RDP suddenly stop working on Windows 7 SP1/ Port 3389 not Listening
Hello,
I have a problem with RDS (Remote Desktop) on a Windows 7 SP1 machine. It worked fine upto last 2 months.
Suddenly I got Error: The computer cant connect to the remote computer.
First I checked some settings:
- RDP enabled (also tried to disable, reboot en then enable)
- Registry: fEnableWinStation (1)
- Firewall is disabled (Thro' Domain Group Policy - same for all machine in network)
- "Remote Desktop" programe allowed on "Allow a program or feature through Windows Firewall" list
- RDP / RDS services are running -
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber : it's pointing to 3389.
Problem:
- RDP/RDS is not listening
- netstat -an |find /i "listening" command: no listener on port 3389
(rdp is configured to use the default port, 3389, try to change then port but that new port also not in the list)
- qwinsta command : RDP-Tcp session no in the list
- as per this forum
http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/66b17d87-3523-40bc-84b1-cf752487520c/ and many other forum talking about KB2667402 and KB2621440.
I first uninstalled KB2667402 and KB2621440. Download V2 for KB2667402 install it back. restart machine. Run sfc /scannow.
- As per http://support.microsoft.com/kb/2667402, check for Rdpcorekmts.dll and it is a different version than the one on the working workstation, rename and copy/replace it from the working workstation.
Does someone know a solution besides reinstall the OS.
Thanks in advance.
Tej Shah
September 26th, 2012 1:55pm
Hi,
Is there any related trace in
Event Viewer?
1. Run telnet from a command line to port 3389
to
test the functionality of port 3389.
telnet servername 3389
Using Telnet to Test Port 3389 Functionality
http://support.microsoft.com/kb/187628
2. Go to the terminal services configuration, delete RDP-tcp listener and then restart server. After booting go again
to the Terminal Services Configuration and create a new RDP listener, restart server.
Try the methods in this KB article.
http://support.microsoft.com/kb/258021
Tracy Cai
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
September 28th, 2012 8:24am
Hi Tracy,
Thanks for reply.
First of all As I mention before, I have problem to Remote login on Windows 7 Ent. with SP1 from any machine.
I can't find any releted trace in Event Viewer under Windows Logs. I found some only three (3) Informational events under
Application and Service Logs --> Microsoft --> Windows --> TerminalService-RemoteConnectionManager --> Operational.
Log Name: Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational
Source: Microsoft-Windows-TerminalServices-RemoteConnectionManager
Date: 9/27/2012 5:54:23 PM
Event ID: 1136
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: cetcomp34.actcosys.com
Description:
Terminal Server role is not installed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-TerminalServices-RemoteConnectionManager" Guid="{C76BAA63-AE81-421C-B425-340B4B24157F}" />
<EventID>1136</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x1000000000000000</Keywords>
<TimeCreated SystemTime="2012-09-27T21:54:23.482446100Z" />
<EventRecordID>899</EventRecordID>
<Correlation />
<Execution ProcessID="916" ThreadID="3124" />
<Channel>Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational</Channel>
<Computer>cetcomp34.actcosys.com</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
</EventData>
</Event>
Log Name: Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational
Source: Microsoft-Windows-TerminalServices-RemoteConnectionManager
Date: 9/26/2012 4:15:32 PM
Event ID: 1143
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: cetcomp34.actcosys.com
Description:
The "Limit the size of the entire roaming user profile cache" Group Policy setting has been disabled.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-TerminalServices-RemoteConnectionManager" Guid="{C76BAA63-AE81-421C-B425-340B4B24157F}" />
<EventID>1143</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x1000000000000000</Keywords>
<TimeCreated SystemTime="2012-09-26T20:15:32.622921600Z" />
<EventRecordID>888</EventRecordID>
<Correlation />
<Execution ProcessID="904" ThreadID="3712" />
<Channel>Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational</Channel>
<Computer>cetcomp34.actcosys.com</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
</EventData>
</Event>
Log Name: Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational
Source: Microsoft-Windows-TerminalServices-RemoteConnectionManager
Date: 9/27/2012 6:31:33 PM
Event ID: 1155
Task Category: None
Level: Information
Keywords:
User: NETWORK SERVICE
Computer: cetcomp34.actcosys.com
Description:
The Remote Connection Manager selected Kernel mode RDP protocol stack.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-TerminalServices-RemoteConnectionManager" Guid="{C76BAA63-AE81-421C-B425-340B4B24157F}" />
<EventID>1155</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x1000000000000000</Keywords>
<TimeCreated SystemTime="2012-09-27T22:31:33.063450600Z" />
<EventRecordID>901</EventRecordID>
<Correlation />
<Execution ProcessID="1128" ThreadID="1144" />
<Channel>Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational</Channel>
<Computer>cetcomp34.actcosys.com</Computer>
<Security UserID="S-1-5-20" />
</System>
<EventData>
</EventData>
</Event>
I tried Telnet command also but it failed because as mention before it's 3389 port not listening on that machine. I got error "Connecting To cetcomp34...Could not open connection to the host, on port 3389: Connect failed".
