, but the RD Session Host server has not been configured with any license servers. Connections to the RD Session Host server will be denied unless a license server is configured for
the RD Session Host server.'
Suggested Resolution as follows
Configure a license server for the Remote Desktop Session Host server. If you have an existing license server, specify that license server for the RD Session Host Server. Otherwise, install RD Licensing on a computer on your network and Configure RD Session
Host Server to use it.'
I cannot figure out how to do this as I cannot find the RD Session Host Server tool.
Can any of you lovely people help me pleaseHello,
Best option would be to assign the license server by using AD GPO. Youl will need to configure the following:
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing
and define the settings for:
Use the specified Remote Desktop License Server
Set the Remote Desktop Licensing mode
Then assign the policy tho your server.
regards Robert Maijen -
Remote Desktop Session Host on Server 2012 not domain-joined
I have a server 2012 which is running Remote Desktop Session Host role without the Connection Broker like described here:
http://support.microsoft.com/en-us/kb/2833839
Now the client would like the Network Level Authentication (NLA) disabled. And since server 2012 does not have the Remote Desktop Session Host Configuration tool, I have to use the server manager console.
https://social.technet.microsoft.com/Forums/windowsserver/en-US/630cc818-69b0-4e1c-8d65-1b895b20e203/where-is-the-remote-desktop-session-host-configuration-tool-in-server-2012-?forum=winserverTS
But when I go to the remote Desktop Services of Server manager, it says “You are currently logged on as local administrator on the computer. You must be logged on as a domain user to manage servers and collections.”
So I tried finding some Powershell cmdlet could help me with the problem. I guess
Get-RDServer
or Set-RDSessionCollectionConfiguration would be the ones but I can’t seem to make them work.
Any help, or a hint that I going in the right direction or not?Hi,
Have you configure the certificate for your server?
Add the user under Remote Desktop user local group, configure FQDN name of server. Please see that if we are using RDS server in workgroup then most of the tools provided to make managing/configuring RDSH servers easier in 2012 will not work in a workgroup
configuration including some PowerShell command. You can check the below article for information.
Deploying a RDSH Server in a Workgroup – RDS 2012 R2
Hope it helps!
Thanks.
Dharmesh Solanki
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Nvidia GPU GRID K1
Host Server - Dell Power edge R720 128 gig RAM 2 Xeon E5-2640v2 2.0GHz, 20M cache 8c
Windows 2012 R2 full installation – Bios and all hardware with latest updates.
Roles - Hyper V and Remote Desktop Virtualization Host
EPT, GPU, WDDM (latest drivers) compatible for RemoteFX and fully up to date.
I have disabled the video adaptor on the motherboard.
I cannot complete with administrative permissions;
dism /online /enable-feature /featurename:Microsoft-Windows-RemoteFX-EmbeddedVideoCap-Setup-Package
Error: 0x800f080c
Feature name Microsoft-Windows-RemoteFX-EmbeddedVidoCap-Setup-Package is unknown
Question 1 - because video card on motherboard disabled, do I still need to complete this command?
VM’s
**I’m not interested in VDI but more Remote Desktop Sessions and the option to ‘pinch and zoom with Windows 8.1 tablets**
VM1 - Windows 2012 R2 configured as generation 1 that is fully patched.
This VM is able to start up and run until I add the new hardware for the RemoteFX Video adaptor from within the Hyper V settings. When I start the VM the server blue screens. I have tried multiple VM’s with 2012 but same thing
If I created the VM as Generation 2 I am able to start the VM but the RemoteFX adaptor doesn’t appear in the device manager. I have read generation 2 isn’t compatible with RemoteFX.
VM2 – *Testing purposes* - Windows 8.1 Enterprise configured as generation 1 that is fully patched.
This VM I am able to start up and run the VDI after the RemoteFX video adaptor is installed, also the correct adaptor appears in the device manager. This seems to at least work correctly but I cannot pinch and zoom and the experience is poor.
GPU summary within the Hyper V settings state there are 4 physical GPU’s all of which can be used with RemoteFX and that 1 virtual machine are using the GPU (Windows 8.1 enterprise VM)
Firewalls off, latest RDP clients
I have read you should be able to use Windows 2012 R2 and we should be able to use the sessions with pinch and zoom but now and then you come across something that tells me different.
Question 2 – I need this to work with Windows 2012 R2 so we can use Remote Desktop Sessions
and the tablets can use pinch and zoom, anyone tell me what I may be doing wrong?Hi,
Thank you for posting in Windows Server Forum.
As per my research, you need to run the command although video adapter is disabled on motherboard. If you install the RemoteFX cap driver, the integrated video adapter is disabled while the operating system is running.
For more information you can refer beneath article.
1. RemoteFX (with Hyper-V) is a serious business tool. For games.
2. Configure RemoteFX in Hyper-V running Windows Server 2012 with low end GPU
Hope it helps!
Thanks.
Dharmesh Solanki -
I have two domains. One is an account domain with a one way trust with the resource domain. Resource domain trusts the account domain and has a number of 2008R2 servers running within. I am experiencing severe logon delays
due to these servers being unable to access the server that hosts the user home folder specified directly on the user account profile tab from the account domain. When using my workstation in the actual account domain (corporate) I have no
problems.
Because of these network restrictions, I need to override the 2008R2's desire to access that user home folder location in the account domain.
So far the best thing I have found to try is Windows Components/remote desktop services/remote desktop session host/profile/Set Remote Desktop User Home Directory
The problem is that so far I have tried to configure this to point to both a local folder as well as a network path and it doesn't appear to be doing anything. Not seeing any errors in the app or system log either.
It is still trying to map the path in the account domain.
Any ideas?
Is there a better way to accomplish my goal? The servers in the resource domain will be Citrix servers and there will be a lot of users connecting from the account domain.
I tried this setting too, but it only seems to work on the 2012 machines in my Resource domain.
With the introduction of Windows 8 and Windows Server 2012 there is now a new group policy setting called “Set user home folder” and is found under Computer Configuration > Policies > Administrative Templates > System > User Profiles
Help!Hi,
This might be due to permission problems. Please check whether the user accounts for whose home folder to be redirected have permissions in the shared folder specified in the server.
Checkout the below link on Best Practice for creating Roaming Profile and Folder Redirection
http://www.grouppolicy.biz/2010/08/best-practice-roaming-profiles-and-folder-redirection-a-k-a-user-virtualization/
Regards,
Gopi
JiJi
Technologies -
I am need of some assistance please. I am a system admin and I am trying to create a script that will assist with the tedious tasks I have to do with disabling a user that no longer works for the company.
I have created a script so far that will reset the users passwords and remove them from all groups (minus domain users).
I am trying to make it where it will deny permissions to logon to Remote Desktop Session Host server as well as give full mailbox permission to the manager in Exchange Server 2010.
I know with Exchange 2010, I will need to add the Powershell snapin. Is there a way for this to be added into the script? I am thinking to add the code:
add-pssnapin Microsoft.exchange.management.powershell.e2010
Is there another way to do this? Any help or recommendations would be much appreciated.
$ou = Get-ADUser -SearchBase "<*OU info here*>" -Filter * |
Set-ADAccountPassword -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "<*Password here*>" -Force)
foreach ($user in $ou) {
$UserDN = $user.DistinguishedName
Get-ADGroup -LDAPFilter "(member=$UserDN)" | foreach-object {
if ($_.name -ne "Domain Users") {remove-adgroupmember -identity $_.name -member $UserDN -Confirm:$False} }Why not just disable the account?Why are you searching an OU foro users when you just want to terminate one user?
You can remotely connect an exchange session and manipulate the mailbox permissions. You do not load a snap-in except on the Exchange server.
$Session=New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://<FQDN of Exchange 2013 Client Access server>/PowerShell/
Import-PSSession $Session
# exchange commands here
\_(ツ)_/
We have a checklist we have to go through with the tasks listed. We have to keep to the account enabled until HR changes
the status which is usually 30-90 days depending. Managers sometimes need to access the accounts to retrieve information, etc. We put the users in an OU; once we are given permission from the manager we move forward in the removal. -
NULL SID Security Log Event ID 4625 when attempting logon to 2008 R2 Remote Desktop Session Host
This is a new deployment of Server 2008 R2 in a newly created 08 R2 active directory on a newlyt installed 08 R2 RDSH server.
A new generic user is created in AD. That user can log on to the terminal server on the console just fine. But that user cannot logon via RDP. Furthermore, the domain admin credentials also cannot logon via RDP.
When either set of credentials is used, the logon attempt registered in the Windows Security Even Log as a denied attempt with Event ID 4625 reporting a NULL SID.
Troubleshooting: The RDSH has already been disjoined and rejoined to the domain. Also, curious note, there are three ways to save the user account on the RDSH server as a valid user account which has permissions to logon. The one Microsoft recommends is to open computer management and edit the remote desktop users group. When I the accounts here and click apply, they immediately dissapear. Secondly, I can open the computer properties and go to the remote tab. There I find the user accounts added using the previous method are enumerated but not displaying correctly. They show up with the RDSH server name and a question mark. The last way, is to open the Remote Desktop Session Configuration tool and edit the properties of the rdp connection and go to the security tab. This was the only place I could get a user to ‘stick’ but the logon attempts still show a NULL SID and access is denied.
I have scoured every bit of RDS documenation I can find with no luck.
Thanks,
ChrisI am also experiencing this issue.
2008 servers, 2007 exchange on server 2008.
