RDS Connection Broker fails to redirect user with error The parameter is incorrect

Question

Brand new RDS Farm, standard deployment, Server 2019 build 1809, current on updates.

Design:
RD-Gateway and RD-Web on 1 server in DMZ

RD-License and RD-Broker on 1 Server on dedicated subnet for servers
RD-SessionHost on 2 servers, 1 for remote desktop and one for remote apps

Issue, the Connection Broker fails to redirect the user, event log shows even 1306 that says the following.
"Remote Desktop Connection Broker Client failed to redirect the user domain redacted*user redacted*.
Error: The parameter is incorrect. "

This event comes after a different event that shows the user has successfully logged in, and even knows where to send the session to.

Event 801 shows the following.
"RD Connection Broker successfully processed the connection request for user domain redacted*user redacted*. Redirection info:
Target Name = redacted hostname of session host
Target IP Address = redacted ip address
Target Netbios = redacted netbios name of session host
Target FQDN = redacted FQDN of Connection Broker
Disconnected Session Found = 0x0"

I have searched for where to find the logs that will show what parameters are being rejected, and have had no luck.

The end user experience is, from the rdweb webpage user clicks on "remote desktop" downloads the RDP file and launches, then instead of connecting to the desired Session host, the user is presented with a login prompt on the connection broker and is then connected to the desktop of the connection broker.

In testing, I modified the RDP file to not include the broker, and from both inside the network and outside the network the user is able to connect to the desired session host using the rdweb webpage.

Does anyone know where the redirector logs are for the connection broker so I can find what parameter is "incorrect" and fix this?

Answer 1

I never asked for dump log analysis, I just wanted ideas of where to look, as nothing would indicate what parameter was wrong.

Now I have recently made some progress, as I found legacy group policy "extra registry settings" and have deleted them, and now I am getting the error messages that everyone else has noted. Once I get this working, I will post back here and provide others the details I was looking for since at the beginning of this (and at the time of writing this) there was nothing covering this exact error log, or where to even look to find what parameter was wrong.

Answer 2

Hello @Nick Jahn ,

1.The RDP files you download from the Web Access site include a special tag that indicates which collection you're connecting to so you get redirected properly.
https://www.reddit.com/r/sysadmin/comments/c1mmik/rds_server_2019_can_not_connect_to_session_broker/

2.For the RD Connection Broker do not redirect the session to RDSH in a new RDS environment, you need configure the default collection on RDCB in registry.
You should create the registry value DefaultTsvUrl under the path below with tsv://MS Terminal Services Plugin.1.<collection alias> on RDCB.
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\ClusterSettings
https://social.technet.microsoft.com/Forums/en-US/19218ead-f20f-4194-a4d3-9f192eca42d2/windows-2016-rds-event-1306-connection-broker-client-failed-to-redirect-the-user-error-null?forum=winserverTS

3.What's found in the system event log when the error occurred? Kindly check if any event logs has captured the problem:
Event log checking:
TerminalServices-RemoteConnectionManager and TerminalServices-LocalSessionManager logs to view information about connections.
Step 1: Press Windows+R to open the Run dialog, enter eventvwr (or eventvwr.msc) and hit OK.
Step 2: Navigate to Event Viewer\ Applications and Services Logs\ Microsoft\ Windows\ TerminalServices-*
https://learn.microsoft.com/en-us/answers/questions/132951/remote-desktop-connection-broker-on-2016-server.html

FYI:
Useful log files for troubleshooting RDS issues: https://learn.microsoft.com/en-us/troubleshoot/windows-server/remote/log-files-to-troubleshoot-rds-issues

Best regards,
Leila

---

If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 3

@Leila Kong
Thanks for the answer but I already checked those links, and I already know about the special tag for the collection. I have also already tried the deafult TSV regkey, and I end up with the same results.

The Farm is a brand new farm, no pre-existing servers are a part of it, the only redirect is from the broker to the session hosts that are a part of this brand new Farm.

The logs are as I already mentioned, they get farther than all the forums you posted mention, I don't get the "error:Null" like everyone else is getting, I get "error:The Parameter is Incorrect". The server authenticates the user, starts the session arbitration, recognize the request for the the desired collection (either a remote desktop from one session host or a remote app from a different session host), sends the redirection packet, begins to perform the redirection and then it gives the event I already mentioned.
"Event 1306
Remote Desktop Connection Broker Client failed to redirect the user domain redacteduser redacted.
Error: The parameter is incorrect. "

I have already checked firewall logs, forensics XDR logs, and scoured all the Terminal Services logs in event viewer, and nothing is showing as being blocked, and the only error is the 1306 event, and that does not say what parameter is incorrect, it just says "The parameter is incorrect."

Here is what the web generated RDP file looks like, and I have not made any changes to how the system generates the files, so it is already putting the correct TSV tag in the file on its own.

start of rdp file

redirectclipboard:i:1
redirectprinters:i:1
redirectcomports:i:1
redirectsmartcards:i:1
devicestoredirect:s:
drivestoredirect:s:*
redirectdrives:i:1
session bpp:i:32
prompt for credentials on client:i:1
server port:i:3389
allow font smoothing:i:1
promptcredentialonce:i:1
gatewayusagemethod:i:2
gatewayprofileusagemethod:i:1
gatewaycredentialssource:i:0
full address:s:redacted broker
gatewayhostname:s:redacted gateway
workspace id:s:redacted workspace name
use redirection server name:i:1
loadbalanceinfo:s:tsv://MS Terminal Services Plugin.1.redacted collection
use multimon:i:1
alternate full address:s:redacted broker
signscope:s:Full Address,Alternate Full Address,Use Redirection Server Name,Server Port,GatewayHostname,GatewayUsageMethod,GatewayProfileUsageMethod,GatewayCredentialsSource,PromptCredentialOnce,RedirectDrives,RedirectPrinters,RedirectCOMPorts,RedirectSmartCards,RedirectClipboard,DevicesToRedirect,DrivesToRedirect,LoadBalanceInfo
signature:s:redacted signatures

end of rdp file

Answer 4

@Leila Kong
For the event logs you asked for, all are successful logins, successful authentications, Listener RDP-TCP received a connection, and successful processing of redirect request.

Under Connection Broker, I get events 800, 801, and then several minutes later I get an 819.

Answer 5

Hello @Nick Jahn ,

This is a quick note to let you know that I am currently performing research on this issue. If you have any updates during this process, please feel free to let me know.

Please also understand due to security policy and from our professional level, we do not provide dump/log analysis. In addition, if this problem is more urgent for you I still recommend that you open a case to Microsoft for further professional help.
https://support.microsoft.com/en-us/help/4341255/support-for-busines