[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now


Can't remote desktop into 2008R2 web edition from W7

Posted on 2013-01-22
Medium Priority
Last Modified: 2013-01-23
Can't remote desktop into 2008R2 web edition from a Windows 7 box.

I have other 2008R2 boxes in that subnet and I can access all of them just fine.

W7 is on 192.168.19.x and servers on 192.168.0.x  

RD using IP address. Two networks connect through VPN over two sonic wall firewalls.

Compared settings between the boxes that work and the one that doesn't and can not find it.

Under system properties I have under remote tab Allow connections from computers running any version of Remote Desktop.

I turned off Windows firewall and Kaspersky Firewall on that server, still no connect:

reasons RD gives: 1) RA is not enabled, 2) Remote turned off,  3) remote not available on network (I do have a backup remote through Log ME IN).

I can ping the box, and can map a network drive to it, so it's definitely accessible.

I did install the Remote Assistance feature on the server as well.

Where else do I need to look?


Question by:rolfg
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
LVL 10

Expert Comment

ID: 38807537
from the client, run this command:
telnet <server ip> 3389
(you may have to install the telnet client Windows "feature" - it's not installed by default.

If the connection succeeds, you can rule out a network or server side problem.  If it fails, ensure the Remote Desktop Services service is running on the server, then start investigating where on the network the traffic is being blocked.

Author Comment

ID: 38807904
rscottvan Thanks! Cannot telnet to the box, Remote desktop services are running.
LVL 10

Expert Comment

ID: 38808066
OK, that implies a network issue, probably a firewall getting in the way.

From a different server in the same subnet, try the same telnet command.  Does that work?  If yes, there's likely a network firewall in the way.  If no, it's something local to the failing server.
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  


Author Comment

ID: 38808217
I tried telnet from within the same local network (another server in the same 192.168.0 subnet) and cannot connect. Then I tried to connect (on that same server) to itself and that works.

Tried the same on the server in question, I can connect out to another one, but not to itself.

So something on the server is definitely blocking, even though Kaspersky is turned off and the 3 firewall profiles turned off. (Domain, public and private)

 When I click on monitoring its says firewall is off, but at the next line it says inbound connection that do not match a rule are blocked...  so what does that mean when on the line above it says firewall is off....

There are four inbound rules:
Remote desktop (TCP IN)   domain enabled allowed 3389
Remote desktop (TCP IN)   public enabled allowed 3389
Remote desktop RemoteFX (TCP IN)   domain enabled allowed 3389
Remote desktop RemoteFX (TCP IN)   private enabled allowed 3389

I'm am very inexperienced with the 2008R2 firewall,  I do NOT run a domain but a workgroup as I'm running a 1 man IT shop in a company with only 7 employees.

 By the way all servers are hooked up to the same switch behind the Sonicwall. So other than the Windows firewall there are no other physical firewalls between the different servers

Thanks for your help.

LVL 10

Expert Comment

ID: 38808254
Based on your post, I don't think Windows Firewall is the problem.

Let's make sure the server is listening on 3389.  from a command prompt, run this command and post the results:  
netstat -an | find "3389"

Have you verified the Remote Desktop Services Service is running?  (Start>Administrative Tools>Services)
LVL 10

Expert Comment

ID: 38808261
Also, here's an interesting post on a similar issue:

We opened a case with Microsoft on this issue and we determined that it was related to the following driver being disabled:
remote desktop services security filter driver
To check whether this enabled or disabled, open device manager and show hidden devices. We were not able to enable it, so we uninstalled it and rebooted. After rebooting we were able to telnet to the server on port 3389, but we were still not able to connect with remote desktop.
As a last step, we set remote desktop security layer to “negotiate”. To do this, open the "remote desktop session host configuration" application in administrative tools and edit the properties of “rdp-tcp”. The setting can be found on the general tab.
Hope this helps someone!

Author Comment

ID: 38808287
Nothing found with netstat -an
restarted the service and still no result

The driver mentioned does not have an enabled setting, but was not started, started it but still no netstat -an | find "3389" result.

The host configuration had was set to negotiate, only thing I could find that it was set for only one host adapter , of course the one that did not have a network cable, set it for both, but still no listener found.

In the mean time I looked at some of the other servers and saw the firewall only had one entry:

Remote desktop (tcp-in) all etc.

I set the offending server the same and deleted the other entries.

I had turned on remote assistance in the past, think it would help, removed the feature and rebooted.

Lo and behold, the port started listening, when I try to access from another server it comes up with a credentials screen and says after supplying those: Access is denied <sigh> enough for one evening, I guess.

Saw this error in the log file: The Terminal Server security layer detected an error in the protocol stream and has disconnected the client.

Thanks for sticking with it.

LVL 10

Expert Comment

ID: 38808459
Try changing the remote desktop setting on the target machine to allow connections from computer running any version of Remote Desktop

Author Comment

ID: 38810413
That's what it is set at.
Another observation, going from a 2008 server to 2008 R2 server, it asks for credentials, starts a session, displays the remote servers login screen with "access is denied".

I turned the Kaspersky and Windows firewall back on and the behavior has not changed, so it's definitely not a firewall issue.

From Win 7 on the sub net work I never get that far, get the same can't connect message box, but telnet will not immediately say it can't connect but sits a few minutes thinking about it, before deciding it can't connect.
LVL 10

Expert Comment

ID: 38810850
Is the account you're trying to use a member of the Remote Desktop Users local group?

Author Comment

ID: 38810889
Didn't even know such group existed, but yes, they were probably added when I set up RD and picked the users.
LVL 10

Accepted Solution

rscottvan earned 2000 total points
ID: 38810945
Now that you can connect, there are a few possible resolutions to the Access is Denied error in this thread:

Author Closing Comment

ID: 38811392
I did not find anything in there that would apply to me. However I looked at another 2008R2 server and noticed RD runs as network service and not as local system. I changed that and I could log in.

But not from the windows 7 on the .19.x  subnet.  Killed the Kaspersky firewall on the server (Windows firewall is still running) and now RD works on W7 too.

Apparently Kaspersky kills traffic from the subnet even though it comes in over a VPN.

Thanks for all your help... took a few hours but what you don't know is that I have been trying to fix this on and off for at least 9 months. Thank goodness for this site!

I surely appreciate the quick back and forth questions and answers and the meticulous method of eliminating one issue after another!

Thank you RScottvan!


Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question