Guest lwalker1958 Posted July 11, 2008 Posted July 11, 2008 For quite some time now the Windows System Admin's in my ofice have been able to use Remote Desktop Connections to remotely connect to client machine to install software and patches. All of a sudden we are unable to remotely connect to a batch of new systems we put out on the network. I happened to find a few settings that were not set as they should, e.g., Remote Desktop option on the System Properties Remote Tab was grayed out. The Terminal Services service was Disabled - I set it to Automatic and restarted it. The registry setting hklm\system\currentcontrolset\control\terminal server\fDenyTSConnections was set to 1 and I changed it to 0 The Policy Computer configuration | Administrative Templates | Windows Components | Terminal Services | Allow users to connect remotely using Terminal Services was set to Disabled and I changed it to Not Configured After changing these settings, the Remote Desktop option of the System Properties Remote tab was able to be checked, but I was still unable to connect to remote machines. The machines trying to remote connect are WinXP/SP2 workstations and the systems trying to be connected to are WinXP/SP2 workstations. The Firewall option is turned off and is controlled by the domain. If any has any suggestions as to why I am still unable to use remote desktop I would greatly appreciate hearing from you
Guest Vera Noest [MVP] Posted July 11, 2008 Posted July 11, 2008 Re: Remote Desktop Connection Not Working What about GPO's? Run Resultant Set of Policies (RSoP) to list all GPOs which apply to the new workstations and check the appropriate settings. What error message do you get when you try to connect? Can you ping to the new clients? _________________________________________________________ Vera Noest MCSE, CCEA, Microsoft MVP - Terminal Server TS troubleshooting: http://ts.veranoest.net ___ please respond in newsgroup, NOT by private email ___ =?Utf-8?B?bHdhbGtlcjE5NTg=?= <lwalker1958@discussions.microsoft.com> wrote on 11 jul 2008 in microsoft.public.windows.terminal_services: > For quite some time now the Windows System Admin's in my ofice > have been able to use Remote Desktop Connections to remotely > connect to client machine to install software and patches. All > of a sudden we are unable to remotely connect to a batch of new > systems we put out on the network. I happened to find a few > settings that were not set as they should, e.g., > > Remote Desktop option on the System Properties Remote Tab was > grayed out. > > The Terminal Services service was Disabled - I set it to > Automatic and restarted it. > > The registry setting > hklm\system\currentcontrolset\control\terminal > server\fDenyTSConnections was set to 1 and I changed it to 0 > > The Policy Computer configuration | Administrative Templates | > Windows Components | Terminal Services | Allow users to connect > remotely using Terminal Services was set to Disabled and I > changed it to Not Configured > > After changing these settings, the Remote Desktop option of the > System Properties Remote tab was able to be checked, but I was > still unable to connect to remote machines. > > The machines trying to remote connect are WinXP/SP2 workstations > and the systems trying to be connected to are WinXP/SP2 > workstations. > > The Firewall option is turned off and is controlled by the > domain. > > If any has any suggestions as to why I am still unable to use > remote desktop I would greatly appreciate hearing from you
Guest lwalker1958 Posted July 11, 2008 Posted July 11, 2008 Re: Remote Desktop Connection Not Working Vera, Vera, I attempted to run the RSoP on one of the new workstations, but I must be doing something wrong, because once the report is generated, all of the policies show that they are not configured when I KNOW that there are a lot of them that are set. I add the snap-in and then start the wizard to generate the report. On my system, the only active mode selection is Logging Mode. So I click Next. Then to see the GPOs on the workstation, I select the Another Computer radio button and then enter the name of the workstation. There is an additional check box on this screen that I am not sure if I should select or not. It says "Do not display settings for the selected computer in the results (display user policy settings only). I am assuming that this means that the settings under Computer Configuration would not be shown but those under User Configuration would. Since I want to see the GPOs for the computer, I assume I leave this check box unchecked. So I do that and click Next. The next screen is the User Selection screen. My options are to display policy settings for a user, or there is a check box at the bottom of the screen that says "Do not display user policy settings in the results (display computer policy settings only)" Since I want to see the GPOs for the system and not the user, I assume I check this option. So I do and then click Next. In the Summary of Selections are as follows: Mode = Logging Username = not specified Display user policy settings = No Computer name = the computer having the problem Display computer policy settings = yes The Gather extended error information checkbox is selected and I click Next. When finished, I click the Finish button and look at the report. I expand Windows Settings, Security Settings, Local Policies, Security Options, and in the RSoP for the workstation it is only showing the GOPs that are set by the domain and the rest of the policies are showing as Not Defined. I know that this is not correct because on a system that is working properly, of the 105 policies that we can set under Security Options, only 19 of them are set as Not Defined. The rest have been configured. How do I run the RSoP to actually show the policies that are set on a PC. I am not actually getting an error message per se. We use Smart Card login so when I launch Remote Desktop Connection, I enter the name of the remote PC and click Connect. Then I am prompted to enter my login credentials. I click the drop down arrow in the username field and select my Smart Card Certificate. My user account associated with the certificates is part of the Administrators Group as I am a System Admin. I do not enter a password. Then I click OK. On a System that is configured correctly, the Remote Desktop Connection screen will gray out for a few seconds, then the remote system screen will appear with the screen that shows Insert Card or Press Ctrl-Alt-Del to Logon. Typically I remove my Smart Card from the card reader and then re-insert it and I am prompted to enter my Smart Card PIN number to log onto the remote computer. After a few seconds, I am logged onto the remote computer. On the systems that are not working, initially we were getting the error message stating that This computer can't connect to the remote computer. The connection was due to a lost network error. Try connecting again. If the problem continues, contact your network administrator or technical support. But we changed a few settings on the non-working PC, that we found that were not set correctly. We changed the following: Changed the following values in hklm\system\currentcontrolset\control\terminal server from 1 to 0 tsDenyTSConnections TSEnabled TSUserEnabled In gpedit.msc, under Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Allow users to connect remotely using Terminal Services, we changed the setting from Disabled to Not Configured. Made sure that the Terminal Services service was set to Automatic and Started Made sure that the Remote Desktop option on the Remote Tab of the System Properties was checked. Now when I try to remote in to the workstations, I launch Remote Desktop Connections, enter the hostname, click Connect, select my Smart Card Certificate and click OK. The Remote Desktop screen goes gray like it is trying to connect, but then returns back to the Remote Desktop screen and we never get an error. If we look in System Event log of the remote computer we don’t really see any obvious logs showing a failed attempt to remotely connect to the system. However, there are a log of Information events that were generated at the times we have tried to remote connect to the system and they all show the Source as Application Popup, Event # is 26 and the description is Application Popup: \SystemRoot\System32\RDPDD.dll failed to load. So at this point, I am ready to pull my hair out. I appreciate your response and suggestions. Sorry this is so long, but I wanted to be sure to include as much information as possible as to what we have done so far. If you have time to respond or have any suggestions, that would be great. In the mean time we will keep plugging away to find the solution. Thanks, Lawrin "Vera Noest [MVP]" wrote: > What about GPO's? > Run Resultant Set of Policies (RSoP) to list all GPOs which apply to > the new workstations and check the appropriate settings. > > What error message do you get when you try to connect? > Can you ping to the new clients? > > _________________________________________________________ > Vera Noest > MCSE, CCEA, Microsoft MVP - Terminal Server > TS troubleshooting: http://ts.veranoest.net > ___ please respond in newsgroup, NOT by private email ___ > > =?Utf-8?B?bHdhbGtlcjE5NTg=?