Event ID 1006 — Remote Desktop Session Host Connections

Applies To: Windows Server 2008 R2

Users can connect to an RD Session Host server to run programs, save files, and use network resources on that server. When a user disconnects from a session, all processes running in the session, including applications, will continue to run on the RD Session Host server.

The user logon mode on the RD Session Host server can be configured to prevent new user sessions from being created on the RD Session Host server. You might want to prevent new user sessions from being created on the RD Session Host server when you are planning to take the RD Session Host server offline for maintenance or to install new applications.

Event Details

Product: Windows Operating System
ID: 1006
Source: Microsoft-Windows-TerminalServices-RemoteConnectionManager
Version: 6.1
Symbolic Name: EVENT_TOO_MANY_CONNECTIONS
Message: The terminal server received large number of incomplete connections. The system may be under attack.

Resolve

Check authentication process

To resolve this issue, do the following:

  • Use Remote Desktop Services Manager to check which users are connecting to the RD Session Host server. Ensure that there are no suspicious accounts.
  • Identify and fix any network connectivity problems between the RD Session Host server and the Active Directory domain controllers that are used for authentication.

To perform these tasks, refer to the following sections.

Use Remote Desktop Services Manager to view which users are connected to the RD Session Host server

To perform this procedure, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.

To view which users are connected to the RD Session Host server:

  1. On the RD Session Host server, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Services Manager.
  2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.
  3. On the Users tab, the users that are connected to the RD Session Host server are listed. Ensure that there are no suspicious accounts listed.

Identify and fix any network connectivity problems between the RD Session Host server and the domain controller

To identify and fix any network connectivity problems between the RD Session Host server and the domain controller, do the following:

  • Determine if there is a network connectivity problem by using the ping command.
  • Perform additional troubleshooting steps, if necessary, to help identify the cause of the problem.

To perform these tasks, refer to the following sections.

Note:  The following procedures include steps for using the ping command to perform troubleshooting. Therefore, before performing these steps, check whether the firewall or Internet Protocol security (IPsec) settings on your network allow Internet Control Message Protocol (ICMP) traffic. ICMP is the TCP/IP protocol that is used by the ping command.

To perform these procedures, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.

Determine if there is a network connectivity problem

To determine if there is a network connectivity problem between the RD Session Host server and the domain controller:

  1. On the RD Session Host server, click Start, click Run, type cmd, and then click OK.

  2. At the command prompt, type ping server_FQDN, where server_FQDN is the fully qualified domain name (FQDN) of the domain controller (for example, server1.contoso.com), and then press ENTER.

    If the ping was successful, you will receive a reply similar to the following:

    Reply from IP_address: bytes=32 time=3ms TTL=59

    Reply from IP_address: bytes=32 time=20ms TTL=59

    Reply from IP_address: bytes=32 time=3ms TTL=59

    Reply from IP_address: bytes=32 time=6ms TTL=59

  3. At the command prompt, type ping IP_address, where IP_address is the IP address of the domain controller, and then press ENTER.

If you can successfully ping the domain controller by IP address, but not by FQDN, this indicates a possible issue with DNS host name resolution.

If you cannot successfully ping the domain controller by IP address, this indicates a possible issue with network connectivity, firewall configuration, or IPsec configuration.

Perform additional troubleshooting steps

The following are some additional troubleshooting steps that you can perform to help identify the root cause of the problem:

  • Ping other computers on the network to help determine the extent of the network connectivity issue.
  • If you can ping other servers but not the domain controller, try to ping the domain controller from another computer. If you cannot ping the domain controller from any computer, first ensure that the domain controller is running. If the domain controller is running, check the network settings on the domain controller.
  • Check the TCP/IP settings on the local computer by doing the following:
    1. Click Start, click Run, type cmd, and then click OK.
    2. At the command prompt, type ipconfig /all, and then press ENTER. Make sure that the information listed is correct.
    3. Type ping localhost to verify that TCP/IP is installed and correctly configured on the local computer. If the ping is unsuccessful, this may indicate a corrupt TCP/IP stack or a problem with your network adapter.
    4. Type ping IP_address, where IP_address is the IP address assigned to the computer. If you can ping the localhost address but not the local address, there may be an issue with the routing table or with the network adapter driver.
    5. Type ping DNS_server, where DNS_server is the IP address assigned to the DNS server. If there is more than one DNS server on your network, you should ping each one. If you cannot ping the DNS servers, this indicates a potential problem with the DNS servers, or with the network between the computer and the DNS servers.
    6. If the domain controller is on a different subnet, try to ping the default gateway. If you cannot ping the default gateway, this might indicate a problem with the network adapter, the router or gateway device, cabling, or other connectivity hardware.
  • In Device Manager, check the status of the network adapter. To open Device Manager, click Start, click Run, type devmgmt.msc, and then click OK.
  • Check network connectivity indicator lights on the computer and at the hub or router. Check network cabling.
  • Check firewall settings by using the Windows Firewall with Advanced Security snap-in.
  • Check IPsec settings by using the IP Security Policy Management snap-in.

Verify

To verify that connections to the RD Session Host server are working properly, establish a remote session with the RD Session Host server.

Remote Desktop Session Host Connections

Remote Desktop Services