Remote login (RDP) to server using its dns host name or its IP gives the same user account two desktops
Solution 1
There are two questions here:
1.) Why is Windows Terminal Services not restricting User A
to one session?
- Microsoft has KB article which talks about this problem: http://support.microsoft.com/kb/302883
It says Users can open multiple sessions to a server that is restricted to a single session for each user.
It goes on to say This functionality is working as expected. This setting is limits each user to one unique session. However, if the user is running different initial programs, the sessions are considered as different sessions.
Using the server's hostname vs. its IP address is enough for Windows think that sessions are unique.
2.) In my session, I have a file on desktop, why is this file not showing up in the second session?
Windows is creating 2 unique sessions, so therefore it is creating a second unique profile for the second login of User A
. If go to a command prompt you will see one session starts in C:\Users\User A\
and the second session is C:\Users\User A.000\
. Similarly have a look at C:\Users from a Windows File Explorer window.
Solution 2
I would guess that when going either through DNS or via IP address there is a difference in the identification of the computer that is originating the RDP request.
The difference might be in the user-name acquiring a different qualifier, for example WORKGROUP.
I suggest to logon using both methods, then in a Command Prompt (cmd) use the whoami command to find the exact user account that is used:
whoami /user
If there is a difference, then you have found your answer.
[EDIT]
As you have found that in both cases there is exactly the same user in the same domain and with the same SID, then my only explanation is a difference that is not visible to you. It might be that because of the DNS request your connection request does not follow the exact path in the network that is taken when using the IP address.
My personal conclusion is that Windows in that case does not search for the connection in the right place, does not find the existing connection and so opens up a new session/desktop. However, when the login process executes in this new desktop, it logs you in under your correct user account / SID, so the same user ends up as having two desktops.
You might be able to further research that possibility using the LogonSessions utility from Sysinternals, which gives more detailed information about the currently active logon sessions. Another possibly useful utility is EnumWinsta GUI which displays the list of window stations and desktops.
More information can be found in the article :
Windows Sysinternals : Windows Core Concepts - Sessions, Window Stations, Desktops, and Window Messages.
In other words, I believe this is an undocumented bug in RDP, which you should report. Unfortunately, Microsoft Connect does not accept bugs for Windows, so your only option is to go on the Microsoft Windows Forums and hope that someone from Microsoft will pass it on to be corrected in some unknown time in the future.
Related videos on Youtube
Rodion
Updated on September 18, 2022Comments
-
Rodion over 1 year
I encountered an interesting situation today that I didn't know about.
I logged in by user
A
using server dns host nameSERVNAME
and got myself session and my desktop. I put on the desktop some file.Then my friend also logged with the same user
A
, but using server'sIP xxx.xx.xx.x
and Windows created a second session for the same userA
and second version of desktop! He did not see the file from my desktop and moreover hadn't kicked me out of my session as I expected.But if he connects by server's name
SERVNAME
he kicks me out of session.- Yes, it is the same server.
- The option
Restrict each user to a single session
is set toYes
(fSingleSessionPerUser = 1
)
How can it be? What is the difference in logging by IP or domain name?
-
Matthew Williams about 10 yearsPointing to a domain directs to a specific point on a network while an IP could contain a host of domains. A web server would be a good example of this. Does your IP host multiple servers using remote desktop?
-
Rodion about 10 years@MatthewWilliams cannot say, it's a virtual server though. What is the difference to windows OS if my IP hosts multiple servers?
-
Matthew Williams about 10 yearsThe issue is not hosting multiple servers, its the configuration used to remote into a system. You might have several servers listening on port 3389 for RD requests. By listing only an IP there is no reference to which server you have requested. A server name gives you a specific system to point to. Are you use your friend got into the same server as you did?
-
Rodion about 10 years@MatthewWilliams of course it is the same server. For acknowledgment I copied the file to system drive c and my friend got it.
-
Ƭᴇcʜιᴇ007 about 10 yearsWindows Server supports multi-session for RDP. It's normal for you to be able to be logged in twice from RDP. Examine how your RDS settings are set in regards to desktops, user session recovery, etc.
-
Rodion about 10 years@techie007 There is set
Restrict each user to a single session
toYes
and I think your comment is not relevant to the question about difference in logging by IP or name. -
Dave about 10 yearsIf the machine can't use a single session will it use a temp profile
-
Rodion about 10 yearsIf
There's no difference, you're remoting on to the same machine, just using two different methods to do so. 1) The hostname which simply looks up and resolved the IP and 2) using the IP instead of the domain, that's basic DNS.
Why I am being kicked from session if second user connects as myself by name in domain? -
Rodion about 10 yearsAnd as I said in the question there is already Single session per user = 1, checked it in regedit too.
-
Rodion about 10 yearsExactly the same user in same domain and with the same SID.
-
Rodion about 10 years2) - no User A.000, only User A 1) - very interesting, so you are implying that Remote Desktop Connection in different loggins differently... doing what? Setting what program?
Set any program to run on connection and then connect to the Windows Server-based computer
-
harrymc about 10 yearsI have added above my conclusions from your findings.
-
David about 10 yearsWith having 2 different sessions for the same users, windows will create a second profile for the second user, otherwise you run into problems with things like the user registry hive/store.
-
David about 10 yearsThis is not a bug, this is expected behaviour. See my answer below, with referenced kb article. MS Terminal services will only limit a user to one session if the session details are exactly the same. Using hostname vs the IP address is enough for Windows to think that the sessions are different.
-
harrymc about 10 years@David: The bug is not in having multiple sessions and desktops. The bug is in not getting the same results when connecting via different network paths. Remember that with DNS one user kicks out the existing session but not with IP.
-
harrymc about 10 yearsThis does not explain why with DNS the same login kicks out the existing session but not with IP.
-
David about 10 yearsWindows is not looking at the source, but the destination in order to make the determination of a unique connection. When the first user uploads a file to his desktop, it does not show on the second session desktop for good reason: each session needs exclusivity. There is no bug here.
-
Rodion about 10 yearsharrymc and @David thank you guys! you both helped a lot. harrymc, apps from article were very helpful