none
RDS 2012 R2 / Session timeouts reset each time a new user log in RRS feed

  • Question

  • Hi,

    We have set up ( with GPO) session timeout for RDS users :
    - IDLE session : 1 hour
    - disconnected session : 1 hour
    - close session when timeouts are reached

    But sessions never hit timeout because each time a new user logs in or an IDLE user reconnects, all IDLE session counter are reset to 0.

    I am not able to figure out what is happening...

    Does anyone have an idea ?

    Regards,

    Arnaud

    Tuesday, September 3, 2019 3:41 PM

All replies

  • Are you using device based CAL's or user based CAL's for the machine where you had set the GPO? 

    Have you rebooted the machine after applying the GPO? Also did you ran gpresult to verify that policy is indeed hitting the machine?

    Regards,

    Akshay

    Tuesday, September 3, 2019 6:15 PM
  • Hi,

    we are using devices CAL.

    Servers have been rebooted since GPO has been set.

    GPO applies : if server is set on maintenance (so that no new user can connect), session reach IDLE and disconnected timouts.

    This is a new rds farm. Old one was 2008R2 and it worked like a charm. 

    I don't understand what i am doing wrong.

    Regards

    Tuesday, September 3, 2019 8:54 PM
  • HI
    1 can you enter gpresult /h c:\rds.html on session host w2012r2 and look session time limits settings? is there screen saver policy in your environment ?
    2 which "session time limits" policy did you using? is current policy user policy or computer policy ?
    computer configuration\administrative templates\windows components\remote desktop services\remote desktop session host\session time limits
    user configuration\administrative templates\windows components\remote desktop services\remote desktop session host\session time limits
    3 "all IDLE session counter are reset to 0."
    can you share where do you see that ?
    4 Please check the symptom in a clean boot (refer to windows 10 steps) environment if it is possible. ( I am not sure after another user logged on session host there is third party software will activate idle session)
    https://support.microsoft.com/en-us/help/929135/how-to-perform-a-clean-boot-in-windows

    Best Regards
    Andy YOU
    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.



    Thursday, September 5, 2019 3:23 AM
    Moderator
  • HI
    Is there any progress on your question?

    Best Regards
    Andy YOU
    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, September 10, 2019 4:03 AM
    Moderator
  • Hi

    No, the situation is still the same.

    IDLE time are still reset each time a new user connects.

    At the moment, I have update my GPO (computer GPO)  to set IDLE limit to 15mn and it works ( this interval permits to disconnect sessions regularly during the day before someone connects).

    Disconnected session are not affected ( idle time for disconnected session is never reset and reach its limit)

    For now, I am not able to determine if a third party program makes this behavior.

    Regards,

    Friday, September 13, 2019 9:04 AM
  • HI
    "For now, I am not able to determine if a third party program makes this behavior."

    when the test domain user logon the issue RDSH ,we can confirm fault time from event id 4624 in security log of this domain user then look if there is more related log information on fault time (and between try to logon time to fault time )
    on session host server

    event viewer\windows logs\

    application

    security

    system

    Event Viewer – Applications and Services Logs – Microsoft – Windows – TerminalServices-****

    Event Viewer – Applications and Services Logs – Microsoft – Windows –remote desktop management service

    Event Viewer – Applications and Services Logs – Microsoft – Windows – RemoteDesktopServices-****

    Event Viewer – Applications and Services Logs – Microsoft – Windows-remoteapp and desktop connections

    Event Viewer – Applications and Services Logs – Microsoft – Windows-remoteapp and desktop connection management


    Best Regards
    Andy YOU
    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Tuesday, September 17, 2019 3:42 AM
    Moderator
  • Hi,

    After a user connexion that has reseted IDLE counter, there are 6 events in the logs that are not informational.

    5 warnings and 1 error.

    ERROR :

    Nom du journal :System
    Source :       Microsoft-Windows-DistributedCOM
    Date :         17/09/2019 09:43:45
    ID de l’événement :10016
    Catégorie de la tâche :Aucun
    Niveau :       Erreur
    Mots clés :    Classique
    Utilisateur :  xxxxxxxxxxxxxxxx
    Ordinateur :   xxxxxxxxxxxxx
    Description :
    Les paramètres d’autorisation par défaut de l’ordinateur n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
    {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
     et l’APPID
    {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
     au SID xxxxxxxxxxxxxx de l’utilisateur (S-1-5-21-162529276-166861748-1283291503-13824) depuis l’adresse LocalHost (avec LRPC) s’exécutant dans le SID Non disponible du conteneur d’applications (Non disponible). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.
    XML de l’événement :
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
        <EventID Qualifiers="0">10016</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8080000000000000</Keywords>
        <TimeCreated SystemTime="2019-09-17T07:43:45.258920900Z" />
        <EventRecordID>82450</EventRecordID>
        <Correlation />
        <Execution ProcessID="720" ThreadID="13984" />
        <Channel>System</Channel>
        <Computer>VMRDP01.pyro.groupe.local</Computer>
        <Security UserID="S-1-5-21-162529276-166861748-1283291503-13824" />
      </System>
      <EventData>
        <Data Name="param1">par défaut de l’ordinateur</Data>
        <Data Name="param2">Local</Data>
        <Data Name="param3">Activation</Data>
        <Data Name="param4">{9BA05972-F6A8-11CF-A442-00A0C90A8F39}</Data>
        <Data Name="param5">{9BA05972-F6A8-11CF-A442-00A0C90A8F39}</Data>
        <Data Name="param6">xxxxx</Data>
        <Data Name="param7">xxxxxxxxxx</Data>
        <Data Name="param8">S-1-5-21-162529276-166861748-1283291503-13824</Data>
        <Data Name="param9">LocalHost (avec LRPC)</Data>
        <Data Name="param10">Non disponible</Data>
        <Data Name="param11">Non disponible</Data>
      </EventData>
    </Event>

    3 WARNING events are about printers GPO :

    L’élément de préférence « MPC4500-01 » utilisateur de l’objet de stratégie de groupe « PrinterDeployment {F86CED8C-B82E-4404-AA59-B5F8FFBC4788} » n’a pas été appliqué car il a échoué avec le code d’erreur « 0x8007000a Environnement incorrect. » Cette erreur a été supprimée.

    2 WARNING events are about USB redirection :

    Redirection of additional supported devices is disabled by Policy.

    regards,

    Tuesday, September 17, 2019 8:07 AM
  • HI
    7 can you look the registry on session host server in blew location then look which application relate to CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39}  if we can find the specified application ,we can try to disable this application then look if your issue persist  
    Computer\HKEY_CLASSES_ROOT\CLSID
    Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
    for example: I can know {00020833-0000-0000-C000-000000000046} is related to Microsoft office EXCEL.EXE like picture

    but in below document event id 
    10016 seems by design ,so it may be not root cause but if it is related to third party software ,we need to care it .
    https://support.microsoft.com/en-sg/help/4022522/dcom-event-id-10016-is-logged-in-windows-10-windows-server



    Best Regards
    Andy YOU
    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.




    Thursday, September 26, 2019 5:32 AM
    Moderator
  • HI
    Is there any progress on your question?

    Best Regards
    Andy YOU
    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Sunday, September 29, 2019 11:06 PM
    Moderator
  • Hi,

    Here is the information about the application :

    But this is not always this one; there is some similar errors with

    Best regards


    • Edited by arnaudT-DB Monday, September 30, 2019 9:08 AM
    Monday, September 30, 2019 6:44 AM