Home Forums Discussions Problems Remote Desktop Win 7 - need help

Hi Folks,

I have a new Win7 machine, but I have not been able to get RDP to work within our small network.

It does not work within the intrAnet. So I think it is a problem with the new machine configuration. (but in anycase the router is setup, because we can RDP to other machines on this network from the outside.)

I am able to RDP from the desktop i am sitting at to other machines (SBS2011 essential server or winXP), but not to the new machine.

It seems like the connection is refused, because it happens immediately; there is no wait for a timeout error. I try RDP with the computer name and also the IP address. I get this error:


I can see the new Win7 machine on the network (name is Karima-Desktop)


I have turned on RDP on the machine and added users for login:



The machine is part of a WORKGROUP and not a domain:


And it seem that it is listening on port 3389:


This is how I am trying to connect, and also by ip as mentioned above without login name.



What am I doing wrong or missing?

Thanks in advance!
Al Mamdani

Is it a Win 7 Pro computer (Home cannot do RDP)?

You may have to use the IP address rather than the same to connect.

(If you do not know the IP address, go to command (start>run>"cmd")line and type ipconfig or ipconfig/all)

its win7 pro
tried the ip address too.

Do you have antivirus or firewall running on the machine? Try shutting off Windows Firewall if that works then you probably need to add exclusion, if you have another firewall shut it off test and again if it works add the needed exception.

i tried with windows firewall off, even though rdp is supposed to automatically create an exception. thanks for the suggestion. it did not work.

Do you have too much info in your user name box? shouldn't it just be Karima, not KARIMA-DESKTOP/Karima ?

Try TeamViewer. It is free, very easy to setup, easy to use, works on LAN and WAN, very fast, and secure.
Here is the link: http://www.teamviewer.com/en/index.aspx

TeamViewer is a great suggestion, but it isn't the question. Plus RDC is better than any other remote software.

koby has a good point:

Enter computer name under computer in General section.
You don't even need your user name, but if you do, just use Karima. Try it without.
Under edit, go ahead and enter your username and the password of the machine you are trying to reach if it is password protected.

Since using IP, do an ipconfig to ensure you are using the correct one.

Can you ping the machine? Can it ping yours?

Can you access shares on the machine. If not, then it will not connect.

Turn off A/V (doubtful)

Remember, everyone, he can access other machines, so it shouldn't be firewall or A/V. Won't hurt to put port TCP and UDP 3389 and browse to RDC.

Only need destination. If you use IP, make sure it is correct using ipconfig on destination computer. Leave username and everything else blank.



You need an account to authenticate against. You should get this window with account name and place for password. (I know you said you instantly get an error message)

The only way I know of that this could happen is either 1) the computer name or IP address is incorrect or there is something blocking your accessing that computer.

This is why you should try to ping it. Or simply access it, as below.



Click on a computer you know works with RDC. If you can't access a computer from the new computer or access the new computer from another computer, there is an issue.

Have you tried clicking on "connect with Remote Desktop Connection" -- in the box on your screenshot shown above?

It seems like you have all the permissions correct.

That's the way I connect on the LAN. It's automatic.

We need to get some feedback

Koby gave the answer a while ago. In a domain you would use

computer name
domain\username

In a work group, you use

computer name
you don't even need a username, but you CAN'T put the computer name in the username field.

The username you use is the account on the computer you are connecting to. No matter what user you put in there, if you do not have a username and password saved, you will get a screen like below which asks you for username and password.



So, put the computer name or IP address in the field, leave the other field blank and hit connect. If there is a user name of Karima you are trying to get into, you can put that username in.

Also, as an FYI, if the window exists which allows you to click and say you will accept remote connections, then that OS will accept remote connections. Most OS, even Win 7 Home Starter can start a connection. Only around four can accept them.

Understand if I am using RDC to get into the reception computer, if I put my name and password, it will take me to my account. So, it will log my receptionist off and log me on. Generally, when I RDC to her computer, I am trying to get to something on her computer, so I use her username like:

Comp name: Reception
Username: riverside\mary

This will immediately bring me into her account.

In a domain, you generally use the domain username, but, again, if you put nothing, it will bring you to the account that was logged out last, whether you put domain and username, username only and again nothing.

You also need to have admin rights.

