Solved

Cannot Remote Desktop to certain machines.

Posted on 2009-07-09
18
554 Views
Last Modified: 2013-11-21
Some machines on our network I cannot Remote Desktop to. The firewall is off. The Remote Desktop settings in the registry are set, but I still cannot connect to certain machines.

Any ideas??
0
Comment
Question by:Capperdog
18 Comments
 
LVL 6

Expert Comment

by:ahdfx
Comment Utility
Have you mad sure that under system properties, the remote tab there is a check box in the allow users to connect?  Also if you want to remote to a pc that has been restarted and not yet logged in, you need to add users by clicking the "Select Remote Users" button

What OS and SP are they running?  are they upgrades from an older OS?
0
 
LVL 4

Expert Comment

by:bdpsg
Comment Utility
Hi, you can try the following steps in the order listed below:

1. Go to "Control Panel" > "System" > "Remote" tab > put a tick against "Allow users to connect remotely to this computer"

2. Go to "Control Panel" > "Firewall" > "General" Tab > select "On (Recommended)"
    > "Exceptions" tab > put a tick against "Remote Desktop"

3. Go to "Control Panel" > "Administrative Tools" > "Computer Management" > Expand "Local users and group" > select "Groups" > under "Remote Desktop Users" add in the users you want to allow access.\

this will make sure that you still have protection with the firewall and at the same time allow remote access and not needing to amend the registry

if the machines are in a domain, the above can also be set through GPO...


hope this helps
0
 

Author Comment

by:Capperdog
Comment Utility
OS is XP SP3
Local Firewall is disabled on all machines in our environment.
By default no machines in our environment have any users in the Remote Users Group, but 99.9% of our machines can be remote managed.
By making the following registry changes there is no need to make changes locally on the machine foir the machine to be remote managed.
HKLM\System\CurrnentControlSet\Control\Terminal Server Change the fAllowToGetFelp setting to 1 to enable remote connections and change the fDenyTSConnections to 0 to allow remote connections.
99.9% of the machines that these changes are made on will allow remote connection, but there are a small number of machines that this change does not seem to do anything. Additionally, I have logged in locally to one of these machines with this issue and checked to local settings and all local settings are set for Remote Management.
0
 

Author Comment

by:Capperdog
Comment Utility
I have had no further responses to this. I would like to get some other options to try to resolve this issue. It is a small number of machines but causes big problems with desktop security remediation efforts. Just upped the anny a bit.
0
 
LVL 66

Expert Comment

by:johnb6767
Comment Utility
In the event you have an NVidia card.... Nvidia recently started breaking RDP, with some notable errors in the logs, regarding rdpdr.sys. In the link below there is a reg fix.
Or just drop to older drivers.....
Nvidia Drivers Break Remote Desktop
http://computingondemand.com/?p=1141
NVidia drivers do get deployed to the Windows Update site..... See if this helps....
0
 
LVL 66

Expert Comment

by:johnb6767
Comment Utility
"fAllowToGetFelp setting to 1 "
All that does is to enable Remote Assistance requests....
If your user that you are RDPing with is already a member of the local admin group, then the RDU group is of course not needed....
0
 

Author Comment

by:Capperdog
Comment Utility
So far the Nvidia drivers have not been the case.

All of our users are not admins on thier machines. Changing fAllowToGetHelp to 0 will keep you from being able to RDP into the machine. Only by setting it to 1 and setting the fDenyTSConnections to 0 will you be able to RDP to that machine.

I guess I will close this one in the next week if there are no further responses.

0
 
LVL 66

Expert Comment

by:johnb6767
Comment Utility
"fAllowToGetHelp to 0 will keep you from being able to RDP into the machine"
This is incorrect, as it has no bearing on RDP. This settign is driven by the checkbox "Allow remote assistance invitations to be sent from this computer". It's the top half of the Remote Tab.....
"fDenyTSConnections" should be the only setting you need to worry about.....
0
The problems with reply email signatures

Do you wish that you could place an email signature under a reply? Well, unfortunately, you can't. That great Exchange/Office 365 signature you've created will just appear at the bottom of an email chain. What a pain! Is there really no way to solve this? Well, there might be...

 

Author Comment

by:Capperdog
Comment Utility
My appologies... I just tested and you are correct.

With the Nvidia driver issue not being the case at leat on two machines I have come across do you have any other ideas as to what I may look at on these machines that I cannot RD into?
0
 
LVL 66

Expert Comment

by:johnb6767
Comment Utility
Corrupted firewall exceptions form the Windows FW?
start>run>cmd.exe>netsh firewall reset
Then reboot, and disable it if needed....
On a machine you cannot RDP into....
Does it respond to pings?
Can you telnet to it on port 3389?
telnet IP 3389
Should go to a black box.....
0
 
LVL 66

Expert Comment

by:johnb6767
Comment Utility
Any update?
0
 

Author Comment

by:Capperdog
Comment Utility
Yes,
All of our machines have the Windows firewall disabled by default.

I have a machine we can work with and I was able to ping and telnet to it.

When trying to remote desktop to this machine when you press connect it just goes grey for just a second and then back like it is when you opened RD. It does not error out or anything else.

On others, even with the registry key set you get the cannot connect error message like the registry key had not been set... At the moment I do not have a machine we can work with for this problem.
0
 
LVL 66

Assisted Solution

by:johnb6767
johnb6767 earned 300 total points
Comment Utility
OK... You should see errors in the Security Log, as well as logs in the Applications /System logs on the target PC. Maybe even something in the client PC.
Have we checked those?
Might just be we need to rebuild the TS support of the remote PC.....
This is also assuming the Terminal Services service is started on the target boxes....
0
 

Author Comment

by:Capperdog
Comment Utility
I have very busy with other tasks and just took a look at your last response. I will take a look and see as soon as I can and get back with you.

If the problem is we need to rebuild the TS support on some of these machines what would be the procedure?
0
 

Author Comment

by:Capperdog
Comment Utility
On the one machine I currently know of with this connection issue. Terminal Services is started.

I checked the logs and in the System log there is an error that RDPDD.dll failed to load. I verified that I caused this error by trying to RD to that machine.
0
 

Accepted Solution

by:
Capperdog earned 0 total points
Comment Utility
Here is what I have found.

If you increase the size of the session image space then you can run remote desktop.

Add the following registry key:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]

"SessionImageSize"=dword:00000020

The only thing I do not understand is if the solution is saying to create a DWORD value under Memory Management or to create a new Key under Memory Management.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
The viewer will learn how to create two correlated normally distributed random variables in Excel, use a normal distribution to simulate the return on different levels of investment in each of the two funds over a period of ten years, and, create a …
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now