S
sedate-ed
Sorry this is so long (the end of the message has the applicable event
viewer error messages)!
I have been having some intermittent problems when I try to connect to my
home network from where I work using remote desktop (RDP). I have Comcast
cable internet, and I connect through a Netgear FR114P NAT router with SPI
firewall (most recent released firmware applied). I have set the router to
allow port forwarding to the PC running Remote Desktop (3389) only from the
IP address of where I work (and to drop all other requests from any other
IPs). On the PC running Remote Desktop I also run Kerio Personal Firewall
2.1.5 (the PC is WinXP Pro SP2 with the Windows Firewall disabled - since I
use Kerio). In general, I can connect, and things are relatively normal.
Intermittently, however, when I try to connect, as soon as I enter the login
information, the RDP connection is disconnected, and I am unable to
reconnect remotely after that.
When this happened today, I connected to another PC on my home network
(Win2000 server-SP4, running Citrix MF 1.8-SP4 Feature Release 1--not
running Active Directory, it is in Workgroup mode). The connection is
normal. In the Citrix session, I tried to connect using the RDP client I
have installed on the Citrix PC just to see if I could connect to the "RDP
PC" locally, but it doesn't connect, it times out. Just for kicks, I tried
to connect to the admin shares (file and printer sharing) on the RDP PC from
the Citrix session, and I could connect (which told me the RDP PC is still
up and running, just not accepting RDP connections). On the Citrix PC I
also have a "Remote shutdown" utility that I tried to use to reboot the RDP
PC (my thinking being that whatever services have stopped, will once again
restart with a fresh boot). The remote shutdown utility failed to restart
the computer. (The remote utility is made by MATCODE software, and is the
freeware GUI version which requires that RPC is running on the remote
computer to be rebooted).
Another thing I did, was to run a tracert to my home IP address from work.
I only got a chance to run it a couple of times, and both times it shows a
"request timed out" at around the 15th hop (the address being an att.net - I
am a Comcast Customer that was formerly an ATTBI network, so my guess is
that the time out is after the request has already made it into the Comcast
network). Maybe this timeout is because my router is set to drop ping
requests???
When I got home and was physically in front of my PC (RDP PC that is, sorry
this is confusing!!!), the PC is "locked" for all intents and purposes. The
screen is black (LCD monitor says no signal). The keyboard and mouse do not
respond. The only way out that I could see was the dreaded hard reset
(followed by a chkdsk /f and reboot, of course).
This is *not* the first time I have had this problem, but it does not occur
with regularity, just often enough to be a major PITA! I have tried
updating video drivers (ATI 9800 AIW, using Nov2004 released ATI Catalyst
drivers and MMC), problem still occurs. I updated the firmware on my router
(and yes, I cleared back to defaults and manually re-entered my custom
firewall rules and services as per the Netgear firmware readme file). I am
just not sure whether I have a PC issue, ISP issue, or router issue (or some
combination of these). Any advice would be greatly appreciated.
Thank you,
Ed G.
Here are the applicable error messages I see in the Event viewer of the RDP
PC:
Event Type: Error
Event Source: TermService
Event Category: None
Event ID: 1006
Date: 12/15/2004
Time: 8:38:36 AM
User: N/A
Computer: ED2112
Description:
The terminal server received large number of incomplete connections. The
system may be under attack.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 46 38 4f a4 F8O¤
and
Event Type: Error
Event Source: TermService
Event Category: None
Event ID: 1006
Date: 12/15/2004
Time: 8:40:28 AM
User: N/A
Computer: ED2112
Description:
The terminal server received large number of incomplete connections. The
system may be under attack.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 52 00 44 00 50 00 2d 00 R.D.P.-.
0008: 54 00 63 00 70 00 00 00 T.c.p...
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
0028: 00 00 00 00 00 00 00 00 ........
0030: 00 00 00 00 00 00 00 00 ........
0038: 00 00 00 00 00 00 00 00 ........
