Users unable to login to terminal server with Webroot installed.



Show first post

198 replies

Userlevel 6
Badge +26
Policy setting in basic configuration. Turn off automatic updates. 
Userlevel 1
@
 
The issue discussed here is really with RDS servers running on Server 2008R2.  
 
There is a separate (Microsoft) issue with Server 2012R2 that exhibits the behaviors you're seeing, i.e. black screen when users try to login.  Here's a TechNet thread that discusses this at length:
 
https://social.technet.microsoft.com/Forums/windowsserver/en-US/4052abbc-e98c-4a94-9255-ae92deb686d2/event-4005-winlogin-windows-logon-process-has-unexpectedly-terminated?forum=winserverTS
 
Latest from Microsoft is that this is a known issue and they are working on a fix (hopefully to be released in the November rollup).  There are also some potential workarounds listed in that thread that may work for you.
 
Hope that helps.
Userlevel 3
Badge +5
Try installing it with the /noupd parameter. It is likely updating before the policy was downloaded.
See page2 in this thread for an example.
Userlevel 7
Badge +35
 
Please view the most recent update on this issue here: https://community.webroot.com/t5/Webroot-for-Business/Update-on-Winlogin-4005-amp-Terminal-Servers-November-17-2016/td-p/275978 
Userlevel 2
Good so far here, but it's only been a couple days since I turned off the nightly reboots again. I would suggest waiting at least another week or 2 to know if it is for sure fixed, I thought it was for us a couple months ago and then it started again after a week or more of being fine.
 
I have seen many reports that the issue with webroot causing stuck agent commands for labtech agents was fixed in the .75 build as well though, so if you are running labtech you want to get those agents updated to .75 asap
Userlevel 7
Badge +35
We have an upcoming agent update which will address the winlogin errors on RDS terminal servers. Please see the post and product bulletins here.
 
Click to see post and bulletin
Userlevel 7
Badge +35
@, our global escalation team is actively investigating this issue. If you can please submit a ticket so they can take a look at your logs and gather additional information that would help them resolve this for you. Thanks!
 
Any update on proper fix for this issue? Few of our clients are affected by this.
Userlevel 4
Badge +7
Hi Mierwins,

Just because you have version 9.0.18.34 installed does not mean that the issue for you is different. A part of the resolution process was to ensure that Webroot was completely removed before applying the update.

Before installing the latest agent build please ensure that you have removed the agent currently installed and ensure that C:Program DataWRData has been removed (if not please delete this folder) Please ensure that you reboot the server after applying the latest update.

Regards,
Andrew
We are an MSP with hundreds of servers and have confirmed that Webroot is crashing Terminal servers with a logged 4005 event running the latest 9.0.18.34 version.  With webroot fully removed, the servers do not crash or lockup preventing logins.  We've had this issue ongoing for 2 months now, we are now demoing other products since this has not been resolved in a timely manner.  
 
To bring back activity to the server, the TermService service can be restarted to allow connections again.
Userlevel 4
Badge +7
Yes follow the same process but use the latest installer. The link for the latest version has obviously changed over time but as long as you have fully removed Webroot as per the instructions then this should resolve your issue.

Andrew
Userlevel 4
Badge +7
@ I have not looked all the way back through this thread but it looks to me like this is your first post on this topic, if not then my apologies.

However if this is your first post on this, can you please advise if you have tried the fixes that have posted all through this thread? It would be helpful to know what you have attempted to do to resolve this so as we, the community, can be of more help to you.

Cheers,
Crossy
@ I have opened a ticket and have been given a process for a possible fix. However a question I have asked via ticket has been ignored: Is the latest version (currently 18.44) stable as long as the process is followed?
 
I understand from your previous posts that the process should not be explained externally so I appoligize if this seems vague.
 
Thanks
Userlevel 7
No worries, @!
 
Yes, it should be stable so long as the steps are followed correctly. If you do somehow experience issues, please let the Support Team know in your ticket.
Userlevel 1
If there's a checklist, where is it?
Even great support is a pain - we're frequently busy with other things when support gets back to you.  Sometimes in the car, other times busy with another crisis...
If they'd publish updates in the Knowledge Base, we'd at least have something to work with.
I am frankly appalled that a major security softwareprovider could let this issue go on for years without a reliable fix.
So, I have started a support case and will wait until it's convenient for them to get back to me.   WR's response time has been good, no complaints there.   However, this issue is dragging on and it's inexcusable.   Shouldn't have to deal with this...
Userlevel 7
Badge +35
Hi @,
 
Thanks for your feedback. We are working on being more transparent and sharing more information, and we actually have just launched a knowledge base area for known issues here. Here is the KB on for the 4005 issue. Please take a look when you have a chance!
Userlevel 1
Thanks,
 
I have confirmed that my RDS-Server policy contained these settings (listed in the KB article), and that it was applied to the server in question.
I used this poilicy previously on another RDS server (same OS) and it successfully resolved the issue.   On this server, however, the problem still occurs, about once a week or so...
 
Support has requested some diagnostic information, and I guess I need to gather that for them.
 
 
 
Userlevel 2
I'm not having issues on 2008 R2 terminal servers.
Is there a KB article that will help with issues on these servers?
Userlevel 7
Badge +56
Are you getting Winlogin Error 4005? If so, there's a workaround for that, which is to uninstall the following patches:
KB2621440
KB2667402
There is no error until the time out saying the remote connection is unvailable. It attempts to login and the progress bar "loads" at establishing connection but never connects. 
Userlevel 7
Badge +56
Anything in the event logs?
Userlevel 2
Hi Nic,
 
Just to let you know, we've had winlogon issues on our 2008 terminal server farm, but removing these two patches have not resolved the issue. In fact, we have rebuilt all the servers from scratch, not installing these two fixes, and we still have the issue.
 
I believe my colleague has opened a ticket with support, and we are also working with Microsoft.
Userlevel 7
Badge +56
Ok sounds like it might be a different issue then.  Let me know what support says!
We had this issue happen on two of our terminal servers that we installed Webroot on. It would happen once every 6-7 days and only on the two servers with Webroot on them. Since adding Webroot was the only thing we changed we removed it a month ago and have not had a reoccurance since then. The issue persisted about 6 weeks before we removed Webroot and reinstalled the old AV. Rebooting the server would fix the login issue but it not a solution at 9am on a Tuesday when half the office is in an working already and the other half arrives and can't Login. 
 
Our goal is to get Webroot back on those servers as we prefer this solution to McAfee but we need to find a fix for this. 
 
Events that occured that morning around the issue are:
 
Event ID 1 - VDS Basic Provider - Unexpected failure. Error code: 490@01010004
 
Event 1103 - TerminalServices-Printers - An internal communication error occurred.  Redirected printing will no longer function for a single user session.  Check the status of the Remote Desktop Device Redirector in the System folder of Device Manager.
 
Event ID 29 - Kerberos-Key-Distribution-Center - The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.
 
 
 
 
hi, we too are suffering from the same problem. On 2 terminal servers 2008R2 running about 50 sessions we have random unexpected winlogon errors # 4005. In the same moment an error 20 in Microsoft-windows-terminalservices-LocalSessionManager/operational  is recorded for each error # 4005. When this happens, people already connected to terminal server  work regularly while other users can't access terminal anymore. No other solution is left  than reboot the machine. 
We have removed the 2 MS patches with no result. HKLMsystemcurrentcontrolsetcontrol erminal serversysprocs is configured correctly 

Reply