Rdp ошибка 264

---

Summary

This article contains most of the current Remote Desktop Client disconnect codes and reasons. Please see parent article Remote Desktop Services RDS Logon Connectivity Overview for additional information.

More Information

The RDP client disconnect codes are written to the ‘Microsoft-Windows-TerminalServices-RDPClient/Operational’ event login ‘Applications and Services Logs/Microsoft/Windows’ in Event Viewer. Not all codes are enumerable from the COM method shown below. Additionally,
some of the disconnect codes returned are extended codes. If the disconnect code is not found in the Primary Disconnect Reasons table, see the Extended Disconnect Reasons table. When troubleshooting client-side connections, be aware that depending on a configuration
such as encryption and security level, the client may attempt connection multiple times and disconnect before the final connection is made.

Script

The following snippet is a PowerShell command to query COM MSTscAx with a decimal disconnect code ID. If the disconnect code is found the description will be returned.

NOTE: When running the command below, ‘An internal error has occurred.’. This is a generic return code description when the disconnect code in is not found and return description is not valid.

Example Event from Event Log

Below is an example event log entry event ID 1026 of an RDP client session disconnect event (event code 263 which is no error).

Primary Disconnect Reasons

Code	Reason
0	No error
1	User-initiated client disconnect.
2	User-initiated client logoff.
3	Your Remote Desktop Services session has ended, possibly for one of the following reasons:  The administrator has ended the session. An error occurred while the connection was being established. A network problem occurred.  For help solving the problem, see «Remote Desktop» in Help and Support.
260	Remote Desktop can’t find the computer «». This might mean that «» does not belong to the specified network.  Verify the computer name and domain that you are trying to connect to.
262	This computer can’t connect to the remote computer.  Your computer does not have enough virtual memory available. Close your other programs, and then try connecting again. If the problem continues, contact your network administrator or technical support.
264	This computer can’t connect to the remote computer.  The two computers couldn’t connect in the amount of time allotted. Try connecting again. If the problem continues, contact your network administrator or technical support.
266	The smart card service is not running. Please start the smart card service and try again.
516	Remote Desktop can’t connect to the remote computer for one of these reasons:  1) Remote access to the server is not enabled 2) The remote computer is turned off 3) The remote computer is not available on the network  Make sure the remote computer is turned on and connected to the network, and that remote access is enabled.
522	A smart card reader was not detected. Please attach a smart card reader and try again.
772	This computer can’t connect to the remote computer.  The connection was lost due to a network error. Try connecting again. If the problem continues, contact your network administrator or technical support.
778	There is no card inserted in the smart card reader. Please insert your smart card and try again.
1030	Because of a security error, the client could not connect to the remote computer. Verify that you are logged on to the network, and then try connecting again.
1032	The specified computer name contains invalid characters. Please verify the name and try again.
1034	An error has occurred in the smart card subsystem. Please contact your helpdesk about this error.
1796	This computer can’t connect to the remote computer.  Try connecting again. If the problem continues, contact the owner of the remote computer or your network administrator.
1800	Your computer could not connect to another console session on the remote computer because you already have a console session in progress.
2056	The remote computer disconnected the session because of an error in the licensing protocol. Please try connecting to the remote computer again or contact your server administrator.
2308	Your Remote Desktop Services session has ended.  The connection to the remote computer was lost, possibly due to network connectivity problems. Try connecting to the remote computer again. If the problem continues, contact your network administrator or technical support.
2311	The connection has been terminated because an unexpected server authentication certificate was received from the remote computer. Try connecting again. If the problem continues, contact the owner of the remote computer or your network administrator.
2312	A licensing error occurred while the client was attempting to connect (Licensing timed out). Please try connecting to the remote computer again.
2567	The specified username does not exist. Verify the username and try logging in again. If the problem continues, contact your system administrator or technical support.
2820	This computer can’t connect to the remote computer.  An error occurred that prevented the connection. Try connecting again. If the problem continues, contact the owner of the remote computer or your network administrator.
2822	Because of an error in data encryption, this session will end. Please try connecting to the remote computer again.
2823	The user account is currently disabled and cannot be used. For assistance, contact your system administrator or technical support.
2825	The remote computer requires Network Level Authentication, which your computer does not support. For assistance, contact your system administrator or technical support.
3079	A user account restriction (for example, a time-of-day restriction) is preventing you from logging on. For assistance, contact your system administrator or technical support.
3080	The remote session was disconnected because of a decompression failure at the client side. Please try connecting to the remote computer again.
3335	As a security precaution, the user account has been locked because there were too many logon attempts or password change attempts. Wait a while before trying again, or contact your system administrator or technical support.
3337	The security policy of your computer requires you to type a password on the Windows Security dialog box. However, the remote computer you want to connect to cannot recognize credentials supplied using the Windows Security dialog box. For assistance, contact your system administrator or technical support.
3590	The client can’t connect because it doesn’t support FIPS encryption level.  Please lower the server side required security level Policy, or contact your network administrator for assistance
3591	This user account has expired. For assistance, contact your system administrator or technical support.
3592	Failed to reconnect to your remote session. Please try to connect again.
3593	The remote PC doesn’t support Restricted Administration mode.
3847	This user account’s password has expired. The password must change in order to logon. Please update the password or contact your system administrator or technical support.
3848	A connection will not be made because credentials may not be sent to the remote computer. For assistance, contact your system administrator.
4103	The system administrator has restricted the times during which you may log in. Try logging in later. If the problem continues, contact your system administrator or technical support.
4104	The remote session was disconnected because your computer is running low on video resources.  Close your other programs, and then try connecting again. If the problem continues, contact your network administrator or technical support.
4359	The system administrator has limited the computers you can log on with. Try logging on at a different computer. If the problem continues, contact your system administrator or technical support.
4615	You must change your password before logging on the first time. Please update your password or contact your system administrator or technical support.
4871	The system administrator has restricted the types of logon (network or interactive) that you may use. For assistance, contact your system administrator or technical support.
5127	The Kerberos sub-protocol User2User is required. For assistance, contact your system administrator or technical support.
6919	Remote Desktop cannot connect to the remote computer because the authentication certificate received from the remote computer is expired or invalid.  In some cases, this error might also be caused by a large time discrepancy between the client and server computers.
7431	Remote Desktop cannot verify the identity of the remote computer because there is a time or date difference between your computer and the remote computer. Make sure your computer’s clock is set to the correct time, and then try connecting again. If the problem occurs again, contact your network administrator or the owner of the remote computer.
8711	Your computer can’t connect to the remote computer because your smart card is locked out. Contact your network administrator about unlocking your smart card or resetting your PIN.
9479	Could not auto-reconnect to your applications,please re-launch your applications
9732	Client and server versions do not match. Please upgrade your client software and then try connecting again.
33554433	Failed to reconnect to the remote program. Please restart the remote program.
33554434	The remote computer does not support RemoteApp. For assistance, contact your system administrator.
50331649	Your computer can’t connect to the remote computer because the username or password is not valid. Type a valid user name and password.
50331650	Your computer can’t connect to the remote computer because it can’t verify the certificate revocation list. Contact your network administrator for assistance.
50331651	Your computer can’t connect to the remote computer due to one of the following reasons:  1) The requested Remote Desktop Gateway server address and the server SSL certificate subject name do not match. 2) The certificate is expired or revoked. 3) The certificate root authority does not trust the certificate.  Contact your network administrator for assistance.
50331652	Your computer can’t connect to the remote computer because the SSL certificate was revoked by the certification authority. Contact your network administrator for assistance.
50331653	This computer can’t verify the identity of the RD Gateway «». It’s not safe to connect to servers that can’t be identified. Contact your network administrator for assistance.
50331654	Your computer can’t connect to the remote computer because the Remote Desktop Gateway server address requested and the certificate subject name do not match. Contact your network administrator for assistance.
50331655	Your computer can’t connect to the remote computer because the Remote Desktop Gateway server’s certificate has expired or has been revoked. Contact your network administrator for assistance.
50331656	Your computer can’t connect to the remote computer because an error occurred on the remote computer that you want to connect to. Contact your network administrator for assistance.
50331657	An error occurred while sending data to the Remote Desktop Gateway server. The server is temporarily unavailable or a network connection is down. Try again later, or contact your network administrator for assistance.
50331658	An error occurred while receiving data from the Remote Desktop Gateway server. Either the server is temporarily unavailable or a network connection is down. Try again later, or contact your network administrator for assistance.
50331659	Your computer can’t connect to the remote computer because an alternate logon method is required. Contact your network administrator for assistance.
50331660	Your computer can’t connect to the remote computer because the Remote Desktop Gateway server address is unreachable or incorrect. Type a valid Remote Desktop Gateway server address.
