How to collect Verbose RDP logs required for RDP Connection issue

How to collect Verbose RDP logs required for RDP Connection issue?

Provides information on how to collect Verbose RDP logs required for RDP Connection issue troubleshooting.

Logs

  1. Add the following system variables on the failing machine

    WLOG_APPENDER=FILE
    WLOG_LEVEL=DEBUG
    WLOG_FILEAPPENDER_OUTPUT_FILE_PATH=<folder_path> use a file path where you can find the logs easily.
    More information regarding logging capabilities of freerdp here.
    UIPATH_SESSION_TIMEOUT = 240 (this way the timeout due to the RDP failure will precede a timeout we enforce)
     

  2. Restart the Robot service. Log will not be generated until you start a FreeRDP session.

  3. Open an elevated command and run the uirobot.exe --enablelowlevel

  4. Start the schedule

  5. Wait until the error appears

  6. Stop the schedule

  7. Open an elevated command and run the uirobot.exe --disablelowlevel

  8. Grab the .etl file created

  9. Stop the Robot service

  10. Grab the .log file created (Delete the hexadecimal numbers under "Sending Authentication Token" that has hexadecimal numbers, these are confidential data)

  11. Note down a timestamp of the occurrence

  12. Open EventViewer

  13. Click the custom Views Folder

  14. In the Actions pane on the right side click Import Custom Views

  15. Import the Attached XML (RDP.xml)

  16. In the right-side pane click Properties > Edit Filter

  17. Add the following filters

    USER - The Domain\User of the machine whose credentials are used by the robot
    LOGGED - Custom Range. Include previous successful job and at least one failing job
     

  18. Right click the custom view and select Save all events in custom view as...

  19. Grab the .evtx file

  20. Remove the variables with WLOG to make sure you're not creating a useless large log

  21. On the affected machine run the following in an elevated PowerShell
    gpresult /Scope Computer /v | out-file "<filepath>\policies.txt"
  22. Grab the policies.txt file
     

Attempt a connection using the FreeRDP wrapper


Useful if you can catch the error and attempt to connect exactly after it. 
Setup an Orchestrator alarm so you can be notified as soon as it fails via email, if you don't already have one.

  1. Download the FREERDP.zip from the following drive link - This is the exact implementation built as an executable
  2. Unzip on a different machine
  3. Run a CMD and execute wfreerdp.exe /v:MACHINE /u:MACHINE\USER /p:PWD where MACHINE is the host of the attempted RDP session
  4. Take a screenshot of the RDP console if it errors out. It usually shows the OS error if there is one

 

Attach the files from points: 8, 10, 19, 21 and screenshots if the optional part was successful