HungerMountain
asked on
Remote Desktop Not listening on Port 3389 Windows 2008R2
I cannot connect to a windows server 2008r2 with any remote desktop.
-No firewall enabled
-No antivirus firewall
-Remote Desktop is enable thru system properties
-Changing listening port via registry makes no difference(still will not listen on new port)
-have recreated the connection in the Remote Desktop Session Host
-have tried specific network adapters and the setting for all network adapters.
Any ideas why i cannot connect and get this message" Remote Desktop can't connect to the remote computer for one of these reasons"?
-No firewall enabled
-No antivirus firewall
-Remote Desktop is enable thru system properties
-Changing listening port via registry makes no difference(still will not listen on new port)
-have recreated the connection in the Remote Desktop Session Host
-have tried specific network adapters and the setting for all network adapters.
Any ideas why i cannot connect and get this message" Remote Desktop can't connect to the remote computer for one of these reasons"?
ASKER
Thanks
1)Opening a telnet connection ...I get "Could not open connection to the host , on port 3389:connect failed"
using netstat -ano it does not show 3389 listening at all
2)I am getting the standard error connection as if the machine had Remote Desktop disabled (see attached screen shot)
3)I dont believe i have ever tried it before now
4) Enabling Remote Desktop Rules with active firewall made no difference.(i had not stopped the firewall service, just turned it off in the control panel)
5)Nothing visible in either client or sever event logs
6)I am using a windows 7 client ..have also tried another machine , and and XP client.
7)I have not added any of the Remote Desktop Service Features thru server management.(We just need Remote Desktop for Administration)
1)Opening a telnet connection ...I get "Could not open connection to the host , on port 3389:connect failed"
using netstat -ano it does not show 3389 listening at all
2)I am getting the standard error connection as if the machine had Remote Desktop disabled (see attached screen shot)
3)I dont believe i have ever tried it before now
4) Enabling Remote Desktop Rules with active firewall made no difference.(i had not stopped the firewall service, just turned it off in the control panel)
5)Nothing visible in either client or sever event logs
6)I am using a windows 7 client ..have also tried another machine , and and XP client.
7)I have not added any of the Remote Desktop Service Features thru server management.(We just need Remote Desktop for Administration)
Make sure it is actually running on port 3389 at this registry key. If it is, try a different port like 3390, reboot and try again.
HKEY_LOCAL_MACHINE\System\
HKEY_LOCAL_MACHINE\System\
ASKER
I have tried this a number of times. It makes no difference what the port number is set at. It will not listen on any other port either.
I think it is definitely firewall. Disable the firewall completely and try again. Can the server be pinged from a client? Have you tried removing the setting to allow rdp and then re-enabling them?
Also, try this article...
http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/6debc586-0977-4731-b418-ca1edb34fe8b
http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/6debc586-0977-4731-b418-ca1edb34fe8b
ASKER
Still nothing with the firewall completely disabled. Yes the machine is fully online. I can access shares and ping it.
You are disabling the firewall on the domain side, right? Just making sure. And also, you disabled both areas of the firewall, correct?
ASKER
Yes 100% sure the wall is not blocking it. I am not sure what you mean by "both" areas. I have turned off the firewall in areas --Domain Home and Public -----as well as stopping the windows firewall service in services.
The system still does not show 3389 listening as it does in all of our other 2008R2 servers with SP1
The system still does not show 3389 listening as it does in all of our other 2008R2 servers with SP1
Try it from an elevated command prompt, disabling all 3 for the test-
Disable Windows 2008 R2 Firewall from Command Line:
Domain Profile:
Netsh advfirewall set domainprofile state off
Private Profile:
Netsh advfirewall set privateprofile state off
Public Profile:
Netsh advfirewall set publicprofile state off
To enable the firewall replace the OFF at the end of the sentence for ON.
Turn them all off from the elevated command prompt and try again. It is still acting like the firewall by the symptoms you are describing. I just want to make sure.
