RDP problems

jrmeulemansjrmeulemans Posts: 74Member ■■□□□□□□□□
I have a user with a machine that I cannot rdp to. It is an internal xp machine. Here is what I have tried/verified:

Can ping computer
TS registry settings are correct (I can remotely manage the machine fine)
Firewall settings are correct (exceptions, even had user re-apply netsh firewall commands)
checked out all his running services that are remote permissive or deny
No other firewalls or port blocking - our desktop management software lets me audit all his software (this means wmi is working)
can telnet 3389 successfully
can RDP from machine to other machines
System properties - allow remote connections is selected
The user can make outgoing rdp connections
no rdp or ts related event warnings/errors
We have no GPO's restricting RDP


Anyone have any other ideas? I'm stumped!

Edit: Another thing, there is no message box displayed when you try to connect with mstsc, it just trys to connect then stops.

Comments

  • arwesarwes Posts: 633Member ■■■□□□□□□□
    I take it this is in a AD environment? Is everything set correctly on the user's Remote Control tab in ADUC?
    [size=-2]Started WGU - BS IT:NDM on 1/1/13, finished 12/31/14
    Working on: Waiting on the mailman to bring me a diploma
    What's left: Graduation![/size]
  • jrmeulemansjrmeulemans Posts: 74Member ■■□□□□□□□□
    Don't think that is relevant to the machine. They are set though.
  • RobertKaucherRobertKaucher Posts: 4,298Member
    Have you tried using mstsc on another machine to rdp to the problem PC? Have you checked that something else might be listening on 3389?

    netstat -aon | find "3389"

    Or that somehow the default port for RDP got changed on this machine?
  • jrmeulemansjrmeulemans Posts: 74Member ■■□□□□□□□□
    yeah i tried on another machine. How do i netstat to a remote computer?
  • RobertKaucherRobertKaucher Posts: 4,298Member
    yeah i tried on another machine. How do i netstat to a remote computer?
    You could use PSExec. PsExec

    psexec [URL="file://\\nameofpc"]\\nameofpc[/URL] netstat -aon | find "3389"



    here is what it looked like on my machine (pc68 ) to a remote computer (pc91):

    C:\>psexec [URL="file://\\pc91"]\\pc91[/URL] netstat -aon | find "3389"
    PsExec v1.95 - Execute processes remotely
    Copyright (C) 2001-2009 Mark Russinovich
    Sysinternals - www.sysinternals.com

    TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 1092
    netstat exited on pc91 with error code 0.
  • undomielundomiel Posts: 2,818Member
    Another option is to see if you can telnet into port 3389 on the remote machine. That will let you know if you can get through to something listening on that port.
    Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
  • jrmeulemansjrmeulemans Posts: 74Member ■■□□□□□□□□
    please refer my first posting, as I stated that I have already done that. I also got the end-user to netstat his machine and only svchost was listening on 3389
  • phoeneousphoeneous Go ping yourself... Posts: 2,333Member ■■■■■■■□□□
    I'm having this same exact problem!
  • undomielundomiel Posts: 2,818Member
    Sorry, somehow missed that you were able to telnet in. How about taking down the Windows Firewall on the machine, even though you do have the exceptions in it. See if that makes a difference in it. Even try completely killing the Windows Firewall service.
    Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
  • rwwest7rwwest7 Posts: 300Member
    Ditch RDP and pick up DameWare Mini-Remote control.

    Dumb question, buy the client enabled RDP incoming connections correct? Also selected which users are allowed to connect?
  • rwwest7rwwest7 Posts: 300Member
    Edit: Another thing, there is no message box displayed when you try to connect with mstsc, it just trys to connect then stops.
    This would make me lean towards a firewall issue. Like someone else said, totally disable the firewall. Sometimes the exceptions are for the local subnet only. Are you on the same subnet as him?
  • Hyper-MeHyper-Me Posts: 2,059Banned
    Are you a member of the Remote Desktop Users Group?
    I got a fortune cookie that said "Outlook not so good" and I thought to myself "Yeah...but Microsoft sells it anyway."
  • RobertKaucherRobertKaucher Posts: 4,298Member
    So here is my understanding:

    * Terminal Services is running on the remote PC and is actively listening on the correct port as netstat confirmed.

    * The port can be reached because you were able to connect via telnet, so really it is probably not a firewall.

    * It's not an issue with groups/permissions because your connection is not being actively refused, you said there was no error message.

    My only other question would be are all the RDP related services running on the machine? But I am stumped. No error messages in event viewer, the service is listening on the port, you can reach the port.... Are you seperated from this machine by a physical firewall? Is it on another subnet? I am grasping at straws...
  • SWMSWM Posts: 287Member
    Ok This may sound stupid, but on the computer giving problems, try rdping to itself. i.e run mstsc and then type in the IP of the computer you are using. If rdp is working, you will get the logon prompt, but dont login.