= > <lwalker1958@discussions.microsoft.com> wrote on 11 jul 2008 in > microsoft.public.windows.terminal_services: > > > For quite some time now the Windows System Admin's in my ofice > > have been able to use Remote Desktop Connections to remotely > > connect to client machine to install software and patches. All > > of a sudden we are unable to remotely connect to a batch of new > > systems we put out on the network. I happened to find a few > > settings that were not set as they should, e.g., > > > > Remote Desktop option on the System Properties Remote Tab was > > grayed out. > > > > The Terminal Services service was Disabled - I set it to > > Automatic and restarted it. > > > > The registry setting > > hklm\system\currentcontrolset\control\terminal > > server\fDenyTSConnections was set to 1 and I changed it to 0 > > > > The Policy Computer configuration | Administrative Templates | > > Windows Components | Terminal Services | Allow users to connect > > remotely using Terminal Services was set to Disabled and I > > changed it to Not Configured > > > > After changing these settings, the Remote Desktop option of the > > System Properties Remote tab was able to be checked, but I was > > still unable to connect to remote machines. > > > > The machines trying to remote connect are WinXP/SP2 workstations > > and the systems trying to be connected to are WinXP/SP2 > > workstations. > > > > The Firewall option is turned off and is controlled by the > > domain. > > > > If any has any suggestions as to why I am still unable to use > > remote desktop I would greatly appreciate hearing from you >
Guest Jeff Pitsch Posted July 11, 2008 Posted July 11, 2008 Re: Remote Desktop Connection Not Working If RSOP is showing them as not configured then maybe you have problem with the GPO's or how they are filtered. It also sounds like the PC's were horribly misconfigured to begin with. Have you tried reimaging them with your standard image? You've listed off so many issues that doesn't seem normal for you. Jeff Pitsch Microsoft MVP - Terminal Services "lwalker1958" <lwalker1958@discussions.microsoft.com> wrote in message news:6581EE71-B9A0-4824-AF66-70BFBB0942AD@microsoft.com... > Vera, > > Vera, > > I attempted to run the RSoP on one of the new workstations, but I must be > doing something wrong, because once the report is generated, all of the > policies show that they are not configured when I KNOW that there are a > lot > of them that are set. I add the snap-in and then start the wizard to > generate the report. > > On my system, the only active mode selection is Logging Mode. So I click > Next. Then to see the GPOs on the workstation, I select the Another > Computer > radio button and then enter the name of the workstation. There is an > additional check box on this screen that I am not sure if I should select > or > not. It says "Do not display settings for the selected computer in the > results (display user policy settings only). I am assuming that this > means > that the settings under Computer Configuration would not be shown but > those > under User Configuration would. Since I want to see the GPOs for the > computer, I assume I leave this check box unchecked. So I do that and > click > Next. > > The next screen is the User Selection screen. My options are to display > policy settings for a user, or there is a check box at the bottom of the > screen that says "Do not display user policy settings in the results > (display > computer policy settings only)" Since I want to see the GPOs for the > system > and not the user, I assume I check this option. So I do and then click > Next. > > In the Summary of Selections are as follows: > > Mode = Logging > Username = not specified > Display user policy settings = No > Computer name = the computer having the problem > Display computer policy settings = yes > > The Gather extended error information checkbox is selected and I click > Next. > When finished, I click the Finish button and look at the report. > > I expand Windows Settings, Security Settings, Local Policies, Security > Options, and in the RSoP for the workstation it is only showing the GOPs > that > are set by the domain and the rest of the policies are showing as Not > Defined. I know that this is not correct because on a system that is > working > properly, of the 105 policies that we can set under Security Options, only > 19 > of them are set as Not Defined. The rest have been configured. > > How do I run the RSoP to actually show the policies that are set on a PC. > > I am not actually getting an error message per se. We use Smart Card > login > so when I launch Remote Desktop Connection, I enter the name of the remote > PC > and click Connect. Then I am prompted to enter my login credentials. I > click the drop down arrow in the username field and select my Smart Card > Certificate. My user account associated with the certificates is part of > the > Administrators Group as I am a System Admin. I do not enter a password. > Then I click OK. On a System that is configured correctly, the Remote > Desktop Connection screen will gray out for a few seconds, then the remote > system screen will appear with the screen that shows Insert Card or Press > Ctrl-Alt-Del to Logon. Typically I remove my Smart Card from the card > reader > and then re-insert it and I am prompted to enter my Smart Card PIN number > to > log onto the remote computer. After a few seconds, I am logged onto the > remote computer. > > On the systems that are not working, initially we were getting the error > message stating that This computer can't connect to the remote computer. > The > connection was due to a lost network error. Try connecting again. If the > problem continues, contact your network administrator or technical > support. > But we changed a few settings on the non-working PC, that we found that > were > not set correctly. We changed the following: > > Changed the following values in > hklm\system\currentcontrolset\control\terminal server from 1 to 0 > tsDenyTSConnections > TSEnabled > TSUserEnabled > > In gpedit.msc, under Computer Configuration\Administrative > Templates\Windows > Components\Terminal Services\Allow users to connect remotely using > Terminal > Services, we changed the setting from Disabled to Not Configured. > > Made sure that the Terminal Services service was set to Automatic and > Started > > Made sure that the Remote Desktop option on the Remote Tab of the System > Properties was checked. > > Now when I try to remote in to the workstations, I launch Remote Desktop > Connections, enter the hostname, click Connect, select my Smart Card > Certificate and click OK. The Remote Desktop screen goes gray like it is > trying to connect, but then returns back to the Remote Desktop screen and > we > never get an error. > > If we look in System Event log of the remote computer we don't really see > any obvious logs showing a failed attempt to remotely connect to the > system. > However, there are a log of Information events that were generated at the > times we have tried to remote connect to the system and they all show the > Source as Application Popup, Event # is 26 and the description is > Application > Popup: \SystemRoot\System32\RDPDD.dll failed to load. > > So at this point, I am ready to pull my hair out. I appreciate your > response and suggestions. Sorry this is so long, but I wanted to be sure > to > include as much information as possible as to what we have done so far. > If > you have time to respond or have any suggestions, that would be great. In > the mean time we will keep plugging away to find the solution. > > > Thanks, > Lawrin > > > > > "Vera Noest [MVP]" wrote: > >> What about GPO's? >> Run Resultant Set of Policies (RSoP) to list all GPOs which apply to >> the new workstations and check the appropriate settings. >> >> What error message do you get when you try to connect? >> Can you ping to the new clients? >> >> _________________________________________________________ >> Vera Noest >> MCSE, CCEA, Microsoft MVP - Terminal Server >> TS troubleshooting: http://ts.veranoest.net >> ___ please respond in newsgroup, NOT by private email ___ >> >> =?Utf-8?B?bHdhbGtlcjE5NTg=?= >> <lwalker1958@discussions.microsoft.com> wrote on 11 jul 2008 in >> microsoft.public.windows.terminal_services: >> >> > For quite some time now the Windows System Admin's in my ofice >> > have been able to use Remote Desktop Connections to remotely >> > connect to client machine to install software and patches. All >> > of a sudden we are unable to remotely connect to a batch of new >> > systems we put out on the network. I happened to find a few >> > settings that were not set as they should, e.g., >> > >> > Remote Desktop option on the System Properties Remote Tab was >> > grayed out. >> > >> > The Terminal Services service was Disabled - I set it to >> > Automatic and restarted it. >> > >> > The registry setting >> > hklm\system\currentcontrolset\control\terminal >> > server\fDenyTSConnections was set to 1 and I changed it to 0 >> > >> > The Policy Computer configuration | Administrative Templates | >> > Windows Components | Terminal Services | Allow users to connect >> > remotely using Terminal Services was set to Disabled and I >> > changed it to Not Configured >> > >> > After changing these settings, the Remote Desktop option of the >> > System Properties Remote tab was able to be checked, but I was >> > still unable to connect to remote machines. >> > >> > The machines trying to remote connect are WinXP/SP2 workstations >> > and the systems trying to be connected to are WinXP/SP2 >> > workstations. >> > >> > The Firewall option is turned off and is controlled by the >> > domain. >> > >> > If any has any suggestions as to why I am still unable to use >> > remote desktop I would greatly appreciate hearing from you >>
