Hey Everyone,
Thank you in advance for your help. I have an on-prem Windows Server 2022 Standard Hyper-v host with two guests. One is an AD server the other is a remote desktop server. All OS patches are applied at the time of writing for host and guests. Host is a Lenovo ST650 gen 3 with Broadcom NIC's. Local network runs IPv4 and IPv6.
Actual Problem:
The RDS host will intermittently not allow end user sessions. The end users will receive an error "your credentials are invalid". All end users are on Windows 10 Professional machines. All machines are on the LAN and joined to an active directory. Rebooting the RDS machine will allow the connections again. Stopping and starting terminal services does not allow connections.
Event Viewer Process for connection / Diagnostics:
Under RemoteDesktopServices-RDPCoreTS - Operational I see process of the machines authenticating to the server. Here is the sequence:
Event 131: RemoteDesktopServices
The server accepted a new TCP connection from client 192.168.1.15:50252.
Event 65: RemoteDesktopServices
Connection RDP-Tcp#4 created
Event 72: RemoteDesktopServices
Interface method called: PrepareForAccept
Event 72: RemoteDesktopServices
Interface method called: SendPolicyData
Event 141: RemoteDesktopServices
PerfCounter session started with instance ID 4
Event 142: RemoteDesktopServices
TCP socket READ operation failed, error 64
Event 226: RemoteDesktopServices
RDP_TCP: An error was encountered when transitioning from StateUnknown in response to Event_Disconnect (error code 0x80070040).
Event 72: RemoteDesktopServices
Interface method called: OnDisconnected
Event 72: RemoteDesktopServices
The server has terminated main RDP connection with the client.
Event 229: RemoteDesktopServices
ICEPairInactivated
Event 145: RemoteDesktopServices
During this connection, server has not sent data or graphics update for 0 seconds (Idle1: 0, Idle2: 0).
Event 148: RemoteDesktopServices
Channel rdpinpt has been closed between the server and the client on transport tunnel: 0.
Event 148: RemoteDesktopServices
Channel rdpcmd has been closed between the server and the client on transport tunnel: 0.
Event 148: RemoteDesktopServices
Channel rdplic has been closed between the server and the client on transport tunnel: 0.
Event 103: RemoteDesktopServices
The disconnect reason is 4407
We have "disabled" Require user authentication for remote connections by using Network Level Authentication
We have set a group policy on the RDS host to require use of specific security layer for remote connections to "RDP"
We have also added a registry key on the client machines to disable UDP
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client
Create a DWORD named fClientDisableUDP and assign it a value of 1
The server does not drop any packets, I am able to stay logged into the machine and lookup articles while the incident is occurring. I'm not sure where else to go with the diagnostics.