Remote Desktop - suddenly can't connect!

[Stroller]

Hi there,

I have this week installed SBS 2003 for a customer of mine and was
pleased to quickly find that I could connect using Remote Desktop
Connection and work on the server from the comfort of my desktop
machine.

Remote Desktop has been working perfectly for the last two or three
days but suddenly stopped doing so this morning, when I moved the
server from my office to the client's in order to do some initial
deployment testing. I was using it not 10 minutes before I left home
but less than an hour later and ever since I have been getting "The
client could not connect to the remote computer" messages when I try to
connect.

I'm connecting to the machine over the LAN and I can ping it, so the
problem's not with NAT or port-forwarding or anything like that. In
System Properties > Remote "Enable Remote Desktop on this computer" is
checked and Terminal Services & its dependency RPC are both showing as
started in Services [1] but Remote Desktop nevertheless seems not to be
running. A port scan from another machine
<http://rafb.net/paste/results/31nZOS31.nln.html> shows no response on
port 3389 and running `telnet localhost 3389` on the server also fails.

I don't believe that Windows firewall is running on this machine
(Windows Firewall / ICS is disabled in Services) and I don't believe
that ISA Server is installed, either - Start > All Programs does not
not show the entry for Microsoft ISA Server mentioned in KB 828053.

Can anyone advise the best way to trouble-shoot this further, please? I
am not experienced with Terminal Services / Remote Desktop and so I'm
consequently at my wits' end.

Stroller.










[1] I haven't deployed Windows server before and I find it curious that
- although I'm a member of the Administrators & Domain Administrators
groups - the "Start" and "Stop" buttons I've used in XP Home are
greyed-out on this system.

 

[Todd J Heron]

I have this week installed SBS 2003 for a customer of mine and was pleased
to quickly find that I could connect using Remote Desktop
Connection and work on the server from the comfort of my desktop machine.

Remote Desktop has been working perfectly for the last two or three days
but suddenly stopped doing so this morning, when I moved the
server from my office to the client's in order to do some initial
deployment testing. I was using it not 10 minutes before I left home
but less than an hour later and ever since I have been getting "The client
could not connect to the remote computer" messages when I try to
connect. <snipped>

If telnet localhost 3389 fails on the box itself have you checked for an
entry for localhost in your Hosts file? From another machine can you:

telnet IP.Address.Of.Server 3389

and tell us what happens? If it fails but you are sure Remote Desktop is
enabled then it sounds like a firewall issue. Perhaps you enabled RRAS
(which has a basic firewall built-in) on this box? Perhaps the RDP-tcp
connection under tscc.msc is disabled (it would have a red X on it)?

 

[Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]]

Does your client have a router between you and them and is 4125
forwarded to the router?

If you didn't install ISA... then it's not installed.

There is no Windows firewall in SBS it's the RRAS firewall.

So ... I'm getting from your post that it 'was' working while at your
shop but when you moved it to the client's it stopped working?

My guess is there's a router blocking port 4125.

 

[Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]]

You are using RWW right? you ran the connect to internet wizard and set
this up?

I personally don't like a port 3389 straight out to the web, but that's
just me.

 

[Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]]

Stroller? I just read where you haven't installed Windows server
before, so I want to make sure you have some foundations in place.

Okay first off did you install SBS 2003 with all the wizards?

If this is a premium box you only have ISA installed if you installed it
and this is a SBS "premium" version.

Next, did you run the connect to Internet wizard and open up the
settings you want? It's in the to do list that you get in Server
Management.

next.. you say XPHomes. You do realize that while XP homes can do pass
through authentication [a funky way where you set up workgroup name to
match the server domain name] they really and truly cannot join a domain
and thus 'tis better to have XP pros [in case you were not aware of that]

Let's step back a bit... how many network cards, what's your IP
addresses and you might want to just work with the SBS newsgroup rather
than all the other threads.

There are wizards and things unique to SBS.

Hi there,

I have this week installed SBS 2003 for a customer of mine and was
pleased to quickly find that I could connect using Remote Desktop
Connection and work on the server from the comfort of my desktop machine.

Remote Desktop has been working perfectly for the last two or three days
but suddenly stopped doing so this morning, when I moved the server from
my office to the client's in order to do some initial deployment
testing. I was using it not 10 minutes before I left home but less than
an hour later and ever since I have been getting "The client could not
connect to the remote computer" messages when I try to connect.

