Troubleshooting Remote Desktop Event ID 20499: User Configuration Loading Delay in RDS


6 views

When working with Remote Desktop Services (RDS) on Windows Server 2012 R2, you might encounter Event ID 20499 in the TerminalServices-RemoteConnectionManager logs. The specific error message indicates:

Remote Desktop Services has taken too long to load the user configuration 
from server \\server.domain.home for user administrator

Interestingly, this warning appears even when there are no visible connection issues, particularly when dealing with local machine accounts.

The warning triggers when RDS attempts to load user configuration settings from a specified network location (in this case \\server.domain.home) but encounters delays beyond the expected timeout period. Several factors contribute to this:

  • Network latency or temporary connectivity issues
  • DNS resolution problems for the specified server
  • Group Policy processing delays
  • Local profile vs. roaming profile conflicts

The warning persists with local administrator accounts because Windows still checks for potential roaming profile configurations. The system follows this sequence:

  1. Checks local profile path first
  2. Attempts to contact any configured roaming profile servers
  3. Processes Group Policy settings

Here's a PowerShell snippet to check profile configuration:

Get-CimInstance -ClassName Win32_UserProfile | 
Where-Object { $_.LocalPath -like "*Administrator*" } |
Select-Object LocalPath, Loaded, RoamingConfigured, RoamingPath

Network Configuration Check:

Test-NetConnection -ComputerName server.domain.home -Port 445
Resolve-DnsName server.domain.home

Group Policy Adjustment:
Navigate to Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles and configure "Set time limit for active but idle Remote Desktop Services sessions".

Registry Modification:
To increase the timeout threshold:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server" 
-Name "UserConfigTimeout" -Value 60000 -Type DWord

Implement more detailed logging with PowerShell:

$LogName = "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational"
Get-WinEvent -LogName $LogName -MaxEvents 100 | 
Where-Object { $_.Id -eq 20499 } |
Format-List TimeCreated, Message

Consider implementing a custom event watcher:

$Query = @"
<QueryList>
  <Query Id="0" Path="Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational">
    <Select Path="Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational">
      *[System[EventID=20499]]
    </Select>
  </Query>
</QueryList>
"@
Register-WinEvent -Query $Query -Action { Write-Host "Event 20499 detected" -ForegroundColor Red }

While monitoring a Windows Server 2012 R2 system, I encountered Event ID 20499 in the TerminalServices-RemoteConnectionManager log with the message:

Remote Desktop Services has taken too long to load the user configuration from server \\server.domain.home for user administrator

What makes this particularly puzzling is that everything appears to function normally - RDP connections work, user profiles load, and there are no visible performance issues. This suggests the system is falling back to local configurations when the domain retrieval times out.

The warning triggers when RDS fails to retrieve user configuration within the expected timeframe (typically 60 seconds). Even though you're using a local administrator account, Windows still attempts to:

  • Check domain controllers for potential Group Policy Objects (GPOs)
  • Verify roaming profile availability
  • Load any domain-specific user configurations

Here's a PowerShell snippet to check the exact timeout value:

Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" -Name "UserConfigDelay" -ErrorAction SilentlyContinue

Several networking elements could contribute to this timeout:

  1. DNS resolution delays for the domain controller
  2. Network latency between the RDP host and domain controllers
  3. Firewall rules interfering with the connection attempt

To test basic connectivity:

Test-NetConnection -ComputerName server.domain.home -Port 445
Test-Path -Path "\\server.domain.home\NETLOGON"

For environments where this warning is benign but undesirable, you can modify registry settings:

# Increase the timeout threshold (value in milliseconds)
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" -Name "UserConfigDelay" -Value 120000

# Disable the check entirely (not recommended for domain environments)
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" -Name "UserConfigDelay" -Value 0

While often harmless for local accounts, this warning could indicate serious issues when:

  • Domain-joined users experience profile loading delays
  • Group Policy processing fails for domain accounts
  • Roaming profiles fail to load properly

For comprehensive troubleshooting, collect these logs:

wevtutil qe Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational /f:text
wevtutil qe Microsoft-Windows-GroupPolicy/Operational /f:text