Video Screencast Help

Remote Desktop Hangs on exit...

Created: 18 Jan 2008 • Updated: 21 May 2010 | 47 comments
This issue has been solved. See solution.
Since installing the updated 1375 build on:
a) Server 2008 RC0 32-bit
b) Vista Business 32-bit
c) Server 2003 R2
every time I use remote desktop to connect to one of the machines, when I log off to end the remote desktop session, the session hangs.  It appears that the remote desktop session does in fact terminate, but I have to manually close the "empty" RDP session.
It is clearly an issue on the remte end, since it occurs even when remoting from a machine that does not have any Symantec product installed.
Has anyone else seen this behaviour?

Comments 47 CommentsJump to latest comment

MikeSAMSA's picture
Yes, we have experienced the same issue on the last two servers we installed, both having Endpoint.  Are you aware of a resolution yet?
jskelton's picture
I too am having this issue.
Since the installation of SEP to each of our servers it now takes around 62 or 63 seconds to end the rdp session. Not more not less. It does not do this on our desktops or laptops. Eventually the session ends and I go about my business - I usually just minimize the screen.
It doesn't seem to be having an ill effect but it is an annoyance.
We have different settings: AV/AS, Proactive Threats, and Network Threats, for our desktops than we do for our servers so I am going to look at those settings to see if anything jumps out.
If you know of anything let me know.
DeepSky's picture

I was wondering what was going on with this.

Will the RDP session still close itself if you exit out of the RDP window?

jskelton's picture
I'm not sure.
I usually just minimize it and let it end on its own. I guess there's only one way to find out.
jskelton's picture
Just a bit more info:
This is only happening on servers: Windows 2000 and 2003; we don't have any 2008 yet.
This does not happen with XP, desktops or laptops.
This is just happening for rdp connections; it doesn't happen when you connect to the machine directly at the console. Same results whether it's a box or a blade connected to a SAN.
I know this is not a show stopper but its got to have something to do with the way the SEP client communicates to the SEPM.
reza akhlaghy's picture
I want to add myself to "me too" list and also add these comments:
1) it will not happen all the time on all servers, I exprienced it on one server sometimes,
    I didnt notice it might be related to SEP...
2) The problem occurs if you connect FROM a client with SEP, I didnt encounter a situation
     in which I connect from a computer without SEP and I face such error, so it must have
     something to do with initiating point not endpoint.
3) Our servers are all 2003

Message Edited by reza akhlaghy on 02-23-2008 03:37 PM

Alex Conduit's picture
To add my 2c worth...
I'm experiencing this problem with both Server 2000 & Server 2003 (R1 & R2) - this problem has not affected servers that do not have enpoint installed.  However, servers that had endpoint installed (subsequently un-installed) still exhibit this behaviour.
I have not tried connecting from a client that has never had endpoint installed on it - as I don't currently have any.
Both ICA & RDP protocols seem to be affected
vRad's picture
I too have the same issue.  To confirm I uninstalled sep and the remote desktop logoff disconnect time returned to normal.  I reinstalled sep and the logoff disconnect time was again longer.  This issue seems to only affect 32-bit versions as I do not have the issue with any of my 64-bit Windows machines.  I have tested with both physical machines and vmware virtual machines.  While annoying, the issue does not seem to affect the machines, but should be addressed since I had a couple sessions hang for several minutes.
LowEnergy's picture
I spent 4 hours on the phone with Symantec yesterday resolving several issues with SEP. I asked about RDP hanging when I was logging off and he assured me that SEP was not the problem. In my situation RDP is only hanging on the server I have the management console running on, so maybe there's an issue there? I'm running Server 2003 on the machine that's hanging up. I have the client installed on 10 managed workstations, 2 managed laptops and one other 2003 server that do not exhbit this behavior. As others have said, it's not causing any problems, but it is annoying. I usually just minimize the RDP window until it closes.
Has anyone found a resolution?
doctortt's picture
This is scary. I'm planning to deploy SEP on Windows 2003 OS.   Just curious - do you guys have pro-active threat and network threat features installed?  How is SEP configured?
Knottyropes's picture
I have it installed on 6 out of 8 servers. AV and Antispy only. SEP 11 MR1
BES 2k sp4
FTP 2003 sp2
SQL 2003 sp2
WEB 2003 sp2
DC,GC, SEPM 2003 sp2
ISA 2003 sp2
I have not put it on exchange 2003 or my files/print/DC/GC/FAX/BE 10D
They are both on SAV10.1.5.
RDP is not an issue on BES, FTP or ISA.
Weird, I just close RDP and not log off and it is fast.
I am the only admin so it is not a major issue for me.

