Description: Cannot RDP into my Computer – Terminal Server
Common customer description:
-When I try to connect to the server I get a message that says I need the “Remote Terminal Service access Right” by default, the Remote Desktop Users group has this right.
-When I try to RDP I get an error message pop up, it says that it couldn’t find the computer.
Another Example: (This is just a generic message that comes up if it’s unreachable)
Probing questions: Ask the usual questions:
Was this setup before-hand?
Anyone else affected by this?
Were you able to Remote Desktop to this machine before?
How are you connecting? (Ip address//port number)
Do you know the name of the computer you are remote desktoping into?
Do you know if you are in a domain environment or workgroup?
Steps to isolate: In my opinion, the first step to isolate is to determine how they are connecting. This way you can find out exactly what machine it is that they are connecting to. If they are connecting via RDP with port forwarding(Example: 188.8.131.52:3389) you’ll be able to log into the firewall//router and see where that port is forwarding to and try to RDP to It from the OM, or if they are connecting with a VPN then RDP. They will have the internal address of the computer already in there.
At this point see what kind of error message they get when they try to connect. If you get the Terminal services error go to the Remote Terminal service issue section below and same thing with the other issue.
Steps to resolve: There are two possible fixes for this particular problem:
Remote Terminal Service access Right issue:
This issue is incredibly easy to fix. The problem is that the user that is trying to log into the computer//server doesn’t have the user right to log into the computer. By default the “Remote Desktop Users Group” does indeed have this right. This means that the LOCAL REMOTE DESKTOP USERS GROUP has this right, NOT THE DOMAIN REMOTE DESKTOP USERS GROUP. This is very important to understand. To fix this log into the offending computer and make sure that the user is added to the remote desktop users group by following these steps:
1) Click Start then right click on computer and go to manage. (On a server you will need to go into Administrative Tools//Computer Management)
2) Once in this section break down Local users and computers. At this point go to Groups and find the Remote Desktop Users Group, and see if there are part of this group and add them if they are not, which should resolve the issue. If it doesn’t resolve the problem proceed to the next step.
3) If at this point they cannot connect, you need to look at Group Policy on the LOCAL COMPUTER//SERVER. To do this, run the command MSC from the run line. Once open follow the diagram to the correct path: (Path is: Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Allow Logon through Remote Desktop Services. It might be labeled as Terminal Services)
4) At this point, just open up the Policy and make sure that the LOCAL REMOTE DESKTOP USERS GROUP is added, you can also add domain groups here as well if needed. For example DomainRemote Desktop Users. After this is done, perform a GPUPDATE /FORCE and this should resolve the issue.
Remote Desktop Pop-up Error: This error can come up for a number of different reasons. The top causes for this, possible causes could be:
- Incorrect IP address – (should’ve been ruled out during the isolation stage)
- Correct IP address but incorrect port specified or not specified– (should’ve been ruled out during the isolation stage)
- Computer isn’t configured for remote desktop– (should’ve been ruled out during the isolation stage)
- Remote desktop listening ports are not open through the windows firewall on the remote computer
- Computer could not be properly connected to the network(This could be the case on either side)
- Computer is shut off, sleeping or hibernating
As you can see, there are a number of possibilities for this particular error to come up. If you properly isolated the issue, you should be able to take off three of the possibilities, so they will not be covered in this section.
Port Number: To find out the listening port of Remote Desktop, you will need to go into the Registry, Follow these steps:
- From the run line type regedit
- The path you need to go is located at KHLMSYSTEMCurrentControlSetControlTerminal ServerWInStationsPortNumber
- This key specifies what the port number is for RDP and is what needs to be specified in remote desktop to be able to connect.
- This port number needs to be opened in the windows firewall. So open up Windows Firewall Advanced Settings, and make both inbound and outbound rules for this port number. This will allow this port to be used for RDP.
Not connected properly to the network: Need to Verify that the computer is connected to the network. Ethernet cable, connected to the switch, switch is on, etc and vice-versa on the Connector’s end. Typical No internet troubleshooting at this point to rule this possibility out.
Computer is shut off, sleeping or hibernating: This is a simple issue, To fix this you will need to have someone at the remote location to get the computer back up and running(Wake it up) and get connected to it. At this point you will need to go into Control Panel and go into power options to turn off sleep//hibernate settings for the computer.
Additional considerations: If the user still cannot connect to the computer at this point, the problem might be related to the VPN or port forwarding. Consult Tier 2 at this point.