Event ID 1041 — Remote Desktop Session Host Connections
Applies To: Windows Server 2008 R2
.jpg)
Users can connect to an RD Session Host server to run programs, save files, and use network resources on that server. When a user disconnects from a session, all processes running in the session, including applications, will continue to run on the RD Session Host server.
The user logon mode on the RD Session Host server can be configured to prevent new user sessions from being created on the RD Session Host server. You might want to prevent new user sessions from being created on the RD Session Host server when you are planning to take the RD Session Host server offline for maintenance or to install new applications.
Event Details
| Product: | Windows Operating System |
| ID: | 1041 |
| Source: | Microsoft-Windows-TerminalServices-RemoteConnectionManager |
| Version: | 6.1 |
| Symbolic Name: | EVENT_AUTORECONNECT_AUTHENTICATION_FAILED |
| Message: | Autoreconnect failed to reconnect user to session because authentication failed. (%1) |
Resolve
Establish a new connection to the RD Session Host server
To resolve this issue, establish a new connection to the RD Session Host server by using a Remote Desktop Protocol (RDP) client such as Remote Desktop Connection.
When a client computer tries to reestablish a remote session with the RD Session Host server after a temporary network interruption, the client computer attempts to authenticate with the RD Session Host server. If the information passed between the client computer and the RD Session Host server to reestablish the connection has become corrupted, the client computer will not be able to reestablish the remote session.
The Remote Desktop Connection client will automatically try to reconnect the remote session with the RD Session Host server if the Reconnect if connection is dropped check box is selected on the Experience tab of the Remote Desktop Connection client.
Important: If there are numerous events in the event log indicating that user authentication failed, it is possible that a malicious attempt is being made to gain access to the RD Session Host server.
To perform this procedure, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.
To check which users are connected to the RD Session Host server:
- On the RD Session Host server, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Services Manager.
- If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.
- On the Users tab, the users that are connected to the RD Session Host server are listed. Ensure that there are no suspicious accounts listed.
Verify
To verify that connections to the RD Session Host server are working properly, establish a remote session with the RD Session Host server.