Paying it forward with question and answer.
Remote application launched from a desktop via a .RDP file. During initialization on the RDS box the application is seen to startup and then immediately exits. Easy to see this happening with Process Explorer and capture the exit code via Process Monitor. The primary problem: we had no idea why this was happening, nor could we catch this exit/exception in the .NET managed code.
Used Event Tracing for Windows to discover csrss.exe was responsible for forcing the process to exit.
Create/Start Tracing
logman create trace "NT Kernel Logger" -ow -o c:\temp\logger.etl -p "Windows Kernel Trace" (process) -nb 16 16 -bs 1024 -mode Circular -ct perf -max 4096 -ets
Stop Tracing
logman stop "NT Kernel Logger" -ets
TraceView was used to open logger.etl, copied the contents into notepad++ to review/analyze.
Analysis showing csrss.exe starts/terminates wd.exe.
csrss.exe 0x1AF0 starts
[1]2D08.4F10::04/08/22-12:13:03.4029831 [MSNT_SystemTrace] [Process - Start] UniqueProcessKey=0xFFFF81069BE15800,ProcessId=0x1AF0,ParentId=0x2D08,SessionId=136,ExitStatus=259,DirectoryTableBase=0x2DAA00000,Flags=4,UserSID=\\NT AUTHORITY\SYSTEM,ImageFileName=csrss.exe,CommandLine=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16,PackageFullName=,ApplicationId=
WD.exe 0x36AC starts
[4]3420.18C0::04/08/22-12:13:25.4538232 [MSNT_SystemTrace] [Process - Start] UniqueProcessKey=0xFFFF81069C5C5800,ProcessId=0x36AC,ParentId=0x3420,SessionId=136,ExitStatus=259,DirectoryTableBase=0x151C00000,Flags=2,UserSID=S-1-5-21-2800969729-2416879259-3544499912-1943,ImageFileName=WD.exe,CommandLine="C:\Program Files\WD.exe" 13344 6524,PackageFullName=,ApplicationId=
csrss.exe terminates WD.exe
[2]1AF0.2CEC::04/08/22-12:13:34.9258068 [MSNT_SystemTrace] [Process - Terminate] ProcessId=0x36AC
[4]36AC.1A58::04/08/22-12:13:34.9281592 [MSNT_SystemTrace] [Process - End] UniqueProcessKey=0xFFFF81069C5C5800,ProcessId=0x36AC,ParentId=0x3420,SessionId=136,ExitStatus=1073807364,DirectoryTableBase=0x151C00000,Flags=2,UserSID=S-1-5-21-2800969729-2416879259-3544499912-1943,ImageFileName=WD.exe,CommandLine="C:\Program Files\WD.exe" 13344 6524,PackageFullName=,ApplicationId=
Further investigation led to a Local Policy setting (gpedit.msc).
Terminal Services RemoteApp™ Session Termination Logic
https://techcommunity.microsoft.com/t5/security-compliance-and-identity/terminal-services-remoteapp-8482-session-termination-logic/ba-p/246566
Administrative Templates | Windows Components | Remote Desktop Services | Remote Desktop Session Host | Session Time Limits | Set time limit for disconnected sessions = Enabled | 1 minute
This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions.
You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default, Remote Desktop Services allows users to disconnect from a Remote Desktop Services session without logging off and ending the session.
When a session is in a disconnected state, running programs are kept active even though the user is no longer actively connected. By default, these disconnected sessions are maintained for an unlimited time on the server.
If you enable this policy setting, disconnected sessions are deleted from the server after the specified amount of time. To enforce the default behavior that disconnected sessions are maintained for an unlimited time, select Never. If you have a console session, disconnected session time limits do not apply.
If you disable or do not configure this policy setting, this policy setting is not specified at the Group Policy level. Be y default, Remote Desktop Services disconnected sessions are maintained for an unlimited amount of time.
Note: This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.
When defined, the policy setting can also be found in the registry:
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\MaxDisconnectionTime DWORD = 60000
The application was technically starting and running on the RDS box, the key factor between good (operational) and bad (termination) was how long it took to display a UI on the desktop. Changing the settings to 5 minutes corrected the problem.
Microsoft declined to document this exit status condition, I hope this accelerates your troubleshooting effort.