Avatar of DATA99
Flag for Afghanistan asked on

RDP clients cannot connect to Windows 2000 server (remote administration mode). Caused by (a now cured) virus infection.

Hi there,

The problem is that since my Windows 2000 Advanced Server (SP4) had a virus infection, which is now cured. Now however my RDP clients can't connect to it. The very first connection (from ANY client) always returns "A network error has occurred" error, and any subsequent connections yield the "server could not be contacted" error. The server is a basic domain controller/file server setup with Terminal Services in remote administration mode. My clients generally connect via a VPN, I've tested it on the local network and clients get the same error. The viruses have now been cleaned, the infection was mostly limited to the system32 folder, targeting .exe files and .dll files.

The clients are a mix of XP and 2000 workstations. The server firewall is always disabled for testing purposes.

I can telnet the server on port 3389 from my client PCs, and when doing so an empty session does appear in the terminal services manager. As far as I can see the RDP listener is working, but I'm not 100% sure. Is there any definitive test to say whether or not the rdp-tcp listener is working?

I've run "sfc /scannow", and that repaired the damaged windows files. I've also reinstalled terminal services to no avail. Is it worth changing the port that terminal services uses or is this a waste of time? Any help or ideas would be greatly appreciated, I don't really want to reinstall the OS.

Many Thanks

Microsoft Server OS

Avatar of undefined
Last Comment

8/22/2022 - Mon
Cláudio Rodrigues

You can try a couple things:
1. Launch TSCC.MSC and delete the RDP-tcp listener.
2. Reboot.
3. Go back to TSCC.MSC and create a new listener.
4. Reboot.

Make sure you do this LOCALLY at the console. :-)

Cláudio Rodrigues

Microsoft MVP
Windows Server - Terminal Services

I have reinstalled the RDP-tcp listener. Now I only get the "The Client could not establish a connect to the remote computer" error. I forgot to mention that when I connect a can see the session flash up for a moment in Terminal Tervices Manager, then disappear. I'm now getting a "The RDP protocol component "DATA ENCRYPTION" detected an error in the protocol stream and has disconnected the client." error in the eventviewer which I wasn't getting before (Source: TermDD, ID: 50).

I'm going to try reinstalling the TCP/IP protocol next.

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes