RDS / Outlook interactions causing crashes?
-
@Dashrender said in RDS / Outlook interactions causing crashes?:
Frankly I was thinking there might be something in the Client side log showing RDP was crashing - but now that Gene's found RDS Server side errors - he has something to go on.
I'm guessing that some kind of data is trying to come back across the RDS session to the RDS server, but time will tell.
Gene?
-
@art_of_shred said in RDS / Outlook interactions causing crashes?:
@Dashrender said in RDS / Outlook interactions causing crashes?:
Frankly I was thinking there might be something in the Client side log showing RDP was crashing - but now that Gene's found RDS Server side errors - he has something to go on.
I'm guessing that some kind of data is trying to come back across the RDS session to the RDS server, but time will tell.
Gene?
Whoops.. I thought Gene started this thread - OK you just made Scott's point about some kind of tag that shows who the OP is
-
@wirestyle22 said in RDS / Outlook interactions causing crashes?:
@art_of_shred said in RDS / Outlook interactions causing crashes?:
@IRJ said in RDS / Outlook interactions causing crashes?:
@art_of_shred said in RDS / Outlook interactions causing crashes?:
@IRJ said in RDS / Outlook interactions causing crashes?:
I feel like part of the story is missing. Do you have any logs to prove this?
Logs to prove what? That the RDS session is dropping out?
So no errors just a dropped connection? That doesn't make sense
The RDS server has these that seem likely to correspond to the drops:
Windowss logs/System:A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.
That's a security check issue.
Go to
Computer Configuration
>Administrative Templates
>System
>Distributed COM
>Application Compatibility and enable "Allow local activation security check exemptions"
.Where is that? I can't find it anywhere...
-
@art_of_shred said in RDS / Outlook interactions causing crashes?:
"Allow local activation security check exemptions"
-
@art_of_shred said in RDS / Outlook interactions causing crashes?:
@wirestyle22 said in RDS / Outlook interactions causing crashes?:
@art_of_shred said in RDS / Outlook interactions causing crashes?:
@IRJ said in RDS / Outlook interactions causing crashes?:
@art_of_shred said in RDS / Outlook interactions causing crashes?:
@IRJ said in RDS / Outlook interactions causing crashes?:
I feel like part of the story is missing. Do you have any logs to prove this?
Logs to prove what? That the RDS session is dropping out?
So no errors just a dropped connection? That doesn't make sense
The RDS server has these that seem likely to correspond to the drops:
Windowss logs/System:A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.
That's a security check issue.
Go to
Computer Configuration
>Administrative Templates
>System
>Distributed COM
>Application Compatibility and enable "Allow local activation security check exemptions"
.Where is that? I can't find it anywhere...
That looks like GPO
-
@Dashrender said in RDS / Outlook interactions causing crashes?:
@art_of_shred said in RDS / Outlook interactions causing crashes?:
@wirestyle22 said in RDS / Outlook interactions causing crashes?:
@art_of_shred said in RDS / Outlook interactions causing crashes?:
@IRJ said in RDS / Outlook interactions causing crashes?:
@art_of_shred said in RDS / Outlook interactions causing crashes?:
@IRJ said in RDS / Outlook interactions causing crashes?:
I feel like part of the story is missing. Do you have any logs to prove this?
Logs to prove what? That the RDS session is dropping out?
So no errors just a dropped connection? That doesn't make sense
The RDS server has these that seem likely to correspond to the drops:
Windowss logs/System:A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.
That's a security check issue.
Go to
Computer Configuration
>Administrative Templates
>System
>Distributed COM
>Application Compatibility and enable "Allow local activation security check exemptions"
.Where is that? I can't find it anywhere...
That looks like GPO
I'm in local security policies, tried local group policies...
-
@art_of_shred said in RDS / Outlook interactions causing crashes?:
@Dashrender said in RDS / Outlook interactions causing crashes?:
@art_of_shred said in RDS / Outlook interactions causing crashes?:
@wirestyle22 said in RDS / Outlook interactions causing crashes?:
@art_of_shred said in RDS / Outlook interactions causing crashes?:
@IRJ said in RDS / Outlook interactions causing crashes?:
@art_of_shred said in RDS / Outlook interactions causing crashes?:
@IRJ said in RDS / Outlook interactions causing crashes?:
I feel like part of the story is missing. Do you have any logs to prove this?
Logs to prove what? That the RDS session is dropping out?
So no errors just a dropped connection? That doesn't make sense
The RDS server has these that seem likely to correspond to the drops:
Windowss logs/System:A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.
That's a security check issue.
Go to
Computer Configuration
>Administrative Templates
>System
>Distributed COM
>Application Compatibility and enable "Allow local activation security check exemptions"
.Where is that? I can't find it anywhere...
That looks like GPO
I'm in local security policies, tried local group policies...
Perhaps you need to install newer ADMX updates?
