RemoteApp logon takes 60 sec more than standard Remote Desktop logon

Hi everybody,

I have stand-alone Windows Server 2012 configured as DC (for further scalability) with appropriate domain and valid SSL Certificate. The machine is VIRTUAL.

Therefore, it's the same machine for every role (RD Gateway, RD Licensing etc).

Logging on as remote desktop user takes a few seconds and is quite OK.

Logging on of the same user(s) as a remote app always adds 60 secs of extra time.

I talk about the time after password prompt pops up, which happens almost immediately.

The following minute after confirming the password the logon dialog presents the message

"configuring remote desktop".

Those 60 seconds are well documented in the Event Log and the sequence is always the same.

It looks like two consecutive time-outs of 30 seconds each.

Below is an example of events sequence:

Event 1:

Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:53:51
Event ID:      312
Task Category: (3)
Level:         Information
Keywords:      
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "user@domain", on client computer "xx.xxx.xx.xxx:58554", has initiated an outbound connection. This connection may not be authenticated yet.
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>312</EventID><Version>0</Version><Level>0</Level><Task>3</Task><Opcode>30</Opcode><Keywords>0x4000000000000000</Keywords><TimeCreated SystemTime="2019-06-02T06:53:51.283267000Z" /><EventRecordID>31003</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="15348" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>user@domain</Username><IpAddress>xx.xxx.xx.xxx:58554</IpAddress></EventInfo></UserData></Event>

Event 2:
Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:53:51
Event ID:      313
Task Category: (3)
Level:         Information
Keywords:      
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "user@domain", on client computer "xx.xxx.xx.xxx:58558", has initiated an inbound connection. This connection may not be authenticated yet.
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>313</EventID><Version>0</Version><Level>0</Level><Task>3</Task><Opcode>30</Opcode><Keywords>0x4000000000000000</Keywords><TimeCreated SystemTime="2019-06-02T06:53:51.971015500Z" /><EventRecordID>31004</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="3132" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>user@domain</Username><IpAddress>xx.xxx.xx.xxx:58558</IpAddress></EventInfo></UserData></Event>

Event 3:
Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:53:52
Event ID:      313
Task Category: (3)
Level:         Information
Keywords:      
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "user@domain", on client computer "xx.xxx.xx.xxx:58558", has initiated an inbound connection. This connection may not be authenticated yet.
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>313</EventID><Version>0</Version><Level>0</Level><Task>3</Task><Opcode>30</Opcode><Keywords>0x4000000000000000</Keywords><TimeCreated SystemTime="2019-06-02T06:53:52.033537700Z" /><EventRecordID>31005</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="15348" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>user@domain</Username><IpAddress>xx.xxx.xx.xxx:58558</IpAddress></EventInfo></UserData></Event>

Event 4:
Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:53:52
Event ID:      200
Task Category: (2)
Level:         Information
Keywords:      Audit Success,(16777216)
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "domain\user", on client computer "xx.xxx.xx.xxx", met connection authorization policy requirements and was therefore authorized to access the RD Gateway server. The authentication method used was: "NTLM" and connection protocol used: "HTTP".
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>200</EventID><Version>0</Version><Level>4</Level><Task>2</Task><Opcode>30</Opcode><Keywords>0x4020000001000000</Keywords><TimeCreated SystemTime="2019-06-02T06:53:52.174207400Z" /><EventRecordID>31006</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="3132" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>domain\user</Username><IpAddress>xx.xxx.xx.xxx</IpAddress><AuthType>NTLM</AuthType><Resource></Resource><ConnectionProtocol>HTTP</ConnectionProtocol><ErrorCode>0</ErrorCode></EventInfo></UserData></Event>

Event 5:
Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:53:52
Event ID:      300
Task Category: (5)
Level:         Information
Keywords:      Audit Success,(16777216)
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "domain\user", on client computer "xx.xxx.xx.xxx", met resource authorization policy requirements and was therefore authorized to connect to resource "computer_name.domain.example.com".
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>300</EventID><Version>0</Version><Level>4</Level><Task>5</Task><Opcode>30</Opcode><Keywords>0x4020000001000000</Keywords><TimeCreated SystemTime="2019-06-02T06:53:52.236734600Z" /><EventRecordID>31007</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="1984" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>domain\user</Username><IpAddress>xx.xxx.xx.xxx</IpAddress><AuthType></AuthType><Resource>computer_name.domain.example.com</Resource><ConnectionProtocol></ConnectionProtocol><ErrorCode>0</ErrorCode></EventInfo></UserData></Event>

