Solved

Unable to RDP to 2008 R2 Server

Posted on 2012-03-22
10
1,084 Views
Last Modified: 2012-03-22
I have a new Hyper-V 2008 R2 guest that was working 100% fine for a few weeks and all of a sudden today remote desktop became unusable. It's just using RDP for Administration and I've verified everything I can think of is fine but nothing will connect to it. It's definitely listening on 3389 but when I try to connect I immediately get the following message:

RDP Error
No clue where to go from here....all of the other guest systems are working fine.
0
Comment
Question by:BigDeer
  • 5
  • 4
10 Comments
 
LVL 9

Expert Comment

by:Dan Arseneau
ID: 37754404
Check to see that no GPO affecting the local Firewall settings have kicked in.
0
 
LVL 3

Author Comment

by:BigDeer
ID: 37754406
I've completely killed the firewall and opened it up completely. Here's another kicker...I can successfully telnet to that machine on port 3389 with no problem but it denies immediately when connecting with the RDP client.
0
 
LVL 9

Accepted Solution

by:
Dan Arseneau earned 500 total points
ID: 37754417
Was there any new VNetworks created recently...this sometimes plays with routing?  Do ROUTE PRINT and make sure all looks good.


Have you heard of the recent RDP vulnerabilities?  Perhaps there is something at play.
http://technet.microsoft.com/en-us/security/bulletin/ms12-020#section1
0
 
