Tutorials How to resolve common problems with Windows Remote Desktop

How to resolve common problems with Windows Remote Desktop

If you have problems using Remote Desktop (RDP) with your Windows server, there are a couple of things you can fix. This troubleshooting guide aims to help rule out some of the most common causes for poor functionality.

Problems connecting

Even while you might have trouble connecting using Windows Remote Desktop, you should always be able to log in to the web console at your UpCloud control panel, or by VNC connection, which settings are at your server details.

Once you’ve connected to your server, through either of the methods mentioned above, you should be greeted by Windows lock screen. Sign into your server with an account that has administrator privileges to continue troubleshooting.

If the connection shows something other than the lock screen, try if the server seems responsive. If it does not react to commands you might have to restart your server.

Windows Remote Desktop settings

When you are logged in and the server seems to be working, but Remote Desktop still cannot connect, make sure a remote connection is allowed. The easiest way to get to the option is to open sysdm.cpl by searching for it on the start menu. Then move to the Remote tab.

The Remote Desktop needs to allow connections from other computers for the feature to work. If your server was set to allow remote control with Network Level Authentication, make sure your own computer supports this or select to allow any connection. You can find more information about Network Level Authentication at Microsoft’s TechNet.

While still at the RDP settings, check the allowed users by clicking the Select Users or by pressing S. All users with administrator access are automatically permitted to connect. All normal users must be added to this list. If you were trying to connect with user credentials that do not have admin rights, add the username you wish to connect with to the list of allowed users.

Firewall

The Windows Firewall might be a little restrictive at times, for example, inbound ICMP protocol that ping connections use are disabled by default. Open the Windows Firewall with Advanced Security by searching for “firewall” in the start menu. Move to the Inbound Rules list and scroll down to Remote Desktop rules by pressing R.

Windows Server 2008 should show two rules: Remote Desktop (TCP-In) and Remote Desktop - RemoteFX (TCP-In). Both of these would in most cases be enabled as long as the server still uses the standard 3389 TCP port for RDP connections.

With 2012 Windows Servers the rules are split between Domain and Private, or Public profiles as well as TCP and UDP protocols, which translates to 4 separate Remote Desktop - User Mode rules, all of which would usually be enabled.

Optionally while at the firewall settings, you may wish to enable ICMP for ping. Press F to find the rules, called File and Printer Sharing (Echo Request - ICMPv4 - In) and v6 for both IP versions.

When you are certain that the Windows Firewall allows Remote Desktop connections, also check the server specific firewall settings at your UpCloud control panel. If you have set the default incoming rule to reject, remember to add a rule to permit traffic to the port Remoter Desktop server is listening to, 3389 by default. Find out more about the UpCloud firewall at the tutorials.

Network connection

Test the internet connection on your server to make sure all your network resources work as they should. Start to ping out from your server. Open the Command Prompt and type cmd in the start menu search. Press enter then use the command below.

ping 8.8.8.8

If you enabled the echo requests from Windows Firewall, you can also attempt to ping your server from your own computer. Find the server’s public IP address on your UpCloud Control Panel under Network and Public Network.

In case the internet connection does not seem to work, check your IP configuration on Command Prompt with the following command.

ipconfig

The output will list all of your servers network connections, you should see 3 Ethernet adapters: the private network, public IPv4 and public IPv6. Check that these match with the network information in your server details under Network tab at your UpCloud control panel.

If you see differences in the ipconfig output and your server network details page, check that all network interfaces are set to obtain the IP addresses automatically. To do this, search for Network Connections in the start menu and press enter to open it. Open the Properties for one of the Ethernet adapters, select Internet Protocol Version 6 or 4 and click on Properties button underneath. Make sure both radial buttons are set to automatic and press OK to save. Check through all of the network adapters on the server the same way.

Slow connection

If your Remote Desktop connection works, but feels slow or disconnects at times, you should try updating the network drivers. Download the latest Virtio drivers for Windows.

After downloading the ISO file on your server, with Windows Server 2008 you will need to have a program like 7zip to unpack it. On Server 2012 you can simply mount the file as a disk.

With the files available, open the Device Manager simply by searching for it by name in the start menu and pressing enter. Browse down to Network adapters, select each adapter one by one and run the Update Driver Software. In the update wizard, select Browse my computer for driver software, enter the driver location to the search field and press next. Note to keep the Include subfolders selected.

