RDP to 2003 OK, not to 2KAdvServ

  • Thread starter Thread starter Brian Smither
  • Start date Start date
B

Brian Smither

From a Win2KPro machine running MSTSC ver 5.2, I can RDP to my Win2003
Server with no problems (actually, I had to update my NVidia video drivers
to keep from being instantly logged out after successfully connecting).
However, I cannot RDP to my Win2000AdvServ server - I get the typical
"Client could not connect..." message.

From the book "Inside Windows 2000 Server" by Boswell (New Riders
Publishing, 2000), I checked the various settings to enable Terminal
Services in Admin mode. From the client machine, I've also double checked
the destination by selecting <Browse for more...> and choosing the
appropriate machine. Which is weird because the 2000AdvServ shows up but
NOT the Win2003 server.

What else might be causing this inability to connect to the Win2000AdvServ
machine?
 
Could be various IP sec things, the best thing to do is do a network trace and
watch what happens when you make a connection. If you see a RST on the
connection, something is specifically disconnecting you.

joe
 
From past suggestions made by Christa Anderson
(expertanswercenter.techtarget.com), I installed the RDP client (v5.0) on
the problematic Win2kAdvServ machine. I then tried to connect a TS
session from that machine to that machine. No go. Same "Cannot
connect..." message.

Running the Network Monitor tool on the Win2KAdvServ machine, I see
nothing when trying to connect a TS session locally. I see eight packets
when trying to connect a session from a remote Win2KPro machine:
1,2: NS Query and response
3,4: I assume the initial query to port 3389 and a response. The response
flags are Acknowledgement Field and Reset Connection.
5,6 and 7,8: These are identical to packets 3,4 except for the
Identification field and the corresponding checksum values.

While it's been said the the "Cannot connect at this time..." message
represents a large collection of possible faults, I have seen specific
messages that imply I was trying to log in with bad credentials, or the
machine went to sleep and the network card disengaged its hold on the
physical media (I hope I'm expressing that adaquately) - "Connection
lost."

Thanks for the reply... If the IPSec policy control on Win2KAdvServ is
not in the Advanced settings of the TCP/IP protocol settings pages, where
would I look?

Brian
 
Yep, sounds like something is blocking or possibly TS has had the port moved.

If you don't see it in advanced network settings nor seclpol.msc check out


HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal
Server\WinStations\RDP-Tcp\PortNumber

Should be 0x0D3D or 3389 (decimal).

joe
 
The port is as it should be. The three pairs of packets tell me that the
correct machine has been identified. A question might be, is the response
packet coming from TS or is it a generic response coming from a different
part of the OSI model.

What I've done is to remove TS and will re-install it. I'll let you know
what happens.
 
Nope. Didn't work.


The port is as it should be. The three pairs of packets tell me that
the correct machine has been identified. A question might be, is the
response packet coming from TS or is it a generic response coming from
a different part of the OSI model.

What I've done is to remove TS and will re-install it. I'll let you
know what happens.
Click to expand...
 
Well, I'm looking at MS KB article 312030. It says to delete a branch off
of the Cryptography section in the Registry. I don't have a Cryptography
section.

In the Terminal Services Manager, I do have the Console (Administrator),
but I also have a Down (65536) line item under the server name.

I don't see a way to install Crypto services. I'll go through some books.

Any comments?

Brian
 
I am out of ideas. The times I have seen this have been with a changed port or
some sort of software blocking the connection.
 
I have apparently found the problem. My version of the OS is supposed to
be Windows 2000 Advanced Server SP4. However, a registry value as
outlined in KB article 270588 "Remote Desktop Protocol Clients Cannot
Connect to Terminal Services Server" did not exist. Once I added the
"\Device\Video0" value, everything is working (so far).

Brian
 
Back
Top