Server 2012R2 RDP sessions disconnect at periodic intervals

When users get disconnected from a Remote Desktop Server, the cause can be a hundred different things.  Maybe a blip on their internet connection, or a wayward GPO, or incorrect licensing.  Do a quick google search and more than likely you will read 50 different posts with 50 different causes.

A little bit about the RDP environment in question:

All Server 2012 R2, all licensed (windows and RDS CALs, all updated fully, etc)

1 RD Gateway (properly installed certificates)

1 RD Web Access (role installed on same machine as RD Gateway

1 RD Connection Broker

1 RD Session Host in collection

For us, we had a customer who had a seemingly unique problem, with a not so unique symptom.  Users (about 10 total) would get disconnected, one by one, every 700 seconds.  (700 seconds was the time connected in the event log).  Their session would go black and the “Reconnecting…” box would pop up, and then the session would reconnect a couple of seconds later.  This happened to all users every 700 seconds or so, give or take a few seconds. During the time they were connected, there were no problems to report, other than the aforementioned issue.

All users were using different flavors of Windows, 7, 8,8.1 at varying patch levels.  The only unifying characteristic was their LAN.

We could see the event id signaling the disconnects, but just reason codes were given. (which we never found out what they mean). This was the error on the Session host, TerminalServices-LocalSessionManager event id 40

Capture

We could also see the corresponding disconnect messages on the RD Gateway. The session duration always ranged in 700-706 range, for every user. The connection protocol was UDP and sometimes HTTP.   TerminalServices-Gateway event id 303.

Capture2

We eventually made our way to their firewall to look at their rules.  They had a HTTPS proxy rule setup, but it wasn’t really doing anything.   The HTTPS web blocker feature was expired but the rule was still in place.(remember, since we are using a Gateway, RDP goes over port 443 instead of 3389)

And of particular note, in the HTTPS proxy rule, there was a “Idle Timeout Timer” set to 10 minutes.  I removed the rule, and everything is now working!  Sessions can now stay connected longer than 10 minutes at a time.

I figure, 30 some seconds for the firewall to signal the connection is idle, 10 minutes of idle time for disconnect, 30 some seconds for RDP to signal network connectivity lost, and that would roughly equal the 700-706 seconds session duration we were seeing.  Not exact but you see where I’m going with this.

So, if the user was in an active RDP session, why would the firewall treat it as idle?  Well my best guess is this. The gateway (and RDP for that matter) doesn’t use just 1 protocol stream in Server 2012 R2.  It can use a few depending on the version of the client being used.  You can verify this by the monitoring tab in the Remote Desktop Gateway Manager tool on the gateway. Once the connection is made, additional streams are opened and my guess is they were timing out (HTTPS proxy idle). The session then freaks out and the user is disconnected.  Only to be reconnect again and the timer reset.  Without getting into the underbelly and details of the protocol itself, this is my best guesstimate.

The secondary ports that RDP uses is discussed here http://blogs.msdn.com/b/rds/archive/2013/03/14/what-s-new-in-windows-server-2012-remote-desktop-gateway.aspx

I hope this post helps someone along the way, I found a whole bunch of posts out there regarding disconnections.  But most ended up being abandoned or no solution ever found.

Happy troubleshooting!

J

james gonzales / December 2, 2015 / Remote Desktop Services / 0 Comments