strange problem connecting to terminalserver 2008

Hi, have a Windows 2008 R2 terminal server. The users is on a Windows 2008 R2 AD/domain server. Have multiple UPN Suffixes to simplifies user logon name

Domain name= Domain.local
UPN Suffix=company.no

User = Bob Norman
User logon name = bob@company.no
User logon name (pre-Windows 2000) = domain\bob_norman

I can logon to the Terminalserver with bob@company.no, but if i then close the session and wait so the mstsc close and then try to connect again it say that the user dont exist. The same if i use bob_norman@domain.local, it works once. If i use domain\bob_norman it works every time but i want to use bob@company.no
per-wAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

A KarelinCommented:
Did you look for errors, warnings in event viewer?
David Johnson, CD, MVPOwnerCommented:
what is your reconnection policy?  how long is the timeout period?  Here we allow 15 minutes to reconnect to the same session.. This helps in a lost connection or if a user closes the session (rdp window) accidentally
VB ITSSpecialist ConsultantCommented:
I can logon to the Terminalserver with bob@company.no, but if i then close the session and wait so the mstsc close and then try to connect again it say that the user dont exist.
When you say you close the session, do you mean you are simply disconnecting from the session then attempting to reconnect or do you mean you are logging off completely?
The 7 Worst Nightmares of a Sysadmin

Fear not! To defend your business’ IT systems we’re going to shine a light on the seven most sinister terrors that haunt sysadmins. That way you can be sure there’s nothing in your stack waiting to go bump in the night.

Rob GMicrosoft Systems EngineerCommented:
Do you have multiple domain controllers, and how do you have group policy configured when it comes to stale accounts in terminal services?
per-wAuthor Commented:
Its nothing in the error log on the server(s)
Its one domaincontroller with multiple UPN Suffix so its possible for users to use there own email address as username
As long as i use the "domain\pre-windows 2000 username" its ok, but when using a username@......... (both there mail domain name and domain.local) its nok ok after the first login. If i logof and login before the timeout then its ok, if i wait to after timeout or end the mstsc process on the client pc its not ok to login again. I will look into it more tomorrow, but it looks like after a restart of the rd-gateway then the users could login one more time but not after they then close there session. It looks like the problem only is with rdp connection made with the .msi files that is made in the remoteapp manager, if i make a rdp connection from scratch its looks to be ok, but i will test that more tomorrow too.
per-wAuthor Commented:
When using the .msi file to install the rdp/icon, where is the settings stored? Since its working ok with .rdp file but not when installing the .msi file i think there must be something with the settings, could i see them somewhere?
VB ITSSpecialist ConsultantCommented:
How did you go with native RDP? That's one vital piece of information to leave out - that the users were logging in via a RemoteApp. Please elaborate on how the RemoteApp file was created.
per-wAuthor Commented:
The .msi file was made on the rd session server in the remoteapp manager and then installed on the clients. The .rdp file is made from the rdp program on the client.
VB ITSSpecialist ConsultantCommented:
Sorry, what I meant to ask is what is the RemoteApp publishing to the end user? Are you publishing the entire Desktop of the RD Session Host to the users or just a program?
per-wAuthor Commented:
I'm publishing just the programs and then let the remote app manager make the windows installer file (.msi) for each program and then install that files on the clients.
David Johnson, CD, MVPOwnerCommented:
you will notice that the .msi is really small.. since it really doesn't contain much other than an .rdp file.
per-wAuthor Commented:
I know its small, but is it possible to see the settings on the rdp connection that msi file make? A normal rdp connection can be opened with notepad to see all settings, but not the one that is installed with the msi file.
David Johnson, CD, MVPOwnerCommented:
no since it is a remoteapp not a normal rtp file.
Rob GMicrosoft Systems EngineerCommented:
Just out of curiosity,
You mention you are publishing the connection via MSI file..
But what are you creating the MSI from? and where are you sending it?
Because if you create it in 2k3 and try to launch it on windows 7, you will run into the issue with compatibility.. I wonder if you are using a newer, or older version in the package, vs what is installed on the client. (RDC vs RDP)
per-wAuthor Commented:
The MSI file is created on the  terminalserver that is Windows 2008 R2-64bit and the clients are Windows 7 pro 64-bit.
Rob GMicrosoft Systems EngineerCommented:
Are they both running "kb2592687"?
http://support.microsoft.com/kb/2592687

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
per-wAuthor Commented:
Not on the server and its not enabled on the client. But isnt that only for the clients that should connect to a 2012 server?
per-wAuthor Commented:
it looks like this two updates has something to do with it.
KB2994023
KB2984981
I removed them and then it looks like the problem is gone

Another fine thing is that when i did finde out this i also removed them on other clients/pc that did have another problem like Windows 7 clients couldnt connect to Windows 2012 R2 with RDP. On one place i did have 4 Windows 2012 R2 servers and the Windows 7 client could connect to all four, but 2 weeks ago they couldnt connect to two of them. I then removed KB2994023 and KB2984981 and then they work :-) I tried to remove only one but both must be removed. As soon as i try to install one of them or both they cant RDP in to some of the Windows 2012 R2 serveres.
Rob GMicrosoft Systems EngineerCommented:
Good find!
per-wAuthor Commented:
Rob G put me on the track, when searching on info for the kb2592687 i started to remove/reinstall updates and it seems like the problem is solved for now.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.