Why you shouldn't enable RDP via GPO on XenApp/RDS Hosts

I recently had to troubleshoot a Problem where the Customer told me that sometimes all the Sessions on a XenApp 6 Host got disconnected and the Users then had to reconnect to their XenApp Sessions to continue working.

After a little Research (more like googeling) I narrowed it down to the the Group Policy Refresh. Not always, but sometimes, when doing an "gpupdate /force" all User Sessions on the XenApp Host got disconnected. With this in mind I found the following Microsoft Knowledgebase Article: http://support.microsoft.com/kb/2083411

The customer in fact used the Group Policy Option "Allow users to connect remotely using Terminal Services" to enable Remote Desktop and force a specific Remote Desktop Security Setting on all of his XenApp Servers.

After setting the Registry Key "fDenyTSConnection" to 0 (as suggested in the Microsoft KB Article) the sudden disconnects were gone.

Problem solved! :)