This object monitors connections to the Remote Desktop Session Host server.
Users can connect to an RD Session Host server to run programs, save files, and use network resources on that server. When a user disconnects from a session, all processes running in the session, including applications, will continue to run on the RD Session Host server.
The user logon mode on the RD Session Host server can be configured to prevent new user sessions from being created on the RD Session Host server. You might want to prevent new user sessions from being created on the RD Session Host server when you are planning to take the RD Session Host server offline for maintenance or to install new applications.
To resolve this issue, check the event ID, and then view the troubleshooting information for that event in the sections below.
Resolution steps for the following event ID: 1130
To resolve this issue, specify a Remote Desktop license server on the RD Session Host server.
To perform this procedure, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.
To specify a Remote Desktop license server:
1. On the RD Session Host server, open Remote Desktop Session Host Configuration. To open Remote Desktop Session Host Configuration, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Session Host Configuration.
2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.
3. Under Licensing, double-click Remote Desktop license servers.
4. In the Remote Desktop license servers area, click Add.
5. In the License server name or IP address box, type the server name or IP address of the Remote Desktop license server.
6. Click OK, and then click OK again.
Note: You can also specify a Remote Desktop license server on the RD Session Host server by using Group Policy.
To specify a Remote Desktop license server on the RD Session Host server by using Group Policy, enable the Use the specified Remote Desktop license servers Group Policy setting. This Group Policy setting is located in Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing. Note that the Group Policy setting will take precedence over the setting configured in Remote Desktop Session Host Configuration.
To configure the Group Policy setting in Active Directory Domain Services (AD DS), use the Group Policy Management Console (GPMC). To configure the Group Policy setting locally on an RD Session Host server, use the Local Group Policy Editor. For more information about configuring Group Policy settings, see either the Local Group Policy Editor Help ( http://go.microsoft.com/fwlink/?LinkId=143317) or the GPMC Help ( http://go.microsoft.com/fwlink/?LinkId=143867) in the Windows Server 2008 R2 Technical Library.
To resolve this issue, check the event ID, and then view the troubleshooting information for that event in the sections below.
Resolution steps for the following event IDs: 1131
To resolve this issue, identify and fix any network connectivity problems between the RD Session Host server and the Active Directory domain controller by doing the following:
Determine if there is a network connectivity problem by using the ping command.
Perform additional troubleshooting steps, if necessary, to help identify the cause of the problem.
To perform these tasks, refer to the following sections.
Note: The following procedures include steps for using the ping command to perform troubleshooting. Therefore, before performing these steps, check whether the firewall or Internet Protocol security (IPsec) settings on your network allow Internet Control Message Protocol (ICMP) traffic. ICMP is the TCP/IP protocol that is used by the ping command.
To perform these procedures, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.
Determine if there is a network connectivity problem
To determine if there is a network connectivity problem between the RD Session Host server and the domain controller:
1. On the RD Session Host server, click Start, click Run, type cmd, and then click OK.
2. At the command prompt, type ping server_FQDN, where server_FQDN is the fully qualified domain name (FQDN) of the domain controller (for example, server1.contoso.com), and then press ENTER.
If the ping was successful, you will receive a reply similar to the following:
Reply from IP_address: bytes=32 time=3ms TTL=59
Reply from IP_address: bytes=32 time=20ms TTL=59
Reply from IP_address: bytes=32 time=3ms TTL=59
Reply from IP_address: bytes=32 time=6ms TTL=59
3. At the command prompt, type ping IP_address, where IP_address is the IP address of the domain controller, and then press ENTER.
If you can successfully ping the domain controller by IP address, but not by FQDN, this indicates a possible issue with DNS host name resolution.
If you cannot successfully ping the domain controller by IP address, this indicates a possible issue with network connectivity, firewall configuration, or IPsec configuration.
Perform additional troubleshooting steps
The following are some additional troubleshooting steps that you can perform to help identify the root cause of the problem:
Ping other computers on the network to help determine the extent of the network connectivity issue.
