Can't connect to RDS host without any obvious error

Alexandre Takacs
Alexandre Takacs used Ask the Experts™
on
Since installing the latest WU (Dec 2019) on both our Server 2012 R2 RDS Host and WIn10 LSTC client machines we can not anymore connect to our remote desktop server.

The client tries to connect, mulls for a while with the infamous "securing remote connexion" message and eventually throws up an error "This computer can't connect to the remote computer" (without any indication as of why).

Event log on both client and server don't show anything. Using MacOS client it fails after "detecting Network Quality" with error 0x7

It is possibéle to connect as an administrator to the console session (mstsc /admin) but not to a "normal" session, be it as an admin or user.

Although not 100% certain this seems very much to have started since the deployment of the latest windows updates.

Worth noting: we are connecting via direct internal LAN IP (not FQDN). If it is a certificate issue it might be relevant. Still, I would expect some sort of log showing the issue.

Any suggestion is most welcome!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Author

Commented:
Further update - digging a little more into the logs I see these warnings (not sure they are anyhow relevant)

Log Name:      Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational
Source:        Microsoft-Windows-RemoteDesktopServices-RdpCoreTS
Date:          12.12.2019 02:49:46
Event ID:      101
Task Category: RemoteFX module
Level:         Warning
Keywords:      
User:          NETWORK SERVICE
Computer:      RD-SX-02.domain.local
Description:
The network characteristics detection function has been disabled because of Reason Code: 2(Server Configuration).

Open in new window


(update)

Still more digging - I am now seeing something more relevant (not sure how I missed it so far) in the server manager / RDS services / Events:

Remote Desktop Connection Broker Client failed while getting redirection packet from Connection Broker.
User : domain\someuser 
Error: Element not found. 

Remote Desktop Connection Broker Client failed to redirect the user User : domain\someuser 
Error: NULL

Remote Desktop Connection Broker Client failed while getting redirection packet from Connection Broker.
User : domain\someuser 
Error: Element not found. 

Open in new window


Not sure what to make of it...
Iamthecreator OMIT/EE Solution Guide

Commented:
Question: Are you trying to connect over Wifi?

Author

Commented:
Nope. LAN
There is a vpn tunnel between the office LAN and the datacenter but I'd be surprised it is the issue. What do you have in mind?
11/26 Forrester Webinar: Savings for Enterprise

How can your organization benefit from savings just by replacing your legacy backup solutions with Acronis' #CyberProtection? Join Forrester's Joe Branca and Ryan Davis from Acronis live as they explain how you can too.

Is this a single server with all roles installed, or do you have separate session hosts and connection broker and/or gateway ?

Author

Commented:
We have separate servers - two session hosts one connexion broker and one gateway
If I understand you correctly, people conect to the gateway by IP address.

I would always suggest that valid certificates were used, and hostnames were used. For small deploytments such as this, I would also suggest that the gateway and connection brtoker were on the same server, having them on two hosts adds an additional point of failure...

I would suggest checking that none of the hosts has an expired certificate that is used by RDS, that time is accurate on all four RDS servers

All hosts in a domain should be using time from the domain, and the domain controllers should be getting time from "external" sources (which could be internal GPS).

I presume that you have checked that all appropriate services are running on all of the servers, and you have tried rebooting all of the servers.

I would suggest testing to see if a normal user account can connect to each session host directly by IP address or hostname.

Author

Commented:
Hi

Well after rebooting the whole infra "users" can now login ! Go figure...
in which case, I would guess that there was a stopped service

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial