Connot connect to one server using RDP

[Guest PSV]

We have 5 windows 2003 servers in a separate domain. 1 DC, 2 Clustered

Servers and 2 Citrix servers. We have a domain account used for managing the

clusters. This a/c has local admin rights on both cluster nodes. We noticed

that someone had accidentally put this a/c in domain admin group. After

removing this a/c from doamin admins group we are unable to connect to one

server (node 2 of cluster). We don't even get logon screen when we RDP in the

server.

Pls note that, we have enforced security using GPOs. Using the GPO tool, I

made sure that, all servers have lastest GPOs.

I have tried the following,

1.rebooting the servers.

2. Re-registered with DNS

3. I compared Node 1 of cluster with Node 2 in terms of a/c setup, policies,

RDP setup, services etc. Everything looks identical.

4. Checked to see whether firewall is turn on. It's off.

5. RDP protocol configuration is identical.

6.

I was wondering whether anyone could point me in the right direction.

 

The error received is,

 

The client couldn't establish connection to the remote computer.

The mostlylikes reasons are,

1. Remote connections might not be enabled at the remote computer

2. The maximum number of connections was exceeded at the remote computer

3. A network error occurred while establishing the connection.

 

Thanks a bunch.

PSV

[Guest Munindra Das [MSFT]]

Re: Connot connect to one server using RDP

 

This can be due to various reasons. First check would be to see TS service

and listener is up and running fine on the server. Though you might have

already done it, following are things to check:

- please run "qwinsta.exe" and see listener is running.

- run "netstat -a" and see if TCP port 3389 is being listened at.

 

Next would be to see if connection request is getting to the server or not.

You can take some "netmon" traces on the server and see if you find any

packets reaching port 3389. If connections are not getting to port 3389, one

of the common issue is DNS name resolution. Try using the ipaddress instead

and see if you can connect.

 

If nothing works, look for error entries in the event log.

 

--

This posting is provided "AS IS" with no warranties, and confers no rights.

"PSV" <PSV@discussions.microsoft.com> wrote in message

news:E9C78418-7F1F-484F-91E7-3E4D97B28064@microsoft.com...

> We have 5 windows 2003 servers in a separate domain. 1 DC, 2 Clustered

> Servers and 2 Citrix servers. We have a domain account used for managing

> the

> clusters. This a/c has local admin rights on both cluster nodes. We

> noticed

> that someone had accidentally put this a/c in domain admin group. After

> removing this a/c from doamin admins group we are unable to connect to one

> server (node 2 of cluster). We don't even get logon screen when we RDP in

> the

> server.

> Pls note that, we have enforced security using GPOs. Using the GPO tool, I

> made sure that, all servers have lastest GPOs.

> I have tried the following,

> 1.rebooting the servers.

> 2. Re-registered with DNS

> 3. I compared Node 1 of cluster with Node 2 in terms of a/c setup,

> policies,

> RDP setup, services etc. Everything looks identical.

> 4. Checked to see whether firewall is turn on. It's off.

> 5. RDP protocol configuration is identical.

> 6.

> I was wondering whether anyone could point me in the right direction.

>

> The error received is,

>

> The client couldn't establish connection to the remote computer.

> The mostlylikes reasons are,

> 1. Remote connections might not be enabled at the remote computer

> 2. The maximum number of connections was exceeded at the remote computer

> 3. A network error occurred while establishing the connection.

>

> Thanks a bunch.

> PSV