Remote Desktop / Citrix XenApp Idle Timer Expired

For a while now, I've had a server that would show "Idle Timer Expired" immediately at logon time via RDP:

 

 

There is a XenApp Farm on this network, but this server is not in the farm as it's just a database server. This server is also the only Server 2003 32bit server on the domain.

 

Recently, I added another Server 2003 32bit server to the domain and this new server started having the same problem. Immediately after login, this message would pop up and then the session would be ended 2 minutes later.

 

I tried setting the local Terminal Servers policy for session timeouts as well as the Domain Group Policy for the same. Neither one resolved the issue.

 

What I did not know at the time, since these were utility servers and not Terminal Servers, was that this problem only affected one user; Administrator. Not having logged into either of these servers with other users, I did not know that the issue would not be reproduced with another user (since resolving the issue for Administrator, I tested it with another account and verified that the problem was not happening.)

 

The problem has to do with the Active Directory user property "userParameters." This is a binary blob data structure that contains the Terminal Services configuration for a user object. Most of the configuration is set in Active Directory Users and Computers in the Sessions and Remote Desktop Services Profile tab of the user properties. This is important to know, because to resolve this problem, you must wipe out all these settings and you may need to recreate them if you have them set on a per-user basis and not set via Group Policy.

 

For a complete list of all the settings inside "userParameters" please read section 2.3.1 of the Terminal Services Terminal Server Runtime Interface Protocol Specification document that Microsoft has published.

 

Back to the solution, however. Make yourself a handy VBScript that contains:

 

Const ADS_PROPERTY_CLEAR = 1
Set objUser = GetObject("LDAP://cn=MyUser,ou=MyOU,dc=MyDomain,dc=com")
objUser.PutEx ADS_PROPERTY_CLEAR, "userParameters", 0
objUser.SetInfo

That's it! Run that little guy and your userParameters will be cleared and you'll be able to log in and work normally.

 

Note that this can also affect normal users as well as Administrator.

 

 



Back to Article Index

blog comments powered by Disqus