Remote Desktop can't connect to the remote computer for one of these reasons: for some users

Question

Good morning,

I have a small farm of 3 Windows 2019 RDS servers with load balancing. They are working quite well, but some users, about 4 now when they log in, it accepts their password, tries to log in, sits at estimating connection speed, then comes up with the can't connect for these reasons message like it can't connect at all. I can log in with a test user with the exact same permissions as the person getting this message and they will log in just fine. This happens internally and externally.

Answer 1

HI JamesRAtherton-0253,

1.Could you please enter winver in command prompt on both normal user's win10 computer and issue user's win10 computer, then look the OS version and OS version number ?[for example windows 10 enterprise 1809 (OS build 17763.316)]
2.Are these 4 users account in the "remote desktop users group" of 3 Windows 2019 RDS servers?
3.Did you check the firewall setting block these 4 users' computer?
Did you check if these 4 users can remote access from other normal user's computer to w2019 session host successfully?
4.Are issue user's computer and normal user's computer in the same VLAN network segment?
5.Did you check remote desktop configuration services and remote desktop service are always running on both issue user's computer？

6.What's type of RDS cal do you use? RDS per user cal or RDS per device cal?
7.After we enable below logs, we reproduce issue on problematical user's computer, is there related log recorded in below logs？
client win10
event viewer\windows logs\
application
security
system
Event Viewer – Applications and Services Logs -Microsoft-terminalservices-clientactivatexcore
microsoft-winodws-terminalservices-rdpclient/analytic enable
microsoft-winodws-terminalservices-rdpclient/debug enable
microsoft-winodws-terminalservices-rdpclient/operational enable

Event Viewer – Applications and Services Logs -Microsoft-Windows-RemoteDesktopServices-SessionServices_Operational
Event Viewer – Applications and Services Logs -RemoteApp and Desktop Connections_Operational
Event Viewer – Applications and Services Logs -Microsoft-Windows-RemoteDesktopServices-RdpCoreTS_Admin
Event Viewer – Applications and Services Logs -Microsoft-Windows-RemoteDesktopServices-RdpCoreTS_Operational
Event Viewer – Applications and Services Logs -Microsoft-Windows-RemoteDesktopServices-sessionservices

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

I will be experimenting with the above, but I will answer a few items if I can. Working on other troubleshooting, the biggest issue is the randomness of this issue...

2.Are these 4 users account in the "remote desktop users group" of 3 Windows 2019 RDS servers?

>> They are all members of the required groups. These users work sometimes and not others.

3.Did you check the firewall setting block these 4 users' computer?

>> Went so far as turning off the firewalls across the board to test, same results.

Did you check if these 4 users can remote access from other normal user's computer to w2019 session host successfully?
4.Are issue user's computer and normal user's computer in the same VLAN network segment?

>> No, sometimes it happens when inside the office network, other times remotely.

Answer 3

As for the logs, no, actually, I can't seem to find anything remote or local in the logs to point me in the right direction, that is usually my first go to.

As for Item #2. it's during the Configuring remote connection and sometimes on Estimating Connection Quality that this seems to happen. More the first than the second.

Answer 4

HI JamesRAtherton-0253,

. We’ll look at the logs and events on the main stages of an RDP connection, I think your issue fail after authentication.
We need to compare what's the difference about logs(client logs and RD session host logs) between normal condition and issue condition for the same issue user.
We need to check both win10 client logs and RD session host logs which this domain user try to log on.

⦁ Network Connection;
⦁ Authentication;
⦁ Logon;
⦁ Session Disconnect/Reconnect;
⦁ Logoff.

Tracking and Analyzing Remote Desktop Activity Logs in Windows
woshub.com/rdp-connection-logs-forensics-windows/

client win10
event viewer\windows logs\
application
security
system
Event Viewer – Applications and Services Logs -Microsoft-terminalservices-clientactivatexcore
microsoft-winodws-terminalservices-rdpclient/analytic enable
microsoft-winodws-terminalservices-rdpclient/debug enable
microsoft-winodws-terminalservices-rdpclient/operational enable

Event Viewer – Applications and Services Logs -Microsoft-Windows-RemoteDesktopServices-SessionServices_Operational
Event Viewer – Applications and Services Logs -RemoteApp and Desktop Connections_Operational
Event Viewer – Applications and Services Logs -Microsoft-Windows-RemoteDesktopServices-RdpCoreTS_Admin
Event Viewer – Applications and Services Logs -Microsoft-Windows-RemoteDesktopServices-RdpCoreTS_Operational
Event Viewer – Applications and Services Logs -Microsoft-Windows-RemoteDesktopServices-sessionservices

RDSH log
system
application
security

Event Viewer – Applications and Services Logs – Microsoft – Windows-remoteapp and desktop connection management_admin
Event Viewer – Applications and Services Logs – Microsoft – Windows-remoteapp and desktop connection management_operational
Event Viewer – Applications and Services Logs – Microsoft –Windows-remotedesktopservices-rdpcoreTS_admin
Event Viewer – Applications and Services Logs – Microsoft –Windows-remotedesktopservices-rdpcoreTS_operational
Event Viewer – Applications and Services Logs – Microsoft –Windows-remotedesktopservices-sessionservice-operatinal
Event Viewer – Applications and Services Logs – Microsoft –Windows-TerminalServices-*

（* include
Event Viewer – Applications and Services Logs – Microsoft –Windows-TerminalServices-
localsessionmanager_addmin
localsessionmanager_operational
remoteconnectionmanager_addmin
remoteconnectionmanager_operational

============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 5

Ok, I think I have the answer to the why, just not the "how to fix" it appears it is related to the load balancing. If you connect to say HQ and the load is low you connect right up, no issue. If you connect to HQ and load is high, it normally redirects you to BT or WP. This is where the failure occurs. Because it seems to be using the internal addresses when redirecting, and in doing so, client machine one is coming in on say 123.123.123.45 from the outside. It's then redirected to 111.111.111.25 which is the inside address for say BT. Fails...

Connect to VPN, and do this again, connects to BT without an issue after redirect because now the outside machine can "see" BT. Hope this makes sense. Although the workaround is having everyone log into the VPN, I am trying to avoid that as a solution. I am sure it's the configuration I have in the broker but I am at a loss to what that is.

Help is appreciated.