Remote Desktop Services Restrict Single Session


I Deployed a RDS-Farm with 3 Servers (2012R2) where multiple users use remoteapps, webapps and remotedesktop to connect to the RDS-Farm.
And there we have a strange issue with the Single Sessions Restriction.

I created a GPO for the Servers with the Policy  "Restrict Remote Desktop Services users to a single Remote Desktop Services session" which i have enabled  to force single session per User.

If now a User connect over remoteapps he will connect to (example) session 1 on Server 1. Okay now if the same user connect over webapps he will be connected to the same session. But if the user connect over remotedesktop (rdp) he will be connected to a other session on a other Server and there is the Problem if he connect with a other session on a other Server he will use Temp. profiles.

I would like to force single session for the users, never mind with Connection method they use.

Maybe someone knows how i could do this.

Thanks in advance for all help.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chris HInfrastructure ManagerCommented:
The remoteapps server creates a headless session for that user which you can't connect to outside of the presented remote app.  You still have an open session to interact with other applicatoins, but this is different than a remote desktop session.


The behavior you are seeing is expected and cannot be changed.  What you can do is configure your server so that disconnected RemoteApp sessions are ended automatically using group policy setting Set time limit for logoff of RemoteApp sessions.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Cliff GaliherCommented:
Unfortunately you can't do what you want the way you are trying to do it.  If you allow users to connect directly using RDC then the policy you are setting is only getting enforced by that server. It has no way to check and see if the user has already logged on with another server, so you can't do a global policy like that.  

In 2012, Microsoft has really gone away from even having users fire up RDC at all though. The "apps" in the various app stores (google play, Apple store, etc) as well as the win8/10 app, as well as the RDWeb interface for older clients (XP-Win7) all rely on connecting to the RD Connection Broker first. This ensures session affinity and resolves all of your problems in one fell swoop. The RDCB will redirect to the existing session and that machine will enforce the policy.  This is the modern architecture and Microsoft has orchestrated *everything* around it.  

So short answer? Don't deploy files that use RDC directly. Don't give out information with machine name so users can do it manually. Have them use the modern apps (which pull the XML data from RDWeb) or have them use RDWeb. Then they will always be going through RDCB as intended.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.