Bump

hi everyone, thanks for all the suggestions. i was out of town on friday monday for the long weekend to visit sick relatives. let me try all these suggestions and give an update soon.

i can ping the remote computer with netbios name or ipaddress. see graphic below. can defintely get to it. it refuses the connection immediately! this is the clue.

when trying to connect with only the ip, i dont even get to the subsequent screens where remote is asking for credentials. so domain or user qualification is not issue.

all other computers on network can see it, and it can see the others. it is listening on the rdp port (see above)

tried connecting from menu item "connect with remote desktop"


no difference is firewall is turned off on remote.

this should be so easy, but its not. what gives?

1. Why is listening on port 3389 important?

2. Do you still have your computer name listed twice, e.g. under computer name and then under username?

3. I may be wrong, but if you use the fact that it doesn't connect immediately that it rules out many things, it may hinder your troubleshooting.

4. It always seems like a simple thing. The fact that others can sit it and it can see others only shows that the computer can see other computers and vice versa. It would show that the computer you are trying to connect from can't access it. What happens when the two computers in question try to access it. It would seem as though it is only the computer not connecting.

5. I know this may sound condescending, but are you absolutely sure that the computer is Win 7 Pro?

What are your settings under Advanced for:

Use these RD Gateway server settings:

Server name

Bypass RD Gateway server for local addresses

I would check "Do not use an RD Gateway server

maybe the router isn't set up to port forward to 3389 on the new machine ip address 192.168.1.140 ?

But one, he can ping .140, and two the router shouldn't be in play. It would be modem => router => switch => computers. All of the intranet computers should communicate via the switch. I don't see where a port from public to private would matter.

just pinging doesn't tell you if you have the ports open for RDC via router only that you can see the computer on the network, would need to run a port scanning tool from another computer on network to the target computer to see if you can get through to the open listening port for RDC 3389 but I am beyond my paygrade here, just wondering outloud.

You are correct, but again, port 3389 doesn't need to be open on the LAN just between the public and private side of the router like 8080, 443, etc.

I used my computer name twice and it instantly went to the credentials login field. It went past the configure and secure field. Also, go to the Advanced tab and make sure your RD Gateway settings are set correctly. You shouldn't be using them.

RD server settings made no difference.
i immediately get the "this computer cant connect".

i also tried removing all the lenovo utilities incase there was a conflict. shot in the dark.
if i disable RDP on the remote(karima-desktop), client timesout with a different error, as expected.

remote is windows pro. i got pro so i could remote in.
client does support NLA network level authentication

one last thing i will try is to reboot our sbs2011 server as another shot in the dark. but what the heck, its microsoft. i cant do that till friday afternoon because its the main computer and drive for AC and i usually leave before doc to pick up kids.

it could be the client i am trying to connect from, but I can connect to our sbs2011 ess server no problem, and also an old xp-pro machine.

thanks for all the support.

Why not let someone remote in and check it out? It could something really simple that we're missing.

PM me and I can take a look for you.

Two things:

1. Not that we have too, but rebooting during the day takes 15 minutes. You don't have to be there once the reboot starts.

2. I am not going to sleep until you enter the computer you want to remote to and leave the username blank. I don't know why you have:

computername

computername\username

That is just wrong.

Are you trying to remote from the new machine or to the new machine? Do you have RD Gateway set up properly in Advanced field -- the only screen shot you haven't shown.

Can you actually access the new machine from the computer you are using RDP or vice versa, not ping.

Why so much talk about the router. It has nothing to do with it.

Why are you not on a domain when you have SBS 2011?

Hi Sandeep:
thank you for your offer. I will PM you to arrange good time for tomorrow.

Hi Bert:
I am not sure which RD Gateway screen you want? Maybe that is what I am missing. Today i noticed that i also cannot RDP FROM this new machine. In general, I want to RDP into this machine (but for debugging, i tried the RDP client on this machine - which let me connect to my other machine, and then gave me an authentication error.)

I tried it with: ipaddress only, computername only; without the username
i also tried it with the username

I have sbs2011 essentials, but have some home machines on the network, so not all machines can join the domain.

arghhh.

I will be checking it out tomorrow. I will post back if I find the solution. Wish me luck.

When the main screen is open, there is an Advanced tab on the right. Then at the lower left, there will be Settings. 2011 should have an RD Gateway, which is why the router doesn't need port 3389 open, and you can get to any computer remotely without port forwarding.