If you were connected through Remote Desktop while updating the network drivers, you’ll probably get disconnected for a moment. The client should be able to restore the connection automatically after the drivers have been installed successfully.

Port conflict

In some cases, it is possible that another application unintentionally uses the same port as Remote Desktop. This can cause connection issues or prevent Remote Desktop from connecting.

Check the ports used by programs. Enter the command below on Command Prompt.

netstat -a -o

Netstat will print out a list of IP addresses and port numbers they use. Look for rows with your Remote Desktop port number (3389 by default) and check the program ID (PID) at the end of these lines. One PID will belong to the RDP service. If you see another PID that uses the same port, these will conflict with one another.

To find out which programs the PIDs belongs to, use the following on Command Prompt.

tasklist /svc

Remote Desktop is listed as svchost.exe TermService, any other PID that uses the same port number causes issues.

Change RDP port number

If there is a port conflict, you can resolve it by changing the port used by one of the applications. Microsoft recommends to ideally change the port used by any other applications. If this is not possible, the port number Remote Desktop listen to can be changed with a couple of steps.

Change the port number because it can also help to reduce intrusion attempts through obfuscation. This should not be your only method of security.

To change the port number, you’ll first need to choose a free port not used by anything else on your server. Check the ports currently in use with netstat -a -o as described previously. The new port number can be anything from 1024 through 49151.

Add the port number you’ve selected to the Windows Firewall Inbound rules by creating a new rule. In the New Inbound Rule Wizard, select the following

  • Rule Type: Port
  • Protocol and Ports: TCP, Specific local ports, <port number>
  • Action: Allow the connection
  • Profile: all options ticked
  • Name: Remote Desktop – TCP <port number>

In the steps above the <port number> is the new port you wish RDP to listen to. Make sure your new firewall rule is set up correctly. Once you change the RDP port you’ll need it to work to be able to connect again.

The port number for Remote Desktop was not designed to be changed, and the only way to do so is through editing registry. We highly recommend that you make a backup of your server before making any changes.

Open the editor by searching for regedit in the start menu and pressing enter.

Locate the following key in the registry file system.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal SErver\WinStations\RDP-Tcp\PortNumber

Open the PortNumber registry key for edit, change the display to Decimal, enter your new port number and click OK to save the changes.

For the changes to get applied, you will need to restart the RDP service. Open Services again by searching for it in the start menu and pressing enter to run the program.

In the Services (Local) list, scroll down to find Remote Desktop Service, and restart it. A confirmation popup asks to restart other related services as well, click Yes to continue.

You will get disconnected if you were using RDP to make these changes. Afterwards just reconnect to your new port by defining it in the Computer field on RDP connection.

windows.server.example.com:34567

With the new port, you should get uninterrupted reliable remote access.

Getting help

If you ran into deeper trouble or need help with something else, don’t hesitate to ask. When you contact UpCloud Support, try to explain the problem to the best of your ability. Include any steps you’ve already taken together with their results when you  troubleshooted the issue. It will help our support team to solve your problem.

50 thoughts on “How to resolve common problems with Windows Remote Desktop

  1. Hello,

    I am using Microsoft Windows 2008 R2 Server, where Microsoft Dynamics Great Plains 2013 is hosted. Everything has been working so smooth until 2 days back, when client computers cannot connect to the server through remote desktop connection. When you ping the server from client you get reply and vice-versa. I have checked if remote desktop connection is enabled, i have ran out of ideas. please help.

    1. Hi Bolokang, if you have access to the server through other means, I’d suggest checking that RDC is listening by using netstat -ano | findstr 3389 in the CMD. Assuming you are still using the default port. If there are no ports open and listening, check that the service called Remote Procedure Call (RPC) and its dependencies are running and restart them if not.

