Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

A remote session does not end immediately on a computer that is running Windows Server 2003 Service Pack 1


View products that this article applies to.

Symptoms

You try to close a published application shortly after the application is started on a remote computer that is running Terminal Services and Microsoft Windows Server 2003 Service Pack 1 (SP1). However, the remote session does not end immediately. The Remote Desktop Connection window may stay open for up to 70 seconds.

↑ Back to the top


Cause

This issue occurs because Windows Server 2003 SP1 moves the user and computer certificate autoenrollment into the Userinit process. The certificate autoenrollment has up to 70 seconds to finish.

↑ Back to the top


Resolution

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

To resolve this issue, create the AEExpress registry subkey in the registry of the Windows Server 2003 SP1-based remote computer that is running Terminal Services. To do this, follow these steps.

Note You have to create this registry key for every user on the Windows Server 2003 SP1-based computer.
  1. Click Start, click Run, type regedit, and then click OK.
  2. In Registry Editor, locate and then click the following registry subkey:
    HKEY_CURRENT_USER\Software\Microsoft\Cryptography\AutoEnrollment
  3. On the Edit menu, point to New, and then click Key.
  4. Type AEExpress, and then press ENTER.
  5. On the File menu, click Exit to close Registry Editor.

Note We recommend that you not to use the AEExpress registry subkey in a regular production environment. If you have to use the AEExpress registry subkey, use it on a per-user basis.

↑ Back to the top


Workaround

To work around this issue, follow these steps:
  1. Click Start, click Run, type Gpedit.msc, and then click OK.
  2. Expand User Configuration, expand Windows Settings, expand Security Settings, and then click Public Key Policies.
  3. Double-click Autoenrollment Settings, and then click the Do not enroll certificates automatically option.

↑ Back to the top


Status

This behavior is by design.

↑ Back to the top


More information

For more information about certificate autoenrollment in Windows Server 2003, visit the following Microsoft Web site:

Technical support for x64-based versions of Microsoft Windows

Your hardware manufacturer provides technical support and assistance for x64-based versions of Windows. Your hardware manufacturer provides support because an x64-based version of Windows was included with your hardware. Your hardware manufacturer might have customized the installation of Windows with unique components. Unique components might include specific device drivers or might include optional settings to maximize the performance of the hardware. Microsoft will provide reasonable-effort assistance if you need technical help with your x64-based version of Windows. However, you might have to contact your manufacturer directly. Your manufacturer is best qualified to support the software that your manufacturer installed on the hardware.

For product information about Microsoft Windows XP Professional x64 Edition, visit the following Microsoft Web site: For product information about x64-based versions of Microsoft Windows Server 2003, visit the following Microsoft Web site:

↑ Back to the top


Keywords: KB901196, kbprb, kbtshoot

↑ Back to the top

Article Info
Article ID : 901196
Revision : 7
Created on : 10/11/2007
Published on : 10/11/2007
Exists online : False
Views : 416