Thanks!
Disable Windows 2008 R2 Firewall from Command Line:
Domain Profile:
Netsh advfirewall set domainprofile state off
Private Profile:
Netsh advfirewall set privateprofile state off
Public Profile:
Netsh advfirewall set publicprofile state off
To enable the firewall replace the OFF at the end of the sentence for ON.
Turn them all off from the elevated command prompt and try again. It is still acting like the firewall by the symptoms you are describing. I just want to make sure.
Thanks!
ASKER
All commands ran successfully to turn off the firewall, but that did not fix the problem.
Are you using NLA?
ASKER
Network Location Awareness service is running.
I think he meant network level authentication but in this case it's a complete misdirection as you're not even getting it listening.
Also, netsh commands to disable firewall functions are deprecated and shouldn't be used now.
I'm at a loss on this one - the general consensus I've found online has been to do a reinstall of the OS.
Is it service packed? It might be worthwhile putting it on/reapplying it.
Also, netsh commands to disable firewall functions are deprecated and shouldn't be used now.
I'm at a loss on this one - the general consensus I've found online has been to do a reinstall of the OS.
Is it service packed? It might be worthwhile putting it on/reapplying it.
ASKER
Yes i agree , it needs to be listening first.
It is on service pack 1. I may re-pack it, I want to avoid OS re-installation.
Maybe its time to open a microsoft ticket. :-(
This one has me stumped too.
It is on service pack 1. I may re-pack it, I want to avoid OS re-installation.
Maybe its time to open a microsoft ticket. :-(
This one has me stumped too.
Have you tried removing/reinstalling RDS role/s?
Netsh is deprecated? Directly on MS website, it says you can use the Firewall commands using Netsh. I don't understand why one would think it is deprecated unless they are not used to using the command prompt or powershell. I am a past Linux guy so I like command line.
http://technet.microsoft.com/en-us/library/cc766337%28v=ws.10%29.aspx
Back to the point at hand, I still think it is the firewall messing it up in someway. I cannot see a large enterprise wiping a DC if they are unable to RDP to the server.
1. Make sure all of these services are running on the Server
DNS Client
Function Discovery Resource Publication
SSDP Discovery
UPnP
2. Go to Control Panel > System & Security > Click on 'Allow Remote Access' under System and allow RDP
I had a jr admin actually disable "DNS Client" on a DC because he thought "Its a DNS Server, why does it need to be a client" which wreaked some havoc for a day or two.
http://technet.microsoft.com/en-us/library/cc766337%28v=ws.10%29.aspx
Back to the point at hand, I still think it is the firewall messing it up in someway. I cannot see a large enterprise wiping a DC if they are unable to RDP to the server.
1. Make sure all of these services are running on the Server
DNS Client
Function Discovery Resource Publication
SSDP Discovery
UPnP
2. Go to Control Panel > System & Security > Click on 'Allow Remote Access' under System and allow RDP
I had a jr admin actually disable "DNS Client" on a DC because he thought "Its a DNS Server, why does it need to be a client" which wreaked some havoc for a day or two.
ASKER
The only service that was not running was Function Discovery Resource Publication(that made no difference and is not running on other 2008r2 servers that allow RDP admin
I have "allow Remote Access" Turned on
I have been thru the microsoft article. I cannot get the port to listen on any port!!
Just to clarify, I am only using RDP for administration purposes, I have not installed the roles for Remote Desktop Services. It says on the opening screen when you attempt add them , that this is not needed for Administration only.
I have "allow Remote Access" Turned on
I have been thru the microsoft article. I cannot get the port to listen on any port!!
Just to clarify, I am only using RDP for administration purposes, I have not installed the roles for Remote Desktop Services. It says on the opening screen when you attempt add them , that this is not needed for Administration only.
