?
Solved

Windows Server 2012 R2 (TS) connection lost (idle time) after exactly 8 Hours

Posted on 2016-10-19
3
Medium Priority
?
100 Views
Last Modified: 2016-11-09
Dear Experts,

After a lot of googling i am here to ask the experts for this anoying problem regarding session time outs on a specific terminal server.
I have several terminal servers, a connection broker and a remote desktop gateway and offcourse a Domain controller with defined group policy. At first i thought this defined policy was causing the issue.

Set time limit for active but idle Remote Desktop Services sessions = 8 Hours

Which is also configured on the other terminal servers. and dont cause any problem.

I removed this policy, did a gpupdate /force and restarted the terminal server because its a computer policy obviously. :).

Still weird because the user in question is not idle at the time the event takes place.
The event : User gets  logged off after exactly 8 hours. With the notification "session timed out, idle time exceeded"

I have checked the folowing options

- NPS settings on the Remote Desktop Gateway (where no idle time is defined)
- Remote Desktop Gateway Manager, where no policy is defined nor policy folder is visible.
- Local GPedit.msc where the policy is not configured.

I have no idea where to start.

The event viewer shows the following error when the event takes place (exactly 8 hours from start of login)

"Cached User logon fails when LSASRV event 45058 indicates FIFO deletion of cached credential"

Which is quite normal for a terminal server event viewer.

I also created a policy "Configure keep-alive connection interval" keep alive interval = 10

Still i get the disconnects after exact 8 hours...

Any suggestions where to start looking further?
0
Comment
Question by:jav_sevenofnine
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 25

Accepted Solution

by:
Coralon earned 2000 total points (awarded by participants)
ID: 41851302
You do not need to restart the server..   This is generally a machine level setting on the listener.  The important piece of this is that the setting takes effect only at logon.  If you have set the policy after the fact (while someone is online), it does not affect them.  It only affects the *new* connections.

However, there are user settings for the same thing.  The more restrictive settings will take effect (just a matter of which one hits first).  

So,  your first thing to do is run a gpresult for the user on the server.. look and see what policies are taking effect.
Then also, delete the user's profile to make sure it starts clean (or create a new user and test with that).  

Another possibility would be to run procmon in the user's session.. but try to do it when the server is very lightly used (or possibly just have it isolated for just the one user - you don't want to sift through *too* much data)..

Coralon
0
 

Author Comment

by:jav_sevenofnine
ID: 41853351
Hi Carolon,

Thanks for your reply.
As mentioned above i removed the GPO in question. gpupdated the servers and rebooted the terminal server.

But i didn't know the users profile needs to be renewed.
I can try that offcourse.

Thanks i will try and come back at you.
0
 
LVL 25

Expert Comment

by:Coralon
ID: 41880247
No response from user, seems likely that this will have resolved her situation.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The following article is comprised of the pearls we have garnered deploying virtualization solutions since Virtual Server 2005 and subsequent 2008 RTM+ Hyper-V in standalone and clustered environments.
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question