Technical Tip: TSagent log -- "Failed to call WTSQueryUserToken for session"

tsimeonov_FTNT · ‎01-05-2015

Description
In some Terminal Servers deployments, the Terminal server agent (TSagent ) fails to call WTSQueryUserToken.

Evidence of this is the TSagent log message "...Failed to call WTSQueryUserToken for session..."

For example:

06-24-2013 16:26:14 [00000794] Message WTS_REMOTE_CONNECT, session ID:2
06-24-2013 16:26:14 [00000794] Failed to call WTSQueryUserToken for session ID:2,error=122
06-24-2013 16:26:14 [00000794] Failed to get token for session ID:2,error=183
06-24-2013 16:26:14 [00000794] Failed to get username for session ID:2
06-24-2013 16:26:19 [00000794] Message WTS_SESSION_LOGON, session ID:2
06-24-2013 16:26:19 [00000794] Failed to call WTSQueryUserToken for session ID:2,error=122
06-24-2013 16:26:19 [00000794] Failed to get token for session ID:2,error=183
06-24-2013 16:26:19 [00000794] Failed to get username for session ID:2

Scope
TSAgent build 140 or later

Solution

Terminal Server (TSagent), can be configured to call one of two functions to poll the users’ events.

1. "using_wtsapi"=dword:00000000 - by default (WTSQueryUserToken())).
note: the registry key may also be missing from the Windows registry

2. "using_wtsapi"=dword:00000001 – available starting in TSAgent build 140

If WTSQueryUserToken fails, change the way the TSAgent polls by changing the following registry key:

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Fortinet\FSAE\TSAgent]

"using_wtsapi"=dword:00000001

For example:

06-24-2013 16:30:03 [00001a0c] 192.168.1.111.16:8002
06-24-2013 16:30:13 [00001484] Message WTS_SESSION_LOGOFF, session ID:2
06-24-2013 16:30:22 [00001484] Message WTS_REMOTE_CONNECT, session ID:3
06-24-2013 16:30:22 [00001484] Failed to call WTSQuerySessionInformation with WTSUserName, username length is 0, error:0
06-24-2013 16:30:22 [00001484] Failed to get username for session ID:3
06-24-2013 16:30:27 [00001484] Message WTS_SESSION_LOGON, session ID:3
06-24-2013 16:30:27 [00001484] session ID:3, username: USER01, domain: MYDOMAIN01
06-24-2013 16:30:27 [00001484] session ID:3 has added to session table
06-24-2013 16:30:27 [00001484] succeeded to allocate port range 5001-5200 for session 3