Remote Connection problem

chrisjuhchrisjuh Member Posts: 6 ■□□□□□□□□□
Hi everyone,

I have a problem witch is driving me crazy.

I have installed Windows Server 2003 R2 SP2 alsow as a domain controller.
The problem i have now is that i simply cant even connect to my server from a normal windows XP system that i have here.


I've tried my external IP adress as well as my Local IP adress from the server.

I get the message:

The client cannot connect to the remote computer.
Remote connections might not be enabled or this computer right be to busy to accept connections.
It's aslow possible that network problems are preventing your connection.
Please try again later or contact your administrator (me)

I've tried everything from changing the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\fDenyTSConnections to value:0

Had no effect, 2 accounts are full admin and members of remote desktop users, still nothing keep getting the connection error.

so the problem is not that i cant login it's simply that i cant connect to the server, while when i remote my server and start my windows XP (boot manager) and try to login thrue my latop on it and that actualy works so it's not in the network aswell.

Hopefully you people can give me any tips or answers to this becuase i red a million topics related to this but still without any resulsts from my side.

otherwise it's /format C: and no more microsoft server for me :D

Thnx in advance,

Greetz Chris

Comments

  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    chrisjuh wrote:
    I've tried my external IP adress as well as my Local IP adress from the server.

    Are you inside your outside of your local network when you're testing this?

    Can you ping the machine?
    chrisjuh wrote:
    Had no effect, 2 accounts are full admin and members of remote desktop users, still nothing keep getting the connection error.

    Remote desktop users aren't automatically given access like on member servers. You have to be a local or domain/enterprise admin on domain controllers.

    Have you enabled remote access on system properties on the remote tab?
    chrisjuh wrote:
    so the problem is not that i cant login it's simply that i cant connect to the server, while when i remote my server and start my windows XP (boot manager) and try to login thrue my latop on it and that actualy works so it's not in the network aswell.

    I'm not really sure what you're saying here. Are you saying that you're dual booting, and you can access remote desktop on the XP installation, but not the Server 2003 installation?
  • chrisjuhchrisjuh Member Posts: 6 ■□□□□□□□□□
    Are you inside your outside of your local network when you're testing this?
    Can you ping the machine?

    Yes i am on my local network and yes i can ping my server adress witch is to be more clear: 192.168.1.34 (made an static-ip for this machine)
    Remote desktop users aren't automatically given access like on member servers. You have to be a local or domain/enterprise admin on domain controllers.

    Have you enabled remote access on system properties on the remote tab?

    Yes the 2 accounts are Members of: Administrators (Built-in) and Domain admins (Users) as well as the Remote Desktop users (Built-in)
    I'm not really sure what you're saying here. Are you saying that you're dual booting, and you can access remote desktop on the XP installation, but not the Server 2003 installation?

    Yes it's not hard tho have windows XP as well as windows 2003 server installed on 1 machine with the original bootmanager from microsoft, and when i connect and try to connect to the windows server or the windows XP i'm doing that from my laptop that is wired in my router.

    Thnx for your quick reply btw :D

    Greetz Chris
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    You didn't answer if you enabled remote access in system properties. I can't remember if that's enabled by default.

    right-click my computer > properties > remote tab

    Also, I can't remember if being in those other groups will prevent you from accessing the server. I'm not in a place where I can test it out at the moment. I don't think they would, but try creating a new account that is only a member of domain admins and try that as well. Finally, make sure you have passwords on the accounts. You can log on locally without passwords, but I believe it's required for remote desktop connections.
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    Check a few settings under "Domain Controller Security Policy> Security Settings> Local Policies> User Rights Assignments" such as Deny Logon Through Terminal Services and Allow Logon through Terminal Services. Make sure something in there is not preventing you from logging on.
    All things are possible, only believe.
  • chrisjuhchrisjuh Member Posts: 6 ■□□□□□□□□□
    dynamik wrote:
    You didn't answer if you enabled remote access in system properties. I can't remember if that's enabled by default.

    right-click my computer > properties > remote tab

    Also, I can't remember if being in those other groups will prevent you from accessing the server. I'm not in a place where I can test it out at the moment. I don't think they would, but try creating a new account that is only a member of domain admins and try that as well. Finally, make sure you have passwords on the accounts. You can log on locally without passwords, but I believe it's required for remote desktop connections.

    Sorry for not asnwering that one guess i missed it but yes it's aslo enabled there by marking the box.
    sprkymrk wrote:
    Check a few settings under "Domain Controller Security Policy> Security Settings> Local Policies> User Rights Assignments" such as Deny Logon Through Terminal Services and Allow Logon through Terminal Services. Make sure something in there is not preventing you from logging on.

    And aslow the policies are the way they should be.


    But the problem is not that i cant log in it is that i cant even connect to the server, i just tried to make an new account who was just Domain Admins member but had no effect still could not connect to the server for all clearness i can't even see the login screen you would normaly get by remotly connecting to your pc. I enter my IP adress click on connect en then get the message i typed in my first post.

