none
RDP stuck at "Configuring Remote Session" WS2016 RRS feed

  • Question

  • Hi. We have a new WS2016 RDS deployment (VMs on Hyper-V):

     - 2x WS2016 RDGW in NLB

     - 2x RDCB in HA configuration

     - couple RDSH servers

    The problem is that in 30-50% of the connection attempts via these gateways, the connection is stuck at the "Configuring remote session" message. The connection is never successfully estabilished when this happens and it is closed without any error couple minutes later. When you try again (or just immediatelly cancel the connection and reconnect), the connection may or may not go through.

    When this problem happens, I can see there's single HTTP connection on the RDGW that accepted the connection with 0 bytes transferred in either direction. There are no related errors at this time.

    Can anyone help? Btw. this problem also happens when connecting to a different single-host RDS deployment through these gateways.

    I suspected the problem might be in the NLB, but removing either of the gateways from the NLB configuration (and from RDS farm) doesn't help, the issue is still there.

    Rebooting the gateways helps for a short while (hours), but then the issue is back.

    There are some other errors on the gateways, but these don't correlate to the connection attempts (event 210, source terminalservices-gateway: "Http transport: IN channel could not find a corresponding OUT channel" with no other details).

    RDP clients are various ... W8.1, W10, Mac...

    Tuesday, January 31, 2017 8:45 AM

All replies

  • Hi,

    For the problem, please try to the workarounds, which are descripted on the article below.

    Remote desktop connection is sometimes stuck on the "Securing remote connection" screen

    https://support.microsoft.com/en-us/help/2915774/remote-desktop-connection-is-sometimes-stuck-on-the-securing-remote-connection-screen

    In addition, I suggest you try to install latest updates for those computers.

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Jay GuModerator Tuesday, February 7, 2017 3:48 AM
    • Unproposed as answer by MarkosP Tuesday, February 7, 2017 7:20 AM
    Wednesday, February 1, 2017 3:24 AM
    Moderator
  • Thanks for replying, but that "workaround" a) doesn't help, b) is not acceptable even if it would work, we cannot force all our clients to perform that and c) we're not using self-signed cert.

    We actually opened a support ticket regarding this issue, but I'll still appreciate any input here.

    • Edited by MarkosP Tuesday, February 7, 2017 7:22 AM
    Tuesday, February 7, 2017 7:20 AM
  • Did you ever receive a fix for this? I am having exactly the same issue! I've logged it via MS Partner support but after a couple of weeks we haven't been able to make inroads. Apparently as they are a r break-fix team only they're unable to debug the gateway service to find the root cause. 
    Thursday, August 17, 2017 2:45 PM
  • I still have a ticket open with MS commercial support. No fix so far (been only couple months, right?). We've done many rounds of troubleshooting, diagnostic data collections etc., some ideas for fixes, nothing helped so far.

    We've created virtually identical NLB RDGW cluster using WS2012R2 VMs and that works flawlessly. MS support had me collect diag data from both 2012R2 and 2016 RDGWs, haven't found anything so far except for lot of retransmissions on the 2016 RDGWs.

    As of now, they want me to perform further tests (as recent rollup update contains some RDP-related fixes), haven't had time to test it yet.

    Btw: there's fixed 5min timeout value in RDC (RDP client), so when the issue occurs, you'll get the error message 5mins later.

    • Edited by MarkosP Thursday, August 17, 2017 2:54 PM
    Thursday, August 17, 2017 2:50 PM
  • Yes we are the same. We have many WS2012R2 gateways without this issue. Compounding matters here is that this infrastructure is a hosted solution for our customer so all of their connections go via gateway (gatewayprofileusagemethod:i:1).

    Partner support have said they are breakfix only, I'll need to put a case in for premier so I can get the RD Gateway service debugged. In our case restarting the gateway service resolves the issue as well for a period of time. 

