Terminal Services - Disconnected when Remote Controlling

I have two Windows Server 2008 R2 Datacenter Edition with Terminal Services Role installed. Both are using the same GPO. On only one of the servers, when I open tsadmin.msc and try to remote control a user’s session the users session is immediately disconnected. I have tested using Windows 7 and XP with the same result. The Windows 7 client Network level authentication is supported and on the XP machine it isn't. I see in the event view the application popup where I am requesting control. The only other log entry that I can see would be in the security log. Any ideas?
The Windows Filtering Platform has blocked a bind to a local port.

Application Information:
	Process ID:		492
	Application Name:	\device\harddiskvolume1\windows\system32\svchost.exe

Network Information:
	Source Address:		0.0.0.0
	Source Port:		59965
	Protocol:		17

Filter Information:
	Filter Run-Time ID:	0
	Layer Name:		Resource Assignment
	Layer Run-Time ID:	36

Open in new window

LVL 2
DowntownITAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rgautierCommented:
Does the machine have a local firewall policy that the other machine does not?  Try disabling Windows Firewall on the target machine and trying again - that will help narrow it down.
0
DowntownITAuthor Commented:
Group policy is setting all three of the firewall profiles of the TS to off. As for both clients, the firewall is disabled. I am able to remote control using our other TS.
0
rgautierCommented:
Has someone enable IP Filtering (not part of the firewall product) under the network card on that machine?
0
The 7 Worst Nightmares of a Sysadmin

Fear not! To defend your business’ IT systems we’re going to shine a light on the seven most sinister terrors that haunt sysadmins. That way you can be sure there’s nothing in your stack waiting to go bump in the night.

DowntownITAuthor Commented:
Where would I check that?
0
rgautierCommented:
If you're not using IPSec or Windows Firewall, disable the BFE Service under Service Manager - see if this resolves the issue.  You can disable it later if you do decide to actually do filtering - but it looks like this is a known bug that others have had issues with.
0
DowntownITAuthor Commented:
The security log error is gone but problem remains.
0
rgautierCommented:
Interesting - so the error message isn't necessarily linked to your problem - but is just indicative of the errors that others are seeing (reference link: http://social.msdn.microsoft.com/Forums/en/wfp/thread/774026e6-a771-418a-b531-22183ef399f8 ) with respect to the IP Filtering not configuring correctly during install..

To play it safe, I'd re-enable BFE (as I'm unsure what else it may affect in your environment) - and if I can think of any other suggestions, I'll try to post them...
0
rgautierCommented:
Also - in  terminal services configuration manager - check the option 'Restrict each user to a single session' and make sure it's not set to 'yes'?
0
rgautierCommented:
Also - please read this article, which MAY be related to your issue:
http://social.technet.microsoft.com/Forums/en/winserverTS/thread/87fc497a-27fd-4a76-ab59-ea5fe01c9091

If it is not, please identify the differences in your situation - and/or try the possible fixes identified.
0
DowntownITAuthor Commented:
check the option 'Restrict each user to a single session' and make sure it's not set to 'yes'
on both TS's it is set to yes, I changed it on the TS that isn't able to remote control with the same result. I will look through that link now

Thanks
0
DowntownITAuthor Commented:
I tried this with no luck

Windows Server 2008 R2

1. Logon to the Remote Desktop Services Session Host computer as an administrator
2. Start--Run gpedit.msc
3. In the left pane, under Computer Configuration, navigate to following:

Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment

4. In the right pane, double-click on Set compression algorithm for RDP data
5. Select Enabled, and choose Balances memory and network bandwidth
6. Click OK to save the change

0
rgautierCommented:
I'm sorry, I don't have any other suggestions for you at the moment.
0
brent_caskeyCommented:
Have you applied this hotfix?: http://support.microsoft.com/kb/2273487
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.