remote desktop only work once and once only

Posted on 2008-10-25
Last Modified: 2013-11-22
Hi, Experts:
I am having a headache problem now.
The controller's  desktop has remote desktop enable, she use remote desktop to access that from laptop.
Since last week, desktop won't allow remote desktop in. I found the sysmantec (10.1.7) block the process because SAV think it is tamper. But checking virius from safe mode found noting.
If I disable the tamper protection, the desktop only allow remote desktop in once and only once. Once I log out, I can't login even just right way. So I uninstall SAV, same situation. I reinstall SAV 11, same problem.
Another thing maybe related, since last week, when I login in to desktop locally, I will get error message
"Exploer,exe failed to initialize", I can press ALT Ctrl Del and log off, then I can login for no problem, Just error message for first time login after computer reboot.
I read all the other article, 3389 port is open, process is listening, telnet 3389 get blank line. But still allow one time remote login, and one time only
Question by:kzhu197258
LVL 15

Expert Comment

ID: 22805642

One great trouble shooting technique is to open msconfig (click on start then run and type in msconfig in the text box) go to the startup tab and uncheck everything (there's a disable all button to make this easy).  Then go the the services tab check the box to  "Hide all Microsoft services"and uncheck the rest of the non-Microsoft services.  Then reboot and check to see if it works.  If it does then go back to msconfig and start rechecking programs you need, starting with the most important things first.


Author Comment

ID: 22805796
Thanks for quick reply
Tried uncheck every nono-microsoft service and start up item, still the same problem.
It doesn't show the "explorer.exe " error message.
So it seems microsoft service get comprised?
LVL 63

Accepted Solution

SysExpert earned 250 total points
ID: 22805852
I would run malware checks

malware - Leetutor list
Have you tried running virus scans and spyware scans  This could be a problem with viruses/trojans/spyware or other malware. Some free online virus scanners:

Also try these free programs to rid your system of spyware, trojans, and other malware:
Spybot - Search & Destroy
LavaSoft Ad-aware  

I use BOTH of the above programs on my 3 Windows systems; what one program misses, the other catches.  Also make sure to download the most up-to-date data before you run the programs.

Another very good freeware program for ridding yourself of spyware is this:

You might also try this free program (HijackThis) -- install it in its own folder, don't download to your Desktop:

HijackThis is a tool that is for advanced users, because it lists all the installed browser add-on and startup items, allowing you to inspect them and then optionally remove any ones you select.  You must be careful in choosing what to remove, although the program can create a backup of your original settings.  But put a check mark to fix any home page or search page setting that HijackThis detects which you have not entered yourself.  The program has an option to download online updates of the hijack data.

You should first post the log at this site:

and it will be automatically analyzed for you (after you click on the button labeled "Analyze" near the bottom of the page), telling you which entries (called "Nasty") should be fixed.  You will also be told if you have any items that are "Possibly Nasty", or "Unnecessary", or "Unknown". If you don't know what to do about these, you might find something on the module name by doing a Google search of the internet.

If you have any questions about what it is asking you to fix that you would like the E-E experts to comment on, then do this:  right above the Analyze button you will see this message: "The following analyses has been stored temporarily", and there will be a link where the analysis file will be saved (for a period of three days). Click on it and then copy the link of that page from the address bar of your browser and paste it here, and experts can check it for you.  (Please DON'T post the entire log itself in your question.)

In case you would like to learn more yourself how to use HijackThis, here are a couple of urls:
HijackThis Quick Start
HijackThis log tutorial

I hope this helps !
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.


Expert Comment

ID: 22805864
Alternate Solution:

I say forget that altogether and try

It's free for personal and commercial use and it uses port 80 so you don't need to worry about any port configuration.

I use it for all of my small-business clients. Try it you will love it.
LVL 15

Expert Comment

ID: 22806251
Uninstall the SAV suite (all of it).
Then uninstall the NIC (through device manager)
Next reboot (upon reboot the NIC will automatically reinstall)
Disable the windows FW
Try Remote desktop
If that fails then us msconfig as outlined above and try again.
If that fails then double check all the remote desktop settings are correct by remoting into yourself, which if it works will just lock the screen.


Expert Comment

ID: 23198636
On top of just running scans against malware, you should also delete any cache files that are in any of the user profiles in the host machine. These files are under %USERPROFILE%\Local Settings\Application Data\Microsoft\Terminal Server Client\Cache. I had this problem for the last two days and deleting the cache files resolved the problem.

Featured Post

[Webinar] Disaster Recovery and Cloud Management

Learn from Unigma and CloudBerry industry veterans which providers are best for certain use cases and how to lower cloud costs, how to grow your Managed Services practice in IaaS clouds, and how to utilize public cloud for Disaster Recovery

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

PREFACE The purpose of this guide is to explain what the SEPC Status Utility is and how it works. I have written the utility using AutoIt and have included the source code for your review. You are welcome to modify the code to your liking, but I wi…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now