×


Setting remote desktop drain mode on a Windows Server RDS host

Setting remote desktop drain mode on a Windows Server RDS host requires an understanding of the drain modes and PowerShell commands.

Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to perform related windows queries.

In this context, we shall look into how to set up remote desktop drain mode on a Windows Server RDS host.


What Is Drain Modes on Windows Server Remote Desktop Services ?

The Drain Mode appears in Windows Server 2008 (Terminal Services Server Drain mode). When we put an RDS host in drain mode, it can no longer accept new user's connections.

As a rule, the mode helps the server administrator to maintain a server (install Windows updates, configure or update apps) without affecting the availability of the entire RDS farm. 

An RDS host can work in either of the three types of the Drain Mode:

  • Allow All Connections (a default mode) — an RD Session Host accepts new connections.
  • Allow Reconnections, but Prevent New Logons — users can reconnect to existing sessions, but it does not allow new sessions. If we restart a server, users will not be able to connect to it.
  • Allow Reconnections, but Prevent New Logons until the Server Is Restarted – this mode is similar to the previous one, but after the restart, the user logon mode is reset to Allow All Connections.


How to Deny New User Logons to an RD Session Server ?

We can enable the Drain Mode on our RDS host server via the RDS collection settings.

1. Open Server Manager -> All Servers and add all RDS servers of the farm

2. Select Remote Desktop Services on the left panel in the Server Manager. Select the RDS Collections

3. In the HOST SERVERS section, select a server we want to enable the Drain Mode for and select "Do not allow new connections" in the context menu.

Users having active Remote Desktop sessions will be able to reconnect to the server, while all new connections will be forwarded by the Connection Broker to other hosts in our RDS farm.

We can also set the Drain Mode locally on the RDS host via the command prompt.

To do it, the change logon command used.


Useful commands:

To prevent new user connections, run the command below:

change logon /drain

New user logons are DISABLED, but reconnections to existing sessions are ENABLED


Now, if a new user tries to connect to the RDS host directly (while not using the RD Connection Broker), the following error appears:

Remote logins are currently disabled.

At the same time an event with the Event ID 1070 and TerminalServices-RemoteConnectionManager as the source appears in the RDS host log:

A logon request was denied because the RD Session Host server is currently in drain mode and therefore not accepting new user logons. To configure the server to allow new user logons, use the Remote Desktop Services Configuration tool.

The following command enables the Drain Mode until the host restart:

change logon /drainuntilrestart

To prevent users even with active sessions to connect to the host, run this command:

change logon /disable
Session logins are currently DISABLED

If we are connected to the Remote Desktop Session Host in the client session mode, and disabled access using the command above and logged off (logoff.exe), we will be able to connect to the server through the console only (mstsc /admin).


To allow connections, use this command:

change logon /enable

To make sure enabling of Drain Mode on our RDS server, run the command below:

change logon /query
Session logins are currently ENABLED

At times when we try to set the Drain Mode on our server using change logon, we have noticed the following error:

Connections are currently ENABLED by Group Policy for this machine, unable to change.

This means that the Drain Mode configuration is via the GPO. The policy setting is called Allow users to connect remotely using Remote Desktop Services and we can find it under the following GPO section: Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Connections.

Disable the policy or set it to Not Configured.


Setting remote desktop drain mode on a Windows Server RDS Host via PowerShell

We can manage Drain Mode settings of an RDS host collection or a standalone RDS server using PowerShell:

Import-Module RemoteDesktop
# To deny new RDP connections to the Remote Desktop Services Host
Set-RDSessionHost -SessionHost mun-saprdsh1.linuxapt -NewConnectionAllowed No -ConnectionBroker mun-saprdcb.linuxapt.com
# To allow connections
Set-RDSessionHost -SessionHost mun-saprdsh1.linuxapt -NewConnectionAllowed Yes -ConnectionBroker mun-saprdcb.linuxapt.com

If we enable or disable the Drain Mode, it changes the values of the following register parameters:

WinStationsDisabled HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
TSServerDrainMode HKLM\System\CurrentControlSet\Control\Terminal Server\

For example, while enabling the Drain mode, the registry values are set as WinStationsDisabled = 0 and TSServerDrainMode = 2.

We can also make sure that it enables the Drain Mode on our host using the PowerShell script below:

Get-WmiObject win32_terminalservicesetting -N "root\cimv2\terminalservices" | %{
if ($_.logons -eq 1){
"Disabled"}
Else {
switch ($_.sessionbrokerdrainmode)
{
0 {"Enabled"}
1 {"DrainUntilRestart"}
2 {"Drain"}
default {"error"}
}
}
}

To enable the Drain Mode via PowerShell (similar to change logon /Drain):

$temp = (Get-WmiObject win32_terminalservicesetting -N "root\cimv2\terminalservices")
$temp.sessionbrokerdrainmode=2
$temp.put()

To put the RDS host to normal mode (change logon /enable), run this command:

$temp = (Get-WmiObject win32_terminalservicesetting -N " root\cimv2\terminalservices ")
$temp.sessionbrokerdrainmode=0
$temp.logons=0
$temp.put()
check drain mode on windows server 2016 rds host via powershell

 

[Need urgent assistance in fixing Windows errors? – We're available 24*7. ]


Conclusion

This article covers how to set remote desktop drain mode on a Windows Server RDS host. Basically, setting remote desktop drain mode on a Windows Server RDS host can be easily performed with PowerShell. The Drain Mode is used when a server administrator needs to maintain a server (install Windows updates, configure or update apps) without affecting the availability of the entire RDS farm. 

When you set the RDS host in drain mode state, the RDS host can no longer accept new connections but existing sessions continue working until users log out. You can monitor the status of the RDS host in Horizon Administrator.


To remove a Remote Desktop Session Host (Uninstall the RD Session Host Role Service) :

  • Open Server Manager.
  • In the left pane, expand Roles.
  • Right-click Remote Desktop Services, and then click Remove Role Services.
  • On the Select Role Services page, clear the Remote Desktop Session Host check box, and then click Next.
  • On the Confirm Removal Selections page, click Remove.