2

I encountered an interesting situation today that I didn't know about.

I logged in by user A using server dns host name SERVNAME and got myself session and my desktop. I put on the desktop some file.

Then my friend also logged with the same user A, but using server's IP xxx.xx.xx.x and Windows created a second session for the same user A and second version of desktop! He did not see the file from my desktop and moreover hadn't kicked me out of my session as I expected.

But if he connects by server's name SERVNAME he kicks me out of session.

  • Yes, it is the same server.
  • The option Restrict each user to a single session is set to Yes (fSingleSessionPerUser = 1)

How can it be? What is the difference in logging by IP or domain name?

David
  • 2,362
Rodion
  • 81

3 Answers3

3

There are two questions here:

1.) Why is Windows Terminal Services not restricting User A to one session?

It says Users can open multiple sessions to a server that is restricted to a single session for each user.

It goes on to say This functionality is working as expected. This setting is limits each user to one unique session. However, if the user is running different initial programs, the sessions are considered as different sessions.

Using the server's hostname vs. its IP address is enough for Windows think that sessions are unique.

2.) In my session, I have a file on desktop, why is this file not showing up in the second session?

Windows is creating 2 unique sessions, so therefore it is creating a second unique profile for the second login of User A. If go to a command prompt you will see one session starts in C:\Users\User A\ and the second session is C:\Users\User A.000\. Similarly have a look at C:\Users from a Windows File Explorer window.

David
  • 2,362
1

I would guess that when going either through DNS or via IP address there is a difference in the identification of the computer that is originating the RDP request.

The difference might be in the user-name acquiring a different qualifier, for example WORKGROUP.

I suggest to logon using both methods, then in a Command Prompt (cmd) use the whoami command to find the exact user account that is used:

whoami /user

If there is a difference, then you have found your answer.

[EDIT]

As you have found that in both cases there is exactly the same user in the same domain and with the same SID, then my only explanation is a difference that is not visible to you. It might be that because of the DNS request your connection request does not follow the exact path in the network that is taken when using the IP address.

My personal conclusion is that Windows in that case does not search for the connection in the right place, does not find the existing connection and so opens up a new session/desktop. However, when the login process executes in this new desktop, it logs you in under your correct user account / SID, so the same user ends up as having two desktops.

You might be able to further research that possibility using the LogonSessions utility from Sysinternals, which gives more detailed information about the currently active logon sessions. Another possibly useful utility is EnumWinsta GUI which displays the list of window stations and desktops.

More information can be found in the article :
Windows Sysinternals : Windows Core Concepts - Sessions, Window Stations, Desktops, and Window Messages.

In other words, I believe this is an undocumented bug in RDP, which you should report. Unfortunately, Microsoft Connect does not accept bugs for Windows, so your only option is to go on the Microsoft Windows Forums and hope that someone from Microsoft will pass it on to be corrected in some unknown time in the future.

harrymc
  • 498,455
0

Explanation

As the comments above have stated, server based terminal services accept multiple connections to the same machine, either from multiple different users or (if configured) concurrent logins for the same user.

How can it be? What is the difference in logging by IP or domain name?

There's no difference, you're remoting on to the same machine, just using two different methods to do so. 1) The hostname which simply looks up and resolved the IP and 2) using the IP instead of the domain, that's basic DNS.

Concurrent Logins

There's a registry value within the Terminal Server subkey that is responsible for multiple same user connections and that's the fSingleSessionPerUser DWORD.

Open regedit (Windows Key+R) -> regedit + enter

Navigate to

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer

Double click or right-click –> modify the key fSingleSessionPerUser

I imagine the value is set to 0, change this to 1.

  • 0 = Multiple sessions per user
  • 1 = Single session per user

Apply the changes and restart remote desktop services. (see below)

Open cmd (Windows Key+R) -> cmd + enter

Type net stop termservice and press enter, then net stop termservice and press enter.

The above answer is tested on the latest release of Windows Server 2013, and dates back to I believe Windows server 2003.

Samuel Nicholson
  • 1,722