Solved

RDP to win 7 pro fails

Posted on 2011-09-26
29
661 Views
Last Modified: 2012-05-12
Hello all,
We are having this weired problem on some of our windows 7 workstations. Simply the problem is this;
Some of our PCs with Windows 7 Pro installed won't allow RDP connection. So far these are the things we have tried;
1. We have checked all the Remote Connection settings and make sure RDP is enabled.
2. Checked Windows firewall settings and tried the followings; disabled Win FW, Added an exception for RDP ports and RDP program none of them worked
3. Changed the default RDP port and tried to connect via the new port.
We have tried to reinstalling win 7 and it fixed the problem however there has to be an easier fix. We simply can not afford to reinstall win7 on all of these PCs with problem.
. Any suggestions?
0
Comment
Question by:dahter
  • 15
  • 8
  • 6
29 Comments
 

Author Comment

by:dahter
ID: 36598403
In addition to my post;
Right now the windows FW service is disabled however the the machine can not be pinged from another PC on the same network.
0
 
LVL 20

Expert Comment

by:Iain MacMillan
ID: 36598447
sounds like you might have a DNS issue with your Win 7 systems.  are they in separate OUs with correct policy settings?  have you tried giving some systems a static IP & DNS settings and see if they can be communicated with?

is the remote settings set to Allow Connections from computers running ANY version of RD.  What groups are listed under Select Users?

win 7 systems have 2 firewalls, incoming & outgoing, you need to disable both (we use a GPO for this).  what about AV or security software, could it be blocking remote or ping requests?

do you have 2003 or 2008 DC's??
0
 

Author Comment

by:dahter
ID: 36598561
Dear Ian,
Well some of the win7 systems are perfectly fine and they are configured in same way on AD or on same policy level. Yes I have tried the static IP and DNS but did not change the outcome.
Yes the remote settings set to connections coming from any versin of RD.
I simply disable the FW from it's console and stop the FW service
We are using MS Security essentials as AV or Mcafee however we disable the AV as well.
We have 2008 DC.
0
 

Author Comment

by:dahter
ID: 36598767
Also I want to add that when I browse the win Fw logs I do not see any dropped RDP requests.
0
 
LVL 3

Expert Comment

by:dlb_amp
ID: 36598840
If the Windows FW is off and you still can't ping, then it sounds like a routing issue. Is the Win7 PC and the remote client on the same subnet?

dlb
0
 

Author Comment

by:dahter
ID: 36598949
Of course it is.
0
 
LVL 20

Expert Comment

by:Iain MacMillan
ID: 36599225
do you have something like UltraVNC that you can test/use, to eliminate RDP from the equation?

can you RDP from the afflicted Win 7 system to another Win 7 box or server?  what if you use the IP address instead of name (to see if DNS is a factor)?  Under the RDP Experience tab, have you set it to LAN and the Advanced tab has Server Auth Fails set to Warn Me or Connect and Don't Warn?

Also make sure under Network & Sharing Centre --> Adv Sharing, Network Discovery is ON & File Sharing Connection is set to 40/56bit if you have a mixed server/desktop environment.

All my systems also have IPv6 disabled, but that's just a preference thing on our site, but may help.
0
 
LVL 20

Expert Comment

by:Iain MacMillan
ID: 36599303
if the IP option works, then you need to fix your DNS issue -- the machines are likely not registering their details with DNS correctly when added to the domain (check your DNS suffix).

technically you should be able to ping the IP and get the name and vice versa.  if you are not getting that, then we need to focus on fixing the DC's and your DNS records.
0
 

Author Comment

by:dahter
ID: 36600922
I will check it out and will get back to you...
0
 

Author Comment

by:dahter
ID: 36715796
No we don't have ultra VNC.
Yes we can RDP from those particular machines to any other RDP available system.

Both IP or the systme name fail so there is no DNS issue.

Under the RDP experience tab we use highspeed broadband and under the Advanced tab  Server Auth Fails usually is set to Warn Me however since the connection can not be established these settings won't do anything as they are for performance issues.

Under Network & Sharing Centre --> Adv Sharing, Network Discovery is ON & File Sharing Connection is set to 40/56 - Yes

IPv6 is disabled.

I can not ping the windows 7 PV that can not be connected via RDP.
0
 
LVL 20

Expert Comment

by:Iain MacMillan
ID: 36717473
what system are you doing the pings from -- XP, 7, Server 03 or 08??  If 7 or 2008, i think it needs to be an Admin enabled command prompt.  definitely smells of a firewall or security app issue  - are these systems on the same switch??

only other thing i can think of is your Windows FW is blocking the ICMP requests.  Check Control Panel > Windows Firewall > Advanced settings > Inbound Rules and enable File and Printer Sharing (Echo Request - ICMPv4-In) for the Domain profile (usually Public & Private will be listed & enabled too).  At least that will let you know that the systems are capable of receiving the request.

on the LAN adapter properties, is there anything else other than Client for MS Networks/VM Network Services\Qos Packet Sched, IPv6, IPv4 & Link Layer Discovery Mapper/Responder???

