jb61264
asked on
Remote Desktop Connection to Windows 2003
I have 8 servers in the network that I started to help with where I work recently. I can remote desktop into all of them except one even though it appears to be configured the same as all the others.
When I use the Remote Desktop plugin, I right-click on the computer I want to connect to and select "connect"...the window to the right then shows a message that says "connecting to server"...then after a couple seconds it says "disconnected from server"
Is there anything I can check on the server?...I made sure that the "enable remote connetion" checkbox is selected and have restarted the server after making that change as a local machine admin to the server...something is keeping me from connecting to this one though
any ideas anyone?
When I use the Remote Desktop plugin, I right-click on the computer I want to connect to and select "connect"...the window to the right then shows a message that says "connecting to server"...then after a couple seconds it says "disconnected from server"
Is there anything I can check on the server?...I made sure that the "enable remote connetion" checkbox is selected and have restarted the server after making that change as a local machine admin to the server...something is keeping me from connecting to this one though
any ideas anyone?
Check that the remote access connection manager service is started. Have you tried bouncing the server?
Check if this server has another connection with a Gateway that can't connect with you. Check with ROUTE PRINT if all routes are well defined. Check for firewall, antivirus or any other tool that can cut the connection. Verify any entry in event log.
HTH
HTH
What happens if you try from another machine to do a TELNET THAT_SERVER_IP 3389 (open a command prompt, type that and press enter)? Does it take the telnet or it says connection refused?
If you cannot telnet it means the TS is not listening on 3389 or there is something blocking that. That may be a firewall, other software or even a misconfigured gateway (so the machine does not know how to get back to you).
Cláudio Rodrigues
Microsoft MVP
Windows Server - Terminal Services
If you cannot telnet it means the TS is not listening on 3389 or there is something blocking that. That may be a firewall, other software or even a misconfigured gateway (so the machine does not know how to get back to you).
Cláudio Rodrigues
Microsoft MVP
Windows Server - Terminal Services
Have you tried another user account as well?
ASKER
When I telnet to 3389 of the IP for that server it says it cannot connect to the host on that port...I do have this server behind our firewall, however another server configured the same way I can connect to with RD
johnb6767....tried another admin user account as well with no luck
Is the remote access connection manager service listed in the "services.msc" module?
johnb6767....tried another admin user account as well with no luck
Is the remote access connection manager service listed in the "services.msc" module?
Is the firewall running locally on the server? It seems as though something is blocking port 3389...Open CMD and type in netstat -an on the system in question
this will give you the ports your system is listening on.
this will give you the ports your system is listening on.
Yep, if you cannot telnet to that server on port 3389 it means there is something blocking access to the port or the service is not listening. Make sure as well that your firewall is forwarding the external requests on that port to the correct internal IP address.
Cláudio Rodrigues
Microsoft MVP
Windows Server - Terminal Services
Cláudio Rodrigues
Microsoft MVP
Windows Server - Terminal Services
ASKER
I have another server that sits in the exact same firewall location and I CAN telnet to port 3389 on that one.
Server 1 (can't telnet) has IP address of XXX.XX.249.196
Server 2 (can telnet) has IP address of XXX.XX.249.198
Are there Windows 2003 settings that disable port 3389 during setup?...is this something I can configure within the server or is it some manually configured item on the Cisco PIX firewall?
Server 1 (can't telnet) has IP address of XXX.XX.249.196
Server 2 (can telnet) has IP address of XXX.XX.249.198
Are there Windows 2003 settings that disable port 3389 during setup?...is this something I can configure within the server or is it some manually configured item on the Cisco PIX firewall?
The X.196 address I assume it is external. This means the Cisco PIX must have a rule to map access to port 3389 on that external IP to the internal one on the same port. Is that rule there? It may not be.
Secondly, if you go on the INTERNAL LAN (not through the firewall) can you telnet to the TS Internal IP on port 3389? If you can it means from the TS service perspective it is all working. If you cannot than the issue is on the TS.
Cláudio Rodrigues
Microsoft MVP
Windows Server - Terminal Services
Secondly, if you go on the INTERNAL LAN (not through the firewall) can you telnet to the TS Internal IP on port 3389? If you can it means from the TS service perspective it is all working. If you cannot than the issue is on the TS.
Cláudio Rodrigues
Microsoft MVP
Windows Server - Terminal Services
ASKER
Unfortunately, I don't "manage" the Cisco PIX firewall (I am at a University and certain network items are managed by the university's IT staff) but I have sent an inquiry to find out this information.
Technically, I believe I am on the "internal" LAN because our floor is all behind the firewall and I am accessing everything from a computer on our floor directly. Is there something I can do directly on the server or from CMD to telnet to the TS Internal IP?...I'm not sure I know how to do that.
Technically, I believe I am on the "internal" LAN because our floor is all behind the firewall and I am accessing everything from a computer on our floor directly. Is there something I can do directly on the server or from CMD to telnet to the TS Internal IP?...I'm not sure I know how to do that.
