Solved

Can't remote desktop into 2008R2 web edition from W7

Posted on 2013-01-22
13
763 Views
Last Modified: 2013-01-23
Can't remote desktop into 2008R2 web edition from a Windows 7 box.

I have other 2008R2 boxes in that subnet and I can access all of them just fine.

W7 is on 192.168.19.x and servers on 192.168.0.x  

RD using IP address. Two networks connect through VPN over two sonic wall firewalls.

Compared settings between the boxes that work and the one that doesn't and can not find it.

Under system properties I have under remote tab Allow connections from computers running any version of Remote Desktop.

I turned off Windows firewall and Kaspersky Firewall on that server, still no connect:

reasons RD gives: 1) RA is not enabled, 2) Remote turned off,  3) remote not available on network (I do have a backup remote through Log ME IN).

I can ping the box, and can map a network drive to it, so it's definitely accessible.

I did install the Remote Assistance feature on the server as well.

Where else do I need to look?

Thanks,

Rolf
0
Comment
Question by:rolfg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
13 Comments
 
LVL 10

Expert Comment

by:rscottvan
ID: 38807537
from the client, run this command:
telnet <server ip> 3389
(you may have to install the telnet client Windows "feature" - it's not installed by default.

If the connection succeeds, you can rule out a network or server side problem.  If it fails, ensure the Remote Desktop Services service is running on the server, then start investigating where on the network the traffic is being blocked.
0
 

Author Comment

by:rolfg
ID: 38807904
rscottvan Thanks! Cannot telnet to the box, Remote desktop services are running.
0
 
LVL 10

Expert Comment

by:rscottvan
ID: 38808066
OK, that implies a network issue, probably a firewall getting in the way.

From a different server in the same subnet, try the same telnet command.  Does that work?  If yes, there's likely a network firewall in the way.  If no, it's something local to the failing server.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:rolfg
ID: 38808217
I tried telnet from within the same local network (another server in the same 192.168.0 subnet) and cannot connect. Then I tried to connect (on that same server) to itself and that works.

Tried the same on the server in question, I can connect out to another one, but not to itself.

So something on the server is definitely blocking, even though Kaspersky is turned off and the 3 firewall profiles turned off. (Domain, public and private)

 When I click on monitoring its says firewall is off, but at the next line it says inbound connection that do not match a rule are blocked...  so what does that mean when on the line above it says firewall is off....

There are four inbound rules:
Remote desktop (TCP IN)   domain enabled allowed 3389
Remote desktop (TCP IN)   public enabled allowed 3389
Remote desktop RemoteFX (TCP IN)   domain enabled allowed 3389
Remote desktop RemoteFX (TCP IN)   private enabled allowed 3389

I'm am very inexperienced with the 2008R2 firewall,  I do NOT run a domain but a workgroup as I'm running a 1 man IT shop in a company with only 7 employees.

 By the way all servers are hooked up to the same switch behind the Sonicwall. So other than the Windows firewall there are no other physical firewalls between the different servers

Thanks for your help.

Rolf
0
 
LVL 10

Expert Comment

by:rscottvan
ID: 38808254
Based on your post, I don't think Windows Firewall is the problem.

Let's make sure the server is listening on 3389.  from a command prompt, run this command and post the results:  
netstat -an | find "3389"

Have you verified the Remote Desktop Services Service is running?  (Start>Administrative Tools>Services)
0
 
LVL 10

Expert Comment

by:rscottvan
ID: 38808261
Also, here's an interesting post on a similar issue:
http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/c3cfc2df-fc29-4abc-acf1-01797f528333/

We opened a case with Microsoft on this issue and we determined that it was related to the following driver being disabled:
remote desktop services security filter driver
To check whether this enabled or disabled, open device manager and show hidden devices. We were not able to enable it, so we uninstalled it and rebooted. After rebooting we were able to telnet to the server on port 3389, but we were still not able to connect with remote desktop.
As a last step, we set remote desktop security layer to “negotiate”. To do this, open the "remote desktop session host configuration" application in administrative tools and edit the properties of “rdp-tcp”. The setting can be found on the general tab.
Hope this helps someone!
0
 

Author Comment

by:rolfg
ID: 38808287
Nothing found with netstat -an
restarted the service and still no result

The driver mentioned does not have an enabled setting, but was not started, started it but still no netstat -an | find "3389" result.

The host configuration had was set to negotiate, only thing I could find that it was set for only one host adapter , of course the one that did not have a network cable, set it for both, but still no listener found.

In the mean time I looked at some of the other servers and saw the firewall only had one entry:

Remote desktop (tcp-in) all etc.

I set the offending server the same and deleted the other entries.

I had turned on remote assistance in the past, think it would help, removed the feature and rebooted.

Lo and behold, the port started listening, when I try to access from another server it comes up with a credentials screen and says after supplying those: Access is denied <sigh> enough for one evening, I guess.

Saw this error in the log file: The Terminal Server security layer detected an error in the protocol stream and has disconnected the client.

Thanks for sticking with it.

Rolf
0
 
LVL 10

Expert Comment

by:rscottvan
ID: 38808459
Try changing the remote desktop setting on the target machine to allow connections from computer running any version of Remote Desktop
0
 

Author Comment

by:rolfg
ID: 38810413
That's what it is set at.
Another observation, going from a 2008 server to 2008 R2 server, it asks for credentials, starts a session, displays the remote servers login screen with "access is denied".

I turned the Kaspersky and Windows firewall back on and the behavior has not changed, so it's definitely not a firewall issue.

From Win 7 on the sub net work I never get that far, get the same can't connect message box, but telnet will not immediately say it can't connect but sits a few minutes thinking about it, before deciding it can't connect.
0
 
LVL 10

Expert Comment

by:rscottvan
ID: 38810850
Is the account you're trying to use a member of the Remote Desktop Users local group?
0
 

Author Comment

by:rolfg
ID: 38810889
Didn't even know such group existed, but yes, they were probably added when I set up RD and picked the users.
0
 
LVL 10

Accepted Solution

by:
rscottvan earned 500 total points
ID: 38810945
Now that you can connect, there are a few possible resolutions to the Access is Denied error in this thread:
http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/8405bed7-57a8-4b54-b968-6b0e00f367dd
0
 

Author Closing Comment

by:rolfg
ID: 38811392
I did not find anything in there that would apply to me. However I looked at another 2008R2 server and noticed RD runs as network service and not as local system. I changed that and I could log in.

But not from the windows 7 on the .19.x  subnet.  Killed the Kaspersky firewall on the server (Windows firewall is still running) and now RD works on W7 too.

Apparently Kaspersky kills traffic from the subnet even though it comes in over a VPN.

Thanks for all your help... took a few hours but what you don't know is that I have been trying to fix this on and off for at least 9 months. Thank goodness for this site!

I surely appreciate the quick back and forth questions and answers and the meticulous method of eliminating one issue after another!

Thank you RScottvan!

Rolf
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A safe way to clean winsxs folder from your windows server 2008 R2 editions
On some Windows 7 (SP1) computers, Windows Update becomes super slow even the computer is reasonably fast.  There's one solution that seemed to have worked well for me (after trying a few other suggested solutions).
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question