• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 424
  • Last Modified:

Server 2003 RDP not working

Hi,
One of my server 2003 domain controllers completely stopped listening for RDP on any port no matter what I change it to.  Also, the entire term service service was missing from services.msc.  I added the term services via reg keys and am able to start the service and used Microsofts fix it to reset the rdp listening port but nothing works.  All other servers work fine.  Any ideas?
0
jhill777
Asked:
jhill777
  • 9
  • 5
  • 2
  • +1
2 Solutions
 
Zac HarrisCommented:
This may seem silly but sometimes it happens...

Right-click on Computer and choose properties

Then click on "Remote Settings" in the left column

Then make sure your radio button for allow connections... is selected. You can choose either the second or the third option, the third being more secure but the second supporting more varieties of computers.

You'd be surprised how many times this has turned off on me for some reason or another.
0
 
jhill777Author Commented:
Lol I checked that first.   Remote connections are enabled.
0
 
jhill777Author Commented:
Any other ideas?
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
jhill777Author Commented:
Ran sfc /scannow.  No problems found.
0
 
Zac HarrisCommented:
Give this a try:

1.

Stop the IPSec service on the remote machine, and set its startup mode to "Manual"

2.

Restart the remote machine

3.

Restart the IPSec service and set its startup mode back to "Automatic".
HTH

itguy
0
 
jhill777Author Commented:
Sorry for the delay.  Haven't been in the office until now.  The IPSec thing didn't work.  Any other ideas?  I think something to note that when I encountered this problem initially, the term service was completely gone.  No option to start or stop it or anything.  Didn't even exist.  I've added it via the registry and it appears now and is running but nothing changed in regards to the situation at hand.
0
 
Davis McCarnOwnerCommented:
I smell a Trojan as that is the most common cause of services disappearing!
First, run roguekiller to ensure there isn't any malware left: http://www.majorgeeks.com/files/details/roguekiller.html
Then use Tweaking.com's all-in-one to restore Windows:  http://www.tweaking.com/content/page/windows_repair_all_in_one.html

Afterwards, if you have a backup of the system state, restore one from before the changed behavior.
0
 
jhill777Author Commented:
Sorry, I didn't realize anybody had responded.  I just consult for this place infrequently and if I hadn't noticed that RDP wasn't working, it would have gone unnoticed.  That said, I don't know how long this has been like this and any system state backups would have most likely been overwritten.  Before I do the all-in-one, is a system state restore going to be necessary?  I have other domain controllers in place that it can replicate from if it's just that it will lose AD/DNS configurations.
0
 
Davis McCarnOwnerCommented:
I haven't had to use the all-in-one tool on a server where I didn't have a backup to restore so I'm not sure what it will do to AD.
On 2K3, I also use this: http://www.computer-help.net/Best-Registry-Backup.html
0
 
jhill777Author Commented:
Thank you!  I think you're on to something.  Rogue Killer found some stuff.  Killed HJname1336 Svchost.exe and PUM HJ POL HJ SMENU HJ Desk.  Deleted Registry entries.  Ran through all your other instructions afterwards.  Now when I try to RDP it says "The connection was ended due to network error.  Sounds like progress compared to it just acting like the host didn't even exist.  Anything else you can think of?
0
 
Davis McCarnOwnerCommented:
Look in the event viewer for related entries (eventvwr.msc) and post their event id's + source.
0
 
jhill777Author Commented:
The RDP protocol component "DATA ENCRYPTION" detected an error in the protocol stream and has disconnected the client.
0
 
Davis McCarnOwnerCommented:
Read this and either try the Fixit or edit the registry: http://support.microsoft.com/kb/323497
0
 
jhill777Author Commented:
I saw that but it says its for windows 2000.  Is it still applicable?
0
 
Davis McCarnOwnerCommented:
Yes, and it does say its for 2K3 too.
0
 
jhill777Author Commented:
Thank you.  I finally was able to get in there and your solution cleared it up.
0
 
jkocklerCommented:
I know this question is closed, but make sure you have all windows security updates installed. There is a vulnerability in RDP for 2003 and XP that could have allowed this attack to take place. I would check your logs for brute force terminal service attempts, and reset your administrator passwords.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 9
  • 5
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now