Here is a weird one that I am seeing with RDP on Windows 2008. Remote Desktop Services is running on the server and the port is open (3389) You can connect to the server and enter your AD credentials, and then it tries to show you the desktop and sure enough claims there is a network error and kicks you out.
I Have checked the following. 1) Network settings on NIC (In Network Fault Tolerant Pair, how its always configured) no errors seen. 2) Negoiate is set for the session security 3) RDP Services has been recycled numerous times.(At least 5) 4) Check to make sure the account logging in with didn't have a specific program to run at login and showed it to always show desktop Still get Event ID 7034 with Remote Desktop Services. Any ideas? Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: kz2...@googlemail.com [mailto:kz2...@googlemail.com] Sent: Friday, February 22, 2013 5:43 PM To: NT System Admin Issues Subject: Re: Remote Desktop Server (Formerly known as Terminal Server) Not that easy with published apps to be fair, and apps that don't exit properly at some times. Some users have published apps with local file associations, some users have a blend of streamed, local and remote apps. And sometimes you can end up with disconnected sessions the users are unaware of in a big and/or complicated environment. Cheers, JR Sent from my Blackberry, which may be an antique but delivers email RELIABLY ________________________________ From: Ken Cornetet <ken.corne...@kimball.com<mailto:ken.corne...@kimball.com>> Date: Fri, 22 Feb 2013 17:28:53 -0500 To: NT System Admin Issues<ntsysadmin@lyris.sunbelt-software.com<mailto:ntsysadmin@lyris.sunbelt-software.com>> ReplyTo: "NT System Admin Issues" <ntsysadmin@lyris.sunbelt-software.com<mailto:ntsysadmin@lyris.sunbelt-software.com>> Subject: RE: Remote Desktop Server (Formerly known as Terminal Server) Well, if you mean "corruption" as in the last session to write the profile "wins", that's true, but it is handled by user education. From: kz2...@googlemail.com<mailto:kz2...@googlemail.com> [mailto:kz2...@googlemail.com] Sent: Friday, February 22, 2013 10:31 AM To: NT System Admin Issues Subject: Re: Remote Desktop Server (Formerly known as Terminal Server) Multiple sessions also tend to cause corruption issues IMHO Sent from my Blackberry, which may be an antique but delivers email RELIABLY ________________________________ From: Webster <webs...@carlwebster.com<mailto:webs...@carlwebster.com>> Date: Fri, 22 Feb 2013 15:11:50 +0000 To: NT System Admin Issues<ntsysadmin@lyris.sunbelt-software.com<mailto:ntsysadmin@lyris.sunbelt-software.com>> ReplyTo: "NT System Admin Issues" <ntsysadmin@lyris.sunbelt-software.com<mailto:ntsysadmin@lyris.sunbelt-software.com>> Subject: RE: Remote Desktop Server (Formerly known as Terminal Server) Using Roaming Profiles in a large enterprise environment with sub-par WAN links makes for problematic roaming profile issues. Also some people forget to implement folder redirection with roaming profiles and you get profile bloat and a very bad user logon/off experience. Also, not everyone does the share and folder permissions properly for roaming profiles and or folder redirection and that can really screw things up. Thanks Webster From: Ken Cornetet [mailto:ken.corne...@kimball.com] Sent: Friday, February 22, 2013 9:03 AM To: NT System Admin Issues Subject: RE: Remote Desktop Server (Formerly known as Terminal Server) I'm using roaming profiles in a XenApp 5 system with around 1000 users. No problems whatsoever. I think a lot of the common "wisdom" about not using roaming profiles is a combination of bad history and FUD spread by vendors of profile management software. Not using roaming profiles sounds good in theory, but may be problematic in practice. If you have a user base with very simple requirements, a mandatory profile can work well - you only need to back up and restore a few settings from the registry (Outlook profiles, default printer, etc). Otherwise, roaming profiles make life much easier. I'll try to highlight the group policy I have in place: User lockdown - implemented via loopback - Set security to deny apply of this GP for admin users. Turns off most of the things in control panel Hide Desktop "network locations" Hide network connection settings Disable offline files Disable connection wizard Remove shutdown, sleep, and hibernate from start button. Turn off "Getting Started". Hide A,B,C, and D drives in "My Computer". Hide the C drive in file dialog boxes (This can cause error messages in Office apps). Hide Windows update. System policies Turn off Customer Experience Improvement Program and error reporting. Add "Administrators" security to roaming profiles. Delete cached profiles. Do not check for ownership of roaming profiles. Turn on timezone redirection. Set the roaming profile path. Turn off Windows Defender. Registry settings policy Create HKLM\CurrentControlSet\Control\Print\DisableWERLogging DWORD 1 (if you don't do this, the print spooler will occasionally fill your C: disk up with error logs). Create HKLM\CurrentControlSet\Control\FileSystem\NtfsDisableLastAccessUpdate DWORD 1 - NOTE! You may not want to do this - research before implementing. DELETE this key HKEY_USERS\.DEFAULT\Software\Hewlett-Packard - Do this if you use HP printers. Trust me. DELETE this key HKCU\Software\Hewlett-Packard - Ditto User settings - implemented via loopback Set folder redirection Create HKCU\Softare\Policies\Microsoft\Office\12.0\Common\Toolbars\QuickAccessToolbarRoaming DWORD 1 See http://support.microsoft.com/kb/958062 for details. Create HKCU\Softare\Policies\Microsoft\Office\14.0\Common\Toolbars\CustomUIRoaming DWORD 1 See http://support.microsoft.com/kb/958062 for details. Create HKCU\ Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A10 DWORD 1 - This sets IE privacy to default Application blacklist Blacklist all of the common updaters (Java, Adobe, etc) Blacklist VMWare tools (if you are running under VMWare) Blacklist your Antivirus user interface agent (you don't want users kicking off scans of your C: drive) Blacklist c:\windows\syswow64\IME\IMEJP10\IMJPDSVR.EXE - It eats CPU. I'd be happy to export my policies and email them to you, if you like. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
<<inline: image001.jpg>>
