Solved

Windows 2008 update disables Remote Connection access

Posted on 2015-02-11
18
58 Views
Last Modified: 2015-02-16
I have a domain with two dc's. I have been using RDC to access one from the other, that is until this morning. Now, I get the error msg that the target computer is not accessible because it is either 1) turned off or 2) RDC is turned off or 3) the computer is not on the network. None of this is true. The target  machine IS on and logged in. RDC is turned on in Remote tab of Computer Properties. and the target machine and its shares are accessible. Furthermore, the target machine is able to browse the network and the internet.  Could the updates have wrecked this setup? And if so, can I do a system restore to yesterday? There doesn't seem to be that option in All Programs->Accessories->System Tools.  Please LMK how to fix this annoyance.
0
Comment
Question by:PCGenieLA
  • 11
  • 7
18 Comments
 
LVL 24

Expert Comment

by:VB ITS
ID: 40605471
Could the updates have wrecked this setup?
Possibly but unlikely. First things first, check that the Terminal Services service is running in Control Panel > Administrative Tools > Services

If this service isn't started then that may explain your issues. Once you've confirmed this isn't the problem then we'll need to check whether another service/program has taken the RDP port (3389) by running this command: netstat -ano | find ":3389"

Take note of the last set of numbers to the far right - this represents the Process ID of the program/service that is using the RDP port.

Now open the Task Manager, click on the Services tab, then click on the PID column to sort it. Locate the PID noted down earlier - you should see several services with the same PID (which is perfectly normal).

We just need to make sure the PID noted down from the netstat command earlier matches up with the Terminal Services service. If this isn't the case, kill the offending process that's taken the 3389 port and then restart the Terminal Services service.

And if so, can I do a system restore to yesterday? There doesn't seem to be that option in All Programs->Accessories->System Tools
No, you can't do a system restore on a Domain Controller and for good reason - you will introduce USN rollback issues if you incorrectly restore a DC. Have a good read of this article to get a better understanding of USN rollback: http://support.microsoft.com/kb/875495

This isn't exactly a scenario where I'd consider restoring a DC from backups either as there's other methods of gaining remote access to a system such as VNC, TeamViewer, etc. which you can use until you address the RDP issues.
0
 

Author Comment

by:PCGenieLA
ID: 40607827
First, There is no Terminal Services listed in SERVICES. All the Remote services are set to manual. I then did a netstat -ano command and the only process found was 1324 which is the DNS service:There was no port 3389 listed.
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40607857
Is this a 2008 or 2008 R2 server? In 2008 R2 Terminal Services was renamed to Remote Desktop Services so look for that service.
0
 

Author Comment

by:PCGenieLA
ID: 40607940
Found Remote Desktop Service, it was set to manual. I started it  but even with it started no port 3389 was active nor was it listed in Task Manager.
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40607946
So running the netstat command I posted earlier yielded no results? Please copy and paste from the box below into a Command Prompt window on your server if possible:
netstat -ano | find ":3389"

Open in new window

Paste the results here if possible.
0
 

Author Comment

by:PCGenieLA
ID: 40608057
Tried it again. No results. Just the next command prompt.
0
 

Author Comment

by:PCGenieLA
ID: 40608060
On the DC not the target DC. BTW both are running Windows 2008 R2
0
 

Author Comment

by:PCGenieLA
ID: 40608941
Also, I tried to connect to the target machine from a Windows 7 workstation and got the same results.
0
 

Author Comment

by:PCGenieLA
ID: 40608974
On the target machine there is a result as follows:
TCP/IP   0.0.0.0:3389     0.0.0.0       Listening     1100
TCP/IP      [::] :3389          [::] 0         Listening      1100

Process 1100 returns

WinRM
TermServices
nfaSrv
Ktmsrm
DNScache
CrytSvc
0
Integrate social media with email signatures

Is your company active on social media? Do you also use email signatures? Including social media icons in your email signature is a great way to get fans for free. Let all your email users know you’re on social media quickly and easily, in a single click.

 

Author Comment

by:PCGenieLA
ID: 40609844
Did some more testing. By pinging the target machine, I found out that culprit is DNS. I can use the RDC if I specify the target machine by IP, but not by name. I thought I had AD working on both machines, but it seems to be active only on the target machine. What course of action from here would you suggest ?
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40610345
Which two machines are you talking about here? Your DCs?

Please clarify which machine you can connect to via host name and which one you can't.
0
 

Author Comment

by:PCGenieLA
ID: 40610543
Any machine can connect to the target machine, DC named win2k8, by IP, but not by name.  Win2k8 is running AD. The DC named Office64 is a second DC that I thought was also running AD, but it turns out is not.
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40611533
Yep it sounds like you definitely have some DNS issues going on in your environment.

When you ping the server named AD by hostname do you get any replies or does the ping timeout with the error message "Ping request could not find host AD."?
0
 

Author Comment

by:PCGenieLA
ID: 40611668
"Ping AD" returns the external IP for my network and then times out. Same for "Ping Win2k8"
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40611669
When you say external IP, are you referring to your public IP address?
0
 

Author Comment

by:PCGenieLA
ID: 40611740
Yes, the public IP
0
 
LVL 24

Accepted Solution

by:
VB ITS earned 500 total points
ID: 40611835
Looks like your DNS issue best suited for another question to be honest. You'll need to do some investigation on your end first and then come back to us with your findings as you have direct access to your environment.
0
 

Author Closing Comment

by:PCGenieLA
ID: 40612385
Thanks, I'll repost this issue in the DNS topic.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now