Troubleshoot RDP issues in Azure for Windows VMs. Download this app from Microsoft Store for Windows 10, Windows 8.1, Windows 10 Mobile, Windows Phone 8.1, Windows 10 Team (Surface Hub), HoloLens. See screenshots, read the latest customer reviews, and compare ratings for Microsoft Remote Desktop. Secure Remote Desktop Gateway using solutions like Azure Multi-Factor Authentication (MFA). If you don’t have an MFA gateway, enable network-level authentication (NLA). Practice the principle of least-privilege and maintain credential hygiene. Avoid the use of domain-wide, admin-level service accounts.
-->This article explains how to troubleshoot frequent disconnections to an Azure virtual machine (VM) through Remote Desktop Protocol RDP).
Symptom
You face intermittent RDP connectivity problems during your sessions. You can initially connect to the VM, but then the connection drops.
Cause
This problem may occur if the RDP Listener is misconfigured. Typically, this problem occurs on a VM that uses a custom image.
Solution
Before you follow these steps, take a snapshot of the OS disk of the affected VM as a backup.
To troubleshoot this issue, use Serial control or repair the VM offline by attaching the OS disk of the VM to a recovery VM.
Serial control
- Connect to Serial Console and open CMD instance. Then, run the following commands to reset the RDP configurations. If the Serial Console is not enabled on your VM, go to the next step.
- Lower the RDP Security Layer to 0. At this setting, communications between server and client use the native RDP encryption.
REG ADD 'HKLMSYSTEMCurrentControlSetcontrolTerminal ServerWinstationsRDP-Tcp' /v 'SecurityLayer' /t REG_DWORD /d 0 /f
- Lower the encryption level to the minimum setting to allow legacy RDP clients to connect.
REG ADD 'HKLMSYSTEMCurrentControlSetcontrolTerminal ServerWinstationsRDP-Tcp' /v 'MinEncryptionLevel' /t REG_DWORD /d 1 /f
- Set RDP to load the user configuration of the client computer.
REG ADD 'HKLMSYSTEMCurrentControlSetcontrolTerminal ServerWinstationsRDP-Tcp' /v 'fQueryUserConfigFromLocalMachine' /t REG_DWORD /d 1 /f
- Enable the RDP Keep-Alive control:
REG ADD 'HKLMSYSTEMCurrentControlSetcontrolTerminal ServerWinstationsRDP-Tcp' /v 'KeepAliveTimeout' /t REG_DWORD /d 1 /f
REG ADD 'HKLMSOFTWAREPoliciesMicrosoftWindows NTTerminal Services' /v 'KeepAliveEnable' /t REG_DWORD /d 1 /f
REG ADD 'HKLMSOFTWAREPoliciesMicrosoftWindows NTTerminal Services' /v 'KeepAliveInterval' /t REG_DWORD /d 1 /f
- Set the RDP Reconnect control:
REG ADD 'HKLMSYSTEMCurrentControlSetcontrolTerminal ServerWinstationsRDP-Tcp' /v 'fInheritReconnectSame' /t REG_DWORD /d 0 /f
REG ADD 'HKLMSYSTEMCurrentControlSetcontrolTerminal ServerWinstationsRDP-Tcp' /v 'fReconnectSame' /t REG_DWORD /d 1 /f
REG ADD 'HKLMSOFTWAREPoliciesMicrosoftWindows NTTerminal Services' /v 'fDisableAutoReconnect' /t REG_DWORD /d 0 /f
- Set the RDP Session Time control:
REG ADD 'HKLMSYSTEMCurrentControlSetcontrolTerminal ServerWinstationsRDP-Tcp' /v 'fInheritMaxSessionTime' /t REG_DWORD /d 1 /f
- Set the RDP Disconnection Time control:
REG ADD 'HKLMSYSTEMCurrentControlSetcontrolTerminal ServerWinstationsRDP-Tcp' /v 'fInheritMaxDisconnectionTime' /t REG_DWORD /d 1 /f
REG ADD 'HKLMSYSTEMCurrentControlSetcontrolTerminal ServerWinstationsRDP-Tcp' /v 'MaxDisconnectionTime' /t REG_DWORD /d 0 /f
- Set the RDP Connection Time control:
REG ADD 'HKLMSYSTEMCurrentControlSetcontrolTerminal ServerWinstationsRDP-Tcp' /v 'MaxConnectionTime' /t REG_DWORD /d 0 /f
- Set the RDP Session Idle Time control:
REG ADD 'HKLMSYSTEMCurrentControlSetcontrolTerminal ServerWinstationsRDP-Tcp' /v 'fInheritMaxIdleTime' /t REG_DWORD /d 1 /f
REG ADD 'HKLMSYSTEMCurrentControlSetcontrolTerminal ServerWinstationsRDP-Tcp' /v 'MaxIdleTime' /t REG_DWORD /d 0 /f
- Set the 'Limit the maximum concurrent connections' control:
REG ADD 'HKLMSYSTEMCurrentControlSetcontrolTerminal ServerWinstationsRDP-Tcp' /v 'MaxInstanceCount' /t REG_DWORD /d 4294967295 /f
- Restart the VM, and try again to connect to it by using RDP.
Repair the VM offline
- Attach the OS disk to a recovery VM.
- After the OS disk is attached to the recovery VM, make sure that the disk is flagged as Online in the Disk Management console. Note the drive letter that is assigned to the attached OS disk.
- On the OS disk that you attached, navigate to the windowssystem32config folder. Copy all the files in this folder as a backup, in case a rollback is required.
- Start Registry Editor (regedit.exe).
- Select the HKEY_LOCAL_MACHINE key. On the menu, select File > Load Hive:
- Browse to the windowssystem32configSYSTEM folder on the OS disk that you attached. For the name of the hive, enter BROKENSYSTEM. The new registry hive is displayed under the HKEY_LOCAL_MACHINE key. Then load the software hive windowssystem32configSOFTWARE under the HKEY_LOCAL_MACHINE key. For the name of the hive software, enter BROKENSOFTWARE.
- Open an elevated Command Prompt window (Run as administrator), and run commands in the remaining steps to reset the RDP configurations.
- Lower the RDP Security Layer to 0 so that communications between the server and client use the native RDP Encryption:
REG ADD 'HKLMBROKENSYSTEMControlSet001controlTerminal ServerWinstationsRDP-Tcp' /v 'SecurityLayer' /t REG_DWORD /d 0 /f
REG ADD 'HKLMBROKENSYSTEMControlSet002controlTerminal ServerWinstationsRDP-Tcp' /v 'SecurityLayer' /t REG_DWORD /d 0 /f
- Lower the encryption level to the minimum setting to allow legacy RDP clients to connect:
REG ADD 'HKLMBROKENSYSTEMControlSet001controlTerminal ServerWinstationsRDP-Tcp' /v 'MinEncryptionLevel' /t REG_DWORD /d 1 /f
REG ADD 'HKLMBROKENSYSTEMControlSet002controlTerminal ServerWinstationsRDP-Tcp' /v 'MinEncryptionLevel' /t REG_DWORD /d 1 /f
- Set RDP to load the user configuration of the client machine.
REG ADD 'HKLMBROKENSYSTEMControlSet001controlTerminal ServerWinstationsRDP-Tcp' /v 'fQueryUserConfigFromLocalMachine' /t REG_DWORD /d 1 /f
REG ADD 'HKLMBROKENSYSTEMControlSet002controlTerminal ServerWinstationsRDP-Tcp' /v 'fQueryUserConfigFromLocalMachine' /t REG_DWORD /d 1 /f
- Enable the RDP Keep-Alive control:
REG ADD 'HKLMBROKENSYSTEMControlSet001controlTerminal ServerWinstationsRDP-Tcp' /v 'KeepAliveTimeout' /t REG_DWORD /d 1 /f
REG ADD 'HKLMBROKENSYSTEMControlSet002controlTerminal ServerWinstationsRDP-Tcp' /v 'KeepAliveTimeout' /t REG_DWORD /d 1 /f
REG ADD 'HKLMBROKENSOFTWAREPoliciesMicrosoftWindows NTTerminal Services' /v 'KeepAliveEnable' /t REG_DWORD /d 1 /f
REG ADD 'HKLMBROKENSOFTWAREPoliciesMicrosoftWindows NTTerminal Services' /v 'KeepAliveInterval' /t REG_DWORD /d 1 /f
- Set the RDP Reconnect control:
REG ADD 'HKLMBROKENSYSTEMControlSet001controlTerminal ServerWinstationsRDP-Tcp' /v 'fInheritReconnectSame' /t REG_DWORD /d 0 /f
REG ADD 'HKLMBROKENSYSTEMControlSet001controlTerminal ServerWinstationsRDP-Tcp' /v 'fReconnectSame' /t REG_DWORD /d 1 /f