If the TS and your computer are on the same network, simply open a command prompt and type TELNET TS_INTERNAL_IP 3389 and press enter, where TS_INTERNAL_IP and the TS internal IP address and NOT the external one that is on the outside, managed by the PIX firewall. If you cannot telnet to the TS and you are telling us you are on the same LAN as the TS, then there is something wrong with the TS itself (could be software - TS not started, etc - or hardware - cable not connected for example).
Cláudio Rodrigues
Microsoft MVP
Windows Server - Terminal Services
Cláudio Rodrigues
Microsoft MVP
Windows Server - Terminal Services
ASKER
Ok...sorry for any confusion, but when I try to telnet to the servers 3389 port, I am definately "inside" the firewall...i am typing the IP address directly from my office PC which also sits behind the firewall (although in a more "open zone" than the servers)...so it must be something on the server that isn't configured?
Well probably. But as I said, the whole thing seems confusing. :-) Without a detailed network diagram with all the devices and IPs in use it is very tough, if not impossible, to pinpoint where the problem is.
But definitely, if you can telnet to another server on the same LAN, not behind a firewall and you cannot do that on this particular one, that leads us to think there is something going on at the server end.
Cheers,
Cláudio Rodrigues
Microsoft MVP
Windows Server - Terminal Services
But definitely, if you can telnet to another server on the same LAN, not behind a firewall and you cannot do that on this particular one, that leads us to think there is something going on at the server end.
Cheers,
Cláudio Rodrigues
Microsoft MVP
Windows Server - Terminal Services
ASKER
when i type a netstat -an on the server command prompt I get a list that includes the following:
Proto Local Address Remote Address State
TCP 0.0.0.0:3389 0.0.0.0 LISTENING
Then there are other items in the list where the local and remote address is an actual ip address with the servers IP and a port (but none of them are 3389):
Proto Local Address Remote Address State
TCP 0.0.0.0:3389 0.0.0.0 LISTENING
Then there are other items in the list where the local and remote address is an actual ip address with the servers IP and a port (but none of them are 3389):
ASKER
Crude....my bad....the netstat -an above is from my server that IS working...when I do netstat -an on the server that is NOT working....I do NOT get a message for port 3389 like I get for the server that IS working like I listed above.
How do I "turn on" that port for my server that isn't working?
How do I "turn on" that port for my server that isn't working?
I would try uninstalling and reinstalling terminal services. Remember to reboot once uninstalled. :-)
Cláudio Rodrigues
Microsoft MVP
Windows Server - Terminal Services
Cláudio Rodrigues
Microsoft MVP
Windows Server - Terminal Services
ASKER
Any "best" way to uninstall terminal services and then reinstall?
Simply go to Control Panel | Add/Remove Programs | Windows Components.
Cláudio Rodrigues
Microsoft MVP
Windows Server - Terminal Services
Cláudio Rodrigues
Microsoft MVP
Windows Server - Terminal Services
ASKER
Is "Terminal Services" different than "Terminal Server"....on my server that IS working, Terminal Server is not installed....I noticed that on my server that IS NOT working that Terminal Server is also not installed and at first thought that it might need to be installed.
I don't see where "Terminal Services" is installed/uninstalled from
I don't see where "Terminal Services" is installed/uninstalled from
'Terminal Server' is the same as Terminal Services. :-)
If Terminal Server is not installed on the server that is working it means you are using the server in Remote Desktop mode only (that allows only 2 remote connections to the server).
To do the same on the second server simply to to 'My Computer', right click it and choose 'Properties'. On the REMOTE tab where you see 'Remote Desktop', check the checkbox.
Cláudio Rodrigues
Microsoft MVP
Windows Server - Terminal Services
If Terminal Server is not installed on the server that is working it means you are using the server in Remote Desktop mode only (that allows only 2 remote connections to the server).
To do the same on the second server simply to to 'My Computer', right click it and choose 'Properties'. On the REMOTE tab where you see 'Remote Desktop', check the checkbox.
Cláudio Rodrigues
Microsoft MVP
Windows Server - Terminal Services
ASKER
Checking the "Remote Desktop" checkbox on the REMOTE tab was the first thing I tried...I am really completely baffled as to why this server will not allow me to remote desktop to it.
I know is not the solution but you can try to install on both box any version of VNC, like ultravnc, thightvnc, ... and control the remote with this tool.
As a test you can install terminal server. What do you have loaded on this server in terms of applications, etc?
Cláudio Rodrigues
Microsoft MVP
Windows Server - Terminal Services
Cláudio Rodrigues
Microsoft MVP
Windows Server - Terminal Services
ASKER
I will install terminal server today...as far as applications, really the primary one is SQL Server...this server is primarily a bunch of network shared folders for various labs to store information on, but there is SQL Server installed
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This fixed my problem...I didn't even have a connection listed in the terminal services connection manager...which I thought was just supposed to show any connections for any RD connections...since there weren't any, I assumed that all was how it was supposed to be.
I did as you suggested and added a new connection and tada!....thanks dreamyguy for this suggestion!!
I did as you suggested and added a new connection and tada!....thanks dreamyguy for this suggestion!!