I'm connecting to the machine over the LAN and I can ping it, so the
problem's not with NAT or port-forwarding or anything like that. In
System Properties > Remote "Enable Remote Desktop on this computer" is
checked and Terminal Services & its dependency RPC are both showing as
started in Services [1] but Remote Desktop nevertheless seems not to be
running. A port scan from another machine
<http://rafb.net/paste/results/31nZOS31.nln.html> shows no response on
port 3389 and running `telnet localhost 3389` on the server also fails.

I don't believe that Windows firewall is running on this machine
(Windows Firewall / ICS is disabled in Services) and I don't believe
that ISA Server is installed, either - Start > All Programs does not not
show the entry for Microsoft ISA Server mentioned in KB 828053.

Can anyone advise the best way to trouble-shoot this further, please? I
am not experienced with Terminal Services / Remote Desktop and so I'm
consequently at my wits' end.

Stroller.










[1] I haven't deployed Windows server before and I find it curious that
- although I'm a member of the Administrators & Domain Administrators
groups - the "Start" and "Stop" buttons I've used in XP Home are
greyed-out on this system.

 

[Stroller]

If telnet localhost 3389 fails on the box itself have you checked for
an entry for localhost in your Hosts file?

I can ping locahost, so that's fine.

From another machine can you:

telnet IP.Address.Of.Server 3389
and tell us what happens?

Sorry... I thought that was obvious from the ping & post-scan that I gave

No, I can't - I just get "connection refused".

If it fails but you are sure Remote Desktop is enabled then it sounds
like a firewall issue.

Well, I'm sure I have the checkbox ticked. That doesn't give me faith
that the Remote Desktop server is running, tho' - I should find out the
name of the process.

Perhaps you enabled RRAS (which has a basic firewall built-in) on this box?

If I go into Administrative Tools > Routing & Remote Access it shows as
"stopped".

Perhaps the RDP-tcp connection under tscc.msc is disabled (it would
have a red X on it)?

Ah, I think you may have hit the nail on the head - screenshots at
<http://stuff.stroller.uk.eu.org/Windows/>.

On this machine the Connections folder of that Window is empty -
clicking at the Wizard suggests that I have to make a connection before
any user that wants to Remote Desktop in. But how come I didn't have to
do that before?

If this is necessary then there can't possibly be no default Terminal
Services connection, as it would be far too obscure for users who would
otherwise just tick the "Enable Remote Desktop" box in Control Panel >
System. Yet I can see how could have deleted the default connection,
having been unaware of this panel.

A question: if I use the Terminal Services Connection Wizard I see that
there are options to specify whether a connection controls or only
observes the user's desktop. Is it possible to have both setup? So that
I can log in as myself to administer the machine & interact with my own
desktop but later just log in to observe a user's screen (to check that
they're not surfing the web or writing personal letters at work, for
instance). Do I have to have different instances set up on different
ports, or could one select "interactive or observe" from the RDC client?

Thanks for your help,

Stroller.

 

[Stroller]

Does your client have a router between you and them and is 4125
forwarded to the router?

No. As I said:

In the port-scan which I posted a link to you'll see that I'm using a
private address range & I can ping the machine.

There is no Windows firewall in SBS it's the RRAS firewall.

Ok, I don't really know the difference, but I appreciate the
information for future reference. I don't plan on messing with RRAS on
a production machine, but maybe I'll install the trial version of SBS
on a machine at home to mess with.

So ... I'm getting from your post that it 'was' working while at your
shop but when you moved it to the client's it stopped working?

Yes, but...

My guess is there's a router blocking port 4125.

....it can't be that because I moved my laptop with the server! And then
I moved the server back home with me after the stuff we were doing on
site today - the server is back on my LAN & I'm trying to connect from
my desktop machine.

Stroller.

 

[Stroller]

You are using RWW right? you ran the connect to internet wizard and set
this up?
I personally don't like a port 3389 straight out to the web, but that's
just me.

I see that RWW stands for "Remote Web Workplace" but I wasn't even
aware this was available as part of SBS - I'd got the impression that
the version of SBS 2003 that my client has bought is only licensed for
two concurrent terminal services logins, intended for sys-admins to
manage the box.

I'm not trying to access via the web, only via the regular Remote
Desktop Client application. Right now I only really want to admin the
server - which doesn't have a monitor attached - when I'm at the same
site as it. I'll have to look into something for remote access but I am
aware that port-forwarding will be necessary & I'd want to consider
security & encryption, too.

Stroller.

 

[Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]]

If you have SBS you've got RWW.

From your server do an IPconfig/all

Now do this from your laptop.

If either one is in a 169.x.x.x range..they are not talking and you've
lost the DHCP server.

