How to resolve common problems with Windows Remote Desktop
If you have problems using Remote Desktop [RDP] with your Windows server, there are a couple of things you can fix. This troubleshooting guide aims to help rule out some of the most common causes for poor functionality.
Try UpCloud for free! Deploy a server in just 45 seconds
Problems connecting
Even while you might have trouble connecting using Windows Remote Desktop, you should always be able to log in to the web console at your UpCloud control panel, or by VNC connection, which settings are at your server details.
Once youve connected to your server, through either of the methods mentioned above, you should be greeted by Windows lock screen. Sign into your server with an account that has administrator privileges to continue troubleshooting.
If the connection shows something other than the lock screen, try if the server seems responsive. If it does not react to commands you might have to restart your server.
Windows Remote Desktop settings
When you are logged in and the server seems to be working, but Remote Desktop still cannot connect, make sure aremote connection is allowed. The easiest way to get to the option is to open sysdm.cpl by searching for it on the start menu. Then move to the Remote tab.
The Remote Desktop needs to allow connections from other computers for the feature to work. If your server was set to allow remote control with Network Level Authentication, make sure your own computer supports this or select to allow any connection. You can find more information about Network Level Authentication atMicrosofts TechNet.
While still at the RDP settings, check the allowed users by clicking the Select Users or by pressing S. All users with administrator access are automatically permitted to connect. All normal users must be added to this list. If you were trying to connect with user credentials that do not have admin rights, add the username you wish to connect with to the list of allowed users.
Firewall
The Windows Firewall might be a little restrictive at times, for example, inbound ICMP protocol that ping connections use are disabled by default. Open the Windows Firewall with Advanced Securityby searching for firewall in the start menu. Move to the Inbound Rules list and scroll down to Remote Desktop rules by pressing R.
Windows Server 2008 should show two rules: Remote Desktop [TCP-In] and Remote Desktop - RemoteFX [TCP-In]. Both of these would in most cases be enabled as long as the server still uses the standard 3389 TCP port for RDP connections.
With 2012 Windows Servers the rules are split between Domain and Private, or Public profiles as well as TCP and UDP protocols, which translates to 4 separate Remote Desktop - User Mode rules, all of which would usually be enabled.
Optionally while at the firewall settings, you may wish to enable ICMP for ping. Press F to find the rules, called File and Printer Sharing [Echo Request - ICMPv4 - In] and v6 for both IP versions.
When you are certain that the Windows Firewall allows Remote Desktop connections, also check the server specific firewall settings at your UpCloud control panel. If you have set the default incoming rule to reject, remember to add a rule to permit traffic to the port Remoter Desktop server is listening to, 3389 by default. Find out more about the UpCloud firewall at the tutorials.
Network connection
Test the internet connection on your server to make sure all your network resources work as they should. Start to ping out from your server. Open the Command Prompt and type cmd in the start menu search. Press enter then use the command below.
ping 8.8.8.8If you enabled the echo requests from Windows Firewall, you can also attempt to ping your server from your own computer. Find the servers public IP address on your UpCloud Control Panel under Network and Public Network.
In case the internet connection does not seem to work, check your IP configuration on Command Prompt with the following command.
ipconfigThe output will list all of your servers network connections, you should see 3 Ethernet adapters: the private network, public IPv4 and public IPv6. Check that these match with the network information in your server details under Network tab at yourUpCloud control panel.
If you see differences in the ipconfig output and your server network details page, check that all network interfaces are set to obtain the IP addresses automatically. To do this, search for Network Connections in the start menu and press enter to open it. Open the Properties for one of the Ethernet adapters, select Internet Protocol Version 6 or 4 and click on Properties button underneath. Make sure both radial buttons are set to automatic and press OK to save. Check through all of the network adapters on the server the same way.
Slow connection
If your Remote Desktop connection works, but feels slow or disconnects at times, you should try updating the network drivers. Download the latest Virtio drivers for Windows.
After downloading the ISO file on your server, with Windows Server 2008 you will need to have a program like 7zip to unpack it. On Server 2012 you can simply mount the file as a disk.
With the files available, open the Device Manager simply by searching for it by name in the start menu and pressing enter. Browse down to Network adapters, select each adapter one by one and run the Update Driver Software. In the update wizard, select Browse my computer for driver software, enter the driverlocation to the search field and press next. Note to keep the Include subfolders selected.
If you were connected through Remote Desktop while updating the network drivers, youll probably get disconnected for a moment. The client should be able to restore the connection automatically after the drivers have been installed successfully.
