How to fix server drops remote RMM RDP access randomly and local login frozen

Question

I am having a random issue lately where RDP local LAN drops Remote access via RMM software fails and local login frozen. SMB share and pings work though? Anyone have this?

Answer 1

Hello JC,

The symptoms you describe that RDP sessions dropping, RMM remote access failing, and even local console logins freezing, while SMB shares and ICMP pings remain functional point to a problem higher up in the stack than basic network connectivity. Since SMB and ping continue to work, the TCP/IP stack and LAN transport are intact. What’s failing is interactive session handling, which relies on services like TermService (Remote Desktop Services), Winlogon, and in the case of RMM agents, their own service hooks into the interactive desktop.

When you see this combination, the most common root causes are resource exhaustion or driver conflicts at the kernel level. For example, GPU or display driver issues can freeze the interactive session while leaving background services like SMB unaffected. Similarly, endpoint security agents or RMM software hooks can deadlock the Winlogon process, which prevents both RDP and local logon, but does not interfere with file sharing. Another possibility is that the lsass.exe process is hanging under load, which would block authentication and session creation but not disrupt existing SMB connections.

To narrow it down, check the Event Viewer under Applications and Services Logs > Microsoft > Windows > TerminalServices-LocalSessionManager and System. Look for Event IDs 56, 50, or 7011 timeouts. Also review whether the RMM agent service is crashing or hanging at the same time. If you can reproduce the issue, run tasklist /svc remotely while SMB is still working to see if TermService or Winlogon is unresponsive.

In environments where this happens randomly, I’ve seen it tied to outdated display drivers or GPU acceleration being enabled for RDP. Disabling hardware graphics acceleration for RDP sessions (HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\EnableHardwareMode) can stabilize sessions. Another angle is to confirm that the RMM agent is updated, since older builds can conflict with Windows 11/Server 2022 cumulative updates.

I hope you've found something useful here. If it helps you get more insight into the issue, it's appreciated to accept the answer. Should you have more questions, feel free to leave a message. Have a nice day!

Domic Vo.

Answer 2

The symptoms match known Remote Desktop issues where RDP and local interactive logon hang, but basic networking (ping, SMB) continues to work. Troubleshooting should focus on Remote Desktop Services, domain controller communication, and potential deadlocks or port exhaustion.

Use these steps to narrow down and remediate:

1. Check if this is an RDS service or SAM restriction issue
   • On the affected server, verify that Remote Desktop Services is running and responsive:
     • Open Services (services.msc) locally or remotely and confirm the Remote Desktop Services service is running; restart it if needed.
   • Check whether the Restrict clients allowed to make remote calls to SAM policy is enabled, which can block some RDP-related operations:
     • Open Group Policy Editor on the server.
     • Go to Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options.
     • Review Network access: Restrict clients allowed to make remote calls to SAM. If enabled, test with it relaxed or in audit-only mode as described in the linked policy guidance.
2. Check for RDS/domain controller deadlock or slow DC calls
   • On Windows Server 2012 R2, a known deadlock between RDS (termsrv.dll), LSASS (Kerberos), and the redirector can cause freezes or extremely slow logons while the server still responds to ping and SMB.
   • If the server is 2012 R2 and logons appear hung or very slow, implement the documented registry fix to stop RDS from querying the domain controller during logon:
     1. Back up the registry first.
     2. Start regedit.exe.
     3. Go to one of:
        • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services
        • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\<Connection Name> (default <Connection Name> is RDP-Tcp).
     4. Create a new DWORD (32-bit) Value named fQueryUserConfigFromLocalMachine.
     5. Set its value to 1.
     6. Close Registry Editor and reboot the server during a maintenance window.
   • Alternatively, if possible, upgrade the server to Windows Server 2016 or later, where this behavior is fixed by default.
3. Check for TCP port exhaustion affecting RDP
   • If the issue appears only after the server has been running for several days and a reboot temporarily fixes it, TCP port exhaustion may be affecting RDP and domain authentication while basic connectivity still works.
   • On the server, open Event Viewer → Windows Logs → System and look for events such as:
     • Event ID 4227 (Tcpip): local endpoint recently used, high rate of outgoing connections.
     • Event ID 4231 (Tcpip): ephemeral port allocation failure.
     • Event ID 5719 (NETLOGON) and 1129 (Group Policy) indicating trouble reaching a domain controller.
   • If these events are present, identify and stop the process that is consuming large numbers of outbound TCP connections (for example, a monitoring agent or backup tool) using the guidance in the port exhaustion troubleshooting article. After stopping the misbehaving process, test RDP again.
4. Confirm RDP is enabled and listener is healthy
   • When the issue occurs, if possible, connect to the server’s registry remotely (or via console) and verify:
     • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\fDenyTSConnections is 0 (RDP enabled).
     • Also check HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services for policy overrides.
   • If RDP is disabled (value 1), set it to 0 and test again.
5. If the problem persists
   • If the server is 2012 R2 and the registry change plus RDS service checks do not resolve the issue, consider:
     • Applying all current updates.
     • Planning an in-place upgrade to Windows Server 2016 or later, which removes the RDS/DC deadlock condition by default.
   • If TCP port exhaustion is confirmed but the offending process is a Microsoft component or cannot be changed, collect logs and engage Microsoft Support.

These steps target the specific combination of symptoms: RDP and local logon hanging while SMB and ping continue to function, which is characteristic of RDS deadlock or authentication/port issues rather than general network failure.

---

References:

• Troubleshooting access denied and user not authorized issues in Microsoft Remote Desktop Services
• Server freezes or user logon is slow when connecting to Windows Server 2012 R2 by using RDP
• "Remote Desktop cannot verify the identity of the remote computer" when connecting to a remote machine
• General Remote Desktop connection troubleshooting