If you can ping other servers but not the domain controller, try to ping the domain controller from another computer. If you cannot ping the domain controller from any computer, first ensure that the domain controller is running. If the domain controller is running, check the network settings on the domain controller.
Check the TCP/IP settings on the local computer by doing the following:
1. Click Start, click Run, type cmd, and then click OK.
2. At the command prompt, type ipconfig /all, and then press ENTER. Make sure that the information listed is correct.
3. Type ping localhost to verify that TCP/IP is installed and correctly configured on the local computer. If the ping is unsuccessful, this may indicate a corrupt TCP/IP stack or a problem with your network adapter.
4. Type ping IP_address, where IP_address is the IP address assigned to the computer. If you can ping the localhost address but not the local address, there may be an issue with the routing table or with the network adapter driver.
5. Type ping DNS_server, where DNS_server is the IP address assigned to the DNS server. If there is more than one DNS server on your network, you should ping each one. If you cannot ping the DNS servers, this indicates a potential problem with the DNS servers, or with the network between the computer and the DNS servers.
If the domain controller is on a different subnet, try to ping the default gateway. If you cannot ping the default gateway, this might indicate a problem with the network adapter, the router or gateway device, cabling, or other connectivity hardware.
In Device Manager, check the status of the network adapter. To open Device Manager, click Start, click Run, type devmgmt.msc, and then click OK.
Check network connectivity indicator lights on the computer and at the hub or router. Check network cabling.
Check firewall settings by using the Windows Firewall with Advanced Security snap-in.
Check IPsec settings by using the IP Security Policy Management snap-in.
Resolution steps for the following event IDs:1071
To resolve this issue, configure the RD Session Host server to allow connections by using the chglogon command-line tool.
To perform this procedure, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.
To allow connections:
On the RD Session Host server, open an elevated Command Prompt window. To open an elevated Command Prompt window, click Start, point to All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.
In the elevated Command Prompt window, type chglogon /enable, and then press ENTER.
To resolve this issue, check the event ID, and then view the troubleshooting information for that event in the sections below.
Resolution steps for the following event ID:1041
To resolve this issue, establish a new connection to the RD Session Host server by using a Remote Desktop Protocol (RDP) client such as Remote Desktop Connection.
When a client computer tries to reestablish a remote session with the RD Session Host server after a temporary network interruption, the client computer attempts to authenticate with the RD Session Host server. If the information passed between the client computer and the RD Session Host server to reestablish the connection has become corrupted, the client computer will not be able to reestablish the remote session.
The Remote Desktop Connection client will automatically try to reconnect the remote session with the RD Session Host server if the Reconnect if connection is dropped check box is selected on the Experience tab of the Remote Desktop Connection client.
Important: If there are numerous events in the event log indicating that user authentication failed, it is possible that a malicious attempt is being made to gain access to the RD Session Host server.
To perform this procedure, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.
To check which users are connected to the RD Session Host server:
1. On the RD Session Host server, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Services Manager.
2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.
3. On the Users tab, the users that are connected to the RD Session Host server are listed. Ensure that there are no suspicious accounts listed.
Resolution steps for the following event IDs:1070
To resolve this issue, configure the RD Session Host server to allow new user logons by using Remote Desktop Session Host Configuration.
To perform this procedure, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.
To allow new user logons:
1. On the RD Session Host server, open Remote Desktop Session Host Configuration. To open Remote Desktop Session Host Configuration, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Session Host Configuration.
2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.
3. Under General, double-click User logon mode.
4. Under User logon mode, select Allow all connections, and then click OK.
Resolution steps for the following event ID: 1067
To resolve this issue, manually register the Service Principal Name (SPN) for the RD Session Host server.
Note: Remote Desktop Services attempts to register the SPN every time the computer is started. To register the SPN, the RD Session Host server must be able to contact an Active Directory domain controller. If the SPN is not registered, Kerberos authentication will not be available for client connections. NTLM authentication can be used if it has not been disallowed by the administrator.
To perform this procedure, you must have membership in the Domain Admins group in the domain, or you must have been delegated the appropriate authority.
To register the SPN:
1. On the RD Session Host server, open a Command Prompt window. To open a Command Prompt window, click Start, click Run, type cmd, and then click OK.
2. At the command prompt, type setspn -A hostServicePrincipalName (where host is the name of the RD Session Host server and ServicePrincipal Name is the SPN to register), and then press ENTER.
For example, to register the SPN for Server1, type the following at the command prompt: setspn -A TERMSERV/Server1 Server1
Note: After you have successfully registered the SPN, you might see that Event ID 1067 is still being logged, stating that the RD Session Host server cannot register the SPN. You can ignore Event ID 1067 in those cases.
| Target | Microsoft.Windows.Server.2008R2.RemoteDesktopServicesRole.Service.RDSessionHost | ||
| Parent Monitor | System.Health.AvailabilityState | ||
| Category | Custom | ||
| Enabled | True | ||
| Alert Generate | True | ||
| Alert Severity | MatchMonitorHealth | ||
| Alert Priority | High | ||
| Alert Auto Resolve | True | ||
| Monitor Type | Microsoft.Windows.2SingleEventLogManualReset3StateMonitorType | ||
| Remotable | True | ||
| Accessibility | Public | ||
| Alert Message |
| ||
| RunAs | Default |
Home
ENU <UnitMonitor ID="Microsoft.Windows.Server.RemoteDesktopServices.2008R2.NewUnitMonitor_20" Accessibility="Public" Enabled="true" Target="Microsoft.Windows.Server.2008R2.RemoteDesktopServicesRole.Service.RDSessionHost" ParentMonitorID="SystemHealth!System.Health.AvailabilityState" Remotable="true" Priority="Normal" TypeID="Windows!Microsoft.Windows.2SingleEventLogManualReset3StateMonitorType" ConfirmDelivery="true">
<Category>Custom</Category>
<AlertSettings AlertMessage="Microsoft.Windows.Server.RemoteDesktopServices.2008R2.NewUnitMonitor_20_AlertMessageResourceID">
<AlertOnState>Warning</AlertOnState>
<AutoResolve>true</AutoResolve>
<AlertPriority>High</AlertPriority>
<AlertSeverity>MatchMonitorHealth</AlertSeverity>
<AlertParameters>
<AlertParameter1>$Data/Context/EventDisplayNumber$</AlertParameter1>
<AlertParameter2>$Data/Context/EventDescription$</AlertParameter2>
</AlertParameters>
</AlertSettings>
<OperationalStates>
<OperationalState ID="UIGeneratedOpStateId1717e973f5bc43ea8b8cb92dbcd63db3" MonitorTypeStateID="ManualResetEventRaised" HealthState="Success"/>
<OperationalState ID="UIGeneratedOpStateId6d11c430584b45d18075bd5f42731c70" MonitorTypeStateID="SecondEventRaised" HealthState="Warning"/>
<OperationalState ID="UIGeneratedOpStateId8685b8e0b87740938af4dba98404a0c7" MonitorTypeStateID="FirstEventRaised" HealthState="Error"/>
</OperationalStates>
<Configuration>
<FirstComputerName>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</FirstComputerName>
<FirstLogName>System</FirstLogName>
<FirstExpression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">Microsoft-Windows-TerminalServices-RemoteConnectionManager</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<Or>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">1130</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">1131</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">1067</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</Or>
</Expression>
</And>
</FirstExpression>
<SecondComputerName>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</SecondComputerName>
<SecondLogName>System</SecondLogName>
<SecondExpression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">Microsoft-Windows-TerminalServices-RemoteConnectionManager</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<Or>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">1041</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">1070</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">1071</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</Or>
</Expression>
</And>
</SecondExpression>
</Configuration>
</UnitMonitor>