Weird RDP issue

JasminLandry

Hi guys, I would need help on an issue. We have 1 machine where no one is able to connect to it using Remote Desktop. It is activated but I don't see the port listening when doing a netstat. I restarted the PC, checked if the service was running, checked the registry, checked some hidden driver that I didn't even know existed and a couple more things. The computer itself is a Windows 7 machine. If you guys have ever had this problem and found a solution let me know

JasminLandry

I also checked the Windows firewall and uninstalled the anti-virus which was also acting as a host firewall.

RouteMyPacket

How do you have the remote desktop settings configured? Let's start with the basics..

MAC_Addy

Are you trying to use Remote Desktop through a local network or outside your local network?

unfbilly11

RouteMyPacket wrote: »

How do you have the remote desktop settings configured? Let's start with the basics..

This. It's probably not network related if you can remote into other machines.

BGraves

RouteMyPacket wrote: »

How do you have the remote desktop settings configured? Let's start with the basics..

^
Turn on Remote Desktop in Windows 7, 8 or Vista

JasminLandry

Remote Desktop is configured with: Allow connections from computers running any version of Remote Desktop (less secure).

JasminLandry

unfbilly11 wrote: »

This. It's probably not network related if you can remote into other machines.

It's not network related, it's really this computer only.

JasminLandry

MAC_Addy wrote: »

Are you trying to use Remote Desktop through a local network or outside your local network?

It's in the LAN..

unfbilly11

Are you getting an actual error message when you try to connect or are you just getting that message stating it can't connect and listing the standard 3 issues? Are you sure that the account that you're trying to log in with has the rights to log on to the PC? If it doesn't you'll get a message saying something like "this account is not configured for remote logon".



Also, check the time and make sure there isn't a huge difference.

NotHackingYou

Can you telnet to that machine on 3389?

demonfurbie

can you ping it by ip and port scan it

Qord

If you completely disable the firewall can you rdp to it then?

phoeneous

It's probably not listening on port 3389.

How to change the listening port for Remote Desktop

JasminLandry

unfbilly, it is the regular 3 standard messages. The time is synchronized with the NTP server.

CarlSaiyed, No I can't telnet to that port.

demonfurbie, yes I can ping it. I did scan it with Nmap and it the only services open it had were the same that I see when I run netstat.

Qord, been there done that.

phoeneous, I tried that as well.

I'm telling you guys, I tried everything that I could think of and nothing worked. The closest I got what was to have the port from Not Listening to Filtered.

googol

Below are the steps that need to perform when you run in to RDP problem. 1. if the patches show installed Windows 7 for x86 or x64 based Systems Service Pack 1* (KB2621440) Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1* OR Windows 7 for x86 or x64 based Systems Service Pack 1* (KB2667402) please uninstall these patches and reboot your box. run sfc /scannow to confirm that theres no file level corruption ensure that rdpcorekmts.dll file exists and is SP1 version that is it 6.1.7601.xxxx 2. Export following registry entry from working RDP machine and Import to machine having RDP issue. HKEY_CLASSES_ROOT\CLSID\{18b726bb-6fe6-4fb9-9276-ed57ce7c7cb2} reboot the box. Post reboot ensure that 3389 is listening using command netstat -a 3. Import the following registry entries and try to RDP HKLM\SYSTEM\CurrentControlSet\Control\Video\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9} HKLM\SYSTEM\CurrentControlSet\services\RDPDD Able to RDP fine. 4. reinstall Windows 7 for x86 or x64 based Systems Service Pack 1* (KB2621440) Windows 7 for x86 or x64 based Systems Service Pack 1* (KB2667402) - reboot and verify that RDP is still working

yea, found that and cleaned it up. Basically you might just want to reimage to your standard image.

MAC_Addy

From the machine that you're having problems with, can you RDP to another machine?

rsutton

Are the Remote Desktop Services running?

no!all!

I'd just go office space on it...

NotHackingYou

On the actual machine, can you telnet to localost 3389?

MSP-IT

I love issues like this.

What I'd do is download TCPView. See if you can find the Windows service that dictates the RDP listener and see if you can identify within TCP what port it's attempting to listen on, if any. TCPView should give you a pretty granular look into what's happening on the machine itself from a port use perspective. I'm betting that there is something on the machine that is already using the port or there is something keeping the service from running. Also, check the Windows event log for anything that may be interfering with the RDP service.

BGraves

googol posted what is found on this link:
RDP suddenly stop working on Windows 7 SP1/ Port 3389 not Listening

But the last two comments on that post are worth looking at, might save you some time if they work.

JasminLandry

googol, I'll give that a try.

MAC_Addy, yes from that machine I can RDP to any machine no problem.

rsutton, it's the first thing I checked

CarlSaiyed, No I can't telnet to localhost.

MSP-IT, I didn't think of that, I'll take a look. I have to use the SysInternals tools more often

BGraves, I actually tried that as well. I imported the regsitry key from a working machine to the non working machine but it didn't change anything.

Thanks for your help everyone, really appreciated.

NotHackingYou

If that host won't let you telnet to itself on 3389 you have found the problem - it is something on that host for sure. You are 100% sure the firewall is configured properly? Have you turned off the firewall and tried it with the firewall off to confirm? Any kind of AV software running?

RouteMyPacket

JasminLandry wrote: »

Remote Desktop is configured with: Allow connections from computers running any version of Remote Desktop (less secure).

And who or what group has been given access to this machine? I'm remaining with the basics, getting into registry etc is way off course until you step through the basics here.

TeKniques

If the groups check out like mentioned above it could be an issue with the older AV/Firewall application. First try to use RDP to the machine using a local admin account (by default local admins have permission to use RDP). If still unable you could try to do a winsock reset to clear the remains of the older AV/Firewall entries:

How to reset TCP/IP by using the NetShell utility

If that doesn't work reinstall the drivers for the NIC.

JasminLandry

CarlSaiyed wrote: »

If that host won't let you telnet to itself on 3389 you have found the problem - it is something on that host for sure. You are 100% sure the firewall is configured properly? Have you turned off the firewall and tried it with the firewall off to confirm? Any kind of AV software running?

I'm 100% sure the firewall is turned off and I did uninstall the Kaspersky anti-virus so right now there's no firewall running on the machine.

rsutton

Have you checked the event logs?

Asif Dasl

At this stage I would wipe and reload - it's taking more time than it would to set it up again (probably..)

JasminLandry

Asif Dasl wrote: »

At this stage I would wipe and reload - it's taking more time than it would to set it up again (probably..)

The user who uses the machine actually asked for another one, it only has 2 GB of RAM and we can't add more so I guess my boss will buy him a new one. But it still sucks that I couldn't solve the issue.

NotHackingYou

Can you bring the box back to your desk to keep working on it ?