none
Server 2016 RDS Start Menu and Taskbar Issues RRS feed

  • Question

  • We're running a single RDS setup with Windows Server 2016 Standard and about 2 weeks back we started to experience Windows Start Menu and Taskbar issues where these functions would suddenly stop working for all of the RDS users.  We are not using profile disks and each user connects to the RDS via our gateway server and their profile is stored locally on the RDS server.  No desktop or Start Menu redirection is setup.  We have 25 RDS CALs and there's normally about 20 users logged into the RDS server.  The server is a physical server running a 12core Intel CPU with 32Gb of RAM and an NVME SSD Intel disk.

    The desktop apps like Microsoft Office will continue to function fine but if you minimize the running apps, the user can not click on the minimized apps as the Taskbar doesn't respond along with the Start Menu.  The only thing that currently works is to logout the user session using Task Manager or to reboot the server.  When the user reconnects and gets a new session, the Start Menu and Taskbar will work for several hours before it goes back to the locked state.

    I have read quite a few posts and I have re-installed the Windows apps with the following PS script:

    Get-AppXPackage -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\AppXManifest.xml”}

    I have run a full sfc /scannow and checked the health of the windows image.  These all complete fine without issue.

    Tonight I have found some older posts from 2017 about Server 2016 RDS black screens that are caused by duplicate Windows firewall rules getting created for each user every time they login.  While we don't have the black screen issue, I'm wondering if our issues with the Start Menu and Taskbar could be related to this same duplicate firewall rules for each user.  When I checked HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System on our RDS, I am seeing thousands of entries.

    Does anyone know if these duplicate firewall rules can cause the Start Menu and Taskbar issues?  If so, what's the proper way to delete them?

    Thanks for any input.

    Ken 

    Friday, March 29, 2019 1:41 AM

All replies

  • Hi,
    could you please add the a new registry key “DeleteUserAppContainersOnLogoff” like below then install this update patch KB4467684 for your server 2016 ?
    "Addresses an issue that slows server performance or causes the server to stop responding because of numerous Windows firewall rules. To enable the changes, add a new registry key “DeleteUserAppContainersOnLogoff” (DWORD) on “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy” using Regedit, and set it to 1."

    microsoft update catalog KB4467684
    https://www.catalog.update.microsoft.com/Search.aspx?q=KB4467684

    November 27, 2018—KB4467684 (OS Build 14393.2639)
    https://support.microsoft.com/en-us/help/4467684/windows-10-update-kb4467684

    Windows Servr 2016 RDSH - Firewall rules created at every login
    https://social.technet.microsoft.com/Forums/en-US/992e86c8-2bee-4951-9461-e3d7710288e9/windows-servr-2016-rdsh-firewall-rules-created-at-every-login?forum=winserverTS

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, April 1, 2019 6:57 AM
    Moderator
  • I have implemented the DeleteUserAppContainersOnLogoff regkey following the installation of the Microsoft patch for this issue. Do I still need to delete all of the entries in the registry under the registry key at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System? Or will they get deleted eventually anyway following several logins/logoffs with this new DeleteUserAppContainersOnLogoff setting that Microsoft provided? Thanks. Ken
    Monday, April 1, 2019 11:04 AM
  • hi,
    "will they get deleted eventually anyway following several logins/logoffs with this new DeleteUserAppContainersOnLogoff setting that Microsoft provided? "
    I think It will not delete them ,so if there are many repeated items in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System
    we can backup all registry on problematical server 2016 then try to delete items in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System  .


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, April 3, 2019 2:16 AM
    Moderator
  • I did the same thing 

    cleared out those firewall registry entries 

    Remove-Item "HKLM:\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System"
    New-Item "HKLM:\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System"
    Remove-Item "HKLM:\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules"
    New-Item "HKLM:\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules"
    Remove-Item "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Notifications" -Recurse
    New-Item "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Notifications"

    RESTART SERVER

    and ran the 

    Get-AppXPackage | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}

    But now all my users start menus are broken and wont launch at all

    We went from a sporadic lockup issue that was hitting one of our 6 servers a day to now all users start menus dont open

    (at least we can right click on it and also use the task bar) -

    my admin account i ran the commands under is working great..

    beware the early published fixes on this, they are apparently not proven


    • Edited by WC Tek Thursday, April 4, 2019 8:16 AM
    Thursday, April 4, 2019 8:15 AM
  • Hi there,

    We're also currently experiencing this issue with our customers which seems to have started after the 21/03/2019. We did have a patching run which installed the March CU - there may be some correlation with this.

    Environment:

    Windows Server 2016 Native RDP Farm deployment
    4x RD Gateways
    2x RD Connection Brokers
    2x RD Web Access'
    2x RD Web Proxy's 

    Hosting multiple customers which run Windows Server 2016 terminal servers and file servers which host their UPDs. Currently almost all our customers are affected, some ranging from 3 terminal servers to 20.

