How can I force the server to log off idle RDP session automatically? An idle or inactive session will also consume precious CPU resources and memory. When the number of concurrent connections has reached the limit, your best bet is to kick out idle users. In this tutorial we’ll show you how to use group policy to configure Windows to automatically log off idle remote desktop sessions.
Automatically Log off Idle Remote Desktop Sessions in Windows
- Open the Local Group Policy Editor and browse to:
Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Session Time LimitsIn the right panel, double-click the “Set time limit for active but idle Remote Desktop Services sessions” policy.
- Change it to Enabled, then set the desired amount of time in the drop-down list right below. Click Apply and then OK. Reboot your computer to put the policy into effect.
- When any RDP user is idle for the group policy specified amount of time, they will receive the following warning:
“Session has been idle over its time limit. It will be disconnected in 2 minutes. Press any key now to continue session.”
You have the chance to click OK to extend the session. Otherwise, the idle session will log off automatically two minutes later.
That’s it!
Modified on: Wed, 23 Feb, 2022 at 12:05 PM
Occasionally a user might experience disconnection of an idle session. One reason this can occur is the configuration of the power settings on the client computer. A way to minimize the chances of disconnection of idle sessions, set the PCs power settings to stop the computer from going into sleep or hibernate modes.Deactivating the power management of the network card on the server and client can also be useful :It is also possible to set the server to keep alive all remote session using local policies.To do so, click start, type in "gpedit.msc"Locate the following local group policy :Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limit
Here you will find 4 strategies that you may find useful.
1- Set time for disconnected sessions - This strategy is used for logging off a disconnected session after a certain time. This can also be set in the Admin tool.
2- Set time limit for active but idle Remote Desktop Services sessions - this strategy is used to force a disconnection of active but idle session, this can be useful for freeing a session for another active user.
3- Set time limit for active Remote Desktop Services session - This strategy is used to force a disconnection of active session, for example a user can remotely connect for a limited duration of 30mn then will be disconnected. This strategy is rarely used.
4- Terminate session when time limits are reached - This strategy is useful for logging off disconnected session and can be used with a mix of the above strategies.
Did you find it helpful? Yes No
Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.
Symptom:
Reason:
Microsoft Local Group policy settings forcing RDP Session to log off after 2 min idle session.
Resolution:
1. Got run, type "gpedit.msc"
2. Expand "Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits"
If there is any active policy, edit it to "Not Configured" State as below picture.
3. Expand "User Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits"
If there is any active policy, edit it to "Not Configured" State as below picture.
4. Reboot the PC.
Page 2
-
Idle Time simply put is the amount of time that has elapsed since the last input from mouse or keyboard. This is true for active and disconnected sessions. Typically in the Disconnected sessions I have found that the IDLE time is the counter of the system sitting there with no input until the remote computer lost connection to the session. In an active session that indicates the user has the remote session open and has not touched the mouse or keyboard for X number of hours/minutes.
-
tacohunter09 wrote:
Idle Time simply put is the amount of time that has elapsed since the last input from mouse or keyboard. This is true for active and disconnected sessions. Typically in the Disconnected sessions I have found that the IDLE time is the counter of the system sitting there with no input until the remote computer lost connection to the session. In an active session that indicates the user has the remote session open and has not touched the mouse or keyboard for X number of hours/minutes.
OK, that makes perfect sense for an active session. It's the values for the disconnected sessions that's throwing me. We are having an issue with RD sessions dropping connection at our ADA 5516. What we're seeing is a session disconnects then recovers itself within a minute or so. The user can work for anywhere between 1 minute and 10 minutes before the session disconnects again.
-
The constant disconnects is a strange issue and can have multiple reasons. The idle times shown are weird, especially all of the 47 minute ones.
Are you dropping packets from these systems to the RDS? You could do a ping for 30 minutes using an endless ping command and checking the statistics at the end.
Is there a Branch Office VPN that is setup and possible re-keying the session every 10 minutes? I had that issue myself once.
Do you have any idle time policies in RDS to kick users after a period of inactivity?
Looking at your sessions, first disconnected example for mgr.res.ninth.
Initial session: 10/8/2020 7:59:19am
Current State: Disconnected at 10/8/2020 2:40:42pm
Idle Time: 1:08:35 [1 hour, 8 minutes, 35.169 seconds].
That user was idle for 1 hour and 8 minutes before getting disconnected. So about 1:32pm is disconnected and didn't reconnect.
-
tacohunter09 wrote:
The constant disconnects is a strange issue and can have multiple reasons. The idle times shown are weird, especially all of the 47 minute ones.
Are you dropping packets from these systems to the RDS? You could do a ping for 30 minutes using an endless ping command and checking the statistics at the end.
Is there a Branch Office VPN that is setup and possible re-keying the session every 10 minutes? I had that issue myself once.
Do you have any idle time policies in RDS to kick users after a period of inactivity?
Looking at your sessions, first disconnected example for mgr.res.ninth.
Initial session: 10/8/2020 7:59:19am
Current State: Disconnected at 10/8/2020 2:40:42pm
Idle Time: 1:08:35 [1 hour, 8 minutes, 35.169 seconds].
That user was idle for 1 hour and 8 minutes before getting disconnected. So about 1:32pm is disconnected and didn't reconnect.
The only policy we have is to logoff a session after being disconnected for 4 hours.
Each remote location uses Cisco AnyConnect to create a tunnel to our ASA5516 at our central site which gives them entre' to the RD servers. Our Cisco gurus think there's something going on with the ASA, especially in light of the fact that the ASA rebooted itself at about 1 PM this afternoon. Just upped and rebooted itself; no power loss and no one on my team did it.
When a session disconnects it goes to that Retrying up to 20 times window. Sometimes it would come back on its own, but if the VPN connection spits the bit, it knocks AnyConnect out of the water so the user has to create the tunnel again. My users get really pissed when this happens.
-
I'd be checking for packet loss [Ping test]. If Ping's never fail but RDP drops then there is something at the firewall level and not the ASA level in my opinion. If Ping does show drop issues then packet loss is the problem. Lowered connection settings may help on RDP. Is this a new problem that began recently?
-
tacohunter09 wrote:
I'd be checking for packet loss [Ping test]. If Ping's never fail but RDP drops then there is something at the firewall level and not the ASA level in my opinion. If Ping does show drop issues then packet loss is the problem. Lowered connection settings may help on RDP. Is this a new problem that began recently?
The ASA is also our firewall.
This problem started happening about three weeks ago. We thought we had resolved the problem, but our VPN gurus noted that the code and the firmware were old and probably should be upgraded. They did that last night and things seem much better this morning.
-
Glad to hear its working better!
-
tacohunter09 wrote:
Glad to hear its working better!
That's what we thought last time after we rebooted the ASA and the Comcast router last Friday. A week later, we were in the weeds again. Talk to me in another week! :]