Microsoft Windows Experts

Remote Desktop Service cannot be restarted if Keep-Alive feature is enabled October 9, 2011

If the RDP Keep-Alive feature is enabled on a Windows Server 2008 (or Windows Server 2008 R2) server, manually stopping the Remote Desktop Services service (Windows Server 2008 R2) or Terminal Services service (Windows Server 2008) will leave the server in an unstable state: restarting the service will not re-enable RDP functionality, and the server will hang during shutdown.

The keep-alive thread is started by the Remote Desktop Services (Terminal Services) service if Keep-Alive is enabled, however it runs in Kernel mode and can therefore not be terminated automatically when the service stops.

So let’s not attempt to stop or restart the Remote Desktop Services (Terminal Services) service if the RDP keep-alive mechanism is enabled.

When Keep-Alive is enabled and the Remote Desktop Services (Terminal Services) service is stopped, its svchost.exe process will remain in the Task list, even though the service is reported to have stopped correctly.  When the service is started again, a new svchost.exe will be started however the server will not accept incoming RDP connections due to inconsistency in the TermDD driver state.

The Keep-Alive feature can be enabled by Group Policy:

 Windows Server 2008 R2:

 Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections

 Configure Keep-Alive Connection Interval

Windows Server 2008:

 Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Terminal Server\Connections

 Configure Keep-Alive Connection Interval

 To configure directly in the registry:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server]




An authentication error has occurred. The specified target is unknown or unreachable. NLA Error, XP SP3 January 23, 2011

Filed under: Remote Desktop Services — helpforsure @ 11:19 pm
Tags: , , , , ,

This is really annoying and it took me a little while to find the fix, so I am blogging about this in hopes that others waste less time!

I have a 2008 R2 RD Session Host server farm. IT is set to accept only connections from NLA clients. Connecting from any Win7 machine works great.

Then I tried to connect via a client running XP SP3, running RDC 6.1 (supports NLA) with CredSSP enabled.  I got the following error: An authentication error has occurred. The specified target is unknown or unreachable.


If I turn off requiring NLA on the farm servers, I can connect.

Next, I added RDC 7.0 and tried again. I get the same error.

I tried from more XP clients, with the same setup and I get some that get in and some that give the error.  VERY CONFUSING.

Turns out,  there is a hotfix out there that fixes this:

I added:, and rebooted.

Now it works.

What I find interesting is that the hotfix does not specifically lay out this exact error result.ARGH.If it had I would have found it SO much faster.

Note: WebSSO will still not work unless you have RDC 7.0 on your XP client – RDC 7.0 is a requirement for WebSSO.