    We also see those same error messages about 0 bytes and event id 210

    After packet capture, MS had me apply these changes to the VM last night;

    netsh interface ipv4 set interface “Local Area Connection” mtu=1458 store=persistent
    netsh interface tcp set global chimney=disabled
    netsh interface tcp set global rss=disabled
    netsh int tcp set global autotuning=disabled
    netsh int tcp set global congestion=none
    netsh int tcp set global netdma=Disabled

    Packet capture wasn't showing any re-transmits so I was dubious it could be related to MTU. Will let you know how I go.

    Friday, August 18, 2017 6:07 AM
  • Hi guys, we are experiencing the same issues with 2016 RDS gateway, did you have any luck resolving this problem?

    Our issue doesn't always affect both session hosts, one can be logged into the other gets stuck on Configuring remote session"

    • Edited by Stoal76 Tuesday, September 26, 2017 12:34 AM
    Monday, September 25, 2017 11:11 PM
  • We are having the exact same problem however, we are not utilizing NLB or HA. Did you downgrade RDGW from 2016 to 2012R2 and it's working flawlessly for you now?

    We currently have 1RDGW/RDCB with 7 RDSH machines - all WS2016.

    Friday, September 29, 2017 11:13 AM
  • Hi Stoal76,

    Did you have any sort out resolution to your issue? We are experiencing the exact same problem.

    Friday, September 29, 2017 11:15 AM
  • Hi. I haven't gotten any resolution. The case with MS support has been open since january and we temporarily closed it without any resolution at the end of August, because I don't have the time to test MS's buggy products in production where it affects our clients.

    So, we're on WS2012R2 RDGWs, all is good there.

    Friday, September 29, 2017 11:19 AM
  • ok, this is something we might have to introduce as well because we can't afford the outages. Were you able to introduce a 2012r2 RDGW easily or did you need to recreate the collections again? We are not utilizing UPD so have a collection for each RDSH machine because we wanted to stick with local profiles.
    Friday, September 29, 2017 11:33 AM
  • Actually, we're not adding the RDGWs to the RDS deployment (via the roles), we just set them in the deployment properties. No need to reconfigure anything this way. So if you have all the session collections managed by one RDCB, then that's the only change you should have to do.
    Friday, September 29, 2017 11:37 AM
  • My only resolution is to reboot the particular session hosts and then if that doesn’t resolve it the gateway/broker server.

    I have seen lots of little issues with connecting to Remote desktop 2016 since installing my first production farm in Jan 2017, Black screens, authentication errors, temp profiles, User profile disks not unloading, and this issue with logon stuck at configuring.

    Each time I hope the next cumulative update will resolve the issues but who knows, I am now running the September 2017 CU, but then today I had some logged on with Temp profile issues but they have resolved themselves without a reboot.

    I am starting to think a weekly reboot of the whole farm might be the easiest option to keep things running smoothly.

    Wednesday, October 4, 2017 9:08 AM
  • Same issue here.

    One RDGW 2016 server for many multi tenant RDS 2012 R2.

    Randomly stuck on "configuring remote connexion"

    Regards

    Wednesday, January 24, 2018 11:24 AM
  • Hello,

    You can try below settings hope this will solve your problem <g class="gr_ gr_73 gr-alert gr_gramm gr_inline_cards gr_run_anim Punctuation only-del replaceWithoutSep" data-gr-id="73" id="73">too,</g> because <g class="gr_ gr_79 gr-alert gr_tiny gr_spell gr_inline_cards gr_run_anim ContextualSpelling multiReplace" data-gr-id="79" id="79">i</g> also faced the same problem and found the solution on below.

    Fix RDP Stuck issue

    Thanks for Microsoft Experts


    Purushottamaher

    Saturday, February 3, 2018 2:57 PM
  • Thanks Purushottamaher.

    I will keep in mind your information.

    But i don't think it is an RDS issue.

    If i connect to RDS server without RD Gateway, connexion is OK

    When i reboot RD Gateway, connexion is OK.

    Regards


    Cedric Beaumois

    Friday, February 9, 2018 7:13 AM
  • I don't have anything to add here other than a "me too".  We just have a single gateway server.  When I was running it on a Server 2012 R2 instance, the connection completed very quickly.  Now that we're using Server 2016, it sometimes takes a long time at "configuring remote session"  Other times it's almost immediate.  This makes for a very inconsistent experience.

