RDP problems

jrmeulemansjrmeulemans Member Posts: 74 ■■□□□□□□□□
I have a user with a machine that I cannot rdp to. It is an internal xp machine. Here is what I have tried/verified:

Can ping computer
TS registry settings are correct (I can remotely manage the machine fine)
Firewall settings are correct (exceptions, even had user re-apply netsh firewall commands)
checked out all his running services that are remote permissive or deny
No other firewalls or port blocking - our desktop management software lets me audit all his software (this means wmi is working)
can telnet 3389 successfully
can RDP from machine to other machines
System properties - allow remote connections is selected
The user can make outgoing rdp connections
no rdp or ts related event warnings/errors
We have no GPO's restricting RDP


Anyone have any other ideas? I'm stumped!

Edit: Another thing, there is no message box displayed when you try to connect with mstsc, it just trys to connect then stops.

Comments

  • arwesarwes Member Posts: 633 ■■■□□□□□□□
    I take it this is in a AD environment? Is everything set correctly on the user's Remote Control tab in ADUC?
    [size=-2]Started WGU - BS IT:NDM on 1/1/13, finished 12/31/14
    Working on: Waiting on the mailman to bring me a diploma
    What's left: Graduation![/size]
  • jrmeulemansjrmeulemans Member Posts: 74 ■■□□□□□□□□
    Don't think that is relevant to the machine. They are set though.
  • RobertKaucherRobertKaucher Member Posts: 4,299 ■■■■■■■■■■
    Have you tried using mstsc on another machine to rdp to the problem PC? Have you checked that something else might be listening on 3389?

    netstat -aon | find "3389"

    Or that somehow the default port for RDP got changed on this machine?
  • jrmeulemansjrmeulemans Member Posts: 74 ■■□□□□□□□□
    yeah i tried on another machine. How do i netstat to a remote computer?
  • RobertKaucherRobertKaucher Member Posts: 4,299 ■■■■■■■■■■
    yeah i tried on another machine. How do i netstat to a remote computer?
    You could use PSExec. PsExec

    psexec [URL="file://\\nameofpc"]\\nameofpc[/URL] netstat -aon | find "3389"



    here is what it looked like on my machine (pc68 ) to a remote computer (pc91):

    C:\>psexec [URL="file://\\pc91"]\\pc91[/URL] netstat -aon | find "3389"
    PsExec v1.95 - Execute processes remotely
    Copyright (C) 2001-2009 Mark Russinovich
    Sysinternals - www.sysinternals.com

    TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 1092
    netstat exited on pc91 with error code 0.
  • undomielundomiel Member Posts: 2,818
    Another option is to see if you can telnet into port 3389 on the remote machine. That will let you know if you can get through to something listening on that port.
    Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
  • jrmeulemansjrmeulemans Member Posts: 74 ■■□□□□□□□□
    please refer my first posting, as I stated that I have already done that. I also got the end-user to netstat his machine and only svchost was listening on 3389
  • phoeneousphoeneous Member Posts: 2,333 ■■■■■■■□□□
    I'm having this same exact problem!
  • undomielundomiel Member Posts: 2,818
    Sorry, somehow missed that you were able to telnet in. How about taking down the Windows Firewall on the machine, even though you do have the exceptions in it. See if that makes a difference in it. Even try completely killing the Windows Firewall service.
    Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
  • rwwest7rwwest7 Member Posts: 300
    Ditch RDP and pick up DameWare Mini-Remote control.

    Dumb question, buy the client enabled RDP incoming connections correct? Also selected which users are allowed to connect?
  • rwwest7rwwest7 Member Posts: 300
    Edit: Another thing, there is no message box displayed when you try to connect with mstsc, it just trys to connect then stops.
    This would make me lean towards a firewall issue. Like someone else said, totally disable the firewall. Sometimes the exceptions are for the local subnet only. Are you on the same subnet as him?
  • Hyper-MeHyper-Me Banned Posts: 2,059
    Are you a member of the Remote Desktop Users Group?
  • RobertKaucherRobertKaucher Member Posts: 4,299 ■■■■■■■■■■
    So here is my understanding:

    * Terminal Services is running on the remote PC and is actively listening on the correct port as netstat confirmed.

    * The port can be reached because you were able to connect via telnet, so really it is probably not a firewall.

    * It's not an issue with groups/permissions because your connection is not being actively refused, you said there was no error message.

    My only other question would be are all the RDP related services running on the machine? But I am stumped. No error messages in event viewer, the service is listening on the port, you can reach the port.... Are you seperated from this machine by a physical firewall? Is it on another subnet? I am grasping at straws...
  • SWMSWM Member Posts: 287
    Ok This may sound stupid, but on the computer giving problems, try rdping to itself. i.e run mstsc and then type in the IP of the computer you are using. If rdp is working, you will get the logon prompt, but dont login.

