Remote Desktop connection to Windows 2003 server failed

For some reason I'm unable to connect to my two Windows 2003 Server via Remote Desktop Connection. I have followed this instruction, http://windows.microsoft.com/en-us/windows-vista/Troubleshoot-Remote-Desktop-problems, but still I'm unable to connect to the Windows 2003 server. Any help is much appreciated.
ljtxoovAsked:
Who is Participating?
 
ljtxoovConnect With a Mentor Author Commented:
Okay, I found the answer. I unchecked the option "Block All traffic filter list" and it works instantaneously. Many thanks for all your time in trying to help me but after all, it's the IPSEC that causes the problem.
0
 
treepioCommented:
mstsc /v:servername /console
white this in a command prompt.
0
 
storkyIVCommented:
Can you access them directly from the console?
Any firewall / AV updates lately?

Can you ping them?
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
Encrypted1024Commented:
There are a couple things to check. Does your firewall allow RDP connections. Can any other user account connect like the Domain Admin? Are you a member of the remote desktop users group on those servers? Do you have any group policies restricting Remote desktop / terminal services?
0
 
ljtxoovAuthor Commented:
Tried this: mstsc /v:servername /console

And this is what I got as usual:

0
 
ljtxoovAuthor Commented:
Sorry..here is the error.
Remote-Desktop-Disconnected.jpg
0
 
storkyIVCommented:
Is remote desktop enabled on the servers? No has turned it off have they?
0
 
treepioCommented:
If this doesn't work: mstsc /v:servername /console
this connects directly to the server, even if max connections have been exceeded.

Then I believe:

a: remote desktop have been disabled on the server.
b: firewall on server block port 3389 "default rdp port".
c: Your laptop and the server ain't on the same network "are they on the same subnet or vlan?". Are you sure the server is up?. If you can manually logon to the server, can you ping out?, ping 127.0.0.1?
d: try above first, if none of those I haev more ideas :).
0
 
treepioCommented:
Just 1 more quickie:)
e: try connecting to the ip instead of servername.
0
 
treepioCommented:
Here a few tests:

From command prompt:
tracert servername
tracert serverip
0
 
Encrypted1024Commented:
Ya, that error is a communication error. Group policy or user groups won't give you that. Either remote desktop is disabled, firewall is blocking, name resolution isn't working or you don't have network connectivity to that box.
0
 
ljtxoovAuthor Commented:
It's not the port 3389 is in the exception tab and checked. Here's what I have. Can someone tell me what the "Group Policy" column set to "No" means? I was suspect this is the problem but our Active Directory IT doesn't seem to think so. All of our other windows 2003 servers works fine with RDC and all of them don't have the "Group Policy" column.
firewall.jpg
0
 
ljtxoovAuthor Commented:
Again, in my first post, I did specify the link to a page that shows the basic troubleshooting and I've done all that. I even turn off the firewall and still RDC failed. I'm able to mapped to that "C" drive of these two servers....I just can use RDC.
0
 
ljtxoovAuthor Commented:
treepio, I did try with the IP instead of the server name and I received the same error. The tracert servername and tracert serverip both works fine with <1 ms.
0
 
treepioCommented:
Check this picture, is remote desktop turned on?.

services.msc -> is terminal services running?.
remote.bmp
0
 
treepioCommented:
ups, I need to remove this :)
0
 
ljtxoovAuthor Commented:
treepio, yes. The "Enable Remote Desktop on this computer" is checked and selected the appropriate Remote Users. The RDC does not even give me an option to type in the user name and password. It failed before that.
0
 
Encrypted1024Commented:
Are you an administrator on that Server?
0
 
treepioCommented:
services.msc -> is terminal services running?.
0
 
ljtxoovAuthor Commented:
Yes, I'm the local admin of these two servers. And yes, Terminal Service is running.
0
 
treepioCommented:
Have you tried connecting from server1 to server2 with remote desktop?, can they connect with eachother ?.
0
 
ljtxoovAuthor Commented:
Any other ideas to try?
0
 
ljtxoovAuthor Commented:
No. Both of these servers cannot connect to each other either.
0
 
treepioCommented:
can you connect from a server to your laptop?.

I'm out of ideas soon. This should be a relatively easy solution. Unfortunately I don't have the machines in question infront of me. It doesn't look like a security issue to me. That would have prompted with another error message.
0
 
ljtxoovAuthor Commented:
No. RDC from the server to my desktop does not work either. However, I was checking the Security log and this is what I found.

