Got either of these hotfixes installed? 2621440 or 2667402?
Might want to try removing them if you have On 25 February 2013 13:05, Ziots, Edward <ezi...@lifespan.org> wrote: > Here is a weird one that I am seeing with RDP on Windows 2008. **** > > ** ** > > Remote Desktop Services is running on the server and the port is open > (3389) You can connect to the server and enter your AD credentials, and > then it tries to show you the desktop and sure enough claims there is a > network error and kicks you out. **** > > ** ** > > I Have checked the following. **** > > ** ** > > **1) **Network settings on NIC (In Network Fault Tolerant Pair, how > its always configured) no errors seen. **** > > **2) **Negoiate is set for the session security**** > > **3) **RDP Services has been recycled numerous times.(At least 5)**** > > **4) **Check to make sure the account logging in with didn’t have a > specific program to run at login and showed it to always show desktop**** > > ** ** > > Still get Event ID 7034 with Remote Desktop Services. **** > > ** ** > > Any ideas? **** > > ** ** > > Z**** > > ** ** > > Edward E. Ziots, CISSP, Security +, Network +**** > > Security Engineer**** > > Lifespan Organization**** > > ezi...@lifespan.org**** > > ** ** > > This electronic message and any attachments may be privileged and > confidential and protected from disclosure. If you are reading this > message, but are not the intended recipient, nor an employee or agent > responsible for delivering this message to the intended recipient, you are > hereby notified that you are strictly prohibited from copying, printing, > forwarding or otherwise disseminating this communication. If you have > received this communication in error, please immediately notify the sender > by replying to the message. Then, delete the message from your computer. > Thank you.**** > > *[image: Description: Description: Lifespan]* > > ** ** > > ** ** > > *From:* kz2...@googlemail.com [mailto:kz2...@googlemail.com] > *Sent:* Friday, February 22, 2013 5:43 PM > > *To:* NT System Admin Issues > *Subject:* Re: Remote Desktop Server (Formerly known as Terminal Server)** > ** > > ** ** > > Not that easy with published apps to be fair, and apps that don't exit > properly at some times. Some users have published apps with local file > associations, some users have a blend of streamed, local and remote apps. > And sometimes you can end up with disconnected sessions the users are > unaware of in a big and/or complicated environment. > > Cheers, > > > JR**** > > Sent from my Blackberry, which may be an antique but delivers email > RELIABLY**** > ------------------------------ > > *From: *Ken Cornetet <ken.corne...@kimball.com> **** > > *Date: *Fri, 22 Feb 2013 17:28:53 -0500**** > > *To: *NT System Admin Issues<ntsysadmin@lyris.sunbelt-software.com>**** > > *ReplyTo: *"NT System Admin Issues" <ntsysadmin@lyris.sunbelt-software.com > >**** > > *Subject: *RE: Remote Desktop Server (Formerly known as Terminal Server)** > ** > > ** ** > > Well, if you mean “corruption” as in the last session to write the > profile “wins”, that’s true, but it is handled by user education.**** > > ** ** > > *From:* kz2...@googlemail.com > [mailto:kz2...@googlemail.com<kz2...@googlemail.com>] > > *Sent:* Friday, February 22, 2013 10:31 AM > *To:* NT System Admin Issues > *Subject:* Re: Remote Desktop Server (Formerly known as Terminal Server)** > ** > > ** ** > > Multiple sessions also tend to cause corruption issues IMHO**** > > Sent from my Blackberry, which may be an antique but delivers email > RELIABLY**** > ------------------------------ > > *From: *Webster <webs...@carlwebster.com> **** > > *Date: *Fri, 22 Feb 2013 15:11:50 +0000**** > > *To: *NT System Admin Issues<ntsysadmin@lyris.sunbelt-software.com>**** > > *ReplyTo: *"NT System Admin Issues" <ntsysadmin@lyris.sunbelt-software.com > >**** > > *Subject: *RE: Remote Desktop Server (Formerly known as Terminal Server)** > ** > > ** ** > > Using Roaming Profiles in a large enterprise environment with sub-par WAN > links makes for problematic roaming profile issues. Also some people > forget to implement folder redirection with roaming profiles and you get > profile bloat and a very bad user logon/off experience. Also, not everyone > does the share and folder permissions properly for roaming profiles and or > folder redirection and that can really screw things up.