Home / server / Questions / 838959
Accepted
Spack
Asked: 2017-03-18 07:48:08 +0800 CST

Remote desktop connection not initiating

  • 772

On Windows Server 2008 R2 I'm trying to use the Remote Desktop Connection tool. As usual, I put the IP address of the remote host and click on connect.

However, this time, the tool stays on "Initiating connection" and then fails with the following error:

Remote Desktop can't connect to the remote computer for one of these reasons:

1) Remote access to the server is not enabled
2) The remote computer is turned off
3) The remote computer is not available on the network

Make sure the remote computer is turned on and connected to the network, and that remote access is enabled.

So at first, it looks like a network issue. However here are some facts:

  1. Windows firewall is fully disabled.
  2. I can successfully ping the remote host.
  3. I can even access the remote host admin share \\<REMOTE_HOST>\C$
  4. It fails even on local network.

The strangest is that if I start a Wireshark capture on the host, there is no RDP packet going out. So the application is not even trying a network connection.

Any idea?

remote-desktop

2 Answers

  1. Make sure you're watching for both TCP and UDP packets on port 3389, and verify that they are being sent from your client (the remote terminal) to the server (the system you want to remotely administer). Also, rather than disabling Windows firewall, set those ports to pass traffic thru in both directions - keep in mind that a disabled firewall is often a closed firewall, not an opened one.

    In addition, you should have the Terminal Services for Administration toolset installed and started on the target; this runs the terminal service upon which RDP is built. This will allow 3 concurrent connections (2 user and 1 admin or 'console' connection). If you need more than that, you'll need to install and configure Terminal Services as an actual server role, and license it accordingly.

    In PowerShell, you can check for the presence and status of the Terminal Service thusly:

    [SERVERNAME] C:\Users\gerhard> get-service TermService

Status   Name               DisplayName
------   ----               -----------
Running  TermService        Terminal Services

    Once it's verified running, try to connect to your host from the client box.

    C:\Users\gerhard\Desktop> mstsc /v:SERVERNAME

    If you're running Wireshark, you should see the UDP and TCP packets pass back and forth on port 3389 at this point - I would recommend filtering to those ports to weed out all of the other traffic, or follow it in conversation mode. (You can also run Wireshark on the target if you have out-of-band or console access to it, and verify they are passing back and forth at that end.) If either system does not show them, you've a firewall in the way.

    Let us know what you find out! Good luck.

    • 0
  2. Best Answer

    There was on access list on the switch for this specific port (TCP 3389) plus the Wireshark had a global filter on port 3389.

    • 0