Note: This article is based on RDS 2008 (R2) and might not apply to RDS 2012 (R2)

In this article we are going to troubleshoot General Remote Desktop Error Messages that we may receive while making an RDP connection to the Server/Client.

General Error Messages

KB Articles

Here are some knowledge base (KB) articles for 2003/XP/2008/Vista machines.

Error messages - misc. problems

  • "An error occurred in the licensing protocol"
    Vista: not enough permissions on the local registry to store the client license
    See
    187614
  • "The remote computer disconnected the session because of an error in licensing protocol"
    XP: Terminal Services service is not started; invalid stored license
    See
    921045
  • "Because of a security error, the client could not connect to the remote computer"
    W2K + 2003: corrupted certificate on the Terminal Server
    See
    329896
  • "Because of a security error, the client could not connect to the terminal server"
    W2K: invalid certificate on the Terminal Server
    XP: invalid stored license
    See
    323597
  • "The terminal server has ended the connection"
    W2K with SRP1: invalid certificate on the Terminal Server
    See
    323497
  • "The remote computer has ended the connection"
    XP with SP2: DFS client is disabled
    See
    898713
  • "No authority could be contacted for authentication"
    Vista client to Vista host in 2003 domain: Kerberos service account problem
    See
    939820
  • "The system could not log you on"
    RDP 6.0 client to XP SP2 host: smart card login problem
    See
    939682
  • "The remote session was disconnected because another user has connected to the session"
    2008: autologon enabled
    See
    947714
  • "Your system administrator does not allow the use of default credentials..."
    Vista RDP client with Single Sign-On enabled
    See
    Problems using default credentials with Vista RDP clients with Single Sign-on Enabled
  • "The logon attempt failed"
    Vista RDP client with saved credentials
    See
    954397 and Problems using saved credentials with Vista RDP clients and above
  • "Winlogon has encountered a problem and needs to close"
    2003: when many users connect at the same time
    See
    953675
  • "Server is not found in the network"
    2008: when many users connect at the same time
    See
    954398

Logon Problems

  • 2258492 - You notice that the check box "Deny this user permissions to logon to a Remote Desktop Session Host Server" behaves differently in Windows 2003 and Windows 2008
  • 982010 - You may be unable to log on a terminal server that has the DisableWindowsUpdateAccess user policy set
  • 922044 - A Windows Server 2003 Service Pack 1-based terminal server cannot accept new incoming Terminal Service connections
  • 828664 - An access violation error occurs if your Terminal Services information is corrupted (W2K preSP5, XP preSP2, 2003 postSP1 hotfix)
  • 258021 - Event ID 52 When You Start Terminal Services
  • 328002 - You Cannot Connect to Terminal Services from a Web Page
  • 270588 - Remote Desktop Protocol Clients Cannot Connect to Terminal Services Server
  • 312030 - Cannot Connect to a Windows 2000-Based Computer with Terminal Services Installed and RDP Listener Is "Down"
  • 290706 - Cannot Automatically Log on Remotely to Terminal Server with Long User Name or Password
  • 329155 - "The Server May Be Too Busy" Error Message If Terminal Services Installed in Remote Administration Mode (SBS2000)
  • 914048 - Event IDs 1000 and 1004 may be logged in the Application event log, and Windows Server 2003 Terminal Server client connections and logon tries may sometimes fail, when you try to connect to a remote computer
  • 931353 - Error message when you use RDP to connect to a Windows Server 2003-based computer that is running Terminal Server and Citrix MetaFrame Presentation Server 3.0: "The desktop you are trying to open is currently available only to administrators"
  • 939820 - Error message when you try to use Remote Desktop Connection to connect to another Windows Vista-based computer in Windows Vista: "No authority could be contacted for authentication"
  • 939682 - Error message when you try to log on to a computer that is running Windows XP SP2 by using a Remote Desktop Protocol connection: "The system could not log you on"
  • 947714 - You cannot create a remote desktop session as an administrator when Autologon is enabled in Windows Server 2008
  • 951028 - You are prompted two times for credentials when you use the Remote Desktop Client to connect to a Windows 2000 Terminal Server from Window Vista or from Windows Server 2008
  • 954393 - Local credentials are used to log on to a Windows Server 2008-based computer instead of credentials that you entered on a Terminal Services client
  • 938449 - Event ID 5719 is logged when you start a computer on a domain, and the computer is running Windows Server 2003, Windows XP, or Windows 2000

Misc. issues

  • 555061 - Unable To Reconnect To Terminal Server In Application Mode (Windows Mobile 2003 for Pocket PC)
  • 242051 - RDP client can lose connection to Terminal Server if Terminal Server initiates a RAS session to a remote server
  • 886212 - You are unexpectedly logged off when you try to connect to a computer that is running Windows Server 2003 or Windows XP
  • 888820 - "The system cannot find the file specified" error message when you try to connect to a Terminal Server that is located on a Small Business Server 2000 domain
  • 294761 - Logon Timer Error Is Received upon Connection to Terminal Server
  • 830581 - How to limit the number of connections on a terminal server that runs Windows Server 2003
  • 237282 - Limiting a User's Concurrent Connections in Windows 2000 and Windows NT 4.0

Other Info

The Remote Computer Cannot be Found

Probably the most common Remote Desktop problem is that Remote Desktop has trouble locating the remote PC. There are a number of things that can cause this problem. Probably the simplest cause is misspelling the name of the remote computer. Therefore, if you're having trouble connecting to remote computer, just take a second and make sure that you've spelled the remote machine's name correctly.