50331661	Your computer can’t connect to the remote computer because the Remote Desktop Gateway server is temporarily unavailable. Try reconnecting later or contact your network administrator for assistance.
50331662	Your computer can’t connect to the remote computer because the Remote Desktop Services client component is missing or is an incorrect version. Verify that setup was completed successfully, and then try reconnecting later.
50331663	Your computer can’t connect to the remote computer because the Remote Desktop Gateway server is running low on server resources and is temporarily unavailable. Try reconnecting later or contact your network administrator for assistance.
50331664	Your computer can’t connect to the remote computer because an incorrect version of rpcrt4.dll has been detected. Verify that all components for Remote Desktop Gateway client were installed correctly.
50331665	Your computer can’t connect to the remote computer because no smart card service is installed. Install a smart card service and then try again, or contact your network administrator for assistance.
50331666	Your computer can’t stay connected to the remote computer because the smart card has been removed. Try again using a valid smart card, or contact your network administrator for assistance.
50331667	Your computer can’t connect to the remote computer because no smart card is available. Try again using a smart card.
50331668	Your computer can’t stay connected to the remote computer because the smart card has been removed. Reinsert the smart card and then try again.
50331669	Your computer can’t connect to the remote computer because the user name or password is not valid. Please type a valid user name and password.
50331671	Your computer can’t connect to the remote computer because a security package error occurred in the transport layer. Retry the connection or contact your network administrator for assistance.
50331672	The Remote Desktop Gateway server has ended the connection. Try reconnecting later or contact your network administrator for assistance.
50331673	The Remote Desktop Gateway server administrator has ended the connection. Try reconnecting later or contact your network administrator for assistance.
50331674	Your computer can’t connect to the remote computer due to one of the following reasons:   1) Your credentials (the combination of user name, domain, and password) were incorrect. 2) Your smart card was not recognized.
50331675	Remote Desktop can’t connect to the remote computer «» for one of these reasons:  1) Your user account is not listed in the RD Gateway’s permission list 2) You might have specified the remote computer in NetBIOS format (for example, computer1), but the RD Gateway is expecting an FQDN or IP address format (for example, computer1.fabrikam.com or 157.60.0.1).  Contact your network administrator for assistance.
50331676	Remote Desktop can’t connect to the remote computer «» for one of these reasons:  1) Your user account is not authorized to access the RD Gateway «» 2) Your computer is not authorized to access the RD Gateway «» 3) You are using an incompatible authentication method (for example, the RD Gateway might be expecting a smart card but you provided a password)  Contact your network administrator for assistance.
50331679	Your computer can’t connect to the remote computer because your network administrator has restricted access to this RD Gateway server. Contact your network administrator for assistance.
50331680	Your computer can’t connect to the remote computer because the web proxy server requires authentication. To allow unauthenticated traffic to an RD Gateway server through your web proxy server, contact your network administrator.
50331681	Your computer can’t connect to the remote computer because your password has expired or you must change the password. Please change the password or contact your network administrator or technical support for assistance.
50331682	Your computer can’t connect to the remote computer because the Remote Desktop Gateway server reached its maximum allowed connections. Try reconnecting later or contact your network administrator for assistance.
50331683	Your computer can’t connect to the remote computer because the Remote Desktop Gateway server does not support the request. Contact your network administrator for assistance.
50331684	Your computer can’t connect to the remote computer because the client does not support one of the Remote Desktop Gateway’s capabilities. Contact your network administrator for assistance.
50331685	Your computer can’t connect to the remote computer because the Remote Desktop Gateway server and this computer are incompatible. Contact your network administrator for assistance.
50331686	Your computer can’t connect to the remote computer because the credentials used are not valid. Insert a valid smart card and type a PIN or password, and then try connecting again.
50331687	Your computer can’t connect to the remote computer because your computer or device did not pass the Network Access Protection requirements set by your network administrator. Contact your network administrator for assistance.
50331688	Your computer can’t connect to the remote computer because no certificate was configured to use at the Remote Desktop Gateway server. Contact your network administrator for assistance.
50331689	Your computer can’t connect to the remote computer because the RD Gateway server that you are trying to connect to is not allowed by your computer administrator. If you are the administrator, add this Remote Desktop Gateway server name to the trusted Remote Desktop Gateway server list on your computer and then try connecting again.
50331690	Your computer can’t connect to the remote computer because your computer or device did not meet the Network Access Protection requirements set by your network administrator, for one of the following reasons:  1) The Remote Desktop Gateway server name and the server’s public key certificate subject name do not match. 2) The certificate has expired or has been revoked. 3) The certificate root authority does not trust the certificate. 4) The certificate key extension does not support encryption. 5) Your computer cannot verify the certificate revocation list.  Contact your network administrator for assistance.
50331691	Your computer can’t connect to the remote computer because a user name and password are required to authenticate to the Remote Desktop Gateway server instead of smart card credentials.
50331692	Your computer can’t connect to the remote computer because smart card credentials are required to authenticate to the Remote Desktop Gateway server instead of a user name and password.
50331693	Your computer can’t connect to the remote computer because no smart card reader is detected. Connect a smart card reader and then try again, or contact your network administrator for assistance.
50331695	Your computer can’t connect to the remote computer because authentication to the firewall failed due to missing firewall credentials. To resolve the issue, go to the firewall website that your network administrator recommends, and then try the connection again, or contact your network administrator for assistance.
50331696	Your computer can’t connect to the remote computer because authentication to the firewall failed due to invalid firewall credentials. To resolve the issue, go to the firewall website that your network administrator recommends, and then try the connection again, or contact your network administrator for assistance.
50331698	Your Remote Desktop Services session ended because the remote computer didn’t receive any input from you.
50331699	The connection has been disconnected because the session timeout limit was reached.
50331700	Your computer can’t connect to the remote computer because an invalid cookie was sent to the Remote Desktop Gateway server. Contact your network administrator for assistance.
50331701	Your computer can’t connect to the remote computer because the cookie was rejected by the Remote Desktop Gateway server. Contact your network administrator for assistance.
50331703	Your computer can’t connect to the remote computer because the Remote Desktop Gateway server is expecting an authentication method different from the one attempted. Contact your network administrator for assistance.
50331704	The RD Gateway connection ended because periodic user authentication failed. Try reconnecting with a correct user name and password. If the reconnection fails, contact your network administrator for further assistance.
50331705	The RD Gateway connection ended because periodic user authorization failed. Try reconnecting with a correct user name and password. If the reconnection fails, contact your network administrator for further assistance.
50331707	Your computer can’t connect to the remote computer because the Remote Desktop Gateway and the remote computer are unable to exchange policies. This could happen due to one of the following reasons:     1. The remote computer is not capable of exchanging policies with the Remote Desktop Gateway.     2. The remote computer’s configuration does not permit a new connection.     3. The connection between the Remote Desktop Gateway and the remote computer ended.    Contact your network administrator for assistance.
50331708	Your computer can’t connect to the remote computer, possibly because the smart card is not valid, the smart card certificate was not found in the certificate store, or the Certificate Propagation service is not running. Contact your network administrator for assistance.
50331709	To use this program or computer, first log on to the following website: <a href=»»></a>.
50331710	To use this program or computer, you must first log on to an authentication website. Contact your network administrator for assistance.
50331711	Your session has ended. To continue using the program or computer, first log on to the following website: <a href=»»></a>.
50331712	Your session has ended. To continue using the program or computer, you must first log on to an authentication website. Contact your network administrator for assistance.
50331713	The RD Gateway connection ended because periodic user authorization failed. Your computer or device didn’t pass the Network Access Protection (NAP) requirements set by your network administrator. Contact your network administrator for assistance.
50331714	Your computer can’t connect to the remote computer because the size of the cookie exceeded the supported size. Contact your network administrator for assistance.
50331716	Your computer can’t connect to the remote computer using the specified forward proxy configuration. Contact your network administrator for assistance.
50331717	This computer cannot connect to the remote resource because you do not have permission to this resource. Contact your network administrator for assistance.
50331718	There are currently no resources available to connect to. Retry the connection or contact your network administrator.
50331719	An error occurred while Remote Desktop Connection was accessing this resource. Retry the connection or contact your system administrator.
50331721	Your Remote Desktop Client needs to be updated to the newest version. Contact your system administrator for help installing the update, and then try again.
50331722	Your network configuration doesn’t allow the necessary HTTPS ports. Contact your network administrator for help allowing those ports or disabling the web proxy, and then try connecting again.
50331723	We’re setting up more resources, and it might take a few minutes. Please try again later.
50331724	The user name you entered does not match the user name used to subscribe to your applications. If you wish to sign in as a different user please choose Sign Out from the Home menu.
50331725	Looks like there are too many users trying out the Azure RemoteApp service at the moment. Please wait a few minutes and then try again.
50331726	Maximum user limit has been reached. Please contact your administrator for further assistance.
50331727	Your trial period for Azure RemoteApp has expired. Ask your admin or tech support for help.
50331728	You no longer have access to Azure RemoteApp. Ask your admin or tech support for help.

Extended Disconnect Reasons

Code	Reason
0	No error.
1	Extended Reason: Your Remote Desktop Services session has ended.  Your network administrator might have ended the connection. Try connecting again, or contact technical support for assistance.
2	Extended Reason: Your Remote Desktop Services session has ended.  You have logged off the remote computer. Your network administrator or another user might have ended your session. Try connecting again, or contact technical support for assistance.
3	Extended Reason: Your Remote Desktop Services session ended because the remote computer didn’t receive any input from you.
4	Extended Reason: The remote session ended because the total login time limit was reached. This limit is set by the server administrator or by network policies.
5	Extended Reason: Your Remote Desktop Services session has ended.  Another user connected to the remote computer, so your connection was lost. Try connecting again, or contact your network administrator or technical support group.
6	Extended Reason: The connection was disconnected because the remote computer is low on memory.
7	Extended Reason: This computer can’t connect to the remote computer.  Try connecting again. If the problem continues, contact the owner of the remote computer or your network administrator.
8	Extended Reason: The client could not establish a connection to the remote computer.  The most likely causes for this error are: 1) Remote connections might not be enabled at the remote computer.  2) The maximum number of connections was exceeded at the remote computer. 3) A network error occurred while establishing a connection. 4) The remote computer might not support the required FIPS security level. Please lower the client side required security level Policy, or contact your network administrator for assistance.
9	Extended Reason: The connection was denied because the user account is not authorized for remote login.
256	Extended Reason: The remote session was disconnected because there was an internal error in the remote computer’s licensing protocol.
257	Extended Reason: The remote session was disconnected because there are no Remote Desktop License Servers available to provide a license. Please contact the server administrator.
258	Extended Reason: The remote session was disconnected because there are no Remote Desktop client access licenses available for this computer. Please contact the server administrator.
259	Extended Reason: The remote session was disconnected because the remote computer received an invalid licensing message from this computer.
260	Extended Reason: The remote session was disconnected because the Remote Desktop client access license stored on this computer has been modified.
261	Extended Reason: The remote session was disconnected because the Remote Desktop client access license stored on this computer is in an invalid format.
262	Extended Reason: The remote session was disconnected because there were network problems during the licensing protocol. Please try connecting to the remote computer again.
263	Extended Reason: The remote session was disconnected because the client prematurely ended the licensing protocol.
264	Extended Reason: The remote session was disconnected because a licensing message was incorrectly encrypted.
265	Extended Reason: The remote session was disconnected because the local computer’s client access license could not be upgraded or renewed. Please contact the server administrator.
266	Extended Reason: The remote session was disconnected because the remote computer is not licensed to accept remote connections. Please contact the server administrator.
267	Extended Reason: The remote session was disconnected because license store creation failed with access denied. Please run the remote desktop client with elevated privileges.
1024	Extended Reason: Remote Desktop Connection could not find the destination computer. This can happen if the computer name is incorrect or the computer is not yet registered with RD Connection Broker. Try connecting again, or contact your network administrator.
1026	Extended Reason: An error occurred while Remote Desktop Connection was loading the destination computer. Try connecting again, or contact your network administrator.
1028	Extended Reason: An error occurred while Remote Desktop Connection was redirecting to the destination computer. Try connecting again, or contact your network administrator.
1029	Extended Reason: Couldn’t connect to the remote computer (there was a problem setting up the virtual machine). Try connecting again, or contact your network administrator for help.
1030	Extended Reason: An error occurred while Remote Desktop Connection was starting the virtual machine. Try connecting again, or contact your network administrator.
1031	Extended Reason: Windows can’t find the IP address of the destination virtual machine. This can happen if the virtual machine doesn’t have Hyper-V enlightenments and the name of the virtual machine doesn’t match the computer name in Windows. Contact your network administrator for assistance.
1032	Extended Reason: There are no available computers in the pool. Try connecting again, or contact your network administrator.
1033	Extended Reason: Connection processing has been canceled. Try connecting again, or contact your network administrator.
1040	Extended Reason: Your computer can’t connect to the remote computer because the Connection Broker couldn’t validate the settings specified in your RDP file. Contact your network administrator for assistance.
1041	Extended Reason: A timeout error occurred while Remote Desktop Connection was starting the virtual machine.  Try connecting again, or contact your network administrator.
1042	Extended Reason: A session monitoring error occurred while Remote Desktop Connection was starting the virtual machine.  Try connecting again, or contact your network administrator.
4339	Extended Reason: The remote computer does not support RemoteApp. For assistance, contact your system administrator.
4498	Extended Reason: The remote session was disconnected because of a decryption error at the server. Please try connecting to the remote computer again.

---

Log Messages:

'Failed GetConnectionProperty' in CUMRDPConnection::QueryProperty at 2884 err=[0x80004001]
'Connection doesn't support logon error redirector' in CUMRDPConnection::GetLogonErrorRedirector at 4179 err=[0x80004001]
Disconnect trace:CUMRDPConnection Disconnect trace:'calling spGfxPlugin->PreDisconnect()' in CUMRDPConnection::PreDisconnect at 4595 err=[0xc], Error code:0xC

Assumption and proposed solution:

Issue occurs when Windows 10 1809 clients connect to Server 2019. Windows 10 1803 or older are not having this problem. Here’s an item to test on the server.

$tsServerClientRegKey="REGISTRY::HKLMSOFTWAREMicrosoftTerminal Server Client"
$keyName='UseURCP'
$value=0
Set-ItemProperty $tsServerClientRegKey -name $keyName -value $value

———————-
Log messages:

TCP socket READ operation failed, error 64
TCP socket WRITE operation failed, error 64

There appears to be a threshold on Windows to limit the number of connections. Client OS would be 100, and server OS as 3000 by default. Here’s how to set this to a maximum value.