    Alex

    Saturday, April 14, 2018 6:18 PM
  • Another "Me Too!". Has anyone had any luck? Unfortunately going to a Windows 2012R2 GW server isn't an option.
    Tuesday, June 12, 2018 9:57 PM
  • Have any of you guys changed the session collection settings to anything other than standard?  It seems to have issues with negotiating a specific security layer and encryption protocol (rather than having both set to 'negotiate' and 'client compatible').  Another 'me too', but I haven't testing additional settings as above yet.
    Monday, June 18, 2018 12:06 AM
  • after running our rds2016 platform since last year with zero issues, we noticed this has started to happen over the weekend.  It's very annoying!

    any ideas?

    Tuesday, July 24, 2018 4:30 PM
  • Do you need to apply this to just the session hosts or also the gateways and broker servers?  I made the change just to the session host but still getting the stuck connections
    Wednesday, July 25, 2018 9:25 AM
  • GlenHarrison, apply what? There were couple suggestions in this thread.

    As far as my original scenario, we pretty much stopped trying to get this to work as I've written in past september. We don't have the money/time to be Microsoft's beta testers. Apparently, they don't have clue/don't care.

    We'll try again when WS2019 is released, I'd advise to stay away from 2016 RDGWs until then (if you're experiencing the problem).

    Wednesday, July 25, 2018 9:31 AM
  • I was trying to reply to purushottamaher post regarding the GPO settings.  Looking through our solarwinds logs we started getting the error on the 19th.  Prior to that, we haven't had a single issue on 2016.
    Wednesday, July 25, 2018 9:40 AM
  • Ah, alright. I didn't consider purushottamaher's suggestion as valid, since it involved enabling multiple sessions for users, which wasn't acceptable for us. Plus, I don't see how this would magically fix the issue when everything worked one moment and suddenly stopped (as is also your scenario).
    Wednesday, July 25, 2018 9:56 AM
  • We were heavily testing rds 2016 throughout the beta phase and went straight into production once RTM hit.  The reason we were so quick is that our ageing 2008 system was really bad.  It's been in constant heavy use since then, so what...well over a year?  never had any issues until last week on the 19th.

    Thinking about it.....we did play with the recently released webclient last week so I'm wondering if that is what's caused the issue.

    :edit:  Scrap that, we uninstalled it completely.....still having the problem



    Wednesday, July 25, 2018 9:59 AM
  • our issue may not be the same as the others, but I believe we have fixed it. Needed to delete the RSA machinekeys and reboot our brokers. The keys get generated again so nothing to worry about.
    Wednesday, July 25, 2018 12:28 PM
  • In my case it seems setting the security layer to 'RDP Security Layer' on the session collection will cause this issue.  If set to 'Negotiate' things are back to normal.
    Wednesday, July 25, 2018 8:40 PM
  • Hi everybody,

    Many people talk about changing RDS server configuration. But i think this forum entry talks about RDGateway 2016 issue

    MarkosP: Have you got the same issue if you connect directly to rds server ? without using rdgateway 2016

    In my case, I use RDgateway 2016 for multitenant.

    1 Rd gateway 2016 for 20 clients. RDgateway in his own domain with forest thrust and like you i don't set rdgateway in RDS deploiement.

    I need to reboot rdgateway every day to avoid "configuring session session" stuck randomly

    For internal use, i removed gateway 2016 and installed RDgateway 2012, no need to reboot !! no issue

    Regards

    Cedric


    Cedric Beaumois

    Thursday, July 26, 2018 6:21 AM
  • Hello Cedric, I believe the problem (at least our) had nothing to do with RDSH configuration, even MS support engineer was concentrating on the gateways (I've collected dozen network traces etc. of the communication between the client and gateways).

    Don't think we've tested direct connection (as it was irrelevant to us), but it's obviously an RDGW issue (or issue related to using 2016 RDSH + RDGW) since it works with 2012R2 gateways without any problems (as you've also confirmed).

