Remote login (RDP) to server using its dns host name or its IP gives the same user account two desktops

remote-desktop login windows-server-2008-r2 terminal-services
7,060

Solution 1

There are two questions here:

1.) Why is Windows Terminal Services not restricting User A to one session?

It says Users can open multiple sessions to a server that is restricted to a single session for each user.

It goes on to say This functionality is working as expected. This setting is limits each user to one unique session. However, if the user is running different initial programs, the sessions are considered as different sessions.

Using the server's hostname vs. its IP address is enough for Windows think that sessions are unique.

2.) In my session, I have a file on desktop, why is this file not showing up in the second session?

Windows is creating 2 unique sessions, so therefore it is creating a second unique profile for the second login of User A. If go to a command prompt you will see one session starts in C:\Users\User A\ and the second session is C:\Users\User A.000\. Similarly have a look at C:\Users from a Windows File Explorer window.

Solution 2

I would guess that when going either through DNS or via IP address there is a difference in the identification of the computer that is originating the RDP request.

The difference might be in the user-name acquiring a different qualifier, for example WORKGROUP.

I suggest to logon using both methods, then in a Command Prompt (cmd) use the whoami command to find the exact user account that is used:

whoami /user

If there is a difference, then you have found your answer.

[EDIT]

As you have found that in both cases there is exactly the same user in the same domain and with the same SID, then my only explanation is a difference that is not visible to you. It might be that because of the DNS request your connection request does not follow the exact path in the network that is taken when using the IP address.

My personal conclusion is that Windows in that case does not search for the connection in the right place, does not find the existing connection and so opens up a new session/desktop. However, when the login process executes in this new desktop, it logs you in under your correct user account / SID, so the same user ends up as having two desktops.

You might be able to further research that possibility using the LogonSessions utility from Sysinternals, which gives more detailed information about the currently active logon sessions. Another possibly useful utility is EnumWinsta GUI which displays the list of window stations and desktops.

More information can be found in the article :
Windows Sysinternals : Windows Core Concepts - Sessions, Window Stations, Desktops, and Window Messages.

In other words, I believe this is an undocumented bug in RDP, which you should report. Unfortunately, Microsoft Connect does not accept bugs for Windows, so your only option is to go on the Microsoft Windows Forums and hope that someone from Microsoft will pass it on to be corrected in some unknown time in the future.

Share:
7,060

Related videos on Youtube

Rodion
Author by

Rodion

Updated on September 18, 2022

Comments

  • Rodion
    Rodion over 1 year

    I encountered an interesting situation today that I didn't know about.

    I logged in by user A using server dns host name SERVNAME and got myself session and my desktop. I put on the desktop some file.

    Then my friend also logged with the same user A, but using server's IP xxx.xx.xx.x and Windows created a second session for the same user A and second version of desktop! He did not see the file from my desktop and moreover hadn't kicked me out of my session as I expected.

    But if he connects by server's name SERVNAME he kicks me out of session.

    • Yes, it is the same server.
    • The option Restrict each user to a single session is set to Yes (fSingleSessionPerUser = 1)

    How can it be? What is the difference in logging by IP or domain name?

    • Matthew Williams
      Matthew Williams about 10 years
      Pointing to a domain directs to a specific point on a network while an IP could contain a host of domains. A web server would be a good example of this. Does your IP host multiple servers using remote desktop?
    • Rodion
      Rodion about 10 years
      @MatthewWilliams cannot say, it's a virtual server though. What is the difference to windows OS if my IP hosts multiple servers?
    • Matthew Williams
      Matthew Williams about 10 years
      The issue is not hosting multiple servers, its the configuration used to remote into a system. You might have several servers listening on port 3389 for RD requests. By listing only an IP there is no reference to which server you have requested. A server name gives you a specific system to point to. Are you use your friend got into the same server as you did?
    • Rodion
      Rodion about 10 years
      @MatthewWilliams of course it is the same server. For acknowledgment I copied the file to system drive c and my friend got it.
    • Ƭᴇcʜιᴇ007
      Ƭᴇcʜιᴇ007 about 10 years
      Windows Server supports multi-session for RDP. It's normal for you to be able to be logged in twice from RDP. Examine how your RDS settings are set in regards to desktops, user session recovery, etc.
    • Rodion
      Rodion about 10 years
      @techie007 There is set Restrict each user to a single session to Yes and I think your comment is not relevant to the question about difference in logging by IP or name.
    • Dave
      Dave about 10 years
      If the machine can't use a single session will it use a temp profile
  • Rodion
    Rodion about 10 years
    If There's no difference, you're remoting on to the same machine, just using two different methods to do so. 1) The hostname which simply looks up and resolved the IP and 2) using the IP instead of the domain, that's basic DNS. Why I am being kicked from session if second user connects as myself by name in domain?
  • Rodion
    Rodion about 10 years
    And as I said in the question there is already Single session per user = 1, checked it in regedit too.
  • Rodion
    Rodion about 10 years
    Exactly the same user in same domain and with the same SID.
  • Rodion
    Rodion about 10 years
    2) - no User A.000, only User A 1) - very interesting, so you are implying that Remote Desktop Connection in different loggins differently... doing what? Setting what program? Set any program to run on connection and then connect to the Windows Server-based computer
  • harrymc
    harrymc about 10 years
    I have added above my conclusions from your findings.
  • David
    David about 10 years
    With having 2 different sessions for the same users, windows will create a second profile for the second user, otherwise you run into problems with things like the user registry hive/store.
  • David
    David about 10 years
    This is not a bug, this is expected behaviour. See my answer below, with referenced kb article. MS Terminal services will only limit a user to one session if the session details are exactly the same. Using hostname vs the IP address is enough for Windows to think that the sessions are different.
  • harrymc
    harrymc about 10 years
    @David: The bug is not in having multiple sessions and desktops. The bug is in not getting the same results when connecting via different network paths. Remember that with DNS one user kicks out the existing session but not with IP.
  • harrymc
    harrymc about 10 years
    This does not explain why with DNS the same login kicks out the existing session but not with IP.
  • David
    David about 10 years
    Windows is not looking at the source, but the destination in order to make the determination of a unique connection. When the first user uploads a file to his desktop, it does not show on the second session desktop for good reason: each session needs exclusivity. There is no bug here.
  • Rodion
    Rodion about 10 years
    harrymc and @David thank you guys! you both helped a lot. harrymc, apps from article were very helpful

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Remote Desktop to Server 2008R2 fails from one particular Win7 client
How do I stop Remote Desktop from prompting for username and password twice
Can't Log Out of Windows Server 2008
Detect source of remote desktop connection
Creating a Remote Desktop Client Application without using Windows Forms (C#)
How to Access Remote USB Smartcard during RDP
I cannot log in a VNC session after the screen locks: "Authentification error". Why?
ubuntu 18.04 connect to login screen over VNC
Windows Remote Desktop login failed with Ubuntu Server 12.4
Remote Desktop svchost (networkservice) & lsa.exe high cpu usage, hangs on welcome screen