Unable to RDP to Windows Server 2003 machine RRS feed

  • Question

  • Server is Win2003 Server, Standard Ed. R2 SP2, 32-bit. It is configured to allow remote connections for Remote Administration, not Application Mode. When attempting to connect, the connection is immediately terminated with the following error:

    "Your Remote Desktop session has ended possibly for one of the following reasons: The administrator has ended the session. An error occurred while the connection was being established. A network problem occurred."

    The error occurs before authentication is attempted, and from any RDP client (XP, Vista, Win7). Out of 1200+ Windows servers, this one is the only one experiencing this issue.

    Using telnet from the client and netstat -an on the target server, port 3389 has been verified to be open and not blocked by firewalls, and that the server is listening on that port. A side-by-side comparison with a known good server of Local security settings, allowed users, IPSEC, TCP/IP settings, RDP settings, etc. have not produced any inconsistencies. All drivers and firmware have been verified as current. All events have logging enabled in the Local security MMC, but nothing related shows up in Application, System, or Security logs in the Windows event viewer.

    This server is a heavily used file server, and allowed downtime is very limited, so time-consuming repairs/rebuilds etc. are an absolute last resort for us.

    Any other suggestions or input would be appreciated. Thanks in advance for your help!

    Sunday, October 24, 2010 9:34 AM

All replies

  • Hi Brian,


    According to your post, I find many similar issues with the exact same error message are caused by some third party application/services or even virus and malware.


    To check this possibility, please use the following steps:


    1. Check the following registry key:


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon


    2. Double-click the value Userinit and check the data.


    3. If an executive application called twex.exe is included, please try to delete it.


    4. Run an update anti-virus software to scan the server completely.


    5. Restart the computer and check the registry, confirm the twex.exe is deleted completely.


    Hope this helps.

    Monday, October 25, 2010 9:18 AM
  • Alan, Thanks for the response...

    The contents of that registry value on the server in question is: "C:\WINDOWS\system32\userinit.exe," (without the quotes)

    Monday, October 25, 2010 9:26 AM
  • Hi Brian,


    For the further troubleshooting, I’d like to do the following,


    1.       Temporarily disable all of firewall on the Terminal Server and do test this issue again, what’s the result?


    2.       Please try to collect the event logs when you encounter this issue. If possible, please let’s know the detail.

    Tuesday, October 26, 2010 7:40 AM
  • We use hardware firewalls on our server segment, software firewalls are reserved for our workstations. The hardware firewalls aren't in play because the issues occurs even when attemping to connect from the same IP segment as the target server.

    Even with all logging enabled, there were no errors, warnings or failure audits in the event logs.

    I was thinking that maybe some system files had become corrupted. Unfortunately, management became impatient with troubleshooting the root cause and we ended up rebuilding the OS.

    So we may never know the root cause, but on the bright side, at least we can remote desktop into the server!  :)

    Monday, November 1, 2010 4:24 AM
  • Hi Brian,


    Thank you for your update.


    I know you spent a lot of time on troubleshooting for this issue. So personally, I want to recommend that you can use the NetMon to diagnose this issue when this issue happens again.


    Run Network Monitor:




    1. Please download Network Monitor" from the following link:



    2. Launch NetMon3.4.


    3. In the Microsoft Network Monitor 3.4 window, click Create a new capture tab …


    4. In the new tab, select all the Network Adapters in the Select Networks window.


    5. Then, switch to Network Monitor, press F5 to start NetMon.


    6. Go back to the NetMon window and press F7 to stop the NetMon.


    7. Press Ctrl+S to save the Netmon file.


    By the way, the RDP support to establish connection between client and server when you use the RDC client to connect the server. If you cannot see the connection built successfully via RDP, I am betting that there is a protocol issue existing on the connection.


    Hope this helps.



    Monday, November 1, 2010 4:49 AM