    We haven't tried using 2016 RDGWs for more than a year, so it's possible the problem was mitigated since then, but for those experiencing it, I'd recommend save the time and money, use 2012R2 gateways and wait for WS2019 in hopes that MS will get it working again.

    Thursday, July 26, 2018 6:51 AM
  • Hi Everybody,

    We have the same issue.

    All our servers are in Windows Server 2016 version 1607 (OS Build 14393.2189)

    What's your server build ? 

    Many thanks,

    Emmanuel

    Monday, July 30, 2018 8:03 AM
  • Hello MarkosP

    It is not an issue related to using 2016 RDSH + RDGW 2016

    The is the same issue with   RDSH 2012 + RDGW 2016

    Every month, i look for solved issues in Widows update cumulative update concerning RDGW.

    Even with every night reboot, the are stability issue at the end of the day with  "configuring remote session".

    This week end , i created a hole new RDGW2012. ( witout eveny night reboot )

    Sorry for my english

    Cedric



    Cedric Beaumois


    • Edited by HANSOLO2 Monday, July 30, 2018 9:01 AM
    Monday, July 30, 2018 8:59 AM
  • Hi All,

    This article fix our problem :

    https://support.microsoft.com/en-us/help/2915774/remote-desktop-connection-is-sometimes-stuck-on-the-securing-remote-connection-screen

    It's working fine now.

    Regards,

    Emmanuel

    Friday, August 3, 2018 2:12 PM
  • Our solution was to disable the firewall on the Gateway server.

    Solution found on an different topic.

    https://community.spiceworks.com/topic/2002497-why-is-rdp-slow-into-my-2016-server-but-not-2012?page=1#entry-7472697

    Monday, August 20, 2018 8:24 AM
  • @AKDN Geneva - that "fix" is applicable only if you're using self-signed certificate, which we're not using

    @Sander Verkerk - that topic discusses different problem. Are you saying disabling Windows Firewall "fixed" the issue described in this thread? Anyway, I can't consider disabling firewall a valid solution for corporate environment.

    Monday, August 20, 2018 9:10 AM
  • @AKDN Geneva - that "fix" is applicable only if you're using self-signed certificate, which we're not using

    @Sander Verkerk - that topic discusses different problem. Are you saying disabling Windows Firewall "fixed" the issue described in this thread? Anyway, I can't consider disabling firewall a valid solution for corporate environment.

    It's an fixs for the above situation.

    Our situation:

    1x gateway
    5x host servers
    1x dc
    2x broker servers

    All the servers are behind NAT and we use an third party RDP blocker (wrong pass x times = IP block).
    I agree disabling internal firewall is not an corporate solution but with all the other solutions we use it is for now.

    Monday, August 20, 2018 2:06 PM
  • Hi,

    We have the same issue here, the connection is stuck at the "Configuring remote session" message

    1x Gateway 2016

    3x host servers 2016

    1x dc 2016

    1x broker server 2016

    All this server are up to date.

    We tried all solutions above (firewall, etc...) without success. Anyone has a new idea ?

    Thursday, September 27, 2018 12:50 PM
  • Deleting C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys contents (careful!) and re-applying the correct certificate after a reboot fixed my hanging RD Gateway as well. 
    • Edited by Jaajog Tuesday, October 30, 2018 10:37 PM
    Tuesday, October 30, 2018 10:35 PM
  • For what it's worth, we've deployed a new WS2019 RDGW and the problem is still there. Manifested also by not being able to open RDGW management console, starting the service (TSGateway) manually after it failed to restart solved the problem temporarily.

    So still no solution for me.

    Wednesday, December 12, 2018 3:11 PM
  • We are experiencing similar problems. Worked fine for the last half year - year and now suddenly the issues started without any changes in the environment.

    We are running

    • 1x WS2016 Web
    • 1x WS2016 Gateway
    • 1x WS2016 Broker
    • 10x WS2016 Hosts

    at the moment we are at 1 out of 3 connections that work and others you have to cancel and try again before they work but they always get stuck on "Configuring remote session".

