Another one of those RDP issues

I have an odd issue. I have 5 servers out of 64 that are sitting on the same subnet/VLAN that I cannot RDP to. The server are HP BL460c blades. They are running Windows 2003 x64 enterprise. They are citrix servers. When trying to connect using mstsc the connection times out and states that "This computer can't connect to the remote computer"
* The VLAN/subnet is not behind a internal firewall.
* Microsoft Firewall service is NOT started.
* 3389 is listing on when doing a netstat -an
* RDP is enabled under the remote tab of system properties
* I have deleted and recreated the RDP-tcp connection under Terminal Services Configuration
* I have completly uninstalled all Cirtrix related software from the server
* NO. I cannot connect via the ICA-tcp connection either
* I have changed the port number for RDP to 80 which did not allow connections either.
* The server does have dual production NICs that are usually teamed. I have unteamed the NICs and just manually IPed one NIC and disabled the secondary
* I have reteamed the NICs using diffrent Teaming algorithems with no luck
* When trying to connect via mstsc I do a netstat -an on the server and see a entry for the remote client computer in the table trying to establish a session via port 3389
* ran microsoft NetMon 3.5 on the server. Can see the server recieveing the RDP connection request and sending a response to the remote client that is trying to connect.
* I get this same issue from multiple desktops, laptops, and servers sitting on the same VLAN and subnet.
* there are no errors in the system or application log.
* IPsec is working fine on the server and I decided to register polstore.dll just to make sure.

I am at the point where I need to get Microsoft support to help, but I wanted to post the issue here first to see if anyone else has run into this issue before. Overall teh server is communicating on the network just fine except for this problem.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Not necessarily giving you a solution but rather the logical approach to troubleshoot the issue:

1. Disable IPSec if that is in use and test it again

2. When you said the server communicating with the network fine except the RDP and ICA connections.  Did you mean services like file sharing or other running services are going OK?  Since those services all require the traffics to pass through the server, if they are OK then if would be something specific to RDP/ICA.

3. What Windows version of the server?  2008?  If so, no Network Access Policy or Network Level Authentication in use?

4. Is it possible to hard wire those 5 servers to another LAN / subnet (if any) and test it out?  How many subnets are there in fact?  You sure you have tested initiating the connection from more than one subnet?

5. there is a trick you can try:  try using mstsc.exe to connect to itself by running it locally on the server, and set the "localhost" as the destination.  it works fine from Windows Server 2008, presumming it should work on other version of Windows as well.  If that works, we have elinimated the RDP protocol not working properly issue.
grimsrueAuthor Commented:
Thanks for the Reply:
1. IPsec issues were the first thing I check. I have disabled IPSec with no luck
2. All other traffic including file sharing, authentication to the domain, etc works just fine.
3. Windows version is Windows 2003 x64 Enterprise. There are no Network Access Policies or Network Level Auth that are in use.
4. Since these are Blade servers there is no way to connect them into another VLAN without making modification to the virtual NIC port for this server through the Cisco switch installed into the chassis. I can not do this due to a seperate Network team in my company are the only ones allowed to do this. The subnet assigned to the VLAN that these server are sitting is a /24 subnet of x.x.x.1 - x.x.x.254

I have tried to connect to this server from multiple diffrent VLANs from all over the company and Nation with no luck.

5. Tried your trick and got the same issue as I get with other clients trying to connect. MStsc trys to connect then times out stating it can not connect to the remote computer.
Apparently the terminal service component on the server is not working properly.  Are you sure you didn't miss any events from the event logs?

Did you try unticking and reticking the "Enabled remote desktop on this server" option in the "remote" tab of system properties dialogue box then restart the server?  Sometimes even it is showing the remote desktop is enabled, but in fact it is not.

There is also a not so related thought but worthing checking, is the boot.ini modified in anyway?  No boot parameters added after the system was deployed?
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

grimsrueAuthor Commented:
Thanks for your help......

No events in the system or app logs show any errors about term services. In fact teh system and app log are clen of errors for the servers. Just informational events from restarts and some perflib warnings

I tried the enable re-enable trick within the remote tab with no luck. Even with a reboot.

Boot.ini is clean of any switches.

Looks like my next step is to go stump microsoft. :-)
I guess so, but please report back with any findings from Microsoft once you get it sorted as it would be beneficial to all of us.
grimsrueAuthor Commented:
Will do.
grimsrueAuthor Commented:
OK, here is the deal on the issue and what I did to fix it.

The servers that were experincing the issue were all citrix servers. It seems that when Citrix gets installed on a server it installs its own remote deskop driver on the server. On top of the fact that Citrix installs its own remote desktop driver, Citrix also makes the RDP-tcp connection use it as well.

For those of you who are not familiar with Citrix......Citrix is a Terminal services client. When Citrix is installed it create a remote desktop connection called ICA-tcp. This conenction runs along side Microsofts RDP-tcp.

Microsofts RDP driver is called rdpwsx.dll. Citrix remote desktop driver is ctxrdpwsx.dll. The good thing is Citrix does not overwrite the rdpwsx.dll.

It seems that the Citrix install on the server was corrupted or not working like it should after a recent set of updates. First thing that happen was port 3389 was no longer listening. I tried deleting the RDP-tcp connection then adding it back. That did not fix the issue. What I did was compare this server that was not working with a known good working server. Found the issue in the registry.

NOTE: THe removal of the RDP-tcp and adding it back did not work because for soem reason the server just used the ctxrdpwsx dll again which is what was causing the issue.


Go to
Scroll to the very bottom on teh right side and look for
Change the value from "ctsrdpwsx" to "rdpwsx"
close reg editor and reboot.
THis will get you RDP access back to the server.

A re-install of Citrix should fix the ICA-tcp connection on the server.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.