Solved

problem connecting to several xp computers by Remote Desktop on domain

Posted on 2010-09-22
12
584 Views
Last Modified: 2013-11-21
I'm having problems connecting to some xp computers on domain by Windows Remote Desktop Connection.

so far what I have looked at is (some checked stuff might not be necessary for it to work):
XP FW off (no other FW software installed)
remote desktop turned on
server service started
F&P sharing on
port 3389 enabled and listening tied to svchost.exe (by netstat -ano)
my domain user id is in local admin group on computers I'm trying to rdp into (I'm a member of IT support group)
computers trying to connect are pingable both ways
checked dns records no problems, also tried connecting also by ip address
I also could not connect with my laptop on same subnet

in all cases probably a dozen total, if computer was removed from domain then readded there was no more problems connecting by Windows Remote Desktop Connection.

I'm looking for ideas on what else to check for.

Thank you,
Jim
0
Comment
Question by:franable
12 Comments
 
LVL 5

Expert Comment

by:darrylka
ID: 33736021
Are you able to ping the computers by name?  Also, will it work using the fully qualified domain name?
0
 

Author Comment

by:franable
ID: 33736313
yes always able to to ping computers by name.  Also unable to connect by fully qualified domain name.
0
 
LVL 1

Expert Comment

by:lefton4ya
ID: 33736325
3 ideas:

1.  Does your environment have Computer objects created for them in Active Directory?  If so, are they pre-created (created before machine is added to domain) or does it create them when joining domain?  Make sure they objects exist for the machines that you cannot remote into, and check permissions to the AD objects (although object permissions should not matter for RDP).

2.  Check which authentication you are using and try changing it.:
As administrator, open "secpol.msc", go to Local Policies -> Security Options -> Network Security: LAN Manager authentication level.  Try all the options, but most likely either Send LM & NTLM - use NTLMv2 session security if negotiated” or “Send NTLMv2 response only\refuse LM & NTLM”
If it works, you can create a batch file to run on each machine with:
reg ADD "SYSTEM\CurrentControlSet\Control\Lsa" /f /v "lmcompatibilitylevel" /t REG_DWORD /d "N"
  where "N" is 0-5 depending on option you pick in th order displayed on the local securty setting dropdown (1 or 5 for my suggested options)

3.  Try a 3rd party remote application, such as VNC or Dameware.  I have known that to work when RDC does not, although it doesn't fix the problem it is a workaround.
@ECHO OFF

reg ADD "SYSTEM\CurrentControlSet\Control\Lsa" /f /v "lmcompatibilitylevel" /t REG_DWORD /d "5"

Open in new window

0
 
LVL 1

Expert Comment

by:kemitHamite
ID: 33736397
Can you connect to other computers from any of the computers that cannot be connected remotely?
Have you tried removing the computersfrom the domain and re-registering them?
0
 

Expert Comment

by:sameerb5
ID: 33736683
hav you checked that on both computers you are connecting  Enable Remote Desktop on this computer checkbox is checked. hav you inserted the  remote users i.e the full domain of the computer or the computer name  and the user who you want to allow.
i,e when i am in domain computer, i would allow users to connect to me and share my resources.
as well as when i am in non-domain computer i would add the fully qualified name of my domain.

try it .it may work.
0
 

Author Comment

by:franable
ID: 33736796
thanks for replying

AD objects are usually precreated (created before machine is added to domain)  I can't tell you for sure about the dozen I have had problems with.

I will try your suggestions and update hopefully tomorrow or Friday.
0
Integrate social media with email signatures

Is your company active on social media? Do you also use email signatures? Including social media icons in your email signature is a great way to get fans for free. Let all your email users know you’re on social media quickly and easily, in a single click.

 

Author Comment

by:franable
ID: 33745513
my domain user id is in local admin group on computers I'm trying to rdp into (I'm a member of IT support group)

yesterday there was another computer with same problem.  IT person removed and rejoined to domain and remote desktop started working again.  for testing the computer was rebooted and remote desktop stopped working. everything listed above was rechecked and found to be normal.  

********************************
XP FW off (no other FW software installed)
remote desktop turned on
server service started
F&P sharing on
port 3389 enabled and listening tied to svchost.exe (by netstat -ano)
my domain user id is in local admin group on computers I'm trying to rdp into (I'm a member of IT support group)
computers trying to connect are pingable both ways
checked dns records no problems, also tried connecting also by ip address
0
 

Author Comment

by:franable
ID: 33752512
TS problem - found 1 thing in common.  All computers having this problem are xp sp2 computers.  Tried installing sp3 on 3 computers all these computers get error - Service Pack installation did not complete. Access is denied.  Tried installing from domain account with admin permissions and also local admin account.
0
 
LVL 1

Accepted Solution

by:
lefton4ya earned 500 total points
ID: 33756924
Try removing the AD group you are in from the machine's local administrator group then re-adding it and see if it fixes the error.  If this fixes it, it means the Group was changed recently.

Try Checking the permission to the Window\System folder - maybe they are not right but are corrected when you re add to the domain.  Edit C Drive security permissions make sure the local administrator group has full control and go to advanced permissions and check "Replace permission entries on all child objects with entries shown here that apply to child objects" and hit apply (and wait awhile)

Also, try my previous authentication change technique on both the computers you are logging in to and the computer you are remoting from.

Let us know what fixes the remote issue or SP3 update.
0
 

Author Comment

by:franable
ID: 33768711
so far it seems like security problem and was able to be fixed with batch files on this page
http://support.microsoft.com/kb/949377/
0
 

Author Closing Comment

by:franable
ID: 33768725
ended up being a permissions issue  
http://support.microsoft.com/kb/949377/

thanks all for helping!
0
 

Author Comment

by:franable
ID: 33768736
not sure why it gave final grade as 6.8

I choose the letter "A" as grade
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

cPanel is a Unix based web hosting control panel that provides a graphical interface and automation tools designed to simplify the process of hosting a web site. cPanel utilizes a 3 tier structure that provides functionality for administrators, rese…
If you have done a reformat of your hard drive and proceeded to do a successful Windows XP installation, you may notice that a choice between two operating systems when you start up the machine. Here is how to get rid of this: Click Start Clic…
This video discusses moving either the default database or any database to a new volume.
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now