RDP/Terminal Services

Cannot connect to server using RDP.
If I use PortQry version 1.22 a TCP/IP connectivity testing utility to test port 3389 the result  is....

Starting portqry.exe -n xxx.xxx.xxx.xxx -e 3389 -p TCP ...
Querying target system called:
x xx.xxx.xxx.xxx
Attempting to resolve IP address to a name...
IP address resolved to rrcs-xx.xx.xx.xx.se.biz.rr.com
querying...

TCP port 3389 (ms-wbt-server service): LISTENING
portqry.exe -n xxx.xxx.xxx.xxx -e 3389 -p TCP exits with return code 0x00000000.

After I run this utility, I can connect successfuly. I can use RDP for 24 to 48 hours before I have to repeat the process. Result is always the same.
No firewall is turned on.
Running windows 2003 strandard addition/Domain controller (all service packs up to date)
eckertpcAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

eckertpcAuthor Commented:
removed ip address
0
5t34lth_G33kCommented:
When it stops responding, can you logon to the server via the console and check the status of the Terminal Services service? Also, could you try telnetting to the port?
0
jojuezCommented:
Is this internal or over the web?
0
Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

eckertpcAuthor Commented:
5t34lth_G33k: I can logon internal Always with no problem:
Note: System is Multi-Homed
however I can always connect to the external IP internaly as well.
0
eckertpcAuthor Commented:
Additional Info: I cannot make it stop responding, I must wait until the problem returns. Could be 24Hrs plus.
0
5t34lth_G33kCommented:
so when is it disconnecting?
0
eckertpcAuthor Commented:
jojuez:Not internal, external only!
0
5t34lth_G33kCommented:
if its just externally, that would point to the network hardware between the server and the internet, namely the firewall. What firewall do you have?
0
eckertpcAuthor Commented:
5t34lth_G33k: It is not consistent.
Event logs are clean.
Important: I had VPN setup with the same issue, At that time I did use the port query tool to resolve, rebooted instead. A reboot solves the issue as well.
Uninstalled VPN server, do not use for now.
0
5t34lth_G33kCommented:
yes, sounds like a firewall issue then.
0
eckertpcAuthor Commented:
For testing, I removed all firewalls from the external IP address. I was using the native microsoft firewall, but is is off for now!
0
eckertpcAuthor Commented:
I have be working on this for serveral weeks now, tested most everything, Run basic test on the network card, nothiig extensive.
Hardware issue????
Have not updated the drivers....
0
eckertpcAuthor Commented:
Corrected Answer, I DID NOT USE THE PORT QUERY TOOL
5t34lth_G33k: It is not consistent.
Event logs are clean.
Important: I had VPN setup with the same issue, At that time I did NOT use the port query tool to resolve, rebooted instead. A reboot solves the issue as well.
Uninstalled VPN server, do not use for now.
0
eckertpcAuthor Commented:
Have looked at the softeware side but not the hardware very close. I think at this time I will replace the network card. This is simple and cheap.
Will respond with the results, may be 24 hrs before complete. This server is used at a Hotel (24/7/365)
May take tiime to replace
Last post 02/07/2008 @ 11:12 Eastern Time
0
5t34lth_G33kCommented:
so your internet connection just goes into a router with no firewall and then into your server?
0
eckertpcAuthor Commented:
5t34lth_G33k:
No, for testing purposes, this NIC is directory connected to our ISP using one of our static IP's.
Only used for RDP and remote admin. Not used for internal internet routing.