Message Edited by Knottyropes on 06-05-2008 02:02 PM

MikeSAMSA's picture
Our tech guys solved this problem by installing the MR2 version.
Knottyropes's picture
That sounds like a good cure. I am afraid to upgrade to MR2 because of the file share issues I have heard about. I know it was an issue with MR1 but mine are fixed at the moment.
I will try it on my FTP server today, not that its afected.
Then try on my web server to see if RDP works better.
CoveWolf's picture
We are having the same problem.  The clients do not have SEP loaded they are still using enterprise.  We installed SEP (anti-virus and proactive) on our server.  Terminal services slowed down, some of the features would not work all of the time, and it hung up when we tried to disconnect.  We uninstalled SEP from the server and it works fine.  We tried creating a seperate package that would only install the anti-virus and installed it on the server.  Our clients still had the same problems.  We uninstalled SEP once again and it goes back to working correctly.  All of this is happening in a MR2 environment.  The SEPM and all SEP were installed from the MR2 disk and were not upgraded from MR1.  Thanks for any help. you can give.

Message Edited by CoveWolf on 06-06-2008 09:21 AM

LowEnergy's picture

I installed the new release of SEP and rebooted the management server and the issue appears to have been resolved. RDP now closes as it should.

doctortt's picture
is the new version you're referring to MR2?
doctortt's picture
That's good to hear. I'm on MR2 (fresh implementation)
CME_ACR's picture

Any word on this? I'm still having an issue. We have a fresh install of SEP 11.0.2010.25 on 2 machines running Server 2003. They were upgraded from Symantec anti-virus to SEP (Symantec a/v was uninstalled and computers rebooted before installing SEP.)


Any help would be much appreciated since this is a bit of annoyance having to wait a minute or longer for remote desktop to close.

Message Edited by CME_ACR on 07-22-2008 08:09 AM
CME_ACR's picture

Just updated to 11.0.2020 MR2 MP2 and it is STILL hanging on exit. Someone fix this.

GossamerSD's picture

I have several clients that run a database app within an RDP session.  The server is a Windows 2003 Server Standard Edition.  SEPM is installed on a different box, a Windows 2003 Server Small Business Edition.  RDP sessions that get to the desktop go in and out no problem at every one of my clients.


HOWEVER...  If the application they are running is launched automatically by the RDP client, THEN it hangs on exiting.  When I look at the processes in Task Manager, SmcGui.exe is still running, even though I have a blank background, no icons, no start menu...  If I try and do an End Task on SmcGui.exe, it immediately reloads.


This led me to believe that the issue was with Tamper Protection.  So I disabled Tamper Protection.  No difference.  So I uninstalled the SEP client (by the way, as soon as I uninstall the client, the sessions exit properly) and reinstalled it as an unmanaged client, with ONLY Anti-Virus and Anti-Spyware.  Again, turned off Tamper Protection.  Even put the application that was being autolaunched as an exception...  Same problem.


The most recent client is running MR2 MP2, but I have some clients running MR2 and some on the original 11.0.  This is a HUGE problem for me and my clients.  At this point, I have had no choice but to leave 14 application server's UNPROTECTED as this product interferes with their essential daily usage.


By the way, when the session is hung, if you hit Ctrl-Alt-End and click Log Off, it will exit right away.  But try telling 500 database users that they now have to do this every day because Symantec hasn't fixed this yet.

Message Edited by GossamerSD on 09-04-2008 09:39 AM
Ted G.'s picture

We've had a fix for this for a while yet. Not sure why no one has posted this in this threat yet. Please refer to the documentation below:

Title: 'Remote Desktop takes longer to log off of a session to a Windows Server 2003 SP2 running Symantec Endpoint Protection 11.0.2000.x with Sysplant enabled'
Document ID: 2008060611563948
> Web URL:

This fix has not been confirmed as a resolution yet for Win 2000, Vista, or 2K8 Server. If anyone gets it to work for those OS's, please reply to this thread and let us know so we can add those Os's to the documentation. Thanks!


Hurricane Andrew's picture

Ouch.  Isn't that like killing the patient to cure the disease?  Removing App and Device Control and opening up all of our USB ports for data leakage is a workaround?  Hopefuly a better solution will come along soon...

"Hurricane" Andrew

Dover, Delaware

Surfer's picture

Our issue is very much the same. We have a windows small Biz server 2003, from a Win 2000 remote desk top client access, all is normal (login, use and logout) but from Windows Vista the logout hangs on the client (Vista) system. When I logout on the remote session on the Vista system connected to the 2003 SBS system the 2003 SBS system shows all connections and processes stopped or removed correctly. To complete the shutdown of the remote session on the Vista system I have to kill the process using the task manager. The RDT hang on Vista started about 3 weeks ago , prior to that it worked fine. The only thing that has been done to both the server (SBS2003) and the Client Vista is normal Windows updates.

Paul Murgatroyd's picture

is anyone seeing the same behaviour with MR3?

