none
cannot rdp to server

    Question

  • I cannot rdp to my 2008r2 machine. No firewall is blocking

    and RDP is enabled

    no port conflict

    3389 is listening

    I did noticed that if I go to the local gpedit policy and enable security to RDP 

    then it works for a while 

    but then it stops working

    the domain gpo has a TLS policy in for all servers but rdp is working fine for all servers. not this one.

    any idea?

    Sunday, May 6, 2018 4:31 PM

All replies

  • Hi,

    What is the error message of failed remote desktop connection?

    Please try to disable e Windows Firewall on both client and server sides, then, re-establish the remote connection to check the result.

    >I did noticed that if I go to the local gpedit policy and enable security to RDP 
    Domain group policy is prior to local group policy. If it is domain system, please run “gpresult /r” to check applied group policy and make sure there is no policy which is used to disable remote connection.

    Besides, please check relate registry configuration. 

    How to Enable or Disable Remote Desktop via Group Policy Windows 2008:
    https://social.technet.microsoft.com/wiki/contents/articles/4980.how-to-enable-or-disable-remote-desktop-via-group-policy-windows-2008.aspx

    Best Regards,
    Eve Wang

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, May 7, 2018 7:56 AM
    Moderator
  • Hi,

    How things are going there on this issue?

    Please let me know if you would like further assistance.

    Best Regards,
    Eve Wang

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, May 9, 2018 1:57 AM
    Moderator
  • it is still not working. under remote desktop session host, when I change it to RDP or negotiatie, it works for a abit then it stops working.
    Wednesday, May 9, 2018 2:15 AM
  • ok so under 

    KEY_LOCAL_MACHINE
    Registry Path SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services

    it only works when i set it to 0

    1 or 2 does not work

    why is that?

    Wednesday, May 9, 2018 3:32 PM
  • What registry value is set to 0, 1 or 2 ?

    This posting is provided AS IS without warranty of any kind

    Wednesday, May 9, 2018 5:14 PM
  • Hi,

    Have you check the configuration I had mentioned in above article? 

    Please provide detail registry entry path and name you had mentioned.

    Best Regards,
    Eve Wang

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, May 10, 2018 6:49 AM
    Moderator
  • gpo alreay enables RDP. Thats not the issue. the issue seems to be the security level and its not negotiating on SSL/TLS

    RDP only works when i set it to 0 (RDP)

    1. RDP 
      Registry Hive HKEY_LOCAL_MACHINE
      Registry Path SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
      Value Name SecurityLayer
      Value Type REG_DWORD
      Value 0
    2. Negotiate 
      Registry Hive HKEY_LOCAL_MACHINE
      Registry Path SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
      Value Name SecurityLayer
      Value Type REG_DWORD
      Value 1
    3. SSL 
      Registry Hive HKEY_LOCAL_MACHINE
      Registry Path SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
      Value Name SecurityLayer
      Value Type REG_DWORD
      Value 2

    Thursday, May 10, 2018 3:08 PM
  • Ok, in general this is caused by the certificate for the RDP.

    Open a new management console (mmc.exe)

    Add the snap-in for Certificate and choose Computer account and Local computer

    Navigate to Remote Desktop / Certificates

    Check that the certificate for Remote Desktop is valid (not expired).

    This certificate is by default a Self-Signed certificate.

    In general the self-signed certificate is suppose to renew automatically each 6 months.


    This posting is provided AS IS without warranty of any kind

    Thursday, May 10, 2018 3:17 PM
  • the cert is valid. not expired
    Thursday, May 10, 2018 3:35 PM
  • Hi,

    Please check Event Viewer on both sides, and confirm that if there is any relate event has been logged.

    Event Viewer – Applications and Services Logs – Microsoft – Windows – find Remote Desktop relate folder and find relate event. 

    Best Regards,
    Eve Wang

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, May 11, 2018 9:49 AM
    Moderator
  • Hi,

    How things are going there on this issue?

    Best Regards,
    Eve Wang

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, May 15, 2018 2:50 AM
    Moderator
  • Tuesday, May 15, 2018 5:45 PM
  • Hi,

    Please check article - How to troubleshoot “The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP:” and “The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client” err:
    https://blogs.msdn.microsoft.com/scstr/2012/02/29/how-to-troubleshoot-the-terminal-server-security-layer-detected-an-error-in-the-protocol-stream-and-has-disconnected-the-client-client-ip-and-the-rdp-protocol-component-x-224-de/

    Best Regards,
    Eve Wang

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, May 16, 2018 9:47 AM
    Moderator
  • Hi,

    How things are going there on this issue?

    Please let me know if you would like further assistance.

    Best Regards,
    Eve Wang

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, May 18, 2018 2:14 AM
    Moderator
  • Hi,

    Is there any update?

    Best Regards,
    Eve Wang

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, May 22, 2018 1:45 AM
    Moderator
  • No I . tried this and it still does not work
    Friday, May 25, 2018 1:49 PM
  • like i said this is the y key that is causiong the problerm. If Securitylayer is set at 2, i cannot rdp in

    If i change it to 0, then it works. but then something changes it back to 2 via some gpo and I dont know what gpo setting 


    • Edited by JonDoe321 Friday, May 25, 2018 2:07 PM
    Friday, May 25, 2018 2:04 PM
  • found out the problem. This had to be enabled in security policy
    Friday, May 25, 2018 3:45 PM