  2. Hi, How can I avoid RDP Session Ids greater than a certain number or keep RDP Session Ids within a range? I want customers to fall directly into a website logged-in area , and that is supported via cookies loaded after a username/password is entered. Problem with RDP is that the cookie remain at the RDP Session Id where it has been entered, and is not seen by other Session IDs. Eve if I limit the number of connections to ” 5″ at Group Policy Editor and access the server 5 times via RDP , enter in Username/password in all those sessions, and then disconnect them all at once, and try a new re-connection, I might get a new Session Id “6” that will not have been given the Username/Password in a a previous access, and as a result, when I access the server I am NOT logged in the internal area of the website. I have been trying man GPEDIT configurations but there’s always a chance a new connection will get a Session Id which has not been logged before. I think I can use brute force and log n to all Session Ids that come up in the horizon while I am using 5 ports, but It will be a nightmare later on, with 50 ports.
    A real solution would be sharing cookies across RDP Session Ids…. Is that anyway that can be achieved? I have looked around hard yesterday and still no clue how to achieve that …. Thanks Much

  3. Hi Janne,

    While connecting 2012 server RDP it is closing within a seconds for the particular user under domain and for other users its working fine. Please suggest me to fix the same.

    1. Hi Mohammed, it sounds like the issue might be with the user’s client or internet stability if everyone else is able to maintain RDP connection. Any error messages should help in troubleshooting the problem further.

  4. We have a situation where a user logs in to a remote session. If another user then tries to log into their own session, the first user is notified that someone else wants the connection. The second user cannot login without terminating user 1’s session. It seems to be the case only for user 1. What can we look at to fix this?

    1. Hi Steve, thanks for the question. It’s difficult to say without some further troubleshooting but it does sound like something is causing the two sessions to conflict. If nothing else, you could try creating a new user account for the user having trouble to test.

  5. Hi, i have similar issue where i am trying to rdp from windows 2008 r2 to Windows 2016 data centre serfer but i get “this computer can not connect to the remote computer” error. I can connect to the same windows 2016 from windows 7 and windows 2012 without any issues. I can also telnet over port 3389 from windows 2008 r2 server to the target Windows 2016.
    If i make a reg change on Windows 2016 to enable TLS 1.0, then i can connect but i dont want to do this on target server as we know TLS 1.0 is absolute. Any suggestions would be highly appreciated. Thanks,
    Naz

    1. Hi Ahmed, it sounds like your Windows 2008 is missing the capability to use anything newer than TLS 1.0. Microsoft offers a service pack that includes the missing TLS support for the Remote Desktop Server on Window 2008 but it might also allow the Remote Desktop Client to make more secure connections. If not, you should look into updating the RDC on your 2008 server or use an alternative. Link for the update can be found here.

  6. Am also facing same issue that RDP conecting intermittenly. Couldnt find any soultion till now. Any help will be highly appreciated.

    1. I’d recommend checking the logs on Event viewer under Microsoft/Windows/RemoteDesktopServices-RdpCoreTS/Operational to see if there are any hints towards the cause of the disconnections. Otherwise, with cloud servers, you always have the option to deploy a temporary test server and see if the issue persists.

  7. Hi, I have another problem not listed here (or on some other sites…).
    I want to connect to Win7.
    If I use RDP from WinXp, it logs me automatically (automatic logon with the WinXP credentials).
    But when I want to use RDP from my Win10 machine, I need to log-in manually, the automatic logon does not work. On all machines I have the same credentials.

    It is annoying to log-in manually all the time. From WinXp it was much easier. Can someone help me to find-out the reason?
    Thanks

    1. Hi Jan, thanks for the question. If you mean you are asked to enter your credentials at the RDC prompt on Windows 10, then you should have an option to select “Remember me” to save your password for any future sessions.

  8. After I click connect, it goes through the process and says that it can’t connect for 1 of 3 reasons.

    1. Server is not enabled. 2. The remote computer is turned off. 3. The remote computer is not available on the network.

    I checked the firewall, it was fine/allowed. I checked whether remote desktop was enabled in System Properties and it was. Not sure what it could be. (It worked a few weeks ago. But the usernames were changed. I checked to make sure they were correct. But it does not log me in).

    1. Hi Dan, thanks for the question. If you are able to reach the server over RDC with the admin account but not your own, try checking that your username is included in the Remote Desktop Users group.

  9. Hi
    Thanks great post.
    I was able to check and found issue with ip using ipconfig. This allowed me to reach the screen for password. Once that is done it gives an error ” The specified domain either does not exist or could not be contacted”
    Using 3390 as the port number since we have 2 servers on the same network.
    Thanks

    1. Hi there, thanks for the question. If the connection works using IP address but not by the server’s domain name, it’s likely a problem with the active directory DNS or that the client computer is not reaching it.

