Cannot Remote Desktop to certain machines.

Some machines on our network I cannot Remote Desktop to. The firewall is off. The Remote Desktop settings in the registry are set, but I still cannot connect to certain machines.

Any ideas??
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Have you mad sure that under system properties, the remote tab there is a check box in the allow users to connect?  Also if you want to remote to a pc that has been restarted and not yet logged in, you need to add users by clicking the "Select Remote Users" button

What OS and SP are they running?  are they upgrades from an older OS?
Hi, you can try the following steps in the order listed below:

1. Go to "Control Panel" > "System" > "Remote" tab > put a tick against "Allow users to connect remotely to this computer"

2. Go to "Control Panel" > "Firewall" > "General" Tab > select "On (Recommended)"
    > "Exceptions" tab > put a tick against "Remote Desktop"

3. Go to "Control Panel" > "Administrative Tools" > "Computer Management" > Expand "Local users and group" > select "Groups" > under "Remote Desktop Users" add in the users you want to allow access.\

this will make sure that you still have protection with the firewall and at the same time allow remote access and not needing to amend the registry

if the machines are in a domain, the above can also be set through GPO...

hope this helps
CapperdogAuthor Commented:
OS is XP SP3
Local Firewall is disabled on all machines in our environment.
By default no machines in our environment have any users in the Remote Users Group, but 99.9% of our machines can be remote managed.
By making the following registry changes there is no need to make changes locally on the machine foir the machine to be remote managed.
HKLM\System\CurrnentControlSet\Control\Terminal Server Change the fAllowToGetFelp setting to 1 to enable remote connections and change the fDenyTSConnections to 0 to allow remote connections.
99.9% of the machines that these changes are made on will allow remote connection, but there are a small number of machines that this change does not seem to do anything. Additionally, I have logged in locally to one of these machines with this issue and checked to local settings and all local settings are set for Remote Management.
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

CapperdogAuthor Commented:
I have had no further responses to this. I would like to get some other options to try to resolve this issue. It is a small number of machines but causes big problems with desktop security remediation efforts. Just upped the anny a bit.
In the event you have an NVidia card.... Nvidia recently started breaking RDP, with some notable errors in the logs, regarding rdpdr.sys. In the link below there is a reg fix.
Or just drop to older drivers.....
Nvidia Drivers Break Remote Desktop
NVidia drivers do get deployed to the Windows Update site..... See if this helps....
"fAllowToGetFelp setting to 1 "
All that does is to enable Remote Assistance requests....
If your user that you are RDPing with is already a member of the local admin group, then the RDU group is of course not needed....
CapperdogAuthor Commented:
So far the Nvidia drivers have not been the case.

All of our users are not admins on thier machines. Changing fAllowToGetHelp to 0 will keep you from being able to RDP into the machine. Only by setting it to 1 and setting the fDenyTSConnections to 0 will you be able to RDP to that machine.

I guess I will close this one in the next week if there are no further responses.

"fAllowToGetHelp to 0 will keep you from being able to RDP into the machine"
This is incorrect, as it has no bearing on RDP. This settign is driven by the checkbox "Allow remote assistance invitations to be sent from this computer". It's the top half of the Remote Tab.....
"fDenyTSConnections" should be the only setting you need to worry about.....
CapperdogAuthor Commented:
My appologies... I just tested and you are correct.

With the Nvidia driver issue not being the case at leat on two machines I have come across do you have any other ideas as to what I may look at on these machines that I cannot RD into?
Corrupted firewall exceptions form the Windows FW?
start>run>cmd.exe>netsh firewall reset
Then reboot, and disable it if needed....
On a machine you cannot RDP into....
Does it respond to pings?
Can you telnet to it on port 3389?
telnet IP 3389
Should go to a black box.....
Any update?
CapperdogAuthor Commented:
All of our machines have the Windows firewall disabled by default.

I have a machine we can work with and I was able to ping and telnet to it.

When trying to remote desktop to this machine when you press connect it just goes grey for just a second and then back like it is when you opened RD. It does not error out or anything else.

On others, even with the registry key set you get the cannot connect error message like the registry key had not been set... At the moment I do not have a machine we can work with for this problem.
OK... You should see errors in the Security Log, as well as logs in the Applications /System logs on the target PC. Maybe even something in the client PC.
Have we checked those?
Might just be we need to rebuild the TS support of the remote PC.....
This is also assuming the Terminal Services service is started on the target boxes....
CapperdogAuthor Commented:
I have very busy with other tasks and just took a look at your last response. I will take a look and see as soon as I can and get back with you.

If the problem is we need to rebuild the TS support on some of these machines what would be the procedure?
CapperdogAuthor Commented:
On the one machine I currently know of with this connection issue. Terminal Services is started.

I checked the logs and in the System log there is an error that RDPDD.dll failed to load. I verified that I caused this error by trying to RD to that machine.
CapperdogAuthor Commented:
Here is what I have found.

If you increase the size of the session image space then you can run remote desktop.

Add the following registry key:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]


The only thing I do not understand is if the solution is saying to create a DWORD value under Memory Management or to create a new Key under Memory Management.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.