Port conflict
In some cases, it is possible that another application unintentionally uses the same port as Remote Desktop. This can cause connection issues or prevent Remote Desktop from connecting.
Check the ports used by programs. Enter the command below on Command Prompt.
netstat -a -oNetstat will print out a list of IP addresses and port numbers they use. Look for rows with your Remote Desktop port number [3389 by default] and check the program ID [PID] at the end of these lines. One PID will belong to the RDP service. If you see another PID that uses the same port, these will conflict with one another.
To find out which programs the PIDs belongs to, use the following on Command Prompt.
tasklist /svcRemote Desktop is listed as svchost.exe TermService, any other PID that uses the same port number causes issues.
Change RDP port number
If there is a port conflict, you can resolve it by changing the port used by one of the applications. Microsoft recommends to ideally change the port used by any other applications. If this is not possible, the port number Remote Desktop listen to can be changed with a couple of steps.
Change the port number because it can also help to reduce intrusion attempts through obfuscation. This should not be your only method of security.
To change the port number, youll first need to choose a free port not used by anything else on your server. Check the ports currently in use with netstat -a -o as described previously. The new port number can be anything from 1024 through 49151.
Add the port number youve selected to the Windows Firewall Inbound rules by creating a new rule. In the New Inbound Rule Wizard, select the following
- Rule Type: Port
- Protocol and Ports: TCP, Specific local ports,
- Action: Allow the connection
- Profile: all options ticked
- Name: Remote Desktop TCP
In the steps above the is the new port you wish RDP to listen to. Make sure your new firewall rule is set up correctly. Once you change the RDP port youll need it to work to be able to connect again.
The port number for Remote Desktop was not designed to be changed, and the only way to do so is through editing registry. We highly recommend that you make a backup of your server before making any changes.
Open the editor by searching for regedit in the start menu and pressing enter.
Locate the following key in the registry file system.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal SErver\WinStations\RDP-Tcp\PortNumberOpen the PortNumber registry key for edit, change the display to Decimal, enter your new port number and click OK to save the changes.
For the changes to get applied, you will need to restart the RDP service. Open Servicesagain by searching for it in the start menu and pressing enter to run the program.
In the Services [Local] list, scroll down to find Remote Desktop Service, and restart it. A confirmation popup asks to restart other related services as well, click Yes to continue.
You will get disconnected if you were using RDP to make these changes. Afterwards just reconnect to your new port by defining it in the Computer field on RDP connection.
windows.server.example.com:34567With the new port, you should get uninterrupted reliable remote access.
Getting help
If you ran into deeper trouble or need help with something else, dont hesitate to ask. When you contact UpCloud Support, try to explain the problem to the best of your ability. Include any steps youve already taken together with their results when you troubleshooted the issue. It will help our support team to solve your problem.
Hi, How can I avoid RDP Session Ids greater than a certain number or keep RDP Session Ids within a range? I want customers to fall directly into a website logged-in area , and that is supported via cookies loaded after a username/password is entered. Problem with RDP is that the cookie remain at the RDP Session Id where it has been entered, and is not seen by other Session IDs. Eve if I limit the number of connections to 5 at Group Policy Editor and access the server 5 times via RDP , enter in Username/password in all those sessions, and then disconnect them all at once, and try a new re-connection, I might get a new Session Id 6 that will not have been given the Username/Password in a a previous access, and as a result, when I access the server I am NOT logged in the internal area of the website. I have been trying man GPEDIT configurations but theres always a chance a new connection will get a Session Id which has not been logged before. I think I can use brute force and log n to all Session Ids that come up in the horizon while I am using 5 ports, but It will be a nightmare later on, with 50 ports.
A real solution would be sharing cookies across RDP Session Ids. Is that anyway that can be achieved? I have looked around hard yesterday and still no clue how to achieve that . Thanks Much
Hi Janne, thanks for great article.
I have a little bit weird issue when I am trying to connect to the Remote Desktop and it is behaving quite weirdly. So on the very beginning when I logged in through the remote web access it worked fine. Since then it was not going through while trying to connect with an error saying:
The Remote Desktop cant find the computer name. This might mean that the name computer does not belong to the specyfied network. Veryfy the computer name and domain that you are trying to connect to.
Which is weird in the light that it was working well an hour before that.
I took the laptop I am using to connect to the office, connected through independent wifi, works great there, while I got back home it worked twice and then stopped again. I also tried to connect on other laptop at home and it is ending up with the same error. What kind of issue it might be? Any firewall? My wifi itself? Is it possible that just the pc at work is going sleep and blocking the connection. I am really frustrated that it works after i take it to the office. It doesnt really make sense.