Data Collection: RDP Connection Issues

News Knowledge Base
1

What data is required when a RDP connection issue is discovered?

This article provides information on how to collect Verbose RDP logs required for RDP Connection issue troubleshooting.

Logs

  1. Add the following system variables on the failing machine

    WLOG_APPENDER=FILE
    WLOG_LEVEL=DEBUG
    WLOG_FILEAPPENDER_OUTPUT_FILE_PATH= use a file path that can be found easily
    More information regarding logging capabilities of freerdp here.
    UIPATH_SESSION_TIMEOUT = 240 (this way the timeout due to the RDP failure will precede a timeout we enforce)

  2. Restart the Robot service. Log will not be generated until a FreeRDP session is started

  3. Open an elevated command and run the uirobot.exe --enablelowlevel

  4. Start the schedule

  5. Wait until the error appears

  6. Stop the schedule

  7. Open an elevated command and run the uirobot.exe --disablelowlevel

  8. Grab the .etl file created

  9. Stop the Robot service

  10. Grab the .log file created (Delete the hexadecimal numbers under "Sending Authentication Token" that has hexadecimal numbers, these are confidential data)

    1.PNG

  11. Note down a timestamp of the occurrence

  12. Open EventViewer

  13. Click the custom Views Folder

  14. In the Actions pane on the right side click Import Custom Views

  15. Import the Attached XML (RDP.xml)

  16. In the right-side pane click Properties > Edit Filter

  17. Add the following filters

    USER - The Domain\User of the machine whose credentials are used by the robot
    LOGGED - Custom Range. Include previous successful job and at least one failing job

  18. Right-click the custom view and select Save all events in custom view as...

  19. Grab the .evtx file

  20. Remove the variables with WLOG

  21. On the affected machine run the following in an elevated PowerShell
    gpresult /Scope Computer /v | out-file "\policies.txt"
  22. Grab the policies.txt file

Attempt a connection using the FreeRDP wrapper


It is useful if the error is caught and after that, immediately try to connect
If an alarm is set in Orchestrator, a notification will be sent via email as soon as it fails.

  1. Download the attached file (RDP1.xml) - This is the exact implementation built as an executable
  2. Unzip on a different machine
  3. Run a CMD and execute wfreerdp.exe /v:MACHINE /u:MACHINE\USER /p:PWD where MACHINE is the host of the attempted RDP session
  4. Take a screenshot of the RDP console if it errors out. It usually shows the OS error if there is one

Attach the files from points: 8, 10, 19, 21 and screenshots if the optional part was successful.