your second point is for windows server 2000 server and I have problem on Windows 7 Enterprise Edition with SP1 installed.
Any more suggesion ??
Thanks.Tej Shah
September 28th, 2012 9:38am
Hi All,
I Resloved this RDP issue after work with Microsoft.
Here is solution for them, who are facing problem to do RDP on their windows 7 with SP1 machine from any machine. Please follow the below mentions step and it will give you a remote access to you Windows 7 w/SP1 Machine. It's works 100% for me on many
machine on my network. Hope it will help, who is in the same boat as I was.
Below are the steps that need to perform when you run in to RDP problem.
1. if the patches show installed
Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1*
OR
Windows 7 for x86 or x64 based Systems Service Pack 1*
(KB2621440)
Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1*
OR
Windows 7 for x86 or x64 based Systems Service Pack 1*
(KB2667402)
please uninstall these patches and reboot your box.
run sfc /scannow to confirm that theres no file level corruption
ensure that rdpcorekmts.dll file exists and is SP1 version that is it 6.1.7601.xxxx
2. Export following registry entry from working RDP machine and Import to machine having RDP issue.
HKEY_CLASSES_ROOT\CLSID\{18b726bb-6fe6-4fb9-9276-ed57ce7c7cb2}
reboot the box. Post reboot ensure that 3389 is listening using command netstat -a
3. Import the following registry entries and try to RDP
HKLM\SYSTEM\CurrentControlSet\Control\Video\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}
HKLM\SYSTEM\CurrentControlSet\services\RDPDD
Able to RDP fine.
4. reinstall
Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1*
OR
Windows 7 for x86 or x64 based Systems Service Pack 1*
(KB2621440)
Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1*
OR
Windows 7 for x86 or x64 based Systems Service Pack 1*
(KB2667402) -
reboot and verify that RDP is still working
I hope this will help many people with same RDP problem. If this works for you as well then put comment to help others.
Thanks,
Tej Shah
SYSTEM ADMINISTRATOR
Free Windows Admin Tool Kit Click here and download it now
October 1st, 2012 8:40pm
Hello,
I have a problem applying this fix. Replacing the registry key (as mentioned in step 2) failed, because
the original registry key is blocked. ("run as administrator" won't work)
Tnx
October 2nd, 2012 6:53am
Hello,
To make changes in Registory user must have a local
administrator privileges. Try to login as a local admin or if you try with domain user then make that user member of local administrator group or domain user must be a member of domain admins security group.
Try this way and let me know it works for you or not.
Thanks,
Tej Shah
Free Windows Admin Tool Kit Click here and download it now
October 2nd, 2012 10:04am
Hello,
I know. I did use a local administrator account. The error message says: some registry keys
are in use by the system or an other process.
Which process??
Tnx
October 2nd, 2012 12:21pm
Hello,
I already tried to perform the steps in Safe mode.
Results problem step recorder:
download
Tnx
Free Windows Admin Tool Kit Click here and download it now
October 3rd, 2012 4:53am
Hello,
Thanks for sending me your steps. I just checked your recored steps. Sorry for late reply. I can't understand your language, so first I have to convert it all in English then go through all yours steps to find the problem. As per my understanding
after translating in english, I think you were encounter below error.
If you are encountering the above errors, without a doubt youve encountered a protected registry key. You need to get full control on that registory key which you want to replace with your backup registory. Please check this post and follow step-by-step
instruction to get full control on that Registory key.
http://www.groovypost.com/howto/take-full-permissions-control-edit-protected-registry-keys/
One more thing to make sure that when you on permissions tab Include Inheritable Permissions from this Object's Parent check box is selected if not then select and apply.
