?
Solved

Strange RDP Issues

Posted on 2016-10-13
16
Medium Priority
?
152 Views
Last Modified: 2016-10-19
We have three terminal servers here (all Windows Server 2008 R2).  Starting this past Monday, all 3 have (2 more so than the other) have been having this strange issue where some folks can login, and some folks connect to just a blue screen (no login prompt).  After researching online, I found killing explorer.exe process tree and then re-starting explorer.exe fixes this issue.  While that has worked, there are occasions where I have had to reboot the server entirely (as I've started task manager to kill explorer and it just hangs, nothing happens).  This has been an almost daily occurrence.

Any idea what could be causing this to happen?  Every article I've found shows it as a "one time" bug.
0
Comment
Question by:sbalawajder
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 4
  • 2
  • +2
16 Comments
 
LVL 28

Expert Comment

by:Bill Bach
ID: 41843052
Anything usable in the event logs? I have seen strange issues caused on VMware virtual machines due to a memory leak in vmtools, where the non paged pool was completely used up. When the pool is depleted, all sorts of things go bad.
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 41843185
Is there any pattern? Like always the same users, or at a certain time of day?
0
 

Author Comment

by:sbalawajder
ID: 41843541
Its its own server, not a VM

I honestly dont know what exact time it happens.  the users whom use this server are in Bulgaria.  Monday is was 4am..tuesday was 5...today was 7

I saw these in the event log:

The WinRM service failed to create the following SPNs: WSMAN/WTS2.domain.local; WSMAN/WTS2.

 Additional Data
 The error received was 8344: %%8344.

 User Action
 The SPNs can be created by an administrator using setspn.exe utility.

I also see these:
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CryptSvc service.

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.

The same 2 messages repeat every minute since 5am
0
Does Your Cloud Backup Use Blockchain Technology?

Blockchain technology has already revolutionized finance thanks to Bitcoin. Now it's disrupting other areas, including the realm of data protection. Learn how blockchain is now being used to authenticate backup files and keep them safe from hackers.

 
LVL 70

Expert Comment

by:Qlemo
ID: 41843663
WSMan is not related. The Cryptography Service or Network Location Awareness (NLA) service might be.
0
 

Author Comment

by:sbalawajder
ID: 41843695
Im installing some updates and some Microsoft hotfixes that pertain to this issue.  Going to see if those do the trick
0
 
LVL 15

Expert Comment

by:joharder
ID: 41843708
Can you please check your Windows Update logs to see if there were any updates applied just before this happened that may have triggered this issue?  

Also, were any changes made to your WSMAN account, such as modification of privileges?  I'm assuming that this is an administrative service account in your environment.  It's unusual for service accounts to be modified, but if a change was made, that could explain this issue.
0
 
LVL 24

Expert Comment

by:Brian B
ID: 41843736
Try deleting and rebuilding (if required) one of the user profiles that has had a problem and see if that helps.
0
 

Author Comment

by:sbalawajder
ID: 41843816
@Brian B- Its been different users (sometimes they can get in, sometimes they cant)...and its been a universal "when we connect, all we have is a blue screen, no prompt for login"


@Joharder- last time windows updates were installed was back in July- as to why Im installing the new ones as well as a MS Hotfix as we speak
0
 
LVL 24

Expert Comment

by:Brian B
ID: 41844598
Okay thanks for the update. Do you have multiple DCs? Just wondering if the problem is related to a specific DC authenticating.
0
 

Author Comment

by:sbalawajder
ID: 41846702
We have 2 DCs.  One running Server 08 R2 (and where all main roles are), the other is a VM running Win2012

I've narrowed it down to a GPO.  I have disabled all GPOs for the time being...and that seemed to make the issues we were having go away.  Will follow up when I find the exact culprit
0
 
LVL 24

Expert Comment

by:Brian B
ID: 41846766
Thanks for the update. Sounds like process of elimination at this point. If the problem really is random, I can't see where it would be something intentional in a policy. Might be corruption. Please keep us posted.
0
 

Author Comment

by:sbalawajder
ID: 41850283
Update:  Found out we have a tombstoned child domain that is causing NETLOGON issues.

I followed this article: https://support.microsoft.com/en-us/kb/230306

However, when I go remove the child domain, I get this error:

 DsRemoveDsDomainW error 0x2015(The directory service can perform the requested operation only on a leaf object.)
I am unsure of what to do at this point.
0
 
LVL 24

Accepted Solution

by:
Brian B earned 2000 total points
ID: 41850514
I have found that error tends to come up with older articles because the 2003 process is different than 2008. You need to use partition management rather than domain management.

Trying to get an example, I found this article rather than yours: https://support.microsoft.com/en-us/kb/887424
0
 

Author Comment

by:sbalawajder
ID: 41850771
Brian- when I enter domain management, I get "Error parsing input - Invalid syntax"
ntdsutilerror.png
0
 

Author Comment

by:sbalawajder
ID: 41850776
Nevermind me...I used partition management and that worked.

however, when I went to delete, I got that "directory service can perform the requested operation only on a leaf object"
partitionmgmt.png
0
 

Author Comment

by:sbalawajder
ID: 41850839
UPDATE- after further research (https://social.technet.microsoft.com/Forums/windowsserver/en-US/6db4cf74-1e6c-41d9-a4a6-57e0f432fc31/removing-a-orphaned-child-domain-in-w2003-active-directory-ldapdeleteextsw-error-0x42?forum=winserverDS) , I found I had to delete the "domaindnszones, dc=florida" partition first...then I was able to delete the dc=florida one........

And that worked!  Orphaned domain is gone...hopefully taking care of the issues along with it.

Bryan- I will mark your answer as correct as it guided me to where I had to go.  Thanks for all your help
1

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Course of the Month14 days, 18 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question