I'm wondering if you had a router/dhcp handerouter at the office and now
at the client you don't.

RRAS comes as the standard SBS firewall... you don't 'install it'...
it's just there.

Again, how 'exactly' did you install this system?

RWW allows anyone with an XP workstation to have remote access back to
their desktop.

 

[Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]]

Ipconfig/all on each machine.

Let's see what's going on.

RRAS comes with SBS... if you are installing SBS for a client... it's
just 'there'.

 

[Stroller]

Okay first off did you install SBS 2003 with all the wizards?

Erm... I'm not sure.

The business using this server only has 6 staff and they're only using
SBS because they've bought a proprietary application (for home lettings
management) that needs MS SQL on which to run its back end. They're
moving premises & buying new PCs, so additionally I've set up this
machine as a Domain Controller with roaming profiles for the users but
they haven't indicated any need for VPN or anything like that. The boss
might well like to work from home sometimes, so it might be interesting
& useful to set that up at some point but there's no need to do so just
yet.

I've used the Wizards where it's intuitive to do so - I really like the
"Server Management" UI which seems to contain many of the most common &
useful tasks - but what bugged me about the "To Do List" was it
includes a number of items which seem obvious to me, and others that
aren't so useful. For instance: before adding users I really had a good
play with User Templates, so I could see how they worked & set up one
that applied to the users _at this site_ before adding the users
themselves. I don't think that having "Add Users" alone in the To Do
list emphasises this enough.

If this is a premium box you only have ISA installed if you installed
it and this is a SBS "premium" version.

It is Premium, but I'm not aware of having installed ISA (I'm pretty
sure it's not installed). We only bought Premium because we needed SQL
Server for more than 5 clients.

Next, did you run the connect to Internet wizard and open up the
settings you want?The machine's allocated a static IP address behind a router. I ran
Windows Update on it this evening.

next.. you say XPHomes. You do realize that while XP homes can do pass
through authentication [a funky way where you set up workgroup name to
match the server domain name] they really and truly cannot join a
domain and thus 'tis better to have XP pros [in case you were not aware
of that]

Yeah, well... with a dozen machines or so (the company is restructing
presently) this is my largest customer, so I just tend to see XP Home
more frequently. I specify XP Pro for all my business customer buying
new machines & the four new desktops at this site are indeed Pro.
There'll be two XP Home machines moving to the new office which were
bought because the business' owner was in a hurry & didn't consider it,
but we'll probably manage with them.

Thanks for your help & interest,

Stroller.

 

[Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]]

Windows Small Business Server 2003:
http://www.sbs-rocks.com/sbs2k3/sbs2003-2.htm


Did you set it up like this?

RWW comes with the box and if you set it up from the get go and not
bypassing anything you'll have a nicely set up system.

But did you run the connect to Internet wizard?

Okay first off did you install SBS 2003 with all the wizards?

Erm... I'm not sure.

The business using this server only has 6 staff and they're only using
SBS because they've bought a proprietary application (for home lettings
management) that needs MS SQL on which to run its back end. They're
moving premises & buying new PCs, so additionally I've set up this
machine as a Domain Controller with roaming profiles for the users but
they haven't indicated any need for VPN or anything like that. The boss
might well like to work from home sometimes, so it might be interesting
& useful to set that up at some point but there's no need to do so just
yet.

I've used the Wizards where it's intuitive to do so - I really like the
"Server Management" UI which seems to contain many of the most common &
useful tasks - but what bugged me about the "To Do List" was it includes
a number of items which seem obvious to me, and others that aren't so
useful. For instance: before adding users I really had a good play with
User Templates, so I could see how they worked & set up one that applied
to the users _at this site_ before adding the users themselves. I don't
think that having "Add Users" alone in the To Do list emphasises this
enough.

If this is a premium box you only have ISA installed if you installed
it and this is a SBS "premium" version.

It is Premium, but I'm not aware of having installed ISA (I'm pretty
sure it's not installed). We only bought Premium because we needed SQL
Server for more than 5 clients.

Next, did you run the connect to Internet wizard and open up the
settings you want?
The machine's allocated a static IP address behind a router. I ran
Windows Update on it this evening.

next.. you say XPHomes. You do realize that while XP homes can do pass
through authentication [a funky way where you set up workgroup name to
match the server domain name] they really and truly cannot join a domain
and thus 'tis better to have XP pros [in case you were not aware of that]

Yeah, well... with a dozen machines or so (the company is restructing
presently) this is my largest customer, so I just tend to see XP Home
more frequently. I specify XP Pro for all my business customer buying
new machines & the four new desktops at this site are indeed Pro.
There'll be two XP Home machines moving to the new office which were
bought because the business' owner was in a hurry & didn't consider
it, but we'll probably manage with them.

