1

This issue just surfaced for one of my users, but I’ve come to find it happens to me as well. Here’s the setup.

We’re both on Win 7 Pro x64. Firewalls are off for domain connections, and RDP is set to the middle option of “Allow connections from any version of RDP”.

I can’t RDP to my desktop from the computer next to me, nor can I VPN to it. This was working a couple weeks ago (it’s been awhile since I’ve had to RDP to my computer). Besides firewall settings (off), and the RDP setting, I have no clue what else is stopping the connection. It can’t (shouldn’t) be the anti-virus, we all have the same version. I can VPN to a server and a couple other computers. What else manages remote connections? Just for the heck of it, under services, I started every service that anything remotely to do with RDP, but none made a difference. I don’t know what’s changed, any ideas are much appreciated!

4 Spice ups
2

check the AV logs, sounds like port 3389 or whatever you are using is being blocked or maybe that mstsc.exe is being blocked.

2 Spice ups
3

Even though the firewall is off, I would also check the Advanced Firewall settings and see if by chance it was disabled there.

4

I’d say Bill is spot on here, that either Windows or a 3rd party security package is blocking the connection. In addition to what Bill recommended if you run rsop.msc what do you see in Computer Configuration > Administrative Templates > Network > Network Connections > Domain Profile > “Windows Firewall: Allow Inbound Remote Desktop exceptions” do you have any settings for specific subnets?

2 Spice ups
5

Windows Firewall: Protect all network connections State: Disabled.

That’s it.

I’ll look into the AV, but weird that it’s not happening to everyone, just 2 so far (that I’ve come across).

6

Could be a policy change that never made it to your system or did and has replicated yet.

7

So a negative on the AV, I removed it from my system and restarted, still can’t RDP. Our AV is managed by a “parent” or affiliated company (we’re in Life Insurance & Investing so it’s a weird setup), but they show no changes on configuration from their end, and it would be a blanket change. Meaning, it should be happening to everyone or no one in that regard.

We got a new firewall this morning in this office (it hit EOL), we double checked the port, it’s open, but the other person having an issue is in another office, connecting through it’s own FW which hasn’t changed. And I double checked its port as well. I’m really out of ideas :frowning:

Hm, will keep thinking…

8

So when you attempt the RDP connection does it just eventually time out, and give you a generic error?

In your GPO if you go to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections, is “allow user to connect remotely using Remote Desktop Services” set to Enable?

1 Spice up
9

After Windows Components I only have:

Windows Messenger

Windows Update

Sounds like I might be missing something…?

10

Are you running a Windows 2003 domain?

forgot to add

If so then might be listed under terminal services?

11

No, Server 2008 R2. I don’t see that in any of the tree’s after expanding them all.

I am running as a Domain Admin, so permission-wise, I should be okay.

12

So assuming you use RSAT from your workstation to manage your Group Policies? See if this screenshot helps any?

RDC.jpg
RDC.jpg461×745 122 KB
13

If you open command prompt and do a netstat -a to show all listening ports is 3389 listed? See picture and the third line.

netstat.PNG

1 Spice up
14

As I didn’t set these up originally, the one we have labeled Default Domain Policy has none of those RDP options configured.

But yet, users can RDP, so I’m either not in the right policy, or not being set allows them to? Would be nice to be able to search for something…

15

Hm, it is not listed. And adding it specifically to the firewall didn’t change it. Or add it to the listening ports.

16

I would double check the Remote Desktop settings in System Properties.

Also, you could check this setting: Control Panel\System and Security\Windows Firewall\Allowed Programs

firewall.PNG
firewall.PNG845×563 40.2 KB
1 Spice up
17

Yeah, I’ve triple checked the RD settings, and I added that port in the Allowed Programs despite the firewalls are all off, Domain, Public, Home/Work.

18

I have so many programs on this machine, I hate to rebuild, but it’s looking like that’s my only option left. I ran the sfc /scannow it found a couple things corrupt, and fixed them. Re-registered the RDP, still nothing. Tried Importing keys from a working machine, but it said some couldn’t because they were in use by something.

19

Alright, I got it.

Despite being off, after re-looking through the Advanced Firewall rules, I missed a RDP rule that blocked 3389. I would put money down I looked through this list and it wasn’t like that, but alas, that’s what it was. I don’t know what changed the rule to block it, since right next to it was a rule to enable it. And it took turning off and back on RDP for that to take effect. Thanks for all the ideas!!

20

Glad I could help. I have been burned too many times in the past thinking the firewall was off when it’s really still in effect if rules have been placed in Advanced Firewall settings. I went round and around with a tech I was mentoring last year about this and have had customers argue with me telling me I was wrong.

Anyways, glad I could help!~