-
@art_of_shred said in RDS / Outlook interactions causing crashes?:
@Dashrender said in RDS / Outlook interactions causing crashes?:
@art_of_shred said in RDS / Outlook interactions causing crashes?:
@wirestyle22 said in RDS / Outlook interactions causing crashes?:
@art_of_shred said in RDS / Outlook interactions causing crashes?:
@IRJ said in RDS / Outlook interactions causing crashes?:
@art_of_shred said in RDS / Outlook interactions causing crashes?:
@IRJ said in RDS / Outlook interactions causing crashes?:
I feel like part of the story is missing. Do you have any logs to prove this?
Logs to prove what? That the RDS session is dropping out?
So no errors just a dropped connection? That doesn't make sense
The RDS server has these that seem likely to correspond to the drops:
Windowss logs/System:A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.
That's a security check issue.
Go to
Computer Configuration
>Administrative Templates
>System
>Distributed COM
>Application Compatibility and enable "Allow local activation security check exemptions"
.Where is that? I can't find it anywhere...
That looks like GPO
I'm in local security policies, tried local group policies...
There is no local group policy editor installed on the RDS server. At least not that I can find.
-
@art_of_shred said in RDS / Outlook interactions causing crashes?:
@art_of_shred said in RDS / Outlook interactions causing crashes?:
@Dashrender said in RDS / Outlook interactions causing crashes?:
@art_of_shred said in RDS / Outlook interactions causing crashes?:
@wirestyle22 said in RDS / Outlook interactions causing crashes?:
@art_of_shred said in RDS / Outlook interactions causing crashes?:
@IRJ said in RDS / Outlook interactions causing crashes?:
@art_of_shred said in RDS / Outlook interactions causing crashes?:
@IRJ said in RDS / Outlook interactions causing crashes?:
I feel like part of the story is missing. Do you have any logs to prove this?
Logs to prove what? That the RDS session is dropping out?
So no errors just a dropped connection? That doesn't make sense
The RDS server has these that seem likely to correspond to the drops:
Windowss logs/System:A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.
That's a security check issue.
Go to
Computer Configuration
>Administrative Templates
>System
>Distributed COM
>Application Compatibility and enable "Allow local activation security check exemptions"
.Where is that? I can't find it anywhere...
That looks like GPO
I'm in local security policies, tried local group policies...
There is no local group policy editor installed on the RDS server. At least not that I can find.
That's not what I mean. Group Policy manager should be run from either an admin workstation in that domain, or from a DC itself. Modern Group Policy uses a central store for ADMX files so everyone see the same settings. These settings get updated by installing new version of the ADMX files from MS. Each new version of Windows means you need to download and install the newest ADMX pack to the central store.
-
@Dashrender said in RDS / Outlook interactions causing crashes?:
@art_of_shred said in RDS / Outlook interactions causing crashes?:
@art_of_shred said in RDS / Outlook interactions causing crashes?:
@Dashrender said in RDS / Outlook interactions causing crashes?:
@art_of_shred said in RDS / Outlook interactions causing crashes?:
@wirestyle22 said in RDS / Outlook interactions causing crashes?:
@art_of_shred said in RDS / Outlook interactions causing crashes?:
@IRJ said in RDS / Outlook interactions causing crashes?:
@art_of_shred said in RDS / Outlook interactions causing crashes?:
@IRJ said in RDS / Outlook interactions causing crashes?:
I feel like part of the story is missing. Do you have any logs to prove this?
Logs to prove what? That the RDS session is dropping out?
So no errors just a dropped connection? That doesn't make sense
The RDS server has these that seem likely to correspond to the drops:
Windowss logs/System:A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.
That's a security check issue.
Go to
Computer Configuration
>Administrative Templates
>System
>Distributed COM
>Application Compatibility and enable "Allow local activation security check exemptions"
.Where is that? I can't find it anywhere...
That looks like GPO
I'm in local security policies, tried local group policies...
There is no local group policy editor installed on the RDS server. At least not that I can find.
That's not what I mean. Group Policy manager should be run from either an admin workstation in that domain, or from a DC itself. Modern Group Policy uses a central store for ADMX files so everyone see the same settings. These settings get updated by installing new version of the ADMX files from MS. Each new version of Windows means you need to download and install the newest ADMX pack to the central store.
I searched group policy management up and down (on the DC) and can't find computer configuration anywhere.
-
Maybe this is what you're missing?
-
@art_of_shred Dashrender's screenshot is correct
-
any luck?
-
@art_of_shred is stuck on another client issue right now
-
Got pulled away for an emergency. I'll check it out and report back. Thanks!
-
I am not convinced that Outlook is causing the issue. It seems like something is trying to launch with remote privileges. I would look at your DCOM settings.
-
@IRJ Agreed
-
Same here, I'd say 70% that Outlook is just the common trigger, not the actual problem.
-
How often is this happening? If it is very common, you could try adding the domain user group to your DCOM settings to see if it fixes it. Best practice is to give least privilege, so you may not want to use the domain users group as a permanent solution. It will help with testing, though.
-
The policy setting was applied. We'll see what happens. This has been happening (according to what I've been told- the event log seems to agree) sometimes as much as 10-15 times over the course of a day.