    If you get the login prompt, you know that the registry and all associated settings are allowing 3389 connections. The fault then will lie with its firewall blocking externall 3389 connections.

    If you do not get a login then you have rdp setup issues. Is the machine on a AD domain and hence does the machine have a user account with a password ? rdp will not work with out a password.

    Hope this helps
    Isn't Bill such a Great Guy!!!!
  • RobertKaucherRobertKaucher Posts: 4,298Member
    SWM wrote: »
    Ok This may sound stupid, but on the computer giving problems, try rdping to itself. i.e run mstsc and then type in the IP of the computer you are using. If rdp is working, you will get the logon prompt, but dont login.

    If you get the login prompt, you know that the registry and all associated settings are allowing 3389 connections. The fault then will lie with its firewall blocking externall 3389 connections.

    If you do not get a login then you have rdp setup issues. Is the machine on a AD domain and hence does the machine have a user account with a password ? rdp will not work with out a password.

    Hope this helps

    This cannot be done. You will not get a logon prompt you will be told that you cannot create another console session. The questioner is having issues with an XP system, not a server. We already know he can connect to the port because he can telnet to 3389 from another system. Windows firewall will not care if it is telnet or mstsc that is initiating the connection. If the port is blocked, it will be refused. Since the connection is not dropped, it CANNOT be that the port is closed by a firewall.
  • blargoeblargoe Self-Described Huguenot NC, USAPosts: 4,170Member ■■■■■■■■■□
    The only time I have seen RDP behave like that was in a situation where I had a file server that kept running low on virtual memory. Shares still worked, though we couldn't copy large files to them, and RDP stopped working.

    Dumb question: have you rebooted?
    IT guy since 12/00

    Recent: 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCSA 7, learning Ansible
    Future: RHCE? VCAP6.5-DCD?
  • undomielundomiel Posts: 2,818Member
    Windows firewall will not care if it is telnet or mstsc that is initiating the connection. If the port is blocked, it will be refused. Since the connection is not dropped, it CANNOT be that the port is closed by a firewall.

    On the other hand I have seen cases of the windows firewall interfering with ports that were open, that's why I am advocating taking down the firewall service.
    Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
  • RobertKaucherRobertKaucher Posts: 4,298Member
    blargoe wrote: »
    Dumb question: have you rebooted?

    I was going to say this exact thing....
  • RobertKaucherRobertKaucher Posts: 4,298Member
    undomiel wrote: »
    On the other hand I have seen cases of the windows firewall interfering with ports that were open, that's why I am advocating taking down the firewall service.

    I agree. But if he can telnet to the port, it's interfering on the application layer only and I see that as improbable.

    I have seen windows firewall on Vista systems have issues sharing and using RDP accross subnets. But I have not seen this on XP systems.

    jrmeulemans, can you disable the windows firewall service and verify there is no other firewall running? Perhapps a user installed something.

    One other thing. Has anyone ever been able to rdp to this system?
  • jrmeulemansjrmeulemans Posts: 74Member ■■□□□□□□□□
    Hey guys thanks for all the responses:

    Subnet exceptions - I checked these with him...not an issue...I also hopped to a server in the same site as him and tried from there

    Yes he has rebooted

    I am a domain admin so it isnt a permissions issue

    I was able to generate an error message finally, when he was in safe mode with networking:

    "The Remote Computer has Ended The Connection"
    Upon googling:

    I also registered some file: regsvr32 remotepg.dll

    Looks like there is a way the RDP app may be corrupt? I hope I dont have to do a repair install...


    anyways, thanks for the help
  • RobertKaucherRobertKaucher Posts: 4,298Member
  • maumercadomaumercado Posts: 163Member
    check if the admin$ share is enabled... I had a problem similar to yours and was fixed enabling the admin$ share

    c:\net share admin$
    then
    c:\net user remoteadmin /Add

    and to make it autostart at boot
    For NT4 Workstations, Win2K Professional, XP Professional, go to:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters
    Name: AutoShareWks
    Data Type: REG_DWORD
    Value: 1
    Note: A reboot is necessary for this to take effect.
  • jrmeulemansjrmeulemans Posts: 74Member ■■□□□□□□□□
    ARGGG I should have looked at informational events:

    RDPDD.dll failed to load

    you would think this would be a critical or warning event


    This opens a whole new issue altogether


    upon google...



    ....disabling hardware acceleration didnt work....


    updating nvidia drivers now...
  • jrmeulemansjrmeulemans Posts: 74Member ■■□□□□□□□□
  • undomielundomiel Posts: 2,818Member
    I love it when important stuff gets flagged as information events and not at least warnings! Good job on finding the fix, bookmarked it myself just in case I ever run into something similar.
    Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
Sign In or Register to comment.