$tsServerRegKey="REGISTRY::HKLMSYSTEMCurrentControlSetControlTerminal Server"
$keyName='MaxOutstandingConnections'
$value=65536
Set-ItemProperty $tsServerRegKey -name $keyName -value $value

———————-

Event viewer messages:

RDP_TCP: An error was encountered when transitioning from StateUnknown in response to Event_Disconnect (error code 0x80070040).
RDP_SEC: An error was encountered when transitioning from FStatePassthrough in response to FEventCheckAndCompleteReadsFailed (error code 0x8007139F).

# Proposed solution
$tsServerClientRegKey="REGISTRY::HKLMSOFTWAREMicrosoftTerminal Server Client"
$keyName='RDGClientTransport'
$value=1
Set-ItemProperty $tsServerClientRegKey -name $keyName -value $value

————————

Event message:

The network characteristics detection function has been disabled because of Reason Code: 2(Server Configuration)..

Comment: this message appears to be expressing proper English. Although, I don’t know what to do with it.

————————

Event message:

The RDP display control module failed to change the session monitor layout. The operation failed with error code 0xFFFFFFFF.
onecoreuapshellroamingsettingsynccoresettingsyncreportingsettingsyncreporting.cpp(28)SettingSyncCore.dll!00007FFC12C03D2A: (caller: 00007FFC2E177456) ReturnHr(3) tid(1060) 800708CA This network connection does not exist.
Restoring operations failed (Result: 0x800708CA).

Comment: I’m also unsure about any interpretation of the error above. Although, this correlates to a Windows 2019 Server with RDS role enabled. This machine is behind strict network zones (HIPPA). Clients often using Windows 10 to RDP-access this ‘bastion’ host.

————————

TerminalServices-ClientActiveXCore messages:

RDPClient_SSL: An error was encountered when transitioning from TsSslStateHandshakeInProgress to TsSslStateDisconnecting in response to TsSslEventHandshakeContinueFailed (error code 0x80004005).

RDPClient_SSL: An error was encountered when transitioning from TsSslStateDisconnected to TsSslStateDisconnected in response to TsSslEventInvalidState (error code 0x8000FFFF).

A possible workaround is to change the display setting on the .rdp to a lower display resolution setting (e.g. 1280×1024). This happens when client machine’s resolution is 2560 x 1440 and the [virtual] video card in the host machine isn’t as capable. Another idea is to peruse the Windows 10 Remote Desktop UWP app.

———————-

Event messages:

Failed to establish a network connection.
Error: The transport connection attempt was refused by the remote system.
Server name: dc02.kimconnect.ad
Server address: x.x.x.x:445
Instance name: DeviceLanmanRedirector
Connection type: Wsk
Guidance:
This indicates a problem with the underlying network or transport, such as with TCP/IP, and not with SMB. A firewall that blocks TCP port 445, or TCP port 5445 when using an iWARP RDMA adapter, can also cause this issue.

The server name cannot be resolved.
Error: The object was not found.
Server name: server006.intranet.kimconnect.ad
Guidance:
The client cannot resolve the server address in DNS or WINS. This issue often manifests immediately after joining a computer to the domain, when the client's DNS registration may not yet have propagated to all DNS servers. You should also expect this event at system startup on a DNS server (such as a domain controller) that points to itself for the primary DNS. You should validate the DNS client settings on this computer using IPCONFIG /ALL and NSLOOKUP.

Comment: pre-pending a username with DOMAINusername would work when encountering these errors.

———————-

Error messages:

"Because of a protocol error (code: 0x112f), the remote session will be disconnected. Please try connecting to the remote computer again."

# Configure RemoteFX: Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Remote Session Environment > set RemoteFX to 0
# 1-liner command to execute task above
set-itemproperty "REGISTRY::HKLMSYSTEMCurrentControlSetControlTerminal ServerWinStations" -name 'fEnableRemoteFXAdvancedRemoteApp' -value 0

—————————-

Complain: Remote Desktop Session Does Not Show Login Prompt, and session would disconnect after 2 seconds…

Comment: Some Internet sources have alluded to CredSSP being the culprit. I have not yet tested setting CredSSP value to TRUE yet. On the same note, I’m guessing the issue would be more related to RemoteFX, rather than authentication. Will update this note once I gather more info. 

get-item "WSMan:$env:computernameserviceauthcredSSP"

WSManConfig: Microsoft.WSMan.ManagementWSMan::winbastionhip04ServiceAuth
Type Name SourceOfValue Value
---- ---- ------------- -----
System.String CredSSP false

Update: issue seems to be related to the default MSTSC remote desktop client on Windows 10 machines. It’s a hit or miss workaround to configure MSTSC to reduce resolution and disable bitmap caching. Hence, a better hack is to use Microsoft’s newer RDP client here: https:// www.microsoft.com/en-us/p/microsoft-remote-desktop/9wzdncrfj3ps

——————

Log messages:

Automatic registration failed at join phase. 
Exit code: Unknown HResult Error code: 0x801c001d 
Server error: 
Tenant type: undefined 
Registration type: undefined 
Debug Output: 
joinMode: Join
drsInstance: undefined
registrationType: undefined
tenantType: undefined
tenantId: undefined
configLocation: undefined
errorPhase: discover
adalCorrelationId: undefined
adalLog:
undefined
adalResponseCode: 0x0

Automatic registration failed. Failed to lookup the registration service information from Active Directory. Exit code: Unknown HResult Error code: 0x801c001d. See http://go.microsoft.com/fwlink/?LinkId=623042

Log Name: Microsoft-Windows-Security-Mitigations/KernelMode
Source: Microsoft-Windows-Security-Mitigations
Date: 3/4/2021 12:42:13 AM
Event ID: 1
Task Category: (1)
Level: Information
Keywords: 
User: 
Computer: 
Description:
Process 'DeviceHarddiskVolume4WindowsSystem32svchost.exe' (PID 33640) would have been blocked from generating dynamic code.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Mitigations" Guid="{fae10392-f0af-4ac0-b8ff-9f4d920c3cdf}" />
<EventID>1</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>1</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2021-03-04T08:42:13.232916800Z" />
<EventRecordID>1266946</EventRecordID>
<Correlation />
<Execution ProcessID="33640" ThreadID="30788" />
<Channel>Microsoft-Windows-Security-Mitigations/KernelMode</Channel>
<Computer></Computer>
<Security UserID="S-1-5-21-2195821719-3162908599-1472692150-15697" />
</System>
<EventData>
<Data Name="ProcessPathLength">52</Data>
<Data Name="ProcessPath">DeviceHarddiskVolume4WindowsSystem32svchost.exe</Data>
<Data Name="ProcessCommandLineLength">55</Data>
<Data Name="ProcessCommandLine">C:Windowssystem32svchost.exe -k wsappx -p -s AppXSvc</Data>
<Data Name="CallingProcessId">33640</Data>
<Data Name="CallingProcessCreateTime">2021-03-04T08:40:49.427147800Z</Data>
<Data Name="CallingProcessStartKey">13792273859390411</Data>
<Data Name="CallingProcessSignatureLevel">60</Data>
<Data Name="CallingProcessSectionSignatureLevel">12</Data>
<Data Name="CallingProcessProtection">81</Data>
<Data Name="CallingThreadId">30788</Data>
<Data Name="CallingThreadCreateTime">2021-03-04T08:40:50.984756900Z</Data>
</EventData>
</Event>

