Windows Couldn’t connect to the Remote Desktop Configuration Service – Windows 10 – 1809

On Windows 10 1809 we were seeing an issues where machines will get the error ‘Windows Couldn’t connect to the Remote Desktop Configuration Service. Please consult your system administrator” when trying to log in (physically).

This prevents the user logging on and returns them to the log on screen. If the machine is rebooted after this it will take somewhere between 6minutes to 2hours to restart, during this time you can move a mouse cursor on a black screen but otherwise cannot interact with the device.

Once it has occurred for the user all domain users subsequently connecting to that machine experience the problem

Log on using a local admin allows a successful log on and a toast notification pops up saying <” Failed to connect to a Windows Service. Windows couldn’t connect to the Remote Desktop Service. This problem prevents standard users from signing in”>

Cause:

This is caused by a registry key bloating with thousands of entries, an entry is added every time an app connects through the internet proxy:

“HKEY_USERS\S-1-5-19\Software\Classes\LocalSettings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings”

which manifests as a large NTUser.dat in c:\windows\serviceprofile\localservice

This is a confirmed bug fixed in June 18th 1809 Windows Update

The patch stops the bloat from occurring but a registry key is needed to remove the orphaned key entries. Microsoft originally published an incorrect key but has updated this with the correct key:

Path: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp

Setting: CleanupLeakedContainerRegistrations

Type: DWORD

Value: 1

A value of 1 removes preexisting registrations upon next reboot and is picked up by the WinHttpAutoProxyService this removes keys under:

“HKEY_USERS\S-1-5-19\Software\Classes\LocalSettings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings”

The fix

Deploy the latest cumulative update as soon as possible as this contains the rolled up patch, I’d also suggest deploying a Group Policy Preference to all of your 1809 machines/.

Applying group policy preference

You can track the deletion of the keys in PowerShell with these handy commands:

# Count the leaked Containers

(Get-item -Path \”Registry::HKEY_USERS\S-1-5-19\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\”).SubKeyCount

# Verify that patch installed,

(Get-Item -path c:\windows\system32\winhttp.dll).VersionInfo

# Verify that Registry entry added,

Get-ItemProperty -path \”Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp” -Name CleanupLeakedContainerRegistrations

# Verify that the service is running

Get-Service WinHttpAutoProxySvc |select *

Leave a Reply

Your email address will not be published. Required fields are marked *