question

SebastianR-9432 avatar image
0 Votes"
SebastianR-9432 asked ·

Limti rdp session per user to one Windows Server 2019

Hi,

i want to limit rdp sessions per user to one on a Windows Server 2019 RDSH (vm). The vm is not part of a Remote Desktop Gateway Deployment, so it's a standalone session host.

I tried to realise that with a local GPO via
Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connection
and activated "Restrict Remote Desktop Services user to a single Remote Desktop Services session"

I also tried setting the related registry value Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\fSingleSessionPerUser to 1

However it's still possible for users to create multiple rdp sessions on that system.

I checked other RDP session hosts, that are behind a Remote Desktop Gateway. In such a setup somehow the limitation seems to be enabled automatically. So I compared the relevant registry values in Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server of both machines. I could not find any differences related to my problem.

Does anyone has an idea what I am missing?

azure-virtual-desktop
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SebastianR-9432 avatar image
1 Vote"
SebastianR-9432 answered ·

I've finally found the misconfiguration.
I used rsop.msc to get all active GPO settings and saw that the GPO setting I needed to be active was deactivated by another GPO. Fixed the GPO setting, did an gpupdate and here we go: Rdp sessions are now limited to one per user

Thank you all for your answers and ideas.

· 1 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @SebastianR-9432,
Glad to hear that you found the misconfiguration and that fixed the long troubleshooting

Thanks,
Manu

0 Votes 0 ·
ManuPhilip avatar image
0 Votes"
ManuPhilip answered ·

Hello,

I think, you are following the right approach here through GPO. To affirm the steps, I am providing it again as below:


1.Log into the server using Remote Desktop.
1. Open the start menu and type 'gpedit.msc' and open it
2. Go to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections.
3. Set Restrict Remote Desktop Services user to a single Remote Desktop Services session to Enabled.

After doing this step, open a command prompt and type gpupdate /force and enter to take effect the settings immediately

Regards,
Manu

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SebastianR-9432 avatar image
0 Votes"
SebastianR-9432 answered ·

Thank you for your answer. Unfortunately that didn't help.

I tried gpupdate /force and restarted the system. No change in behaviour.

Curious thing is here, that when I change the registry value Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\fSingleSessionPerUser to 0 on the RDSH that is behind a Remote Desktop Gateway, the change takes effect immediately effect without gpupdate or restarting the system

I really do not see, what I'm missing here

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ManuPhilip avatar image
0 Votes"
ManuPhilip answered ·

Hello,

We need to understand the issue further with the hep of event logs.

First check any errors or warnings reported under Application or System categories

Check group policy related event logs and see any error reported.

  1. Open Event Viewer

  2. Click the arrow next to Applications and Services Logs.

  3. Click the arrow next to Microsoft, and then Windows, and then Group Policy.

  4. Click Operational.

Repeat the above all procedure after applying the group policy again (guupdate /force)

Thanks,
Manu

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SebastianR-9432 avatar image
0 Votes"
SebastianR-9432 answered ·

Hello,

I checked event logs as you suggested before and after applying group policies. There are no errors or warnings. There are no entries that say anything about limitation of rdp session either

· 1 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @SebastianR-9432,

Check details printed for the command and see the group policy is applied correctly: gpresult /r

Thanks,
Manu

0 Votes 0 ·