Event 6:
Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:53:52
Event ID:      302
Task Category: (3)
Level:         Information
Keywords:      (16777216)
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "domain\user", on client computer "xx.xxx.xx.xxx", connected to resource "computer_name.domain.example.com". Connection protocol used: "HTTP".
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>302</EventID><Version>0</Version><Level>4</Level><Task>3</Task><Opcode>30</Opcode><Keywords>0x4000000001000000</Keywords><TimeCreated SystemTime="2019-06-02T06:53:52.252342300Z" /><EventRecordID>31008</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="1984" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>domain\user</Username><IpAddress>xx.xxx.xx.xxx</IpAddress><AuthType></AuthType><Resource>computer_name.domain.example.com</Resource><ConnectionProtocol>HTTP</ConnectionProtocol><ErrorCode>0</ErrorCode></EventInfo></UserData></Event>

Event 7:

Log Name:      Microsoft-Windows-TerminalServices-SessionBroker/Operational
Source:        Microsoft-Windows-TerminalServices-SessionBroker
Date:          02/06/2019 09:54:05
Event ID:      819
Task Category: RD Connection Broker processes connection request
Level:         Verbose
Keywords:      
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
This connection request has timed out. User could not log on to the end point within the alloted time. Remote Desktop Connection Broker will stop monitoring this connection request.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-SessionBroker" Guid="{D1737620-6A25-4BEF-B07B-AAC3DF44EFC9}" /><EventID>819</EventID><Version>0</Version><Level>5</Level><Task>101</Task><Opcode>11</Opcode><Keywords>0x2000000000000000</Keywords><TimeCreated SystemTime="2019-06-02T06:54:05.832911900Z" /><EventRecordID>534539</EventRecordID><Correlation ActivityID="{F420F4EE-0602-48B0-BB7C-BEDE86130000}" /><Execution ProcessID="4596" ThreadID="13724" /><Channel>Microsoft-Windows-TerminalServices-SessionBroker/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><EventData></EventData></Event>

Event 8:

Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:54:22
Event ID:      303
Task Category: (3)
Level:         Information
Keywords:      (16777216)
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "domain\user", on client computer "xx.xxx.xx.xxx", disconnected from the following network resource: "computer_name.domain.example.com". Before the user disconnected, the client transferred 229 bytes and received 156 bytes. The client session duration was 30 seconds. Connection protocol used: "HTTP".
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>303</EventID><Version>0</Version><Level>4</Level><Task>3</Task><Opcode>44</Opcode><Keywords>0x4000000001000000</Keywords><TimeCreated SystemTime="2019-06-02T06:54:22.319436200Z" /><EventRecordID>31009</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="15348" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>domain\user</Username><IpAddress>xx.xxx.xx.xxx</IpAddress><AuthType></AuthType><Resource>computer_name.domain.example.com</Resource><BytesReceived>156</BytesReceived><BytesTransfered>229</BytesTransfered><SessionDuration>30</SessionDuration><ConnectionProtocol>HTTP</ConnectionProtocol><ErrorCode>1226</ErrorCode></EventInfo></UserData></Event>

Event 9:

Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:54:22
Event ID:      300
Task Category: (5)
Level:         Information
Keywords:      Audit Success,(16777216)
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "domain\user", on client computer "xx.xxx.xx.xxx", met resource authorization policy requirements and was therefore authorized to connect to resource "computer_name.domain.example.com".
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>300</EventID><Version>0</Version><Level>4</Level><Task>5</Task><Opcode>30</Opcode><Keywords>0x4020000001000000</Keywords><TimeCreated SystemTime="2019-06-02T06:54:22.397561300Z" /><EventRecordID>31010</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="5640" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>domain\user</Username><IpAddress>xx.xxx.xx.xxx</IpAddress><AuthType></AuthType><Resource>computer_name.domain.example.com</Resource><ConnectionProtocol></ConnectionProtocol><ErrorCode>0</ErrorCode></EventInfo></UserData></Event>

Event 10:

Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:54:22
Event ID:      302
Task Category: (3)
Level:         Information
Keywords:      (16777216)
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "domain\user", on client computer "xx.xxx.xx.xxx", connected to resource "computer_name.domain.example.com". Connection protocol used: "HTTP".
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>302</EventID><Version>0</Version><Level>4</Level><Task>3</Task><Opcode>30</Opcode><Keywords>0x4000000001000000</Keywords><TimeCreated SystemTime="2019-06-02T06:54:22.397561300Z" /><EventRecordID>31011</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="5640" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>domain\user</Username><IpAddress>xx.xxx.xx.xxx</IpAddress><AuthType></AuthType><Resource>computer_name.domain.example.com</Resource><ConnectionProtocol>HTTP</ConnectionProtocol><ErrorCode>0</ErrorCode></EventInfo></UserData></Event>

Event 11:

Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:54:54
Event ID:      302
Task Category: (3)
Level:         Information
Keywords:      (16777216)
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "domain\user", on client computer "xx.xxx.xx.xxx", connected to resource "computer_name.domain.example.com". Connection protocol used: "UDP".
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>302</EventID><Version>0</Version><Level>4</Level><Task>3</Task><Opcode>30</Opcode><Keywords>0x4000000001000000</Keywords><TimeCreated SystemTime="2019-06-02T06:54:54.123103000Z" /><EventRecordID>31012</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="3132" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>domain\user</Username><IpAddress>xx.xxx.xx.xxx</IpAddress><AuthType></AuthType><Resource>computer_name.domain.example.com</Resource><ConnectionProtocol>UDP</ConnectionProtocol><ErrorCode>0</ErrorCode></EventInfo></UserData></Event>

Event 12:

Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:54:54
Event ID:      205
Task Category: (2)
Level:         Information
Keywords:      (16777216)
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "domain\user", on client computer "xx.xxx.xx.xxx", successfully connected to the remote server "computer_name.domain.example.com" using UDP proxy. The authentication method used was: "Cookie".
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>205</EventID><Version>0</Version><Level>4</Level><Task>2</Task><Opcode>30</Opcode><Keywords>0x4000000001000000</Keywords><TimeCreated SystemTime="2019-06-02T06:54:54.123103000Z" /><EventRecordID>31013</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="15808" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>domain\user</Username><IpAddress>xx.xxx.xx.xxx</IpAddress><AuthType>Cookie</AuthType><Resource>computer_name.domain.example.com</Resource><BytesReceived></BytesReceived><BytesTransfered></BytesTransfered><SessionDuration></SessionDuration><ConnectionProtocol></ConnectionProtocol><ErrorCode>0</ErrorCode></EventInfo></UserData></Event>

Event 13:

Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:54:54
Event ID:      302
Task Category: (3)
Level:         Information
Keywords:      (16777216)
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "domain\user", on client computer "xx.xxx.xx.xxx", connected to resource "computer_name.domain.example.com". Connection protocol used: "UDP".
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>302</EventID><Version>0</Version><Level>4</Level><Task>3</Task><Opcode>30</Opcode><Keywords>0x4000000001000000</Keywords><TimeCreated SystemTime="2019-06-02T06:54:54.123103000Z" /><EventRecordID>31014</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="3132" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>domain\user</Username><IpAddress>xx.xxx.xx.xxx</IpAddress><AuthType></AuthType><Resource>computer_name.domain.example.com</Resource><ConnectionProtocol>UDP</ConnectionProtocol><ErrorCode>0</ErrorCode></EventInfo></UserData></Event>

Event 14:

Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:54:54
Event ID:      205
Task Category: (2)
Level:         Information
Keywords:      (16777216)
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "domain\user", on client computer "xx.xxx.xx.xxx", successfully connected to the remote server "computer_name.domain.example.com" using UDP proxy. The authentication method used was: "Cookie".
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>205</EventID><Version>0</Version><Level>4</Level><Task>2</Task><Opcode>30</Opcode><Keywords>0x4000000001000000</Keywords><TimeCreated SystemTime="2019-06-02T06:54:54.123103000Z" /><EventRecordID>31015</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="12344" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>domain\user</Username><IpAddress>xx.xxx.xx.xxx</IpAddress><AuthType>Cookie</AuthType><Resource>computer_name.domain.example.com</Resource><BytesReceived></BytesReceived><BytesTransfered></BytesTransfered><SessionDuration></SessionDuration><ConnectionProtocol></ConnectionProtocol><ErrorCode>0</ErrorCode></EventInfo></UserData></Event>

Event 15:

Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:54:54
Event ID:      303
Task Category: (3)
Level:         Information
Keywords:      (16777216)
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "domain\user", on client computer "xx.xxx.xx.xxx", disconnected from the following network resource: "computer_name.domain.example.com". Before the user disconnected, the client transferred 637 bytes and received 4567 bytes. The client session duration was 0 seconds. Connection protocol used: "UDP".
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>303</EventID><Version>0</Version><Level>4</Level><Task>3</Task><Opcode>44</Opcode><Keywords>0x4000000001000000</Keywords><TimeCreated SystemTime="2019-06-02T06:54:54.466828900Z" /><EventRecordID>31016</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="3132" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>domain\user</Username><IpAddress>xx.xxx.xx.xxx</IpAddress><AuthType></AuthType><Resource>computer_name.domain.example.com</Resource><BytesReceived>4567</BytesReceived><BytesTransfered>637</BytesTransfered><SessionDuration>0</SessionDuration><ConnectionProtocol>UDP</ConnectionProtocol><ErrorCode>1226</ErrorCode></EventInfo></UserData></Event>

Event 16:

Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          02/06/2019 09:54:54
Event ID:      303
Task Category: (3)
Level:         Information
Keywords:      (16777216)
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
The user "domain\user", on client computer "xx.xxx.xx.xxx", disconnected from the following network resource: "computer_name.domain.example.com". Before the user disconnected, the client transferred 1641 bytes and received 7160 bytes. The client session duration was 0 seconds. Connection protocol used: "UDP".
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" /><EventID>303</EventID><Version>0</Version><Level>4</Level><Task>3</Task><Opcode>44</Opcode><Keywords>0x4000000001000000</Keywords><TimeCreated SystemTime="2019-06-02T06:54:54.529322500Z" /><EventRecordID>31017</EventRecordID><Correlation ActivityID="{F9A66720-F292-459D-9E6D-40D1A86A0000}" /><Execution ProcessID="4696" ThreadID="15808" /><Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventInfo xmlns="aag"><Username>domain\user</Username><IpAddress>xx.xxx.xx.xxx</IpAddress><AuthType></AuthType><Resource>computer_name.domain.example.com</Resource><BytesReceived>7160</BytesReceived><BytesTransfered>1641</BytesTransfered><SessionDuration>0</SessionDuration><ConnectionProtocol>UDP</ConnectionProtocol><ErrorCode>1226</ErrorCode></EventInfo></UserData></Event>

Event 17:

Log Name:      Microsoft-Windows-TerminalServices-SessionBroker/Operational
Source:        Microsoft-Windows-TerminalServices-SessionBroker
Date:          02/06/2019 09:54:54
Event ID:      800
Task Category: RD Connection Broker processes connection request
Level:         Verbose
Keywords:      
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
RD Connection Broker received connection request for user domain\user. 
Hints in the RDP file (TSV URL) = tsv://MS Terminal Services Plugin.1.RemoteApps 
Initial Application = rdpinit.exe 
Call came from Redirector Server = computer_name.domain.example.com 
Redirector is configured as Virtual machine redirector
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-SessionBroker" Guid="{D1737620-6A25-4BEF-B07B-AAC3DF44EFC9}" /><EventID>800</EventID><Version>0</Version><Level>5</Level><Task>101</Task><Opcode>11</Opcode><Keywords>0x2000000000000000</Keywords><TimeCreated SystemTime="2019-06-02T06:54:54.669933800Z" /><EventRecordID>534540</EventRecordID><Correlation ActivityID="{F420EE10-A030-485A-8B06-EFE8C1E30000}" /><Execution ProcessID="4596" ThreadID="13724" /><Channel>Microsoft-Windows-TerminalServices-SessionBroker/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventXML xmlns="Event_NS"><param1>domain\user</param1><param2>tsv://MS Terminal Services Plugin.1.RemoteApps</param2><param3>rdpinit.exe</param3><param4>computer_name.domain.example.com</param4><param5>Virtual machine redirector</param5></EventXML></UserData></Event>

Event 18:
Log Name:      Microsoft-Windows-TerminalServices-SessionBroker/Operational
Source:        Microsoft-Windows-TerminalServices-SessionBroker
Date:          02/06/2019 09:54:55
Event ID:      801
Task Category: RD Connection Broker processes connection request
Level:         Verbose
Keywords:      
User:          NETWORK SERVICE
Computer:      computer_name.domain.example.com
Description:
RD Connection Broker successfully processed the connection request for user domain\user. Redirection info: 
Target Name = COMPUTER_NAME 
Target IP Address = XXX.X.XX.XXX, a000:b000:c000::d000:e000 
Target Netbios = COMPUTER_NAME 
Target FQDN = computer_name.domain.example.com 
Disconnected Session Found = 0x0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-TerminalServices-SessionBroker" Guid="{D1737620-6A25-4BEF-B07B-AAC3DF44EFC9}" /><EventID>801</EventID><Version>0</Version><Level>5</Level><Task>101</Task><Opcode>11</Opcode><Keywords>0x2000000000000000</Keywords><TimeCreated SystemTime="2019-06-02T06:54:55.091773200Z" /><EventRecordID>534541</EventRecordID><Correlation ActivityID="{F420EE10-A030-485A-8B06-EFE8C1E30000}" /><Execution ProcessID="4596" ThreadID="6204" /><Channel>Microsoft-Windows-TerminalServices-SessionBroker/Operational</Channel><Computer>computer_name.domain.example.com</Computer><Security UserID="S-1-5-20" /></System><UserData><EventXML xmlns="Event_NS"><param1>domain\user</param1><param2>COMPUTER_NAME</param2><param3>XXX.X.XX.XXX, a000:b000:c000::d000:e000</param3><param4>COMPUTER_NAME</param4><param5>computer_name.domain.example.com</param5><param6>0x0</param6></EventXML></UserData></Event>

I have numbered the events for ease of reference.

As can be seen from event #7  and #14 the user disconnects twice after 30 sec timeout.

From some research it seems like a possible problem may be in the VM settings, which is not in my control so if it is the case I would have to know what exactly to ask from the hosting service.

Any idea/solution will be greatly appreciated!