Event Type:      Failure Audit
Event Source:      Security
Event Category:      Detailed Tracking
Event ID:      861
Date:            3/26/2010
Time:            1:34:30 PM
User:            NT AUTHORITY\NETWORK SERVICE
Computer:      MyComp
Description:
The Windows Firewall has detected an application listening for incoming traffic.
 
Name: -
Path: C:\WINDOWS\system32\svchost.exe
Process identifier: 808
User account: NETWORK SERVICE
User domain: NT AUTHORITY
Service: Yes
RPC server: No
IP version: IPv4
IP protocol: UDP
Port number: 55518
Allowed: No
User notified: No

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

I'm not sure if this means anything. However, it does look like something is blocking out going and incoming traffic but I can't pinpoint.
0
 
ljtxoovAuthor Commented:
Okay, I found this thread, http://www.experts-exchange.com/Software/System_Utilities/Remote_Access/VPN/Q_22500007.html, and on post 04/09/07 04:37 PM, ID: 18878830, I tried the:

C:\>telnet <your FQDN or IP> 3389

Anyway, it failed. This is what the error message:

Connecting To myComp.myDomain.org...Could not open connection to the host, on port 3389: connect failed

Okay so, what does this means? According to that thread, it means the port 3389 is not but as you can see in my image attached above, it is already open. How else do I need to verify?
0
 
treepioCommented:
try and disable the firewall on the server, and rdp.
Or safer, disable it on your laptop and try to reach it from your server.

Open a command prompt and write: netstat -an
is your computer listening at port 3389 ?
0
 
ljtxoovAuthor Commented:
I'm not sure I understand your steps above.  Let me see if I understand this correctly.
1. disable server's firewall
2. RDC from my laptop to the server

Or:
1. disable the firewall on my laptop
2. RDC to my laptop from the server

And lastly on the server, open command prompt and type netstat -an to see if the server is listening to port 3389, correct?
0
 
treepioCommented:
go to a command prompt, write: netstat -an
is it lostening on port 3389 ?.

you can also try disabling your firewall, and connectin. to see if it is a firewall issue.
0
 
ljtxoovAuthor Commented:
I have tried turning my workstation's firewall off and still could not connect to the server via RDC. Attached is the netstat -an command I ran. The server does seem to listen to port 3389 though.
netstat.log
0
 
treepioCommented:
you have to turn the firewall off on the computer your trying to connect to.
So if you turn it off on your laptop, then you need to connect to your laptop.
0
 
ljtxoovAuthor Commented:
I have tried turning the firewall off on my workstation as well as on the server and still couldn't connect.
0
 
ljtxoovAuthor Commented:
Does anyone have any other suggestion? It's weird that this server does seem to listen to port 3389 but yet I can't even telnet to this port.
0
 
storkyIVCommented:
Do you have any 3rd party software for your server in terms of antivirus? Anything like endpoint etc etc?
0
 
ljtxoovAuthor Commented:
I have Symantec Antivirus Corporate version.
0
 
Encrypted1024Commented:
Have you tried remoting in from other machines?

Is it a RDP client issue? Maybe you have the setting set to only connect to authenticated servers. W2K3 does not support RDP authentication and will fail. I think it should give you a warning though. You may be able to disable the waring some how, maybe in group policy.
0
 
ljtxoovAuthor Commented:
The issue is not the warning..it's the inability to connect to the server via RDC. Whether it is a workstation or Windows 2003 server client trying to connect to these two Windows 2003 server, none of them is able to connect via RDC.

In Windows 2003 server, there is no "Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure)" option available. As far as I know, this option is only available in Windows 2008, Vista, and Windows 7.
0
 
ljtxoovAuthor Commented:
Okay, if I telnet <server IP> 3389 from within the server then it works but if I do the same from any other computer/server, it does not work. Any ideas?
0
 
ljtxoovAuthor Commented:
Does anyone have other ideas I can try?
0
 
ljtxoovAuthor Commented:
Okay, here's something I found about IPSec setting. I wonder if this has anything to do with RDC being failed to connect. If so, please let me know what do change or try.
File-server-properties.jpg
secure-server.jpg
server-properites.jpg
0
All Courses

From novice to tech pro — start learning today.