When you create a Remote Desktop Protocol (RDP) connection to a computer that is running Windows Server 2012 or Windows Server 2012 R2, the computer freezes.
In other cases, you may see the new user logons are slowed down to a degree they appear hung. The delay may also occur before the user enters the credentials.
This issue occurs because of a deadlock condition that involves terminal services (termsrv.dll), lsass (kerberos), and redirector. The deadlock occurs when terminal services tries toload the user configuration data by issuing remote registry calls to the domain controller.
When you experience slow or hung logons, terminal server service makes calls to API to a domain controller, and the round trips for these induce significant delays. This may occur for the following reasons:
The network link to the Domain Controller is slow, congested and sees frame loss, and significant time is spent with retries to transfer data.
The Domain Controller experiences local performance issues and responds to the requests slowly.
There now is an option to turn off the Domain Controller requests during user logon. This avoids the window for the dead-lock, and fixes the performance issues.
To fix this issue in Windows Server 2012, you must upgrade to Windows Server 2012 R2. On Windows Server 2012 R2, create the fQueryUserConfigFromLocalMachine registry entry according to the following steps.
Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.
To make the registry change, follow these steps:
Start Registry Editor. (Press Windows logo key + R, type regedit.exe in the Open box, and then click OK.)
In Registry Editor, locate and then click one of the following registry subkeys:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\<Connection Name>
Note By default, the value for <Connection Name> is RDP-Tcp. This value RDP-Tcp can be renamed or configured to something else.
On the Edit menu, select New, and then select DWORD Value.
Press and hold (or right-click) fQueryUserConfigFromLocalMachine, and then select Modify.
In the Value data box, type 1, and then select OK.
Exit Registry Editor.
You can also upgrade to Windows Server 2016 to fix this issue.
Note You do not have to update registry keys in Windows Server 2016, the updated behavior is the default