- Published on : 12 April 2019 at 08:49 UTC
When you deploy a RDS infrastructure, you must also maintain and protect it by regularly installing Windows updates and the programs you have installed.
However, since your users are also using this server, you will need to limit access to the server to install these updates.
- Notify your users
- Put the server into maintenance
- Disconnect your users
To begin, the most important thing is to warn your users early enough so that they can save their work before you work on the server.
For this you can do it through the GUI, through the Server Manager -> Remote Desktop Services -> Collections.
In the "Connections" list, you will see the list of users connected to your RDS server.
The only disadvantage of doing this via the graphical interface is that you will not be able to send a message to all your users in 1 click.
Indeed, you will have to right click "Send a message" on each connected user.
This can become impossible if you have dozens or even hundreds of users connected to your server.
Via this feature, you will be able to specify :
- a title : Scheduled Maintenance
- a message : Warning: the server will be under maintenance at 17:15! Please save your work and close your session.
Then, click on Send.
Once sent, this is what the user will see on his screen.
If you go through the command line, you can send a message to all users of the server in one command.
msg * "message to send to all users"
Note : the asterisk (*) is used to target all users.
If you want to send a more professional message, with newlines, use the command like this :
In this case, the command will wait for you to type your message.
Enter message to send; end message by pressing CTRL-Z on new line, then ENTER
Type your message. For example :
Warning : the server will be under maintenance at 17:35 ! Please save your work and close your session. Sincerely, your system administrator ^Z
Once you have validated your message by the combination "CTRL + Z" on a new line, then ENTER, the message will appear on the screen of all your users.
But, as you can see, by default, the msg command causes an encoding error.
Indeed, the message you write in the console (OEM 850) is not encoded in the same way as Windows (windows-1252).
There will be display problems for accented characters.
To solve the problem, simply change the encoding used by the command prompt temporarily by typing this command :
Now, the command prompt will use the same encoding as Windows.
Type the command again :
Type your message as before (ignoring the fact that accented characters don't display correctly in the command prompt).
Once you have validated sending the message, you will see that it will appear correctly.
In reality, there is no maintenance mode on RDS.
Nevertheless, it's possible to :
- block new connections to the server
- disconnect users from the server
- OR close their sessions with one command
To get started, go to "Server Manager -> Collections" and right click "Do not allow new connections" on your RDS server.
To disconnect your users, you have 2 possibilities :
- disconnect them only : to keep the programs open and avoid losing the work done by your users
- close their session : to also close the programs which would have remained open and which would prevent, if necessary, to update them
If you go through the server manager, you will be able to choose :
- Disconnect : to disconnect the user
- Log off : to log off
Once you disconnect or log off the user, they will receive an error "Your Remote Desktop Services session has ended".
At the moment, 1 user and you as an administrator are connected.
To disconnect all users, you can rely on a script provided by Microsoft.
query session >session.txt for /f "skip=1 tokens=3," %%i in (session.txt) DO tsdiscon %%i del session.txt
On the user side, you will see this error message : Your Remote Desktop Services session has ended.
Note that you will also be disconnected and the script will disconnect only users who have logged in before you.
To disconnect the rest of the users, you may need to reconnect and restart the script a second time.
As you can see through the task manager, other users will be in "Disconnected" status.
Note that a disconnected user can still reconnect because it's a reconnection to an existing session and not a new connection.
If you want to prevent your users from reconnecting during maintenance, you will need to log out them.
To do this, use the Microsoft script (whose link has been indicated previously).
query session >session.txt for /f "skip=1 tokens=3," %%i in (session.txt) DO logoff %%i del session.txt
Once the script has finished closing all sessions, log back in as an administrator and you will find that there are only you on the server.
Also, since new connections are prohibited, your users will not be able to reconnect to your RDS server until maintenance is complete.