If the remote computer's name is spelled correctly, the problem may be DNS related. Remote Desktop uses the RDP protocol, which piggybacks on top of the TCP/IP protocol. As you probably know, TCP/IP does not use computer names as a mechanism for identifying the systems. The only reason that it is possible to specify a computer name is because a DNS server resolves the computer name to an IP address.

If you find yourself having name resolution problems, there are a couple of different things that you can try. One option is to try using the remote system's fully qualified domain name as opposed to its NetBIOS name. This won't always help you to establish a connection, but in certain situations it will help.

Another option is to specify the remote machine’s IP address rather than its name. Generally speaking, using an IP address tends to be much less problematic than using a host name when connecting. Even IP addresses can be problematic, though.

The biggest factor that tends to make connecting with IP addresses problematic is the use of dynamic IP addresses. If you are using Remote Desktop to connect to a server, this probably won't be an issue, because most servers use static IP addresses. Workstations, on the other hand, almost always use dynamic IP addresses. Therefore, the IP address that your workstation is using today will probably be assigned to a different workstation tomorrow. If the machine that you are connecting to does use dynamic IP addresses, then you will practically have no choice but to specify a host name when connecting rather than specifying the machine's IP address.

Another factor that can make it difficult to connect to a host machine using remote desktop is firewalls. The Remote Desktop Protocol is designed to work across TCP port 3389. If you are attempting to connect to a remote machine that sits behind a firewall, then the firewall must allow traffic to flow through TCP port 3389. Of course blindly opening this port on your firewall can pose a huge security risk. You might choose instead to enable port forwarding so that inbound RDP traffic is forwarded to a specific IP address, rather than someone on the outside being able to attempt an RDP connection to any machine on your network.

On many networks, you won't have a choice but to use port forwarding for RDP traffic. The majority of networks use private IP addresses on their networks, and only the router uses a public IP address. The router uses Network Address Translation (NAT) to proxy traffic between the Internet and hosts on the private network. If you are trying to establish an RDP connection from across the Internet with a host that sits behind a NAT firewall, then you will have to configure the firewall to forward RDP traffic to the target host.

Of course this assumes that you are attempting to establish a connection directly from outside the perimeter network. If you are connecting to the private network using a VPN or a dial up connection, then you will have to worry about reconfiguring a NAT firewall, because your VPN or dial-up connection provides you with a connection to the private network. The remote access server that is used for establishing VPN or dial-up connections almost always sits behind a firewall, and you'll have to insure that this firewall allows RDP traffic to flow to the private network.

While I am on the subject of firewalls, I want to point out that Windows XP SP2 and Windows Vista both contain a built-in firewall. If you are attempting to establish a connection to a machine running one of these operating systems, you'll have to insure that the Windows firewall is configured to allow RDP traffic.

Authentication Problems

Establishing the initial connection is by far the most problematic aspect of Remote Desktop, but there are other problems that you may encounter. Many users are surprised to see that they can attach to a remote PC, and enter their credentials, but are stopped by the following error message:

The local policy of the system does not permit you to log on interactively.

Windows displays this error message if the user who's logging lacks the necessary permissions to log in using the Remote Desktop Protocol. You can correct the problem by adding the user account to the Remote Desktop Users group or to the local Administrators group.

Data Encryption

One of the most cryptic problems with Remote Desktop involves receiving the following error message:

Because of an error in data encryption, this session will end. Please try connecting to the remote computer again.

This error message is almost always related to using an outdated remote desktop (or terminal service) client. When Microsoft released Windows 2000, they created an add-on called the Administration Tool Pack. The Administration Tool Pack included a client component that could be used to establish a remote session. Although this client initially appears to be compatible with Windows XP, it isn’t. Using the Windows 2000 version of the Administration Tool Pack to establish a Remote Desktop session with Windows XP will usually trigger the error message that I mentioned above.

Windows XP comes with its own Remote Desktop client that you can use to establish a connection with other machines that are running Windows XP. If you prefer using the Administration Tool Pack though, then you can always upgrade to the Windows Server 2003 version, which you can download at: http://support.microsoft.com/kb/304718

Community Resources

How to resolve the issue “Remote Desktop Disconnected” or “Unable to Connect to Remote Desktop (Terminal Server)”

A Windows Server 2008 terminal server stops listening on port 3389 when the server is under stress conditions