Remote desktop Protocol issue.

[SH]

right I have three PCs.

PC A is Windows & Ultimate SP1

PC B is Windows 10 Pro

Now I can RDP from the Win 7 Ultimate to the Win 10 pro no problem.

I cannot RDP from Win 10 pro to the Win 7 Ultimate

Both machines have Remote assiatant AND Remote desktop access enabled.

I have tried disabling the private firewall in the Win 7 Ultimate
machine but thsi made no difference.

I have a PC C with Win 10 Professional on thos, I can use PC A to RDP
into PC C.

So the issue seems to be with the PC B with Win 7 Ultimate.

I have ensured that port 3389 is open and listening on both PC A and PC B.

All 3 PCs are on the same Netgear switch.

All 3 PCs can access the interbet no problem

All 3 PCs can see my two NAS servers in the loft.

All 3 PCs are provided with DNS from a single Pi Hole.

Any ideas anyone?

[Jeff Gaines]

On 27/02/2023 in message <ttjdnp$3bruo$1...@dont-email.me> SH wrote:

>Any ideas anyone?

I have not used Win 7 Ultimate, does it definitely have an RDP server? My
knowledge is limited to Pro having a RDP server but Home only having a
client.

Can you see shared directories on the \win 7 machine from the other
machines in Windows Explorer? I always use the same user name and password
on my machines and the only issues that I have ever had have been when I
forgot to enable RDP connections, which doesn't really help you.

--
Jeff Gaines Dorset UK
The world will not be destroyed by those who do evil but by those who
watch them without doing anything. (Albert Einstein)

[Adrian Caspersz]

On 27/02/2023 23:18, SH wrote:
> right I have three PCs.
>
> PC A is Windows & Ultimate SP1
>
> PC B is Windows 10 Pro
>
> Now I can RDP from the Win 7 Ultimate to the Win 10 pro no problem.
>
> I cannot RDP from Win 10 pro to the Win 7 Ultimate
>
> Both machines have Remote assiatant AND Remote desktop access enabled.
>
> I have tried disabling the private firewall in the Win 7 Ultimate
> machine but thsi made no difference.
>
> I have a PC C with Win 10 Professional on thos, I can use PC A to RDP
> into PC C.
>
> So the issue seems to be with the PC B with Win 7 Ultimate.

So the RDP server on PC B (Win 7 ultimate) is refusing connections.

Try disabling NLA on it.

The content shown of various dialogs is important.

Also have a look at the application logs

--
Adrian C

[SH]

Already disabled NLA on teh WIn 7 Ultimate box and on the Win 10 Pro box.

Where do I find the log files for RDP connection attempts?

S.

[SH]

UPDATE

Still cannot RDP into the Win7 Ultimate box from ANY other computer so
the issue lies with the Win7 box.

All computers can all see the two NASes including the errant Win7 box.

Network browser shows the presence of the Win7 box on ALL other PCs.

I then attempted to use disc2VHD from sysinternals and then copied that
across to my main win 10 box to then run under HyperV. The VHDX does
start but then crashes with a blue screen complaining of software and
hardware changes and wants me to do a start up repair or contine booting
windows. Neither option works.

So for now I have ended up using TightVNC on teh Win7 Ultimate box/
WHile it works, its very video laggy and not as smmooth or slick as
either RDP or Hyperv.

What can I try next?

[Sylvia Else]

You could try ssh to the RDP port. Clearly, that's not actually going to
work, but you should get some indication of whether it's at least
managing to connect to the port, which in turn would indicate whether
it's a networking problem, or a protocol issue.

Trying that from the Win7 box to localhost could also be informative.

Sylvia.

[Adrian Caspersz]

On 28/02/2023 18:55, SH wrote:

>> Also have a look at the application logs
>>
>
>
> Already disabled NLA on teh WIn 7 Ultimate box and on the Win 10 Pro box.
>
> Where do I find the log files for RDP connection attempts?
>

Sorry, been waylaid on other issues. The following might be of
assistance, but I'd have a look first with an SSH check as suggested by
Sylvia.

https://ponderthebits.com/2018/02/windows-rdp-related-event-logs-identification-tracking-and-investigation/

--
Adrian C

[Raj Kundra]

On 27/02/2023 23:18, SH wrote:

I will always start by updating Drivers for NIC, then disable AV and try.

[f...@sdf.org]

On 2023-03-02, Sylvia Else <syl...@email.invalid> wrote:
> On 02-Mar-23 5:22 am, SH wrote:
>> On 28/02/2023 18:55, SH wrote:
>>> On 28/02/2023 10:24, Adrian Caspersz wrote:
>>>> On 27/02/2023 23:18, SH wrote:
>>>>> right I have three PCs.

>>>>> PC A is Windows & Ultimate SP1

>>>>> PC B is Windows 10 Pro

>>>>> Now I can RDP from the Win 7 Ultimate to the Win 10 pro no problem.

>>>>> I cannot RDP from Win 10 pro to the Win 7 Ultimate

>>>>> Both machines have Remote assiatant AND Remote desktop access enabled.

