Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Windows Server 2012 R2 (TS) connection lost (idle time) after exactly 8 Hours

Posted on 2016-10-19
3
Medium Priority
?
164 Views
Last Modified: 2016-11-09
Dear Experts,

After a lot of googling i am here to ask the experts for this anoying problem regarding session time outs on a specific terminal server.
I have several terminal servers, a connection broker and a remote desktop gateway and offcourse a Domain controller with defined group policy. At first i thought this defined policy was causing the issue.

Set time limit for active but idle Remote Desktop Services sessions = 8 Hours

Which is also configured on the other terminal servers. and dont cause any problem.

I removed this policy, did a gpupdate /force and restarted the terminal server because its a computer policy obviously. :).

Still weird because the user in question is not idle at the time the event takes place.
The event : User gets  logged off after exactly 8 hours. With the notification "session timed out, idle time exceeded"

I have checked the folowing options

- NPS settings on the Remote Desktop Gateway (where no idle time is defined)
- Remote Desktop Gateway Manager, where no policy is defined nor policy folder is visible.
- Local GPedit.msc where the policy is not configured.

I have no idea where to start.

The event viewer shows the following error when the event takes place (exactly 8 hours from start of login)

"Cached User logon fails when LSASRV event 45058 indicates FIFO deletion of cached credential"

Which is quite normal for a terminal server event viewer.

I also created a policy "Configure keep-alive connection interval" keep alive interval = 10

Still i get the disconnects after exact 8 hours...

Any suggestions where to start looking further?
0
Comment
Question by:jav_sevenofnine
  • 2
3 Comments
 
LVL 25

Accepted Solution

by:
Coralon earned 2000 total points (awarded by participants)
ID: 41851302
You do not need to restart the server..   This is generally a machine level setting on the listener.  The important piece of this is that the setting takes effect only at logon.  If you have set the policy after the fact (while someone is online), it does not affect them.  It only affects the *new* connections.

However, there are user settings for the same thing.  The more restrictive settings will take effect (just a matter of which one hits first).  

So,  your first thing to do is run a gpresult for the user on the server.. look and see what policies are taking effect.
Then also, delete the user's profile to make sure it starts clean (or create a new user and test with that).  

Another possibility would be to run procmon in the user's session.. but try to do it when the server is very lightly used (or possibly just have it isolated for just the one user - you don't want to sift through *too* much data)..

Coralon
0
 

Author Comment

by:jav_sevenofnine
ID: 41853351
Hi Carolon,

Thanks for your reply.
As mentioned above i removed the GPO in question. gpupdated the servers and rebooted the terminal server.

But i didn't know the users profile needs to be renewed.
I can try that offcourse.

Thanks i will try and come back at you.
0
 
LVL 25

Expert Comment

by:Coralon
ID: 41880247
No response from user, seems likely that this will have resolved her situation.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The reason that corporations and businesses use Windows servers is because it supports custom modifications to adapt to the business and what it needs. Most individual users won’t need such powerful options. Here I’ll explain how you can enable Wind…
Windows Server 2003 introduced persistent Volume Shadow Copies and made 2003 a must-do upgrade.  Since then, it's been a must-implement feature for all servers doing any kind of file sharing.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question