Link to home
Start Free TrialLog in
Avatar of Greg_L_WER
Greg_L_WERFlag for Canada

asked on

RDC Not Working

Hi all... I've been having issues with my RDC connection to one of our servers.  It is a Hyper-V hosted server that RDC was working fine on for months.  It recently stopped allowing connections to it and I've had no success with any of the many suggestions I've come across on other blogs.


From a command prompt on the server that I can't RDC TO it appears to be running just fine
C:\Windows\system32>netstat -a

  TCP    0.0.0.0:3389           CRS-DC-1501:0          LISTENING

Open in new window


On another PC that I'm using to connect to the server I'm getting an error
C:\>telnet 192.168.2.252 3389
Connecting To 192.168.2.252...Could not open connection to the host, on port 3389: Connect failed

Open in new window


Pings to the server are successful.  What I am missing?

Thanks,
Greg
Avatar of Daniel Sheppard
Daniel Sheppard
Flag of Canada image
From PowerShell what does:

Get-ItemProperty -path HKLM:\system\currentcontrolset\control\terminal server -Name fDenyTSConnections | Select 
fDenyTSConnections

Open in new window


Output?

If it is 1:

Set-ItemProperty -path HKLM:\system\currentcontrolset\control\terminal server -Name fDenyTSConnections -Value 0

Open in new window


If it is empty:

New-ItemProperty -path HKLM:\system\currentcontrolset\control\terminal server -Name fDenyTSConnections -Value 0 -PropertyType dword

Open in new window

Avatar of Greg_L_WER
Greg_L_WER
Flag of Canada image

ASKER

Thanks Daniel... Powershell wasn't working for me but I did manually navigate to the entry and it does exist with a value of 0 already :(

And just to be certain we're on the same page this was on the server that isn't allowing RDC connections to it...

Thanks,
Greg
Avatar of Daniel Sheppard
Daniel Sheppard
Flag of Canada image
Why isn't PowerShell working?  Can you not launch it with the PowerShell command from computer line?

Next thing to check would be:

Get-Netfirewallrule -DisplayGroup "Remote desktop" | ft DisplayName,Enabled

Open in new window

Avatar of Greg_L_WER
Greg_L_WER
Flag of Canada image

ASKER

Hi Daniel... looks like the space in "Terminal Server" folder name is the issue as it is thinking 'server' is a parameter.  Odd to me that Microsoft allowed spaces in some of the folder names when the majority of them do not have any spaces.  This is the error message that PowerShell returned.

Get-ItemProperty : A positional parameter cannot be found that accepts argument 'server'.
At line:1 char:1
+ Get-ItemProperty -path HKLM:\system\currentcontrolset\control\terminal server -N ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Get-ItemProperty], ParameterBindingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.PowerShell.Commands.GetItemPropertyCommand

Open in new window



I tried the last command and received this error message back

fDenyTSConnections+++Get-Netfirewallrule : The term 'fDenyTSConnections+++Get-Netfirewallrule' is not recognized as
the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was
included, verify that the path is correct and try again.
At line:1 char:1
+ fDenyTSConnections+++Get-Netfirewallrule -DisplayGroup "Remote desktop" | ft Dis ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (fDenyTSConnections+++Get-Netfirewallrule:String) [], CommandNotFoundExc
   eption
    + FullyQualifiedErrorId : CommandNotFoundException

Open in new window


Not sure it's relevant or not but this is on a Server 2012 VM.  I've attached a screen shot of the inbound Remote Desktop firewall rules on the server.  Please let me know if there's anything else I could provide to help.  

Thanks,
Greg
Screenshot---8_30_2017---8_43_42-AM.png
Avatar of Daniel Sheppard
Daniel Sheppard
Flag of Canada image
It looks like you somehow included: "fDenyTSConnections+++" infront of the last powershell.  Could you please try again with only:

Get-Netfirewallrule -DisplayGroup "Remote desktop" | ft DisplayName,Enabled

Open in new window


For the First powershell, I apologize I forgot the quotes.


Get-ItemProperty -path "HKLM:\system\currentcontrolset\control\terminal server" -Name fDenyTSConnections | Select fDenyTSConnections

Open in new window


Can you get your current firewall profile?

Get-Netconnectionprofile

Open in new window

Avatar of Greg_L_WER
Greg_L_WER
Flag of Canada image

ASKER

No worries...  I've not had any need to use Powershell so far so my ignorance is likely showing ;)  I've successfully re-run both commands... 


PS C:\Users\callingwoodadmin> Get-ItemProperty -path "HKLM:\system\currentcontrolset\control\terminal server" -Name fDen
yTSConnections | Select fDenyTSConnections

                                                                                                     fDenyTSConnections
                                                                                                     ------------------
                                                                                                                      0

Open in new window


PS C:\Users\callingwoodadmin> Get-Netfirewallrule -DisplayGroup "Remote desktop" | ft DisplayName,Enabled

DisplayName                                                                                                     Enabled
-----------                                                                                                     -------
Remote Desktop - User Mode (TCP-In)                                                                               False
Remote Desktop - User Mode (UDP-In)                                                                               False
Remote Desktop - Shadow (TCP-In)                                                                                  False
Remote Desktop - Shadow (TCP-In)                                                                                   True
Remote Desktop - User Mode (UDP-In)                                                                                True
Remote Desktop - User Mode (TCP-In)                                                                                True

Open in new window

Avatar of Daniel Sheppard
Daniel Sheppard
Flag of Canada image
No worries, I manage server core servers so I almost always do powershell when I can

What about:

Get-NetconnectionProfile

Open in new window

Avatar of Greg_L_WER
Greg_L_WER
Flag of Canada image

ASKER

Looks to be much more robust than the good old command prompt :)


PS C:\Users\callingwoodadmin> Get-NetconnectionProfile


Name             : Network  2
InterfaceAlias   : Ethernet
InterfaceIndex   : 12
NetworkCategory  : Public
IPv4Connectivity : Internet
IPv6Connectivity : NoTraffic

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of Daniel Sheppard
Daniel Sheppard
Flag of Canada image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Greg_L_WER
Greg_L_WER
Flag of Canada image

ASKER

I think you're onto something with the network type... the problematic server is the domain controller and is showing as a public network (as you know ;) where as the file server is the domain network.  Not sure why this would have changed but is definitely had.  

I just disabled/re-enabled the network adaptor on the DC and it is back to showing as "Domain network" and is RDP is working again :)  The network adaptor isn't something I'd even considered as I knew I could ping the server so assumed the connection wasn't the issue.  An odd issue for sure... thanks for the assistance getting to the actual issue.