A remote session does not end immediately on a computer that is running Windows Server 2003 Service Pack 1

You try to close a published application shortly after the application is started on a remote computer that is running Terminal Services and Microsoft Windows Server 2003 Service Pack 1 (SP1). However, the remote session does not end immediately. The Remote Desktop Connection window may stay open for up to 70 seconds.

This issue occurs because Windows Server 2003 SP1 moves the user and computer certificate autoenrollment into the Userinit process. The certificate autoenrollment has up to 70 seconds to finish.

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

To resolve this issue, create the AEExpress registry subkey in the registry of the Windows Server 2003 SP1-based remote computer that is running Terminal Services. To do this, follow these steps.

Note You have to create this registry key for every user on the Windows Server 2003 SP1-based computer.

1. Click Start, click Run, type regedit, and then click OK.
2. In Registry Editor, locate and then click the following registry subkey:
   HKEY_CURRENT_USER\Software\Microsoft\Cryptography\AutoEnrollment
3. On the Edit menu, point to New, and then click Key.
4. Type AEExpress, and then press ENTER.
5. On the File menu, click Exit to close Registry Editor.

Note We recommend that you not to use the AEExpress registry subkey in a regular production environment. If you have to use the AEExpress registry subkey, use it on a per-user basis.

To work around this issue, follow these steps:

1. Click Start, click Run, type Gpedit.msc, and then click OK.
2. Expand User Configuration, expand Windows Settings, expand Security Settings, and then click Public Key Policies.
3. Double-click Autoenrollment Settings, and then click the Do not enroll certificates automatically option.

This behavior is by design.

For more information about certificate autoenrollment in Windows Server 2003, visit the following Microsoft Web site:

Technical support for x64-based versions of Microsoft Windows

Your hardware manufacturer provides technical support and assistance for x64-based versions of Windows. Your hardware manufacturer provides support because an x64-based version of Windows was included with your hardware. Your hardware manufacturer might have customized the installation of Windows with unique components. Unique components might include specific device drivers or might include optional settings to maximize the performance of the hardware. Microsoft will provide reasonable-effort assistance if you need technical help with your x64-based version of Windows. However, you might have to contact your manufacturer directly. Your manufacturer is best qualified to support the software that your manufacturer installed on the hardware.

For product information about Microsoft Windows XP Professional x64 Edition, visit the following Microsoft Web site: For product information about x64-based versions of Microsoft Windows Server 2003, visit the following Microsoft Web site: