RDP Problem since recent update (March 2020 Commulative Update?)

%3CLINGO-SUB%20id%3D%22lingo-sub-1231537%22%20slang%3D%22en-US%22%3ERDP%20Problem%20since%20recent%20update%20(March%202020%20Commulative%20Update%3F)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1231537%22%20slang%3D%22en-US%22%3E%3CDIV%3E%3CFONT%3EHello%2C%3C%2FFONT%3E%3C%2FDIV%3E%3CDIV%3E%3CFONT%3E%3CBR%20%2F%3EWe%20manage%20a%20group%20of%20servers.%20To%20access%20these%20servers%20we%20first%20RDP%20into%20a%20server%20that%20has%20access%20to%20all%20of%20the%20other%20servers.%20From%20this%20first%20server%20we%20used%20to%20RDP%20into%20other%20servers.%3C%2FFONT%3E%3C%2FDIV%3E%3CDIV%3E%3CFONT%3ENow%20since%20a%20few%20days%20this%20second%20RDP%20session%20stopped%20working%2C%20hanging%20the%20RDP%20client%20after%20authenticating%20to%20the%20second%20server.%3C%2FFONT%3E%3C%2FDIV%3E%3CDIV%3E%3CFONT%3E%3CBR%20%2F%3EClient%3A%20Windows%2010%20(Up%20to%20date%20on%20Windows%20Updates)%3C%2FFONT%3E%3C%2FDIV%3E%3CDIV%3E%3CFONT%3EServer(s)%3A%20Windows%202012%20R2%26nbsp%3B%20(Up%20to%20date%20on%20Windows%20Updates)%3C%2FFONT%3E%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3E%3CFONT%3ESo%20Client-%26gt%3BRDP%20%231%20to%20Stepup%20server-%26gt%3BRDP%20%232%20to%20server%20to%20manage.%20RDP%20client%20for%20%232%20hangs.%3C%2FFONT%3E%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3E%3CFONT%3EWe%20found%20out%20that%3A%20RDP-ing%20to%20server%20to%20manage%20works%20fine%20from%20Stepup%20server%20if%20we%20are%20native%20on%20the%20Stepup%20server%20(like%20via%20VM-Ware%20Console).%3C%2FFONT%3E%3C%2FDIV%3E%3CDIV%3E%3CFONT%3EWe%20found%20out%20that%3A%20When%20the%20RDP%20client%20hangs%20on%20session%202%20and%20we%20abruptly%20disconnect%20RDP%20%231%20and%20Reconnect%20%231%2C%20RDP%232%20continues%20and%20operates%20normally.%3C%2FFONT%3E%3C%2FDIV%3E%3CDIV%3E%3CFONT%3EWe%20found%20out%20that%3A%20RDP-ing%20from%20an%20older%20(not%20updated)%20workstation%20to%20%231%20and%20then%20to%20%232%20works%20just%20fine.%3C%2FFONT%3E%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3E%3CFONT%3ERDP%20session%20%231%20crosses%20a%20AD%20Domain%20barrier%20(connecting%20to%20an%20other%20domain%20with%20no%20relation%20to%20the%20Client%20domain).%3C%2FFONT%3E%3C%2FDIV%3E%3CDIV%3E%3CFONT%3ERDP%20session%20%232%20is%20within%20the%20same%20(target)%20AD%20domain.%3C%2FFONT%3E%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3E%3CFONT%3ESo%2C%20one%20of%20the%20last%20Windows%20updates%26nbsp%3B%20introduced%20a%20problem%20for%20RDP-in-RDP.%3C%2FFONT%3E%3C%2FDIV%3E%3CDIV%3E%3CFONT%3EDoes%20anyone%20have%20a%20clue%20on%20what's%20going%20on%3F%20Eventlogs%20on%20Clients%20and%20Servers%20are%20'clean'%2C%20no%20events%20we%20can%20search%20for.%3C%2FFONT%3E%3C%2FDIV%3E%3CDIV%3E%3CFONT%3E%3CBR%20%2F%3ERegards%2C%3C%2FFONT%3E%3C%2FDIV%3E%3CDIV%3E%3CFONT%3EErik%20Tamminga%3C%2FFONT%3E%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1231537%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EWindows%20Server%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1243555%22%20slang%3D%22en-US%22%3ERe%3A%20RDP%20Problem%20since%20recent%20update%20(March%202020%20Commulative%20Update%3F)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1243555%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F583671%22%20target%3D%22_blank%22%3E%40ETamminga%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHave%20you%20tried%20not%20connecting%20Printers%20%2F%20Clipboard%20%2F%20Smart%20Cards%20in%20your%20mstsc%20settings.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHad%20an%20issue%20like%20this%20a%20few%20months%20ago%2C%20connecting%20from%20a%20jumpbox%20to%20legacy%20Windows%202012%20R2%20servers%20and%20it%20was%20the%20Smart%20Cards%20or%20Windows%20Hello%20option.%26nbsp%3B%20%26nbsp%3BCustomer%20had%20Entrust%20MFA%20at%20the%20time.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Visitor
Hello,

We manage a group of servers. To access these servers we first RDP into a server that has access to all of the other servers. From this first server we used to RDP into other servers.
Now since a few days this second RDP session stopped working, hanging the RDP client after authenticating to the second server.

Client: Windows 10 (Up to date on Windows Updates)
Server(s): Windows 2012 R2  (Up to date on Windows Updates)
 
So Client->RDP #1 to Stepup server->RDP #2 to server to manage. RDP client for #2 hangs.
 
We found out that: RDP-ing to server to manage works fine from Stepup server if we are native on the Stepup server (like via VM-Ware Console).
We found out that: When the RDP client hangs on session 2 and we abruptly disconnect RDP #1 and Reconnect #1, RDP#2 continues and operates normally.
We found out that: RDP-ing from an older (not updated) workstation to #1 and then to #2 works just fine.
 
RDP session #1 crosses a AD Domain barrier (connecting to an other domain with no relation to the Client domain).
RDP session #2 is within the same (target) AD domain.
 
So, one of the last Windows updates  introduced a problem for RDP-in-RDP.
Does anyone have a clue on what's going on? Eventlogs on Clients and Servers are 'clean', no events we can search for.

Regards,
Erik Tamminga
 
 
 
 
1 Reply
Highlighted

@ETamminga 

 

Have you tried not connecting Printers / Clipboard / Smart Cards in your mstsc settings. 

 

Had an issue like this a few months ago, connecting from a jumpbox to legacy Windows 2012 R2 servers and it was the Smart Cards or Windows Hello option.   Customer had Entrust MFA at the time.