Log Name: Microsoft-Windows-User Device Registration/Admin
Source: Microsoft-Windows-User Device Registration
Date: 11/1/2021 10:44:22 PM
Event ID: 360
Task Category: None
Level: Warning
Keywords: 
User: 
Computer: 
Description:
Windows Hello for Business provisioning will not be launched. 
Device is AAD joined ( AADJ or DJ++ ): Not Tested 
User has logged on with AAD credentials: Not Tested 
Windows Hello for Business policy is enabled: Not Tested 
Windows Hello for Business post-logon provisioning is enabled: Not Tested 
Local computer meets Windows hello for business hardware requirements: Not Tested 
User is not connected to the machine via Remote Desktop: No 
User certificate for on premise auth policy is enabled: Not Tested 
Machine is governed by none policy. 
See https://go.microsoft.com/fwlink/?linkid=832647 for more details.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Device Registration" Guid="{23b8d46b-67dd-40a3-b636-d43e50552c6d}" />
<EventID>360</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2021-11-02T05:44:22.442956600Z" />
<EventRecordID>2994</EventRecordID>
<Correlation />
<Execution ProcessID="12332" ThreadID="16156" />
<Channel>Microsoft-Windows-User Device Registration/Admin</Channel>
<Computer>TESTSERVER</Computer>
<Security UserID="S-1-5-21-2195821719-3162908599-1472692150-15697" />
</System>
<EventData>
<Data Name="Message">Windows Hello for Business provisioning will not be launched.</Data>
<Data Name="DeviceIsJoined">Not Tested</Data>
<Data Name="AADPrt">Not Tested</Data>
<Data Name="NgcPolicyEnabled">Not Tested</Data>
<Data Name="NgcPostLogonProvisioningEnabled">Not Tested</Data>
<Data Name="NgcHardwarePolicyMet">Not Tested</Data>
<Data Name="UserIsRemote">No</Data>
<Data Name="LogonCertRequired">Not Tested</Data>
<Data Name="MachinePolicySource">none</Data>
</EventData>
</Event>

Comment: This appears to be affecting Windows 2019 Servers. These machines have a scheduled task named ‘Automatic-Device-Join’ that facilitates ‘hybrid joins’. At the time of this writing, the environment of the affected machines are not hybrid. Here is some info from Microsoft: https:// docs.microsoft.com/en-US/troubleshoot/windows-server/deployment/event-307-and-304-logged-for-deploying

Столкнулся со странным сообщением “
Произошла внутренняя ошибка
/
An internal error has occurred
” при RDP подключении к недавно развернутому серверу RDSH на Windows Server 2012 R2 из Windows 10. Буквально вчера RDP подключение к серверу работало нормально, но после установки и настройки RemotApp приложений и перезагрузки сервера, я не могу удаленно подключиться к его рабочему столу. Служба Remote Desktop Services судя по всему работает, так как пароль пользователя при подключении запрашивается.

Как я понял, сообщение RDP консоли “Произошла внутренняя ошибка” может появляться в различных случаях и иметь совершенно различные причины, связанные как с сервером Remote Desktop, так и с клиентом. В этой статье я постарался собрать все варианты решения и сценарий, который помог мне.

В первую очередь, убедитесь, что на RDS сервере доступен RDP порт 3389, и подключение не блокируется файерволом (Test-NetConnection rdsserver –port 3389).

Изучив логи RDP подключений на удаленном RDS сервере, я не увидел никаких особенных ошибок. В журнале Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational видно, что RDP сессия создается:

The server has terminated main RDP connection with the client.
The disconnect reason is 0

Проверьте состояние службу Remote Desktop Services на удаленном сервере и перезапустите ее. Вы можете удаленно перезапустить службу через консоль Services.msc (Connect to another computer), но гораздо проще проверить состояние службы и перезапустить ее через PowerShell:

(Get-Service TermService -ComputerName msk-ts1).status

Служба запушена (Running), перезапустим ее:

Get-Service TermService -ComputerName msk-ts1| Restart-Service –force –verbose

Но проблему это не решило.

Какие еще варианты решения проблемы мне удалось найти в сети:

1. Если у вас на удаленном сервере установлен КриптоПРО, он может быть источником проблем с rdp подключением. Попробуйте отключить проверку контрольных целостности файлов (проверки контрольных сумм) в КриптоПро через реестр. Перейдите в ветку реестра
   HKLMSYSTEMCurrentControlSetControlSession ManagerCProIntegrity
   и измените значение параметра CheckMode на 0. Перезагрузите сервер.
2. Если в журнале событий TerminalServices-RemoteConnectionManager вы встретите событие с EventID 1057 (The RD Session Host Server has failed to create a new self signed certificate to be used for RD Session Host Server authentication on SSL connections), перейдите в каталог
   C:ProgramDataMicrosoftCryptoRSA
   , переименуйте папку Machinekeys в Machinekeys_bak и перезапустите службу TermService.
3. Также нашел информацию, что RDP проблема “Произошла внутренняя ошибка” встречалась в Windows 10 1809, если на удаленном компьютере включена политика Configure H.264/AVC hardware encoding for Remote Desktop connections (находится в секции GPO: Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Remote Session Environment). Для решения этой проблемы достаточно отключить UDP протокол для RDP, создав в ветке реестра
   HKLMSOFTWAREPoliciesMicrosoftWindows NTTerminal ServicesClient
   параметр
   fClientDisableUDP
   со значением 1.
4. В комментариях Ivan оставил очень полезный фикс.
   Проблема с ошибкой RDP может быть в наличии некоего счетчика учитывающего максимальное количество подключений в Windows.
   В десктопных версиях Windows — 100, в Windows Server -3000. Для сброса счетчика достаточно перезагрузить компьютер, или просто увеличить лимит через реестр:
   REG ADD "HKLMSYSTEMCurrentControlSetControlTerminal Server" /v MaxOutstandingConnections /t REG_DWORD /d 65536

Ни один из рассмотренных выше сценариев не был применим в моем случае. Я совершенно случайно обнаружил, что с других компьютеров нет проблем с подключением к этому RDS серверу. Значить проблема только с моим компьютером, а не с сервером.

Я очистил историю RDP подключений в ветке
HKEY_CURRENT_USERSoftwareMicrosoftTerminal Server ClientServers
и сбросил кэш RDP в каталоге
C:Users%Username%AppDataLocalMicrosoftTerminal Server ClientCache
(перед удалением закройте все запущенные сеансы mstsc.exe):

del "C:Users%Username%AppDataLocalMicrosoftTerminal Server Clientcache"

После этого перезагрузил свой компьютер, и ошибка RDP подключения исчезла!

This post aims to discuss all the common reasons why a Remote Desktop Protocol (RDP) connection can’t connect to a remote computer. I will explain how to identify the cause and then show you how to fix your failing Remote Desktop Connection.

There are many reasons why an RDP connection to a remote machine might fail. The screen below shows a typical error for a failed RDP connection.

«Remote Desktop can’t connect to the remote computer for one of these reasons:»

Verify the network connectivity

Every admin should be familiar with this RDP error. The most common cause of a failing RDP connection concerns network connectivity issues, for instance, if a firewall is blocking access.

You can use ping, a Telnet client, and PsPing from your local machine to check the connectivity to the remote computer. Keep in mind ping won’t work if ICMP is blocked on your network. The main advantage of Telnet and PsPing is that you can connect via TCP, and you can check whether the RDP port 3389 is open.

The Telnet client isn’t enabled by default. Use this command to enable Telnet from a command prompt:

dism /online /Enable-Feature /FeatureName:TelnetClient

And use this one from a PowerShell console:

Install-WindowsFeature -name Telnet-Client

Use PsPing if you have problems enabling the Telnet client. PsPing also lets you test the connectivity to a specific TCP port. It is portable, so no installation is required.

First, try to ping the remote computer’s hostname or IP address.

As you can see in the screenshot above, I was unable to ping the remote machine, and the port was not reachable as well.

If this works, and you are unable to ping the machine using the FQDN name, check whether DNS resolution is working properly. Sometimes the hostname is pointing to another machine on DNS that is either offline or not in use.

If you can’t connect at all, a local firewall (Windows Firewall or third-party security software) or a network firewall might be blocking the port. The PowerShell command below lets you display the Windows Firewall state on the remote machine.

