We recently discovered a quirk in one of our RDP servers and I cannot figure out why this is happening.
OS: Windows Server 2019 Datacenter - AWS EC2 instance
Low user population system. Between 3 and 5 users simultaneously logged into this system at any time. Used exclusively for SQL access to an AWS RDP SQL Server instance via SSMS.
Scenario A:
User starts their day and logs into the remote server via RDP successfully. They use the system for a while, then minimize the window while they work on something else. After the inactivity period elapses, the remote server forces the user to re-enter their credentials.
(All normal up to this point) ...
The user swears they're entering their password the exact same way the logged into the system at the start of the day, but Windows complains it's a bad password. User attempts their password four (4) more times, and the system immediately reboots.
The only thing in the event logs is this message:
The process C:\Windows\system32\winlogon.exe (HOSTNAME) has initiated the restart of computer HOSTNAME on behalf of user NT AUTHORITY\SYSTEM for the following reason: No title for this reason could be found
Reason Code: 0x500ff
Shutdown Type: restart
Comment:
Scenario B (same user as above):
User connects to a fresh RDP session where they were not previous logged in. Login is successful. They use the system for a while, then minimize the window as before and the remote session eventually forces the user to re-enter their credentials.
Same as before, the user enters their password but the server complains its incorrect.
This time, however, the user closes the RDP window and re-starts the RDP session entirely. Password was accepted this time.
Question: What could possibly be causing the server to reboot? I see no other evidence of any failures or errors in the system events to point to any software or OS problems.
Related
We manage several laptops that are used for emergency situations and thus are rarely used (knock on wood).
When we start up these laptops periodically to run windows updates, we also sign in with several user accounts for each laptop in order to keep the profile up to date.
Is there a way to automate the logging in of each account with a script?
For example, I could log in as administrator, run the script and the laptop would do the following:
Log out my administrator account,
sign in with useraccount 1, log out
sign in with useraccount 2, log out
sign in with useraccount 3, log out
I havent had much luck in googling this type of thing and was hoping someone here might have an idea.
I simply cant find a script that logs in with a user account.
The closest I can find is recommending auto signin but that only applies to one account and not what I need for this task.
Globally, you can't do that: it would break security if you were allowed to interact, programmatically, with the login screen.
IF it's possible, I would look to a way to do the login to remote machine through either Telnet (not recommended! but can be done with standard Windows tools) or SSH (will need a SSH server). If you can do the upgrade this way, then you're saved, in particular with SSH because you can avoid passwords' sharing through key exchange - probably won't work with domain accounts, however, but local accounts will be fine.
Otherwise, if you require to really open a Windows session, best you can do, IF your configuration allows it AND if it works (regarding the profile's update) is to connect through RDP (Remote Desktop) to each laptop, with each login.
You'll need to establish a RDP connection to each laptop from a "pilot" PC, save each connexion individually within a .rdp file, saving password inside the connection file.
Then, you can launch the connection with the command mstsc <machine+account>.rdp to establish a connection. A bit later, you can kill the connection (with either taskkill or through a pilot process / tool, I would use AutoIt for this preferably).
If password saving is an issue, then each employee should have its own set of RDP files. Through something like Autoit, in particular, you can input the password once, and fill automatically each password prompt.
The tricky part would be to know when it's time to close the remote desktop. I would try to automatically execute a command to distant computer that would reboot it once done, so your remote desktop would close automatically.
Anyway, it will be a real gas plant to implement all this in a smooth process...
We created a VM as a replacement for physical machine with rarely used software on it.
When I tested it I noticed when a second user accesses the VM, the first user is kicked out and sees the message "You have been disconnected because another connection was made to the remote computer".
However, on another VM that wasn't set up by me, I'm getting the warning "Another user is signed in. If you continue, they’ll be disconnected. Do you want to sign in any way?"
What VM or Windows setting(s) do I need to change to display this message on the new VM?
I found the following answer on serverfault more helpful than the "copy & paste reply" by Jabbar.
The message you want will appear for the 3rd user on Windows server:
By default a Windows VM in Azure is configured for remote administration, which allows up to 2 users to access the machine to undertake remote administration of that machine. If a third user attempts to connect you will see this message. you will see this if a user has disconnected, but not logged off so their session is till running and using a slot.
Windows Server will, by default, let 2 concurrent users log on. Windows 10, will only allow only 1 user.
