Server 2003 RDP not working

jhill777
jhill777 used Ask the Experts™
on
Hi,
One of my server 2003 domain controllers completely stopped listening for RDP on any port no matter what I change it to.  Also, the entire term service service was missing from services.msc.  I added the term services via reg keys and am able to start the service and used Microsofts fix it to reset the rdp listening port but nothing works.  All other servers work fine.  Any ideas?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Zac HarrisSystems Administrator

Commented:
This may seem silly but sometimes it happens...

Right-click on Computer and choose properties

Then click on "Remote Settings" in the left column

Then make sure your radio button for allow connections... is selected. You can choose either the second or the third option, the third being more secure but the second supporting more varieties of computers.

You'd be surprised how many times this has turned off on me for some reason or another.

Author

Commented:
Lol I checked that first.   Remote connections are enabled.

Author

Commented:
Any other ideas?
CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

Author

Commented:
Ran sfc /scannow.  No problems found.
Zac HarrisSystems Administrator

Commented:
Give this a try:

1.

Stop the IPSec service on the remote machine, and set its startup mode to "Manual"

2.

Restart the remote machine

3.

Restart the IPSec service and set its startup mode back to "Automatic".
HTH

itguy

Author

Commented:
Sorry for the delay.  Haven't been in the office until now.  The IPSec thing didn't work.  Any other ideas?  I think something to note that when I encountered this problem initially, the term service was completely gone.  No option to start or stop it or anything.  Didn't even exist.  I've added it via the registry and it appears now and is running but nothing changed in regards to the situation at hand.
I smell a Trojan as that is the most common cause of services disappearing!
First, run roguekiller to ensure there isn't any malware left: http://www.majorgeeks.com/files/details/roguekiller.html
Then use Tweaking.com's all-in-one to restore Windows:  http://www.tweaking.com/content/page/windows_repair_all_in_one.html

Afterwards, if you have a backup of the system state, restore one from before the changed behavior.

Author

Commented:
Sorry, I didn't realize anybody had responded.  I just consult for this place infrequently and if I hadn't noticed that RDP wasn't working, it would have gone unnoticed.  That said, I don't know how long this has been like this and any system state backups would have most likely been overwritten.  Before I do the all-in-one, is a system state restore going to be necessary?  I have other domain controllers in place that it can replicate from if it's just that it will lose AD/DNS configurations.
I haven't had to use the all-in-one tool on a server where I didn't have a backup to restore so I'm not sure what it will do to AD.
On 2K3, I also use this: http://www.computer-help.net/Best-Registry-Backup.html

Author

Commented:
Thank you!  I think you're on to something.  Rogue Killer found some stuff.  Killed HJname1336 Svchost.exe and PUM HJ POL HJ SMENU HJ Desk.  Deleted Registry entries.  Ran through all your other instructions afterwards.  Now when I try to RDP it says "The connection was ended due to network error.  Sounds like progress compared to it just acting like the host didn't even exist.  Anything else you can think of?
Look in the event viewer for related entries (eventvwr.msc) and post their event id's + source.

Author

Commented:
The RDP protocol component "DATA ENCRYPTION" detected an error in the protocol stream and has disconnected the client.
Read this and either try the Fixit or edit the registry: http://support.microsoft.com/kb/323497

Author

Commented:
I saw that but it says its for windows 2000.  Is it still applicable?
Yes, and it does say its for 2K3 too.

Author

Commented:
Thank you.  I finally was able to get in there and your solution cleared it up.

Commented:
I know this question is closed, but make sure you have all windows security updates installed. There is a vulnerability in RDP for 2003 and XP that could have allowed this attack to take place. I would check your logs for brute force terminal service attempts, and reset your administrator passwords.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial