remote desktop only work once and once only

Posted on 2008-10-25
Last Modified: 2013-11-22
Hi, Experts:
I am having a headache problem now.
The controller's  desktop has remote desktop enable, she use remote desktop to access that from laptop.
Since last week, desktop won't allow remote desktop in. I found the sysmantec (10.1.7) block the process because SAV think it is tamper. But checking virius from safe mode found noting.
If I disable the tamper protection, the desktop only allow remote desktop in once and only once. Once I log out, I can't login even just right way. So I uninstall SAV, same situation. I reinstall SAV 11, same problem.
Another thing maybe related, since last week, when I login in to desktop locally, I will get error message
"Exploer,exe failed to initialize", I can press ALT Ctrl Del and log off, then I can login for no problem, Just error message for first time login after computer reboot.
I read all the other article, 3389 port is open, process is listening, telnet 3389 get blank line. But still allow one time remote login, and one time only
Question by:kzhu197258
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 15

Expert Comment

ID: 22805642

One great trouble shooting technique is to open msconfig (click on start then run and type in msconfig in the text box) go to the startup tab and uncheck everything (there's a disable all button to make this easy).  Then go the the services tab check the box to  "Hide all Microsoft services"and uncheck the rest of the non-Microsoft services.  Then reboot and check to see if it works.  If it does then go back to msconfig and start rechecking programs you need, starting with the most important things first.


Author Comment

ID: 22805796
Thanks for quick reply
Tried uncheck every nono-microsoft service and start up item, still the same problem.
It doesn't show the "explorer.exe " error message.
So it seems microsoft service get comprised?
LVL 63

Accepted Solution

SysExpert earned 250 total points
ID: 22805852
I would run malware checks

malware - Leetutor list
Have you tried running virus scans and spyware scans  This could be a problem with viruses/trojans/spyware or other malware. Some free online virus scanners:

Also try these free programs to rid your system of spyware, trojans, and other malware:
Spybot - Search & Destroy
LavaSoft Ad-aware  

I use BOTH of the above programs on my 3 Windows systems; what one program misses, the other catches.  Also make sure to download the most up-to-date data before you run the programs.

Another very good freeware program for ridding yourself of spyware is this:

You might also try this free program (HijackThis) -- install it in its own folder, don't download to your Desktop:

HijackThis is a tool that is for advanced users, because it lists all the installed browser add-on and startup items, allowing you to inspect them and then optionally remove any ones you select.  You must be careful in choosing what to remove, although the program can create a backup of your original settings.  But put a check mark to fix any home page or search page setting that HijackThis detects which you have not entered yourself.  The program has an option to download online updates of the hijack data.

You should first post the log at this site:

and it will be automatically analyzed for you (after you click on the button labeled "Analyze" near the bottom of the page), telling you which entries (called "Nasty") should be fixed.  You will also be told if you have any items that are "Possibly Nasty", or "Unnecessary", or "Unknown". If you don't know what to do about these, you might find something on the module name by doing a Google search of the internet.

If you have any questions about what it is asking you to fix that you would like the E-E experts to comment on, then do this:  right above the Analyze button you will see this message: "The following analyses has been stored temporarily", and there will be a link where the analysis file will be saved (for a period of three days). Click on it and then copy the link of that page from the address bar of your browser and paste it here, and experts can check it for you.  (Please DON'T post the entire log itself in your question.)

In case you would like to learn more yourself how to use HijackThis, here are a couple of urls:
HijackThis Quick Start
HijackThis log tutorial

I hope this helps !
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.


Expert Comment

ID: 22805864
Alternate Solution:

I say forget that altogether and try

It's free for personal and commercial use and it uses port 80 so you don't need to worry about any port configuration.

I use it for all of my small-business clients. Try it you will love it.
LVL 15

Expert Comment

ID: 22806251
Uninstall the SAV suite (all of it).
Then uninstall the NIC (through device manager)
Next reboot (upon reboot the NIC will automatically reinstall)
Disable the windows FW
Try Remote desktop
If that fails then us msconfig as outlined above and try again.
If that fails then double check all the remote desktop settings are correct by remoting into yourself, which if it works will just lock the screen.


Expert Comment

ID: 23198636
On top of just running scans against malware, you should also delete any cache files that are in any of the user profiles in the host machine. These files are under %USERPROFILE%\Local Settings\Application Data\Microsoft\Terminal Server Client\Cache. I had this problem for the last two days and deleting the cache files resolved the problem.

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For those of you actively in the Malware fightling business, we now have available an amazing new tool in the malware wars (first recommended to me by rpggamergirl (, the Zone Advisor for the Virus and …
An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question