Invoke-Command -ComputerName [ComputerName] -ScriptBlock {netsh advfirewall show allprofiles}

For testing purposes, you can disable Windows Firewall on the remote computer with this command:

Invoke-Command -ComputerName Win7 -ScriptBlock {netsh advfirewall set allprofiles state off}

Note that you should enable PSRemoting on the remote computer to execute the above command. If not, you can use PsExec to enable PowerShell remoting with the command below:

psexec \RemoteComputer -u administrator -p PASSWORD netsh advfirewall set allprofiles state off

Verify user permissions

If your user account has no administrator privileges, you should be a member of the local Remote Desktop Users group to access the remote machine via RDP. By default, no members are in this group, and only members of the Administrators group can connect via RDP.

Read this 4sysops article to learn how to add users remotely to a user group.

Ensure Remote Desktop is enabled on the remote computer. The RDP listener could be inactive. You can enable the Remote Desktop Connection either from System Properties or from the registry.

Option 1: Select Start > Run, type sysdm.cpl, and select the Remote tab.

Option 2: Select Start > Run, type regedit, navigate to HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Control > Terminal Server, and set the value for the key fDenyTSConnections to 0 (0 = Enable; 1 = Disable).

You can use this PowerShell command to enable RDP remotely:

(Get-WmiObject Win32_TerminalServiceSetting -Computername [ComputerName] ‑Namespace rootcimv2TerminalServices).SetAllowTsConnections(1,1)

And from the command prompt, you can use the next command if the Remote Registry service is running on the remote computer:

REG ADD "\[RemoteComputer] HKLMSYSTEMCurrentControlSetControlTerminal Server" /v fDenyTSConnections /d 0 /f /t REG_DWORD

Verify the status of the RDP services

On both the local (client) computer and the remote (target) computer, the following services should be running:

• Remote Desktop Services (TermService)
• Remote Desktop Services UserMode Port Redirector (UmRdpService)

The UmRdpService is an RDP port redirector service, which helps redirect drives, printers, and ports from the local to the remote machine. For example, if you want to map all of your local drivers to the remote computer, this service will do the job.

If the UmRdpService service was set to disabled through a central Group Policy, RDP connections to this machine will fail. Note that sometimes restarting the service won’t fix the issue, and you have to reboot the machine after reconfiguring the Startup Type to Automatic.

The PowerShell command below starts both of these services remotely if they are in a stopped state. Note that this only works if the service Startup Type is set to either Automatic or Manual.

"TermService","UmRdpService" | ForEach-Object{ (Get-WmiObject Win32_service -ComputerName [RemoteComputer] -Filter "Name = '$_' ").StartService() }

The output of the command should be either 0 (started) or 10 (already running). Check out this article to learn more about return codes and their descriptions.

Identify whether Group Policy is blocking RDP

You can enable or disable Remote Desktop centrally through Group Policy settings. To check those settings, go to Start > Run, type gpedit.msc, navigate to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections, and find the Allow users to connect remotely by using Remote Desktop Services setting. If the setting is Disabled, you should change it to Enabled or Not Configured.

Use GPResult (gpresult /h C:output.htm) from a console on the remote machine to verify whether Group Policy has been applied properly. Also you can use rsop.msc to get the applied Group Policy settings on a particular machine.

Check the RDP listener port on the remote computer

By default, the RDP client verifies that the Remote Desktop service on the remote computer is listening on port 3389. If not, another application could be occupying the same port.

To check whether any remote session (RDP-TCP) already exists on that computer, use qwinsta, which gives you a list of local as well as remote sessions.

The screenshot above shows that the rdp-tcp session with session ID 65536 already exists.

To verify that the Remote Desktop service is using the correct port, use the Registry Editor. Go to Start > Run, type regedit, navigate to HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Control > Terminal Server > WinStations > RDP-Tcp, and review the PortNumber setting.

Alternatively, you can use the command below:

REG QUERY "\[Remote Computer]HKLMSYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp" /F "PortNumber"

If the output of the RDP port value is 0x00000d3d (hex), your RDP port is configured with a default port, which is 3389. In the screenshot above, the default RDP port was changed to 3388. In this case, either you have to change the RDP port to the default one, or you access the remote machine via the new port 3388.

In the Remote Desktop client, you have to specify the custom RDP port in the computer address space as shown in below:

If another application is using the RDP port, you have to find that application on the remote machine and then reconfigure it to use a port other than 3389. Use the netstat command to find the application PID listening on port 3389. And with the tasklist command, you can identify the name of the application running with this PID as shown below:

Checking RDP connectivity with PowerShell

Checking all those possible connectivity issues manually is a time-consuming task. I wrote a little PowerShell script that automates this task.

My Get-RDPStatus.Ps1 script checks connectivity of the remote computer via ping, FQDN, RDP ports, and RDP services, and the RDP status with NLA (Network Level Authentication). The script uses WMI cmdlets that work over RPC and therefore does not require PSRemoting. The screenshots below shows the output of the script.

The latest version is available for download from the Github.

Subscribe to 4sysops newsletter!

Conclusion

Many articles discuss Remote Desktop connection problems. I wrote this one mainly to compile all possible causes of failed RDP connections. If you know of another possible cause, please post a comment below.

Обновлено 08.12.2022

Добрый день! Уважаемые читатели и гости, IT блога Pyatilistnik.org. В прошлый раз мы с вами поговорили, про отложенный запуск служб в Windows, сегодня я хочу вам показать еще один не приятный момент в работе терминальных служб удаленного рабочего стола, а именно ошибка подключения «Произошла внутренняя ошибка«, после чего подключение разрывается. Такое я встречал уже в Windows Server 2012 R2 и 2016. Давайте разбираться в чем дело.

Описание проблемы

Есть сервер с операционной системой Windows Server 2012 R2, сотрудник пытается к нему подключиться, через классическую утилиту «Подключение к удаленному рабочему столу», в момент авторизации, выскакивает окно с ошибкой «Произошла внутренняя ошибка».

В английском варианте ошибка звучит вот так:

An internal error has occurred

После этого у вас разрывается соединение. Когда мы видели моргающий экран по RDP, там хотя бы вы попадали на сервер и могли открыть диспетчер устройств, тут сразу все обрубается на корню. Давайте смотреть, что можно сделать.

🆘 Что есть в логах?

Если посмотреть журналы событий на удаленном сервере, куда вы пытаетесь подключиться, то там порядок событий будет такой:

События нужно искать в журнале Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational

• 1️⃣ Первым будет идти событие ID 131 «The server accepted a new TCP connection from client IP-адрес:60050.». Тут вы увидите IP-адрес с которого идет попытка входа.

• 2️⃣ Далее событие ID 65 «Connection RDP-Tcp#11 created «.

• 3️⃣ Затем событие 141 «PerfCounter session started with instance ID 11». Тут сессии будет назначен ID.

• 4️⃣ За ним будет идти ID 142 «TCP socket READ operation failed, error 1236».

• 5️⃣ Потом вы увидите ID 72 «Interface method called: OnDisconnected»

• 6️⃣ И же после этого вам покажут, что сервер разорвал подключение: «ID 102 The server has terminated main RDP connection with the client.»

• 7️⃣ В событии ID 145 так же появляются подробности «During this connection, server has not sent data or graphics update for 0 seconds (Idle1: 0, Idle2: 0).».

• 8️⃣ Могут быть события с ID 148 «Channel rdpinpt has been closed between the server and the client on transport tunnel: 0.» или «Channel rdpcmd has been closed between the server and the client on transport tunnel: 0.» или «Channel rdplic has been closed between the server and the client on transport tunnel: 0.»
• 9️⃣ Ну и вишенка на торте, ошибка  ID 227 «‘Failed to get property Disconnect Reason’ in CUMRDPConnection::Close at 2212 err=[0x80070057]»

Исправляем ошибку «Произошла внутренняя ошибка»

Так как по RDP подключиться не получается, то первым делом нужно проверить отвечает ли порт, по умолчанию это 3389. О том, как проверить порт на удаленном сервере я вам описывал, там все сводилось к выполнению команды Telnet, ознакомьтесь. Если порт отвечает, то делаем следующее.