    Our Helpdesk is now constantly getting flooded with called regarding:

    Stuck sessions - UPD left behind after log off, having to clean up in \ProfileList reg key + releasing UPD from FS
    Start Menu / Task Bar hung - clock frozen - restarting Windows Explorer gets the user going again, icon names and pictures disappear, Windows Peek function also ceases to work. 
    With the Start Menu not launching, this has been a common issue from day dot - we previously did raise a MS ticket on this however didn't get it resolved as MS believed it was environment specific - however as you probably know, this isn't the case. MS did end up checking the permissions on the all relevant tile repository folders and did dig around the AppXPackage side.
    Whole Windows Shell crash - cannot click / launch anything on task bar and desktop - full session lock up (where we then have to kill the Windows Login Application process for the affected user to log then off as log off doesn't work / register)
    Slow logins - we have seen correlation with duplicate firewall rules and have run PS scripts against all our terminal servers to remove duplicate entries + applied the registry fix. Some servers have almost 20K rules that were removed. 

    We've tried many different avenues, currently do have an MS ticket open. Some servers we've rolled back the March CU but that hasn't made a difference. It seems that when User A from Server 1 calls up, there is a 90% chance that another 3 or 4 users will call up on the same server with the same issues after an hour or so. We end up running the fix of restarting Windows Explorer or getting the user to log off, log back in (we drain the server that the user was previously on, remove the mount point left behind from the UPD, remove the ProfileList reg key left behind for the user, make sure the UPD is unmounted from the FS and check if they've logged into another server.)

    Our Engineering team has observed some correlation with "Microsoft Toasts" - when users do have a broken task bar, some do have an Outlook toast which they haven't been able to clear an hour or two before the task bar issue occurred or right before it's happened. We've tried GPOs to disable it and see the outcome, this is still been tested.

    In regards to the multiple firewall rules and the cleanup, we did have an alleviation of the problem for a day or two after removing literally thousands of inbound and outbound rules + restarting all application servers affected however the issue has crept back in and hit us full force as of today.

    Microsoft have got me doing the following:

    Step 1:

            Dism /online /cleanup-image /restorehealth

            sfc/scannow

    Step 2:

    Clean Boot

    1-      Open “Run”

    2-      Type “Msconfig”

    3-      Select “Services” tab.

    4-      Click on “Hide all Microsoft services”

    5-      Click on “Disable all”

    6-      Apply

    7-      Ok

    8-      Restart the machine and check whether it’s working or not.

    I'm not confident this will resolve our issues, but I guess a clean operating environment needs to be established to remove any potential 3rd party applications / services that could be causing such issues - most customers are running the same start up services and we haven't changed the schema of this in the last few months. 

    Any ideas or suggestions, please feel free to post.

    Thanks,
    Ross

    Thursday, April 11, 2019 12:26 AM
  • Hi all,

    In addition to yesterdays update, at Microsoft's request we have checked and done the following:

    Dism /online /cleanup-image /restorehealth               - got a clean bill of health

     sfc/scannow                                                                        - got a clean bill of health

    We've also checked with any RemoteFX policies are pushed with GPO - this isn't the case.

    We've disabled Windows Audio service - yet to see the outcome of this, has anyone else had any correlation with this?

    Attempted to run 
    Get-AppXPackage -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\AppXManifest.xml”} but this failed both locally and trying to invoke the command remotely - have gone back to Microsoft on this point.

    Our Engineering team has found that when a task bar issue appears (frozen, hung) pressing the Windows Key on thet keyboard for the affected session kills Windows Explorer and restarts it - observations show that the desktop icon flash, task bar refreshes and applications reload on the task bar.

    Thanks,
    Ross

    Friday, April 12, 2019 4:01 AM
  • Any update on this issue? we have multiple companies facing this problem and tried all possible solution where none have resolved it. This is getting annoying! How hard can it be to implement a decent start menu on a next gen OS?! This is ridiculous!
    Friday, May 17, 2019 12:52 PM
  • Any news ?

    We have the same issue and nothing works...

    Monday, June 10, 2019 6:39 AM
  • Hi there,

    We're also currently experiencing this issue with our customers which seems to have started after the 21/03/2019. We did have a patching run which installed the March CU - there may be some correlation with this.

    Environment:

    Windows Server 2016 Native RDP Farm deployment
    4x RD Gateways
    2x RD Connection Brokers
    2x RD Web Access'
    2x RD Web Proxy's 

    Hosting multiple customers which run Windows Server 2016 terminal servers and file servers which host their UPDs. Currently almost all our customers are affected, some ranging from 3 terminal servers to 20.