REG ADD 'HKLMBROKENSYSTEMControlSet002controlTerminal ServerWinstationsRDP-Tcp' /v 'fInheritReconnectSame' /t REG_DWORD /d 0 /f
REG ADD 'HKLMBROKENSYSTEMControlSet002controlTerminal ServerWinstationsRDP-Tcp' /v 'fReconnectSame' /t REG_DWORD /d 1 /f
REG ADD 'HKLMBROKENSOFTWAREPoliciesMicrosoftWindows NTTerminal Services' /v 'fDisableAutoReconnect' /t REG_DWORD /d 0 /f
- Set the RDP Session Time control:
REG ADD 'HKLMBROKENSYSTEMControlSet001controlTerminal ServerWinstationsRDP-Tcp' /v 'fInheritMaxSessionTime' /t REG_DWORD /d 1 /f
REG ADD 'HKLMBROKENSYSTEMControlSet002controlTerminal ServerWinstationsRDP-Tcp' /v 'fInheritMaxSessionTime' /t REG_DWORD /d 1 /f
- Set the RDP Disconnection Time control:
REG ADD 'HKLMBROKENSYSTEMControlSet001controlTerminal ServerWinstationsRDP-Tcp' /v 'fInheritMaxDisconnectionTime' /t REG_DWORD /d 1 /f
Primula belarina amethyst ice.REG ADD 'HKLMBROKENSYSTEMControlSet001controlTerminal ServerWinstationsRDP-Tcp' /v 'MaxDisconnectionTime' /t REG_DWORD /d 0 /f
REG ADD 'HKLMBROKENSYSTEMControlSet002controlTerminal ServerWinstationsRDP-Tcp' /v 'fInheritMaxDisconnectionTime' /t REG_DWORD /d 1 /f
REG ADD 'HKLMBROKENSYSTEMControlSet002controlTerminal ServerWinstationsRDP-Tcp' /v 'MaxDisconnectionTime' /t REG_DWORD /d 0 /f
- Set the RDP Connection Time control:
REG ADD 'HKLMBROKENSYSTEMControlSet001controlTerminal ServerWinstationsRDP-Tcp' /v 'MaxConnectionTime' /t REG_DWORD /d 0 /f
REG ADD 'HKLMBROKENSYSTEMControlSet002controlTerminal ServerWinstationsRDP-Tcp' /v 'MaxConnectionTime' /t REG_DWORD /d 0 /f
- Set the RDP Session Idle Time control:
REG ADD 'HKLMBROKENSYSTEMControlSet001controlTerminal ServerWinstationsRDP-Tcp' /v 'fInheritMaxIdleTime' /t REG_DWORD /d 1 /f
REG ADD 'HKLMBROKENSYSTEMControlSet001controlTerminal ServerWinstationsRDP-Tcp' /v ' MaxIdleTime' /t REG_DWORD /d 0 /f
REG ADD 'HKLMBROKENSYSTEMControlSet002controlTerminal ServerWinstationsRDP-Tcp' /v 'fInheritMaxIdleTime' /t REG_DWORD /d 1 /f
REG ADD 'HKLMBROKENSYSTEMControlSet002controlTerminal ServerWinstationsRDP-Tcp' /v ' MaxIdleTime' /t REG_DWORD /d 0 /f
- Set the 'Limit the maximum concurrent connections' control:
REG ADD 'HKLMBROKENSYSTEMControlSet001controlTerminal ServerWinstationsRDP-Tcp' /v 'MaxInstanceCount' /t REG_DWORD /d ffffffff /f
REG ADD 'HKLMBROKENSYSTEMControlSet002controlTerminal ServerWinstationsRDP-Tcp' /v 'MaxInstanceCount' /t REG_DWORD /d ffffffff /f
- Restart the VM, and try again to connect to it by using RDP.
Microsoft Azure Student
![Microsoft azure rdp certification Microsoft azure rdp certification](/uploads/1/1/8/1/118114060/195416137.png)
Microsoft Azure Rdp Vulnerability
Need help?
Microsoft Azure Rdp Portal
Contact support. If you still need help, contact support to get your issue resolved quickly.