When dealing with RDP connectivity issues on Windows Server 2008 R2, the pattern you're describing suggests either an authentication subsystem problem or session management failure. The immediate session termination after successful initial connections typically indicates one of these scenarios:
// Common RDP failure sequence pattern:
1. Initial successful connection (1-3 times)
2. Subsequent attempts fail with:
- First attempt: Immediate session termination
- Following attempts: Timeout errors for 10-20 minutes
- Then cycles back to immediate termination
Based on the symptoms, we should examine these critical components:
Terminal Services Configuration
The fact that tech support can "fix" it by console login suggests session management issues. Check these registry settings (backup first!):
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server]
"fDenyTSConnections"=dword:00000000
"MaxInstanceCount"=dword:ffffffff
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]
"MaxConnectionTime"=dword:00000000
"MaxDisconnectionTime"=dword:00000000
"MaxIdleTime"=dword:00000000
Authentication and Security Logs
When you regain access, immediately check these event logs using PowerShell:
Get-EventLog -LogName Security -InstanceId 4625 -After (Get-Date).AddHours(-1) |
Format-List -Property *
Also examine TerminalServices-LocalSessionManager logs:
Get-WinEvent -LogName "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational" |
Where-Object {$_.TimeCreated -gt (Get-Date).AddHours(-2)} |
Format-Table -AutoSize
Reset RDP Components
Try completely resetting the RDP stack:
# Stop services
Stop-Service TermService -Force
Stop-Service UmRdpService -Force
# Reset configuration
tskill /A /IM rdpclip.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
# Restart services
Start-Service TermService
Start-Service UmRdpService
Certificate and Encryption Issues
RDP encryption issues can cause immediate disconnections. Check your certificate binding:
$cert = Get-ChildItem -Path Cert:\LocalMachine\Remote Desktop |
Where-Object {$_.HasPrivateKey -eq $true}
if ($cert) {
$thumbprint = $cert.Thumbprint
$path = "IIS:\SslBindings\0.0.0.0!3389"
if (-not (Get-Item $path -ErrorAction SilentlyContinue)) {
New-Item -Path $path -Thumbprint $thumbprint -SSLFlags 1
}
}
Network Level Authentication (NLA)
Try disabling NLA temporarily as a test:
Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "UserAuthentication" -Value 0
Session Broker Cleanup
Sometimes orphaned sessions cause issues. Clean them up:
qwinsta /server:localhost
rwinsta /server:localhost {sessionID}
Port Exhaustion Check
Verify TCP port exhaustion isn't occurring:
netstat -ano | findstr 3389
netsh int ipv4 show dynamicport tcp
When working with my Windows Server 2008 R2 VPS, I encountered a peculiar RDP behavior that might sound familiar to many sysadmins:
- Successful initial connections (2-3 sessions)
- Sudden failure with "Your Remote Desktop session has ended"
- Subsequent timeout errors for 10-20 minutes
- Complete lockout until console intervention
First, let's confirm the basic RDP setup is correct through PowerShell:
# Check RDP service status
Get-Service TermService | Select-Object Status, StartType
# Verify firewall rules
netsh advfirewall firewall show rule name="Remote Desktop" dir=in
# Confirm network level authentication setting
(Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp").UserAuthentication
The event logs reveal authentication failures during connection attempts. Here's how to extract relevant events:
# Query security event logs for failed logins
Get-EventLog -LogName Security -InstanceId 4625 -After (Get-Date).AddHours(-1) |
Select-Object TimeGenerated,Message | Format-List
# Check Terminal Services logs
Get-WinEvent -LogName "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational" -MaxEvents 20 |
Where-Object {$_.Id -in (21,22,23,24,25)} | Format-Table -AutoSize
Windows Server 2008 R2 has known session management quirks. Try these commands to reset sessions:
# List all active sessions
query session /server:localhost
# Reset stuck sessions
Reset-Session -ServerName localhost -SessionId 1
# Alternative method using tscon
tscon 1 /dest:console
These registry modifications often help stabilize RDP connections:
# Enable KeepAlives
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server" -Name "KeepAliveEnable" -Value 1
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server" -Name "KeepAliveInterval" -Value 1
# Increase connection timeout
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" -Name "MaxConnectionTime" -Value 0
# Disable session limit
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" -Name "MaxDisconnectionTime" -Value 0
Sometimes the issue stems from network components. Consider these adjustments:
# Disable TCP Chimney Offload
netsh int tcp set global chimney=disabled
# Disable RSS (Receive Side Scaling)
netsh int tcp set global rss=disabled
# Adjust RDP port if needed (remember to update firewall)
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "PortNumber" -Value 33890
While troubleshooting, these alternatives can maintain access:
# Enable PowerShell Remoting
Enable-PSRemoting -Force
# Create basic web-based management (requires IIS)
Add-WindowsFeature Web-Mgmt-Service
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WebManagement\Server" -Name "EnableRemoteManagement" -Value 1