**** > > ** ** > > Thanks**** > > ** ** > > ** ** > > Webster**** > > ** ** > > *From:* Ken Cornetet > [mailto:ken.corne...@kimball.com<ken.corne...@kimball.com>] > > *Sent:* Friday, February 22, 2013 9:03 AM > *To:* NT System Admin Issues > *Subject:* RE: Remote Desktop Server (Formerly known as Terminal Server)** > ** > > ** ** > > I’m using roaming profiles in a XenApp 5 system with around 1000 users. No > problems whatsoever. I think a lot of the common “wisdom” about not using > roaming profiles is a combination of bad history and FUD spread by vendors > of profile management software.**** > > ** ** > > Not using roaming profiles sounds good in theory, but may be problematic > in practice. If you have a user base with very simple requirements, a > mandatory profile can work well – you only need to back up and restore a > few settings from the registry (Outlook profiles, default printer, etc). > Otherwise, roaming profiles make life much easier.**** > > ** ** > > I’ll try to highlight the group policy I have in place:**** > > ** ** > > User lockdown – implemented via loopback – Set security to deny apply of > this GP for admin users.**** > > Turns off most of the things in control panel**** > > Hide Desktop “network locations”**** > > Hide network connection settings**** > > Disable offline files**** > > Disable connection wizard**** > > Remove shutdown, sleep, and hibernate from start button.**** > > Turn off “Getting Started”.**** > > Hide A,B,C, and D drives in “My Computer”.**** > > Hide the C drive in file dialog boxes (This can cause error messages in > Office apps).**** > > Hide Windows update.**** > > ** ** > > System policies**** > > Turn off Customer Experience Improvement Program and error reporting.**** > > Add “Administrators” security to roaming profiles.**** > > Delete cached profiles.**** > > Do not check for ownership of roaming profiles.**** > > Turn on timezone redirection.**** > > Set the roaming profile path.**** > > Turn off Windows Defender.**** > > ** ** > > Registry settings policy **** > > Create HKLM\CurrentControlSet\Control\Print\DisableWERLogging DWORD 1 (if > you don’t do this, the print spooler will occasionally fill your C: disk up > with error logs).**** > > Create > HKLM\CurrentControlSet\Control\FileSystem\NtfsDisableLastAccessUpdate DWORD > 1 – *NOTE!* You may not want to do this – research before implementing.*** > * > > DELETE this key > HKEY_USERS\.DEFAULT\Software\Hewlett-Packard – Do this if you use HP > printers. Trust me.**** > > DELETE this key HKCU\Software\Hewlett-Packard – Ditto**** > > ** ** > > User settings – implemented via loopback **** > > Set folder redirection**** > > Create > HKCU\Softare\Policies\Microsoft\Office\12.0\Common\Toolbars\QuickAccessToolbarRoaming > DWORD 1 See http://support.microsoft.com/kb/958062 for details.**** > > Create > HKCU\Softare\Policies\Microsoft\Office\14.0\Common\Toolbars\CustomUIRoaming > DWORD 1 See http://support.microsoft.com/kb/958062 for details.**** > > Create HKCU\ > Software\Microsoft\Windows\CurrentVersion\Internet > Settings\Zones\3\1A10 DWORD 1 – This sets IE privacy to default**** > > ** ** > > Application blacklist**** > > Blacklist all of the common updaters (Java, Adobe, etc)*** > * > > Blacklist VMWare tools (if you are running under VMWare)** > ** > > Blacklist your Antivirus user interface agent (you don’t > want users kicking off scans of your C: drive)**** > > Blacklist c:\windows\syswow64\IME\IMEJP10\IMJPDSVR.EXE – > It eats CPU.**** > > ** ** > > I’d be happy to export my policies and email them to you, if you like.**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > -- *James Rankin* Technical Consultant (ACA, CCA, MCTS) http://appsensebigot.blogspot.co.uk ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
<<image001.jpg>>