Нужно удаленно перезапустить службу на этом сервере, чтобы сам сервер не перезагружать, так как в этот момент, он может выполнять важные задачи, можно использовать утилиту «Управление компьютером». Открыть ее можно через команду вызова оснастки, вызываем окно «Выполнить», через одновременное нажатие клавиш WIN и R, в котором пишем:

В открывшейся оснастке, щелкните в самом верху по пункту «Управление компьютером» правым кликом мыши, и выберите пункт «Подключиться к удаленному компьютеру».

Выберите пункт «Другим компьютером» и укажите его DNS имя, или найдите его через кнопку обзор.

Когда вы подключитесь к нужному серверу, перейдите в пункт «Службы и приложения — Службы», в списке сервисов найдите службу удаленных рабочих столов (Remote Desktop Services), и перезапускаем ее. После этого ошибка подключения по RDP «Произошла внутренняя ошибка», у вас должна пропасть.

Так же вы можете использовать оболочку PowerShell запущенную от имени пользователя, у которого есть права на удаленный сервер, где будет перезапускаться служба RDP. Выполните:

Get-Service TermService -ComputerName Имя сервера | Restart-Service –force –verbose

Дополнительные методы решения

Если вам не помог первый метод, перезапускающий службу удаленных рабочих столов, то можно попробовать выполнить правку реестра. Открываете редактор реестра Windows, если у вас физического доступа к серверу нет или он далеко и вам лень до него идти, то можно попробовать подключиться к реестру удаленного сервера.

Для этого в окне «Редактор реестра» пункт меню «Файл — Подключить сетевой реестр».

В открывшемся окне «Выбор компьютера» указываем его DNS-имя или ip-адрес и нажимаем ок. У вас будет установлено подключение к удаленному реестру сервера, что испытывает проблемы.

Находим ключ CheckMode по пути

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControl Session ManagerCProIntegrityCheckMode

Перед любыми правками реестра, обязательно сделайте выгрузку нужной ветки, чтобы можно было восстановить все в оперативном режиме

Выставляем ему значение о, чтобы отключить у программы КриптоПРО CSP проверку контрольных сумм. Еще один важный момент, если у вас старая версия КриптоПРО, то это так же может быть источником, проблем, недавний пример, это ошибка «Windows installer service could not be accessed». Для этого удаляем правильно КриптоПРО CSP и ставим последнюю доступную версию.

Еще можно попробовать изменить значение вот такого ключа реестра:

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControl Session ManagerMemory ManagementSessionImageSize

Найдите ключ SessionImageSize и задайте ему значение 0x00000020.

Дополнительные настройки RDP клиента

Например ошибка «An internal error has occurred» у меня встретилась на Windows Server 2022 и там мне помогло в настройках клиента RDP отключение некой опции. Перейдите в дополнительные настройки клиента для удаленного подключения, где н вкладке «Experiens (Взаимодействие)» вам нужно убрать галку с опции «Восстановить подключение при разрыве (Reconnect if the connection is droped)«

На каких-то сайтах предлагалось именно активировать данный пункт.

Удаление кэша подключений

Еще одним методом решения внутренней ошибки подключения по RDP может выступать поврежденный кэш, который хранится на локальном компьютере пользователя. Для его отображения вам необходимо включить отображение скрытых папок и удалить содержимое папки:

C:Usersимя пользователяAppDataLocalMicrosoftTerminal Server Client

Обновление 07.12.2022

В декабре я вновь столкнулся с внутренней ошибкой, она еще стала проявлять себя вот так:

Не удается подключиться к удаленному компьютеру

Произошла внутренняя ошибка. Код ошибки: 0x4. Расширенный код ошибки: 0x0

В логах сервера очень много ошибок:

Она возникает, при каждой попытке войти на рабочий стол, это и есть проблема в моем конкретном случае. Устраните ее, и ошибка с подключекнием уйдет. Перезагрузка не нужна.

Данная ошибка говорит, что на тот сертификат, что использует удаленный сервер, нет прав у самого сервера, подробности выше по ссылке

На клиентской машине откуда я пытался произвести подключение было три события:

ID 1024: Выполняется подключение RDP ClientActiveX к серверу (ter104)

ID 1105: Мультитранспортное подключение разорвано.

ID 1028: Отключение RDP ClientActiveX (Причина= 2308)

Код 2808 — Ваш сеанс служб удаленных рабочих столов завершен. Соединение с удаленным компьютером было потеряно, возможно, из-за проблем с сетевым подключением. Попробуйте снова подключиться к удаленному компьютеру. Если проблема не исчезнет, ​​обратитесь к сетевому администратору или в службу технической поддержки.

Так как у меня это была виртуальная машина, то я смог легко подключиться через консоль. В случае с ошибкой «Отключение RDP ClientActiveX (Причина= 2308)«, я отключил на сервере и клиенте autotuninglevel:

netsh interface tcp set global autotuninglevel=disabled

Не забываем перезагрузиться.

Это не помогло, далее я выполнил еще несколько рекомендаций. Я установил на сервер валидный SSL сертификат для RDP сессии. В ошибке 0x907, RDP соединение разрывалось, так как клиентская система не доверяла самоподписному сертификату удаленного сервера. Это нужно поправить, ссылку я указал, обязательно проверьте, кто сейчас выступает в роли активного:

Get-WmiObject «Win32_TSGeneralSetting» -Namespace rootcimv2terminalservices -Filter «TerminalName=’RDP-tcp’»

Еще я создал параметр реестра MaxOutstandingConnections. В Windows по умолчанию есть ограничения на количество сетевых подключений, так например в серверной версии, это параметр равен 3000, в десктопной 100. Из-за нестабильной сети, они могут быстро забиваться. Одно из решений проблемы с внутренней ошибкой подключения, является увеличение этого значения. В командной строке в режиме администратора выполните:

REG ADD «HKLMSYSTEMCurrentControlSetControlTerminal Server» /v MaxOutstandingConnections /t REG_DWORD /d 65536

После этого нужно перезагрузиться.

Временное решение

Пока вы не уберете ошибку «Код ошибки, возвращенный модулем шифрования: ошибка 0x8009030D», описанную выше, вы можете понизить уровень безопасности вот такими манипуляциями, это устранит «An internal error has occurred».

На обычном сервере все это помогло, а вот на ноде RDSH ошибка оставалась. Тут я решил проверить догадку с уровнем безопасности «Configure security settings». На моей ферме был уровень «Согласования (Negotiate)«

Я пошел на сервер, где были проблемы подключения и решил проверить один параметр локальной политики gpedit.msc.

Конфигурация компьютера — Административные шаблоны- Компоненты Windows — Службы удаленных рабочих столов — Узел сеансов удаленных рабочих столов — Безопасность — Требовать использование специального уровня безопасности для удаленных подключений по протоколу RDP

Тут попробуйте выставить уровень RDP. В результате у меня после этих настроек все заработало. Теперь нужно понять, что изменилось. В настройках RDS фермы указано, что мы используем уровень согласование:

* Согласование: метод согласования принудительно применяет самый безопасный метод, поддерживаемый клиентом. Если поддерживается протокол TLS версии 1.0, то он используется для проверки подлинности сервера узла сеансов удаленных рабочих столов. Если протокол TLS не поддерживается, то для обеспечения безопасности взаимодействий используется собственное шифрование протокола удаленного рабочего стола (RDP), но проверка подлинности сервера узла сеансов удаленных рабочих столов не выполняется. В отличие от SSL-шифрования, использовать собственное шифрование RDP не рекомендуется.