    We see that the broker passes the connection on to the RDS and there it just shows the following event: "Listener RDP-Tcp received a connection"

    After that not a single logentry is created.

    Monday, December 31, 2018 11:24 AM
  • I found it somehere else, did not remember sorry:

    For me it helpded to rename at the Mashine from where you try to connect to whatever:

    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys

    to

    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys.old

    Restart the Server, and since this Time, everything with RDP is running like a Charm.

    Hope this helps

    //Clemens



    • Edited by Clemens_B Wednesday, January 30, 2019 12:43 PM explanation
    Wednesday, January 30, 2019 12:06 PM
  • Clemens_B, I'm not sure I follow - did you rename the folder on the client from which you connect or on the server (RDSH?). Because you say 'at the machine from where you try to connect Client", but then you restart the server.
    Wednesday, January 30, 2019 12:27 PM
  • ok, sorry, I´m connecting from Server to Server...

    The Server/Client/Mashine FROM wich I try to connect, there it should be renamed.

    There I´m facing the Error...

    And I just renamed it, in case I have torestore it.

    I had 6 keys in it, and after restart just 2, but all went fine since some days.

    • Edited by Clemens_B Wednesday, January 30, 2019 12:45 PM
    Wednesday, January 30, 2019 12:42 PM
  • Clemens_B, thanks for the clarification.
    Wednesday, January 30, 2019 12:43 PM
  • ok, sorry, I´m connecting from Server to Server...

    The Server/Client/Mashine FROM wich I try to connect, there it should be renamed.

    There I´m facing the Error...

    And I just renamed it, in case I have torestore it.

    I had 6 keys in it, and after restart just 2, but all went fine since some days.

    you can't expect people to do this on their client computers... without changing anything on the client it works after rebooting the RDGW server... 

    We have over 200 clients ... I'm not going to go by them one by one to delete those keys ...

    Wednesday, January 30, 2019 12:57 PM
  • ok, sorry, I´m connecting from Server to Server...

    The Server/Client/Mashine FROM wich I try to connect, there it should be renamed.

    There I´m facing the Error...

    And I just renamed it, in case I have torestore it.

    I had 6 keys in it, and after restart just 2, but all went fine since some days.

    you can't expect people to do this on their client computers... without changing anything on the client it works after rebooting the RDGW server... 

    We have over 200 clients ... I'm not going to go by them one by one to delete those keys ...

    you have to do it on the Mashine FROM wich you like to connect, not on all Clients...
    Wednesday, January 30, 2019 1:57 PM
  • ok, sorry, I´m connecting from Server to Server...

    The Server/Client/Mashine FROM wich I try to connect, there it should be renamed.

    There I´m facing the Error...

    And I just renamed it, in case I have torestore it.

    I had 6 keys in it, and after restart just 2, but all went fine since some days.

    you can't expect people to do this on their client computers... without changing anything on the client it works after rebooting the RDGW server... 

    We have over 200 clients ... I'm not going to go by them one by one to delete those keys ...

    you have to do it on the Mashine FROM wich you like to connect, not on all Clients...
    Is this the Gateway, broker or remote desktop hosts because the word from means where you start the connection on.
    Wednesday, January 30, 2019 2:19 PM
  • I had the Problem on a fully new installed w2k16 Server im VM Ware Environment.

    The Problem is maybe connected to the keys and how virtual Maschines Images being created,

    so I had 6 Keys on a new virtual 2016, renaming the Folder and restarting the Maschine,

    and after this there are 2 Keys newly created, and it works, so maybe RDP chooses sometimes the wrong Key?

    Wednesday, January 30, 2019 2:59 PM
  • Clemens_B, if you're only connecting from a WS2016 virtual machine (using it as a client - run mstsc from there) to connect to a RDS infrastructure, then your solution is no good (at least for me), since my clients are computers all over the world including MACs, phones (Android, iPhones) etc.

    I'm glad removing the keys on the client works for you, but the problem is clearly on the gateway ... easily demonstrated by restarting the RDGW server (or just the TSGateway service).

