Session Timeout values applied via Domain User’s AD Properties (Sessions Tab) do not work in ICA session on Windows Server 2012 R2

Session Timeout values applied via Domain User’s AD Properties (Sessions Tab) do not work in ICA session on Windows Server 2012 R2

book

Article ID: CTX218916

calendar_today

Updated On:

Description

Session timeouts configured via user’s AD properties (Sessions Tab) do not take effect in Xendesktop or Xendapp session on server 2012 R2 irrespective of the VDA version being used.

These timeout values take effect in RDP session on server 2012 R2. This also used to work in ICA session till server 2008 R2.
 
User-added image
 
 

Environment

Caution! Using Registry Editor incorrectly can cause serious problems that might require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it.

Resolution

This seems to be by design or product limitation on Windows Server 2012 R2.

Since the Session timeout policies applied via Citrix Studio are not applicable for Server 2008 R2 or 2012 R2 VDA, you can follow the below workarounds:
1.  How to Configure Idle Disconnect and Logoff Timers in XenDesktop 7.x for Windows Server VDAs.
                     
https://support.citrix.com/article/CTX140320

2. You can also use Group Policy Security Filtering to apply  session timeout for selected users.  You can refer to the below articles.
 
https://technet.microsoft.com/en-us/library/cc752992(v=ws.11).aspx
 
https://msdn.microsoft.com/en-us/library/aa373513(v=vs.85).aspx

https://social.technet.microsoft.com/Forums/windowsserver/en-US/8fa025b0-1374-4029-b631-395232f8645c/2012-r2-rds-server-   not-enforcing-activedirectory-user-account-rdp-session-timeoutdisconnect?forum=winserverTS

3. To enable active directory user RDS/ICA session settings on windows 2012 R2, modify the following registry keys:
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
And / Or
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\ICA-Tcp
 
fInheritMaxSessionTime = DWORD 1
fInheritMaxIdleTime = DWORD 1
fInheritMaxDisconnectionTime = DWORD 1   

Then set the "MaxIdleTime" and “MaxDisconnectionTime” REG_DWORD under below registry keys :
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\ICA-tcp
   
 
 

Problem Cause

This is not a Citrix issue. As per our collaboration with Microsoft we got to know that the Logon merge function was rewritten for Windows server 2012 and 2012 R2 and that might have caused this issue. We encourage customers to work directly with Microsoft to investigate this further if the above workarounds are not acceptable.

Issue/Introduction

Session timeout Values configured via user’s AD properties (Sessions Tab) do not take effect in XenDesktop or XenApp session on Windows Server 2012 R2 irrespective of the VDA version being used. These timeout values take effect in RDP session on server 2012 R2. This also used to work in ICA session till server 2008 R2.
Powered by Wolken Software