These are fresh servers, fresh AD. Users can log onto domain normally, RDP not working for admin accounts, generating same errors as posted above.
The bigger issue, is that we have a cisco messaging service account that is generating this error on the DC's and the Exchange server as well. The service basically emails users voicemails to their inbox. The user we've created for the cisco service is unable
to authenticate to the exchange server, in turn generating the same errors posted above as well. We can log on to the domain with this account just fine.
Any ideas on this? We have not tried re-adding the servers to the domain.
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 5/5/2010 9:01:13 AM
Event ID: 4625
Task Category: Logon
Level: Information
Keywords: Audit Failure
User: N/A
Computer: xx.corp
Description:
An account failed to log on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name:
xxxx
Account Domain:
xxxx
Failure Information:
Failure Reason: Domain sid inconsistent.
Status: 0xc000006d
Sub Status: 0xc000019b
Process Information:
Caller Process ID: 0x0
Caller Process Name: -
Network Information:
Workstation Name: laptop
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): -
Key Length: 0 -
Symptom
RD License server is a key component of RDS. It licenses users to access RDS servers.
After purchase the required RDS CALs, we need to activate the RDS License server and install the purchased RDS CALs. However, during the installation or after installation, we may face errors
about RDS License.
In most cases, the following error may occur.
Error:
The Remote Desktop Session Host server is in Per User licensing mode and No Redirector Mode, but license server "Server name" does not have any installed licenses with the following
attributes:
Product version: Windows Server 2012
Licensing mode: Per User
License type: RDS CALs
Troubleshooting
1. Check whether the RD License Configuration is configured properly and there are no Warnings in the Event.
2. The License Server should be part of 'RD Server License' group in Active Directory Domain Services.
3. Check if the Licensing Mode is correct.
- To change the Licensing Mode we can use RD Licensing diagnose, PowerShell cmdlet and Group Policy.
Via PowerShell cmdlet:
To change the licensing mode on RDSH/RDVH:
$obj = get-wmiobject -namespace "Root/CIMV2/TerminalServices" Win32_TerminalServiceSetting
$obj.ChangeMode(value)
# Value can be 2 - per Device, 4 - Per user
Via Group Policy
Path: Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Licensing
Use the specified RD license servers = FQDN of server name
Set the Remote Desktop licensing mode =
Per User
However, if issue persists, please provide detailed information and post the question in the
Remote Desktop Services (Terminal Services) forum.
Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.Hi Richard,
You need to uninstall Remote desktop session host feature. After removing it, you will default two connections which does not need to purchase RD CALs'.
Thanks,
Umesh.S.K -
Adobe Acrobat Reader Starts when opening a Remote Desktop Session
I recently upgraded to Acrobat Reader 8. Now I have a problem that Acrobat Reader loads when I open a Remote Desktop session. Has anyone else experienced this? Does anyone know what I should look at to get it to stop loading? Thank you.
After a third uninstall and re-install I've managed to crack it.
Thanks anyhow everyone. -
Windows Server 2012 The licensing mode for the Remote Desktop Session Host server is not configured
Hi
I have a standard Windows Server 2012 that is hosted in the cloud by a hosting provider -
This server has been up and running fir 6 months - recently we have been getting a warning
"The licensing mode for the Remote Desktop Session Host server is not configured" - The Remote Desktop Session Host server is within its grace period, but the RD Session Host server has not been configured with any license server.
Yet, we only use this with 2 connections as part of the standard licence agreement and this server is not used as a user's desktop only an ftp and web server- do therefore we do not need to purchase any cal licences (we have another server with the same
hosting company that does not have this issue and has been up for 18months)
Please can someone advise how I resolve this issue, the hosting company states that I must resolve it as they only host and resell the server licence
Thank-you
Richard SteeleHi Richard,
You need to uninstall Remote desktop session host feature. After removing it, you will default two connections which does not need to purchase RD CALs'.
Thanks,
Umesh.S.K -
Windows 2012 Remote desktop session host server not detecting RD licensing server
Hi,
We have a customer server which is Windows 2012. We installed RDS session host server role and configured it to use RD licensing server as per the
https://support.microsoft.com/kb/2833839?wa=wsignin1.0
After configuring, when I open RD license diagonser tool, it says, RD license server is not available. Also shows, credential not available. When I enter the credential by clicking, provide credentials, it does not get applied. I see no event logs related
to RD service. However, I see the below event log which points to RD licensing server.
DCOM was unable to communicate with the computer <RD license server> using any of the configured protocols; requested by PID 273c (C:\Windows\system32\mmc.exe).
Please help in fixing the issue.
Thanks,
UmeshHi Umesh,
Thanks for your comment.
During your configuration, have you specified RD License server for RDSH to use?
You can also specify a license server for the RD Session Host server to use by applying the Group Policy under below path.
Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing
Use the specified Remote Desktop license servers – Provide the FQDN of the license servers to use
Also this setting can be specified by below method.
To configure the license server on RDSH/RDVH:
$obj = gwmi -namespace "Root/CIMV2/TerminalServices" Win32_TerminalServiceSetting
$obj.SetSpecifiedLicenseServerList("License.contoso.com")
Note “License” is the name of the License Server in the environment
To verify the license server configuration on RDSH/RDVH:
$obj = gwmi -namespace "Root/CIMV2/TerminalServices" Win32_TerminalServiceSetting
$obj.GetSpecifiedLicenseServerList()
More information.
RD Licensing Configuration on Windows Server 2012
http://blogs.technet.com/b/askperf/archive/2013/09/20/rd-licensing-configuration-on-windows-server-2012.aspx
In addition you can refer this article for reference.
Hope it helps!
Thanks.
Dharmesh Solanki
TechNet Community Support -
Onscreen Keyboard appears when shadowing session on 2012R2 Remote Desktop Session Host
As the title suggests, whenever I shadow a session on our 2012R2 RDSH server, the onscreen keyboard appears. The taskbar also unlocks.
Both of these behaviours mean that the user can tell when their session is being shadowed, which I don't always want to be the case - sometimes I want to be able to monitor the session without their knowledge.
Anyone know how I can stop this from happening?Hi,
Thank you for posting in Windows Server Forum.
Yeah, we can use the following command where we can take user shadow session without giving him any notification, and no need to approve by the user.
mstsc.exe /shadow:ID /v:ServerName /control /noConsentPrompt
But for this, we need to set the following group policy:
[Computer Configuration | User Configuration]
\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections
Set rules for remote control of Remote Desktop Services user sessions: Enable
Select the option: Full Control without User’s permission
Hope it helps!
Thanks.
Dharmesh Solanki
TechNet Community Support -
How to enable 2 concurrent Administrative remote desktop sessions in Win 2008 R2 ??
Hi,
By default, 2008 R2 allow 2 concurrent administrative remote desktop sessions. But when i trying to connect 2nd administrative remote session, the 1 st will be disconnected.
Is any settings need or just my misunderstanding ??
ThanksHi,
Thanks for your posting in Windows Server Forum.
Yeah, agree with words of Bred; only 2 remote desktop session is allowed for administrative purpose. If you want more than 2 remote desktop session than you need to purchase RDS CAL, install RD Licensing role activate it first and then configure CAL on it.
There are 2 types of CAL available (USER & DEVICE). You can purchase CAL according to your company requirements. For more information you can refer below article.
Install and issue RDS CALs or TS CALs
http://technet.microsoft.com/en-us/library/hh553159(v=ws.10).aspx
Hope it helps!
Thanks,
Dharmesh -
Remote Desktop Session Host setup on 2012 r2
Here is a screenshot
I recently setup a 2012 r2 server for RDSH. We aren't using any VDI options but want to us it to host a specific application to multiple users.Problem: I Installed the role via the server manager and followed the wizard. I later went to the RD licensing manager to install the CALs. I chose the per user CAL option for 25 licenses and got the green light saying that the licenses are installed. However, whenever I log on I get the message say that I am in the "grace period" mode and that licensing is not configured. I look into the RD Licensing Diagnoser and it states that the number of licenses is 0 and this error message:
"The licensing mode for the Remote Desktop Session Host server is not configured."I looked up the issue online and found an article say that it's a known issue for per user CAL setup and the fix was to delete some...
This topic first appeared in the Spiceworks Community
Maybe you are looking for
-
How can I removed purchased music from my iPhone?
I purchase most of my music on my phone but i dont want it all to remain on my phone. i want it to be on my computer I also want to be able to only put playlists on my phone. for some reason it keeps duplicating songs that ive purchased. how to i fi
-
My apple t v tells me to connect to iTunes by hdmi
My Apple TV tells me to connect to iTunes and I cannot view from my IPad
-
Soft edges filter - not rendering correctly?
Hey, When I put the soft edges effect (under matte in video filters) over some text, it says it needs to render. However, once I render and the red line is gone, it just plays in the sequence as it did before, without the soft edges. Strangely, when
-
Fatal Security Flaw in WRT54GS?
Sorry I don't have the hardware revision handy. Firmware is 1.52.0. Model is WRT54GS. I'm configured with WPA2-PSK/AES. Broadcasting my SSID. No MAC access filtering. HTTPS access only to the config pages. Custom (not default) password. Remote m
-
How to install TTS to Captivate 7?
Hello, I recently successfully installed Captivate 7. (I had to uninstall it and reinstall it due to a problem.) I then downloaded Neospeech 32-bit Voices for Captivate 7 to my Downloads folder. I unzipped the file within my downloads folder and r