Unable to log in using RDP on Windows Server 2012 or 2016 when having more than about 900 local users
I would like to report a huge bug in Windows Server 2012 and 2016. For 2012 I need to try multiple times to log in to system using RDP but for upgrading 2012 to 2016 I can't log in at all. Everything is described here:
Basically during RDP logging in process lsass.exe process is parsing ALL local users which takes too much time and incoming RDP session is being disconnected. As far as I can see in Windows Event log about 800-900 local users are being parsed before disconnection occurs.
During logging in process lsass.exe is using large amount of CPU but this is probably realted to checking registry:
As you can see in ProcessManager from time when RDP connection was made 21% of ALL Windows events logged in Process Manager was from lsass.exe process.
There is a easy way to replicate this issue:
I can replicate this bug
1) RDP to a newly created Windows Server
2) create a batch file with the following content:
net user /add user%random%_%random% /random
open command prompt and execute the batch file.
Wait 20 minutes
try to RDP or connect via console. It won't work.
(and as far as I know it was replicated on MS side but for now nothing is being done or decided what to do with this problem).
Solution for this issue can be just extending RDP timeout which will work just fine because lsass.exe is using more CPU only during local users traversing and after logging in it just drops.
Any ideas/suggestions? Except "just use AD" ok? This specific scenario is on system which holds shared hosting accounts and local users are being used just for keeping website separated from each other and I really don't need AD for this one.
Please use the RDP/RDS UserVoice site for this feedback. https://remotedesktop.uservoice.com/forums/266795-remote-desktop-services-for-enterprises
Solution from MS:
We found that each iteration (happening in LogonUI ) makes a call out to LSASS.exe which performs the UserLookup and returns the SID information. This is what it is taking time.
This kind of extensive lookup happens because of new functions introduced from Win2012 onwards.
To turn this lookup off, please add the following registry key ( both the locations ), reboot the machine and then test and let me know the results.
Location 1: HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System
Location 2: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon