none
Cannot connect remote desktop (code 0x1104) to Windows Server 2003

    Question

  • Hi,

    Have a Windows Server 2003 SP2 with latest patches and updates. The remote access to the server no longer works.

    I noticed that the PortNumber value of the HKLM\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\RDP-Tcp had been changed from 3389 to 3399.

    I changed it back to 3389 and rebooted the machine. It worked for a day os so then stopped working.

    I then noticed that the port number had been changed to 2288.

    I changed it back to 3389 and even though this value remains unchanged, a remote connection no longer works and I get a messge (Beacuse od protocol error detected on the remote client (code 0x1104), this session was disconnected. (Roughly ttranslated from French).

    Have the same error from different PCs on the LAN or via a VPN connection.

    If I do a "telnet servername 3389" I get a message [hieroglyphics.. http://www.youngzsoft.com/cn/.

    A "netstat -no" indicates that the server is connected to 117.26.176.35, 117.26.180.162 and 120.40.251.213 via different ports.

    I suspect there is trojan installed but how do I go about detecting it and removing it.

    An antivirus scan did not detect anything.

     

    • Moved by Roxana PANAITMicrosoft employee Tuesday, February 15, 2011 4:54 PM (From:Windows Server 2003 (et versions anterieures: Windows Server 2000, Windows NT Server))
    Saturday, February 12, 2011 5:05 PM

Answers

  • Hi,

    Here are some other reasons that may apply:

    Case 1: The terminal server is running an application that using the same port as the TS.

    Case 2: The server comes with two NICs and each of them has default gateway. That messes the routing table. No computer should have two default gates.

    Case 3: The client has XP\Win 7 as Remote Host with DHCP setup. The remote client may receive this error when the Remote host IP changes.

    Case 4: I had this problem when I moved a server from a location to another.
    My 2003 server has got two NIC and I used one for the first location and the
    other for the second location. When I tried to connect with RDP to this server I found this problem. Looking for a solution in Terminal Services Configuration, I've founded it by authorizing the second Nic to be used for RDP.

    Case 5: Some software may changes the port #. You can disable the antivirus software and change the port to 3389 to see whether the issue still exists.

    Wednesday, February 16, 2011 7:45 AM
  • I had to reinstall the server. Not even Microsoft could find a solution. The server just go worse and worse as a result of the viral attack.
    • Marked as answer by lenmor Thursday, May 24, 2012 6:38 PM
    Thursday, May 24, 2012 6:38 PM

All replies

  • qwinsta returns:
    Error 1702 in retrieving session names (translated from French)
    Errir [1702] :invalid link handle

     

     

    Saturday, February 12, 2011 7:00 PM
  • Hi,

    Here are some other reasons that may apply:

    Case 1: The terminal server is running an application that using the same port as the TS.

    Case 2: The server comes with two NICs and each of them has default gateway. That messes the routing table. No computer should have two default gates.

    Case 3: The client has XP\Win 7 as Remote Host with DHCP setup. The remote client may receive this error when the Remote host IP changes.

    Case 4: I had this problem when I moved a server from a location to another.
    My 2003 server has got two NIC and I used one for the first location and the
    other for the second location. When I tried to connect with RDP to this server I found this problem. Looking for a solution in Terminal Services Configuration, I've founded it by authorizing the second Nic to be used for RDP.

    Case 5: Some software may changes the port #. You can disable the antivirus software and change the port to 3389 to see whether the issue still exists.

    Wednesday, February 16, 2011 7:45 AM
  • Li Lenmor,

     

    I have exactly the same issue as you described (trojan set the RDP port to 2288) and I lost the RDP-tcp listener.

    I followed the suggested resolution from horizonsky but nothinf works, still not able to recover RDP listener.

    What did you do to resolve that issue ?

     

    Thanks for your feedback

     

    Regards

    Julien

    Wednesday, September 28, 2011 1:41 AM
  • I had to reinstall the server. Not even Microsoft could find a solution. The server just go worse and worse as a result of the viral attack.
    • Marked as answer by lenmor Thursday, May 24, 2012 6:38 PM
    Thursday, May 24, 2012 6:38 PM