>>>>> I have tried disabling the private firewall in the Win 7 Ultimate
>>>>> machine but thsi made no difference.

>>>>> I have a PC C with Win 10 Professional on thos, I can use PC A to
>>>>> RDP into PC C.

>>>>> So the issue seems to be with the PC B with Win 7 Ultimate.

>>>> So the RDP server on PC B (Win 7 ultimate) is refusing connections.

>>>> Try disabling NLA on it.

>>>> The content shown of various dialogs is important.

>>>> Also have a look at the application logs



>>> Already disabled NLA on teh WIn 7 Ultimate box and on the Win 10 Pro box.

>>> Where do I find the log files for RDP connection attempts?

>>   UPDATE

>> Still cannot RDP into the Win7 Ultimate box from ANY other computer so
>> the issue lies with the Win7 box.

>> All computers can all see the two NASes including the errant Win7 box.

>> Network browser shows the presence of the Win7 box on ALL other PCs.

>> I then attempted to use disc2VHD from sysinternals and then copied that
>> across to my main win 10 box to then run under HyperV. The VHDX does
>> start but then crashes with a blue screen complaining of software and
>> hardware changes and wants me to do a start up repair or contine booting
>> windows. Neither option works.

>> So for now I have ended up using TightVNC on teh Win7 Ultimate box/
>> WHile it works, its very video laggy and not as smmooth or slick as
>> either RDP or Hyperv.

>> What can I try next?

> You could try ssh to the RDP port. Clearly, that's not actually going to
> work, but you should get some indication of whether it's at least
> managing to connect to the port, which in turn would indicate whether
> it's a networking problem, or a protocol issue.

> Trying that from the Win7 box to localhost could also be informative.

before using ssh or telnt to connect to the RDP port, use the netstat
command from a command prompt to determine if RDP is actually listening
on the port.

netstat /?

--
SDF Public Access UNIX System - https://sdf.org

That which does not kill you makes you stranger.
-- Trevor Goodchild - AEon Flux

[Sylvia Else]

The OP said that the port was being listened on, so I assumed he'd
already done that, or something equivalent.

Sylvia.

[SH]

> before using ssh or telnt to connect to the RDP port, use the netstat
> command from a command prompt to determine if RDP is actually listening
> on the port.
>
> netstat /?
>

Well I used Netstat -anb on PC's A, B and C and looking for the port
3389 which is used by RDP.

RDP is provided by the process TermService hence why I added the b
option as that will show the process name.

I then copied the results into Notepad and used ctrl F to look for 3389
and for TermService

I confirm that ALL 3 PCs have RDP enabled with NO NLA and also Remote
Assistant is enabled.


My main PC gives:

C:\Windows\system32>netstat -anb

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING
TermService
TCP [::]:3389 [::]:0 LISTENING
TermService
UDP 0.0.0.0:3389 *:*
TermService

UDP [::]:3389 *:*
TermService

I can RDP into or out of this PC except to the win 7 box:



PC B gives:

C:\WINDOWS\system32>netstat -anb

Active Connections

Proto Local Address Foreign Address State

TCP 192.168.0.233:3389 192.168.0.133:61743 ESTABLISHED
TermService

TCP [::]:3389 [::]:0 LISTENING
TermService

UDP 0.0.0.0:3389 *:*
TermService

UDP [::]:3389 *:*
TermService

This one I can RDP into our out of except to the Win 7 box.




Now to the problematic Win7 box:

C:\Windows\system32>netstat -anb

Active Connections

Proto Local Address Foreign Address State

TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING
CryptSvc

TCP [::]:3389 [::]:0 LISTENING
CryptSvc


Now this PC can RDP into any of the Win 10 boxes but none of the other
PCs can RDP into this specific win7 machine.

I then went into task manager on the Win7 box to see if TermService is
actually running:

It is NOT listed so I assume its been unable to start due to port 3389
not being available or that CryptSvc is the win7 service that provides
RDP (assumimng TermService was not available for Win7?)

So this machine has only two 3389 ports open whereas the other PC's have
4 off 3389 ports listed

AND

CryptSvc is using port 3389 and no TermService is actually running

So what is CryptSvc?

I then looked for CryptSvc on the other 2 win10 boxes in the netstat
-anb results and there is no CryptSvc listed.

I assume my next step is to disable cryptSvc and then hopefully
TermService can take over Port 3389?

[SH]

P.S. on a hunch, I rdp'ed into a win10 box from the Win7 box and did a
netstat -anb as I knew the IP address and port no of teh win10 box...


The result is

TCP 192.168.0.110:49213 192.168.0.233:3389 ESTABLISHED
mstsc.exe

so it seems the win7 box is using port 49213 and the process mstsc.exe
for RDP?

[SH]

and mstsc.exe only starts up when launching a RDP session FROM the Win7
box....

As soon as I close the RDP connection, mstsc.exe closes dwon so that
implies I still would not be able to RDP into the win7 box unless that
mstsc.exe is actually running on the Win7 box as a background service?

[Dan Purgert]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

["Followup-To:" header set to comp.misc.]
On 2023-03-03, SH wrote:
> [...]

