Solved

Strange RDP Issues

Posted on 2016-10-13
16
138 Views
Last Modified: 2016-10-19
We have three terminal servers here (all Windows Server 2008 R2).  Starting this past Monday, all 3 have (2 more so than the other) have been having this strange issue where some folks can login, and some folks connect to just a blue screen (no login prompt).  After researching online, I found killing explorer.exe process tree and then re-starting explorer.exe fixes this issue.  While that has worked, there are occasions where I have had to reboot the server entirely (as I've started task manager to kill explorer and it just hangs, nothing happens).  This has been an almost daily occurrence.

Any idea what could be causing this to happen?  Every article I've found shows it as a "one time" bug.
0
Comment
Question by:sbalawajder
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 4
  • 2
  • +2
16 Comments
 
LVL 28

Expert Comment

by:Bill Bach
ID: 41843052
Anything usable in the event logs? I have seen strange issues caused on VMware virtual machines due to a memory leak in vmtools, where the non paged pool was completely used up. When the pool is depleted, all sorts of things go bad.
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 41843185
Is there any pattern? Like always the same users, or at a certain time of day?
0
 

Author Comment

by:sbalawajder
ID: 41843541
Its its own server, not a VM

I honestly dont know what exact time it happens.  the users whom use this server are in Bulgaria.  Monday is was 4am..tuesday was 5...today was 7

I saw these in the event log:

The WinRM service failed to create the following SPNs: WSMAN/WTS2.domain.local; WSMAN/WTS2.

 Additional Data
 The error received was 8344: %%8344.

 User Action
 The SPNs can be created by an administrator using setspn.exe utility.

I also see these:
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CryptSvc service.

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.

The same 2 messages repeat every minute since 5am
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 70

Expert Comment

by:Qlemo
ID: 41843663
WSMan is not related. The Cryptography Service or Network Location Awareness (NLA) service might be.
0
 

Author Comment

by:sbalawajder
ID: 41843695
Im installing some updates and some Microsoft hotfixes that pertain to this issue.  Going to see if those do the trick
0
 
LVL 15

Expert Comment

by:joharder
ID: 41843708
Can you please check your Windows Update logs to see if there were any updates applied just before this happened that may have triggered this issue?  

Also, were any changes made to your WSMAN account, such as modification of privileges?  I'm assuming that this is an administrative service account in your environment.  It's unusual for service accounts to be modified, but if a change was made, that could explain this issue.
0
 
LVL 24

Expert Comment

by:Brian B
ID: 41843736
Try deleting and rebuilding (if required) one of the user profiles that has had a problem and see if that helps.
0
 

Author Comment

by:sbalawajder
ID: 41843816
@Brian B- Its been different users (sometimes they can get in, sometimes they cant)...and its been a universal "when we connect, all we have is a blue screen, no prompt for login"


@Joharder- last time windows updates were installed was back in July- as to why Im installing the new ones as well as a MS Hotfix as we speak
0
 
LVL 24

Expert Comment

by:Brian B
ID: 41844598
Okay thanks for the update. Do you have multiple DCs? Just wondering if the problem is related to a specific DC authenticating.
0
 

Author Comment

by:sbalawajder
ID: 41846702
We have 2 DCs.  One running Server 08 R2 (and where all main roles are), the other is a VM running Win2012

I've narrowed it down to a GPO.  I have disabled all GPOs for the time being...and that seemed to make the issues we were having go away.  Will follow up when I find the exact culprit
0
 
LVL 24

Expert Comment

by:Brian B
ID: 41846766
Thanks for the update. Sounds like process of elimination at this point. If the problem really is random, I can't see where it would be something intentional in a policy. Might be corruption. Please keep us posted.
0
 

Author Comment

by:sbalawajder
ID: 41850283
Update:  Found out we have a tombstoned child domain that is causing NETLOGON issues.

I followed this article: https://support.microsoft.com/en-us/kb/230306

However, when I go remove the child domain, I get this error:

 DsRemoveDsDomainW error 0x2015(The directory service can perform the requested operation only on a leaf object.)
I am unsure of what to do at this point.
0
 
LVL 24

Accepted Solution

by:
Brian B earned 500 total points
ID: 41850514
I have found that error tends to come up with older articles because the 2003 process is different than 2008. You need to use partition management rather than domain management.

Trying to get an example, I found this article rather than yours: https://support.microsoft.com/en-us/kb/887424
0
 

Author Comment

by:sbalawajder
ID: 41850771
Brian- when I enter domain management, I get "Error parsing input - Invalid syntax"
ntdsutilerror.png
0
 

Author Comment

by:sbalawajder
ID: 41850776
Nevermind me...I used partition management and that worked.

however, when I went to delete, I got that "directory service can perform the requested operation only on a leaf object"
partitionmgmt.png
0
 

Author Comment

by:sbalawajder
ID: 41850839
UPDATE- after further research (https://social.technet.microsoft.com/Forums/windowsserver/en-US/6db4cf74-1e6c-41d9-a4a6-57e0f432fc31/removing-a-orphaned-child-domain-in-w2003-active-directory-ldapdeleteextsw-error-0x42?forum=winserverDS) , I found I had to delete the "domaindnszones, dc=florida" partition first...then I was able to delete the dc=florida one........

And that worked!  Orphaned domain is gone...hopefully taking care of the issues along with it.

Bryan- I will mark your answer as correct as it guided me to where I had to go.  Thanks for all your help
1

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Here's a look at newsworthy articles and community happenings during the last month.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question