Correct, i have experienced it where installing the remote desktop services role and then removing clears the problem, hence the question. There is something in the reg. or the system that is preventing the RDP port from functioning. Even though you eliminated the firewall and the RDP Registry entry, it is obviously lurking somewhere. Installing/test/removing RDS will allow you to reset this w/out reinstalling the OS.
ASKER
I have installed the RDS roles
Rebooted
could still not connect
I have uninstalled the RDS roles
Rebooted
could still not connect
Great idea though.
Rebooted
could still not connect
I have uninstalled the RDS roles
Rebooted
could still not connect
Great idea though.
Ms call it is, I'm afraid :-(
Have you ever been able to connect to this Server remotely? Is there any AV installed? Any type of security software, port blockers, McAfee, Norton etc. ?
ASKER
I dont believe i have ever tried connecting this way before.
There is antivirus software, but it gives no issues on any other of our servers(No add on firewall or port blocker)
Other software is CA ArcServe,Sharepoint foundation 2010 and SQL Server.
I think i will be making a long phone call.
There is antivirus software, but it gives no issues on any other of our servers(No add on firewall or port blocker)
Other software is CA ArcServe,Sharepoint foundation 2010 and SQL Server.
I think i will be making a long phone call.
I would still try eliminating all possibilities before calling MS. The first thing they will do is tell you to uninstall AV (if it is 3rd party) and try again. I have tried it in the past and they always say it. Are you able to uninstall AV, reboot and try again, just to eliminate any possibility?
Even if there is no FW or Port blocking in the AV, I have seen it still happen in the past. Just a suggestion before calling MS and paying the money/time to do so.
Even if there is no FW or Port blocking in the AV, I have seen it still happen in the past. Just a suggestion before calling MS and paying the money/time to do so.
ASKER
Uninstalled antivirus, rebooted....and .. Same problem... no connection...not listening on port.
The comment re lack of experience with the command shell was rather personal and uncalled for. I made a simple mistake and misread the advfirewall as firewall which is the command that has been deprecated. I did not say netsh has been,
I would uninstall the RDS role as this installs the session host role but I assume you want the remote administrative mode.
I'd also re-service pack it.
It might be worth checking which, if any, updates have gone on recently that may be different on other (working) servers and remove them.
I would uninstall the RDS role as this installs the session host role but I assume you want the remote administrative mode.
I'd also re-service pack it.
It might be worth checking which, if any, updates have gone on recently that may be different on other (working) servers and remove them.
Tony1044 - I apologize if you took it personal, it was not my intention at all nor was it referring that you had a lack of knowledge. All of the questions are relevant and I don't think any should be overlooked, hence my questioning.
I still think it is firewall related - try below - taken from here:
http://social.technet.microsoft.com/Forums/en-US/windowsserver2008r2rds/thread/811b722f-78e4-479c-afc8-bbfd604447fa/
__________________________
By default, there is pre-defined rule Remote Desktop (TCP-in) in all profile that allow the incoming RDP connection. Please double check this rule to make sure it is enabled and applies to all profiles.
If the issue persists, please enable the Windows Firewall Audit Events on the server and then reproduce the issue to verify whether RDP traffic that is blocked by the Windows Server 2008 firewall.
1. In the command prompt, type the following command. You can copy and paste this command into the Command Prompt window:
auditpol.exe /set /SubCategory:"MPSSVC rule-level Policy Change","Filtering Platform policy change","IPsec Main Mode","IPsec Quick Mode","IPsec Extended Mode","IPsec Driver","Other System Events","Filtering Platform Packet Drop","Filtering Platform Connection" /success:enable /failure:enable
2. Restart the Windows Firewall service by typing the following commands, ending each by pressing ENTER:
net stop MPSSVC
net start MPSSVC
3. On the client, try to establish the RDP connection and then verify the event log in the Event Log--->Security.
Enable IPsec and Windows Firewall Audit Events
http://technet.microsoft.com/en-us/library/cc754714.aspx
I still think it is firewall related - try below - taken from here:
http://social.technet.microsoft.com/Forums/en-US/windowsserver2008r2rds/thread/811b722f-78e4-479c-afc8-bbfd604447fa/
__________________________
By default, there is pre-defined rule Remote Desktop (TCP-in) in all profile that allow the incoming RDP connection. Please double check this rule to make sure it is enabled and applies to all profiles.