Also try this, go to Control Panel-->Networking and Sharing Centre-->change adapter settings link on top left.
Right click your local area connection and left click on properties.
Uncheck IPV6 then double click on IPV4 and click the advanced button.
Click the DNS tab, and go ahead and add the dns IP address(s) anyway.  
At the bottom you will find where it says "DNS suffix for this connection", put in your domain name
On the WINS tab, untick the LMHOSTS option
Click ok all the way out, you might want to ipconfig /release and then ipconfig /renew in an admin command prompt.

see if that has any effect.
0
 
LVL 20

Expert Comment

by:Iain MacMillan
ID: 36717481
Windows FW can be turned off, but the service should still be running in the background -- if you have the service disabled, that when the problems can occur.
0
 
LVL 3

Expert Comment

by:dlb_amp
ID: 36717543
If he's pinging the IP address then DNS won't matter. This smells more like a firewall issue.

I read that a reinstall of windows makes it work. Since you are disabling the win FW, there must be another program blocking the PC from being seen on the network. Try uninstalling McAfee.

dlb
0
 

Author Comment

by:dahter
ID: 36717617
We have  already discovered reinstalling windows works however this is allot of work and we don't want to go down to that route. I have already tried to disable the windows FW service and did not work (After I had restarted the PC I checked the Win FW and it was turned off and the service was disabled). I have already tried uninstalling AV and tried it like that no luck.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 3

Expert Comment

by:dlb_amp
ID: 36717641
I wasn't suggesting reinstall, Just noting that solution fixed it. Meaning something pre-installed on the PC is causing the problem. But that's assuming these are new PCs that are having this problem. If it's a case where it used to work on them but now doesn't, then it coudl be something entirely different.

dlb
0
 

Author Comment

by:dahter
ID: 36813060
yeah so far no clue...
0
 
LVL 20

Expert Comment

by:Iain MacMillan
ID: 36813462
as i said above, FW can be turned off, but the service needs to be RUNNING.  this seems to fix a lot of network issues along with disabling IPv6 which you have done.

given that rebuilds fix the issue, it could be a 3rd party app or OEM installed package that is adding to the issue.
0
 

Author Comment

by:dahter
ID: 36918577
No idea? Anyone?
0
 
LVL 20

Expert Comment

by:Iain MacMillan
ID: 36922885
have you set the firewall to OFF but left the service running?
0
 

Author Comment

by:dahter
ID: 36923344
I tried both. Set it off let the service run and set it off and set the service off too.. None of them worked. I tried win 7 SP1 too...
0
 
LVL 3

Expert Comment

by:dlb_amp
ID: 36923855
Have you tried uninstalling and re-installing the NIC?

dlb
0
 

Author Comment

by:dahter
ID: 36924322
no but we have tried on both wireless and wired so technically 2 different nics.
0
 
LVL 3

Expert Comment

by:dlb_amp
ID: 36924439
True, but if something was configured wrong by the mfg on both cards...
0
 

Author Comment

by:dahter
ID: 36967762
no did not work. I thought the media set might be broken but we used the same media set for setting up couple of PCs and only few of them have the problem. I thought this info might be useful.
0
 
LVL 3

Expert Comment

by:dlb_amp
ID: 36967838
Have you tried taking one of the problem PC's and a good PC off the network and setup on a stand-alone hub/switch with static IPs to see if you could connect thereby eliminating your network as a problem?

dlb
0
 

Author Comment

by:dahter
ID: 36992016
Yes I did and failed.
0
 
LVL 20

Expert Comment

by:Iain MacMillan
ID: 36993471
when you disable your AV software, are you shutting down the services (McAfee Enterprise has 3 and MSE has 1).  They would need to be stopped, to not be a factor in this.

Then on the flip-side you have other Win 7 systems with AV (I assume) that RDP fine, so it's a bit of an oddity.  Since a rebuild works, it has to be something that removed as part of your rebuild process that is the cause.  Are all your Win 7 systems up to SP1.  Have you run the DISM command to perm. commit the SP1 update and to tidy the patch/updates area of the system to free up disk space?
0
 

Accepted Solution

by:
dahter earned 0 total points
ID: 37082185
I have found the problem. Somehow Checkpoint VPN client interfere with RDP session. As soon as I uninstall the vpn clients, RDP works just fine.
0
 

Author Closing Comment

by:dahter
ID: 37105794
I tried every solution from all the users but finally I have discovered what the problem is myself.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Suggested Solutions

Hi Friends, These registry tweaks will help you optimizing your Windows 7 system for any VDI. This will improve the machine performanance and can be used on normal systems also. These are few registry tweaks which will add value by enhancing the …
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup". After a while, you have entered a loop for Auto repair which does not fix anything and you will be in a  panic as all your work w…
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now