Intermittent RDS Connection Issue

Question

Hey Everyone,

Thank you in advance for your help. I have an on-prem Windows Server 2022 Standard Hyper-v host with two guests. One is an AD server the other is a remote desktop server. All OS patches are applied at the time of writing for host and guests. Host is a Lenovo ST650 gen 3 with Broadcom NIC's. Local network runs IPv4 and IPv6.

Actual Problem:

The RDS host will intermittently not allow end user sessions. The end users will receive an error "your credentials are invalid". All end users are on Windows 10 Professional machines. All machines are on the LAN and joined to an active directory. Rebooting the RDS machine will allow the connections again. Stopping and starting terminal services does not allow connections.

Event Viewer Process for connection / Diagnostics:

Under RemoteDesktopServices-RDPCoreTS - Operational I see process of the machines authenticating to the server. Here is the sequence:

Event 131: RemoteDesktopServices

 The server accepted a new TCP connection from client 192.168.1.15:50252.

Event 65: RemoteDesktopServices

 Connection RDP-Tcp#4 created 

Event 72: RemoteDesktopServices

 Interface method called: PrepareForAccept

Event 72: RemoteDesktopServices

 Interface method called: SendPolicyData

Event 141: RemoteDesktopServices

 PerfCounter session started with instance ID 4

Event 142: RemoteDesktopServices

 TCP socket READ operation failed, error 64

Event 226: RemoteDesktopServices

 RDP_TCP: An error was encountered when transitioning from StateUnknown in response to Event_Disconnect (error code 0x80070040).

Event 72: RemoteDesktopServices

 Interface method called: OnDisconnected

Event 72: RemoteDesktopServices

 The server has terminated main RDP connection with the client.

Event 229: RemoteDesktopServices

 ICEPairInactivated

Event 145: RemoteDesktopServices

 During this connection, server has not sent data or graphics update for 0 seconds (Idle1: 0, Idle2: 0).

Event 148: RemoteDesktopServices

 Channel rdpinpt has been closed between the server and the client on transport tunnel: 0.

Event 148: RemoteDesktopServices

 Channel rdpcmd has been closed between the server and the client on transport tunnel: 0.

Event 148: RemoteDesktopServices

 Channel rdplic has been closed between the server and the client on transport tunnel: 0.

Event 103: RemoteDesktopServices

 The disconnect reason is 4407

We have "disabled" Require user authentication for remote connections by using Network Level Authentication

We have set a group policy on the RDS host to require use of specific security layer for remote connections to "RDP"

We have also added a registry key on the client machines to disable UDP

 HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client

 Create a DWORD named fClientDisableUDP and assign it a value of 1

The server does not drop any packets, I am able to stay logged into the machine and lookup articles while the incident is occurring. I'm not sure where else to go with the diagnostics.

Answer 1

Hello,

The issue may not be related to RDP, but rather a problem with your Domain preventing successful authentication.

I recommend logging in with a local account on the server side. You should enter <serverNAME>\username and then your password.

To alter your authentication process by disabling NLA:

a. Launch the gpedit.msc applet.

b. Go to Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Security.

c. Activate the policy to Require use of a specific security layer for remote (RDP) connections and choose RDP as the Security Layer.

d. Turn off the policy to Require user authentication for remote connections by using Network Level Authentication.

Restart the Terminal server.

---

If the Answer is helpful, please click "Accept Answer" and upvote it.