How to Prevent Automatic RDP Session Disconnection in Windows Server 2008/2003 Environments


2 views

As a sysadmin working with Windows Server 2008 (and potentially 2003) environments, I've encountered the annoying behavior where Remote Desktop Protocol (RDP) sessions automatically disconnect after a period of inactivity. This becomes particularly problematic when:

  • Running long batch processes or file transfers
  • Compiling large codebases
  • Performing database maintenance operations
  • Keeping development environments active

The automatic logoff behavior typically stems from these configuration areas:

1. Group Policy Settings (GPO)
2. Local Security Policy
3. Terminal Services Configuration
4. Registry Settings

Before making changes, verify your current session settings with this PowerShell command:

Get-CimInstance -ClassName Win32_TSGeneralSetting -Namespace root\cimv2\terminalservices |
Select-Object TerminalName, IdleSessionLimit, BrokenConnectionTimeout, ConnectionTimeout

The most common fix involves modifying these GPO settings (Computer Configuration → Policies → Administrative Templates → Windows Components → Remote Desktop Services → Remote Desktop Session Host → Session Time Limits):

  • Set time limit for active but idle Remote Desktop Services sessions → Disabled
  • Set time limit for disconnected sessions → Set to "Never"
  • End session when time limits are reached → Disabled

For environments without Group Policy management, modify these registry keys:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]
"MaxDisconnectionTime"=dword:00000000
"MaxIdleTime"=dword:00000000
"KeepAliveTimeout"=dword:000927c0

For server farms, implement this PowerShell script to standardize settings:

# Configure RDP session timeouts
$regPath = "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp"

# Disable session time limits
Set-ItemProperty -Path $regPath -Name "MaxDisconnectionTime" -Value 0
Set-ItemProperty -Path $regPath -Name "MaxIdleTime" -Value 0

# Set keep-alive to 10 minutes (600000 milliseconds)
Set-ItemProperty -Path $regPath -Name "KeepAliveTimeout" -Value 600000

# Restart Remote Desktop Services to apply changes
Restart-Service TermService -Force

Consider these complementary configurations:

  1. Enable persistent bitmap caching in RDP client settings
  2. Configure network-level keep-alives (TCP/IP stack tuning)
  3. Implement QoS policies for RDP traffic
  4. Use RDP Shortpath for public networks when available

If issues persist after configuration changes:

1. Verify GPO application with gpresult /h report.html
2. Check Event Viewer for TerminalServices-* logs
3. Test with different network conditions
4. Verify no conflicting settings in Local Security Policy
5. Check for third-party security software interference

When working remotely via Remote Desktop Protocol (RDP) on Windows Server 2008 (and potentially 2003), many administrators encounter an annoying issue: active sessions get automatically terminated after a period of inactivity. This becomes particularly problematic when:

  • Running long batch processes or file transfers
  • Executing database maintenance tasks
  • Performing software installations
  • Running compilation jobs

The automatic disconnection is typically governed by three main settings:

1. Group Policy settings
2. Local server policies
3. RDP session timeout configurations

To check and modify these settings through Group Policy:

gpedit.msc → Computer Configuration → Administrative Templates → Windows Components → Remote Desktop Services → Remote Desktop Session Host → Session Time Limits

Key policies to examine:

  • "Set time limit for disconnected sessions"
  • "Set time limit for active but idle Remote Desktop Services sessions"
  • "Set time limit for logoff of RemoteApp sessions"

For servers not using Group Policy, you can modify these registry values:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server]
"fResetBroken"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]
"MaxDisconnectionTime"=dword:00000000
"MaxIdleTime"=dword:00000000

For managing multiple servers, use this PowerShell script:

# Disable RDP session timeouts across multiple servers
$servers = "SERVER1","SERVER2","SERVER3"

foreach ($server in $servers) {
    Invoke-Command -ComputerName $server -ScriptBlock {
        Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server" -Name "fResetBroken" -Value 0
        Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "MaxDisconnectionTime" -Value 0
        Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "MaxIdleTime" -Value 0
    }
}

When you can't modify server settings, consider these client-side workarounds:

  1. Run a continuous ping to maintain network activity: 
    ping -t server.name
  2. Use a simple VBScript to simulate activity: 
    Set wshShell = CreateObject("WScript.Shell")
Do While True
    wshShell.SendKeys("{SCROLLLOCK 2}")
    WScript.Sleep(300000) ' 5 minutes
Loop

Before disabling timeouts completely, remember:

  • Session timeouts serve security purposes
  • Consider implementing alternative security measures
  • Document any changes made for audit purposes
  • Test changes in non-production environments first