Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Strange RDP Issues

Posted on 2016-10-13
16
Medium Priority
?
166 Views
Last Modified: 2016-10-19
We have three terminal servers here (all Windows Server 2008 R2).  Starting this past Monday, all 3 have (2 more so than the other) have been having this strange issue where some folks can login, and some folks connect to just a blue screen (no login prompt).  After researching online, I found killing explorer.exe process tree and then re-starting explorer.exe fixes this issue.  While that has worked, there are occasions where I have had to reboot the server entirely (as I've started task manager to kill explorer and it just hangs, nothing happens).  This has been an almost daily occurrence.

Any idea what could be causing this to happen?  Every article I've found shows it as a "one time" bug.
0
Comment
Question by:sbalawajder
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 4
  • 2
  • +2
16 Comments
 
LVL 28

Expert Comment

by:Bill Bach
ID: 41843052
Anything usable in the event logs? I have seen strange issues caused on VMware virtual machines due to a memory leak in vmtools, where the non paged pool was completely used up. When the pool is depleted, all sorts of things go bad.
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 41843185
Is there any pattern? Like always the same users, or at a certain time of day?
0
 

Author Comment

by:sbalawajder
ID: 41843541
Its its own server, not a VM

I honestly dont know what exact time it happens.  the users whom use this server are in Bulgaria.  Monday is was 4am..tuesday was 5...today was 7

I saw these in the event log:

The WinRM service failed to create the following SPNs: WSMAN/WTS2.domain.local; WSMAN/WTS2.

 Additional Data
 The error received was 8344: %%8344.

 User Action
 The SPNs can be created by an administrator using setspn.exe utility.

I also see these:
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CryptSvc service.

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.

The same 2 messages repeat every minute since 5am
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 71

Expert Comment

by:Qlemo
ID: 41843663
WSMan is not related. The Cryptography Service or Network Location Awareness (NLA) service might be.
0
 

Author Comment

by:sbalawajder
ID: 41843695
Im installing some updates and some Microsoft hotfixes that pertain to this issue.  Going to see if those do the trick
0
 
LVL 15

Expert Comment

by:joharder
ID: 41843708
Can you please check your Windows Update logs to see if there were any updates applied just before this happened that may have triggered this issue?  

Also, were any changes made to your WSMAN account, such as modification of privileges?  I'm assuming that this is an administrative service account in your environment.  It's unusual for service accounts to be modified, but if a change was made, that could explain this issue.
0
 
LVL 25

Expert Comment

by:Brian B
ID: 41843736
Try deleting and rebuilding (if required) one of the user profiles that has had a problem and see if that helps.
0
 

Author Comment

by:sbalawajder
ID: 41843816
@Brian B- Its been different users (sometimes they can get in, sometimes they cant)...and its been a universal "when we connect, all we have is a blue screen, no prompt for login"


@Joharder- last time windows updates were installed was back in July- as to why Im installing the new ones as well as a MS Hotfix as we speak
0
 
LVL 25

Expert Comment

by:Brian B
ID: 41844598
Okay thanks for the update. Do you have multiple DCs? Just wondering if the problem is related to a specific DC authenticating.
0
 

Author Comment

by:sbalawajder
ID: 41846702
We have 2 DCs.  One running Server 08 R2 (and where all main roles are), the other is a VM running Win2012

I've narrowed it down to a GPO.  I have disabled all GPOs for the time being...and that seemed to make the issues we were having go away.  Will follow up when I find the exact culprit
0
 
LVL 25

Expert Comment

by:Brian B
ID: 41846766
Thanks for the update. Sounds like process of elimination at this point. If the problem really is random, I can't see where it would be something intentional in a policy. Might be corruption. Please keep us posted.
0
 

Author Comment

by:sbalawajder
ID: 41850283
Update:  Found out we have a tombstoned child domain that is causing NETLOGON issues.

I followed this article: https://support.microsoft.com/en-us/kb/230306

However, when I go remove the child domain, I get this error:

 DsRemoveDsDomainW error 0x2015(The directory service can perform the requested operation only on a leaf object.)
I am unsure of what to do at this point.
0
 
LVL 25

Accepted Solution

by:
Brian B earned 2000 total points
ID: 41850514
I have found that error tends to come up with older articles because the 2003 process is different than 2008. You need to use partition management rather than domain management.

Trying to get an example, I found this article rather than yours: https://support.microsoft.com/en-us/kb/887424
0
 

Author Comment

by:sbalawajder
ID: 41850771
Brian- when I enter domain management, I get "Error parsing input - Invalid syntax"
ntdsutilerror.png
0
 

Author Comment

by:sbalawajder
ID: 41850776
Nevermind me...I used partition management and that worked.

however, when I went to delete, I got that "directory service can perform the requested operation only on a leaf object"
partitionmgmt.png
0
 

Author Comment

by:sbalawajder
ID: 41850839
UPDATE- after further research (https://social.technet.microsoft.com/Forums/windowsserver/en-US/6db4cf74-1e6c-41d9-a4a6-57e0f432fc31/removing-a-orphaned-child-domain-in-w2003-active-directory-ldapdeleteextsw-error-0x42?forum=winserverDS) , I found I had to delete the "domaindnszones, dc=florida" partition first...then I was able to delete the dc=florida one........

And that worked!  Orphaned domain is gone...hopefully taking care of the issues along with it.

Bryan- I will mark your answer as correct as it guided me to where I had to go.  Thanks for all your help
1

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question