大家使用 mstsc.exe 远程桌面登录windows server时,退出时,99.99%的人会直接关闭 mstsc.exe 窗口,而不会点击开始—>退出。导致的问题是,登录用户已经提出了,但是 query user 和 query session 时,发现退出的用户,在 windows server 中还是 Active/运行中 则状态。这样会白白占用一个sesion的资源,可能会导致,别人登录时,报 类似 “超过人数” 的错误。
解决办法:
注册表[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp],修改
MaxDisconnectionTime
将该值改为0x3e8(1000),也就是1000毫秒(也就是1秒),重启系统就ok。
Next look to the following key in the registry:
HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\Console
&
HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
Look for fInheritresetBroken (make dword 0) 不继承客户端的设置
fInheritReconnectSame (make dword 0) 不继承客户端的设置–连接到以前的同一个session
fReconnectSame (make dword 0) 是否连接到以前的同一个session
fResetBroken (make dword 1) 是否断开连接之后,进行连接的重置,也即使 不使用以前的session,重新初始化一个新的session
If all those values are OK then we‘ll look at the MaxDisconnectionTime values under the Terminal Server Key. You‘ll need to expand each subskey and look for these two entries in EVERY key, it exists multiple times
fInheritMaxDisconnectionTime (make this dword 0 to disable Inherit) – 不继承客户端的设置
&
MaxDisconnectionTime (1000毫秒,也就是在 rdp 连接 端口 1秒 之后,立即将 rdp session 从 windows server中踢掉。)
限制一个用户仅仅能够同时连接一次
监控时,我们要实现,一个用户名,只能同时登录一次,也就是同一个用户名,在windows server中,只能有一个登录会话存在,解决办法:
设置注册表:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\fSingleSessionPerUser 为 1. 启用一个用户只能有一个session的限制。
fSingleSessionPerUser: TRUE indicates each user can have only a single session; FALSE otherwise.
默认时,有些版本的系统,最多仅仅只能运行两个 administor 和 一个 console 登录session的存在。
去掉该限制的方法:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\MaxInstanceCount
设置为 ffffffff。对 rdp session 的并发数量不进行限制。
MaxInstanceCount
Updated: March 28, 2003
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
Description
Stores configuration data for the policy setting Limit number of connections. (限制 rdp 连接的数量)
Change Method
To change the value of this entry, use the Group Policy Object Editor (Gpedit.msc). The corresponding policy is located in Administrative Templates\Windows Components\Terminal Services.
https://technet.microsoft.com/en-us/library/cc758332(v=ws.10).aspx
相关参考资料:
1)http://remotedesktoprdp.com/force-single-session-allow-multiple-sessions-per-user
Force a single session or allow multiple Remote Desktop sessions per user
Remote Desktop/Terminal Services has two settings for multiple sessions. You can either allow multiple sessions per user (in which case if you log in twice, you‘ll get two sessions), or force a single session per user (in which case you can only log in once and subsequent sessions will be redirectedto the original session.
To change this setting, you‘ll need to perform a registry change. The following steps describe the process:
Start Registry Editor (by default, this is located at c:\windows\regedit.exe).
Go to the following registry key:
HKEY_LOCAL_MACHINE\
System\CurrentControlSet\Control\TerminalServer
If the fSingleSessionPerUser value doesn‘t exist, create a new DWORD value named fSingleSessionPerUser
Open the fSingleSessionPerUser value. The possible values for this setting are as follows:
0x0
Allow multiple sessions per user
0x1
Force each user to a single session
Enter the new setting, and then click OK.
注册表里的所有MaxDisconnect 都设置为 10ms 肯定有效