Another one of those RDP issues

Posted on 2009-06-29
Last Modified: 2013-11-21
I have an odd issue. I have 5 servers out of 64 that are sitting on the same subnet/VLAN that I cannot RDP to. The server are HP BL460c blades. They are running Windows 2003 x64 enterprise. They are citrix servers. When trying to connect using mstsc the connection times out and states that "This computer can't connect to the remote computer"
* The VLAN/subnet is not behind a internal firewall.
* Microsoft Firewall service is NOT started.
* 3389 is listing on when doing a netstat -an
* RDP is enabled under the remote tab of system properties
* I have deleted and recreated the RDP-tcp connection under Terminal Services Configuration
* I have completly uninstalled all Cirtrix related software from the server
* NO. I cannot connect via the ICA-tcp connection either
* I have changed the port number for RDP to 80 which did not allow connections either.
* The server does have dual production NICs that are usually teamed. I have unteamed the NICs and just manually IPed one NIC and disabled the secondary
* I have reteamed the NICs using diffrent Teaming algorithems with no luck
* When trying to connect via mstsc I do a netstat -an on the server and see a entry for the remote client computer in the table trying to establish a session via port 3389
* ran microsoft NetMon 3.5 on the server. Can see the server recieveing the RDP connection request and sending a response to the remote client that is trying to connect.
* I get this same issue from multiple desktops, laptops, and servers sitting on the same VLAN and subnet.
* there are no errors in the system or application log.
* IPsec is working fine on the server and I decided to register polstore.dll just to make sure.

I am at the point where I need to get Microsoft support to help, but I wanted to post the issue here first to see if anyone else has run into this issue before. Overall teh server is communicating on the network just fine except for this problem.
Question by:grimsrue
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3

Expert Comment

ID: 24739927
Not necessarily giving you a solution but rather the logical approach to troubleshoot the issue:

1. Disable IPSec if that is in use and test it again

2. When you said the server communicating with the network fine except the RDP and ICA connections.  Did you mean services like file sharing or other running services are going OK?  Since those services all require the traffics to pass through the server, if they are OK then if would be something specific to RDP/ICA.

3. What Windows version of the server?  2008?  If so, no Network Access Policy or Network Level Authentication in use?

4. Is it possible to hard wire those 5 servers to another LAN / subnet (if any) and test it out?  How many subnets are there in fact?  You sure you have tested initiating the connection from more than one subnet?

5. there is a trick you can try:  try using mstsc.exe to connect to itself by running it locally on the server, and set the "localhost" as the destination.  it works fine from Windows Server 2008, presumming it should work on other version of Windows as well.  If that works, we have elinimated the RDP protocol not working properly issue.

Author Comment

ID: 24740174
Thanks for the Reply:
1. IPsec issues were the first thing I check. I have disabled IPSec with no luck
2. All other traffic including file sharing, authentication to the domain, etc works just fine.
3. Windows version is Windows 2003 x64 Enterprise. There are no Network Access Policies or Network Level Auth that are in use.
4. Since these are Blade servers there is no way to connect them into another VLAN without making modification to the virtual NIC port for this server through the Cisco switch installed into the chassis. I can not do this due to a seperate Network team in my company are the only ones allowed to do this. The subnet assigned to the VLAN that these server are sitting is a /24 subnet of x.x.x.1 - x.x.x.254

I have tried to connect to this server from multiple diffrent VLANs from all over the company and Nation with no luck.

5. Tried your trick and got the same issue as I get with other clients trying to connect. MStsc trys to connect then times out stating it can not connect to the remote computer.

Expert Comment

ID: 24740763
Apparently the terminal service component on the server is not working properly.  Are you sure you didn't miss any events from the event logs?

Did you try unticking and reticking the "Enabled remote desktop on this server" option in the "remote" tab of system properties dialogue box then restart the server?  Sometimes even it is showing the remote desktop is enabled, but in fact it is not.

There is also a not so related thought but worthing checking, is the boot.ini modified in anyway?  No boot parameters added after the system was deployed?
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.


Author Comment

ID: 24740882
Thanks for your help......

No events in the system or app logs show any errors about term services. In fact teh system and app log are clen of errors for the servers. Just informational events from restarts and some perflib warnings

I tried the enable re-enable trick within the remote tab with no luck. Even with a reboot.

Boot.ini is clean of any switches.

Looks like my next step is to go stump microsoft. :-)

Expert Comment

ID: 24740953
I guess so, but please report back with any findings from Microsoft once you get it sorted as it would be beneficial to all of us.

Author Comment

ID: 24740960
Will do.

Accepted Solution

grimsrue earned 0 total points
ID: 24844226
OK, here is the deal on the issue and what I did to fix it.

The servers that were experincing the issue were all citrix servers. It seems that when Citrix gets installed on a server it installs its own remote deskop driver on the server. On top of the fact that Citrix installs its own remote desktop driver, Citrix also makes the RDP-tcp connection use it as well.

For those of you who are not familiar with Citrix......Citrix is a Terminal services client. When Citrix is installed it create a remote desktop connection called ICA-tcp. This conenction runs along side Microsofts RDP-tcp.

Microsofts RDP driver is called rdpwsx.dll. Citrix remote desktop driver is ctxrdpwsx.dll. The good thing is Citrix does not overwrite the rdpwsx.dll.

It seems that the Citrix install on the server was corrupted or not working like it should after a recent set of updates. First thing that happen was port 3389 was no longer listening. I tried deleting the RDP-tcp connection then adding it back. That did not fix the issue. What I did was compare this server that was not working with a known good working server. Found the issue in the registry.

NOTE: THe removal of the RDP-tcp and adding it back did not work because for soem reason the server just used the ctxrdpwsx dll again which is what was causing the issue.


Go to
Scroll to the very bottom on teh right side and look for
Change the value from "ctsrdpwsx" to "rdpwsx"
close reg editor and reboot.
THis will get you RDP access back to the server.

A re-install of Citrix should fix the ICA-tcp connection on the server.

Featured Post

[Webinar] Learn How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Problem Description: Actually I found the below issue with some customers after migration from SMS 2003 to SCCM 2007 and epically if they change site code, some clients may appear in the console with old site code, plus old sites still appearing …
Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip is around source server preparation. No migration is an easy migration, there is a…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question