A single TIMEOUT drops Remote-Desktop Session on ASA

Similar Messages

• I need windows 7 screensaver to activate after terminating a remote desktop session

  I need windows 7 screensaver to activate after terminating a remote desktop session
  Ok, so this one is slightly complex.
  I have a monitor at work which needs to display company info via a screensaver set to scroll through a series of images. This is a pretty standard thing, but where my problem occurs is that the screensaver must be updated remotely each
  day via Remote Desktop, and not by a local user sitting at the PC itself. This works on XP with a bit of hacking and playing with settings. But it won't work on W7.
  Ok, so the XP setup first:
  When terminating the remote session, on the XP machine the system looks here:
  C:\windows\system32\config\defaultprofile\administrator’s documents\administrator’s pictures
  OR
  C:\WINDOWS\system32\config\systemprofile\ administrator’s documents\administrator’s pictures
  for the images to display during the screensaver, so I placed a shortcut to this folder (whichever one of the two it is on either of the two PCs i am doing this on; for some reason it isn't always the same path across all machines)
  on the desktop and had the user place the images in there. I also do a small registry hack so that after a timeout of 60 seconds, the screensaver looked in this location, found the images, and displayed as you'd expect. It always looks here after a remote
  session, and ignores the screensaver configured in the control panel UI, hance these stpes were necessary.
  So, now the PCs are being upgraded to W7, but this isn't working. I think it's because on W7 the desktop isn't simply being locked when a remote session is started, the entire user is being logged off. Once the session is terminated,
  the W7 PC sits at the login screen indefinitely and no screensaver ever displays.
  Does anyone know a workaround here? Sorry for the overly complex explanation, and if it doesn't make sense I'd be happy to elaborate. Thanks.

  Hi,
  Please see if the Screen saver timeout setting helps:
  Group Policy Settings for Personalization
  http://technet.microsoft.com/en-us/library/ee617164(v=ws.10).aspx
  Thanks.
  Nicholas Li
  TechNet Community Support

• The grace period for the Remote Desktop Session Host server has expired

  <p>I'm running Windows Server 2012, we only have 1 server and it's a DC.  I'm trying to RD to the server from my Windows 7 laptop. It was working fine on Friday but when I came in on Monday I got message saying that 'The remote session was disconnnected
  because there are no Remote Desktop License Servers available to provide a license'
  So after a bit of digging I found out my 'grace period' had expired, so ordered a new license which I got today, installed this all ok but still i cannot connect via RD I get the same message....went into the RD License Diagnoser and it said the problem
  was as follows
  'The grace period for the Remote Desktop Session Host server has expired, but the RD Session Host server has not been configured with any license servers. Connections to the RD Session Host server will be denied unless a license server is configured for
  the RD Session Host server.'
  Suggested Resolution as follows
  Configure a license server for the Remote Desktop Session Host server. If you have an existing license server, specify that license server for the RD Session Host Server. Otherwise, install RD Licensing on a computer on your network and Configure RD Session
  Host Server to use it.'
  I cannot figure out how to do this as I cannot find the RD Session Host Server tool. 
  Can any of you lovely people help me please

  Hello,
  Best option would be to assign the license server by using AD GPO. Youl will need to configure the following:
  Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing
  and define the settings for:
  Use the specified Remote Desktop License Server
  Set the Remote Desktop Licensing mode
  Then assign the policy tho your server.
  regards Robert Maijen

• Remote Desktop Session Host on Server 2012 not domain-joined

  I have a server 2012 which is running Remote Desktop Session Host role without the Connection Broker like described here:
  http://support.microsoft.com/en-us/kb/2833839
  Now the client would like the Network Level Authentication (NLA) disabled. And since server 2012 does not have the Remote Desktop Session Host Configuration tool, I have to use the server manager console.
  https://social.technet.microsoft.com/Forums/windowsserver/en-US/630cc818-69b0-4e1c-8d65-1b895b20e203/where-is-the-remote-desktop-session-host-configuration-tool-in-server-2012-?forum=winserverTS
  But when I go to the remote Desktop Services of Server manager, it says “You are currently logged on as local administrator on the computer. You must be logged on as a domain user to manage servers and collections.”
  So I tried finding some Powershell cmdlet could help me with the problem. I guess
  Get-RDServer
  or Set-RDSessionCollectionConfiguration would be the ones but I can’t seem to make them work.
  Any help, or a hint that I going in the right direction or not?