LVL 3

Author Comment

by:BigDeer
ID: 37754518
routes look ok but check out this netstat -a

netstat -a

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:80             servername:0             LISTENING
  TCP    0.0.0.0:135            servername:0             LISTENING
  TCP    0.0.0.0:445            servername:0             LISTENING
  TCP    0.0.0.0:1001           servername:0             LISTENING
  TCP    0.0.0.0:3389           servername:0             LISTENING
  TCP    0.0.0.0:47001          servername:0             LISTENING
  TCP    0.0.0.0:49152          servername:0             LISTENING
  TCP    0.0.0.0:49153          servername:0             LISTENING
  TCP    0.0.0.0:49154          servername:0             LISTENING
  TCP    0.0.0.0:49178          servername:0             LISTENING
  TCP    0.0.0.0:49213          servername:0             LISTENING
  TCP    0.0.0.0:49267          servername:0             LISTENING
  TCP    192.168.1.243:139      servername:0             LISTENING
  TCP    192.168.1.243:445      192.168.1.211:3921     ESTABLISHED
  TCP    192.168.1.243:3389     ns1:49511              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:49772              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:49854              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:49922              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:50238              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:50745              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:51363              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:52771              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:52853              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:52857              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:52861              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:52873              TIME_WAIT
  TCP    192.168.1.243:3389     ns1:52878              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:52881              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:52882              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:52890              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:52893              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:52906              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:52930              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:52934              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:52937              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:52947              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:52996              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:53010              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:53114              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:55338              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:56076              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:56088              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:56112              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:56114              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:56129              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:56157              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:56194              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:56198              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:56207              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:56210              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:56215              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:56218              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:56227              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:56237              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:56240              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:56251              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:56252              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:56277              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:56295              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:56311              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:56327              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:56344              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:56591              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:60856              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:61755              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:64347              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:64594              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:64690              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:64776              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:65164              ESTABLISHED
  TCP    192.168.1.243:3389     184.22.237.83:54666    ESTABLISHED
  TCP    192.168.1.243:3389     184.22.237.83:54669    ESTABLISHED
  TCP    192.168.1.243:3389     184.22.237.83:54713    ESTABLISHED
  TCP    192.168.1.243:3389     184.22.237.83:54722    ESTABLISHED
  TCP    192.168.1.243:3389     184.22.237.83:54863    ESTABLISHED
  TCP    192.168.1.243:3389     184.22.237.83:54883    ESTABLISHED
  TCP    192.168.1.243:3389     184.22.237.83:55567    ESTABLISHED
  TCP    192.168.1.243:3389     184.22.237.83:55935    ESTABLISHED
  TCP    192.168.1.243:3389     184.22.237.83:55955    ESTABLISHED
  TCP    192.168.1.243:3389     184.22.237.83:56751    ESTABLISHED
  TCP    192.168.1.243:3389     184.22.237.83:57454    ESTABLISHED
  TCP    192.168.1.243:3389     184.22.237.83:57622    ESTABLISHED
  TCP    192.168.1.243:3389     184.22.237.83:58385    ESTABLISHED
  TCP    192.168.1.243:3389     184.22.237.83:59825    ESTABLISHED
  TCP    192.168.1.243:3389     184.22.237.83:59833    TIME_WAIT
  TCP    192.168.1.243:3389     184.22.237.83:59921    ESTABLISHED
  TCP    192.168.1.243:3389     184.22.237.83:59991    TIME_WAIT
  TCP    192.168.1.243:3389     184.22.237.83:60058    ESTABLISHED
  TCP    192.168.1.243:59977    79-110-85-243:12002    ESTABLISHED
  TCP    192.168.1.243:60028    79-110-84-27:12002     ESTABLISHED
  TCP    192.168.1.243:60031    79-110-84-144:32002    ESTABLISHED
  TCP    192.168.1.243:60036    79-110-85-178:22002    ESTABLISHED
  TCP    192.168.1.243:60043    79-110-85-178:22002    ESTABLISHED
  TCP    192.168.1.243:60045    79-110-85-185:32002    ESTABLISHED
  TCP    192.168.1.243:60046    79-110-85-243:12002    ESTABLISHED
  TCP    192.168.1.243:60050    79-110-85-111:12002    ESTABLISHED
  TCP    192.168.1.243:60054    79-110-84-27:12002     ESTABLISHED
  TCP    192.168.1.243:60055    79-110-84-144:22003    ESTABLISHED
  TCP    192.168.1.243:60056    79-110-84-144:22003    ESTABLISHED
  TCP    192.168.1.243:60059    79-110-84-144:32002    ESTABLISHED
  TCP    192.168.1.243:60069    79-110-84-27:12002     ESTABLISHED
  TCP    192.168.1.243:60071    79-110-85-178:22002    ESTABLISHED
  TCP    192.168.1.243:60072    79-110-84-144:32002    ESTABLISHED
  TCP    192.168.1.243:60074    79-110-84-144:32002    ESTABLISHED
  TCP    192.168.1.243:60078    79-110-84-144:22003    ESTABLISHED
  TCP    192.168.1.243:60081    79-110-84-183:12002    ESTABLISHED
  TCP    192.168.1.243:60088    79-110-85-178:22002    ESTABLISHED
  TCP    192.168.1.243:60092    79-110-84-144:32002    ESTABLISHED
  TCP    192.168.1.243:60103    79-110-84-27:12002     ESTABLISHED
  TCP    192.168.1.243:60104    79-110-84-183:12002    ESTABLISHED
  TCP    192.168.1.243:60110    79-110-84-183:12002    ESTABLISHED
  TCP    192.168.1.243:60156    79-110-84-144:22003    ESTABLISHED
  TCP    192.168.1.243:60176    79-110-92-96:12002     ESTABLISHED
  TCP    192.168.1.243:60184    79-110-84-183:12002    ESTABLISHED
  TCP    192.168.1.243:60187    79-110-84-144:22003    ESTABLISHED
  TCP    192.168.1.243:60211    79-110-85-178:22002    ESTABLISHED
  TCP    192.168.1.243:60213    79-110-92-96:12002     ESTABLISHED
  TCP    192.168.1.243:60220    79-110-84-144:32002    ESTABLISHED
  TCP    192.168.1.243:60222    79-110-85-111:12002    ESTABLISHED
  TCP    192.168.1.243:60227    79-110-84-27:12002     ESTABLISHED
  TCP    192.168.1.243:60239    79-110-92-96:12002     ESTABLISHED
  TCP    192.168.1.243:60254    79-110-85-243:12002    ESTABLISHED
  TCP    192.168.1.243:60256    79-110-85-68:12002     ESTABLISHED
  TCP    192.168.1.243:60262    79-110-85-185:32002    ESTABLISHED
  TCP    192.168.1.243:60263    79-110-85-243:12002    ESTABLISHED
  TCP    192.168.1.243:60266    79-110-85-65:32002     ESTABLISHED
  TCP    192.168.1.243:60268    79-110-85-65:32002     ESTABLISHED
  TCP    192.168.1.243:60271    79-110-85-111:12002    ESTABLISHED
  TCP    192.168.1.243:60277    79-110-84-27:12002     ESTABLISHED
  TCP    192.168.1.243:60281    79-110-84-160:22002    ESTABLISHED
  TCP    192.168.1.243:60283    79-110-85-68:12002     ESTABLISHED
  TCP    192.168.1.243:60286    79-110-85-111:12002    ESTABLISHED
  TCP    192.168.1.243:60289    79-110-85-68:12002     ESTABLISHED
  TCP    192.168.1.243:60292    79-110-85-185:32002    ESTABLISHED
  TCP    192.168.1.243:60294    79-110-85-178:22002    ESTABLISHED
  TCP    192.168.1.243:60296    79-110-85-111:12002    ESTABLISHED
  TCP    192.168.1.243:60297    79-110-85-243:12002    ESTABLISHED
  TCP    192.168.1.243:60305    79-110-92-96:12002     ESTABLISHED
  TCP    192.168.1.243:60338    79-110-84-183:12002    ESTABLISHED
  TCP    192.168.1.243:60375    79-110-84-144:22003    ESTABLISHED
  TCP    192.168.1.243:60390    79-110-92-96:12002     ESTABLISHED
  TCP    192.168.1.243:60398    79-110-84-144:22003    ESTABLISHED
  TCP    192.168.1.243:60402    79-110-85-111:12002    ESTABLISHED
  TCP    192.168.1.243:60432    79-110-84-183:12002    ESTABLISHED
  TCP    192.168.1.243:60455    79-110-92-96:12002     ESTABLISHED
  TCP    192.168.1.243:60471    79-110-85-65:32002     ESTABLISHED
  TCP    192.168.1.243:60485    79-110-85-185:32002    ESTABLISHED
  TCP    192.168.1.243:60491    79-110-85-65:32002     ESTABLISHED
  TCP    192.168.1.243:60502    79-110-85-65:32002     ESTABLISHED
  TCP    192.168.1.243:60520    79-110-85-68:12002     ESTABLISHED
  TCP    192.168.1.243:60531    79-110-85-243:12002    ESTABLISHED
  TCP    192.168.1.243:60537    79-110-85-68:12002     ESTABLISHED
  TCP    192.168.1.243:60542    79-110-85-68:12002     ESTABLISHED
  TCP    192.168.1.243:60554    79-110-85-65:32002     ESTABLISHED
  TCP    192.168.1.243:60574    79-110-85-185:32002    ESTABLISHED
  TCP    192.168.1.243:60586    79-110-84-144:22003    ESTABLISHED
  TCP    192.168.1.243:60589    79-110-84-183:12000    TIME_WAIT
  TCP    192.168.1.243:60591    79-110-84-183:12001    ESTABLISHED
  TCP    192.168.1.243:60592    79-110-85-185:31000    TIME_WAIT
  TCP    192.168.1.243:60593    79-110-85-185:32000    TIME_WAIT
  TCP    192.168.1.243:60595    79-110-84-183:12000    TIME_WAIT
  TCP    192.168.1.243:60596    79-110-85-185:32002    ESTABLISHED
  TCP    192.168.1.243:60600    79-110-84-183:12000    ESTABLISHED
  TCP    [::]:80                servername:0             LISTENING
  TCP    [::]:135               servername:0             LISTENING
  TCP    [::]:445               servername:0             LISTENING
  TCP    [::]:47001             servername:0             LISTENING
  TCP    [::]:49152             servername:0             LISTENING
  TCP    [::]:49153             servername:0             LISTENING
  TCP    [::]:49154             servername:0             LISTENING
  TCP    [::]:49178             servername:0             LISTENING
  TCP    [::]:49213             servername:0             LISTENING
  TCP    [::]:49267             servername:0             LISTENING
  UDP    0.0.0.0:123            *:*
  UDP    0.0.0.0:500            *:*
  UDP    0.0.0.0:4500           *:*
  UDP    0.0.0.0:5355           *:*
  UDP    0.0.0.0:50296          *:*
  UDP    127.0.0.1:55165        *:*
  UDP    127.0.0.1:56233        *:*
  UDP    127.0.0.1:57144        *:*
  UDP    127.0.0.1:63400        *:*
  UDP    192.168.1.243:137      *:*
  UDP    192.168.1.243:138      *:*
  UDP    [::]:123               *:*
  UDP    [::]:500               *:*
  UDP    [::]:4500              *:*
  UDP    [::]:5355              *:*
  UDP    [fe80::35e9:3cfb:4856:5f81%11]:546  *:*
0
 
LVL 9

Expert Comment

by:Dan Arseneau
ID: 37754549
0.0.0.0:3389 just means that it's listening on all IPs hosted on the server.  How many VMs are you running in there?  It may be that one of them is RDP disabled but is taking the connection attempts.  If possible, try to shutdown all the VMs then try RDP.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 9

Expert Comment

by:Dan Arseneau
ID: 37754584
Some more settings to look at would be Admin Tools - Remote Desktop Services - Remote Desktop Session Host Configuration.  Right-click on RDP-Tcp and choose Properties.

Sometimes, you can delete this Connection and create a new one.  Usually attributed to VM environments messing up local network properties.
0
 
LVL 3

Author Comment

by:BigDeer
ID: 37754591
3 VMs... this netstat is run from the 1 VM that cannot receive RDP connections.

What about all these:

TCP    192.168.1.243:3389     ns1:56198              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:56207              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:56210              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:56215              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:56218              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:56227              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:56237              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:56240              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:56251              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:56252              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:56277              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:56295              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:56311              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:56327              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:56344              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:56591              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:60856              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:61755              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:64347              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:64594              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:64690              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:64776              ESTABLISHED
  TCP    192.168.1.243:3389     ns1:65164              ESTABLISHED

...
0
 
LVL 9

Expert Comment

by:Dan Arseneau
ID: 37754624
Oops.  Didn't go much further down that list..sorry.  You may want to refer back to my note of the RDP vulnerability.

http://technet.microsoft.com/en-us/security/bulletin/ms12-020#section1

Is this a licensed Terminal Server?  If so, you may be out of licenses.  If it's not, than this is definitely more than the 2 freebies.
0
 
LVL 1

Expert Comment

by:MetMc
ID: 37754729
Two things I have come across previously that caused this for me.  They are likely too simple to be the issue, but here goes.

1.  Suddenly couldn't RDP into a server one morning.  Wasn't onsite or I would have gone to it directly to see if I could login locally.  When I finally did get onsite, I found an error message had popped up on the server.  I cleared it by clicking OK and immediately was able to RDP.

2.  Settings to allow RDP to server were inadvertently changed, denying access.  Never tracked down how the setting changed from one day to the next.
0
 
LVL 3

Author Closing Comment

by:BigDeer
ID: 37755382
Turned out to be a nasty collection of viruses that our software vendor gave to us. Was able to clean it up with Hitman Pro.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Why should I virtualize?  It’s a question that’s asked often enough.  My response is usually “Why SHOULDN’T you virtualize?”
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now