> P.S. on a hunch, I rdp'ed into a win10 box from the Win7 box and did a
> netstat -anb as I knew the IP address and port no of teh win10 box...
>
>
> The result is
>
> TCP 192.168.0.110:49213 192.168.0.233:3389 ESTABLISHED
> mstsc.exe
>
> so it seems the win7 box is using port 49213 and the process mstsc.exe
> for RDP?

mstsc is "Microsoft Terminal Service Client" (i.e. the remote desktop
client software). In addition, nearly all client applications will ask
for a random source port when initiating a connection, which is managed
by your OS' underlying network stack.

I forget the exact range for Windows (might be 30,000 - 50,000); but
suffice to say that in general terms any currently free port in that
range is fair game at some point.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3asj+xn6fYUcweBnbWVw5UznKGAFAmQByxEACgkQbWVw5Uzn
KGA/fBAAo3NgdvR5ntZAywkElKThSUXvszXzgiRIPLnDLp78nKSfgBUa9PbQQxao
8c7QDhQs7T8qdvZxbEdUpF0O+zd2WAy6tWKe+xYD5RT9C1/Pfr/qamXHIgRUWVpq
ShpCVj2eLOoeb7kA6j7endkSU3rkwwgsorVwDB561zbIJMVUGdzTATfLmvKNjNZc
l9SpDLiAGjys9aB7JupH1bLNTy7BNRist3yGjJajZknT8T6uR4JW7ccrhtDaqt0W
NpbygOF2nrhgKtXNvp+F9qnFauBZVuGBBPf4Hq4iZE2BGTRQS0jBqPmojuz6FD09
4e0CUmlOTHjf5GNvVt01+z4Zr8/6+TsycVQ/Llj3zC7I4betGz0KZdjLJs5+1EJx
Yo/RcpL66kOQbOKYZkcKzB0W5miCHzKsyAKId7DMzMstNtJ71CI1WdEz4jHy2AS/
YpPoH3+GsCZz2pIT5cmg9zfWsDym/u57TgOEpwHxRwsTt26Lg55FTFgtGswUdeVY
ZVGpB+0SFn8yljuXb+5o5Vmq1N132dBXPYUMz9STTSBXWmnCK06tBiqcYPcmvHkq
luYhGTaXSzKk4YPfGrZp6CXCTsqhmiHj8mwhvSODtOxGu3hCbGyHKmw63PGDJxrx
wmuk3CCYYk0J6P4SnvoiHTwwvpA6KMKiYEd1s6YBN8yYxaCIxns=
=Wrpq
-----END PGP SIGNATURE-----

--
|_|O|_|
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: DDAB 23FB 19FA 7D85 1CC1 E067 6D65 70E5 4CE7 2860

[Sylvia Else]

Sounds as if it's started as required under Windows 10 by whatever is
listening on the RDP port. The same could be true under Win7.

Does that executable exist on Win7?

Have you looked at the Win7 event log? That occasionally contains useful
information.

Sylvia

[sc...@alfter.diespammersdie.us]

In comp.misc SH <i.l...@spam.com> wrote:
> right I have three PCs.
>
> PC A is Windows & Ultimate SP1
>
> PC B is Windows 10 Pro
>
> Now I can RDP from the Win 7 Ultimate to the Win 10 pro no problem.
>
> I cannot RDP from Win 10 pro to the Win 7 Ultimate

Is the Win7 box fully patched? If it isn't, there may be some protocol
disagreements between it and newer hosts, if I remember properly. I have a
couple of Win7 VMs on a Win11 host that I can RDP into without issue. The
VMs have all the patches that were ever made available.

--
_/_
/ v \ Scott Alfter (remove the obvious to send mail)
(IIGS( https://alfter.us/ Top-posting!
\_^_/ >What's the most annoying thing on Usenet?

[Bruce Horrocks]

On 03/03/2023 09:28, SH wrote:
>

Agreed that is a good next step. And the chosen answer in this thread
might help with that.

<https://social.technet.microsoft.com/Forums/ie/en-US/34593d87-8a3f-4cd0-868b-82a407b19428/remote-desktop-was-working-but-quit?forum=winRDc>

If that doesn't work then the next thing to look at is why all your
working PCs report TCP ** and UDP ** listening on port 3389 but the
problematic one omits UDP.

I've no idea where to look in the settings for that - perhaps firewall -
but maybe others here can help.

--
Bruce Horrocks
Surrey, England

[David]

Quick note on standard ports:

A standard port is normally a known fixed port a process can call into to
start a session.
A listener is always watching that port.
As far as I recall there is then a negotiation between caller and receiver
which can result in a new port being opened and used for the length of the
session.
This port number for the session (and potentially the process attached to
it) does not necessarily reflect the ID of the initial listener.

This also allows a single port to accept incoming calls for a number of
different protocols, instead of needing one port for each.

It is a while since I actively looked at this though.

HTH


Dave R


--
AMD FX-6300 in GA-990X-Gaming SLI-CF running Windows 7 Pro x64