I have a client who is constantly having his RDP connections overridden. The error he receives:
"Your Remote Desktop session has ended.
Another user connected to the remote computer, so your connection was lost. Try connecting again, or contact your network administrator or technical support group."
Now, I know what this means, someone with the same login ID has connected and disconnected an active session. What I can't find is source of the login. The security audit log in the event viewer doesn't show me any helpful information at the time it happens.
For example, AROUND the right time (not exactly the right time, but I allow for clock drift) I get this:
Log Name: Security
Date: 7/6/2012 2:43:37 PM
Event ID: 4634
Task Category: Logoff
Keywords: Audit Success
An account was logged off.
Security ID: OBS\OBS-SBS$
Account Name: OBS-SBS$
Account Domain: OBS
Logon ID: 0xc9b46f6
Logon Type: 3
Can anyone help me figure this out? This user keeps having his app drop on him and sometimes restart quotes.
Thanks in advance.