Solved

Another one of those RDP issues

Posted on 2009-06-29
7
1,089 Views
Last Modified: 2013-11-21
I have an odd issue. I have 5 servers out of 64 that are sitting on the same subnet/VLAN that I cannot RDP to. The server are HP BL460c blades. They are running Windows 2003 x64 enterprise. They are citrix servers. When trying to connect using mstsc the connection times out and states that "This computer can't connect to the remote computer"
* The VLAN/subnet is not behind a internal firewall.
* Microsoft Firewall service is NOT started.
* 3389 is listing on 0.0.0.0 when doing a netstat -an
* RDP is enabled under the remote tab of system properties
* I have deleted and recreated the RDP-tcp connection under Terminal Services Configuration
* I have completly uninstalled all Cirtrix related software from the server
* NO. I cannot connect via the ICA-tcp connection either
* I have changed the port number for RDP to 80 which did not allow connections either.
* The server does have dual production NICs that are usually teamed. I have unteamed the NICs and just manually IPed one NIC and disabled the secondary
* I have reteamed the NICs using diffrent Teaming algorithems with no luck
* When trying to connect via mstsc I do a netstat -an on the server and see a entry for the remote client computer in the table trying to establish a session via port 3389
* ran microsoft NetMon 3.5 on the server. Can see the server recieveing the RDP connection request and sending a response to the remote client that is trying to connect.
* I get this same issue from multiple desktops, laptops, and servers sitting on the same VLAN and subnet.
* there are no errors in the system or application log.
* IPsec is working fine on the server and I decided to register polstore.dll just to make sure.

I am at the point where I need to get Microsoft support to help, but I wanted to post the issue here first to see if anyone else has run into this issue before. Overall teh server is communicating on the network just fine except for this problem.
0
Comment
Question by:grimsrue
  • 4
  • 3
7 Comments
 
LVL 5

Expert Comment

by:JohnmenZ
ID: 24739927
Not necessarily giving you a solution but rather the logical approach to troubleshoot the issue:

1. Disable IPSec if that is in use and test it again

2. When you said the server communicating with the network fine except the RDP and ICA connections.  Did you mean services like file sharing or other running services are going OK?  Since those services all require the traffics to pass through the server, if they are OK then if would be something specific to RDP/ICA.

3. What Windows version of the server?  2008?  If so, no Network Access Policy or Network Level Authentication in use?

4. Is it possible to hard wire those 5 servers to another LAN / subnet (if any) and test it out?  How many subnets are there in fact?  You sure you have tested initiating the connection from more than one subnet?

5. there is a trick you can try:  try using mstsc.exe to connect to itself by running it locally on the server, and set the "localhost" as the destination.  it works fine from Windows Server 2008, presumming it should work on other version of Windows as well.  If that works, we have elinimated the RDP protocol not working properly issue.
0
 
LVL 1

Author Comment

by:grimsrue
ID: 24740174
Thanks for the Reply:
1. IPsec issues were the first thing I check. I have disabled IPSec with no luck
2. All other traffic including file sharing, authentication to the domain, etc works just fine.
3. Windows version is Windows 2003 x64 Enterprise. There are no Network Access Policies or Network Level Auth that are in use.
4. Since these are Blade servers there is no way to connect them into another VLAN without making modification to the virtual NIC port for this server through the Cisco switch installed into the chassis. I can not do this due to a seperate Network team in my company are the only ones allowed to do this. The subnet assigned to the VLAN that these server are sitting is a /24 subnet of x.x.x.1 - x.x.x.254

I have tried to connect to this server from multiple diffrent VLANs from all over the company and Nation with no luck.

5. Tried your trick and got the same issue as I get with other clients trying to connect. MStsc trys to connect then times out stating it can not connect to the remote computer.
0
 
LVL 5

Expert Comment

by:JohnmenZ
ID: 24740763
Apparently the terminal service component on the server is not working properly.  Are you sure you didn't miss any events from the event logs?

Did you try unticking and reticking the "Enabled remote desktop on this server" option in the "remote" tab of system properties dialogue box then restart the server?  Sometimes even it is showing the remote desktop is enabled, but in fact it is not.

There is also a not so related thought but worthing checking, is the boot.ini modified in anyway?  No boot parameters added after the system was deployed?
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 1

Author Comment

by:grimsrue
ID: 24740882
Thanks for your help......

No events in the system or app logs show any errors about term services. In fact teh system and app log are clen of errors for the servers. Just informational events from restarts and some perflib warnings

I tried the enable re-enable trick within the remote tab with no luck. Even with a reboot.

Boot.ini is clean of any switches.

Looks like my next step is to go stump microsoft. :-)
0
 
LVL 5

Expert Comment

by:JohnmenZ
ID: 24740953
I guess so, but please report back with any findings from Microsoft once you get it sorted as it would be beneficial to all of us.
0
 
LVL 1

Author Comment

by:grimsrue
ID: 24740960
Will do.
0
 
LVL 1

Accepted Solution

by:
grimsrue earned 0 total points
ID: 24844226
OK, here is the deal on the issue and what I did to fix it.

The servers that were experincing the issue were all citrix servers. It seems that when Citrix gets installed on a server it installs its own remote deskop driver on the server. On top of the fact that Citrix installs its own remote desktop driver, Citrix also makes the RDP-tcp connection use it as well.

For those of you who are not familiar with Citrix......Citrix is a Terminal services client. When Citrix is installed it create a remote desktop connection called ICA-tcp. This conenction runs along side Microsofts RDP-tcp.

Microsofts RDP driver is called rdpwsx.dll. Citrix remote desktop driver is ctxrdpwsx.dll. The good thing is Citrix does not overwrite the rdpwsx.dll.

It seems that the Citrix install on the server was corrupted or not working like it should after a recent set of updates. First thing that happen was port 3389 was no longer listening. I tried deleting the RDP-tcp connection then adding it back. That did not fix the issue. What I did was compare this server that was not working with a known good working server. Found the issue in the registry.

NOTE: THe removal of the RDP-tcp and adding it back did not work because for soem reason the server just used the ctxrdpwsx dll again which is what was causing the issue.

NOTE: MY DISCLAIMER.......DO NOT EDIT THE REGISTRY OF A SERVER UNLESS YOU KNOW WHAT YOU ARE DOING AND ALWAYS EXPORT THE REGISTRY KEY BEFORE YOU MODIFY IT.

Go to
HKLM\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-tcp
Scroll to the very bottom on teh right side and look for
WsxDLL (REG_SZ)
Change the value from "ctsrdpwsx" to "rdpwsx"
close reg editor and reboot.
THis will get you RDP access back to the server.

A re-install of Citrix should fix the ICA-tcp connection on the server.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Remote Desktop Protocol or RDP has become an essential tool in many offices. This article will show you how to set up an external IP to point directly to an RDP session. There are many reasons why this is beneficial but perhaps the top reason is con…
Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now