  Hi,
  Have you configure the certificate for your server?
  Add the user under Remote Desktop user local group, configure FQDN name of server. Please see that if we are using RDS server in workgroup then most of the tools provided to make managing/configuring RDSH servers easier in 2012 will not work in a workgroup
  configuration including some PowerShell command. You can check the below article for information.
  Deploying a RDSH Server in a Workgroup – RDS 2012 R2
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Windows 2012 R2 - Remote Desktop Sessions, RemoteFX, GPU, Blue Screen RemoteFX adaptor

  Nvidia GPU GRID K1
  Host Server - Dell Power edge R720 128 gig RAM 2 Xeon E5-2640v2 2.0GHz, 20M cache 8c
  Windows 2012 R2 full installation – Bios and all hardware with latest updates.
  Roles - Hyper V and Remote Desktop Virtualization Host
  EPT, GPU, WDDM (latest drivers) compatible for RemoteFX and fully up to date.
  I have disabled the video adaptor on the motherboard.
  I cannot complete with administrative permissions;
  dism /online /enable-feature /featurename:Microsoft-Windows-RemoteFX-EmbeddedVideoCap-Setup-Package
  Error: 0x800f080c
  Feature name Microsoft-Windows-RemoteFX-EmbeddedVidoCap-Setup-Package is unknown
  Question 1 - because video card on motherboard disabled, do I still need to complete this command?
  VM’s
  **I’m not interested in VDI but more Remote Desktop Sessions and the option to ‘pinch and zoom with Windows 8.1 tablets**
  VM1 - Windows 2012 R2 configured as generation 1 that is fully patched.
  This VM is able to start up and run until I add the new hardware for the RemoteFX Video adaptor from within the Hyper V settings. When I start the VM the server blue screens. I have tried multiple VM’s with 2012 but same thing
  If I created the VM as Generation 2 I am able to start the VM but the RemoteFX adaptor doesn’t appear in the device manager. I have read generation 2 isn’t compatible with RemoteFX.
  VM2 – *Testing purposes* - Windows 8.1 Enterprise configured as generation 1 that is fully patched.
  This VM I am able to start up and run the VDI after the RemoteFX video adaptor is installed, also the correct adaptor appears in the device manager. This seems to at least work correctly but I cannot pinch and zoom and the experience is poor.
  GPU summary within the Hyper V settings state there are 4 physical GPU’s all of which can be used with RemoteFX and that 1 virtual machine are using the GPU (Windows 8.1 enterprise VM)
  Firewalls off, latest RDP clients
  I have read you should be able to use Windows 2012 R2 and we should be able to use the sessions with pinch and zoom but now and then you come across something that tells me different.
  Question 2 – I need this to work with Windows 2012 R2 so we can use Remote Desktop Sessions 
  and the tablets can use pinch and zoom, anyone tell me what I may be doing wrong?

  Hi,
  Thank you for posting in Windows Server Forum.
  As per my research, you need to run the command although video adapter is disabled on motherboard. If you install the RemoteFX cap driver, the integrated video adapter is disabled while the operating system is running. 
  For more information you can refer beneath article.
  1. RemoteFX (with Hyper-V) is a serious business tool. For games.
  2. Configure RemoteFX in Hyper-V running Windows Server 2012 with low end GPU
  Hope it helps!
  Thanks.
  Dharmesh Solanki

• Windows Components/remote desktop services/remote desktop session host/profile doesn't appear to be working on 2008R2 boxes

  I have two domains.   One is an account domain with a one way trust with the resource domain.   Resource domain trusts the account domain and has a number of 2008R2 servers running within.  I am experiencing severe logon delays
  due to these servers being unable to access the server that hosts the user home folder specified directly on the user account profile tab from the account domain.   When using my workstation in the actual account domain (corporate) I have no
  problems.
  Because of these network restrictions,  I need to override the 2008R2's desire to access that user home folder location in the account domain.
  So far the best thing I have found to try is Windows Components/remote desktop services/remote desktop session host/profile/Set Remote Desktop User Home Directory
  The problem is that so far I have tried to configure this to point to both a local folder as well as a network path and it doesn't appear to be doing anything.   Not seeing any errors in the app or system log either.
  It is still trying to map the path in the account domain.
  Any ideas?
  Is there a better way to accomplish my goal?   The servers in the resource domain will be Citrix servers and there will be a lot of users connecting from the account domain.
  I tried this setting too,  but it only seems to work on the 2012 machines in my Resource domain.
  With the introduction of Windows 8 and Windows Server 2012 there is now a new group policy setting called “Set user home folder” and is found under Computer Configuration > Policies > Administrative Templates > System > User Profiles
  Help!

  Hi,
  This might be due to permission problems. Please check whether the user accounts for whose home folder to be redirected have permissions in the shared folder specified in the server. 
  Checkout the below link on Best Practice for creating Roaming Profile and Folder Redirection
  http://www.grouppolicy.biz/2010/08/best-practice-roaming-profiles-and-folder-redirection-a-k-a-user-virtualization/
  Regards,
  Gopi
  JiJi
  Technologies

• How can I Deny permissions to logon to Remote Desktop Session Host server in powershell script?

  I am need of some assistance please. I am a system admin and I am trying to create a script that will assist with the tedious tasks I have to do with disabling a user that no longer works for the company.
  I have created a script so far that will reset the users passwords and remove them from all groups (minus domain users).
  I am trying to make it where it will deny permissions to logon to Remote Desktop Session Host server as well as give full mailbox permission to the manager in Exchange Server 2010.
  I know with Exchange 2010, I will need to add the Powershell snapin. Is there a way for this to be added into the script? I am thinking to add the code:
  add-pssnapin Microsoft.exchange.management.powershell.e2010
  Is there another way to do this? Any help or recommendations would be much appreciated.
  $ou = Get-ADUser -SearchBase "<*OU info here*>" -Filter * |
  Set-ADAccountPassword -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "<*Password here*>" -Force)
  foreach ($user in $ou) {
  $UserDN = $user.DistinguishedName
  Get-ADGroup -LDAPFilter "(member=$UserDN)" | foreach-object {
  if ($_.name -ne "Domain Users") {remove-adgroupmember -identity $_.name -member $UserDN -Confirm:$False} }

  Why not just disable the account?Why are you searching an OU foro users when you just want to terminate one user?
  You can remotely connect an exchange session and manipulate the mailbox permissions.  You do not load a snap-in except on the Exchange server.
  $Session=New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://<FQDN of Exchange 2013 Client Access server>/PowerShell/
  Import-PSSession $Session
  # exchange commands here
  \_(ツ)_/
  We have a checklist we have to go through with the tasks listed. We have to keep to the account enabled until HR changes
  the status which is usually 30-90 days depending. Managers sometimes need to access the accounts to retrieve information, etc. We put the users in an OU; once we are given permission from the manager we move forward in the removal. 

• NULL SID Security Log Event ID 4625 when attempting logon to 2008 R2 Remote Desktop Session Host

  This is a new deployment of Server 2008 R2 in a newly created 08 R2 active directory on a newlyt installed 08 R2 RDSH server.
  A new generic user is created in AD. That user can log on to the terminal server on the console just fine. But that user cannot logon via RDP. Furthermore, the domain admin credentials also cannot logon via RDP.
  When either set of credentials is used, the logon attempt registered in the Windows Security Even Log as a denied attempt with Event ID 4625 reporting a NULL SID.
  Troubleshooting: The RDSH has already been disjoined and rejoined to the domain. Also, curious note, there are three ways to save the user account on the RDSH server as a valid user account which has permissions to logon. The one Microsoft recommends is to open computer management and edit the remote desktop users group. When I the accounts here and click apply, they immediately dissapear. Secondly, I can open the computer properties and go to the remote tab. There I find the user accounts added using the previous method are enumerated but not displaying correctly. They show up with the RDSH server name and a question mark. The last way, is to open the Remote Desktop Session Configuration tool and edit the properties of the rdp connection and go to the security tab. This was the only place I could get a user to ‘stick’ but the logon attempts still show a NULL SID and access is denied.
  I have scoured every bit of RDS documenation I can find with no luck.
  Thanks,
  Chris

