I noticed this myself, so did my own investigating before I even came onto Microsoft for answers. I found it interesting that you really log in just fine, its not frozen. But its not transmitting screen captures, which is why it does not show up on Event logs. I tested this by going through the motions to open run, start notepad, and type a message. I didn't see any of it of course, but upon logging back in there it was.
You can cycle it easily by using RDP and assume you are opening Win+R for Run, paste "shutdown /r /t 0". After every restart each user gets a new session to start. Use it to import Group Policies. There are many ways to get this done, I leave that research up to you. Run "gpedit.msc" in Admin would be the easiest (Ctrl+Shift+Enter).
It does not take long you wont be logging in any more as most of you us found out. Essentially you keep creating new RDP sessions until you trigger UDP protocol usage, and then your done seeing anything. Need to remain in TCP, like all the times before I have read so far.
So far I have had 100% success for 2 days with adding these Group Policy Changes:
LCP\Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections...
...\Restrict Remote Desktop Services users to a single Remote Desktop Services session
Enabled : Select Detection Level : Turn off Connect Time Detect and Continuous Network Detect
If you disable Connect Time Detect and Continuous Network Detect, Remote Desktop Protocol will not try to determine the network quality at the connect time; instead it will assume that all traffic to this server originates from a low-speed connection, and it will not try to adapt the user experience to varying network quality.
...\Select RDP transport protocols
Enabled : Select Transport Type : Use only TCPIf the UDP connection is not successful or if you select "Use only TCP," all of the RDP traffic will use TCP.
...\Select network detection on the server
Enabled
If you enable this policy setting, users who log on remotely by using Remote Desktop Services will be restricted to a single session (either active or disconnected) on that server. If the user leaves the session in a disconnected state, the user automatically reconnects to that session at the next logon.
My Documents\default.rdp file I used all day. I went a little overkill because I work remote for an Higher Education institution and this is a busy time. Can't afford nonsense right now.
full address:s:COMPUTER.DOMAIN.ROOT.TOPscreen mode id:i:2use multimon:i:0desktopwidth:i:2560desktopheight:i:1440session bpp:i:32winposstr:s:0,1,275,0,2367,1392compression:i:1keyboardhook:i:2audiocapturemode:i:0videoplaybackmode:i:1connection type:i:7networkautodetect:i:1bandwidthautodetect:i:1displayconnectionbar:i:1enableworkspacereconnect:i:0disable wallpaper:i:0allow font smoothing:i:0allow desktop composition:i:0disable full window drag:i:1disable menu anims:i:1disable themes:i:0disable cursor setting:i:0bitmapcachepersistenable:i:1audiomode:i:0redirectprinters:i:1redirectcomports:i:0redirectsmartcards:i:1redirectwebauthn:i:1redirectclipboard:i:1redirectposdevices:i:0autoreconnection enabled:i:1authentication level:i:2prompt for credentials:i:0negotiate security layer:i:1remoteapplicationmode:i:0alternate shell:s:shell working directory:s:gatewayhostname:s:gatewayusagemethod:i:4gatewaycredentialssource:i:4gatewayprofileusagemethod:i:0promptcredentialonce:i:0gatewaybrokeringtype:i:0use redirection server name:i:0rdgiskdcproxy:i:0kdcproxyname:s:enablerdsaadauth:i:0smart sizing:i:1drivestoredirect:s:remoteappmousemoveinject:i:1redirectlocation:i:0 |
Edit: Oh geeze, was that really what ended up on this user account? So yeah, the policies work - and dont use that file, just use what you normally config but keep the colors down, fonts normal, and anything that usually chews up bandwidth.
Anyways it should not be long now until we import this into the AD and set it loose on domain wide usergroup.
Cheers,
Alex