You can try setting up the RD Gateway so it is set only for that -- mostly the middle boxes. Or skip RD Gateway so it remotes directly to the computer. You may have to use the FQDN on the computer in question so if it is "Computer" it would be Computer.domain_name.local. But, you don't have a domain but you do have the four letter one called Raish or something.

So I had a chance to check it out and it appears as if the installation of Windows is corrupted. I checked some of the core files (termsrv.dll) using a hex editor. They're not matching up with standard versions. It's not a problem with authentication (usernames/FQDN/etc.) The event viewer starts throwing errors regarding RDP as soon as the computer starts. (Not initializing properly.) I've sent him a stock copy of Windows 7 Pro SP1 64 Bit Retail. Might do an "in-place upgrade"/repair or full reformat. Computer is relatively new.

Well, I am just glad my posts were helpful.

The suggestions above are excellent though. They should be put into a thread about common logon issues with RDP. That using the FQDN with Windows 8 always gets people. e.g. bert@riverview.local

Wouldn't bert.riverview.local be FQDN as well?

Yea. I meant with the login. FQDN for the computer name (e.g. Bert-PC.riverview.local) and for the user username either (riverview.local\Bert or Bert@riverview.local)

LOL, Either way, you got to have Bert in it.

Great discovery on the server. Every once in a while you get one of those problems where you get focused on one thing (which is obvious) and then it is something else where you would never have figured it out. Well, except you, of course. And, check the error logs. Easy to overlook.

Yea. Sometimes you just have the Eureka moment.

So Update on the case:
Phase 1:
Finished Downloading Win 7 SP1 x64 Pro. Made a bootable USB. Did an in-place upgrade/repair install. Reinstalled drivers and after this point, remoting in from the LAN was possible. Then got all the programs and updates. Although we were able to use remote desktop locally, we were unable to use it remotely since it wasn't in the list.

Phase 2:
Needed to add the user for remote access using the SBS Essentials Dashboard/Console. Only took a few clicks to add the computer for this user who was a non-admin. But after logging into the remote site, we were still unable to connect to the Remote Computer. The error stated that the computer could not be found. And as Bert always says, it's an issue with DNS. DNS was working fine from the LAN but since the RD Gateway resides on the server, decided to do an NSLookup on the server.

Phase 3:
The DNS server IP was set to something else other than the IP of the server itself. On a domain controller, you always want to point to the IP of the DNS Server (very often the server itself). You can use the localhost ip of 127.0.0.1 too. I think it's best practices to have that as the alternate. So after setting the new DNS server to the server itself and flushing the DNS Resolve cache (ipconfig /flushdns). The server was able to successfully to resolve the FQDN of the PC to its appropriate IP. After that, we were able to successfully remote in using the Remote Web Access site.

That concludes the story. So it was a double issue of corrupted Windows files on the client PC in addition to DNS and console configuration issues on the server. Good luck to anyone else who experiences this issue in the future.

So, in summary, it was not something minor and it would be near impossible to have diagnosed this using the forum.

No, I always say, DNS, DNS, DNS, lol. Yes, the preferred DNS server on the NIC settings should generally be the IP of the server. Like you said.

He has a workgroup, correct?

Here is an interesting copy from one of my posts:

When the main screen is open, there is an Advanced tab on the right. Then at the lower left, there will be Settings. 2011 should have an RD Gateway, which is why the router doesn't need port 3389 open, and you can get to any computer remotely without port forwarding.

You can try setting up the RD Gateway so it is set only for that -- mostly the middle boxes. Or skip RD Gateway so it remotes directly to the computer. You may have to use the FQDN on the computer in question so if it is "Computer" it would be Computer.domain_name.local. But, you don't have a domain but you do have the four letter one called Raish or something.

Sort of sums up a little bit. Question: Can you actually change the connection routes with RDC by changing the Option settings under Advanced?

And, no one needs luck when you're around. Nice work.

True that on the forum. But, you know your description is making a good case for those P2P users.

Lol, regardless, he was unable to use P2P due to the corrupted termsrv.dll file (and likely others) in the first place. No RD Gateway is needed for local access. Even if you set up the router to portforward that PC outside the network (as in traditional P2P) it still wouldn't work.

Gotcha. Thanks. But, you do have to love the RD Gateway. Just one of those nice features of client/server and a server OS.

Definitely nice not having to open ports for each and every computer on the network. Especially on larger ones.