  I am also experiencing this issue. 
  2008 servers, 2007 exchange on server 2008. 
  These are fresh servers, fresh AD. Users can log onto domain normally, RDP not working for admin accounts, generating same errors as posted above.
  The bigger issue, is that we have a cisco messaging service account that is generating this error on the DC's and the Exchange server as well. The service basically emails users voicemails to their inbox. The user we've created for the cisco service is unable
  to authenticate to the exchange server, in turn generating the same errors posted above as well. We can log on to the domain with this account just fine. 
  Any ideas on this? We have not tried re-adding the servers to the domain. 
  Log Name:      Security
  Source:        Microsoft-Windows-Security-Auditing
  Date:          5/5/2010 9:01:13 AM
  Event ID:      4625
  Task Category: Logon
  Level:         Information
  Keywords:      Audit Failure
  User:          N/A
  Computer:      xx.corp
  Description:
  An account failed to log on.
  Subject:
  Security ID:                         NULL SID
                  Account Name:                 -
                  Account Domain:                             -
                  Logon ID:                             0x0
  Logon Type:                                       3
  Account For Which Logon Failed:
                  Security ID:                         NULL SID
                  Account Name:                
  xxxx
                  Account Domain:                            
  xxxx
  Failure Information:
                  Failure Reason:                 Domain sid inconsistent.
                  Status:                                  0xc000006d
                  Sub Status:                         0xc000019b
  Process Information:
                  Caller Process ID:             0x0
                  Caller Process Name:     -
  Network Information:
                  Workstation Name:        laptop
                  Source Network Address:            -
                  Source Port:                       -
  Detailed Authentication Information:
                  Logon Process:                  NtLmSsp 
                  Authentication Package:               NTLM
                  Transited Services:          -
                  Package Name (NTLM only):       -
                  Key Length:                        0

• [Forum FAQ] Troubleshoot the error "The Remote Desktop Session Host server is in Per User licensing mode and No Redirector Mode"

  Symptom
  RD License server is a key component of RDS. It licenses users to access RDS servers.
  After purchase the required RDS CALs, we need to activate the RDS License server and install the purchased RDS CALs. However, during the installation or after installation, we may face errors
  about RDS License.
  In most cases, the following error may occur.
  Error:
  The Remote Desktop Session Host server is in Per User licensing mode and No Redirector Mode, but license server "Server name" does not have any installed licenses with the following
  attributes:
  Product version: Windows Server 2012
  Licensing mode: Per User
  License type: RDS CALs
  Troubleshooting
  1. Check whether the RD License Configuration is configured properly and there are no Warnings in the Event.
  2. The License Server should be part of 'RD Server License' group in Active Directory Domain Services.
  3. Check if the Licensing Mode is correct.
  - To change the Licensing Mode we can use RD Licensing diagnose, PowerShell cmdlet and Group Policy.
  Via PowerShell cmdlet:
  To change the licensing mode on RDSH/RDVH:
  $obj = get-wmiobject -namespace "Root/CIMV2/TerminalServices" Win32_TerminalServiceSetting
  $obj.ChangeMode(value)
  # Value can be 2 - per Device, 4 - Per user
  Via Group Policy
  Path: Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Licensing
  Use the specified RD license servers = FQDN of server name
  Set the Remote Desktop licensing mode =
  Per User
  However, if issue persists, please provide detailed information and post the question in the
  Remote Desktop Services (Terminal Services) forum.
  Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

  Hi Richard,
  You need to uninstall Remote desktop session host feature. After removing it, you will default two connections which does not need to purchase RD CALs'.
  Thanks,
  Umesh.S.K

• Adobe Acrobat Reader Starts when opening a Remote Desktop Session

  I recently upgraded to Acrobat Reader 8. Now I have a problem that Acrobat Reader loads when I open a Remote Desktop session. Has anyone else experienced this? Does anyone know what I should look at to get it to stop loading? Thank you.

  After a third uninstall and re-install I've managed to crack it.
  Thanks anyhow everyone.

• Windows Server 2012 The licensing mode for the Remote Desktop Session Host server is not configured

  Hi
  I have a standard Windows Server 2012 that is hosted in the cloud by a hosting provider -
  This server has been up and running fir 6 months - recently we have been getting a warning
  "The licensing mode for the Remote Desktop Session Host server is not configured" - The Remote Desktop Session Host server is within its grace period, but the RD Session Host server has not been configured with any license server.
  Yet, we only use this with 2 connections as part of the standard licence agreement and this server is not used as a user's desktop only an ftp and web server- do therefore we do not need to purchase any cal licences (we have another server with the same
  hosting company that does not have this issue and has been up for 18months)
  Please can someone advise how I resolve this issue, the hosting company states that I must resolve it as they only host and resell the server licence
  Thank-you
  Richard Steele

  Hi Richard,
  You need to uninstall Remote desktop session host feature. After removing it, you will default two connections which does not need to purchase RD CALs'.
  Thanks,
  Umesh.S.K

