Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Terminal Services timeouts not applying / applying incorrectly

Posted on 2010-01-07
Medium Priority
Last Modified: 2013-11-21
We have a Microsoft Windows 2003 R2 terminal server with Citrix installed.   The clients that connect to this server have various idle timeout requirements so we have set appropriate session idle timeouts on each account, but these timeouts are not applying properly.

To test I have created an account with a 5 minute idle timeout.   If I leave the account logged in and watch it from Terminal Services Manager, I see the session go idle and the timeout comes and goes.  It stays connected for 60 minutes, then finally goes to a disconnected state.

I've checked local policy, resultant set of policy, the RDP and ICA listeners in Terminal Services Configuration MMC, and the MaxIdleTime values for the listeners in the registry.  None of them appear to indicate that a timeout has been defined.  Where could this 60 minute timeout coming from?

Question by:mmarechal
  • 3
LVL 14

Expert Comment

by:Craig Roberds
ID: 26203187
Where are you setting the individual users timeout session at?  In their AD profile?

If you have citrix servers often they have their own group policy (a loopback policy, see here if you don't know if you are using them:  http://www.msterminalservices.org/articles/Managing-Terminal-Services-Group-Policy.html)

If in the loopback policy in the Processing mode properties, if 'Replace' is used then it will not inherit any user settings from AD.  If 'Merge' is used then I am not 100% sure if those setting will come over or not, but that may solve it.

Not sure if that is your issue but that would be where I would start.

Author Comment

ID: 26208939
Thanks for your reply.  Yes, we're trying to set the session timeouts in the AD profile.

Group Policy loopback processing mode is currently Not Configured in local policy, and we don't have it set in any other group policies.   All of the policies we do have are applied to the user OU's (these users only logon through Citrix)

At the moment I've also placed my test user in an OU which has all group policies blocked just in case.

One new bit of information - I found that if I change the timeout on the AD profile of my test user from 5 mintues to Never, it doesn't seem to disconnect after 60 minutes.
LVL 12

Expert Comment

by:Daniel Borger
ID: 26209253
Have you tested using RDP? Some of the terminal services group policies do not apply perfectly to ICa connections.

Accepted Solution

mmarechal earned 0 total points
ID: 26211084
Yes, I'm testing using RDP and ICA, same results at the moment.

I've opened a ticket with Microsoft and they've pointed me to this article/hotfix:

We have Windows 2008 domain controllers and apparently the timeout values are stored differently in 2008 versus 2003.  Going to install this and see what happens.

Author Comment

ID: 26345711
Just applied the hotfix to all our domain controllers this past weekend.  It looks like that did the trick.

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits …
Know what services you can and cannot, should and should not combine on your server.
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question