0
eckertpcAuthor Commented:
02/08/2008
Cannot connect RDP again Note:0.0.0.0 3389 Listening
NOTE:ALL THE X"S ARE EXTERNAL IP's (Public IP)
TO Get the port unlocked I must run portqueryui from the internal network!
**************
THIS IS BEFORE I run Portqueryui (External Network form anywhere)
Tcpview:
:spoolsv.exe:1264      UDP      0.0.0.0:1164      *:*            
spoolsv.exe:1264      UDP      127.0.0.1:1207      *:*            
spoolsv.exe:1264      TCP      192.168.2.6:2722      192.168.2.6:1025      ESTABLISHED      
spoolsv.exe:1264      TCP      192.168.2.6:2721      192.168.2.6:135      ESTABLISHED      
svchost.exe:3260      TCP      192.168.2.6:3389      192.168.2.3:2532      ESTABLISHED      
svchost.exe:3260      TCP      0.0.0.0:3389      0.0.0.0:0      LISTENING      
**************************************************************************************
After Portqueryui
PBESER~1.EXE:1452      UDP      0.0.0.0:2160      *:*            
spoolsv.exe:1264      UDP      0.0.0.0:1164      *:*            
spoolsv.exe:1264      UDP      127.0.0.1:1207      *:*            
svchost.exe:3260      TCP      192.168.2.6:3389      192.168.2.3:2532      ESTABLISHED      
svchost.exe:3260      TCP      0.0.0.0:3389      0.0.0.0:0      LISTENING      
svchost.exe:3260      UDP      127.0.0.1:1160      *:*            
svchost.exe:3260      TCP      192.168.2.8:3389      67.77.168.135:16452      ESTABLISHED      
svchost.exe:712      TCP      0.0.0.0:135      0.0.0.0:0      LISTENING      
svchost.exe:712      TCP      0.0.0.0:593      0.0.0.0:0      LISTENING      

note:192.168.2.8 is the basic  Router that I have added with port forward
I used this setup a 1000 times.
*****************************************************************************************
Before Portqueryui


 Starting portqry.exe -n xx.xx.xx.xx. -e 3389 -p TCP ...


Querying target system called:

 xx.xx.xx.xx

Attempting to resolve IP address to a name...


IP address resolved to rrcs-xx.xx.xx.xx..se.biz.rr.com

querying...

TCP port 3389 (ms-wbt-server service): FILTERED
portqry.exe -n xx.xx.xx.xx. -e 3389 -p TCP exits with return code 0x00000002.
*****************************************************************************************************************
After Portqueryui

 Starting portqry.exe -n xx.xx.xx.xx -e 3389 -p TCP ...


Querying target system called:

 xx.xx.xx.xx

Attempting to resolve IP address to a name...


IP address resolved to rrcs-xx.xx.xx.xx.se.biz.rr.com

querying...

TCP port 3389 (ms-wbt-server service): LISTENING
portqry.exe -n xx.xx.xx.xx -e 3389 -p TCP exits with return code 0x00000000.
********************************************************************
NOTE:NO FIREWALL software software or hardware is Installed.
IT works (Unlocks) every time I use the portqueryui on the internal network>
ALSo updated the drivers on the NIC card.
This is a DELL server about 6 months old
No problems anywhere else with the system
CLean Event Logs
Windows 2003R2
Domain Controller
DHCP
DNS
Terminal Services
NO VPN (Had same problem with VPN when it WAS installed)
I did have windows Navtive 2003 firewall on at one time.This is new for 2003 R2, could this be an issue?
0
5t34lth_G33kCommented:
If you have turned it off, it shouldnt be causing any issues. I would also double check your equipment between your server and ISP, as far as I know you cant directly connect your server NIC to your ISP - there has to be some kind of router or firewall in the way to route your traffic, and I suspect this is what is causing the issues. You mentioned another service doing this other than RDP, so it would point to a network appliance (or software firewall) that is blocking ports until they are needed for some reason.
0
eckertpcAuthor Commented:
5t34lth_G33k:
I have 8 server's at this location,3 of them have static ip's directly connected to the internet. All are working well and have been for several years. Router's w/NAT are a safer option but not always needed.
Anyway I have connected a router to this server (Same results)
No differnece what so ever.
0
eckertpcAuthor Commented:
As it stands for now! The problem (I Think) was hackers form China and Japan, A least once a day I would get logon attempts in the security event log. (Failed Attemps) They would only try two or three times a day, everyday. After blocking their IP address, I have had no trouble with the connection sence.
What do I do with the points?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.