?
Solved

TS Time session limit with RSA agent

Posted on 2013-12-17
11
Medium Priority
?
368 Views
Last Modified: 2014-10-28
Hi Experts,

I experiment a strange behaviour on a TS server (2003 R2) which is set to use the RSA agent. The users are disconnected of their TS session after 30 minutes of idle while the RDP-Tcp connection is directly set through tscc.msc to override user settings and disconnect from idle sessions after 18 hours only and disconnect active session after 1day. I also set the "End a disconnected session" to 1 day.

I contacted RSA and they told me that this is a Windows problem and that this can't be from RSA.

We use RSA Authentication Manager 7.1 and the Windows agent on the TS server (2003 R2)

Any idea ?


Thank you in advance for your help, best regards,
0
Comment
Question by:jet-info
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 64

Expert Comment

by:btan
ID: 39725694
In the past, RSA also advise that their appliance does not set user session timeout values. Specific to GPO, MS has the link to the configuration (there are 3 setting namely End a disconnected session, Active session limit and Idle session limit) and the RSOP to ensure the policy is configured

http://social.technet.microsoft.com/Forums/windowsserver/en-US/bf1c95c7-544f-4c04-9dee-ac0c4bb8e190/forum-faq-how-to-restrict-the-number-of-active-sessions-in-remote-desktop-services-manager?forum=winserverTS
http://technet.microsoft.com/en-us/library/cc758177(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc754272.aspx

Another way is to go registry to see if setting stands
e.g.
1/ Goto: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\TerminalServer\WinStations\RDP-Tcp
2/ Create DWORD
3/ Name: LogonTimeout (DWORD)
4/ Value: Specifies the time in seconds – Decimal Value – 300. Hex - (12c)its 5 minutes. - 3600. Hex (e10) is 1hr
5/ Please reboot the server after adding the above key.
0
 

Author Comment

by:jet-info
ID: 39785595
Sorry for the delay, I have to manage many networks and this problem is not in the top ten so please forgive me for the delay.
I tried all these solutions without any chance. RDP sessions still deconnect after 30 minutes... Even the registry key doesn't work!

What can I check now ?
0
 
LVL 64

Expert Comment

by:btan
ID: 39787325
Wondering if this helps and if w/o RSA will the TS session still be disconnected in short while of 30mins.

http://setspn.blogspot.sg/2010/12/remote-desktop-session-disconnection.html
0
Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

 

Author Comment

by:jet-info
ID: 39829028
Sorry for the delay,

I let it alone since it looks like that there is no solution... :(

I tried all theses solutions without any chance.

I don't understand, the registry key is configured, the GPO also. When I run a RSOP I can see it but it doesn't work.

The TS server is on a "SBS 2011 domain", I tried to isolate it in an inheritance blocked OU, the problem persists.

Any idea ?
0
 
LVL 64

Expert Comment

by:btan
ID: 39829458
It is going wild and we need to isolate the issue which can be the Windows alone. I do suggest the RSA agent in the server be removed and ascertain the session timeout does not exist with the policy set as in accordance to the discussion.

If that works to see that user are not timeout in short period, we can proceed to have the RSA agent installed and verify again. This time round the problem resurfaced and RSA support need to clarify why then.

I know it is painful to rebuild but that is also a good ways to isolate the before and after effect. Audit can be enable to trace the event but I think it is even more tedious to correlate , you can check out this post @ http://blogs.msdn.com/b/ericfitz/archive/2008/08/20/tracking-user-logon-activity-using-logon-events.aspx

I do see another option (or maybe the same as we said so far but no harm re-visit it) though I am not putting too much confidence in sieving out the root cause. It suggests configuring keep-alives.

http://nmsiam.blogspot.sg/2013/01/remote-desktop-session-timeouts.html

You can work around the issue by configuring RDP session timeouts manually.
This change requires a reboot
-Issue can be masked if "reconnect if connection is dropped" is set at the client. Look for many instances of users disconnecting, then immediately reconnecting to identify the issue
--Disconnect Event ID, followed by a Reconnect Event ID about 10 seconds later for the same user name (Event IDs below)
--The disconnect / reconnect can also be seen in the Event ID logs on a Remote Desktop Gateway server
-TCPIP keep alive does NOT need to be configured for the RDP keep alive to work
-The registry locations are the same for Windows Server 2003 and Windows Server 2008
0
 

Author Comment

by:jet-info
ID: 39839266
Sorry for the delay, I don't have a lot of time for the moment...
I come back ASAP.
0
 

Author Comment

by:jet-info
ID: 40027654
Edited the KeepAlive settings in the registry with no luck... After 30 minutes, the session is again locked...

What could it be?

Any other idea ?
0
 
LVL 64

Accepted Solution

by:
btan earned 2000 total points
ID: 40028623
Will you be able to surface more log and error message (event log and rsa side) to isolate the issue as apparently this will required more drilled in (else we hitting with trial and error which is not optimal)
0
 

Author Comment

by:jet-info
ID: 40117428
to be continued...
0
 

Author Closing Comment

by:jet-info
ID: 40408425
Thanks, the problem remain but what can we do more....
0
 
LVL 64

Expert Comment

by:btan
ID: 40408674
if only the support can see your log and help and this matter has been dragging .. and I wished not to change to 2008 R2 though
0

Featured Post

10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What's worse than having your data encrypted by ransomware? Getting attacked by a so-called "wiper," which simply destroys the data and offers you no hope of ever seeing it again.
If you're a modern-day technology professional, you may be wondering if certifications are really necessary. They are. Here's why.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question