Guest Vera Noest [MVP] Posted July 12, 2008 Posted July 12, 2008 Re: Remote Desktop Connection Not Working I totally agree with Jeff. There's so much which isn't as it should be, a fresh installation is the only sensible thing to do. _________________________________________________________ Vera Noest MCSE, CCEA, Microsoft MVP - Terminal Server TS troubleshooting: http://ts.veranoest.net ___ please respond in newsgroup, NOT by private email ___ "Jeff Pitsch" <jeff@jeffpitschconsulting.com> wrote on 11 jul 2008 in microsoft.public.windows.terminal_services: > If RSOP is showing them as not configured then maybe you have > problem with the GPO's or how they are filtered. > > It also sounds like the PC's were horribly misconfigured to > begin with. Have you tried reimaging them with your standard > image? You've listed off so many issues that doesn't seem > normal for you. > > Jeff Pitsch > Microsoft MVP - Terminal Services > > > "lwalker1958" <lwalker1958@discussions.microsoft.com> wrote in > message > news:6581EE71-B9A0-4824-AF66-70BFBB0942AD@microsoft.com... >> Vera, >> >> Vera, >> >> I attempted to run the RSoP on one of the new workstations, but >> I must be doing something wrong, because once the report is >> generated, all of the policies show that they are not >> configured when I KNOW that there are a lot >> of them that are set. I add the snap-in and then start the >> wizard to generate the report. >> >> On my system, the only active mode selection is Logging Mode. >> So I click Next. Then to see the GPOs on the workstation, I >> select the Another Computer >> radio button and then enter the name of the workstation. There >> is an additional check box on this screen that I am not sure if >> I should select or >> not. It says "Do not display settings for the selected >> computer in the results (display user policy settings only). I >> am assuming that this means >> that the settings under Computer Configuration would not be >> shown but those >> under User Configuration would. Since I want to see the GPOs >> for the computer, I assume I leave this check box unchecked. >> So I do that and click >> Next. >> >> The next screen is the User Selection screen. My options are >> to display policy settings for a user, or there is a check box >> at the bottom of the screen that says "Do not display user >> policy settings in the results (display >> computer policy settings only)" Since I want to see the GPOs >> for the system >> and not the user, I assume I check this option. So I do and >> then click Next. >> >> In the Summary of Selections are as follows: >> >> Mode = Logging >> Username = not specified >> Display user policy settings = No >> Computer name = the computer having the problem >> Display computer policy settings = yes >> >> The Gather extended error information checkbox is selected and >> I click Next. >> When finished, I click the Finish button and look at the >> report. >> >> I expand Windows Settings, Security Settings, Local Policies, >> Security Options, and in the RSoP for the workstation it is >> only showing the GOPs that >> are set by the domain and the rest of the policies are showing >> as Not Defined. I know that this is not correct because on a >> system that is working >> properly, of the 105 policies that we can set under Security >> Options, only 19 >> of them are set as Not Defined. The rest have been configured. >> >> How do I run the RSoP to actually show the policies that are >> set on a PC. >> >> I am not actually getting an error message per se. We use >> Smart Card login >> so when I launch Remote Desktop Connection, I enter the name of >> the remote PC >> and click Connect. Then I am prompted to enter my login >> credentials. I click the drop down arrow in the username field >> and select my Smart Card Certificate. My user account >> associated with the certificates is part of the >> Administrators Group as I am a System Admin. I do not enter a >> password. Then I click OK. On a System that is configured >> correctly, the Remote Desktop Connection screen will gray out >> for a few seconds, then the remote system screen will appear >> with the screen that shows Insert Card or Press Ctrl-Alt-Del to >> Logon. Typically I remove my Smart Card from the card reader >> and then re-insert