RDP Issues and Ghost User Sessions - Windows Server 2019

James Cavanaugh 0 Reputation points
2025-06-26T17:21:27.4466667+00:00

We are having an issue with one of our Windows Server 2019 VMs running on VMware ESXi, 8.0.3, 24022510

For some reason users who were previously able to rdp into the server are no longer able to do so unless they already have a user session logged in. I have confirmed that remote access is enabled and the users trying to rdp have permissions to do so.

The issue seems to have a deeper root cause as we are seeing other strange behavior. If a user has an active session (established through the console) they are able to rdp into the server and assume that active session however if there is no active session the user gets an access denied error.

There are also a huge number of errored or ghost user sessions listed in the task manager and the number grows over time as if new users are constantly logging in.

Windows for business | Windows Server | User experience | Session connectivity
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Daphne Huynh (WICLOUD CORPORATION) 160 Reputation points Microsoft External Staff Moderator
    2025-07-09T03:29:39.8733333+00:00

    Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.

    Based on your description, please kindly review the following steps to help investigate the issue that you occurred.

    Step 1: Check Port Reachability

    Run the following command from the client machine to check if port 3389 (used for RDP) is reachable: tnc <hostname/IP> -port 3389

    This can help identify issues such as:

    • Network connectivity problems
    • Firewall blocking the port
    • RDP service not running

    Step 2: Reproduce Session Behavior

    Reproduce the scenario:

    "If a user has an active session (established through the console), they are able to RDP into the server and assume that active session."

    To test this:

    1. Access the VM via console (e.g., through Hyper-V, VMware, or cloud provider's console access).
    2. Once logged in, open Remote Desktop Connection (mstsc) inside the VM.
    3. Try to RDP into the same VM using localhost as the target.

    This simulates a user connecting to their own active session via RDP.

    Step 3: Inspect Active Sessions

    On the affected machine, run: qwinsta

    This will list all active sessions. Look for:

    • SESSIONNAME (e.g., console, rdp-tcp#X)
    • USERNAME
    • STATE (e.g., Active, Disconnected)

    This helps determine how the user is connected and whether the session is being reused or duplicated.

    Hope this helps a bit, and I’m here if you need more details.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.