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed:

CME_ACR's picture

It seems to be fixed on MR3. I'm not experiencing the issue anymore and it seems a little quicker to close than the "workaround"

Knottyropes's picture

only have 3 servers on it and so far it is quick to close.

cgroothius1's picture

This issue is definitely NOT fixed.  I have this issue on XP SP3 and XP SP2 clients.  The RDP session will establish first time around.  Occaisionally it simply freezes up and stops accepting commands.  Also, when trying to disconnect and reconnect a session the error message "Login FAILED"  error connecting to existing session for domain\user.  The request could not be completed because the terminal connection is currently busy processing a connect disconnect or reset operation.


At that point, you can not even log in at the workstation directly and a power off of the system is required. At that pointRDP can be restablished, only for the same thing to happen  again later...


This is true in MR2 amd MR3.  I have a case with Symantec but no resolution at all (upgrade to MR3 was the initial story) .


Highly unsatisfactory....


Second "fix" was to uninsatll the Device control component...same results....


Totatly unsatisfactory now....


mammer's picture

We too are having this problem where the rdp session hangs on logout. It happens when:

-the user connects to the session using the "start the following program on connection" option.

-we are running MR3 on windows server 2003

-we only have the antivirus component installed. (no ptp,ntp or application/device control)


If an administrator connects to the server and kills the smcgui.exe instance attached to the users rdp session, then the logout works fine. 

robert rohrer's picture

Win2k3 server sp2, only AV component installed:

1-no issues with logoff

2-followed instructions to disable multiple instances of smcgui on a terminal server

3-use uphclean on the terminal server



minbek's picture

i use MR4 release and i have the same problem rdp is hunk to log off what can i do???????????

minbek's picture

i have installed MR4 and i have the same problem what is the solution?????

mammer's picture

The following worked for me:

open regedit

Under HKLM\SOFTWARE\Symantec\Endpoint Protection\SMC

Create a new Dword Key = LaunchSmcGui
Set it to 0


CoveWolf's picture

Mammer, is this registry setting changed on the terminal server or on the client machine that is trying to connect?

CoveWolf's picture

Does anyone know if the registry change is done on the client or the terminal server?  I am assuming it would be done on the server but I'd like to make sure.

CoveWolf's picture

My machines and server are MR4 and I am still having this problem.  When a user closes out the program he is using the connection is supposed to end.  instead it just sits there with a blue screen.  I thought this was supposed to be fixed in MR3.

mammer's picture

The registry setting should be changed on the terminal server. It prevents an instance of smcgui.exe from being launched in the user session. (they also won't see the symantec icon in the tray)

CoveWolf's picture

This still didn't work. I changed the registry on the server and it still hangs.  The server we currently are having problems with only has three machines that remote in so it is not a huge deal yet.  We are going to replace another server soon they has a lot more people connecting to it.  What we are going to do is get the server set up and ready to go but not put it into production.  Then if we still have the terminal services (remote desktop connection) hanging issue we are going to open a trouble ticket.  That way we don't have to reboot an in service server 100 times during the troubleshooting process.  The server it is going to replace still has corporate edition installed.

minbek's picture

thanks a lot this worked for me but the icon of client of endpoint disappear from the toolbar of server?is this problem?av protections running on the server?

CoveWolf's picture

Does it matter what mode the terminal server is in when I make the registry change?  What do you symantec employees think of this fix?  I am not sure I want to make a registry change if I don't have to or if it is not recommended.

Paul Murgatroyd's picture

mode doesn't matter, the change is fine to make, we added it into MR3 for this very reason. (and to prevent 100's of instances of SmcGui taking up large amounts of memory on busy terminal servers!)


all protection is still running, but yes, it does remove the shield from the system tray. 

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed:

CoveWolf's picture

Paul thanks for the reply.  You say you guys added it to MR3 right?  So if I am using MR4 I don't need to make the change?  I am still having this issue with one server and am getting ready to replace another terminal server.  I haven't opened a new trouble ticket for this new server but I am sure I will end up having to.

Knottyropes's picture

possible they added it to MR3 and forgot to keep it in MR4?

So if going MR2 to MR4, it would not get applied?

Paul Murgatroyd's picture

the registry key isn't there by default, you have to add it.

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed:

Wolfi3's picture

I am getting the following error and tried the registry entry already.
Have MR4_MP1

The following handles in user profile hive CCS\test123 (S-1-5-21-1757981266-2139871995-725345543-2139) have been closed because they were preventing the profile from unloading successfully:
Rtvscan.exe (2164)
  HKCU\Software\Symantec\Symantec Endpoint Protection\AV\Custom Tasks (0x7d4)

Any suggestions?

Richaz's picture

Has the RDP issues been resolved with MR4 MP2? Any luck there?

ITforSHOES's picture

If anyone is stil having this  problem, here is the solution I found:

On the server that you are connecting to, go to the properties page for the netowrk adapter through which you are connecting via RDP;
Click the "Configure" button for the adapter;
Go to the "Advanced" tab;
If there is a property called "Large Send Offload", and it is enabled, select "Disable" for the value;
Click "OK"

This solved the problem on three Dell servers for me.