Unable to RDP to a vista computer

deborahcordero6864 · 2012-04-27T12:33:11.000Z

Hi all,

We are having a very strange prtoblem.

We cannot RDP from a Vista machine to a Vista machine. This is happening to some machines on the network. The network is flat. One subnet. Machine are all Vista either with SP1 or SP2. This is what I’ve already tried;

Cannot telnet to port 3389
Netstat -ano shows port 3389 listening
RDP settings still the same
restarted all remote services
• Mcafee uninstalled
• Firewall disabled
• HIPS uninstalled.
• I can ping DNS name + IP works
• NSlookup PC also works
• Outbound RDP works fine
• Inbound RDP does not work
• I enabled Firewall and set the exception port to 3389, did not work
• The Radmin tool we usually use for remote access does not work either.
• Remote admin works for a few minutes, just before the windows completely starts
• I checked and restarted the remote and TS services
• When using IPSCAN, PC’s that show computer name we can access, we cannot access the ones that do not show computer name even if the IP shows alive.

Anyone have anyother suggestions?

Thanks

brycekatz · 2012-04-27T12:39:50.000Z

Silly question, but it’s always best to check the easy ones first:

Remote Desktop has been enabled, right?

djac · 2012-04-27T12:42:22.000Z

What level of authentication is enabled?

jbakervt · 2012-04-27T12:43:44.000Z

Remote Desktop is disabled by default in Windows 7 or Vista, but it’s easy enough to turn it back on. If you need to access your Vista PC from another box, it’s an essential thing to turn on.

Important note: Remote desktop is only included in the Professional, Business, or Ultimate versions of Windows. Home editions do not have remote desktop.

To get to the configuration page, you can either right-click the Computer icon and choose properties, or you can type in system into the start menu search box, and then find the entry for System.

Click the “Remote Settings” link on the left hand side

Now you can finally turn it on (see attached image)

To connect from another Vista / Win7 PC on the same network, click the bottom radio button. If you need to connect from an XP/2k machine, click the “Allow connections from computers running any version of Remote Desktop” radio button.

Don’t worry about setting up firewall rules, Vista or Windows 7 does that for you automatically.

Note: This should work for both Windows 7 and Vista.

sshot-2009-10-19-01-23-27.png458×506 34.3 KB

bigsarge · 2012-04-27T12:45:51.000Z

It sounds to me as if your TCP/IP listening port has been changed from the default. Check your registry and see if the port has been changed.

Open your registry editor and look here:

HKEY_LOCAL_MACHINE / SYSTEM / CurrentControlSet / Control / Terminal Server / WinStations / RDP-Tcp

Locate the DWORD named “PortNumber”.

Open this DWORD, change the value from Hexadecimal to Decimal and see what the listening port is set to.

mike9257 · 2012-04-27T12:47:33.000Z

Safe mode or go to msconfig and disable all unnecessary stuff until you find the culprit

deborahcordero6864 · 2012-04-27T13:37:27.000Z

Yes

Ask anything you can think of this always help

deborahcordero6864 · 2012-04-27T13:38:17.000Z

MickeyHr wrote:

Safe mode or go to msconfig and disable all unnecessary stuff until you find the culprit

Tried this only enabeling Remote services. Did not help

deborahcordero6864 · 2012-04-27T13:46:49.000Z

Big Sarge wrote:

It sounds to me as if your TCP/IP listening port has been changed from the default. Check your registry and see if the port has been changed.

Open your registry editor and look here:

HKEY_LOCAL_MACHINE / SYSTEM / CurrentControlSet / Control / Terminal Server / WinStations / RDP-Tcp

Locate the DWORD named “PortNumber”.

Open this DWORD, change the value from Hexadecimal to Decimal and see what the listening port is set to.

Nope, not it.

Port number is still 3389.

Good suggestion, did not think of this one

deborahcordero6864 · 2012-04-27T13:47:47.000Z

Alan Cross wrote:

What level of authentication is enabled?

Second choice

Less secure

josh-cunning · 2012-04-27T15:27:43.000Z

You said some of your machines don’t work so I assume that most of them you can RDP to. So it would seem that there is some common with ones that don’t work and that is the key to the issue. Do the event logs of each machine involved show anything at the time of failure?

As a side question why all the RDP?

joshuawheeler4418 · 2012-04-28T08:38:45.000Z

Try running the “un-official” Mcafee removal tool since it can still leave traces that could cause issues;

softpedia – 6 Nov 23

Download McAfee Removal Tool (mcpr)

Download McAfee Removal Tool (mcpr) 10.5.278.0 - Completely remove McAfee applications installed on your computer, including leftover files and folders by following several steps

tommyperez · 2012-04-28T11:15:17.000Z

Hey Deborah,

Even with firewall off. Did you check to if rdp inbound rules in advance settings of Windows Firewall. See Attachment.

rdpfirewall.JPG976×830 223 KB

mikealexander2 · 2012-04-30T09:42:45.000Z

What version of Vista are you on? only business and Ultimate version support RDP as I remember it on top of my head.

deborahcordero6864 · 2012-05-02T11:30:50.000Z

Josh_Cunning wrote:

You said some of your machines don’t work so I assume that most of them you can RDP to. So it would seem that there is some common with ones that don’t work and that is the key to the issue. Do the event logs of each machine involved show anything at the time of failure?

As a side question why all the RDP?

We have 2 offices, one we give remote support to with either RDP or RAdmin. None of these 2 apps works anymore. That is why this urgent, else we have to hop in a plane. That is not doable everytimes we need to give support.

Not all PC’s have this issue. We thought this happened after SP2 updates, but some SP1 also show same issue.

deborahcordero6864 · 2012-05-02T11:43:42.000Z

Mike8990 wrote:

What version of Vista are you on? only business and Ultimate version support RDP as I remember it on top of my head.

Enterprise, RPD works in this version

deborahcordero6864 · 2012-05-02T11:48:31.000Z

JoshWheeler wrote:

Try running the “un-official” Mcafee removal tool since it can still leave traces that could cause issues;

Download McAfee Removal Tool (mcpr)

We are running Mcafee Enterprise Workstation, with ePO v4.5 and HIPS.

All this has been uninstalled from the laptop for testing

josh-cunning · 2012-05-02T15:02:02.000Z

Can you view the remote computer event logs? If so does it show up at all the failure to connect or maybe you see if some other things are failing.

Another thought is it possible one computer vs. another hasn’t be restarted in a long time so that maybe some OS or policy is change is only effecting some of them.

Also I would find out if someone maybe plugged in a hub or switch at the site. Something had to change to break it right?

ericr9904 · 2012-05-03T10:07:07.000Z

try this from cmd:

netsh winsock reset

deborahcordero6864 · 2012-05-08T11:57:36.000Z

I want to thank all of you for all the suggestions.

The problem is resolved. The issue was the Mcafee. Seems even if you uninstall it somethings keep running in the background. What we did to make sure it was the Mcafee causing this was follow the instructions to manually remove Macfee from the machine and the RDP worked OOnce we determined that it was Mcafee, we went in ePO and disabled two rules and reapplied the policy to all machines.

The weird thing that thru us off was we have ePO running but not all machines were affected, and the ePO policy is the same configuration that we have in another remote site. Further the ePo was not modified. Now we are going to check those 2 rules what’s in them.

Thanks again