    If you get the login prompt, you know that the registry and all associated settings are allowing 3389 connections. The fault then will lie with its firewall blocking externall 3389 connections.

    If you do not get a login then you have rdp setup issues. Is the machine on a AD domain and hence does the machine have a user account with a password ? rdp will not work with out a password.

    Hope this helps
    Isn't Bill such a Great Guy!!!!
  • RobertKaucherRobertKaucher Member Posts: 4,299 ■■■■■■■■■■
    SWM wrote: »
    Ok This may sound stupid, but on the computer giving problems, try rdping to itself. i.e run mstsc and then type in the IP of the computer you are using. If rdp is working, you will get the logon prompt, but dont login.

    If you get the login prompt, you know that the registry and all associated settings are allowing 3389 connections. The fault then will lie with its firewall blocking externall 3389 connections.

    If you do not get a login then you have rdp setup issues. Is the machine on a AD domain and hence does the machine have a user account with a password ? rdp will not work with out a password.

    Hope this helps

    This cannot be done. You will not get a logon prompt you will be told that you cannot create another console session. The questioner is having issues with an XP system, not a server. We already know he can connect to the port because he can telnet to 3389 from another system. Windows firewall will not care if it is telnet or mstsc that is initiating the connection. If the port is blocked, it will be refused. Since the connection is not dropped, it CANNOT be that the port is closed by a firewall.
  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    The only time I have seen RDP behave like that was in a situation where I had a file server that kept running low on virtual memory. Shares still worked, though we couldn't copy large files to them, and RDP stopped working.

    Dumb question: have you rebooted?
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • undomielundomiel Member Posts: 2,818
    Windows firewall will not care if it is telnet or mstsc that is initiating the connection. If the port is blocked, it will be refused. Since the connection is not dropped, it CANNOT be that the port is closed by a firewall.

    On the other hand I have seen cases of the windows firewall interfering with ports that were open, that's why I am advocating taking down the firewall service.
    Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
  • RobertKaucherRobertKaucher Member Posts: 4,299 ■■■■■■■■■■
    blargoe wrote: »
    Dumb question: have you rebooted?

    I was going to say this exact thing....
  • RobertKaucherRobertKaucher Member Posts: 4,299 ■■■■■■■■■■
    undomiel wrote: »
    On the other hand I have seen cases of the windows firewall interfering with ports that were open, that's why I am advocating taking down the firewall service.

    I agree. But if he can telnet to the port, it's interfering on the application layer only and I see that as improbable.

    I have seen windows firewall on Vista systems have issues sharing and using RDP accross subnets. But I have not seen this on XP systems.

    jrmeulemans, can you disable the windows firewall service and verify there is no other firewall running? Perhapps a user installed something.

    One other thing. Has anyone ever been able to rdp to this system?
  • jrmeulemansjrmeulemans Member Posts: 74 ■■□□□□□□□□
    Hey guys thanks for all the responses:

    Subnet exceptions - I checked these with him...not an issue...I also hopped to a server in the same site as him and tried from there

    Yes he has rebooted

    I am a domain admin so it isnt a permissions issue

    I was able to generate an error message finally, when he was in safe mode with networking:

    "The Remote Computer has Ended The Connection"
    Upon googling:

    I also registered some file: regsvr32 remotepg.dll

    Looks like there is a way the RDP app may be corrupt? I hope I dont have to do a repair install...


    anyways, thanks for the help
  • RobertKaucherRobertKaucher Member Posts: 4,299 ■■■■■■■■■■
  • maumercadomaumercado Member Posts: 163
    check if the admin$ share is enabled... I had a problem similar to yours and was fixed enabling the admin$ share

    c:\net share admin$
    then
    c:\net user remoteadmin /Add

    and to make it autostart at boot
    For NT4 Workstations, Win2K Professional, XP Professional, go to:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters
    Name: AutoShareWks
    Data Type: REG_DWORD
    Value: 1
    Note: A reboot is necessary for this to take effect.
  • jrmeulemansjrmeulemans Member Posts: 74 ■■□□□□□□□□
    ARGGG I should have looked at informational events:

    RDPDD.dll failed to load

    you would think this would be a critical or warning event


    This opens a whole new issue altogether


    upon google...



    ....disabling hardware acceleration didnt work....


    updating nvidia drivers now...
  • jrmeulemansjrmeulemans Member Posts: 74 ■■□□□□□□□□
  • undomielundomiel Member Posts: 2,818
    I love it when important stuff gets flagged as information events and not at least warnings! Good job on finding the fix, bookmarked it myself just in case I ever run into something similar.
    Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
Sign In or Register to comment.