We have a few Windows 10 Pro computers with Remote Desktop enabled. There are "client" machines running Windows 10 Pro and Windows 10 Home.
Is it possible to programmatically check, from a client machine, that the remote computer is already occupied by someone? That is, if another remote client is already connected to it? If so, can I do this without breaking the existing remote connection?
When a user logs on to a Remote Desktop Services–enabled computer, a
session is started for the user. Each session is identified by a
unique session ID. Because each logon to a Remote Desktop Connection
(RDC) client receives a separate session ID.
Refer: Remote Desktop Sessions
You can use the WTSEnumerateSessions function to retrieve the identifiers of all sessions on a specified RD Session Host server.
WTSEnumerateSessions : Retrieves a list of sessions on a Remote Desktop Session Host (RD
Session Host) server.
Note:
To enumerate a session, you must enable the query information
permission. For more information, see Remote Desktop Services
Permissions.
To change permissions on a session, use the Remote Desktop Services
Configuration administrative tool.
To enumerate sessions running on a virtual machine hosted on a RD
Virtualization Host server, you must be a member of the
Administrators group on the RD Virtualization Host server.
If you want to retrieve the session ID of the current session that the remote desktop service is running, you can call WTSQuerySessionInformation and specify WTS_CURRENT_SESSION for the SessionId parameter and WTSSessionId for the WTSInfoClass parameter.
You can use the query session command from the command line.
If you're on the same local network as the remote computer, then you can directly use the query session:
Use the command query session /SERVER:<remote pc name, or IP address>
If there is someone actively logged into the console, then it returns console <username> Active as the state. However, this can also mean someone logged in, the session locked, and they walked away for coffee. It doesn't actually mean they are doing something in the session; they are simply logged into the console. This state also occurs if you use another remote login software such as TeamViewer, since it logs in as an active console.
C:\Users\Myself>query session /server:LabServerPC
SESSIONNAME USERNAME ID STATE TYPE DEVICE
services 0 Disc
console LabUser 1 Active
rdp-tcp 65536 Listen
If the computer is already in use by a remote desktop session, it will return it as a session as the active state. In this case rdp-tcp#1 <username> Active.
C:\Users\Myself>query session /server:LabServerPC
SESSIONNAME USERNAME ID STATE TYPE DEVICE
services 0 Disc
rdp-tcp#1 LabUser 1 Active
console 3 Conn
rdp-tcp 65536 Listen
If you are operating via a VPN, or off the native network, it may be easier to remotely log into the PC using SSH and then query the session directly. In this case, you would use query session only.
I have a shared folder on a windows 10 host machine. I could access it from a windows 10 client machine, where I had set "remember credentials" when first accessing the share. I changed the password on the host. Now the client cannot access the shared folder. That was expected. But I could not find a way on the client to allow the user to re-establish access to the shared folder.
I expected it would ask for credentials again. However I got a network error saying that windows cannot access the host machine.
Based on a number of entries on various forums, I tried a few things. The credentials manager on the client does not show the host. I stopped and restarted file and printer sharing on the client, without any change in the result. Network diagnosis and the windows troubleshooter gave no help.
The problem was due to some previous connections remaining in the network table, even though disconnected, as presented by the "net use" command from the command prompt.
>net use
Status Local Remote Network
--------------------------------------------------------------------------
Disconnected \\192.168.1.71\IPC$ Microsoft Windows Network
Disconnected \\HOST\IPC$ Microsoft Windows Network
After deleting them (via "net use /delete") the next attempt to access the host asked for credentials. Yay!
I began the path to the solution when I tried
net use z: \\host\shared /user:admin password
which gave system error 1219 stating multiple connections to a server are not allowed. Disconnect all previous connections and try again. Obviously, even though known to be disconnected, the entries prevented reconnection.
I am facing a problem that I discovered while I was implementing a small client/host application.
The client side runs Windows 7 64-bit and machine never turns off but user is automatically logged off after 30 minutes of inactivity. When user is automatically logged off the host becomes unreachable, first I thought the problem was isolated to my application, but after som investigation I discovered that resources and vnc server is also unavailable.
The question might be a bit off limit for this forum but I can't find any reasonable explanation somewhere else. Does anyone know how I can keep user being logged off automatically but with the host still reachable on the network?
You need to have them as services.
Are you connecting to some port opened by a server/service which runs as the user? If so, that's the reason. To circumvent, you need to have the service installed/started independently of the user, for entire machine (using administrator priviledges)