    I have another (new) ticket open with MS support (regarding the new WS2019 RDGW), this time they insist on the problem being on the connection brokers (RDCB) despite me showing them I can (temporarily) fix the problem by restarting the gateway service...

    Clearly, they're shooting blindly out of the dark, while having no idea where the real problem is ...


    • Edited by MarkosP Wednesday, January 30, 2019 3:09 PM
    Wednesday, January 30, 2019 3:07 PM
  • Hi 

    Do you have a solution for this, mate?

    Cheers!

    M


    Maelito

    Tuesday, June 11, 2019 7:50 PM
  • Unfortunately no. The new case with MS support led nowhere, after months they closed it with no solution and forwarded me to Premier support (to which I don't have access).

    Wednesday, June 12, 2019 6:50 AM
  • Just to give anyone interested an update - we have brand new RDS deployment, went with the most simplistic setup, ie. 1x RDGW, 1x RDCB, 1x RDWA, 2x RDSH - all servers WS2019 with latest updates (as of today), and the issue is still there.

    Everything worked well during testing, but that was done with couple users. Once put into production where there are hundreds of sessions accumulated on the RDGW, the gateway exhibits the same problems.

    Monday, October 7, 2019 2:39 PM
  • We are also having the same issue. Users get "Securing network connection" and it finally times out. We restart all servers and usually users can get back in. You can see folks collecting on the remote desktop gateway, but not actually get logged in. Its like the rdp connection does not get passed on to the broker.
    Friday, October 18, 2019 3:30 PM
  • I'm still 95% sure it's the RDGW simply because of the TSGateway service behavior described above.
    Monday, October 21, 2019 1:10 PM
  • I faced a similar situation. Manually created connections to specific servers worked fine, proper RDWeb downloaded links got stuck on 'Configuring remote session'

    As it turned out the culprit was a vpn tunnel between the client network and the server farm.

    The clients and servers were on different subnets and domains. The FQDN of the gateway resolved using nameservers on the internet and yet somehow the gateway or client realizes they can reach the farm directly and bypasses the gateway. Setting the gateway to use the gateway even for local connections solved the issue.

    Local connections seem to be a matter of definition.

    • Proposed as answer by Mr.Snuggles Wednesday, November 6, 2019 5:09 PM
    Wednesday, November 6, 2019 5:09 PM
  • Well I'm glad it solved your situation, but there's no VPN involved in ours. Just random clients connecting from all over the world exhibiting the same behavior.
    Wednesday, November 6, 2019 6:56 PM
  • I think I've worked out the solution....

    Its down to the the management of maximum allowed simultaneous connections in the RD Gateway Manager properties not working properly.

    Change it from "Allow the maximum supported simultaneous connections" to "Limit maximum allowed simultaneous connections to:" and set a specific limit of say "999".

    Cured mine immediately!

    Friday, December 6, 2019 1:44 AM
  • trichromic, did you restart any server/service after changing the max. sessions limit?

    Edit: well, I've tried changing/configuring the max. sessions limit on the RDGW, but it didn't fix my problem, couple connections later, the problem is back. I haven't restarted/rebooted anything.

    • Edited by MarkosP Friday, December 6, 2019 11:04 AM
    Friday, December 6, 2019 9:22 AM
  • We are experiencing the same issue. We have 20x RDSH, 2x RDGW and 1x RDCB. The Gateway and Broker both are 2016, and the Hosts are 2012 R2. I have a ticket @Microsoft but there isn't any progress on the issue, we created the logs and they are analyzing the issue. But what I hear from the thread there won't be any results.. We are going to try and set the maximum simultaneous connection ont he gateway to the a limit of 999. If there are any other solutions, I liked to hear them.

    R.


    • Edited by RvanCharlie Wednesday, December 18, 2019 8:51 AM typo
    Wednesday, December 18, 2019 8:48 AM
  • Good luck; If you come up with a solution, please post it here. I have not gotten a definitive reason why this happens
    Wednesday, December 18, 2019 2:43 PM