Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 943
  • Last Modified:

remote desktop only work once and once only

Hi, Experts:
I am having a headache problem now.
The controller's  desktop has remote desktop enable, she use remote desktop to access that from laptop.
Since last week, desktop won't allow remote desktop in. I found the sysmantec (10.1.7) block the process because SAV think it is tamper. But checking virius from safe mode found noting.
If I disable the tamper protection, the desktop only allow remote desktop in once and only once. Once I log out, I can't login even just right way. So I uninstall SAV, same situation. I reinstall SAV 11, same problem.
Another thing maybe related, since last week, when I login in to desktop locally, I will get error message
"Exploer,exe failed to initialize", I can press ALT Ctrl Del and log off, then I can login for no problem, Just error message for first time login after computer reboot.
I read all the other article, 3389 port is open, process is listening, telnet 3389 get blank line. But still allow one time remote login, and one time only
1 Solution

One great trouble shooting technique is to open msconfig (click on start then run and type in msconfig in the text box) go to the startup tab and uncheck everything (there's a disable all button to make this easy).  Then go the the services tab check the box to  "Hide all Microsoft services"and uncheck the rest of the non-Microsoft services.  Then reboot and check to see if it works.  If it does then go back to msconfig and start rechecking programs you need, starting with the most important things first.

kzhu197258Author Commented:
Thanks for quick reply
Tried uncheck every nono-microsoft service and start up item, still the same problem.
It doesn't show the "explorer.exe " error message.
So it seems microsoft service get comprised?
I would run malware checks

malware - Leetutor list
Have you tried running virus scans and spyware scans  This could be a problem with viruses/trojans/spyware or other malware. Some free online virus scanners:




Also try these free programs to rid your system of spyware, trojans, and other malware:

Spybot - Search & Destroy

LavaSoft Ad-aware  

I use BOTH of the above programs on my 3 Windows systems; what one program misses, the other catches.  Also make sure to download the most up-to-date data before you run the programs.

Another very good freeware program for ridding yourself of spyware is this:


You might also try this free program (HijackThis) -- install it in its own folder, don't download to your Desktop:


HijackThis is a tool that is for advanced users, because it lists all the installed browser add-on and startup items, allowing you to inspect them and then optionally remove any ones you select.  You must be careful in choosing what to remove, although the program can create a backup of your original settings.  But put a check mark to fix any home page or search page setting that HijackThis detects which you have not entered yourself.  The program has an option to download online updates of the hijack data.

You should first post the log at this site:  


and it will be automatically analyzed for you (after you click on the button labeled "Analyze" near the bottom of the page), telling you which entries (called "Nasty") should be fixed.  You will also be told if you have any items that are "Possibly Nasty", or "Unnecessary", or "Unknown". If you don't know what to do about these, you might find something on the module name by doing a Google search of the internet.

If you have any questions about what it is asking you to fix that you would like the E-E experts to comment on, then do this:  right above the Analyze button you will see this message: "The following analyses has been stored temporarily", and there will be a link where the analysis file will be saved (for a period of three days). Click on it and then copy the link of that page from the address bar of your browser and paste it here, and experts can check it for you.  (Please DON'T post the entire log itself in your question.)

In case you would like to learn more yourself how to use HijackThis, here are a couple of urls:

HijackThis Quick Start

HijackThis log tutorial

I hope this helps !
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Alternate Solution:

I say forget that altogether and try logmein.com.

It's free for personal and commercial use and it uses port 80 so you don't need to worry about any port configuration.

I use it for all of my small-business clients. Try it you will love it.
Uninstall the SAV suite (all of it).
Then uninstall the NIC (through device manager)
Next reboot (upon reboot the NIC will automatically reinstall)
Disable the windows FW
Try Remote desktop
If that fails then us msconfig as outlined above and try again.
If that fails then double check all the remote desktop settings are correct by remoting into yourself, which if it works will just lock the screen.

On top of just running scans against malware, you should also delete any cache files that are in any of the user profiles in the host machine. These files are under %USERPROFILE%\Local Settings\Application Data\Microsoft\Terminal Server Client\Cache. I had this problem for the last two days and deleting the cache files resolved the problem.

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now