Server 2003 RDP not working

Hi,
One of my server 2003 domain controllers completely stopped listening for RDP on any port no matter what I change it to.  Also, the entire term service service was missing from services.msc.  I added the term services via reg keys and am able to start the service and used Microsofts fix it to reset the rdp listening port but nothing works.  All other servers work fine.  Any ideas?
LVL 5
jhill777Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Zac HarrisSystems Administrator Commented:
This may seem silly but sometimes it happens...

Right-click on Computer and choose properties

Then click on "Remote Settings" in the left column

Then make sure your radio button for allow connections... is selected. You can choose either the second or the third option, the third being more secure but the second supporting more varieties of computers.

You'd be surprised how many times this has turned off on me for some reason or another.
0
jhill777Author Commented:
Lol I checked that first.   Remote connections are enabled.
0
jhill777Author Commented:
Any other ideas?
0
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

jhill777Author Commented:
Ran sfc /scannow.  No problems found.
0
Zac HarrisSystems Administrator Commented:
Give this a try:

1.

Stop the IPSec service on the remote machine, and set its startup mode to "Manual"

2.

Restart the remote machine

3.

Restart the IPSec service and set its startup mode back to "Automatic".
HTH

itguy
0
jhill777Author Commented:
Sorry for the delay.  Haven't been in the office until now.  The IPSec thing didn't work.  Any other ideas?  I think something to note that when I encountered this problem initially, the term service was completely gone.  No option to start or stop it or anything.  Didn't even exist.  I've added it via the registry and it appears now and is running but nothing changed in regards to the situation at hand.
0
Davis McCarnOwnerCommented:
I smell a Trojan as that is the most common cause of services disappearing!
First, run roguekiller to ensure there isn't any malware left: http://www.majorgeeks.com/files/details/roguekiller.html
Then use Tweaking.com's all-in-one to restore Windows:  http://www.tweaking.com/content/page/windows_repair_all_in_one.html

Afterwards, if you have a backup of the system state, restore one from before the changed behavior.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jhill777Author Commented:
Sorry, I didn't realize anybody had responded.  I just consult for this place infrequently and if I hadn't noticed that RDP wasn't working, it would have gone unnoticed.  That said, I don't know how long this has been like this and any system state backups would have most likely been overwritten.  Before I do the all-in-one, is a system state restore going to be necessary?  I have other domain controllers in place that it can replicate from if it's just that it will lose AD/DNS configurations.
0
Davis McCarnOwnerCommented:
I haven't had to use the all-in-one tool on a server where I didn't have a backup to restore so I'm not sure what it will do to AD.
On 2K3, I also use this: http://www.computer-help.net/Best-Registry-Backup.html
0
jhill777Author Commented:
Thank you!  I think you're on to something.  Rogue Killer found some stuff.  Killed HJname1336 Svchost.exe and PUM HJ POL HJ SMENU HJ Desk.  Deleted Registry entries.  Ran through all your other instructions afterwards.  Now when I try to RDP it says "The connection was ended due to network error.  Sounds like progress compared to it just acting like the host didn't even exist.  Anything else you can think of?
0
Davis McCarnOwnerCommented:
Look in the event viewer for related entries (eventvwr.msc) and post their event id's + source.
0
jhill777Author Commented:
The RDP protocol component "DATA ENCRYPTION" detected an error in the protocol stream and has disconnected the client.
0
Davis McCarnOwnerCommented:
Read this and either try the Fixit or edit the registry: http://support.microsoft.com/kb/323497
0
jhill777Author Commented:
I saw that but it says its for windows 2000.  Is it still applicable?
0
Davis McCarnOwnerCommented:
Yes, and it does say its for 2K3 too.
0
jhill777Author Commented:
Thank you.  I finally was able to get in there and your solution cleared it up.
0
jkocklerCommented:
I know this question is closed, but make sure you have all windows security updates installed. There is a vulnerability in RDP for 2003 and XP that could have allowed this attack to take place. I would check your logs for brute force terminal service attempts, and reset your administrator passwords.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.