    Our Helpdesk is now constantly getting flooded with called regarding:

    Stuck sessions - UPD left behind after log off, having to clean up in \ProfileList reg key + releasing UPD from FS
    Start Menu / Task Bar hung - clock frozen - restarting Windows Explorer gets the user going again, icon names and pictures disappear, Windows Peek function also ceases to work. 
    With the Start Menu not launching, this has been a common issue from day dot - we previously did raise a MS ticket on this however didn't get it resolved as MS believed it was environment specific - however as you probably know, this isn't the case. MS did end up checking the permissions on the all relevant tile repository folders and did dig around the AppXPackage side.
    Whole Windows Shell crash - cannot click / launch anything on task bar and desktop - full session lock up (where we then have to kill the Windows Login Application process for the affected user to log then off as log off doesn't work / register)
    Slow logins - we have seen correlation with duplicate firewall rules and have run PS scripts against all our terminal servers to remove duplicate entries + applied the registry fix. Some servers have almost 20K rules that were removed. 

    We've tried many different avenues, currently do have an MS ticket open. Some servers we've rolled back the March CU but that hasn't made a difference. It seems that when User A from Server 1 calls up, there is a 90% chance that another 3 or 4 users will call up on the same server with the same issues after an hour or so. We end up running the fix of restarting Windows Explorer or getting the user to log off, log back in (we drain the server that the user was previously on, remove the mount point left behind from the UPD, remove the ProfileList reg key left behind for the user, make sure the UPD is unmounted from the FS and check if they've logged into another server.)

    Our Engineering team has observed some correlation with "Microsoft Toasts" - when users do have a broken task bar, some do have an Outlook toast which they haven't been able to clear an hour or two before the task bar issue occurred or right before it's happened. We've tried GPOs to disable it and see the outcome, this is still been tested.

    In regards to the multiple firewall rules and the cleanup, we did have an alleviation of the problem for a day or two after removing literally thousands of inbound and outbound rules + restarting all application servers affected however the issue has crept back in and hit us full force as of today.

    Microsoft have got me doing the following:

    Step 1:

            Dism /online /cleanup-image /restorehealth

            sfc/scannow

    Step 2:

    Clean Boot

    1-      Open “Run”

    2-      Type “Msconfig”

    3-      Select “Services” tab.

    4-      Click on “Hide all Microsoft services”

    5-      Click on “Disable all”

    6-      Apply

    7-      Ok

    8-      Restart the machine and check whether it’s working or not.

    I'm not confident this will resolve our issues, but I guess a clean operating environment needs to be established to remove any potential 3rd party applications / services that could be causing such issues - most customers are running the same start up services and we haven't changed the schema of this in the last few months. 

    Any ideas or suggestions, please feel free to post.

    Thanks,
    Ross

    Any news ?

    We have the same issue and nothing works...

    Thanks Luca


    Wednesday, July 3, 2019 3:50 PM
  • I have also the same problem, started january this year, a long time a weekly restart of the server and disabling automatic updates  was a workaround, but now the frequency increase and the only what works is restarting the entire machine, but now during production hours..

    Hope anyone can help me


    Kind regards Willem Hendrik Berkhof

    Monday, July 8, 2019 8:17 AM
  • Same issue here - tried everything recommended. Has anyone had any luck resolving?
    Thursday, August 1, 2019 12:49 PM
  • Same problem here.

    Anyone tried deleting the FirewallPolicy registry entries?

    Tuesday, August 6, 2019 9:52 AM
  • Any update on this? Because I am inches away of reinstalling the whole system. Tried everything, short of reformatting the hard drive and reinstall windows.
    Friday, August 9, 2019 12:54 PM
  • Do you use a gpo to lock the taskbar ?

    Do you try to disable it ?

    Saturday, October 5, 2019 3:05 PM
  • Hi Ross Gregovic,

    Any update on this issue?

    Thank you.

    Sam

    Wednesday, November 20, 2019 7:27 PM
  • Hi Gents,

    Same issue on Server 2016! 

    Unfortunately so far no solutions can be found!

    Thursday, November 21, 2019 2:48 PM
  • Hi,

    I found some things and I will test that on the next days.

    Just sharing with you guys.

    Symptoms or Error

    Start Menu stops responding to left Mouse clicks and does not show any applications.

    Problem Cause

    Microsoft support explained that it is not supported to Roam "Appdata\Local\Packages" or “AppData\Local\Microsoft\Windows\UsrClass.dat*" files/directories. ShellHostExperience.exe, which is responsible for Start Menu, is not able to use them properly when roamed and therefore Start Menu becomes unresponsive.

    Solution

    Complete the following steps:

    • Add "Appdata\Local\Microsoft\Windows\UsrClass.dat" to Exclusions.(File)
    • Add "Appdata\Local\Packages" to Exclusions.(Folder)
    • Add GPP policy Reg key:

                   HKCU\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell\StateStore\ResetCache

    DWORD=1

    Source:  


    Friday, November 22, 2019 7:35 PM
  • Hey Samuel B. Gomes

    Any updates?

    Cheers

    Ben

    Thursday, December 5, 2019 4:00 AM