• Windows 2012 Remote desktop session host server not detecting RD licensing server

  Hi,
  We have a customer server which is Windows 2012. We installed RDS session host server role and configured it to use RD licensing server as per the
  https://support.microsoft.com/kb/2833839?wa=wsignin1.0
  After configuring, when I open RD license diagonser tool, it says, RD license server is not available. Also shows, credential not available. When I enter the credential by clicking, provide credentials, it does not get applied. I see no event logs related
  to RD service. However, I see the below event log which points to RD licensing server.
  DCOM was unable to communicate with the computer <RD license server> using any of the configured protocols; requested by PID     273c (C:\Windows\system32\mmc.exe).
  Please help in fixing the issue.
  Thanks,
  Umesh

  Hi Umesh,
  Thanks for your comment.
  During your configuration, have you specified RD License server for RDSH to use?
  You can also specify a license server for the RD Session Host server to use by applying the Group Policy under below path.
  Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing 
  Use the specified Remote Desktop license servers – Provide the FQDN of the license servers to use
  Also this setting can be specified by below method.
  To configure the license server on RDSH/RDVH:
  $obj = gwmi -namespace "Root/CIMV2/TerminalServices" Win32_TerminalServiceSetting
  $obj.SetSpecifiedLicenseServerList("License.contoso.com")
  Note “License” is the name of the License Server in the environment
  To verify the license server configuration on RDSH/RDVH:
  $obj = gwmi -namespace "Root/CIMV2/TerminalServices" Win32_TerminalServiceSetting
  $obj.GetSpecifiedLicenseServerList()
  More information.
  RD Licensing Configuration on Windows Server 2012
  http://blogs.technet.com/b/askperf/archive/2013/09/20/rd-licensing-configuration-on-windows-server-2012.aspx
  In addition you can refer this article for reference.
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support

• Onscreen Keyboard appears when shadowing session on 2012R2 Remote Desktop Session Host

  As the title suggests, whenever I shadow a session on our 2012R2 RDSH server, the onscreen keyboard appears.  The taskbar also unlocks.
  Both of these behaviours mean that the user can tell when their session is being shadowed, which I don't always want to be the case - sometimes I want to be able to monitor the session without their knowledge.
  Anyone know how I can stop this from happening?

  Hi,
  Thank you for posting in Windows Server Forum.
  Yeah, we can use the following command where we can take user shadow session without giving him any notification, and no need to approve by the user.
  mstsc.exe /shadow:ID /v:ServerName /control /noConsentPrompt
  But for this, we need to set the following group policy:
  [Computer Configuration | User Configuration]
  \Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections
  Set rules for remote control of Remote Desktop Services user sessions:  Enable
  Select the option: Full Control without User’s permission
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support

• How to enable 2 concurrent Administrative remote desktop sessions in Win 2008 R2 ??

  Hi,
  By default, 2008 R2 allow 2 concurrent administrative remote desktop sessions. But when i trying to connect 2nd administrative remote session, the 1 st will be disconnected.
  Is any settings need or just my misunderstanding ??
  Thanks

  Hi,
  Thanks for your posting in Windows Server Forum.
  Yeah, agree with words of Bred; only 2 remote desktop session is allowed for administrative purpose. If you want more than 2 remote desktop session than you need to purchase RDS CAL, install RD Licensing role activate it first and then configure CAL on it.
  There are 2 types of CAL available (USER & DEVICE). You can purchase CAL according to your company requirements. For more information you can refer below article.
  Install and issue RDS CALs or TS CALs
  http://technet.microsoft.com/en-us/library/hh553159(v=ws.10).aspx
  Hope it helps!
  Thanks,
  Dharmesh

• Remote Desktop Session Host setup on 2012 r2

  Here is a screenshot

  I recently setup a 2012 r2 server for RDSH. We aren't using any VDI options but want to us it to host a specific application to multiple users.Problem: I Installed the role via the server manager and followed the wizard. I later went to the RD licensing manager to install the CALs. I chose the per user CAL option for 25 licenses and got the green light saying that the licenses are installed. However, whenever I log on I get the message say that I am in the "grace period" mode and that licensing is not configured. I look into the RD Licensing Diagnoser and it states that the number of licenses is 0 and this error message:
  "The licensing mode for the Remote Desktop Session Host server is not configured."I looked up the issue online and found an article say that it's a known issue for per user CAL setup and the fix was to delete some...
  This topic first appeared in the Spiceworks Community