Once you fix this then try again my steps to fix your RDP issue. I hope this will fix your problem and will get relief from this pain.
Best luck...
Thanks,
Tej Shah
October 3rd, 2012 10:31pm
Hi Leon,
Just to know that my last solution resolve your problem or not ? Reply if you need future help or leave comment to help other who has same problem.
Thx,
Tej Shah
Free Windows Admin Tool Kit Click here and download it now
October 9th, 2012 5:16pm
Hi Tej Shah,
Your solution worked! The listening pot was open again and RD worked, yes workED!
I did follow every step except 4 reinstalling the two updates (I let WSUS do that for me).
But after a while port 3389 was not listening anymore after WSUS installed the updates again?!
Do I have to exclude the updates (KB2621440 and KB 2667402) form updating?!
Thanks,
Jo
October 26th, 2012 9:53am
Hi Jo,
It should work after you install that both updates. I preferd to install both updates because it's a RDP security updates. If you facing same problem again then try my solution with all step at same time. Make sure you restart your machine after uninstall
both updates, go through step 1 to 4. restart you machine again before use. Check it must be listening on port 3389 after installing both updates back.
If you having same problem back then disable that updates so it will not install in future.
Thanks,Tej Shah
Free Windows Admin Tool Kit Click here and download it now
October 26th, 2012 10:31am
Hi Tej Shah,
Thank you for you quick response Im going to follow all the steps now, and will not be lazy this time. I can test it I a couple of days, than Im in the office with the customer
again! Normally I can do it right away, with RD J.
And I just wonder, what is going wrong Ive got dozens of about the same Pcs on similar networks, and only this PC is having the problems, could it be combination of software hes
running ((apple i-tunes) whispering)?
Thanks ..Jo
October 26th, 2012 10:46am
Hi Tej Shah,
Today I solved the RD problem again!
Short version:
1 Removed
KB2667402 and KB2667402
and reboot(after
that port 3389 is listening again)
2 Replaced
rdpcorekmts.dll
Version 6.1.7600.16952 with version 6.1.7601.17828.
3
Installed
KB2667402 and KB2667402
and reboot(after
that port 3389 is still listening)
4 rebooted another couple of times an tested RD form another machine, works well.
The long version.
1
sfc /scannow said (translated from Dutch) there are damaged files witch cannot be repaired all.
2 I couldnt import
HKEY_CLASSES_ROOT\CLSID\{18b726bb-6fe6-4fb9-9276-ed57ce7c7cb2}
Because the key was in use, I tried everything stop the services as a domain admin, as a local admin, save mode.. then I gave up.
3 The same issue with the other two keys..
Regards.. Jo
Free Windows Admin Tool Kit Click here and download it now
October 26th, 2012 11:23am
Hi Jo,
If it reslove your problem then it's good to hear you.
If you facing problem while replace Registery key then check my reply on
Thursday, October 04, 2012 2:27 AM and try as per that. It should work for you.
ThxTej Shah
October 26th, 2012 12:53pm
Hi
Tej Shah,
Monday the problem was back again!
I solved the RD problem again and now step by step according to your advice!
Tuesday the problem was back again!
Then I removed
KB2667402 and KB2667402 from the computer and from WSUS, preventing the updates to be installed again!
Now, today the port 3389 is still listening and RD is working fine!
Is there any knowledge, of what courses the problem, now the Pc is running without the two security updates!
Jo.
Free Windows Admin Tool Kit Click here and download it now
November 1st, 2012 5:05am
Hi There,
I had just executed the solution recommended by Tej Shah.
Two Servers were affected on the same issue. Its been a week and no problems occured on the server after.
Here's what I did on my end; a slight revision (shortcut of the solution)
1 Backup Registry and Import the following registry entries from a working server
HKEY_CLASSES_ROOT\CLSID\{18b726bb-6fe6-4fb9-9276-ed57ce7c7cb2}
HKLM\SYSTEM\CurrentControlSet\services\RDPDD
2 Unininstall the Server Patches as indicated
KB2621440 and KB2667402
3 Restart Server
4 Check ports running via command line using netstat -a
**see if 3389 port is already listening
5 Reinstall Patches (KB2621440 and KB2667402) and Restart
6 Check port 3389 if still listening and RDP the machine concerned.
Hope that the same solution works.
It was effective on our part. Thanks Tej Shah!
pau dc
November 11th, 2012 10:48pm