If the issue persists, please enable the Windows Firewall Audit Events on the server and then reproduce the issue to verify whether RDP traffic that is blocked by the Windows Server 2008 firewall.
1. In the command prompt, type the following command. You can copy and paste this command into the Command Prompt window:
auditpol.exe /set /SubCategory:"MPSSVC rule-level Policy Change","Filtering Platform policy change","IPsec Main Mode","IPsec Quick Mode","IPsec Extended Mode","IPsec Driver","Other System Events","Filtering Platform Packet Drop","Filtering Platform Connection" /success:enable /failure:enable
2. Restart the Windows Firewall service by typing the following commands, ending each by pressing ENTER:
net stop MPSSVC
net start MPSSVC
3. On the client, try to establish the RDP connection and then verify the event log in the Event Log--->Security.
Enable IPsec and Windows Firewall Audit Events
http://technet.microsoft.com/en-us/library/cc754714.aspx
ASKER
Enabling logging on the firewall revealed nothing. I do not believe this is a firewall issue. I still cannot see the port listening.
All servers have the same updates and service packs .. no issues with any other machines.
About to open a ticket with microsoft.
I will let you know what i will find.
All servers have the same updates and service packs .. no issues with any other machines.
About to open a ticket with microsoft.
I will let you know what i will find.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I'm really glad you got it working - also glad you had a working backup to go back to.
One quick tip for the future (where it's relevant) before I do anything so invasive, if it's a physical HP or Dell* server with a RAID 1 drive set for the OS (quite a common setup), I pull one of the drives.
That way if you end up with it stuffed like MS did, it can be quickly restored by pulling the stuffed drive and plugging the one you pulled out back in.
Ditto if it's a virtual machine - take a snapshot first.
Either way though - really glad you got it working.
*May work on other servers but have never tried it.
One quick tip for the future (where it's relevant) before I do anything so invasive, if it's a physical HP or Dell* server with a RAID 1 drive set for the OS (quite a common setup), I pull one of the drives.
That way if you end up with it stuffed like MS did, it can be quickly restored by pulling the stuffed drive and plugging the one you pulled out back in.
Ditto if it's a virtual machine - take a snapshot first.
Either way though - really glad you got it working.
*May work on other servers but have never tried it.
ASKER
Great suggestion Tony. I will keep that in mind for future issues.
A side note on the fix--
The official resolution and driver file versions.
RDPWD.SYS from 6.1.7601.1779 to 6.1.7601.2149
RDBSS.SYS from 6.1.7601.17514 to 6.1.7601.17737
A side note on the fix--
The official resolution and driver file versions.
RDPWD.SYS from 6.1.7601.1779 to 6.1.7601.2149
RDBSS.SYS from 6.1.7601.17514 to 6.1.7601.17737
ASKER
The provides a solution to a problem that most were recommending a full system re-install. I wanted to avoid reinstalling.
Just had the same,
run
sfc /scannow
shutdown
power on
run
sfc /scannow
shutdown
power on
telnet xxx.xxx.xxx.xxx 3389
If the screen goes black, to a cursor, then it is actually listening.
What is the full error message you are receiving?
Has it ever worked?
Have you disabled the firewall service? If so, re-enable it and turn it off via the security centre or create a rule for RDP.
Is there anything in the event logs of either the server or client?
What client are you using? XP/Vista/7 ?
Have you enabled Remote Desktop Services? If so, this is akin to Terminal Server and after a grace period will require licenses. If you just want remote management, uninstall the RDS features.
If you can answer the above, it'll help to narrow down the problem.