Если и это вам не помогло, то нужно смотреть вариант в сторону обновления или переустановки драйверов на сетевую карту, тут вы определяете модель вашей карты или материнской платы, если в нее все интегрировано и обновляете. С вами был Иван Семин, автор и создатель IT портала Pyatilistnik.org.

Дополнительные ссылки

• https://serverfault.com/questions/934026/windows-10-pro-rdp-server-an-internal-error-has-occurred
• https://social.technet.microsoft.com/Forums/en-US/e1d60cc0-0096-4859-a0e7-eb7f11905737/remote-desktop-v10-error-0x4-from-mac?forum=winRDc
• https://learn.microsoft.com/en-us/answers/questions/108219/can-not-rdp-to-2012-r2-standard-server-after-septe.html
• https://serverfault.com/questions/541364/how-to-fix-rdp-on-windows-server-2012

Remote Desktop Errors

There are a number of causes for a failing RDP connection to occur. A firewall may be blocking access, for example.

Remote Desktop Connection Error Errors are generic error messages that most commonly occur when you try to connect to a remote computer. They can be caused by a weak network connection, a misconfigured connection to the remote computer, etc.

This error is very annoying, as many users access Remote Desktop via their computers for work or personal purposes. In our example, we got the following error message when attempting to connect from Windows 10 to a server running Windows Server 2012 R2.

On the Microsoft website, follow Step: 1 to check the RDP port if you receive the “An internal error occurred” message when you attempt to connect to your remote desktop.

A RemoteApps installation or configuration may cause this error. The ‘An internal error occurred’ message on the RDP console could be caused by both software and hardware problems.

Remote Desktop Connection: There was an internal error

Setting up the connection:
Some users may experience this error due to their Remote Desktop Connection client settings.

RDP Security :
There are times when the error is caused by security issues in the Remote Desktop protocol. Our solution is to change the security level of the protocol.

Computer Area :
The system may also be connected to the wrong domain, which will be solved by eliminating the domain and re-integrating it.

Unknown Disconnection Reason 4

In order to try out management on devices, I set up a site-to-site connection between two locations and got it working. After a few moments, remote desktop would stop working. An internal error would appear in the TerminalServices-ClientActiveXCore logs, and “RDP ClientActiveX has been disconnected (Reason= 4)” would appear. I have no idea what is going on. Could anyone help me figure it out?

The following solutions should be applied in the order of the solutions listed below to help you isolate the problem more quickly. Make sure you are using an administrator account before initiating any of these solutions.

To fix the message “Internal error Occurred”.

Change Remote Desktop Connection Settings

Change a few RDP settings to see if we can isolate the problem.
The following steps can be taken to reconnect if a connection is broken, as reported by some users:

• The Remote Desktop Connection program can be found under the Start menu.
• All settings will be visible once you click “Show Options”.
• If the connection is disconnected, check the “Reconnect if the connection is disconnected” box under the “Experience” tab.
• The domain should be reconnected.

Connect to the domain

This can happen if the domain you have connected to your system is the problem. If this occurs, you can delete the domain and integrate it again. Please follow these steps:

• The settings can be accessed by pressing Windows + I.
• Access to work or school can be accessed from Accounts by clicking the Access tab.
• You can disconnect your system from a domain by selecting it and clicking Disconnect.
• When prompted, click Yes.
• Your computer will need to be restarted after you shut it down.
• Restart the system to regain access to the domain.
• Retry using RDP.

Modify the MTU value

Changing the MUT value can also solve the problem. MTU defines the biggest packet size that can be sent over the network, so reducing it may help.
How to do it:

• Download the TCP Optimizer tool from here to change the MTU value.
• TCP Optimizer should be opened as an administrator once it has been downloaded.
• Before selecting Settings, click Custom at the bottom.
• A value of 1458 should be used for the MTU.
• The program will exit when you click Apply changes.

Try this solution and see if it works.

Modifying the RDP security within the Political Writers group.

This error may occur if the RDP security level in Windows Group Policy is not enforced. In such cases, follow these steps.

• Change Group Policy can be found under Local Group Policy in the Start menu.
• Here is the directory you need to navigate to:
• The following sections apply to the configuration of the computer: Administrative Templates, Windows Components, and Remote Desktop Services
• Security & Remote Desktop Session Host.
• You can change the security level for remote connections (RDP) by double-clicking the option on the right.
• Choose Enabled prior to Security Layer if it’s set to Unconfigured.
• “Apply” and “OK” are the next steps.
• The changes will not take effect until you reboot the computer.
• Re-login to your account.

Disable network authentication

Disabling network-level authentication (NLA) is another possible solution to the problem. Sometimes the problem is your fault or the target system is configured to accept remote connections through Remote Desktop with NLA only. Here’s how to disable it:

• Select Properties from your desktop by right-clicking the computer.
• Go to Remote Settings by clicking here.
• Uncheck the Allow only remote desktop connections from machines with network authentication box in the Remote Desktop section.
• After clicking Apply, click OK.
• Isolate the problem using this method if it helps.

Restart Remote Desktop

It may be necessary to restart the Remote Desktop service manually in some cases.
To do this :

• The “Run” command prompt can be opened by pressing “Windows” + “R”.
• Press “Enter” after typing “services.msc”.
• You can end the Remote Desktop Service by double-clicking it and pressing the “Stop” button.
• After waiting for five seconds, click “Start”.
• Make sure the problem has not been resolved.

Disconnect VPN connection

The Internet connection of your computer might be routed through another server if it uses a proxy or VPN connection.
You should also disable any VPNs running on your computer at this point, as well as the proxy settings in Internet Explorer.

• On your keyboard, simultaneously press Windows + R.
• You will be presented with a “Run” dialog box. Type “MSConfig” and hit OK.
• The system configuration window has a “Boot” option, and there is a “Secure Boot” option there.
• Afterwards, click “Apply” to save the changes.
• Safe mode can now be entered by restarting your computer.
• You can also press “Windows” + “R” simultaneously and type “inetcpl.cpl” into the “Run” dialog box, then hit “Enter”.
• Select the “Connections” tab in the “Internet Properties” dialog box.
• Then click OK. Are you using a proxy server? Uncheck that box and click OK.
• Reboot the computer after you have unchecked the “Secure startup” option in MSConfig.
• The error message should persist if it does.

Modifying the configuration of local security policies

The following steps will guide you through using the Local Security Policy utility to resolve your issue:

• The “Run” command prompt can be opened by pressing “Windows” + “R”.
• To launch the Local Security Policy utility, type “Secpol.msc” into the Start menu and hit Enter.
• By clicking the “Local Policy” option and then clicking “Security” on the left pane of the Local Security Policy utility, you will be taken to the Local Security Policy utility.
• From the right pane, select “System Cryptography,” then select “Security.”.
• Using FIPS 140 compliant cryptographic algorithms, such as encryption, hashing, and signing, is available in the right pane.
• To enable this option, double-click it and then select “Enabled”.
• Your changes will be saved when you click “Apply.”.
• Your computer should be fixed if you do this.

Remote connections are possible

This error may occur when you try to use RDP on your computer because certain system configurations don’t allow remote connections. In this step, we’ll reset this setting in the control panel and see if that solves the problem on our computer. We will do this by doing the following:

• The “Run” command line can be run by pressing “Windows” + “R”.
• The classic Control Panel can be launched by entering “Control Panel” and pressing “Enter”.
• Choosing “System and Security” in the Control Panel will take you to the System tab.
• You can find Advanced System Settings under “System Settings” on the left side of your screen.
• To allow remote support connections to this computer, go to the Advanced System Settings and click the “Remote” tab.
• Additionally, check the “Allow remote connections” tab below.
• You can save your changes by clicking Apply, and you can exit the window by clicking OK.
• Your computer should be fixed if you do this.

Most Frequently Asked Questions

Post Views: 158