  10. Hi,
    Thanks for post.

    Currently i am testing Remote Desktop services, I have facing following issue:
    From client computer i am able to run following application such as paint, calculator and notepad.
    I have a another windows application but when i tried to run via client side it just open a black windows and application is not starting at all.

    I am testing in windows 2016 server.

    Please could you let me know where to look to fix this issue.
    Thank you

    1. Hi Nik, thanks for the question. It’s a little difficult to say without knowing more about the application you are having problems with. To hazard a quick guess, the application could be trying to use 3D acceleration that the server is not configured for.

      1. Hi Janne,
        Thank you very much for your the reply. Its a windows application which required graphic card. My servers are configured for 3D accelerations.

        Following update:
        When I am connecting using remote desktop connection application from my client it work fine. But when i tried to run same application via URL in browser it not loading complete application (I can press some buttons in application) but is not visible complete application. Please could you suggest me possible issue.

        thanks

        1. That then wouldn’t be related to RDP connection. Having problems viewing an app in a web browser could be due to any number of issues such as web browser content permissions, firewall settings, or webserver misconfiguration.

  11. Hi . Great post , since windows 10 1903 update users been unable to initiate a remote access session. Able to ‘see’ and select the remote computer and the remote session window opens but does not initialise j. Checked the usual, firewall and permissions and all in order. Any ideas ?!?

    Thanks

    1. Hi Ian, thanks for the question. Your client-side issue is likely related to the recent change in RDP display driver which might not be compatible with certain GPUs, especially integrated ones used in laptops. There’s a workaround by forcing Windows to use the old driver via the Group Policy Editor: [Local Group Policy Editor->Local Computer Policy->Administrative Templates->Windows Components->Remote Desktop Services->Remote Desktop Session Host->Remote Session Enviroment], then set the Policy [Use WDDM graphics display driver for Remote Desktop Connections] to Disabled.

  12. Hi I disabling RDP driver and now if i connect to remote connection the screen is blank. How to fix it

    1. Hi there, if disabling the WDDM display driver did not help, I would recommend re-enabling it and looking for the issue elsewhere.

  13. Hi, nice post. None of them worked for me as I tried to log in through a remote desktop from school. When I kept trying to log into it, it kept asking me to enter my credentials through the windows security thingie multiple times but I can’t seem to get through.
    Please could you give me any ideas of why this is happening, I would really appreciate it.
    Thanks

    1. Hi Jason, thanks for the question. If you are able to reach the point where the Windows server is asking for your credentials but you are unable to log in, it’s most likely a problem with your credentials or the way you are entering them. Windows commonly expects to see the domain the username belongs to, for example, domain\username. You should also double-check that you are attempting to connect to the correct Windows server to which you have credentials for.

  14. Hi janne,
    i unable to connect the server through remote desktop but i can able to access the server through
    like TeamViewer,Premium Remote Control software application are working fine.

    Please advice what need to do for this issue and error showing like “getting error disconnect code 264”

    1. Hi there, thanks for the question. The error code 264 would indicate a timeout in the connection. The client is likely able to reach the server but cannot start the RDP connection. I would suggest checking that the RDP is enabled and the port 3389 is allowed at both server and client-side firewalls.

  15. Hi Janne! I’m searching for a solution to prevent users to do a remote desktop to our TS server without blocking users to use the remoteApps. I’ve tried to use policies “Deny Logon Locally” and “Deny logon trought remote desktop” without success.

    I also found a solution to execute “logoff.exe” after logon but we are using windows 2019 Server and I’m surprise that MS didn’t implement somwthing in this direction yet.

    Do you have news about this issue?

    Thanks!

    1. Hi there, thanks for the question. It might be possible to disable Remote Desktop Connection from the Group Policy settings under Remote Desktop Session Host and Connections thought it’s not certain if this will also block RemoteApps. Otherwise, executing the logoff.exe at sign-in should continue to provide a work-around.

