Forum Discussion

plyyra's avatar
plyyra
Copper Contributor
Jun 10, 2022

Remote Desktop Session disconnected

When ever we try to use RDP in WAC we always get "Session Disconnected A user restriction is preventing you from signing in" It does not matter what user we use (Domain Admins or Server Admins). RDP works fine as long we dont use WAC. Any idea what this "user restriction" is?

 

 

 

  • Austin_M's avatar
    Austin_M
    Brass Contributor

    plyyra 

     

    Hello plyyra,

     

    The error message "Session Disconnected A user restriction is preventing you from signing in" is shown when a user cannot establish a Remote Desktop Connection to a target system using the Windows Server. This error can be caused by your Windows Group Policy which obstructs it from passing credentials to the remote system.

     

    The error above can be caused due to Windows Group Policy and Blank Password.

     

    Windows Group Policy: Windows policies can cause an error due to a particular Windows Group Policy, which stops the Remote Desktop Client to expose sign-in credentials to the remote host. Disabling the policy seems to fix the issue.

     

    Blank Password: The error message can also be caused if the user account you are using to establish a remote connection doesn't have a password. Thusyou will have to either set a password or just disable this policy.

     

    Disabling Windows Group Policy: A security policy prevents RDP clients from exposing the supplied credentials and can pop up the error message. Thus, to get rid of the error message and establish a successful connection, you will have to disable it,

     

    • You must press Windows Key + R to open the Run dialog box.
    • Type 'gpedit.msc' in the search box area and press Enter.
    • After that, Go to: Computer Configuration -> Administrative Templates -> System and -> Credentials Delegation
    • Now on the right-hand side, locate the 'Restrict delegation of credentials to the remote servers' policy.
    • Double-click it to edit. Please set it to Disabled, click Apply, and then OK to save settings.

     

    Setting up a Sign-in Password: The second thing which can cause an error is if the user account that you are using has no password. Thus, you will have to set up a password for the user to fix the issue. But you can also avoid the policy from the below settings,

     

    • Open the Local Group Policy Editor.
    • Now, go to the following location: Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options
    • On the right-hand, you need to locate the 'Accounts: Limit local account use of blank passwords to console logon only' policy.
    • Double-click to edit it and then set it to Disabled.
    • Click Apply and then press OK to save the settings.

     

    I hope the methods above help you solve the issue.

     

    ---------------------

    Regards,
    Austin_M

    • plyyra's avatar
      plyyra
      Copper Contributor
      Hi,

      As I mentioned initially. RDP works just fine from and to servers as long as we dont use WAC. + We dont have these GPOs "enabled".

Resources