Thanks for your help & interest,

Stroller.

 

[Stroller]

Ipconfig/all on each machine.

`ifconfig /all` has a space in it, but it doesn't show anything
relevant because I can ping between the two machines (as I've already
stated at least twice in this thread).

RRAS comes with SBS... if you are installing SBS for a client... it's
just 'there'.

I didn't say I wasn't planning on installing it, I said I wasn't
planning on messing with it. I'm not going to have an important
production machine depending on a self-hosted software firewall with
which I'm not familiar.

Stroller.

 

[Stroller]

If you have SBS you've got RWW.

I see. From what I'm reading of RWW it looks fairly cute but of no real
benefit to me (since the site isn't using Exchange & I can't run
ActiveX controls on my Powerbook). I'd just like Remote Desktop
Connection to work, thanks.

From your server do an IPconfig/all
Now do this from your laptop.
If either one is in a 169.x.x.x range..they are not talking and you've
lost the DHCP server.

I've already stated that I can ping between the two machines & that
other network applications are unaffected.

I'm wondering if you had a router/dhcp handerouter at the office and
now at the client you don't.

I can configure IP addresses by hand if necessary - I do have enough
experience to check TCP/IP configuration.

RRAS comes as the standard SBS firewall... you don't 'install it'...
it's just there.

I think the relevant thing is that it's switched off, tho'. As far as
I'm aware it has never been enabled on this server this week.

Again, how 'exactly' did you install this system?

I inserted CDs & booted from them. Could you be a little more specific, please?

RWW allows anyone with an XP workstation to have remote access back to
their desktop.It seems to use ActiveX, however, which would rule out other platforms.
Microsoft make a perfectly good Remote Desktop Connection client for
Macintosh OS X which was working fine earlier this week; since all I
need is remote desktop, and none of the other features of RWW, I would
much rather focus on getting that working.

Stroller.

 

[Stroller]

Windows Small Business Server 2003:
http://www.sbs-rocks.com/sbs2k3/sbs2003-2.htm

Did you set it up like this?

Apart from the initial bluescreens, yes.

This server is a Dell, and it comes with a Dell-branded bootable CD for
installing the system utilities partition on the hard-drive (RAID
array). It asks for some Windows options (like CD key & Administrator
password) then copies files of the SBS 2003 CD1. It appears to save an
Unattended Installation .sif file to the hard-drive after partition and
once rebooted from the Dell CD it skips to the GUI portion of the
standard Windows installation and asks about the keyboard layout.

Naturally I would have liked to have booted from the Windows CD
directly, but after a couple of attempts I couldn't see how to setup
the System Utilities Partition without progressing to the next part.
I'm sure it's possible, but I couldn't immediately see how, and I can't
see that it makes a great deal of difference. At least this way all the
necessary drivers (for the RAID array & so on) are installed.

RWW comes with the box and if you set it up from the get go and not
bypassing anything you'll have a nicely set up system.

Well, apart from this problem I do indeed seem to have a fairly nicely
set-up system, but I can't see the benefit to this site of RWW. I just
want to get Remote Desktop working again & none of the other bells &
whistles that RWW provides.

But did you run the connect to Internet wizard?

I exited it when it tried to insist that I disable the DHCP server
already on my network.

Stroller.

 

[Peter]

When you are at 2003 SBS server console, what shows up when you run (from
cmd)?
netstat -ano

What is the status of "Terminal services" service (from Run)?
services.msc

Do you see anything related in Event Log (from Run)?
evenvwr.msc

 

[Kathy]

Ping doesn't really prove anything except that the TCP/IP stack and NIC are
working and there's a route to the other machine. It tests ONLY ICMP not TCP
or UDP. So if you want those with lots of SBS experience to help you, why
not post the information they ask for? It only takes a minute.

Kathy

 

[TimeTraveller]

You really should have your SBS doing all the donkey work, Especially
relating to IP, so DONT skip wizards just do as you are told and things will
be much better for you.

TT.

 

[Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]]

I'm not trying to be annoying and mean here but that when a SBS box is
set up with the install routine...you don't do 'anything' to TS. It's
there, it's enabled.

Given that this box is just being set up you'll have more long term
predictibility of success if you set it up right from the get go.

Did you install all 4 parts of the SBS cdroms? You've let it' make
itself a domain controller, yes?