  16. Hi Janne, thanks for great article.
    I have a little bit weird issue when I am trying to connect to the Remote Desktop and it is behaving quite weirdly. So on the very beginning when I logged in through the remote web access it worked fine. Since then it was not going through while trying to connect with an error saying:

    The Remote Desktop can’t find the computer “name”. This might mean that the “name” computer does not belong to the specyfied network. Veryfy the computer name and domain that you are trying to connect to. ”

    Which is weird in the light that it was working well an hour before that.
    I took the laptop I am using to connect to the office, connected through independent wifi, works great there, while I got back home it worked twice and then stopped again. I also tried to connect on other laptop at home and it is ending up with the same error. What kind of issue it might be? Any firewall? My wifi itself? Is it possible that just the pc at work is going ‘sleep’ and blocking the connection. I am really frustrated that it works after i take it to the office. It doesn’t really make sense.

    1. Hi Natalia, thanks for the question. It sounds like the local DNS at your office is able to resolve the computer name but only locally. I’d suggest trying to connect using the public IP address of your Remote Desktop server.

    1. Hi there, thanks for the question. It’s possible there’s a problem with a driver used by RDP, for example, the display driver. You’ll need to use an alternative method to connect but try to update the drivers and test RDP connection again.

  17. Hello Janne, Thanks for the great article,
    I have upgraded TLS 1.0 &1.1 to TLS 1.2 to remediate the vulnerabilities on 2008 and later servers where all servers were using port 3389 (RDP), after reboot I’m unable to RDP some of the servers, could you please suggest something that RDP could be used on TLS 1.2 instead 1.0 or 1.1?
    Thank you in well advance.. 🙂

    1. Hi Rakesh, thanks for the question. It’s possible the TLS 1.2 didn’t get enabled successfully before 1.0 was disabled which would prevent connection. You’ll need to gain access to the server with some other means and check that \SYSTEM\CurrentcontrolSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2 is set in the registry.

  18. Hi

    Excellent article Janne I hope that you can help me.

    I have a trouble with RDP in my windows server 2016 std. The Remote Desktop services are running in the snap-in “services” but the port is not listening (port 3389) and in the log of “windows-TerminalSevices-localsessionmanager” shows “Remote Desktop Service start failed. The relevnt status code was 0x80070005”.

    I applied all the steps that you described here and other like are showing in the next link.

    https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/troubleshoot/rdp-error-general-troubleshooting

    Obviusly, also I have restarted a lot of times the server and the RDP Service but the results are the same: the RDP port don´t open or pass to listening state.

    Do you have some idea about how resolve this trouble?

    1. Hi Luis, thanks for the question. If the Windows server is part of an Active Directory, the error code may refer to a problem with a Remote Desktop license. If that’s not the case, you could change the port used by RDC and try restarting the RD services to see if the issue is with something else binding the default port.

  19. Janne, thank you for all your help.

    I am running into a problem with a handful of computers on my network with regard to shadow sessions. Most computers on the network I can shadow no problem, but some just begin to load RDP and then disappear. The loading doesn’t freeze, it acts like it has completed but an RDP session never comes up. I have group policies set for all domain computers and the version of Win 10 doesn’t seem to play a factor. I also do not believe it is a graphics problem as I have multiple identical computers, some of which shadowing works and some do not. Do you have any suggestions?

    1. Hi Jeremy, thanks for the question. If you are enabling the shadow session option using group policies, I’d suggest double-checking that the policies are being applied and the corresponding registry key at HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Shadow gets set correctly.

  20. Hello Janne.. When signing out of a remote session, rdc leaves me on a black screen that I have to close twice to get it to actually close. This happens with a disconnect as well. Is there any settings that can fix that?

    Thanks,
    Steve

    1. Hi Steve, thanks for the question. It sounds more likely to be a problem with the Remote Desktop client you are using than anything wrong with your server. I’d try using a different client to test if the issue persists or reinstalling the client you are using.

Leave a Reply

Your email address will not be published. Required fields are marked *

Locations

Helsinki (HQ)

In the capital city of Finland, you will find our headquarters, and our first data centre. This is where we handle most of our development and innovation.

London

London was our second office to open, and a important step in introducing UpCloud to the world. Here our amazing staff can help you with both sales and support, in addition to host tons of interesting meetups.

Singapore

Singapore was our 3rd office to be opened, and enjoys one of most engaged and fastest growing user bases we have ever seen.

Seattle

Seattle is UpCloud’s current base in the USA and our way to reach out across the pond to many users in the Americas.