0040: 00 00 ..
viewer error messages)!
I have been having some intermittent problems when I try to connect to my
home network from where I work using remote desktop (RDP). I have Comcast
cable internet, and I connect through a Netgear FR114P NAT router with SPI
firewall (most recent released firmware applied). I have set the router to
allow port forwarding to the PC running Remote Desktop (3389) only from the
IP address of where I work (and to drop all other requests from any other
IPs). On the PC running Remote Desktop I also run Kerio Personal Firewall
2.1.5 (the PC is WinXP Pro SP2 with the Windows Firewall disabled - since I
use Kerio). In general, I can connect, and things are relatively normal.
Intermittently, however, when I try to connect, as soon as I enter the login
information, the RDP connection is disconnected, and I am unable to
reconnect remotely after that.
When this happened today, I connected to another PC on my home network
(Win2000 server-SP4, running Citrix MF 1.8-SP4 Feature Release 1--not
running Active Directory, it is in Workgroup mode). The connection is
normal. In the Citrix session, I tried to connect using the RDP client I
have installed on the Citrix PC just to see if I could connect to the "RDP
PC" locally, but it doesn't connect, it times out. Just for kicks, I tried
to connect to the admin shares (file and printer sharing) on the RDP PC from
the Citrix session, and I could connect (which told me the RDP PC is still
up and running, just not accepting RDP connections). On the Citrix PC I
also have a "Remote shutdown" utility that I tried to use to reboot the RDP
PC (my thinking being that whatever services have stopped, will once again
restart with a fresh boot). The remote shutdown utility failed to restart
the computer. (The remote utility is made by MATCODE software, and is the
freeware GUI version which requires that RPC is running on the remote
computer to be rebooted).
Another thing I did, was to run a tracert to my home IP address from work.
I only got a chance to run it a couple of times, and both times it shows a
"request timed out" at around the 15th hop (the address being an att.net - I
am a Comcast Customer that was formerly an ATTBI network, so my guess is
that the time out is after the request has already made it into the Comcast
network). Maybe this timeout is because my router is set to drop ping
requests???
When I got home and was physically in front of my PC (RDP PC that is, sorry
this is confusing!!!), the PC is "locked" for all intents and purposes. The
screen is black (LCD monitor says no signal). The keyboard and mouse do not
respond. The only way out that I could see was the dreaded hard reset
(followed by a chkdsk /f and reboot, of course).
This is *not* the first time I have had this problem, but it does not occur
with regularity, just often enough to be a major PITA! I have tried
updating video drivers (ATI 9800 AIW, using Nov2004 released ATI Catalyst
drivers and MMC), problem still occurs. I updated the firmware on my router
(and yes, I cleared back to defaults and manually re-entered my custom
firewall rules and services as per the Netgear firmware readme file). I am
just not sure whether I have a PC issue, ISP issue, or router issue (or some
combination of these). Any advice would be greatly appreciated.
Thank you,
Ed G.
Here are the applicable error messages I see in the Event viewer of the RDP
PC:
Event Type: Error
Event Source: TermService
Event Category: None
Event ID: 1006
Date: 12/15/2004
Time: 8:38:36 AM
User: N/A
Computer: ED2112
Description:
The terminal server received large number of incomplete connections. The
system may be under attack.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 46 38 4f a4 F8O¤
and
Event Type: Error
Event Source: TermService
Event Category: None
Event ID: 1006
Date: 12/15/2004
Time: 8:40:28 AM
User: N/A
Computer: ED2112
Description:
The terminal server received large number of incomplete connections. The
system may be under attack.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 52 00 44 00 50 00 2d 00 R.D.P.-.
0008: 54 00 63 00 70 00 00 00 T.c.p...
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
0028: 00 00 00 00 00 00 00 00 ........
0030: 00 00 00 00 00 00 00 00 ........
0038: 00 00 00 00 00 00 00 00 ........
0040: 00 00 ..