it and I am prompted to enter my Smart Card >> PIN number to >> log onto the remote computer. After a few seconds, I am logged >> onto the remote computer. >> >> On the systems that are not working, initially we were getting >> the error message stating that This computer can't connect to >> the remote computer. The >> connection was due to a lost network error. Try connecting >> again. If the problem continues, contact your network >> administrator or technical support. >> But we changed a few settings on the non-working PC, that we >> found that were >> not set correctly. We changed the following: >> >> Changed the following values in >> hklm\system\currentcontrolset\control\terminal server from 1 to >> 0 >> tsDenyTSConnections >> TSEnabled >> TSUserEnabled >> >> In gpedit.msc, under Computer Configuration\Administrative >> Templates\Windows >> Components\Terminal Services\Allow users to connect remotely >> using Terminal >> Services, we changed the setting from Disabled to Not >> Configured. >> >> Made sure that the Terminal Services service was set to >> Automatic and Started >> >> Made sure that the Remote Desktop option on the Remote Tab of >> the System Properties was checked. >> >> Now when I try to remote in to the workstations, I launch >> Remote Desktop Connections, enter the hostname, click Connect, >> select my Smart Card Certificate and click OK. The Remote >> Desktop screen goes gray like it is trying to connect, but then >> returns back to the Remote Desktop screen and we >> never get an error. >> >> If we look in System Event log of the remote computer we don't >> really see any obvious logs showing a failed attempt to >> remotely connect to the system. >> However, there are a log of Information events that were >> generated at the times we have tried to remote connect to the >> system and they all show the Source as Application Popup, Event >> # is 26 and the description is Application >> Popup: \SystemRoot\System32\RDPDD.dll failed to load. >> >> So at this point, I am ready to pull my hair out. I appreciate >> your response and suggestions. Sorry this is so long, but I >> wanted to be sure to >> include as much information as possible as to what we have done >> so far. If >> you have time to respond or have any suggestions, that would be >> great. In the mean time we will keep plugging away to find the >> solution. >> >> >> Thanks, >> Lawrin >> >> >> >> >> "Vera Noest [MVP]" wrote: >> >>> What about GPO's? >>> Run Resultant Set of Policies (RSoP) to list all GPOs which >>> apply to the new workstations and check the appropriate >>> settings. >>> >>> What error message do you get when you try to connect? >>> Can you ping to the new clients? >>> >>> _________________________________________________________ >>> Vera Noest >>> MCSE, CCEA, Microsoft MVP - Terminal Server >>> TS troubleshooting: http://ts.veranoest.net >>> ___ please respond in newsgroup, NOT by private email ___ >>> >>> =?Utf-8?B?bHdhbGtlcjE5NTg=?= >>> <lwalker1958@discussions.microsoft.com> wrote on 11 jul 2008 >>> in microsoft.public.windows.terminal_services: >>> >>> > For quite some time now the Windows System Admin's in my >>> > ofice have been able to use Remote Desktop Connections to >>> > remotely connect to client machine to install software and >>> > patches. All of a sudden we are unable to remotely connect >>> > to a batch of new systems we put out on the network. I >>> > happened to find a few settings that were not set as they >>> > should, e.g., >>> > >>> > Remote Desktop option on the System Properties Remote Tab >>> > was grayed out. >>> > >>> > The Terminal Services service was Disabled - I set it to >>> > Automatic and restarted it. >>> > >>> > The registry setting >>> > hklm\system\currentcontrolset\control\terminal >>> > server\fDenyTSConnections was set to 1 and I changed it to 0 >>> > >>> > The Policy Computer configuration | Administrative Templates >>> > | Windows Components | Terminal Services | Allow users to >>> > connect remotely using Terminal Services was set to Disabled >>> > and I changed it to Not Configured >>> > >>> > After changing these settings, the Remote Desktop option of >>> > the System Properties Remote tab was able to be checked, but >>> > I was still unable to connect to remote machines. >>> > >>> > The machines trying to remote connect are WinXP/SP2 >>> > workstations and the systems trying to be connected to are >>> > WinXP/SP2 workstations. >>> > >>> > The Firewall option is turned off and is controlled by the >>> > domain. >>> > >>> > If any has any suggestions as to why I am still unable to >>> > use remote desktop I would greatly appreciate hearing from >>> > you
Recommended Posts