0

I'm having a strange issue with some RDS GPO's. Since automating the RDS server build process through SCCM I've moved the RDS farm / connection broker settings to a GPO. This works fine, once the servers are built the GPO applies and the machines join the farm.

However, when any GPO associated with the farm is changed, all the sessions connected to the farm are dropped. User can reconnect but this is very inconvenient for us to try and push shortcuts and what not during production.

After searching fro a while, to me, it seems like the GPO that assigns the farm settings is being reprocessed, causing the settings to drop and connections to be dropped.

I wouldn't think that this would be normal behavior? Can anyone confirm for me that this should work as I expect it to?

Thanks!

mhouston100
  • 412
  • 1
  • 5
  • 20

1 Answers1

0

Ok so I finally figured it out.

It was what I expected, the GPO refresh was causing the settings to be dropped, this caused some registry keys to momentarily revert to their default.

Specifically:

HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Terminal Server/fDenyTSConnections

The problem is that even if you set this registry key by hand, it will still revert during the GPO processing, which is what threw me off.

The solution is to simply apply a GPP to the computer that specifically sets this registry entry to '0'. By setting the GPP, it stops the setting from reverting when GPO is refreshed. After extensive testing, I can confirm that this is fixed.

mhouston100
  • 412
  • 1
  • 5
  • 20