Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Strange RDP Issues

Posted on 2016-10-13
16
Medium Priority
?
174 Views
Last Modified: 2016-10-19
We have three terminal servers here (all Windows Server 2008 R2).  Starting this past Monday, all 3 have (2 more so than the other) have been having this strange issue where some folks can login, and some folks connect to just a blue screen (no login prompt).  After researching online, I found killing explorer.exe process tree and then re-starting explorer.exe fixes this issue.  While that has worked, there are occasions where I have had to reboot the server entirely (as I've started task manager to kill explorer and it just hangs, nothing happens).  This has been an almost daily occurrence.

Any idea what could be causing this to happen?  Every article I've found shows it as a "one time" bug.
0
Comment
Question by:sbalawajder
  • 8
  • 4
  • 2
  • +2
16 Comments
 
LVL 29

Expert Comment

by:Bill Bach
ID: 41843052
Anything usable in the event logs? I have seen strange issues caused on VMware virtual machines due to a memory leak in vmtools, where the non paged pool was completely used up. When the pool is depleted, all sorts of things go bad.
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 41843185
Is there any pattern? Like always the same users, or at a certain time of day?
0
 

Author Comment

by:sbalawajder
ID: 41843541
Its its own server, not a VM

I honestly dont know what exact time it happens.  the users whom use this server are in Bulgaria.  Monday is was 4am..tuesday was 5...today was 7

I saw these in the event log:

The WinRM service failed to create the following SPNs: WSMAN/WTS2.domain.local; WSMAN/WTS2.

 Additional Data
 The error received was 8344: %%8344.

 User Action
 The SPNs can be created by an administrator using setspn.exe utility.

I also see these:
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CryptSvc service.

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.

The same 2 messages repeat every minute since 5am
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 71

Expert Comment

by:Qlemo
ID: 41843663
WSMan is not related. The Cryptography Service or Network Location Awareness (NLA) service might be.
0
 

Author Comment

by:sbalawajder
ID: 41843695
Im installing some updates and some Microsoft hotfixes that pertain to this issue.  Going to see if those do the trick
0
 
LVL 15

Expert Comment

by:joharder
ID: 41843708
Can you please check your Windows Update logs to see if there were any updates applied just before this happened that may have triggered this issue?  

Also, were any changes made to your WSMAN account, such as modification of privileges?  I'm assuming that this is an administrative service account in your environment.  It's unusual for service accounts to be modified, but if a change was made, that could explain this issue.
0
 
LVL 25

Expert Comment

by:Brian B
ID: 41843736
Try deleting and rebuilding (if required) one of the user profiles that has had a problem and see if that helps.
0
 

Author Comment

by:sbalawajder
ID: 41843816
@Brian B- Its been different users (sometimes they can get in, sometimes they cant)...and its been a universal "when we connect, all we have is a blue screen, no prompt for login"


@Joharder- last time windows updates were installed was back in July- as to why Im installing the new ones as well as a MS Hotfix as we speak
0
 
LVL 25

Expert Comment

by:Brian B
ID: 41844598
Okay thanks for the update. Do you have multiple DCs? Just wondering if the problem is related to a specific DC authenticating.
0
 

Author Comment

by:sbalawajder
ID: 41846702
We have 2 DCs.  One running Server 08 R2 (and where all main roles are), the other is a VM running Win2012

I've narrowed it down to a GPO.  I have disabled all GPOs for the time being...and that seemed to make the issues we were having go away.  Will follow up when I find the exact culprit
0
 
LVL 25

Expert Comment

by:Brian B
ID: 41846766
Thanks for the update. Sounds like process of elimination at this point. If the problem really is random, I can't see where it would be something intentional in a policy. Might be corruption. Please keep us posted.
0
 

Author Comment

by:sbalawajder
ID: 41850283
Update:  Found out we have a tombstoned child domain that is causing NETLOGON issues.

I followed this article: https://support.microsoft.com/en-us/kb/230306

However, when I go remove the child domain, I get this error:

 DsRemoveDsDomainW error 0x2015(The directory service can perform the requested operation only on a leaf object.)
I am unsure of what to do at this point.
0
 
LVL 25

Accepted Solution

by:
Brian B earned 2000 total points
ID: 41850514
I have found that error tends to come up with older articles because the 2003 process is different than 2008. You need to use partition management rather than domain management.

Trying to get an example, I found this article rather than yours: https://support.microsoft.com/en-us/kb/887424
0
 

Author Comment

by:sbalawajder
ID: 41850771
Brian- when I enter domain management, I get "Error parsing input - Invalid syntax"
ntdsutilerror.png
0
 

Author Comment

by:sbalawajder
ID: 41850776
Nevermind me...I used partition management and that worked.

however, when I went to delete, I got that "directory service can perform the requested operation only on a leaf object"
partitionmgmt.png
0
 

Author Comment

by:sbalawajder
ID: 41850839
UPDATE- after further research (https://social.technet.microsoft.com/Forums/windowsserver/en-US/6db4cf74-1e6c-41d9-a4a6-57e0f432fc31/removing-a-orphaned-child-domain-in-w2003-active-directory-ldapdeleteextsw-error-0x42?forum=winserverDS) , I found I had to delete the "domaindnszones, dc=florida" partition first...then I was able to delete the dc=florida one........

And that worked!  Orphaned domain is gone...hopefully taking care of the issues along with it.

Bryan- I will mark your answer as correct as it guided me to where I had to go.  Thanks for all your help
1

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question