Solved

Strange RDP Issues

Posted on 2016-10-13
16
83 Views
Last Modified: 2016-10-19
We have three terminal servers here (all Windows Server 2008 R2).  Starting this past Monday, all 3 have (2 more so than the other) have been having this strange issue where some folks can login, and some folks connect to just a blue screen (no login prompt).  After researching online, I found killing explorer.exe process tree and then re-starting explorer.exe fixes this issue.  While that has worked, there are occasions where I have had to reboot the server entirely (as I've started task manager to kill explorer and it just hangs, nothing happens).  This has been an almost daily occurrence.

Any idea what could be causing this to happen?  Every article I've found shows it as a "one time" bug.
0
Comment
Question by:sbalawajder
  • 8
  • 4
  • 2
  • +2
16 Comments
 
LVL 28

Expert Comment

by:Bill Bach
Comment Utility
Anything usable in the event logs? I have seen strange issues caused on VMware virtual machines due to a memory leak in vmtools, where the non paged pool was completely used up. When the pool is depleted, all sorts of things go bad.
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
Is there any pattern? Like always the same users, or at a certain time of day?
0
 

Author Comment

by:sbalawajder
Comment Utility
Its its own server, not a VM

I honestly dont know what exact time it happens.  the users whom use this server are in Bulgaria.  Monday is was 4am..tuesday was 5...today was 7

I saw these in the event log:

The WinRM service failed to create the following SPNs: WSMAN/WTS2.domain.local; WSMAN/WTS2.

 Additional Data
 The error received was 8344: %%8344.

 User Action
 The SPNs can be created by an administrator using setspn.exe utility.

I also see these:
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CryptSvc service.

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.

The same 2 messages repeat every minute since 5am
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
WSMan is not related. The Cryptography Service or Network Location Awareness (NLA) service might be.
0
 

Author Comment

by:sbalawajder
Comment Utility
Im installing some updates and some Microsoft hotfixes that pertain to this issue.  Going to see if those do the trick
0
 
LVL 15

Expert Comment

by:joharder
Comment Utility
Can you please check your Windows Update logs to see if there were any updates applied just before this happened that may have triggered this issue?  

Also, were any changes made to your WSMAN account, such as modification of privileges?  I'm assuming that this is an administrative service account in your environment.  It's unusual for service accounts to be modified, but if a change was made, that could explain this issue.
0
 
LVL 23

Expert Comment

by:Brian B
Comment Utility
Try deleting and rebuilding (if required) one of the user profiles that has had a problem and see if that helps.
0
 

Author Comment

by:sbalawajder
Comment Utility
@Brian B- Its been different users (sometimes they can get in, sometimes they cant)...and its been a universal "when we connect, all we have is a blue screen, no prompt for login"


@Joharder- last time windows updates were installed was back in July- as to why Im installing the new ones as well as a MS Hotfix as we speak
0
Are your corporate email signatures appalling?

Is it scary how unprofessional your email signatures look? Do users create their own terrible designs and give themselves stupid job titles? You can make this a lot easier for yourself by choosing an email signature management solution from Exclaimer today.

 
LVL 23

Expert Comment

by:Brian B
Comment Utility
Okay thanks for the update. Do you have multiple DCs? Just wondering if the problem is related to a specific DC authenticating.
0
 

Author Comment

by:sbalawajder
Comment Utility
We have 2 DCs.  One running Server 08 R2 (and where all main roles are), the other is a VM running Win2012

I've narrowed it down to a GPO.  I have disabled all GPOs for the time being...and that seemed to make the issues we were having go away.  Will follow up when I find the exact culprit
0
 
LVL 23

Expert Comment

by:Brian B
Comment Utility
Thanks for the update. Sounds like process of elimination at this point. If the problem really is random, I can't see where it would be something intentional in a policy. Might be corruption. Please keep us posted.
0
 

Author Comment

by:sbalawajder
Comment Utility
Update:  Found out we have a tombstoned child domain that is causing NETLOGON issues.

I followed this article: https://support.microsoft.com/en-us/kb/230306

However, when I go remove the child domain, I get this error:

 DsRemoveDsDomainW error 0x2015(The directory service can perform the requested operation only on a leaf object.)
I am unsure of what to do at this point.
0
 
LVL 23

Accepted Solution

by:
Brian B earned 500 total points
Comment Utility
I have found that error tends to come up with older articles because the 2003 process is different than 2008. You need to use partition management rather than domain management.

Trying to get an example, I found this article rather than yours: https://support.microsoft.com/en-us/kb/887424
0
 

Author Comment

by:sbalawajder
Comment Utility
Brian- when I enter domain management, I get "Error parsing input - Invalid syntax"
ntdsutilerror.png
0
 

Author Comment

by:sbalawajder
Comment Utility
Nevermind me...I used partition management and that worked.

however, when I went to delete, I got that "directory service can perform the requested operation only on a leaf object"
partitionmgmt.png
0
 

Author Comment

by:sbalawajder
Comment Utility
UPDATE- after further research (https://social.technet.microsoft.com/Forums/windowsserver/en-US/6db4cf74-1e6c-41d9-a4a6-57e0f432fc31/removing-a-orphaned-child-domain-in-w2003-active-directory-ldapdeleteextsw-error-0x42?forum=winserverDS) , I found I had to delete the "domaindnszones, dc=florida" partition first...then I was able to delete the dc=florida one........

And that worked!  Orphaned domain is gone...hopefully taking care of the issues along with it.

Bryan- I will mark your answer as correct as it guided me to where I had to go.  Thanks for all your help
1

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Remote Desktop Shadowing often has a lot of benefits. When helping end users determine problems, it is much easier to see what is going on, what is being slecected and what is being clicked on. While the industry has many products to help with this,…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now