    Chris
  • sthomassthomas Member Posts: 1,240 ■■■□□□□□□□
    chrisjuh wrote:
    But the problem is not that i cant log in it is that i cant even connect to the server, i just tried to make an new account who was just Domain Admins member but had no effect still could not connect to the server for all clearness i can't even see the login screen you would normaly get by remotly connecting to your pc. I enter my IP adress click on connect en then get the message i typed in my first post.

    Did you make sure the Windows Firewalls where off on both machines or the correct port was open. Or if you have a hardware firewall between the two computers make sure the corret port is open on that also, I believe it would be port 3389.
    Working on: MCSA 2012 R2
  • chrisjuhchrisjuh Member Posts: 6 ■□□□□□□□□□
    Did you make sure the Windows Firewalls where off on both machines or the correct port was open. Or if you have a hardware firewall between the two computers make sure the corret port is open on that also, I believe it would be port 3389.

    My first tought was that the windows firewall blocked the RDP application but it was turned off and i cou;dnt turn it on becuase of another service using the IPnat.sys that problem is fixed and i enabled the windows firewall and allowed the RDP protocol true the firewall, so everything should work but i still get the connection errors and i can't find a way to remotly connect to my server. and i've tried another port then 3389 just to test and aslow forwarded it in the router to the IP adress of the server, still no effect and put the port number back to the original one.

    Chris
  • jojopramosjojopramos Member Posts: 415
    You can also check the services like remote registry and the likes if it is started already. Try to use RDP from the problematic server to connect/remote access the other member server. Are you accessing this server from a diferent subnet/DMZ. Maybe it has a Pix Firewall/ISA Firewall.
  • gabilangabilan Member Posts: 74 ■■□□□□□□□□
    Logon to the server as Administrator.

    Open system properties

    On remote tab enable Remote Desktop

    Open terminal services configuration console from administrative tools

    In the tssc MMC right click the RDP tcp connection and click properties

    On network adapter tab change max connecctions to 1.

    On the session tab and configure it as you want.

    Now try to connect.
  • chrisjuhchrisjuh Member Posts: 6 ■□□□□□□□□□
    jojopramos wrote:
    You can also check the services like remote registry and the likes if it is started already. Try to use RDP from the problematic server to connect/remote access the other member server. Are you accessing this server from a diferent subnet/DMZ. Maybe it has a Pix Firewall/ISA Firewall.

    To make sure there are no firewalls blocking anything i put the server and my laptop on a switch without connected to any router or internet so just the local network, both have the same standard submask, windows firewall is disabled on the server (but RDP is added as trusted in Windows Firewall to make sure). All the services are running that have anything to do with remote terminal.

    And still i keep getting the message when i try to connect that he simply cant find my server (local IP adress) so i cant even connect to it, 2 users are Local Admins, remote desktop users and domain admins.

    Is it even possible to remotly connect to a Domain server for administrating goals? i do not mean that just a user is logging on and gets a profile and can get to work on it but simply take over the Server remotly like you can in Windows XP Pro?

    Thnx for all your effort guys.

    Greetz Chris
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    Yes, it is possible and common to use RDP to administer a DC. It really shouldn't be this difficult, though.

    Does this DC have more than one network interface?
    All things are possible, only believe.
  • chrisjuhchrisjuh Member Posts: 6 ■□□□□□□□□□
    sprkymrk wrote:
    Yes, it is possible and common to use RDP to administer a DC. It really shouldn't be this difficult, though.

    Does this DC have more than one network interface?

    Yes the computer i'm running my DC on has 2 network controllers in it could that be the problem? is there a way i can assing 1 network controller to the sefvice?

    Thnx Chris
  • MishraMishra Member Posts: 2,468 ■■■■□□□□□□
    Download nmap for windows and port scan the machine. It will tell you if port 3389 is open.
    My blog http://www.calegp.com

    You may learn something!
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    chrisjuh wrote:
    sprkymrk wrote:
    Yes, it is possible and common to use RDP to administer a DC. It really shouldn't be this difficult, though.

    Does this DC have more than one network interface?

    Yes the computer i'm running my DC on has 2 network controllers in it could that be the problem? is there a way i can assing 1 network controller to the sefvice?

    Thnx Chris

    Disable one and do an ipconfig /all. Double check the ip address of the connection still enabled, and try to connect to it using the ip, not computer name.
    All things are possible, only believe.
  • undomielundomiel Member Posts: 2,818
    Don't need nmap for a port scan (though it would be good to do for other reasons) just telnet to port 3389 on the server and it will let you know if it is open or not. Here's a few things to check, open up terminal services configuration and check what network adapter it is bound to. Also check what the maximum number of sessions is, which should be 2. Open up the terminal services manager and check that RDP-tcp is enabled. Also check and make sure that the terminal services service is running properly. And you can also check RPC though if that isn't working you'd have more problems than just this. And I would highly recommend the telnet test I recommended first.
    Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
Sign In or Register to comment.