Remote Desktop Freezing Windows 10



A problem since Windows Vista was launched is that when you remote control another user and try to elevate to Administrator, using for instance Quick Assist which is built into Windows 10 or TeamViewer, the screen on the admin side will freeze. This is due to UAC Secure Desktop feature kicking in.

The solution is to turn this secure desktop feature off, lowering security a little but at hardly no risk.

When using windows 10 to remote into windows 7 everything worked correctly. However, when the remote machine was replaced with a windows 10 machine the RDP connection has started randomly freezing. It will freeze for 10 to 15 seconds then any actions I took while I was frozen ( such as keys pressed or mouse locations clicked ) will replay in. For me, connecting with Remote Desktop over VPN, the fix seems to be to disable Persistent bitmap caching under Show Options Local Experience. Windows 10 Home build 18363 connecting to Win10 Enterprise build 18363 over Checkpoint VPN.

Configuration via Intune (MDM)

Create a Configuration Policy >Endpoint Protection and go to Local device security options >User account control. Set the setting Route elevation prompts to user’s interactive desktop to Enabled.

Configuration via Group Policy (GPO)

Vpn

Remote Desktop Freezing Windows 10 1909

In the GPO editor, go to Security Settings >Local Policies >Security Options >User Account Control: Switch to the secure desktop when prompting for elevation to Disabled

-->

This article provides a solution to the issue in which the remote desktop connection stays in the connecting to status.

Original product version: Windows 7 Service Pack 1, Windows Server 2012 R2
Original KB number: 2915774

Symptoms

Remote Desktop Freezing Windows 10

Assume a scenario in which you use a remote desktop connection for operating system Windows 7 or later versions. In this scenario, Remote desktop connection is stuck for several seconds when it displays the following texts:

Remote Desktop Connection
Connecting to:
Securing remote connection...

Cause

Remote desktop connection uses the highest possible security level encryption method between the source and destination.

In Windows 7 or later versions, the remote desktop connection uses the SSL (TLS 1.0) Protocol and the encryption is Certificate-based.

Remote Desktop Freezing Windows 10

It means the authentication is performed by using self-signed certificates (default), or a certificate issued by a certification authority installed on the remote session host server (Terminal Server).

If you use a self-signed certificate, the system tries to retrieve the trusted certification authority list from the Internet to check the publish and revocation status of the certificate. Therefore, the Securing remote connection screen may appear for a while.

Remote Desktop Freezing Windows 10 Version

Workaround

Remote Desktop Freezing Windows 10 Keeping Files Online

To work around this behavior, use either of the following methods:

Method 1

  • If you're using a self-signed certificate, import the certificate to the source. To do this, follow these steps on the destination:

    1. Sign in as an administrator in the destination, select Start, enter mmc in the Search programs and files box and run Microsoft Management Console.
    2. On the File menu, select the Add/Remove Snap-in option.
    3. From the list of Available snap-ins, select Certificates and then select the Add button.
    4. On the Certificate Snap-in screen, select the Computer account check box and then select Next.
    5. On the Select Computer screen, select Local Computer and then select the Finish button.
    6. Go back to the Add/Remove Snap-In dialog box and then select the OK button.
    7. In the left pane of the console window, expand Console Route > Certificates (Local Computer) > Remote Desktop > Certificates.
    8. Double-click the Certificate in the middle pane to open it.
    9. On the Detail tab, select the Copy to File... button.
    10. The Certificate Export Wizard will open. Leave the default settings and then save the file in any folder.
    11. Copy the exported file to the source computer.
  • Then follow these steps on the source:

    1. Sign in as an administrator in the source, select Start, enter mmc in the Search programs and files box, and run the mmc.exe.

    2. Select the File menu and then select the Add/Remove Snap-in option.

    3. From the list of Available snap-ins, select Certificates and then select the Add button.

    4. On the Certificate Snap-in screen, select the Computer account check box and then select Next.

    5. On the Select Computer screen, select Local Computer and then select the Finish button.

    6. Go back to the Add/Remove Snap-In dialog box and then select the OK button.

    7. In the left pane of the console window, expand Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates. Right-click to select All Tasks, and then select Import... from the menu.

    8. The Certificate Import Wizard will open. Follow the instructions in the wizard to start the import.

      1. In the Certificate file to import window, specify the file that was copied from the destination computer.

      2. In the Certificate store window, verify that:

        • Place all certificates in the following store is selected
        • Certificate Store lists Trusted Root Certification Authorities.

    Note

    By default, the self-signed certificate expires in six months. If it has expired, the certificate will be recreated. You must import the recreated certificate to the source again.

Method 2

Deploy a Group Policy Object to the client to turn off Automatic Root Certificates Update. To do it, follow these steps on a Windows Server 2012 R2-based computer:

Remote Desktop Freezes Windows 10 2004

  1. Open Group Policy Management Console. To do it, hold the Windows key and press the r key. Type Gpmc.msc in the Run box, and then select OK.
  2. Create a new Group Policy Object (GPO) or select an existing Group Policy Object (GPO) to change.
  3. Right-click the selected Group Policy Object (GPO) and then select Edit and browse to the following Group Policy:
    Computer Configuration > Administrative Templates > System > Internet Communication Management > Internet Communication settings
  4. In the details pane, double-click Turn off Automatic Root Certificates Update, and then select Enabled.