This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 84%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ1%3C/text%3E%3C/svg%3E)
Hi All
My organization has 5 Windows 2019 servers that we use as Remote Desktop endpoints for our users. Every few weeks or so, we started to notice things failing. Office products would stop being able to communicate with the Licensing server, showing our users they have no Shared Access License. The shell experience and search functions would stop working and start throwing DCOM errors in event viewer.
I scoured the internet for people that may be experiencing the same kind of issues, and found several reports, all of which offered different "solutions" that worked for them. For example, running a powershell command to re-register the appx manifest for each of the windows components.
I found an online forum post from February of 2021 where someone was having this issue, and someone else recommended looking at the registry, specifically:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\AppIso\FirewallRules
Apparently, this part of the registry gets inbound and outbound rules created on user log-in, and maybe never gets cleaned out? I tried opening this up to look and started crashing other user sessions as it tried to load. I took one of the servers that was failing (and we removed all other users from) and it wouldn't load even after an hour.
The recommendation from that post was to run a reg delete command for that key to trim the size down. I tested that on our failed server, and everything that was failing before started working again immediately.
My question is: Are there any official recommendations on how to combat this issue? If it has been a problem for nearly 4 years (at least), I would think that it would be easier to find documentation on this issue, but I haven't been able to find anything else particularly helpful. The solution I have right now is basically to set up a task to routinely delete those firewall rule keys as users log off of the server, which feels like a kludge.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello,
How are things going? We have not heard back from you in a few days and wanted to check on the status of this problem. Please let me know the results of your troubleshooting.
Your time is greatly appreciated.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 31%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
Yes, this is a know issue.
Ensure you installed the latest Windows Updates, and then create this registry value (as DWORD, with the value 1):
DeleteUserAppContainersOnLogoff
Here:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy
This solution is described on the following page (search for DeleteUserAppContainersOnLogoff on the page)
Addresses an issue that slows server performance or causes the server to stop responding because of numerous Windows firewall rules. To enable this solution, use regedit to modify the following and set it to 1
Thank you Lucas for finding that information! That makes sense. We've enabled those registry keys and that seems to be working.
Hello,
You can enable log auditing to monitor who has changed or added a rule for your users.
Follow this link:
Windows Server 2012 R2 version How to check which user created this folder - Microsoft Q&A
In your case, you should opt for registry-related options.
Also, do not forget to set your registry permissions to allow everyone to edit the specific registry directory.
If the Answer is helpful, please click "Accept Answer" and upvote it.
Big Thank You to Lucas for posting this answer in another comment!
Ensure you installed the latest Windows Updates, and then create this registry value (as DWORD, with the value 1):
DeleteUserAppContainersOnLogoff
Here:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy
This solution is described on the following page (search for DeleteUserAppContainersOnLogoff on the page)
Addresses an issue that slows server performance or causes the server to stop responding because of numerous Windows firewall rules. To enable this solution, use regedit to modify the following and set it to 1