Use powershell to stop connections to stuck RDS server

When an RDS server in a cluster is partially running but not allowing the broker to remotely manage it the Server Manager console gets stuck in a situation where it waits for the server to respond and you cannot manage your cluster.

Use the following commands to disable connections to an RDS server that is not allowing logins to complete. (simple but handy to know in a hurry)

NOTE: you must run powershell as administrator or these commands do not function.

Import-Module RemoteDesktop
Set-RDSessionHost servername.domain.local -NewConnectionAllowed "No"

I have found that the Server Manager GUI has trouble displaying the new state of the server. Sometimes a refresh of the page helps and sometime I have to close and reopen the console to see the updated state.


Managing remote processes with Powershell

This is to manage remote processes on a server that is not allowing you to log in due to high CPU on a process.

Invoke-Command servername {Get-Process}
Example to look for chrome processes
Invoke-Command servername {Get-Process chrome}

Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName ComputerName
------- ------ ----- ----- ----- ------ -- ----------- ------------
    254     39  93252 104076  852    12.97  21204 chrome servername
    238     24  38156  49512  759     1.17  21380 chrome servername
    223     20  23184  27044  731     0.25  22012 chrome servername
    399     48  87928 112292  382    11.02  22444 chrome servername
    544     80 293940 328044 1137 34509.08  22576 chrome servername

The last line with the large number for CPU is the cause of the issue.

This command will kill the offending process with ID 22576

Invoke-Command servername {Stop-Process -ID 22576 -Force}

This command will kill all chrome processes

Invoke-Command servername {Get-Process chrome | Stop-Process -Force}

After that the server was responsive again.

Powershell script to enable Allow New Connections for all RDS servers

This will enable “Allow New Connections” for all servers in all collections.  Handy when you disable logins for troubleshooting and forget to enable them again.  I have configured this to run at 5am each morning on our broker server.

Server Manager can sometimes not display the updated values until it is closed and reopened so keep that in mind. Generally it updates with a simple refresh.

Import-Module RemoteDesktop ForEach ($CollectionName in Get-RDSessionCollection) { ForEach ($HostToEnable in (get-rdsessionhost -collectionname $CollectionName.CollectionName | where {$_.NewConnectionAllowed -ne "Yes"})) { $HostToEnable Set-RDSessionHost $HostToEnable.SessionHost -NewConnectionAllowed "Yes" } }

If you would like to continue to block logins to a specific server that may be in long term diagnostics or maintenance you could either disable the script temporarily (as in change the start date in the scheduled task to some time in the future) or add a line to the end of the code such as,

Set-RDSessionHost -NewConnectionAllowed “No”

In a static environment a script such as the following would work,

Set-RDSessionHost -NewConnectionAllowed "Yes" Set-RDSessionHost -NewConnectionAllowed "Yes" Set-RDSessionHost -NewConnectionAllowed "Yes" #The following server is in maintenance Set-RDSessionHost -NewConnectionAllowed "No"

Updated version that sends an email message when a change has been made.

$MailSubject = "RDS Enable Login Script" $MailServer = "Mail.contoso.local" $MailTo = "" $MailFrom = "" $MailBody = "The following servers were detected as having their logins disabled and have been automatically set to allow logins again:" Import-Module RemoteDesktop ForEach ($CollectionName in Get-RDSessionCollection) { foreach ($HostToEnable in (get-rdsessionhost -collectionname $CollectionName.CollectionName | where {$_.NewConnectionAllowed -ne "Yes"})) { $Output += "
" + $HostToEnable.SessionHost Set-RDSessionHost $HostToEnable.SessionHost -NewConnectionAllowed "Yes" } } If ($Output -ne $null) { $MailBody += $Output + "

This script runs on server $($env:computername) under the credentials of $($env:UserName)" Send-Mailmessage -To $MailTo -From $MailFrom -Body $MailBody -Subject $MailSubject -SMTPServer $MailServer -BodyAsHtml }